From 446ff3d161eaad62076fea85c0ad6a035bc43bdc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Mar 2026 02:16:24 +0000 Subject: [PATCH] Bump google.golang.org/grpc from 1.72.2 to 1.79.3 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.72.2 to 1.79.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.72.2...v1.79.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 22 +- go.sum | 58 +- vendor/github.com/go-logr/logr/.golangci.yaml | 16 +- vendor/github.com/go-logr/logr/funcr/funcr.go | 8 +- .../go-tpm-tools/.github/workflows/ci.yml | 138 - .../.github/workflows/releaser.yaml | 56 - .../github.com/google/go-tpm-tools/.gitignore | 15 - .../google/go-tpm-tools/.goreleaser.yaml | 41 - .../google/go-tpm-tools/CONTRIBUTING.md | 33 - .../github.com/google/go-tpm-tools/README.md | 158 - .../google/go-tpm-tools/RELEASING.md | 96 - .../go-tpm-tools/cel/canonical_eventlog.go | 489 - .../cel/canonical_eventlog_test.go | 266 - .../google/go-tpm-tools/cel/cos_tlv.go | 140 - .../google/go-tpm-tools/cel/cos_tlv_test.go | 128 - .../google/go-tpm-tools/client/attest.go | 328 - .../client/attest_network_test.go | 35 - .../google/go-tpm-tools/client/attest_test.go | 337 - .../google/go-tpm-tools/client/close.go | 29 - .../google/go-tpm-tools/client/eventlog.go | 19 - .../go-tpm-tools/client/eventlog_linux.go | 7 - .../go-tpm-tools/client/eventlog_other.go | 10 - .../go-tpm-tools/client/example_test.go | 274 - .../google/go-tpm-tools/client/handles.go | 72 - .../go-tpm-tools/client/handles_test.go | 41 - .../google/go-tpm-tools/client/import.go | 83 - .../go-tpm-tools/client/import_certify.go | 132 - .../client/import_certify_test.go | 257 - .../google/go-tpm-tools/client/keys.go | 527 - .../google/go-tpm-tools/client/keys_test.go | 302 - .../google/go-tpm-tools/client/pcr.go | 163 - .../google/go-tpm-tools/client/pcr_test.go | 127 - .../google/go-tpm-tools/client/quote_test.go | 154 - .../google/go-tpm-tools/client/seal_test.go | 460 - .../google/go-tpm-tools/client/session.go | 101 - .../google/go-tpm-tools/client/signer.go | 146 - .../google/go-tpm-tools/client/signer_test.go | 317 - .../google/go-tpm-tools/client/template.go | 143 - .../google/go-tpm-tools/cmd/attest.go | 200 - .../google/go-tpm-tools/cmd/attest_svsm.go | 221 - .../google/go-tpm-tools/cmd/attest_test.go | 398 - .../cmd/fake_cloudlogging_server.go | 163 - .../google/go-tpm-tools/cmd/flags.go | 321 - .../google/go-tpm-tools/cmd/flush.go | 87 - .../google/go-tpm-tools/cmd/flush_test.go | 48 - .../github.com/google/go-tpm-tools/cmd/go.mod | 72 - .../github.com/google/go-tpm-tools/cmd/go.sum | 1342 -- .../google/go-tpm-tools/cmd/gotpm/main.go | 45 - .../google/go-tpm-tools/cmd/open.go | 44 - .../google/go-tpm-tools/cmd/open_other.go | 43 - .../google/go-tpm-tools/cmd/open_windows.go | 12 - .../google/go-tpm-tools/cmd/pubkey.go | 134 - .../google/go-tpm-tools/cmd/read.go | 108 - .../google/go-tpm-tools/cmd/register.go | 138 - .../google/go-tpm-tools/cmd/root.go | 61 - .../google/go-tpm-tools/cmd/seal.go | 146 - .../google/go-tpm-tools/cmd/seal_test.go | 147 - .../google/go-tpm-tools/cmd/svsm_test.go | 277 - .../google/go-tpm-tools/cmd/token.go | 215 - .../google/go-tpm-tools/cmd/token_test.go | 251 - .../google/go-tpm-tools/cmd/verify.go | 165 - .../google/go-tpm-tools/cmd/verify_sev.go | 40 - .../google/go-tpm-tools/cmd/verify_svsm.go | 235 - .../google/go-tpm-tools/cmd/verify_tdx.go | 35 - .../google/go-tpm-tools/cmd/verify_test.go | 234 - vendor/github.com/google/go-tpm-tools/go.mod | 27 - vendor/github.com/google/go-tpm-tools/go.sum | 1252 -- vendor/github.com/google/go-tpm-tools/go.work | 14 - .../google/go-tpm-tools/go.work.sum | 2168 --- .../google/go-tpm-tools/internal/cert.go | 84 - .../google/go-tpm-tools/internal/cert_test.go | 76 - .../google/go-tpm-tools/internal/pcrs.go | 132 - .../google/go-tpm-tools/internal/pcrs_test.go | 33 - .../google/go-tpm-tools/internal/public.go | 49 - .../google/go-tpm-tools/internal/quote.go | 135 - .../test/attestations/gce-cos-85-no-nonce.pb | Bin 29596 -> 0 bytes .../test/attestations/gce-cos-85-nonce9009.pb | Bin 29602 -> 0 bytes .../certificates/pca_tpm_ecc_enc_cert.pem | 30 - .../certificates/pca_tpm_ecc_sign_cert.pem | 30 - .../certificates/pca_tpm_rsa_enc_cert.pem | 35 - .../certificates/pca_tpm_rsa_sign_cert.pem | 35 - .../certificates/uca_tpm_ecc_enc_cert.pem | 26 - .../certificates/uca_tpm_ecc_sign_cert.pem | 26 - .../certificates/uca_tpm_rsa_enc_cert.pem | 30 - .../certificates/uca_tpm_rsa_sign_cert.pem | 30 - .../test/eventlogs/arch-linux-workstation.bin | Bin 15579 -> 0 bytes ...confidential-gke-debug-251000_eventlog.bin | Bin 26947 -> 0 bytes .../test/eventlogs/cos-101-amd-sev.bin | Bin 23050 -> 0 bytes .../test/eventlogs/cos-85-amd-sev.bin | Bin 24122 -> 0 bytes .../test/eventlogs/cos-93-amd-sev.bin | Bin 24158 -> 0 bytes .../internal/test/eventlogs/debian-10.bin | Bin 22220 -> 0 bytes .../test/eventlogs/eventlogwithsp800155.bin | Bin 26806 -> 0 bytes .../internal/test/eventlogs/gdc-host.bin | Bin 50430 -> 0 bytes .../internal/test/eventlogs/glinux-alex.bin | Bin 15881 -> 0 bytes .../internal/test/eventlogs/rhel8-uefi.bin | Bin 34034 -> 0 bytes .../test/eventlogs/ubuntu-1804-amd-sev.bin | Bin 26013 -> 0 bytes .../test/eventlogs/ubuntu-2104-no-dbx.bin | Bin 33824 -> 0 bytes .../eventlogs/ubuntu-2104-no-secure-boot.bin | Bin 38268 -> 0 bytes .../test/eventlogs/ubuntu-2404-amd-sevsnp.bin | Bin 45300 -> 0 bytes .../internal/test/load_random_external_key.go | 47 - .../internal/test/simulate_test.go | 31 - .../test/tdx_test_files/tdxReportData.bin | 1 - .../go-tpm-tools/internal/test/test_cert.go | 47 - .../go-tpm-tools/internal/test/test_data.go | 87 - .../go-tpm-tools/internal/test/test_other.go | 23 - .../go-tpm-tools/internal/test/test_tpm.go | 227 - .../internal/test/test_windows.go | 18 - .../go-tpm-tools/launcher/.gcloudignore | 4 - .../go-tpm-tools/launcher/agent/agent.go | 419 - .../go-tpm-tools/launcher/agent/agent_test.go | 640 - .../go-tpm-tools/launcher/cloudbuild.yaml | 312 - .../go-tpm-tools/launcher/container_runner.go | 823 - .../launcher/container_runner_test.go | 735 - .../google/go-tpm-tools/launcher/errors.go | 21 - .../google/go-tpm-tools/launcher/go.mod | 100 - .../google/go-tpm-tools/launcher/go.sum | 1402 -- .../launcher/image/cloudbuild.yaml | 57 - .../launcher/image/container-runner.service | 14 - .../go-tpm-tools/launcher/image/debug.conf | 3 - .../go-tpm-tools/launcher/image/entrypoint.sh | 24 - .../launcher/image/exit_script.sh | 13 - .../go-tpm-tools/launcher/image/fixup_oem.sh | 44 - .../launcher/image/fluent-bit-cs.conf | 65 - .../go-tpm-tools/launcher/image/hardened.conf | 5 - ...boot-disk-size-consistency-monitor-cs.json | 12 - .../docker-monitor-cs.json | 12 - .../kernel-monitor-cs.json | 10 - .../system-stats-monitor-cs.json | 10 - .../go-tpm-tools/launcher/image/preload.sh | 145 - .../launcher/image/test/README.md | 66 - .../launcher/image/test/check_failure.sh | 16 - .../launcher/image/test/cleanup.sh | 12 - .../launcher/image/test/create_vm.sh | 78 - .../image/test/data/cloud-init-config.yaml | 6 - .../image/test/data/echo_startupscript.sh | 4 - .../test_cloud_init_userdata_disabled.sh | 18 - .../image/test/scripts/test_custom_token.sh | 21 - .../test/scripts/test_experiment_value.sh | 21 - .../test/scripts/test_launcher_workload.sh | 111 - .../test_launcher_workload_cloudlogging.sh | 114 - ...t_launcher_workload_discover_signatures.sh | 22 - .../test/scripts/test_launchpolicy_cmd.sh | 16 - .../test_launchpolicy_cmd_cloudlogging.sh | 16 - .../test/scripts/test_launchpolicy_env.sh | 16 - .../test_launchpolicy_env_cloudlogging.sh | 16 - .../test_launchpolicy_health_monitoring.sh | 16 - .../scripts/test_launchpolicy_log_debug.sh | 16 - ...est_launchpolicy_log_debug_cloudlogging.sh | 16 - .../scripts/test_launchpolicy_log_never.sh | 16 - ...est_launchpolicy_log_never_cloudlogging.sh | 16 - .../test_launchpolicy_memory_monitoring.sh | 16 - .../image/test/scripts/test_log_redirect.sh | 30 - .../image/test/scripts/test_mds_var_change.sh | 13 - .../test/scripts/test_memory_monitoring.sh | 17 - .../scripts/test_multiwriterpd_disabled.sh | 25 - .../test/scripts/test_os_config_os_policy.sh | 66 - .../image/test/scripts/test_ssh_manual.sh | 76 - .../scripts/test_startupscript_disabled.sh | 13 - .../image/test/test_debug_cloudbuild.yaml | 79 - .../test/test_debug_unstable_cloudbuild.yaml | 40 - .../image/test/test_discover_signatures.yaml | 69 - .../image/test/test_experiments_client.yaml | 40 - .../image/test/test_hardened_cloudbuild.yaml | 77 - .../test_hardened_unstable_cloudbuild.yaml | 40 - .../image/test/test_health_monitoring.yaml | 97 - .../launcher/image/test/test_http_server.yaml | 42 - .../image/test/test_ingress_network.yaml | 67 - .../test/test_launchpolicy_cloudbuild.yaml | 286 - .../image/test/test_log_redirection.yaml | 143 - .../image/test/test_memory_monitoring.yaml | 71 - .../launcher/image/test/test_mounts.yaml | 150 - .../test/test_oda_with_signed_container.yaml | 51 - .../launcher/image/test/test_privileged.yaml | 146 - .../image/test/util/change_metadata_vars.sh | 66 - .../image/test/util/read_cloud_logging.sh | 10 - .../launcher/image/test/util/read_serial.sh | 45 - .../testworkloads/allmonitoring/Dockerfile | 11 - .../allmonitoringdebug/Dockerfile | 11 - .../allmonitoringmemoryonly/Dockerfile | 11 - .../allmonitoringnone/Dockerfile | 11 - .../image/testworkloads/basic/Dockerfile | 17 - .../image/testworkloads/basic/main.go | 46 - .../customtoken/happypath/Dockerfile | 38 - .../customtoken/happypath/main.go | 139 - .../testworkloads/launchpolicycmd/Dockerfile | 14 - .../launchpolicylogdebug/Dockerfile | 14 - .../launchpolicylognever/Dockerfile | 14 - .../testworkloads/memorymonitoring/Dockerfile | 14 - .../memorymonitoringdebug/Dockerfile | 14 - .../memorymonitoringnever/Dockerfile | 14 - .../image/testworkloads/mounts/Dockerfile | 11 - .../testworkloads/mounts/print_mounts.sh | 7 - .../image/testworkloads/privileged/Dockerfile | 14 - .../internal/experiments/experiments.go | 44 - .../internal/experiments/experiments_test.go | 60 - .../nodeproblemdetector/systemstats_config.go | 123 - .../systemstats_config_test.go | 92 - .../launcher/internal/launchermount/mount.go | 30 - .../launcher/internal/launchermount/tmpfs.go | 80 - .../internal/launchermount/tmpfs_test.go | 226 - .../launcher/internal/logging/logging.go | 257 - .../launcher/internal/logging/logging_test.go | 284 - .../launcher/internal/rest_network_test.go | 69 - .../internal/signaturediscovery/client.go | 110 - .../signaturediscovery/client_test.go | 168 - .../internal/signaturediscovery/fakeclient.go | 54 - .../launcher/internal/systemctl/systemctl.go | 77 - .../internal/systemctl/systemctl_test.go | 91 - .../go-tpm-tools/launcher/launcher/main.go | 352 - .../launcher/launcher/main_test.go | 132 - .../launcher/launcherfile/launcherfile.go | 12 - .../launcher/registryauth/auth.go | 65 - .../launcher/spec/launch_policy.go | 340 - .../launcher/spec/launch_policy_test.go | 949 - .../go-tpm-tools/launcher/spec/launch_spec.go | 496 - .../launcher/spec/launch_spec_test.go | 301 - .../launcher/teeserver/tee_server.go | 238 - .../launcher/teeserver/tee_server_test.go | 509 - .../google/go-tpm-tools/launcher/util.go | 107 - .../google/go-tpm-tools/launcher/util_test.go | 115 - .../google/go-tpm-tools/proto/attest.proto | 332 - .../go-tpm-tools/proto/attest/attest.pb.go | 2727 --- .../google/go-tpm-tools/proto/doc.go | 31 - .../google/go-tpm-tools/proto/gen_attest.sh | 3 - .../google/go-tpm-tools/proto/tpm.proto | 64 - .../google/go-tpm-tools/proto/tpm/tpm.pb.go | 682 - .../google/go-tpm-tools/run_cloudbuild.sh | 23 - .../ca-certs/gcp_ek_ak_ca_intermediate_v3.crt | Bin 1830 -> 0 bytes .../server/ca-certs/gcp_ek_ak_ca_root.crt | Bin 1541 -> 0 bytes .../server/ca-certs/tpm_ek_intermediate_2.crt | Bin 1560 -> 0 bytes .../server/ca-certs/tpm_ek_intermediate_3.crt | Bin 1560 -> 0 bytes .../server/ca-certs/tpm_ek_root_1.cer | Bin 1667 -> 0 bytes .../go-tpm-tools/server/certificate_test.go | 59 - .../google/go-tpm-tools/server/ecc_utils.go | 47 - .../google/go-tpm-tools/server/eventlog.go | 677 - .../go-tpm-tools/server/eventlog_test.go | 1369 -- .../go-tpm-tools/server/example_test.go | 47 - .../go-tpm-tools/server/grouped_error.go | 77 - .../go-tpm-tools/server/grouped_error_test.go | 126 - .../google/go-tpm-tools/server/import.go | 250 - .../go-tpm-tools/server/import_certify.go | 188 - .../google/go-tpm-tools/server/import_test.go | 249 - .../go-tpm-tools/server/instance_info.go | 19 - .../go-tpm-tools/server/key_conversion.go | 108 - .../server/key_conversion_test.go | 103 - .../google/go-tpm-tools/server/policy.go | 79 - .../go-tpm-tools/server/policy_constants.go | 190 - .../server/policy_constants_test.go | 56 - .../google/go-tpm-tools/server/policy_test.go | 154 - .../go-tpm-tools/server/secure-boot/GcePk.crt | Bin 762 -> 0 bytes .../MicCorKEKCA2011_2011-06-24.crt | Bin 1516 -> 0 bytes .../MicCorUEFCA2011_2011-06-27.crt | Bin 1556 -> 0 bytes .../MicWinProPCA2011_2011-10-19.crt | Bin 1499 -> 0 bytes .../server/secure-boot/canonical-boothole.crt | Bin 1060 -> 0 bytes .../server/secure-boot/cisco-boothole.crt | Bin 1164 -> 0 bytes .../secure-boot/dbxupdate-2014-08-11.bin | Bin 4011 -> 0 bytes .../secure-boot/dbxupdate_x64-2020-10-12.bin | Bin 15281 -> 0 bytes .../secure-boot/dbxupdate_x64-2021-04-29.bin | Bin 13501 -> 0 bytes .../server/secure-boot/debian-boothole.crt | Bin 768 -> 0 bytes .../google/go-tpm-tools/server/verify.go | 344 - .../google/go-tpm-tools/server/verify_test.go | 794 - .../simulator/ms-tpm-20-ref/CONTRIBUTING.md | 42 - .../simulator/ms-tpm-20-ref/LICENSE | 17 - .../simulator/ms-tpm-20-ref/README.md | 49 - .../ms-tpm-20-ref/Samples/Google/Clock.c | 174 - .../ms-tpm-20-ref/Samples/Google/Entropy.c | 11 - .../ms-tpm-20-ref/Samples/Google/NVMem.c | 81 - .../ms-tpm-20-ref/Samples/Google/Platform.h | 71 - .../Samples/Google/PlatformData.h | 86 - .../Samples/Google/Platform_fp.h | 197 - .../ms-tpm-20-ref/Samples/Google/Run.c | 78 - .../ms-tpm-20-ref/TPMCmd/Makefile.am | 62 - .../ms-tpm-20-ref/TPMCmd/configure.ac | 89 - .../simulator/ms-tpm-20-ref/TPMCmd/flags.m4 | 84 - .../TPMCmd/tpm/include/BaseTypes.h | 60 - .../TPMCmd/tpm/include/BnValues.h | 320 - .../TPMCmd/tpm/include/Capabilities.h | 49 - .../TPMCmd/tpm/include/CommandAttributeData.h | 916 - .../TPMCmd/tpm/include/CommandAttributes.h | 66 - .../TPMCmd/tpm/include/CommandDispatchData.h | 5167 ------ .../TPMCmd/tpm/include/CommandDispatcher.h | 2051 --- .../TPMCmd/tpm/include/Commands.h | 451 - .../TPMCmd/tpm/include/CompilerDependencies.h | 132 - .../TPMCmd/tpm/include/CryptEcc.h | 71 - .../TPMCmd/tpm/include/CryptHash.h | 303 - .../TPMCmd/tpm/include/CryptRand.h | 199 - .../TPMCmd/tpm/include/CryptRsa.h | 69 - .../TPMCmd/tpm/include/CryptSym.h | 143 - .../TPMCmd/tpm/include/CryptTest.h | 70 - .../TPMCmd/tpm/include/EccTestData.h | 158 - .../ms-tpm-20-ref/TPMCmd/tpm/include/Global.h | 1439 -- .../TPMCmd/tpm/include/GpMacros.h | 332 - .../TPMCmd/tpm/include/HandleProcess.h | 1008 - .../TPMCmd/tpm/include/HashTestData.h | 104 - .../TPMCmd/tpm/include/InternalRoutines.h | 127 - .../TPMCmd/tpm/include/KdfTestData.h | 83 - .../TPMCmd/tpm/include/LibSupport.h | 71 - .../TPMCmd/tpm/include/Ltc/LtcSettings.h | 84 - .../TPMCmd/tpm/include/Ltc/TpmToLtcHash.h | 172 - .../TPMCmd/tpm/include/Ltc/TpmToLtcMath.h | 89 - .../TPMCmd/tpm/include/Ltc/TpmToLtcSym.h | 110 - .../ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h | 46 - .../ms-tpm-20-ref/TPMCmd/tpm/include/NV.h | 165 - .../ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h | 275 - .../TPMCmd/tpm/include/Ossl/TpmToOsslHash.h | 180 - .../TPMCmd/tpm/include/Ossl/TpmToOsslMath.h | 127 - .../TPMCmd/tpm/include/Ossl/TpmToOsslSym.h | 120 - .../TPMCmd/tpm/include/PRNG_TestVectors.h | 140 - .../TPMCmd/tpm/include/RsaTestData.h | 423 - .../TPMCmd/tpm/include/SelfTest.h | 105 - .../SupportLibraryFunctionPrototypes_fp.h | 137 - .../TPMCmd/tpm/include/SymmetricTest.h | 76 - .../TPMCmd/tpm/include/SymmetricTestData.h | 178 - .../ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h | 73 - .../ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h | 55 - .../TPMCmd/tpm/include/TpmASN1.h | 127 - .../TPMCmd/tpm/include/TpmAlgorithmDefines.h | 423 - .../TPMCmd/tpm/include/TpmBuildSwitches.h | 341 - .../TPMCmd/tpm/include/TpmError.h | 56 - .../TPMCmd/tpm/include/TpmProfile.h | 789 - .../TPMCmd/tpm/include/TpmTypes.h | 2374 --- .../TPMCmd/tpm/include/VendorString.h | 88 - .../TPMCmd/tpm/include/Wolf/TpmToWolfHash.h | 191 - .../TPMCmd/tpm/include/Wolf/TpmToWolfMath.h | 91 - .../TPMCmd/tpm/include/Wolf/TpmToWolfSym.h | 115 - .../TPMCmd/tpm/include/Wolf/user_settings.h | 106 - .../ms-tpm-20-ref/TPMCmd/tpm/include/X509.h | 134 - .../include/prototypes/AC_GetCapability_fp.h | 71 - .../tpm/include/prototypes/AC_Send_fp.h | 72 - .../TPMCmd/tpm/include/prototypes/AC_spt_fp.h | 80 - .../prototypes/ActivateCredential_fp.h | 72 - .../tpm/include/prototypes/AlgorithmCap_fp.h | 64 - .../include/prototypes/AlgorithmTests_fp.h | 72 - .../tpm/include/prototypes/Attest_spt_fp.h | 88 - .../TPMCmd/tpm/include/prototypes/Bits_fp.h | 73 - .../tpm/include/prototypes/BnConvert_fp.h | 130 - .../TPMCmd/tpm/include/prototypes/BnMath_fp.h | 238 - .../tpm/include/prototypes/BnMemory_fp.h | 110 - .../include/prototypes/CertifyCreation_fp.h | 77 - .../tpm/include/prototypes/CertifyX509_fp.h | 76 - .../tpm/include/prototypes/Certify_fp.h | 73 - .../tpm/include/prototypes/ChangeEPS_fp.h | 60 - .../tpm/include/prototypes/ChangePPS_fp.h | 60 - .../tpm/include/prototypes/ClearControl_fp.h | 62 - .../TPMCmd/tpm/include/prototypes/Clear_fp.h | 60 - .../include/prototypes/ClockRateAdjust_fp.h | 62 - .../tpm/include/prototypes/ClockSet_fp.h | 62 - .../tpm/include/prototypes/CommandAudit_fp.h | 131 - .../prototypes/CommandCodeAttributes_fp.h | 182 - .../include/prototypes/CommandDispatcher_fp.h | 58 - .../TPMCmd/tpm/include/prototypes/Commit_fp.h | 75 - .../tpm/include/prototypes/ContextLoad_fp.h | 66 - .../tpm/include/prototypes/ContextSave_fp.h | 66 - .../tpm/include/prototypes/Context_spt_fp.h | 96 - .../tpm/include/prototypes/CreateLoaded_fp.h | 73 - .../tpm/include/prototypes/CreatePrimary_fp.h | 79 - .../TPMCmd/tpm/include/prototypes/Create_fp.h | 78 - .../tpm/include/prototypes/CryptCmac_fp.h | 84 - .../tpm/include/prototypes/CryptDes_fp.h | 76 - .../prototypes/CryptEccKeyExchange_fp.h | 88 - .../tpm/include/prototypes/CryptEccMain_fp.h | 374 - .../include/prototypes/CryptEccSignature_fp.h | 139 - .../tpm/include/prototypes/CryptHash_fp.h | 408 - .../include/prototypes/CryptPrimeSieve_fp.h | 158 - .../tpm/include/prototypes/CryptPrime_fp.h | 137 - .../tpm/include/prototypes/CryptRand_fp.h | 204 - .../tpm/include/prototypes/CryptRsa_fp.h | 210 - .../tpm/include/prototypes/CryptSelfTest_fp.h | 108 - .../tpm/include/prototypes/CryptSmac_fp.h | 84 - .../tpm/include/prototypes/CryptSym_fp.h | 126 - .../tpm/include/prototypes/CryptUtil_fp.h | 488 - .../TPMCmd/tpm/include/prototypes/DA_fp.h | 88 - .../prototypes/DictionaryAttackLockReset_fp.h | 60 - .../DictionaryAttackParameters_fp.h | 66 - .../tpm/include/prototypes/Duplicate_fp.h | 74 - .../include/prototypes/ECC_Parameters_fp.h | 66 - .../tpm/include/prototypes/ECDH_KeyGen_fp.h | 67 - .../tpm/include/prototypes/ECDH_ZGen_fp.h | 68 - .../tpm/include/prototypes/EC_Ephemeral_fp.h | 67 - .../include/prototypes/EncryptDecrypt2_fp.h | 75 - .../include/prototypes/EncryptDecrypt_fp.h | 75 - .../prototypes/EncryptDecrypt_spt_fp.h | 64 - .../TPMCmd/tpm/include/prototypes/Entity_fp.h | 108 - .../prototypes/EventSequenceComplete_fp.h | 70 - .../tpm/include/prototypes/EvictControl_fp.h | 64 - .../tpm/include/prototypes/ExecCommand_fp.h | 88 - .../include/prototypes/FieldUpgradeData_fp.h | 67 - .../include/prototypes/FieldUpgradeStart_fp.h | 66 - .../tpm/include/prototypes/FirmwareRead_fp.h | 66 - .../tpm/include/prototypes/FlushContext_fp.h | 60 - .../tpm/include/prototypes/GetCapability_fp.h | 71 - .../prototypes/GetCommandAuditDigest_fp.h | 73 - .../tpm/include/prototypes/GetRandom_fp.h | 66 - .../prototypes/GetSessionAuditDigest_fp.h | 75 - .../tpm/include/prototypes/GetTestResult_fp.h | 59 - .../tpm/include/prototypes/GetTime_fp.h | 73 - .../tpm/include/prototypes/HMAC_Start_fp.h | 70 - .../TPMCmd/tpm/include/prototypes/HMAC_fp.h | 70 - .../TPMCmd/tpm/include/prototypes/Handle_fp.h | 87 - .../include/prototypes/HashSequenceStart_fp.h | 68 - .../TPMCmd/tpm/include/prototypes/Hash_fp.h | 71 - .../prototypes/HierarchyChangeAuth_fp.h | 62 - .../include/prototypes/HierarchyControl_fp.h | 64 - .../tpm/include/prototypes/Hierarchy_fp.h | 87 - .../TPMCmd/tpm/include/prototypes/Import_fp.h | 76 - .../prototypes/IncrementalSelfTest_fp.h | 66 - .../tpm/include/prototypes/IoBuffers_fp.h | 87 - .../tpm/include/prototypes/LoadExternal_fp.h | 71 - .../TPMCmd/tpm/include/prototypes/Load_fp.h | 71 - .../tpm/include/prototypes/Locality_fp.h | 53 - .../tpm/include/prototypes/MAC_Start_fp.h | 70 - .../TPMCmd/tpm/include/prototypes/MAC_fp.h | 70 - .../include/prototypes/MakeCredential_fp.h | 71 - .../tpm/include/prototypes/Manufacture_fp.h | 79 - .../tpm/include/prototypes/Marshal_fp.h | 2408 --- .../include/prototypes/MathOnByteBuffers_fp.h | 147 - .../TPMCmd/tpm/include/prototypes/Memory_fp.h | 179 - .../tpm/include/prototypes/NV_Certify_fp.h | 79 - .../tpm/include/prototypes/NV_ChangeAuth_fp.h | 62 - .../include/prototypes/NV_DefineSpace_fp.h | 64 - .../tpm/include/prototypes/NV_Extend_fp.h | 64 - .../prototypes/NV_GlobalWriteLock_fp.h | 60 - .../tpm/include/prototypes/NV_Increment_fp.h | 62 - .../tpm/include/prototypes/NV_ReadLock_fp.h | 62 - .../tpm/include/prototypes/NV_ReadPublic_fp.h | 67 - .../tpm/include/prototypes/NV_Read_fp.h | 72 - .../tpm/include/prototypes/NV_SetBits_fp.h | 64 - .../prototypes/NV_UndefineSpaceSpecial_fp.h | 62 - .../include/prototypes/NV_UndefineSpace_fp.h | 62 - .../tpm/include/prototypes/NV_WriteLock_fp.h | 62 - .../tpm/include/prototypes/NV_Write_fp.h | 66 - .../TPMCmd/tpm/include/prototypes/NV_spt_fp.h | 93 - .../tpm/include/prototypes/NvDynamic_fp.h | 474 - .../tpm/include/prototypes/NvReserved_fp.h | 130 - .../include/prototypes/ObjectChangeAuth_fp.h | 70 - .../TPMCmd/tpm/include/prototypes/Object_fp.h | 355 - .../tpm/include/prototypes/Object_spt_fp.h | 393 - .../tpm/include/prototypes/PCR_Allocate_fp.h | 71 - .../tpm/include/prototypes/PCR_Event_fp.h | 68 - .../tpm/include/prototypes/PCR_Extend_fp.h | 62 - .../tpm/include/prototypes/PCR_Read_fp.h | 68 - .../tpm/include/prototypes/PCR_Reset_fp.h | 60 - .../include/prototypes/PCR_SetAuthPolicy_fp.h | 66 - .../include/prototypes/PCR_SetAuthValue_fp.h | 62 - .../TPMCmd/tpm/include/prototypes/PCR_fp.h | 318 - .../tpm/include/prototypes/PP_Commands_fp.h | 64 - .../TPMCmd/tpm/include/prototypes/PP_fp.h | 98 - .../include/prototypes/PolicyAuthValue_fp.h | 60 - .../include/prototypes/PolicyAuthorizeNV_fp.h | 64 - .../include/prototypes/PolicyAuthorize_fp.h | 68 - .../include/prototypes/PolicyCommandCode_fp.h | 62 - .../prototypes/PolicyCounterTimer_fp.h | 66 - .../tpm/include/prototypes/PolicyCpHash_fp.h | 62 - .../prototypes/PolicyDuplicationSelect_fp.h | 66 - .../include/prototypes/PolicyGetDigest_fp.h | 66 - .../include/prototypes/PolicyLocality_fp.h | 62 - .../tpm/include/prototypes/PolicyNV_fp.h | 70 - .../include/prototypes/PolicyNameHash_fp.h | 62 - .../include/prototypes/PolicyNvWritten_fp.h | 62 - .../tpm/include/prototypes/PolicyOR_fp.h | 62 - .../tpm/include/prototypes/PolicyPCR_fp.h | 64 - .../include/prototypes/PolicyPassword_fp.h | 60 - .../prototypes/PolicyPhysicalPresence_fp.h | 60 - .../tpm/include/prototypes/PolicyRestart_fp.h | 60 - .../tpm/include/prototypes/PolicySecret_fp.h | 77 - .../tpm/include/prototypes/PolicySigned_fp.h | 79 - .../include/prototypes/PolicyTemplate_fp.h | 62 - .../tpm/include/prototypes/PolicyTicket_fp.h | 70 - .../prototypes/Policy_AC_SendSelect_fp.h | 68 - .../tpm/include/prototypes/Policy_spt_fp.h | 102 - .../TPMCmd/tpm/include/prototypes/Power_fp.h | 69 - .../tpm/include/prototypes/PropertyCap_fp.h | 59 - .../TPMCmd/tpm/include/prototypes/Quote_fp.h | 73 - .../tpm/include/prototypes/RSA_Decrypt_fp.h | 72 - .../tpm/include/prototypes/RSA_Encrypt_fp.h | 72 - .../tpm/include/prototypes/ReadClock_fp.h | 58 - .../tpm/include/prototypes/ReadPublic_fp.h | 68 - .../prototypes/ResponseCodeProcessing_fp.h | 52 - .../tpm/include/prototypes/Response_fp.h | 53 - .../TPMCmd/tpm/include/prototypes/Rewrap_fp.h | 75 - .../tpm/include/prototypes/RsaKeyCache_fp.h | 65 - .../tpm/include/prototypes/SelfTest_fp.h | 60 - .../include/prototypes/SequenceComplete_fp.h | 71 - .../include/prototypes/SequenceUpdate_fp.h | 62 - .../include/prototypes/SessionProcess_fp.h | 123 - .../tpm/include/prototypes/Session_fp.h | 287 - .../include/prototypes/SetAlgorithmSet_fp.h | 62 - .../prototypes/SetCommandCodeAuditStatus_fp.h | 66 - .../include/prototypes/SetPrimaryPolicy_fp.h | 64 - .../tpm/include/prototypes/Shutdown_fp.h | 60 - .../TPMCmd/tpm/include/prototypes/Sign_fp.h | 72 - .../include/prototypes/StartAuthSession_fp.h | 79 - .../tpm/include/prototypes/Startup_fp.h | 60 - .../tpm/include/prototypes/StirRandom_fp.h | 60 - .../tpm/include/prototypes/TestParms_fp.h | 60 - .../TPMCmd/tpm/include/prototypes/Ticket_fp.h | 101 - .../TPMCmd/tpm/include/prototypes/Time_fp.h | 139 - .../tpm/include/prototypes/TpmASN1_fp.h | 234 - .../tpm/include/prototypes/TpmFail_fp.h | 98 - .../tpm/include/prototypes/TpmSizeChecks_fp.h | 56 - .../prototypes/TpmToLtcDesSupport_fp.h | 58 - .../tpm/include/prototypes/TpmToLtcMath_fp.h | 150 - .../include/prototypes/TpmToLtcSupport_fp.h | 73 - .../prototypes/TpmToOsslDesSupport_fp.h | 78 - .../tpm/include/prototypes/TpmToOsslMath_fp.h | 223 - .../include/prototypes/TpmToOsslSupport_fp.h | 84 - .../prototypes/TpmToWolfDesSupport_fp.h | 90 - .../tpm/include/prototypes/TpmToWolfMath_fp.h | 209 - .../include/prototypes/TpmToWolfSupport_fp.h | 56 - .../TPMCmd/tpm/include/prototypes/Unseal_fp.h | 66 - .../include/prototypes/Vendor_TCG_Test_fp.h | 66 - .../include/prototypes/VerifySignature_fp.h | 70 - .../tpm/include/prototypes/X509_ECC_fp.h | 79 - .../tpm/include/prototypes/X509_RSA_fp.h | 71 - .../tpm/include/prototypes/X509_spt_fp.h | 118 - .../tpm/include/prototypes/ZGen_2Phase_fp.h | 75 - .../include/prototypes/_TPM_Hash_Data_fp.h | 50 - .../tpm/include/prototypes/_TPM_Hash_End_fp.h | 49 - .../include/prototypes/_TPM_Hash_Start_fp.h | 49 - .../tpm/include/prototypes/_TPM_Init_fp.h | 49 - .../ms-tpm-20-ref/TPMCmd/tpm/include/swap.h | 106 - .../TPMCmd/tpm/src/X509/TpmASN1.c | 514 - .../TPMCmd/tpm/src/X509/X509_ECC.c | 146 - .../TPMCmd/tpm/src/X509/X509_RSA.c | 234 - .../TPMCmd/tpm/src/X509/X509_spt.c | 295 - .../src/command/Asymmetric/ECC_Parameters.c | 61 - .../tpm/src/command/Asymmetric/ECDH_KeyGen.c | 92 - .../tpm/src/command/Asymmetric/ECDH_ZGen.c | 86 - .../tpm/src/command/Asymmetric/EC_Ephemeral.c | 73 - .../tpm/src/command/Asymmetric/RSA_Decrypt.c | 106 - .../tpm/src/command/Asymmetric/RSA_Encrypt.c | 90 - .../tpm/src/command/Asymmetric/ZGen_2Phase.c | 121 - .../AttachedComponent/AC_GetCapability.c | 56 - .../src/command/AttachedComponent/AC_Send.c | 102 - .../src/command/AttachedComponent/AC_spt.c | 149 - .../AttachedComponent/Policy_AC_SendSelect.c | 115 - .../tpm/src/command/Attestation/Attest_spt.c | 198 - .../tpm/src/command/Attestation/Certify.c | 94 - .../src/command/Attestation/CertifyCreation.c | 98 - .../tpm/src/command/Attestation/CertifyX509.c | 276 - .../Attestation/GetCommandAuditDigest.c | 99 - .../Attestation/GetSessionAuditDigest.c | 95 - .../tpm/src/command/Attestation/GetTime.c | 88 - .../tpm/src/command/Attestation/Quote.c | 98 - .../src/command/Capability/GetCapability.c | 180 - .../tpm/src/command/Capability/TestParms.c | 56 - .../src/command/ClockTimer/ClockRateAdjust.c | 55 - .../tpm/src/command/ClockTimer/ClockSet.c | 66 - .../tpm/src/command/ClockTimer/ReadClock.c | 56 - .../CommandAudit/SetCommandCodeAuditStatus.c | 103 - .../tpm/src/command/Context/ContextLoad.c | 193 - .../tpm/src/command/Context/ContextSave.c | 232 - .../tpm/src/command/Context/Context_spt.c | 244 - .../tpm/src/command/Context/EvictControl.c | 131 - .../tpm/src/command/Context/FlushContext.c | 86 - .../command/DA/DictionaryAttackLockReset.c | 67 - .../command/DA/DictionaryAttackParameters.c | 76 - .../tpm/src/command/Duplication/Duplicate.c | 160 - .../tpm/src/command/Duplication/Import.c | 209 - .../tpm/src/command/Duplication/Rewrap.c | 160 - .../tpm/src/command/EA/PolicyAuthValue.c | 81 - .../tpm/src/command/EA/PolicyAuthorize.c | 125 - .../tpm/src/command/EA/PolicyAuthorizeNV.c | 117 - .../tpm/src/command/EA/PolicyCommandCode.c | 90 - .../tpm/src/command/EA/PolicyCounterTimer.c | 129 - .../TPMCmd/tpm/src/command/EA/PolicyCpHash.c | 103 - .../src/command/EA/PolicyDuplicationSelect.c | 113 - .../tpm/src/command/EA/PolicyGetDigest.c | 61 - .../tpm/src/command/EA/PolicyLocality.c | 138 - .../TPMCmd/tpm/src/command/EA/PolicyNV.c | 143 - .../tpm/src/command/EA/PolicyNameHash.c | 99 - .../tpm/src/command/EA/PolicyNvWritten.c | 95 - .../TPMCmd/tpm/src/command/EA/PolicyOR.c | 99 - .../TPMCmd/tpm/src/command/EA/PolicyPCR.c | 125 - .../tpm/src/command/EA/PolicyPassword.c | 81 - .../src/command/EA/PolicyPhysicalPresence.c | 78 - .../TPMCmd/tpm/src/command/EA/PolicySecret.c | 128 - .../TPMCmd/tpm/src/command/EA/PolicySigned.c | 180 - .../tpm/src/command/EA/PolicyTemplate.c | 103 - .../TPMCmd/tpm/src/command/EA/PolicyTicket.c | 128 - .../TPMCmd/tpm/src/command/EA/Policy_spt.c | 290 - .../TPMCmd/tpm/src/command/Ecdaa/Commit.c | 169 - .../command/FieldUpgrade/FieldUpgradeData.c | 53 - .../command/FieldUpgrade/FieldUpgradeStart.c | 51 - .../src/command/FieldUpgrade/FirmwareRead.c | 55 - .../command/HashHMAC/EventSequenceComplete.c | 109 - .../tpm/src/command/HashHMAC/HMAC_Start.c | 105 - .../src/command/HashHMAC/HashSequenceStart.c | 63 - .../tpm/src/command/HashHMAC/MAC_Start.c | 92 - .../src/command/HashHMAC/SequenceComplete.c | 131 - .../tpm/src/command/HashHMAC/SequenceUpdate.c | 106 - .../tpm/src/command/Hierarchy/ChangeEPS.c | 95 - .../tpm/src/command/Hierarchy/ChangePPS.c | 96 - .../TPMCmd/tpm/src/command/Hierarchy/Clear.c | 125 - .../tpm/src/command/Hierarchy/ClearControl.c | 72 - .../tpm/src/command/Hierarchy/CreatePrimary.c | 143 - .../command/Hierarchy/HierarchyChangeAuth.c | 91 - .../src/command/Hierarchy/HierarchyControl.c | 144 - .../src/command/Hierarchy/SetPrimaryPolicy.c | 102 - .../TPMCmd/tpm/src/command/Misc/PP_Commands.c | 80 - .../tpm/src/command/Misc/SetAlgorithmSet.c | 62 - .../tpm/src/command/NVStorage/NV_Certify.c | 141 - .../tpm/src/command/NVStorage/NV_ChangeAuth.c | 68 - .../src/command/NVStorage/NV_DefineSpace.c | 226 - .../tpm/src/command/NVStorage/NV_Extend.c | 109 - .../command/NVStorage/NV_GlobalWriteLock.c | 57 - .../tpm/src/command/NVStorage/NV_Increment.c | 102 - .../tpm/src/command/NVStorage/NV_Read.c | 97 - .../tpm/src/command/NVStorage/NV_ReadLock.c | 93 - .../tpm/src/command/NVStorage/NV_ReadPublic.c | 62 - .../tpm/src/command/NVStorage/NV_SetBits.c | 91 - .../src/command/NVStorage/NV_UndefineSpace.c | 76 - .../NVStorage/NV_UndefineSpaceSpecial.c | 71 - .../tpm/src/command/NVStorage/NV_Write.c | 109 - .../tpm/src/command/NVStorage/NV_WriteLock.c | 91 - .../TPMCmd/tpm/src/command/NVStorage/NV_spt.c | 163 - .../src/command/Object/ActivateCredential.c | 107 - .../TPMCmd/tpm/src/command/Object/Create.c | 155 - .../tpm/src/command/Object/CreateLoaded.c | 221 - .../TPMCmd/tpm/src/command/Object/Load.c | 121 - .../tpm/src/command/Object/LoadExternal.c | 132 - .../tpm/src/command/Object/MakeCredential.c | 96 - .../tpm/src/command/Object/ObjectChangeAuth.c | 93 - .../tpm/src/command/Object/Object_spt.c | 1584 -- .../tpm/src/command/Object/ReadPublic.c | 67 - .../TPMCmd/tpm/src/command/Object/Unseal.c | 70 - .../TPMCmd/tpm/src/command/PCR/PCR_Allocate.c | 83 - .../TPMCmd/tpm/src/command/PCR/PCR_Event.c | 92 - .../TPMCmd/tpm/src/command/PCR/PCR_Extend.c | 89 - .../TPMCmd/tpm/src/command/PCR/PCR_Read.c | 60 - .../TPMCmd/tpm/src/command/PCR/PCR_Reset.c | 74 - .../tpm/src/command/PCR/PCR_SetAuthPolicy.c | 82 - .../tpm/src/command/PCR/PCR_SetAuthValue.c | 73 - .../TPMCmd/tpm/src/command/Random/GetRandom.c | 63 - .../tpm/src/command/Random/StirRandom.c | 54 - .../tpm/src/command/Session/PolicyRestart.c | 54 - .../src/command/Session/StartAuthSession.c | 165 - .../TPMCmd/tpm/src/command/Signature/Sign.c | 112 - .../src/command/Signature/VerifySignature.c | 93 - .../TPMCmd/tpm/src/command/Startup/Shutdown.c | 101 - .../TPMCmd/tpm/src/command/Startup/Startup.c | 244 - .../src/command/Symmetric/EncryptDecrypt.c | 163 - .../src/command/Symmetric/EncryptDecrypt2.c | 83 - .../command/Symmetric/EncryptDecrypt_spt.c | 163 - .../TPMCmd/tpm/src/command/Symmetric/HMAC.c | 108 - .../TPMCmd/tpm/src/command/Symmetric/Hash.c | 88 - .../TPMCmd/tpm/src/command/Symmetric/MAC.c | 94 - .../tpm/src/command/Testing/GetTestResult.c | 61 - .../src/command/Testing/IncrementalSelfTest.c | 65 - .../TPMCmd/tpm/src/command/Testing/SelfTest.c | 58 - .../tpm/src/command/Vendor/Vendor_TCG_Test.c | 50 - .../TPMCmd/tpm/src/crypt/AlgorithmTests.c | 963 - .../TPMCmd/tpm/src/crypt/BnConvert.c | 295 - .../TPMCmd/tpm/src/crypt/BnMath.c | 597 - .../TPMCmd/tpm/src/crypt/BnMemory.c | 187 - .../TPMCmd/tpm/src/crypt/CryptCmac.c | 176 - .../TPMCmd/tpm/src/crypt/CryptDes.c | 188 - .../TPMCmd/tpm/src/crypt/CryptEccData.c | 657 - .../tpm/src/crypt/CryptEccKeyExchange.c | 383 - .../TPMCmd/tpm/src/crypt/CryptEccMain.c | 820 - .../TPMCmd/tpm/src/crypt/CryptEccSignature.c | 931 - .../TPMCmd/tpm/src/crypt/CryptHash.c | 938 - .../TPMCmd/tpm/src/crypt/CryptPrime.c | 385 - .../TPMCmd/tpm/src/crypt/CryptPrimeSieve.c | 571 - .../TPMCmd/tpm/src/crypt/CryptRand.c | 950 - .../TPMCmd/tpm/src/crypt/CryptRsa.c | 1489 -- .../TPMCmd/tpm/src/crypt/CryptSelfTest.c | 222 - .../TPMCmd/tpm/src/crypt/CryptSmac.c | 132 - .../TPMCmd/tpm/src/crypt/CryptSym.c | 478 - .../TPMCmd/tpm/src/crypt/CryptUtil.c | 1901 -- .../TPMCmd/tpm/src/crypt/PrimeData.c | 422 - .../TPMCmd/tpm/src/crypt/RsaKeyCache.c | 255 - .../TPMCmd/tpm/src/crypt/Ticket.c | 277 - .../tpm/src/crypt/ltc/TpmToLtcDesSupport.c | 75 - .../TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c | 286 - .../tpm/src/crypt/ltc/TpmToLtcSupport.c | 96 - .../tpm/src/crypt/ossl/TpmToOsslDesSupport.c | 100 - .../TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c | 638 - .../tpm/src/crypt/ossl/TpmToOsslSupport.c | 112 - .../tpm/src/crypt/wolf/TpmToWolfDesSupport.c | 117 - .../TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c | 521 - .../tpm/src/crypt/wolf/TpmToWolfSupport.c | 60 - .../TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj | 194 - .../TPMCmd/tpm/src/events/_TPM_Hash_Data.c | 70 - .../TPMCmd/tpm/src/events/_TPM_Hash_End.c | 102 - .../TPMCmd/tpm/src/events/_TPM_Hash_Start.c | 92 - .../TPMCmd/tpm/src/events/_TPM_Init.c | 90 - .../TPMCmd/tpm/src/main/CommandDispatcher.c | 430 - .../TPMCmd/tpm/src/main/ExecCommand.c | 317 - .../TPMCmd/tpm/src/main/SessionProcess.c | 2242 --- .../TPMCmd/tpm/src/subsystem/CommandAudit.c | 268 - .../TPMCmd/tpm/src/subsystem/DA.c | 235 - .../TPMCmd/tpm/src/subsystem/Hierarchy.c | 237 - .../TPMCmd/tpm/src/subsystem/NvDynamic.c | 1932 -- .../TPMCmd/tpm/src/subsystem/NvReserved.c | 263 - .../TPMCmd/tpm/src/subsystem/Object.c | 989 - .../TPMCmd/tpm/src/subsystem/PCR.c | 1314 -- .../TPMCmd/tpm/src/subsystem/PP.c | 179 - .../TPMCmd/tpm/src/subsystem/Session.c | 1068 -- .../TPMCmd/tpm/src/subsystem/Time.c | 276 - .../TPMCmd/tpm/src/support/AlgorithmCap.c | 234 - .../TPMCmd/tpm/src/support/Bits.c | 92 - .../tpm/src/support/CommandCodeAttributes.c | 553 - .../TPMCmd/tpm/src/support/Entity.c | 478 - .../TPMCmd/tpm/src/support/Global.c | 59 - .../TPMCmd/tpm/src/support/Handle.c | 195 - .../TPMCmd/tpm/src/support/IoBuffers.c | 125 - .../TPMCmd/tpm/src/support/Locality.c | 75 - .../TPMCmd/tpm/src/support/Manufacture.c | 177 - .../TPMCmd/tpm/src/support/Marshal.c | 5811 ------ .../tpm/src/support/MathOnByteBuffers.c | 265 - .../TPMCmd/tpm/src/support/Memory.c | 269 - .../TPMCmd/tpm/src/support/Power.c | 82 - .../TPMCmd/tpm/src/support/PropertyCap.c | 597 - .../TPMCmd/tpm/src/support/Response.c | 81 - .../tpm/src/support/ResponseCodeProcessing.c | 57 - .../TPMCmd/tpm/src/support/TpmFail.c | 454 - .../TPMCmd/tpm/src/support/TpmSizeChecks.c | 171 - .../go-tpm-tools/simulator/simulator_test.go | 119 - .../google/go-tpm-tools/testutil/utils.go | 18 - .../google/go-tpm-tools/verifier/client.go | 87 - .../go-tpm-tools/verifier/fake/fakeclaims.go | 30 - .../verifier/fake/fakeverifier.go | 199 - .../go-tpm-tools/verifier/fake/signer_rsa | 28 - .../go-tpm-tools/verifier/fake/signer_rsa.pub | 9 - .../go-tpm-tools/verifier/fake/testkeys.go | 40 - .../google/go-tpm-tools/verifier/go.mod | 58 - .../google/go-tpm-tools/verifier/go.sum | 1317 -- .../go-tpm-tools/verifier/ita/client.go | 266 - .../go-tpm-tools/verifier/ita/client_test.go | 391 - .../go-tpm-tools/verifier/ita/evidence.go | 61 - .../verifier/models/token_options.go | 28 - .../verifier/oci/cosign/fakesignature.go | 38 - .../verifier/oci/cosign/signature.go | 81 - .../verifier/oci/cosign/signature_test.go | 180 - .../go-tpm-tools/verifier/oci/interface.go | 45 - .../go-tpm-tools/verifier/rest/errors.go | 26 - .../google/go-tpm-tools/verifier/rest/rest.go | 448 - .../go-tpm-tools/verifier/rest/rest_test.go | 616 - .../verifier/util/fake_attestation_server.go | 120 - .../verifier/util/fake_metadata.go | 73 - .../verifier/util/fake_oauth2_server.go | 71 - .../google/go-tpm-tools/verifier/util/util.go | 73 - .../go-tpm-tools/verifier/util/util_test.go | 44 - .../auto/sdk/internal/telemetry/id.go | 2 +- .../auto/sdk/internal/telemetry/number.go | 2 +- .../auto/sdk/internal/telemetry/span.go | 70 +- .../auto/sdk/internal/telemetry/status.go | 10 +- .../auto/sdk/internal/telemetry/traces.go | 4 +- .../auto/sdk/internal/telemetry/value.go | 14 +- vendor/go.opentelemetry.io/auto/sdk/span.go | 25 +- vendor/go.opentelemetry.io/auto/sdk/tracer.go | 29 +- .../go.opentelemetry.io/otel/.clomonitor.yml | 3 + .../go.opentelemetry.io/otel/.codespellignore | 2 + vendor/go.opentelemetry.io/otel/.gitignore | 1 + vendor/go.opentelemetry.io/otel/.golangci.yml | 542 +- vendor/go.opentelemetry.io/otel/.lycheeignore | 7 + vendor/go.opentelemetry.io/otel/CHANGELOG.md | 313 +- vendor/go.opentelemetry.io/otel/CODEOWNERS | 2 +- .../go.opentelemetry.io/otel/CONTRIBUTING.md | 535 +- vendor/go.opentelemetry.io/otel/LICENSE | 30 + vendor/go.opentelemetry.io/otel/Makefile | 66 +- vendor/go.opentelemetry.io/otel/README.md | 32 +- vendor/go.opentelemetry.io/otel/RELEASING.md | 74 +- .../otel/SECURITY-INSIGHTS.yml | 203 + vendor/go.opentelemetry.io/otel/VERSIONING.md | 2 +- .../otel/attribute/encoder.go | 14 +- .../otel/attribute/filter.go | 12 +- .../otel/attribute/hash.go | 92 + .../internal}/attribute.go | 18 +- .../otel/attribute/internal/xxhash/xxhash.go | 64 + .../otel/attribute/iterator.go | 7 +- .../go.opentelemetry.io/otel/attribute/key.go | 2 +- .../go.opentelemetry.io/otel/attribute/kv.go | 2 +- .../otel/attribute/rawhelpers.go | 37 + .../go.opentelemetry.io/otel/attribute/set.go | 151 +- .../otel/attribute/type_string.go | 5 +- .../otel/attribute/value.go | 23 +- .../otel/baggage/baggage.go | 16 +- .../go.opentelemetry.io/otel/codes/codes.go | 4 +- .../otel/dependencies.Dockerfile | 4 + .../go.opentelemetry.io/otel/get_main_pkgs.sh | 30 - .../go.opentelemetry.io/otel/internal/gen.go | 18 - .../otel/internal/global/handler.go | 1 + .../otel/internal/global/internal_logging.go | 8 +- .../otel/internal/global/meter.go | 47 +- .../otel/internal/global/trace.go | 14 +- .../otel/internal/rawhelpers.go | 48 - vendor/go.opentelemetry.io/otel/metric.go | 2 +- .../go.opentelemetry.io/otel/metric/LICENSE | 30 + .../otel/metric/asyncfloat64.go | 12 +- .../otel/metric/asyncint64.go | 8 +- .../go.opentelemetry.io/otel/metric/config.go | 38 +- .../otel/metric/instrument.go | 16 +- .../go.opentelemetry.io/otel/metric/meter.go | 10 +- .../otel/metric/noop/noop.go | 25 +- .../otel/propagation/baggage.go | 40 +- .../otel/propagation/propagation.go | 34 +- .../otel/propagation/trace_context.go | 8 +- vendor/go.opentelemetry.io/otel/renovate.json | 11 +- .../go.opentelemetry.io/otel/requirements.txt | 2 +- vendor/go.opentelemetry.io/otel/sdk/LICENSE | 30 + .../otel/sdk/internal/x/features.go | 39 + .../otel/sdk/internal/x/x.go | 48 +- .../otel/sdk/resource/builtin.go | 4 +- .../otel/sdk/resource/container.go | 4 +- .../otel/sdk/resource/env.go | 2 +- .../otel/sdk/resource/host_id.go | 4 +- .../otel/sdk/resource/host_id_bsd.go | 1 - .../otel/sdk/resource/host_id_linux.go | 1 - .../otel/sdk/resource/host_id_unsupported.go | 1 - .../otel/sdk/resource/host_id_windows.go | 1 - .../otel/sdk/resource/os.go | 6 +- .../otel/sdk/resource/os_release_darwin.go | 3 +- .../otel/sdk/resource/os_release_unix.go | 7 +- .../otel/sdk/resource/os_unix.go | 1 - .../otel/sdk/resource/os_unsupported.go | 1 - .../otel/sdk/resource/process.go | 18 +- .../otel/sdk/resource/resource.go | 27 +- .../otel/sdk/trace/batch_span_processor.go | 61 +- .../go.opentelemetry.io/otel/sdk/trace/doc.go | 3 + .../otel/sdk/trace/id_generator.go | 30 +- .../otel/sdk/{ => trace}/internal/env/env.go | 4 +- .../internal/observ/batch_span_processor.go | 119 + .../otel/sdk/trace/internal/observ/doc.go | 6 + .../internal/observ/simple_span_processor.go | 97 + .../otel/sdk/trace/internal/observ/tracer.go | 223 + .../otel/sdk/trace/provider.go | 26 +- .../otel/sdk/trace/sampling.go | 16 +- .../otel/sdk/trace/simple_span_processor.go | 39 +- .../otel/sdk/trace/snapshot.go | 2 +- .../otel/sdk/trace/span.go | 30 +- .../otel/sdk/trace/span_limits.go | 2 +- .../otel/sdk/trace/tracer.go | 45 +- .../otel/sdk/trace/version.go | 9 - .../go.opentelemetry.io/otel/sdk/version.go | 3 +- .../otel/semconv/v1.37.0/MIGRATION.md | 41 + .../otel/semconv/v1.37.0/README.md | 3 + .../otel/semconv/v1.37.0/attribute_group.go | 15193 ++++++++++++++++ .../otel/semconv/v1.37.0/doc.go | 9 + .../otel/semconv/v1.37.0/error_type.go | 56 + .../otel/semconv/v1.37.0/exception.go | 9 + .../otel/semconv/v1.37.0/otelconv/metric.go | 2264 +++ .../otel/semconv/v1.37.0/schema.go | 9 + vendor/go.opentelemetry.io/otel/trace/LICENSE | 30 + vendor/go.opentelemetry.io/otel/trace/auto.go | 662 + .../go.opentelemetry.io/otel/trace/config.go | 49 +- vendor/go.opentelemetry.io/otel/trace/hex.go | 38 + .../otel/trace/internal/telemetry/attr.go | 58 + .../otel/trace/internal/telemetry/doc.go | 8 + .../otel/trace/internal/telemetry/id.go | 103 + .../otel/trace/internal/telemetry/number.go | 67 + .../otel/trace/internal/telemetry/resource.go | 66 + .../otel/trace/internal/telemetry/scope.go | 67 + .../otel/trace/internal/telemetry/span.go | 472 + .../otel/trace/internal/telemetry/status.go | 42 + .../otel/trace/internal/telemetry/traces.go | 189 + .../otel/trace/internal/telemetry/value.go | 453 + vendor/go.opentelemetry.io/otel/trace/noop.go | 26 +- .../otel/trace/noop/noop.go | 2 +- vendor/go.opentelemetry.io/otel/trace/span.go | 4 + .../go.opentelemetry.io/otel/trace/trace.go | 156 +- .../otel/trace/tracestate.go | 6 +- .../otel/verify_readmes.sh | 21 - vendor/go.opentelemetry.io/otel/version.go | 2 +- vendor/go.opentelemetry.io/otel/versions.yaml | 31 +- vendor/golang.org/x/oauth2/deviceauth.go | 31 +- vendor/golang.org/x/oauth2/internal/doc.go | 2 +- vendor/golang.org/x/oauth2/internal/oauth2.go | 2 +- vendor/golang.org/x/oauth2/internal/token.go | 50 +- .../golang.org/x/oauth2/internal/transport.go | 4 +- vendor/golang.org/x/oauth2/oauth2.go | 60 +- vendor/golang.org/x/oauth2/pkce.go | 17 +- vendor/golang.org/x/oauth2/token.go | 19 +- vendor/golang.org/x/oauth2/transport.go | 26 +- .../googleapis/api/httpbody/httpbody.pb.go | 2 +- .../rpc/errdetails/error_details.pb.go | 315 +- .../googleapis/rpc/status/status.pb.go | 2 +- vendor/google.golang.org/grpc/CONTRIBUTING.md | 184 +- vendor/google.golang.org/grpc/MAINTAINERS.md | 8 +- vendor/google.golang.org/grpc/README.md | 1 + .../grpc/balancer/balancer.go | 10 +- .../endpointsharding/endpointsharding.go | 57 +- .../balancer/pickfirst/internal/internal.go | 2 + .../grpc/balancer/pickfirst/pickfirst.go | 922 +- .../pickfirst/pickfirstleaf/pickfirstleaf.go | 927 - .../grpc/balancer/roundrobin/roundrobin.go | 13 +- .../grpc/balancer/subconn.go | 14 - .../grpc/balancer_wrapper.go | 15 +- .../grpc_binarylog_v1/binarylog.pb.go | 191 +- vendor/google.golang.org/grpc/clientconn.go | 211 +- .../grpc/credentials/credentials.go | 62 +- .../grpc/credentials/insecure/insecure.go | 8 +- .../google.golang.org/grpc/credentials/tls.go | 50 +- vendor/google.golang.org/grpc/dialoptions.go | 25 +- .../grpc/encoding/encoding.go | 24 +- .../grpc/encoding/gzip/gzip.go | 12 - .../grpc/encoding/internal/internal.go | 28 + .../grpc/encoding/proto/proto.go | 20 +- .../grpc/experimental/stats/metricregistry.go | 72 + .../grpc/experimental/stats/metrics.go | 79 +- .../grpc/health/grpc_health_v1/health.pb.go | 82 +- .../health/grpc_health_v1/health_grpc.pb.go | 8 +- vendor/google.golang.org/grpc/interceptor.go | 12 +- .../balancer/gracefulswitch/gracefulswitch.go | 22 +- .../grpc/internal/balancer/weight/weight.go | 66 + .../grpc/internal/buffer/unbounded.go | 1 + .../grpc/internal/channelz/trace.go | 2 +- .../grpc/internal/credentials/credentials.go | 14 - .../grpc/internal/envconfig/envconfig.go | 63 +- .../grpc/internal/envconfig/xds.go | 16 + .../grpc/internal/experimental.go | 7 + .../internal/grpcsync/callback_serializer.go | 22 +- .../grpc/internal/grpcsync/event.go | 19 +- .../grpc/internal/idle/idle.go | 77 +- .../grpc/internal/internal.go | 65 +- .../delegatingresolver/delegatingresolver.go | 58 +- .../internal/resolver/dns/dns_resolver.go | 35 +- .../internal/stats/metrics_recorder_list.go | 70 + .../grpc/internal/stats/stats.go | 70 + .../grpc/internal/status/status.go | 8 + .../grpc/internal/transport/client_stream.go | 34 +- .../grpc/internal/transport/controlbuf.go | 126 +- .../grpc/internal/transport/flowcontrol.go | 23 +- .../grpc/internal/transport/handler_server.go | 50 +- .../grpc/internal/transport/http2_client.go | 288 +- .../grpc/internal/transport/http2_server.go | 213 +- .../grpc/internal/transport/http_util.go | 172 +- .../grpc/internal/transport/server_stream.go | 13 +- .../grpc/internal/transport/transport.go | 132 +- .../google.golang.org/grpc/mem/buffer_pool.go | 31 +- .../grpc/mem/buffer_slice.go | 104 +- vendor/google.golang.org/grpc/mem/buffers.go | 65 +- .../google.golang.org/grpc/picker_wrapper.go | 36 +- vendor/google.golang.org/grpc/preloader.go | 3 - .../grpc/resolver/resolver.go | 6 + .../grpc/resolver_wrapper.go | 1 + vendor/google.golang.org/grpc/rpc_util.go | 138 +- vendor/google.golang.org/grpc/server.go | 188 +- .../google.golang.org/grpc/stats/handlers.go | 9 + vendor/google.golang.org/grpc/stats/stats.go | 20 +- vendor/google.golang.org/grpc/stream.go | 280 +- vendor/google.golang.org/grpc/version.go | 2 +- .../protobuf/encoding/protowire/wire.go | 26 +- .../editiondefaults/editions_defaults.binpb | Bin 146 -> 154 bytes .../internal/editionssupport/editions.go | 2 +- .../protobuf/internal/filedesc/desc.go | 52 +- .../protobuf/internal/filedesc/desc_init.go | 14 + .../protobuf/internal/filedesc/desc_lazy.go | 20 + .../protobuf/internal/filedesc/editions.go | 15 +- .../protobuf/internal/filedesc/presence.go | 33 + .../protobuf/internal/genid/api_gen.go | 6 + .../protobuf/internal/genid/descriptor_gen.go | 90 +- .../internal/impl/codec_message_opaque.go | 3 +- .../protobuf/internal/impl/message_opaque.go | 45 +- .../protobuf/internal/impl/presence.go | 3 - .../protobuf/internal/version/version.go | 2 +- .../protobuf/reflect/protodesc/desc.go | 22 + .../protobuf/reflect/protodesc/desc_init.go | 2 + .../protobuf/reflect/protodesc/proto.go | 37 +- .../reflect/protoreflect/source_gen.go | 8 + .../types/descriptorpb/descriptor.pb.go | 643 +- vendor/modules.txt | 55 +- 963 files changed, 27428 insertions(+), 139407 deletions(-) delete mode 100644 vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml delete mode 100644 vendor/github.com/google/go-tpm-tools/.github/workflows/releaser.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/.gitignore delete mode 100644 vendor/github.com/google/go-tpm-tools/.goreleaser.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md delete mode 100644 vendor/github.com/google/go-tpm-tools/README.md delete mode 100644 vendor/github.com/google/go-tpm-tools/RELEASING.md delete mode 100644 vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/attest.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/attest_network_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/attest_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/close.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/eventlog_other.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/example_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/handles.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/handles_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/import.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/import_certify.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/import_certify_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/keys.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/keys_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/pcr.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/pcr_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/quote_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/seal_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/session.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/signer.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/signer_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/client/template.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/attest.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/attest_svsm.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/attest_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/fake_cloudlogging_server.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flags.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flush.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/flush_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/go.mod delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/go.sum delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open_other.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/open_windows.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/pubkey.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/read.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/register.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/root.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/seal.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/seal_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/svsm_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/token.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/token_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/verify.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/verify_sev.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/verify_svsm.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/verify_tdx.go delete mode 100644 vendor/github.com/google/go-tpm-tools/cmd/verify_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/go.mod delete mode 100644 vendor/github.com/google/go-tpm-tools/go.sum delete mode 100644 vendor/github.com/google/go-tpm-tools/go.work delete mode 100644 vendor/github.com/google/go-tpm-tools/go.work.sum delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/cert.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/cert_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/pcrs.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/public.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/quote.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/certificates/pca_tpm_ecc_enc_cert.pem delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/certificates/pca_tpm_ecc_sign_cert.pem delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/certificates/pca_tpm_rsa_enc_cert.pem delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/certificates/pca_tpm_rsa_sign_cert.pem delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/certificates/uca_tpm_ecc_enc_cert.pem delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/certificates/uca_tpm_ecc_sign_cert.pem delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/certificates/uca_tpm_rsa_enc_cert.pem delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/certificates/uca_tpm_rsa_sign_cert.pem delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/arch-linux-workstation.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/confidential-gke-debug-251000_eventlog.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/cos-101-amd-sev.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/cos-85-amd-sev.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/cos-93-amd-sev.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/eventlogwithsp800155.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/gdc-host.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/glinux-alex.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2404-amd-sevsnp.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/load_random_external_key.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/simulate_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/tdx_test_files/tdxReportData.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_cert.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_data.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_other.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_tpm.go delete mode 100644 vendor/github.com/google/go-tpm-tools/internal/test/test_windows.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/.gcloudignore delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/agent/agent.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/agent/agent_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/cloudbuild.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/container_runner.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/container_runner_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/errors.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/go.mod delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/go.sum delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/cloudbuild.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/container-runner.service delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/debug.conf delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/entrypoint.sh delete mode 100755 vendor/github.com/google/go-tpm-tools/launcher/image/exit_script.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/fixup_oem.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/fluent-bit-cs.conf delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/hardened.conf delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/boot-disk-size-consistency-monitor-cs.json delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/docker-monitor-cs.json delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/kernel-monitor-cs.json delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/system-stats-monitor-cs.json delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/preload.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/README.md delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/check_failure.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/cleanup.sh delete mode 100755 vendor/github.com/google/go-tpm-tools/launcher/image/test/create_vm.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/data/cloud-init-config.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/data/echo_startupscript.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_cloud_init_userdata_disabled.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_custom_token.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_experiment_value.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload_cloudlogging.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload_discover_signatures.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_cmd.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_cmd_cloudlogging.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_env.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_env_cloudlogging.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_health_monitoring.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_debug.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_debug_cloudlogging.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_never.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_never_cloudlogging.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_memory_monitoring.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_log_redirect.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_mds_var_change.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_memory_monitoring.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_multiwriterpd_disabled.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_os_config_os_policy.sh delete mode 100755 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_ssh_manual.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_startupscript_disabled.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_debug_cloudbuild.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_debug_unstable_cloudbuild.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_discover_signatures.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_experiments_client.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_hardened_cloudbuild.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_hardened_unstable_cloudbuild.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_health_monitoring.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_http_server.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_ingress_network.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_launchpolicy_cloudbuild.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_log_redirection.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_memory_monitoring.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_mounts.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_oda_with_signed_container.yaml delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/test_privileged.yaml delete mode 100755 vendor/github.com/google/go-tpm-tools/launcher/image/test/util/change_metadata_vars.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/test/util/read_cloud_logging.sh delete mode 100755 vendor/github.com/google/go-tpm-tools/launcher/image/test/util/read_serial.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoring/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringdebug/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringmemoryonly/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringnone/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/basic/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/basic/main.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath/main.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicycmd/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicylogdebug/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicylognever/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoring/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoringdebug/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoringnever/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/mounts/Dockerfile delete mode 100755 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/mounts/print_mounts.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/privileged/Dockerfile delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/experiments/experiments.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/experiments/experiments_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/mount.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/tmpfs.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/tmpfs_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/logging/logging.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/logging/logging_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/rest_network_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/client.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/client_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/fakeclient.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/systemctl/systemctl.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/internal/systemctl/systemctl_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/launcher/main.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/launcher/main_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/launcherfile/launcherfile.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/registryauth/auth.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/spec/launch_policy.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/spec/launch_policy_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/spec/launch_spec.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/spec/launch_spec_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/teeserver/tee_server.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/teeserver/tee_server_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/util.go delete mode 100644 vendor/github.com/google/go-tpm-tools/launcher/util_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/attest.proto delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/doc.go delete mode 100755 vendor/github.com/google/go-tpm-tools/proto/gen_attest.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/tpm.proto delete mode 100644 vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go delete mode 100755 vendor/github.com/google/go-tpm-tools/run_cloudbuild.sh delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/gcp_ek_ak_ca_intermediate_v3.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/gcp_ek_ak_ca_root.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_3.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_root_1.cer delete mode 100644 vendor/github.com/google/go-tpm-tools/server/certificate_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/ecc_utils.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/eventlog.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/eventlog_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/example_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/grouped_error.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/grouped_error_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/import.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/import_certify.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/import_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/instance_info.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/key_conversion.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/key_conversion_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/policy.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_constants.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/policy_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicCorKEKCA2011_2011-06-24.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicCorUEFCA2011_2011-06-27.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/MicWinProPCA2011_2011-10-19.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/canonical-boothole.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin delete mode 100644 vendor/github.com/google/go-tpm-tools/server/secure-boot/debian-boothole.crt delete mode 100644 vendor/github.com/google/go-tpm-tools/server/verify.go delete mode 100644 vendor/github.com/google/go-tpm-tools/server/verify_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/VendorString.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfHash.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c delete mode 100644 vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/testutil/utils.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/client.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/fake/fakeclaims.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/fake/fakeverifier.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/fake/signer_rsa delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/fake/signer_rsa.pub delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/fake/testkeys.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/go.mod delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/go.sum delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/ita/client.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/ita/client_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/ita/evidence.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/models/token_options.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/fakesignature.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/signature.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/signature_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/oci/interface.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/rest/errors.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/rest/rest.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/rest/rest_test.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/util/fake_attestation_server.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/util/fake_metadata.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/util/fake_oauth2_server.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/util/util.go delete mode 100644 vendor/github.com/google/go-tpm-tools/verifier/util/util_test.go create mode 100644 vendor/go.opentelemetry.io/otel/.clomonitor.yml create mode 100644 vendor/go.opentelemetry.io/otel/SECURITY-INSIGHTS.yml create mode 100644 vendor/go.opentelemetry.io/otel/attribute/hash.go rename vendor/go.opentelemetry.io/otel/{internal/attribute => attribute/internal}/attribute.go (84%) create mode 100644 vendor/go.opentelemetry.io/otel/attribute/internal/xxhash/xxhash.go create mode 100644 vendor/go.opentelemetry.io/otel/attribute/rawhelpers.go create mode 100644 vendor/go.opentelemetry.io/otel/dependencies.Dockerfile delete mode 100644 vendor/go.opentelemetry.io/otel/get_main_pkgs.sh delete mode 100644 vendor/go.opentelemetry.io/otel/internal/gen.go delete mode 100644 vendor/go.opentelemetry.io/otel/internal/rawhelpers.go create mode 100644 vendor/go.opentelemetry.io/otel/sdk/internal/x/features.go rename vendor/go.opentelemetry.io/otel/sdk/{ => trace}/internal/env/env.go (97%) create mode 100644 vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go create mode 100644 vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/doc.go create mode 100644 vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go create mode 100644 vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go delete mode 100644 vendor/go.opentelemetry.io/otel/sdk/trace/version.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.37.0/MIGRATION.md create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.37.0/README.md create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.37.0/doc.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.37.0/error_type.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.37.0/exception.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.37.0/otelconv/metric.go create mode 100644 vendor/go.opentelemetry.io/otel/semconv/v1.37.0/schema.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/auto.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/hex.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/doc.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/number.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/resource.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/scope.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/status.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/traces.go create mode 100644 vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go delete mode 100644 vendor/go.opentelemetry.io/otel/verify_readmes.sh delete mode 100644 vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go create mode 100644 vendor/google.golang.org/grpc/encoding/internal/internal.go create mode 100644 vendor/google.golang.org/grpc/internal/balancer/weight/weight.go create mode 100644 vendor/google.golang.org/grpc/internal/stats/stats.go create mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/presence.go diff --git a/go.mod b/go.mod index 4ee84a83b..6d562017f 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-ole/go-ole v1.2.6 // indirect @@ -120,21 +120,21 @@ require ( github.com/spf13/pflag v1.0.6 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/twpayne/go-vfs/v4 v4.3.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect - go.opentelemetry.io/otel v1.34.0 // indirect + go.opentelemetry.io/otel v1.39.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 // indirect - go.opentelemetry.io/otel/metric v1.34.0 // indirect - go.opentelemetry.io/otel/sdk v1.34.0 // indirect - go.opentelemetry.io/otel/trace v1.34.0 // indirect + go.opentelemetry.io/otel/metric v1.39.0 // indirect + go.opentelemetry.io/otel/sdk v1.39.0 // indirect + go.opentelemetry.io/otel/trace v1.39.0 // indirect go.opentelemetry.io/proto/otlp v1.5.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.46.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect golang.org/x/net v0.48.0 // indirect - golang.org/x/oauth2 v0.28.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect golang.org/x/sync v0.19.0 // indirect golang.org/x/sys v0.39.0 // indirect golang.org/x/term v0.38.0 // indirect @@ -142,10 +142,10 @@ require ( golang.org/x/time v0.11.0 // indirect golang.org/x/tools v0.39.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect - google.golang.org/grpc v1.72.2 // indirect - google.golang.org/protobuf v1.36.6 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 549851a2f..b13f7e917 100644 --- a/go.sum +++ b/go.sum @@ -90,8 +90,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -325,8 +325,8 @@ github.com/rancher/wrangler/v2 v2.1.4/go.mod h1:af5OaGU/COgreQh1mRbKiUI64draT2NN github.com/rancher/yip v1.4.11 h1:y2uyYonX16YeMPamhhBEBprZSj08deXpY6a629D7NIg= github.com/rancher/yip v1.4.11/go.mod h1:I2tD0+qH3MpVtMjfOTjEJCb5eaDShz7TP8uxeCZx2OM= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ= github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U= @@ -361,8 +361,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/twpayne/go-vfs v1.0.1/go.mod h1:OIXA6zWkcn7Jk46XT7ceYqBMeIkfzJ8WOBhGJM0W4y8= @@ -382,24 +382,24 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I= -go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= -go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 h1:tgJ0uaNS4c98WRNUEx5U3aDlrDOI5Rs+1Vifcw4DJ8U= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0/go.mod h1:U7HYyW0zt/a9x5J1Kjs+r1f/d4ZHnYFclhYY2+YbeoE= -go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= -go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= -go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= -go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= -go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk= -go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= -go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= -go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -497,8 +497,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= -golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -626,6 +626,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= +gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -688,10 +690,10 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950= -google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -708,8 +710,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.72.2 h1:TdbGzwb82ty4OusHWepvFWGLgIbNo1/SUynEN0ssqv8= -google.golang.org/grpc v1.72.2/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -720,8 +722,8 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/vendor/github.com/go-logr/logr/.golangci.yaml b/vendor/github.com/go-logr/logr/.golangci.yaml index 0cffafa7b..0ed62c1a1 100644 --- a/vendor/github.com/go-logr/logr/.golangci.yaml +++ b/vendor/github.com/go-logr/logr/.golangci.yaml @@ -1,26 +1,28 @@ +version: "2" + run: timeout: 1m tests: true linters: - disable-all: true - enable: + default: none + enable: # please keep this alphabetized + - asasalint - asciicheck + - copyloopvar + - dupl - errcheck - forcetypeassert + - goconst - gocritic - - gofmt - - goimports - - gosimple - govet - ineffassign - misspell + - musttag - revive - staticcheck - - typecheck - unused issues: - exclude-use-default: false max-issues-per-linter: 0 max-same-issues: 10 diff --git a/vendor/github.com/go-logr/logr/funcr/funcr.go b/vendor/github.com/go-logr/logr/funcr/funcr.go index 30568e768..b22c57d71 100644 --- a/vendor/github.com/go-logr/logr/funcr/funcr.go +++ b/vendor/github.com/go-logr/logr/funcr/funcr.go @@ -77,7 +77,7 @@ func newSink(fn func(prefix, args string), formatter Formatter) logr.LogSink { write: fn, } // For skipping fnlogger.Info and fnlogger.Error. - l.Formatter.AddCallDepth(1) + l.AddCallDepth(1) // via Formatter return l } @@ -164,17 +164,17 @@ type fnlogger struct { } func (l fnlogger) WithName(name string) logr.LogSink { - l.Formatter.AddName(name) + l.AddName(name) // via Formatter return &l } func (l fnlogger) WithValues(kvList ...any) logr.LogSink { - l.Formatter.AddValues(kvList) + l.AddValues(kvList) // via Formatter return &l } func (l fnlogger) WithCallDepth(depth int) logr.LogSink { - l.Formatter.AddCallDepth(depth) + l.AddCallDepth(depth) // via Formatter return &l } diff --git a/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml b/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml deleted file mode 100644 index 7cd0d447e..000000000 --- a/vendor/github.com/google/go-tpm-tools/.github/workflows/ci.yml +++ /dev/null @@ -1,138 +0,0 @@ -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. -# - -name: CI -on: - push: - tags: - - v* - branches: - - master - - main - pull_request: - -jobs: - build: - strategy: - matrix: - go-version: [1.21.x] - # TODO: Get this working on windows-latest - os: [ubuntu-latest] - architecture: [x32, x64] - include: - - os: macos-latest - architecture: arm64 - go-version: 1.21.x - - os: macos-14-large - architecture: x64 - go-version: 1.21.x - name: Generate/Build/Test (${{ matrix.os }}, ${{ matrix.architecture }}, Go ${{ matrix.go-version }}) - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: ${{ matrix.go-version }} - architecture: ${{ matrix.architecture }} - - name: Install Protoc - uses: arduino/setup-protoc@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: "3.20.1" - - name: Install protoc-gen-go - run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28.0 - - name: Check Protobuf Generation - run: | - go generate ./... ./cmd/... ./launcher/... ./verifier/... - git diff -G'^[^/]' --exit-code - - name: Install Linux 64-bit packages - run: sudo apt-get -y install libssl-dev - if: runner.os == 'Linux' && matrix.architecture == 'x64' - - name: Install Linux 32-bit packages - run: sudo dpkg --add-architecture i386; sudo apt-get update; sudo apt-get -y install libssl-dev:i386 libgcc-s1:i386 gcc-multilib - if: runner.os == 'Linux' && matrix.architecture == 'x32' - - name: Install Mac packages - run: | - brew install openssl - if: runner.os == 'macOS' - - name: Install Windows packages - run: choco install openssl - if: runner.os == 'Windows' - - name: Build all modules except launcher - run: go build -v ./... ./cmd/... ./verifier/... - - name: Build launcher module - run: go build -v ./launcher/... - if: runner.os == 'Linux' - - name: Run specific tests under root permission - run: | - GO_EXECUTABLE_PATH=$(which go) - sudo $GO_EXECUTABLE_PATH test -v -run "TestFetchImageSignaturesDockerPublic" ./launcher - if: runner.os == 'Linux' - - name: Run all tests in launcher to capture potential data race - run: go test -v -race ./launcher/... - if: (runner.os == 'Linux') && matrix.architecture == 'x64' - - name: Test all modules except launcher - run: go test -v ./... ./cmd/... ./verifier/... -skip='TestCacheConcurrentSetGet|TestHwAttestationPass|TestHardwareAttestationPass' - - lint: - strategy: - matrix: - go-version: [1.21.x] - os: [ubuntu-latest] - dir: ["./", "./cmd", "./launcher"] - name: Lint ${{ matrix.dir }} (${{ matrix.os }}, Go ${{ matrix.go-version }}) - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.go-version }} - - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3.2.0 - with: - version: latest - working-directory: ${{ matrix.dir }} - args: > - -D errcheck - -E stylecheck - -E goimports - -E misspell - -E revive - -E gofmt - -E goimports - --exclude-use-default=false - --max-same-issues=0 - --max-issues-per-linter=0 - --timeout 2m - - lintc: - strategy: - matrix: - go-version: [1.21.x] - os: [ubuntu-latest] - name: Lint CGO (${{ matrix.os }}, Go ${{ matrix.go-version }}) - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.go-version }} - - name: Install Linux packages - run: sudo apt-get -y install libssl-dev - - name: Check for CGO Warnings (gcc) - run: CGO_CFLAGS=-Werror CC=gcc go build ./... - - name: Check for CGO Warnings (clang) - run: CGO_CFLAGS=-Werror CC=clang go build ./... diff --git a/vendor/github.com/google/go-tpm-tools/.github/workflows/releaser.yaml b/vendor/github.com/google/go-tpm-tools/.github/workflows/releaser.yaml deleted file mode 100644 index ae74cf368..000000000 --- a/vendor/github.com/google/go-tpm-tools/.github/workflows/releaser.yaml +++ /dev/null @@ -1,56 +0,0 @@ -name: release - -on: - push: - branches: - tags: - - 'v*' - workflow_dispatch: - inputs: - refToBuild: - description: 'Branch, tag or commit SHA1 to build' - required: false - type: string - -jobs: - release: - permissions: - contents: write - strategy: - matrix: - # We can cross-compile from Linux to macOS and Windows. See .goreleaser.yaml - # So running just on ubuntu is sufficient. - go-version: [1.21.x] - os: [ubuntu-latest] - - name: Release (${{ matrix.os}}, Go ${{ matrix.go-version }}) - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - ref: ${{ inputs.refToBuild }} - - uses: actions/setup-go@v5 - with: - go-version: ${{ matrix.go-version }} - cache: true - - shell: bash - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - id: cache - uses: actions/cache@v3 - with: - path: dist/${{ matrix.os }} - key: ${{ matrix.go }}-${{ env.sha_short }} - - name: Install Linux packages - run: sudo apt-get -y install libssl-dev - if: runner.os == 'Linux' - - name: Build all modules - run: go build -v ./... ./cmd/... ./launcher/... ./verifier/... - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 - if: success() && (startsWith(github.ref, 'refs/tags/') || startsWith(inputs.refToBuild, 'refs/tags/')) && steps.cache.outputs.cache-hit != 'true' - with: - version: latest - args: release --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/vendor/github.com/google/go-tpm-tools/.gitignore b/vendor/github.com/google/go-tpm-tools/.gitignore deleted file mode 100644 index ba65e9150..000000000 --- a/vendor/github.com/google/go-tpm-tools/.gitignore +++ /dev/null @@ -1,15 +0,0 @@ -launcher/launcher/launcher -*.test -*.test.exe -cmd/gotpm/gotpm -gotpm -gotpm.exe -files/pkg -files/src -files/go-tpm-tools -*.pkg.tar.xz -.vscode* -*.code-workspace -main -go.work -go.work.sum diff --git a/vendor/github.com/google/go-tpm-tools/.goreleaser.yaml b/vendor/github.com/google/go-tpm-tools/.goreleaser.yaml deleted file mode 100644 index 2e06e123e..000000000 --- a/vendor/github.com/google/go-tpm-tools/.goreleaser.yaml +++ /dev/null @@ -1,41 +0,0 @@ -builds: - - goos: - - linux - - windows - - darwin - goarch: - - amd64 - - arm64 - env: - - CGO_ENABLED=0 - id: "gotpm" - main: ./cmd/gotpm - binary: gotpm - -archives: - - format: tar.gz - # this name template makes the OS and Arch compatible with the results of uname. - name_template: >- - {{ .ProjectName }}_ - {{- title .Os }}_ - {{- if eq .Arch "amd64" }}x86_64 - {{- else if eq .Arch "386" }}i386 - {{- else }}{{ .Arch }}{{ end }} - {{- if .Arm }}v{{ .Arm }}{{ end }} - # use zip for windows archives - format_overrides: - - goos: windows - format: zip -checksum: - name_template: 'checksums.txt' -snapshot: - name_template: "{{ incpatch .Version }}-next" -changelog: - sort: asc - filters: - exclude: - - '^docs:' - - '^test:' - -# yaml-language-server: $schema=https://goreleaser.com/static/schema.json -# vim: set ts=2 sw=2 tw=0 fo=cnqoj diff --git a/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md b/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md deleted file mode 100644 index 38ab28c84..000000000 --- a/vendor/github.com/google/go-tpm-tools/CONTRIBUTING.md +++ /dev/null @@ -1,33 +0,0 @@ -# How to Contribute - -We'd love to accept your patches and contributions to this project. There are -just a few small guidelines you need to follow. - -## Contributor License Agreement - -Contributions to this project must be accompanied by a Contributor License -Agreement. You (or your employer) retain the copyright to your contribution; -this simply gives us permission to use and redistribute your contributions as -part of the project. Head over to to see -your current agreements on file or to sign a new one. - -You generally only need to submit a CLA once, so if you've already submitted one -(even if it was for a different project), you probably don't need to do it -again. - -## Code reviews - -All submissions, including submissions by project members, require review. We -use GitHub pull requests for this purpose. Consult -[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more -information on using pull requests. - -## Community Guidelines - -This project follows [Google's Open Source Community -Guidelines](https://opensource.google.com/conduct/). - -## Releasing a new version - -See [`RELEASING.md`](RELEASING.md) for instructions on how to cut a new -version of go-tpm-tools. diff --git a/vendor/github.com/google/go-tpm-tools/README.md b/vendor/github.com/google/go-tpm-tools/README.md deleted file mode 100644 index 3e51b24aa..000000000 --- a/vendor/github.com/google/go-tpm-tools/README.md +++ /dev/null @@ -1,158 +0,0 @@ -# Go-TPM tools [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/google/go-tpm-tools)](https://github.com/google/go-tpm-tools/releases) - -[![Build Status](https://github.com/google/go-tpm-tools/workflows/CI/badge.svg)](https://github.com/google/go-tpm-tools/actions?query=workflow%3ACI) -[![Go Reference](https://pkg.go.dev/badge/github.com/google/go-tpm-tools.svg)](https://pkg.go.dev/github.com/google/go-tpm-tools) -![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/google/go-tpm-tools) -[![Go Report Card](https://goreportcard.com/badge/github.com/google/go-tpm-tools)](https://goreportcard.com/report/github.com/google/go-tpm-tools) -[![License](https://img.shields.io/badge/LICENSE-Apache2.0-ff69b4.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) - -The `go-tpm-tools` module is a [TPM 2.0](https://trustedcomputinggroup.org/resource/trusted-platform-module-2-0-a-brief-introduction/) support library designed to complement [Go-TPM](https://github.com/google/go-tpm). - -It contains the following public packages: - - [`client`](https://pkg.go.dev/github.com/google/go-tpm-tools/client): - A Go package providing simplified abstractions and utility functions for interacting with a TPM 2.0, including: - - Signing - - Attestation - - Reading PCRs - - Sealing/Unsealing data - - Importing Data and Keys - - Reading NVData - - Getting the TCG Event Log - - [`server`](https://pkg.go.dev/github.com/google/go-tpm-tools/server): - A Go package providing functionality for a remote server to send, receive, and interpret TPM 2.0 data. None of the commands in this package issue TPM commands, but instead handle: - - TCG Event Log parsing - - Attestation verification - - Creating data for Importing into a TPM - - [`proto`](https://pkg.go.dev/github.com/google/go-tpm-tools/proto): - Common [Protocol Buffer](https://developers.google.com/protocol-buffers) messages that are exchanged between the `client` and `server` libraries. This package also contains helper methods for validating these messages. - - [`simulator`](https://pkg.go.dev/github.com/google/go-tpm-tools/simulator): - Go bindings to the Microsoft's [TPM 2.0 simulator](https://github.com/Microsoft/ms-tpm-20-ref/). - -This repository also contains `gotpm`, a command line tool for using the TPM. -Run `gotpm --help` and `gotpm --help` for more documentation. - -### Use prebuilt `gotpm` binary - -You can download the binary from a [release](https://github.com/google/go-tpm-tools/releases) directly. - -```bash -# VERSION: 0.4.4 ARCH: Linux_x86_64 -curl -L https://github.com/google/go-tpm-tools/releases/download/[VERSION]/go-tpm-tools_[ARCH].tar.gz -o go-tpm-tools.tar.gz -tar xvf go-tpm-tools.tar.gz -# You may need to copy the binary to a directory with executable permissions. -# NOTE: on Container-Optimized OS, /var/lib/google/ is executable -./gotpm --help -``` - -### Building and Installing `gotpm` - -`gotpm` can be directly installed from this repo by running: -```bash -go install github.com/google/go-tpm-tools/cmd/gotpm@latest -# gotpm will be installed to $GOBIN -gotpm --help -``` -Alternatively, to build `gotpm` from a cloned version of this repo, run: -```bash -cd /my/path/to/cloned/go-tpm-tools/cmd/gotpm -go build -# gotpm will be in the cmd/gotpm subdirectory of the repo -./gotpm --help -``` - -## Minimum Required Go Version - -This project currently requires Go 1.20 or newer. Any update to the minimum required Go version will be released as a **minor** version update. - -## `openssl` errors when building `simulator` - -Similarly, when building the `simulator` library (or tests), you may get an error that looks like: -``` -fatal error: openssl/aes.h: No such file or directory - 47 | // #include - | ^~~~~~~~~~~~~~~~ -compilation terminated. -``` -This is because the `simulator` library depends on having the [OpenSSL](https://www.openssl.org/) headers installed. To fix this error, install the appropriate header package: - -### Linux - -```bash -# Ubuntu/Debian based systems -sudo apt install libssl-dev -# Redhat/Centos based systems -sudo yum install openssl-devel -# Arch Linux (headers/library in the same package) -sudo pacman -S openssl -``` - -### macOS - -First, install [Homebrew](https://brew.sh/). Then run: -```bash -brew install openssl -``` - -### Windows - -First, install [Chocolatey](https://chocolatey.org/). Then run: -```bash -choco install openssl -``` - -### Custom install location - -If you want to use a different installation of OpenSSL, or you are getting -linker errors like `ld: library not found for -lcrypto`, you can directly -point Go your installation. We will assume your installation is located at -`$OPENSSL_PATH` (with `lib` and `include` subdirectories). - -#### Add OpenSSL to the include and library path at the command line -This solution does not require modifying go-tpm-tools code and is useful when -working on other projects that depend on go-tpm-tools/simulator. -``` -C_INCLUDE_PATH="$OPENSSL_PATH/include" LIBRARY_PATH="$OPENSSL_PATH/lib" go test ... -``` - -#### Add OpenSSL to the include and library path in the code -This solution modifies your local copy of the go-tpm-tools simulator source -and removes the need to provide the paths on the command line. - -Modify the `CFLAGS`/`LDFLAGS` options beginning with `#cgo darwin` or -`#cgo windows` in `simulator/internal/internal.go` to point at your -installation. This could look something like: -```diff -// #cgo darwin CFLAGS: -I $OPENSSL_PATH/include -// #cgo darwin LDFLAGS: -L $OPENSSL_PATH/lib -``` -Remember to revert your modifications to `simulator/internal/internal.go` -before committing your changes. - -## No TPM 1.2 support - -Unlike [Go-TPM](https://github.com/google/go-tpm) (which supports TPM 1.2 and TPM 2.0), this module explicitly only supports TPM 2.0. Users should avoid use of TPM 1.2 due to the inherent reliance on SHA1 (which is [quite broken](https://sha-mbles.github.io/)). - -## Confidential VMs with Intel TDX -For Ubuntu image, the `tdx_guest` module was moved to linux-modules-extra -package in the 1016 and newer kernels. You should be able to install the module, -and either manually load the module or reboot. - -To install the linux-modules-extra package, run: - -```console -sudo apt-get install linux-modules-extra-gcp -``` - -To manually load the module, run: - -```console -sudo modprobe tdx_guest -``` - -## Legal - -Copyright 2018 Google Inc. under the -[Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0). Microsoft's TPM simulator -code is licensed under a [3-clause BSD license](https://opensource.org/licenses/BSD-3-Clause) and the [TCG software license](https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf). See the [`LICENSE`](LICENSE) file for more information. - -This is not an official Google product. diff --git a/vendor/github.com/google/go-tpm-tools/RELEASING.md b/vendor/github.com/google/go-tpm-tools/RELEASING.md deleted file mode 100644 index b3636ab98..000000000 --- a/vendor/github.com/google/go-tpm-tools/RELEASING.md +++ /dev/null @@ -1,96 +0,0 @@ -# Releasing a new version of `go-tpm-tools` - -This repository contains multiple Go modules, so care is needed when creating a -new version. Be sure to follow these steps as it's very easy to accidentally -cut a release (as GitHub doesn't have sufficiently advanced -[tag protections](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)). - -## Create the main release PR - -Create a standalone PR titled "Release vX.Y.Z" against the `main` branch. This -PR should (ideally) be an empty commit, but might contain some minor changes if -we want to get them in for a specific release. You can create an empty commit -by running: -``` -git commit --allow-empty -``` - -The description of the PR should just be the release notes that we want to -publish in the GitHub Release. The notes should just have one-line summaries -of the PRs in the release. Trivial PRs can be omitted and related PRs can be -combined in a single line. It should have the following subsections: - - "Breaking Changes" (backwards-incompatible changes to the package API) - - "New Features" (backwards-compatible changes to the package API) - - "Bug Fixes" (fixes to any particular issues) - - "Other Changes" (non-breaking code changes or Doc/CI updates) - -Sections can be omitted if there wouldn't be any PRs under them. The -[`v0.3.2` release notes](https://github.com/google/go-tpm-tools/releases/tag/v0.3.2) -are a good example. We don't need to specifically mention who wrote what PR or -link to the "Full Changelog". Users can just look this stuff up on GitHub on -their own. - -This commit _should not_ change the version numbers in [`go.work`](go.work), -[`cmd/go.mod`](cmd/go.mod), or [`launcher/go.mod`](launcher/go.mod). When -reviewing the PR, the reviewers and author should decide if the release -will be a major, minor, or patch release. Note that the PR should only consist -of a single commit and be "squashed" instead of "merged". - -## Tag the releases - -After the new release is in the `main` branch, we need to create git tags so -that the Go version system can find the releases. Generally the author of the -PR should do this. - -Tagging can be done via the GitHub Web UI. On the -[Releases Page](https://github.com/google/go-tpm-tools/releases), -click [Draft a New Release](https://github.com/google/go-tpm-tools/releases/new). -In that draft, create the git tag corresponding to your release, and copy the -approved release notes into the description. - -Check that the preview of the release notes looks good, and click -"Publish release". The release and tag should now be visible on GitHub. - -## Follow-up Submodule update PR - -After the main release has been merged and tagged, we need to update the go.mod -files in the various submodules. First, you should update the version number in: - - [`go.work`](go.work) - - [`cmd/go.mod`](cmd/go.mod) - - [`launcher/go.mod`](launcher/go.mod) - -Next, we cleanup the modules by running: - - run `go mod tidy` in each module directory - - run `go work sync` in the root directory - - this requires Go 1.20 or later - -Finally, create a PR with the title "Submodule update for vX.Y.Z". This PR -doesn't need a description. The reviewers should just check that the above -steps were done. Note that the PR should only consist -of a single commit and be "squashed" instead of "merged". - -## Tagging the submodules - -The submodules must be tagged separately from the main library release. This -is best done on the git command line. After the Submodule update PR has been -merged, checkout the repo and check that your `HEAD` is on the commit for the -submodule update PR on the `main` branch. This _should not_ be normal release -commit `vX.Y.Z`, but a later commit. Then, run the following command: -``` -git tag "cmd/vX.Y.Z" && git tag "launcher/vX.Y.Z" -``` -replacing `vX.Y.Z` with the actual version number. - -Finally, double check that you've tagged the correct commit, and then push the -tags to the `main` branch by running: -``` -git push origin "cmd/vX.Y.Z" "launcher/vX.Y.Z" -``` - -The tags should then be visible at https://github.com/google/go-tpm-tools/tags - -## (Googlers only) sync code back into google3 - -Follow the directions at http://go/thirdpartygo#updating-imported-code to import -the three modules back into google3. You will need to run the import script for -each module. It's fine for the imports for all the modules to be in one CL. diff --git a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go b/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go deleted file mode 100644 index 84cd78f7e..000000000 --- a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog.go +++ /dev/null @@ -1,489 +0,0 @@ -// Package cel contains some basic operations of Canonical Eventlog. -// Based on Canonical EventLog Spec (Draft) Version: TCG_IWG_CEL_v1_r0p37. -package cel - -import ( - "bytes" - "crypto" - "encoding/binary" - "fmt" - "io" - - "github.com/google/go-configfs-tsm/configfs/configfsi" - "github.com/google/go-eventlog/register" - "github.com/google/go-tdx-guest/rtmr" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -const ( - // CEL spec 5.1 - recnumTypeValue uint8 = 0 - // PCRTypeValue indicates a PCR event index - PCRTypeValue uint8 = 1 - _ uint8 = 2 // nvindex field is not supported yet - digestsTypeValue uint8 = 3 - // CCMRTypeValue indicates a RTMR event index - CCMRTypeValue uint8 = 108 // not in the CEL spec - - tlvTypeFieldLength int = 1 - tlvLengthFieldLength int = 4 - - recnumValueLength uint32 = 8 // support up to 2^64 records - regIndexValueLength uint32 = 1 // support up to 256 registers -) - -// TLV definition according to CEL spec TCG_IWG_CEL_v1_r0p37, page 16. -// Length is implicitly defined by len(Value), using uint32 big-endian -// when encoding. -type TLV struct { - Type uint8 - Value []byte -} - -// MarshalBinary marshals a TLV to a byte slice. -func (t TLV) MarshalBinary() (data []byte, err error) { - buf := make([]byte, len(t.Value)+tlvTypeFieldLength+tlvLengthFieldLength) - - buf[0] = t.Type - binary.BigEndian.PutUint32(buf[tlvTypeFieldLength:], uint32(len(t.Value))) - copy(buf[tlvTypeFieldLength+tlvLengthFieldLength:], t.Value) - - return buf, nil -} - -// UnmarshalBinary unmarshal a byte slice to a TLV. -func (t *TLV) UnmarshalBinary(data []byte) error { - valueLength := binary.BigEndian.Uint32(data[tlvTypeFieldLength : tlvTypeFieldLength+tlvLengthFieldLength]) - - if valueLength != uint32(len(data[tlvTypeFieldLength+tlvLengthFieldLength:])) { - return fmt.Errorf("TLV Length doesn't match the size of its Value") - } - t.Type = data[0] - t.Value = data[tlvTypeFieldLength+tlvLengthFieldLength:] - - return nil -} - -// UnmarshalFirstTLV reads and parse the first TLV from the bytes buffer. The function will -// return io.EOF if the buf ends unexpectedly or cannot fill the TLV. -func UnmarshalFirstTLV(buf *bytes.Buffer) (tlv TLV, err error) { - typeByte, err := buf.ReadByte() - if err != nil { - return tlv, err - } - var data []byte - data = append(data, typeByte) - - // get the length - lengthBytes := make([]byte, tlvLengthFieldLength) - bytesRead, err := buf.Read(lengthBytes) - if err != nil { - return TLV{}, err - } - if bytesRead != tlvLengthFieldLength { - return TLV{}, io.EOF - } - valueLength := binary.BigEndian.Uint32(lengthBytes) - data = append(data, lengthBytes...) - - valueBytes := make([]byte, valueLength) - bytesRead, err = buf.Read(valueBytes) - if err != nil { - return TLV{}, err - } - if uint32(bytesRead) != valueLength { - return TLV{}, io.EOF - } - data = append(data, valueBytes...) - - if err = (&tlv).UnmarshalBinary(data); err != nil { - return TLV{}, err - } - return tlv, nil -} - -// Record represents a Canonical Eventlog Record. -type Record struct { - RecNum uint64 - // Generic Measurement Register index number, register type - // is determined by IndexType - Index uint8 - IndexType uint8 - Digests map[crypto.Hash][]byte - Content TLV -} - -// Content is a interface for the content in CELR. -type Content interface { - GenerateDigest(crypto.Hash) ([]byte, error) - GetTLV() (TLV, error) -} - -// CEL represents a Canonical Eventlog, which contains a list of Records. -type CEL struct { - Records []Record -} - -// generateDigestMap computes hashes with the given hash algos and the given event -func generateDigestMap(hashAlgos []crypto.Hash, event Content) (map[crypto.Hash][]byte, error) { - digestsMap := make(map[crypto.Hash][]byte) - for _, hashAlgo := range hashAlgos { - digest, err := event.GenerateDigest(hashAlgo) - if err != nil { - return digestsMap, err - } - digestsMap[hashAlgo] = digest - } - return digestsMap, nil -} - -// AppendEventRTMR appends a new RTMR record to the CEL. rtmrIndex indicates the RTMR to extend. -// The index showing up in the record will be rtmrIndex + 1. -func (c *CEL) AppendEventRTMR(client configfsi.Client, rtmrIndex int, event Content) error { - digestsMap, err := generateDigestMap([]crypto.Hash{crypto.SHA384}, event) - if err != nil { - return err - } - - eventTlv, err := event.GetTLV() - if err != nil { - return err - } - - err = rtmr.ExtendDigestClient(client, rtmrIndex, digestsMap[crypto.SHA384]) - if err != nil { - return err - } - - celrRTMR := Record{ - RecNum: uint64(len(c.Records)), - Index: uint8(rtmrIndex) + 1, // CCMR conversion from RTMR - Digests: digestsMap, - Content: eventTlv, - IndexType: CCMRTypeValue, - } - - c.Records = append(c.Records, celrRTMR) - return nil -} - -// AppendEvent appends a new PCR record to the CEL. -// -// Deprecated: Use AppendEventPCR or AppendEventRTMR directly. -func (c *CEL) AppendEvent(tpm io.ReadWriteCloser, pcr int, event Content) error { - return c.AppendEventPCR(tpm, pcr, event) -} - -// AppendEventPCR appends a new PCR record to the CEL and extend the digest of -// event to the given PCR in all available banks. -func (c *CEL) AppendEventPCR(tpm io.ReadWriteCloser, pcr int, event Content) error { - pcrSels, err := client.AllocatedPCRs(tpm) - if err != nil { - return err - } - - var hashAlgos []crypto.Hash - for _, sel := range pcrSels { - hashAlgo, err := sel.Hash.Hash() - if err != nil { - return err - } - hashAlgos = append(hashAlgos, hashAlgo) - } - - digestsMap, err := generateDigestMap(hashAlgos, event) - if err != nil { - return err - } - - for hs, dgst := range digestsMap { - tpm2Alg, err := tpm2.HashToAlgorithm(hs) - if err != nil { - return err - } - if err := tpm2.PCRExtend(tpm, tpmutil.Handle(pcr), tpm2Alg, dgst, ""); err != nil { - return fmt.Errorf("failed to extend event to PCR%d: %v", pcr, err) - } - } - - eventTlv, err := event.GetTLV() - if err != nil { - return err - } - - celrPCR := Record{ - RecNum: uint64(len(c.Records)), - Index: uint8(pcr), - Digests: digestsMap, - Content: eventTlv, - IndexType: PCRTypeValue, - } - - c.Records = append(c.Records, celrPCR) - return nil -} - -func createRecNumField(recNum uint64) TLV { - value := make([]byte, recnumValueLength) - binary.BigEndian.PutUint64(value, recNum) - return TLV{recnumTypeValue, value} -} - -// UnmarshalRecNum takes in a TLV with its type equals to the recnum type value (0), and -// return its record number. -func unmarshalRecNum(tlv TLV) (uint64, error) { - if tlv.Type != recnumTypeValue { - return 0, fmt.Errorf("type of the TLV [%d] indicates it is not a recnum field [%d]", - tlv.Type, recnumTypeValue) - } - if uint32(len(tlv.Value)) != recnumValueLength { - return 0, fmt.Errorf( - "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for recnum", - len(tlv.Value), recnumValueLength) - } - return binary.BigEndian.Uint64(tlv.Value), nil -} - -func createIndexField(indexType uint8, indexNum uint8) TLV { - return TLV{indexType, []byte{indexNum}} -} - -// unmarshalIndex takes in a TLV with its type equals to the PCR or CCMR type value, and -// return its index number. -func unmarshalIndex(tlv TLV) (indexType uint8, pcrNum uint8, err error) { - if tlv.Type != PCRTypeValue && tlv.Type != CCMRTypeValue { - return 0, 0, fmt.Errorf("type of the TLV [%d] indicates it is not a PCR [%d] or a CCMR [%d] field ", - tlv.Type, PCRTypeValue, CCMRTypeValue) - } - if uint32(len(tlv.Value)) != regIndexValueLength { - return 0, 0, fmt.Errorf( - "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for a register index field", - len(tlv.Value), regIndexValueLength) - } - - return tlv.Type, tlv.Value[0], nil -} - -func createDigestField(digestMap map[crypto.Hash][]byte) (TLV, error) { - var buf bytes.Buffer - for hashAlgo, hash := range digestMap { - if len(hash) != hashAlgo.Size() { - return TLV{}, fmt.Errorf("digest length [%d] doesn't match the expected length [%d] for the hash algorithm", - len(hash), hashAlgo.Size()) - } - tpmHashAlg, err := tpm2.HashToAlgorithm(hashAlgo) - if err != nil { - return TLV{}, err - } - singleDigestTLV := TLV{uint8(tpmHashAlg), hash} - d, err := singleDigestTLV.MarshalBinary() - if err != nil { - return TLV{}, err - } - _, err = buf.Write(d) - if err != nil { - return TLV{}, err - } - } - return TLV{digestsTypeValue, buf.Bytes()}, nil -} - -// UnmarshalDigests takes in a TLV with its type equals to the digests type value (3), and -// return its digests content in a map, the key is its TPM hash algorithm. -func unmarshalDigests(tlv TLV) (digestsMap map[crypto.Hash][]byte, err error) { - if tlv.Type != digestsTypeValue { - return nil, fmt.Errorf("type of the TLV indicates it doesn't contain digests") - } - - buf := bytes.NewBuffer(tlv.Value) - digestsMap = make(map[crypto.Hash][]byte) - - for buf.Len() > 0 { - digestTLV, err := UnmarshalFirstTLV(buf) - if err == io.EOF { - return nil, fmt.Errorf("buffer ends unexpectedly") - } else if err != nil { - return nil, err - } - hashAlg, err := tpm2.Algorithm(digestTLV.Type).Hash() - if err != nil { - return nil, err - } - digestsMap[hashAlg] = digestTLV.Value - } - return digestsMap, nil -} - -// EncodeCELR encodes the CELR to bytes according to the CEL spec and write them -// to the bytes byffer. -func (r *Record) EncodeCELR(buf *bytes.Buffer) error { - recnumField, err := createRecNumField(r.RecNum).MarshalBinary() - if err != nil { - return err - } - - indexField, err := createIndexField(r.IndexType, r.Index).MarshalBinary() - if err != nil { - return err - } - digests, err := createDigestField(r.Digests) - if err != nil { - return err - } - digestsField, err := digests.MarshalBinary() - if err != nil { - return err - } - eventField, err := r.Content.MarshalBinary() - if err != nil { - return err - } - _, err = buf.Write(recnumField) - if err != nil { - return err - } - _, err = buf.Write(indexField) - if err != nil { - return err - } - _, err = buf.Write(digestsField) - if err != nil { - return err - } - _, err = buf.Write(eventField) - if err != nil { - return err - } - return nil -} - -// EncodeCEL encodes the CEL to bytes according to the CEL spec and write them -// to the bytes buffer. -func (c *CEL) EncodeCEL(buf *bytes.Buffer) error { - for _, record := range c.Records { - if err := record.EncodeCELR(buf); err != nil { - return err - } - } - return nil -} - -// DecodeToCEL will read the buf for CEL, will return err if the buffer -// is not complete. -func DecodeToCEL(buf *bytes.Buffer) (CEL, error) { - var cel CEL - for buf.Len() > 0 { - celr, err := DecodeToCELR(buf) - if err == io.EOF { - return CEL{}, fmt.Errorf("buffer ends unexpectedly") - } - if err != nil { - return CEL{}, err - } - cel.Records = append(cel.Records, celr) - } - return cel, nil -} - -// DecodeToCELR will read the buf for the next CELR, will return err if -// failed to unmarshal a correct CELR TLV from the buffer. -func DecodeToCELR(buf *bytes.Buffer) (r Record, err error) { - recnum, err := UnmarshalFirstTLV(buf) - if err != nil { - return Record{}, err - } - r.RecNum, err = unmarshalRecNum(recnum) - if err != nil { - return Record{}, err - } - - regIndex, err := UnmarshalFirstTLV(buf) - if err != nil { - return Record{}, err - } - r.IndexType, r.Index, err = unmarshalIndex(regIndex) - if err != nil { - return Record{}, err - } - - digests, err := UnmarshalFirstTLV(buf) - if err != nil { - return Record{}, err - } - r.Digests, err = unmarshalDigests(digests) - if err != nil { - return Record{}, err - } - - r.Content, err = UnmarshalFirstTLV(buf) - if err != nil { - return Record{}, err - } - return r, nil -} - -// Replay takes the digests from a Canonical Event Log and carries out the -// extend sequence for each register (PCR, RTMR) in the log. It then compares -// the final digests against a bank of register values to see if they match. -// make sure CEL has only one indexType event -func (c *CEL) Replay(regs register.MRBank) error { - cryptoHash, err := regs.CryptoHash() - if err != nil { - return err - } - replayed := make(map[uint8][]byte) - for _, record := range c.Records { - if _, ok := replayed[record.Index]; !ok { - replayed[record.Index] = make([]byte, cryptoHash.Size()) - } - hasher := cryptoHash.New() - digestsMap := record.Digests - digest, ok := digestsMap[cryptoHash] - if !ok { - return fmt.Errorf("the CEL record did not contain a %v digest", cryptoHash) - } - hasher.Write(replayed[record.Index]) - hasher.Write(digest) - replayed[record.Index] = hasher.Sum(nil) - } - - // to a map for easy matching - registers := make(map[int][]byte) - for _, r := range regs.MRs() { - registers[r.Idx()] = r.Dgst() - } - - var failedReplayRegs []uint8 - for replayReg, replayDigest := range replayed { - bankDigest, ok := registers[int(replayReg)] - if !ok { - return fmt.Errorf("the CEL contains record(s) for register %d without a matching register in the given bank to verify", replayReg) - } - if !bytes.Equal(bankDigest, replayDigest) { - failedReplayRegs = append(failedReplayRegs, replayReg) - } - } - - if len(failedReplayRegs) == 0 { - return nil - } - - return fmt.Errorf("CEL replay failed for these registers in bank %v: %v", cryptoHash, failedReplayRegs) -} - -// VerifyDigests checks the digest generated by the given record's content to make sure they are equal to -// the digests in the digestMap. -func VerifyDigests(c Content, digestMap map[crypto.Hash][]byte) error { - for hash, digest := range digestMap { - generatedDigest, err := c.GenerateDigest(hash) - if err != nil { - return err - } - if !bytes.Equal(generatedDigest, digest) { - return fmt.Errorf("CEL record content digest verification failed for %s", hash) - } - } - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go b/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go deleted file mode 100644 index 46994b1af..000000000 --- a/vendor/github.com/google/go-tpm-tools/cel/canonical_eventlog_test.go +++ /dev/null @@ -1,266 +0,0 @@ -package cel - -import ( - "bytes" - "crypto" - "crypto/rand" - "io" - "reflect" - "testing" - - "github.com/google/go-configfs-tsm/configfs/configfsi" - "github.com/google/go-configfs-tsm/configfs/fakertmr" - configfstsmrtmr "github.com/google/go-configfs-tsm/rtmr" - "github.com/google/go-eventlog/proto/state" - "github.com/google/go-eventlog/register" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -var measuredHashes = []crypto.Hash{crypto.SHA1, crypto.SHA256} - -func TestCELEncodingDecoding(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - cel := &CEL{} - - cosEvent := CosTlv{ImageDigestType, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")} - appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent) - - cosEvent2 := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} - appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent2) - - var buf bytes.Buffer - if err := cel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - decodedcel, err := DecodeToCEL(&buf) - if err != nil { - t.Fatal(err) - } - if len(decodedcel.Records) != 2 { - t.Errorf("should have two records") - } - if decodedcel.Records[0].RecNum != 0 { - t.Errorf("recnum mismatch") - } - if decodedcel.Records[1].RecNum != 1 { - t.Errorf("recnum mismatch") - } - if decodedcel.Records[0].IndexType != PCRTypeValue { - t.Errorf("index type mismatch") - } - if decodedcel.Records[0].Index != uint8(test.DebugPCR) { - t.Errorf("pcr value mismatch") - } - if decodedcel.Records[1].IndexType != PCRTypeValue { - t.Errorf("index type mismatch") - } - if decodedcel.Records[1].Index != uint8(test.ApplicationPCR) { - t.Errorf("pcr value mismatch") - } - - if !reflect.DeepEqual(decodedcel.Records, cel.Records) { - t.Errorf("decoded CEL doesn't equal to the original one") - } -} - -func TestCELMeasureAndReplay(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - fakeRTMR := fakertmr.CreateRtmrSubsystem(t.TempDir()) - - err := tpm2.PCRReset(tpm, tpmutil.Handle(test.DebugPCR)) - if err != nil { - t.Fatal(err) - } - err = tpm2.PCRReset(tpm, tpmutil.Handle(test.ApplicationPCR)) - if err != nil { - t.Fatal(err) - } - - cel := &CEL{} - celRTMR := &CEL{} - - cosEvent := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} - - someEvent2 := make([]byte, 10) - rand.Read(someEvent2) - cosEvent2 := CosTlv{ImageDigestType, someEvent2} - - appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent) - appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent) - - appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent2) - appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent) - - appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent2) - appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent2) - - appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent) - appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent) - - appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent) - appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent) - - replay(t, cel, tpm, measuredHashes, - []int{test.DebugPCR, test.ApplicationPCR}, true /*shouldSucceed*/) - // Supersets should pass. - replay(t, cel, tpm, measuredHashes, - []int{0, 13, 14, test.DebugPCR, 22, test.ApplicationPCR}, true /*shouldSucceed*/) - - replayRTMR(t, celRTMR, fakeRTMR, []int{0, 1, 2, 3}, true /*shouldSucceed*/) -} - -func TestCELReplayFailTamperedDigest(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - cel := &CEL{} - - cosEvent := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} - someEvent2 := make([]byte, 10) - rand.Read(someEvent2) - cosEvent2 := CosTlv{ImageDigestType, someEvent2} - - appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent) - appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent2) - appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent2) - appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent) - appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent) - - modifiedRecord := cel.Records[3] - for hash := range modifiedRecord.Digests { - newDigest := make([]byte, hash.Size()) - rand.Read(newDigest) - modifiedRecord.Digests[hash] = newDigest - } - replay(t, cel, tpm, measuredHashes, - []int{test.DebugPCR, test.ApplicationPCR}, false /*shouldSucceed*/) -} - -func TestCELReplayEmpty(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - cel := &CEL{} - replay(t, cel, tpm, []crypto.Hash{crypto.SHA1, crypto.SHA256}, - []int{test.DebugPCR, test.ApplicationPCR}, true /*shouldSucceed*/) -} - -func TestCELReplayFailMissingPCRsInBank(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - cel := &CEL{} - - someEvent := make([]byte, 10) - someEvent2 := make([]byte, 10) - rand.Read(someEvent2) - - appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, CosTlv{ImageRefType, someEvent}) - appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, CosTlv{ImageDigestType, someEvent2}) - - replay(t, cel, tpm, measuredHashes, - []int{test.DebugPCR}, false /*shouldSucceed*/) - replay(t, cel, tpm, measuredHashes, - []int{test.ApplicationPCR}, false /*shouldSucceed*/) -} - -func TestCELMeasureToAllPCRBanks(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - pcrs, err := client.ReadAllPCRs(tpm) - if err != nil { - t.Fatal(err) - } - for _, bank := range pcrs { - // make sure debug pcr is empty before the append - if !isZeroBytes(bank.Pcrs[uint32(test.DebugPCR)]) { - t.Fatalf("PCR %d in bank %s is not empty before appending event", test.DebugPCR, bank.Hash.String()) - } - } - - cel := &CEL{} - someEvent := make([]byte, 10) - appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, CosTlv{ImageRefType, someEvent}) - - pcrs, err = client.ReadAllPCRs(tpm) - if err != nil { - t.Fatal(err) - } - for _, bank := range pcrs { - // make sure debug pcr is NOT empty after the append - if isZeroBytes(bank.Pcrs[uint32(test.DebugPCR)]) { - t.Fatalf("PCR %d in bank %s is empty after appending event", test.DebugPCR, bank.Hash.String()) - } - } -} - -func isZeroBytes(bs []byte) bool { - allZeros := make([]byte, len(bs)) - return bytes.Equal(allZeros, bs) -} - -func replay(t *testing.T, cel *CEL, tpm io.ReadWriteCloser, measuredHashes []crypto.Hash, pcrs []int, shouldSucceed bool) { - for _, hash := range measuredHashes { - tpm2Hash, err := tpm2.HashToAlgorithm(hash) - if err != nil { - t.Fatal(err) - } - pcrMap, err := tpm2.ReadPCRs(tpm, tpm2.PCRSelection{Hash: tpm2Hash, PCRs: pcrs}) - if err != nil { - t.Fatal(err) - } - - pcrBank := register.PCRBank{TCGHashAlgo: state.HashAlgo(tpm2Hash)} - for index, val := range pcrMap { - pcrBank.PCRs = append(pcrBank.PCRs, register.PCR{ - Index: index, - Digest: val, - DigestAlg: hash}) - } - - if err := cel.Replay(pcrBank); shouldSucceed && err != nil { - t.Errorf("failed to replay CEL on %v bank: %v", - hash, err) - } - } -} - -func replayRTMR(t *testing.T, cel *CEL, rtmr *fakertmr.RtmrSubsystem, rtmrs []int, shouldSucceed bool) { - rtmrBank := register.RTMRBank{} - - // RTMR 0 to 3 - for _, rtmrIndex := range rtmrs { - digest, err := configfstsmrtmr.GetDigest(rtmr, rtmrIndex) - if err != nil { - t.Fatal(err) - } - - rtmrBank.RTMRs = append(rtmrBank.RTMRs, register.RTMR{ - Index: rtmrIndex, - Digest: digest.Digest}) - } - - if err := cel.Replay(rtmrBank); shouldSucceed && err != nil { - t.Errorf("failed to replay RTMR: %v", err) - } -} - -func appendPcrEventOrFatal(t *testing.T, cel *CEL, tpm io.ReadWriteCloser, pcr int, event Content) { - if err := cel.AppendEventPCR(tpm, pcr, event); err != nil { - t.Fatalf("failed to append PCR event: %v", err) - } -} - -func appendRtmrEventOrFatal(t *testing.T, cel *CEL, rtmrClient configfsi.Client, rtmr int, event Content) { - if err := cel.AppendEventRTMR(rtmrClient, rtmr, event); err != nil { - t.Fatalf("failed to append RTMR event: %v", err) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go b/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go deleted file mode 100644 index 84f53951a..000000000 --- a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv.go +++ /dev/null @@ -1,140 +0,0 @@ -package cel - -import ( - "crypto" - "fmt" - "regexp" - "strings" - "unicode/utf8" -) - -const ( - // CosEventType indicates the CELR event is a COS content - // TODO: the value needs to be reserved in the CEL spec - CosEventType uint8 = 80 - // CosEventPCR is the PCR which should be used for CosEventType events. - CosEventPCR = 13 - // CosRTMR is the RTMR to be extended for COS events - // According to https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html - // CCELMRIndex TDX Register - // 0 MRTD - // 1 RTMR[0] - // 2 RTMR[1] - // 3 RTMR[2] - // So: - // 4 RTMR[3] - CosRTMR = 3 - // CosCCELMRIndex is the CCMR index to use in eventlog for COS events. - CosCCELMRIndex = 4 -) - -// CosType represent a COS content type in a CEL record content. -type CosType uint8 - -// Type for COS nested events -const ( - ImageRefType CosType = iota - ImageDigestType - RestartPolicyType - ImageIDType - ArgType - EnvVarType - OverrideArgType - OverrideEnvType - // EventContent is empty on success, or contains an error message on failure. - LaunchSeparatorType - MemoryMonitorType - GpuCCModeType -) - -// CosTlv is a specific event type created for the COS (Google Container-Optimized OS), -// used as a CEL content. -type CosTlv struct { - EventType CosType - EventContent []byte -} - -// GetTLV returns the TLV representation of the COS TLV. -func (c CosTlv) GetTLV() (TLV, error) { - data, err := TLV{uint8(c.EventType), c.EventContent}.MarshalBinary() - if err != nil { - return TLV{}, err - } - - return TLV{ - Type: CosEventType, - Value: data, - }, nil -} - -// GenerateDigest generates the digest for the given COS TLV. The whole TLV struct will -// be marshaled to bytes and feed into the hash algo. -func (c CosTlv) GenerateDigest(hashAlgo crypto.Hash) ([]byte, error) { - contentTLV, err := c.GetTLV() - if err != nil { - return nil, err - } - - b, err := contentTLV.MarshalBinary() - if err != nil { - return nil, err - } - - hash := hashAlgo.New() - if _, err = hash.Write(b); err != nil { - return nil, err - } - return hash.Sum(nil), nil -} - -// ParseToCosTlv constructs a CosTlv from a TLV. It will check for the correct COS event -// type, and unmarshal the nested event. -func (t TLV) ParseToCosTlv() (CosTlv, error) { - if !t.IsCosTlv() { - return CosTlv{}, fmt.Errorf("TLV type %v is not a COS event", t.Type) - } - nestedEvent := TLV{} - err := nestedEvent.UnmarshalBinary(t.Value) - if err != nil { - return CosTlv{}, err - } - return CosTlv{CosType(nestedEvent.Type), nestedEvent.Value}, nil -} - -// IsCosTlv check whether a TLV is a COS TLV by its Type value. -func (t TLV) IsCosTlv() bool { - return t.Type == CosEventType -} - -// FormatEnvVar takes in an environment variable name and its value, run some checks. Concats -// the name and value by '=' and returns it if valid; returns an error if the name or value -// is invalid. -func FormatEnvVar(name string, value string) (string, error) { - if !utf8.ValidString(name) { - return "", fmt.Errorf("malformed env name, contains non-utf8 character: [%s]", name) - } - if !utf8.ValidString(value) { - return "", fmt.Errorf("malformed env value, contains non-utf8 character: [%s]", value) - } - var envVarNameRegexp = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9_]*$") - if !envVarNameRegexp.MatchString(name) { - return "", fmt.Errorf("malformed env name [%s], env name must start with an alpha character or '_', followed by a string of alphanumeric characters or '_' (%s)", name, envVarNameRegexp) - } - return name + "=" + value, nil -} - -// ParseEnvVar takes in environment variable as a string (foo=bar), parses it and returns its name -// and value, or an error if it fails the validation check. -func ParseEnvVar(envvar string) (string, string, error) { - // switch to strings.Cut when upgrading to go 1.18 - e := strings.SplitN(string(envvar), "=", 2) - if len(e) < 2 { - return "", "", fmt.Errorf("malformed env var, doesn't contain '=': [%s]", envvar) - } - - if _, err := FormatEnvVar(e[0], e[1]); err != nil { - return "", "", err - } - - return e[0], e[1], nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go b/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go deleted file mode 100644 index 8eb139467..000000000 --- a/vendor/github.com/google/go-tpm-tools/cel/cos_tlv_test.go +++ /dev/null @@ -1,128 +0,0 @@ -package cel - -import ( - "bytes" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/attest" -) - -func TestCosEventlog(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - cel := &CEL{} - - testEvents := []struct { - cosNestedEventType CosType - pcr int - eventPayload []byte - }{ - {ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")}, - {ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, - {RestartPolicyType, test.DebugPCR, []byte(pb.RestartPolicy_Never.String())}, - {ImageIDType, test.DebugPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, - {EnvVarType, test.DebugPCR, []byte("foo=bar")}, - {EnvVarType, test.DebugPCR, []byte("override-env-1=foo")}, - {EnvVarType, test.DebugPCR, []byte("baz=foo=bar")}, - {EnvVarType, test.DebugPCR, []byte("empty=")}, - {EnvVarType, test.DebugPCR, []byte("override-env-2=foo")}, - {OverrideEnvType, test.DebugPCR, []byte("override-env-1=foo")}, - {OverrideEnvType, test.DebugPCR, []byte("override-env-2=foo")}, - {ArgType, test.DebugPCR, []byte("--x")}, - {ArgType, test.DebugPCR, []byte("--override-arg-1")}, - {ArgType, test.DebugPCR, []byte("--override-arg-2")}, - {OverrideArgType, test.DebugPCR, []byte("--override-arg1")}, - {OverrideArgType, test.DebugPCR, []byte("--override-arg2")}, - } - - for _, testEvent := range testEvents { - cosEvent := CosTlv{testEvent.cosNestedEventType, testEvent.eventPayload} - - if err := cel.AppendEventPCR(tpm, testEvent.pcr, cosEvent); err != nil { - t.Fatal(err) - } - } - - var buf bytes.Buffer - if err := cel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - decodedcel, err := DecodeToCEL(&buf) - if err != nil { - t.Fatal(err) - } - - if len(decodedcel.Records) != len(testEvents) { - t.Errorf("should have %d records, but got %d", len(testEvents), len(decodedcel.Records)) - } - - for i, testEvent := range testEvents { - extractedCos, err := decodedcel.Records[i].Content.ParseToCosTlv() - if err != nil { - t.Fatal(err) - } - - want := CosTlv{testEvent.cosNestedEventType, testEvent.eventPayload} - if !cmp.Equal(extractedCos, want) { - t.Errorf("decoded COS TLV got %+v, want %+v", extractedCos, want) - } - } -} - -func TestParseEnvVar(t *testing.T) { - tests := []struct { - testName string - envVar string - envName string - envValue string - expectedErrSubstring string - }{ - {"normal case 1", "foo=bar", "foo", "bar", ""}, - {"normal case 2", "FOO=1", "FOO", "1", ""}, - {"normal case 3", "SESSION_MANAGER=\"`\\local/:@?%/tmp/.u/1,unix/.com:/tmp/.u/5\"", "SESSION_MANAGER", "\"`\\local/:@?%/tmp/.u/1,unix/.com:/tmp/.u/5\"", ""}, - {"no =", "foo", "", "", "malformed env var, doesn't contain '='"}, - {"empty", "", "", "", "malformed env var, doesn't contain '='"}, - {"empty value", "foo=", "foo", "", ""}, - {"multiple =", "foo=bar=baz=", "foo", "bar=baz=", ""}, - {"bad name", "3foo=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, - {"bad name quote", "foo\"=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, - {"empty name", "=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, - {"non utf-8 value", string([]byte{'f', '=', 0xC0, 2, 2, '='}), "", "", "malformed env value, contains non-utf8 character"}, - {"non utf-8 name", string([]byte{'a', 0xC0, 2, 2, '='}), "", "", "malformed env name, contains non-utf8 character"}, - } - - for _, test := range tests { - t.Run(test.testName, func(t *testing.T) { - n, v, err := ParseEnvVar(test.envVar) - - if n != test.envName { - t.Errorf("envName mismatch, want [%s], got [%s]", test.envName, n) - } - if v != test.envValue { - t.Errorf("envValue mismatch, want [%s], got [%s]", test.envValue, v) - } - if test.expectedErrSubstring == "" { - if err != nil { - t.Errorf("expected no error, but got [%s]", err) - } else { - formattedEnvVar, err := FormatEnvVar(test.envName, test.envValue) - if err != nil { - t.Errorf("expected no error, but got [%s]", err) - } else if formattedEnvVar != test.envVar { - t.Errorf("formattedEnvVar mismatch, want [%s], got [%s]", test.envVar, formattedEnvVar) - } - } - } else { - if err == nil { - t.Errorf("expected error substring [%s], but got no error", test.expectedErrSubstring) - } else if !strings.Contains(err.Error(), test.expectedErrSubstring) { - t.Errorf("expected error substring [%s], but got [%v]", test.expectedErrSubstring, err) - } - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/attest.go b/vendor/github.com/google/go-tpm-tools/client/attest.go deleted file mode 100644 index 5823c558b..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/attest.go +++ /dev/null @@ -1,328 +0,0 @@ -package client - -import ( - "fmt" - "net/http" - - sabi "github.com/google/go-sev-guest/abi" - sg "github.com/google/go-sev-guest/client" - tg "github.com/google/go-tdx-guest/client" - tabi "github.com/google/go-tdx-guest/client/linuxabi" - tpb "github.com/google/go-tdx-guest/proto/tdx" - "github.com/google/go-tpm-tools/internal" - pb "github.com/google/go-tpm-tools/proto/attest" -) - -// TEEDevice is an interface to add an attestation report from a TEE technology's -// attestation driver or quote provider. -type TEEDevice interface { - // AddAttestation uses the TEE device's attestation driver or quote provider to collect an - // attestation report, then adds it to the correct field of `attestation`. - AddAttestation(attestation *pb.Attestation, options AttestOpts) error - // Close finalizes any resources in use by the TEEDevice. - Close() error -} - -// AttestOpts allows for customizing the functionality of Attest. -type AttestOpts struct { - // A unique, application-specific nonce used to guarantee freshness of the - // attestation. This must not be empty, and should generally be long enough - // to make brute force attacks infeasible. - // - // For security reasons, applications should not allow for attesting with - // arbitrary, externally-provided nonces. The nonce should be prefixed or - // otherwise bound (i.e. via a KDF) to application-specific data. For more - // information on why this is an issue, see this paper on robust remote - // attestation protocols: - // https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.70.4562&rep=rep1&type=pdf - Nonce []byte - // TCG Event Log to add to the attestation. - // If not specified then it take Event Log by calling GetEventLog(). - TCGEventLog []byte - // TCG Canonical Event Log to add to the attestation. - // Currently, we only support PCR replay for PCRs orthogonal to those in the - // firmware event log, where PCRs 0-9 and 14 are often measured. If the two - // logs overlap, server-side verification using this library may fail. - // Deprecated: Manually populate the pb.Attestation instead. - CanonicalEventLog []byte - // If non-nil, will be used to fetch the AK certificate chain for validation. - // Key.Attest() will construct the certificate chain by making GET requests to - // the contents of Key.cert.IssuingCertificateURL using this client. - CertChainFetcher *http.Client - // TEEDevice implements the TEEDevice interface for collecting a Trusted execution - // environment attestation. If nil, then Attest will try all known TEE devices, - // and TEENonce must be nil. If not nil, Attest will not call Close() on the device. - TEEDevice TEEDevice - // TEENonce is the nonce that will be used in the TEE's attestation collection - // mechanism. It is expected to be the size required by the technology. If nil, - // then the nonce will be populated with Nonce, either truncated or zero-filled - // depending on the technology's size. Leaving this nil is not recommended. If - // nil, then TEEDevice must be nil. - TEENonce []byte - - // Setting this skips attaching the TEE attestation - SkipTeeAttestation bool -} - -// SevSnpQuoteProvider encapsulates the SEV-SNP attestation device to add its attestation report -// to a pb.Attestation. -type SevSnpQuoteProvider struct { - QuoteProvider sg.QuoteProvider -} - -// TdxDevice encapsulates the TDX attestation device to add its attestation quote -// to a pb.Attestation. -// Deprecated: TdxDevice is deprecated. It is recommended to use TdxQuoteProvider. -type TdxDevice struct { - Device tg.Device -} - -// TdxQuoteProvider encapsulates the TDX attestation device to add its attestation quote -// to a pb.Attestation. -type TdxQuoteProvider struct { - QuoteProvider tg.QuoteProvider -} - -// AddAttestation will get the SEV-SNP attestation report given opts.TEENonce with -// associated certificates and add them to `attestation`. If opts.TEENonce is empty, -// then uses contents of opts.Nonce. -func (d *SevSnpQuoteProvider) AddAttestation(attestation *pb.Attestation, opts AttestOpts) error { - var snpNonce [sabi.ReportDataSize]byte - if len(opts.TEENonce) == 0 { - copy(snpNonce[:], opts.Nonce) - } else if len(opts.TEENonce) != sabi.ReportDataSize { - return fmt.Errorf("the TEENonce size is %d. SEV-SNP device requires 64", len(opts.TEENonce)) - } else { - copy(snpNonce[:], opts.TEENonce) - } - raw, err := d.QuoteProvider.GetRawQuote(snpNonce) - if err != nil { - return err - } - extReport, err := sabi.ReportCertsToProto(raw) - if err != nil { - return err - } - attestation.TeeAttestation = &pb.Attestation_SevSnpAttestation{ - SevSnpAttestation: extReport, - } - return nil -} - -// Close is a no-op. -func (d *SevSnpQuoteProvider) Close() error { - return nil -} - -// CreateSevSnpQuoteProvider creates the SEV-SNP quote provider and wraps it with behavior -// that allows it to add an attestation quote to pb.Attestation. -func CreateSevSnpQuoteProvider() (TEEDevice, error) { - qp, err := sg.GetQuoteProvider() - if err != nil { - return nil, err - } - if !qp.IsSupported() { - return nil, fmt.Errorf("sev-snp attestation reports not available") - } - return &SevSnpQuoteProvider{QuoteProvider: qp}, nil -} - -// CreateTdxDevice opens the TDX attestation driver and wraps it with behavior -// that allows it to add an attestation quote to pb.Attestation. -// Deprecated: TdxDevice is deprecated, and use of CreateTdxQuoteProvider is -// recommended to create a TEEDevice. -func CreateTdxDevice() (*TdxDevice, error) { - d, err := tg.OpenDevice() - if err != nil { - return nil, err - } - return &TdxDevice{Device: d}, nil -} - -// AddAttestation will get the TDX attestation quote given opts.TEENonce -// and add them to `attestation`. If opts.TEENonce is empty, then uses -// contents of opts.Nonce. -func (d *TdxDevice) AddAttestation(attestation *pb.Attestation, opts AttestOpts) error { - var tdxNonce [tabi.TdReportDataSize]byte - err := fillTdxNonce(opts, tdxNonce[:]) - if err != nil { - return err - } - quote, err := tg.GetQuote(d.Device, tdxNonce) - if err != nil { - return err - } - return setTeeAttestationTdxQuote(quote, attestation) -} - -// Close will free the device handle held by the TdxDevice. Calling more -// than once has no effect. -func (d *TdxDevice) Close() error { - if d.Device != nil { - err := d.Device.Close() - d.Device = nil - return err - } - return nil -} - -// CreateTdxQuoteProvider creates the TDX quote provider and wraps it with behavior -// that allows it to add an attestation quote to pb.Attestation. -func CreateTdxQuoteProvider() (*TdxQuoteProvider, error) { - qp, err := tg.GetQuoteProvider() - if err != nil { - return nil, err - } - if qp.IsSupported() != nil { - // TDX quote provider has a fallback mechanism to fetch attestation quote - // via device driver in case ConfigFS is not supported, so checking for TDX - // device availability here. Once Device interface is fully removed from - // subsequent go-tdx-guest versions, then below OpenDevice call should be - // removed as well. - d, err2 := tg.OpenDevice() - if err2 != nil { - return nil, fmt.Errorf("neither TDX device, nor quote provider is supported") - } - d.Close() - } - - return &TdxQuoteProvider{QuoteProvider: qp}, nil -} - -// AddAttestation will get the TDX attestation quote given opts.TEENonce -// and add them to `attestation`. If opts.TEENonce is empty, then uses -// contents of opts.Nonce. -func (qp *TdxQuoteProvider) AddAttestation(attestation *pb.Attestation, opts AttestOpts) error { - var tdxNonce [tabi.TdReportDataSize]byte - err := fillTdxNonce(opts, tdxNonce[:]) - if err != nil { - return err - } - quote, err := tg.GetQuote(qp.QuoteProvider, tdxNonce) - if err != nil { - return err - } - return setTeeAttestationTdxQuote(quote, attestation) -} - -// Close will free resources held by QuoteProvider. -func (qp *TdxQuoteProvider) Close() error { - return nil -} - -func fillTdxNonce(opts AttestOpts, tdxNonce []byte) error { - if len(opts.TEENonce) == 0 { - copy(tdxNonce[:], opts.Nonce) - } else if len(opts.TEENonce) != tabi.TdReportDataSize { - return fmt.Errorf("the TEENonce size is %d. Intel TDX device requires %d", len(opts.TEENonce), tabi.TdReportDataSize) - } else { - copy(tdxNonce[:], opts.TEENonce) - } - return nil -} - -func setTeeAttestationTdxQuote(quote any, attestation *pb.Attestation) error { - switch q := quote.(type) { - case *tpb.QuoteV4: - attestation.TeeAttestation = &pb.Attestation_TdxAttestation{ - TdxAttestation: q, - } - default: - return fmt.Errorf("unsupported quote type: %T", quote) - } - return nil -} - -// Does best effort to get a TEE hardware rooted attestation, but won't fail fatally -// unless the user provided a TEEDevice object. -func getTEEAttestationReport(attestation *pb.Attestation, opts AttestOpts) error { - if opts.SkipTeeAttestation { - return nil - } - device := opts.TEEDevice - if device != nil { - return device.AddAttestation(attestation, opts) - } - - // TEEDevice can't be nil while TEENonce is non-nil - if opts.TEENonce != nil { - return fmt.Errorf("got non-nil TEENonce when TEEDevice is nil: %v", opts.TEENonce) - } - - // Try SEV-SNP. - if sevqp, err := CreateSevSnpQuoteProvider(); err == nil { - // Don't return errors if the attestation collection fails, since - // the user didn't specify a TEEDevice. - sevqp.AddAttestation(attestation, opts) - return nil - } - - // Try TDX. - if quoteProvider, err := CreateTdxQuoteProvider(); err == nil { - // Don't return errors if the attestation collection fails, since - // the user didn't specify a TEEDevice. - quoteProvider.AddAttestation(attestation, opts) - quoteProvider.Close() - return nil - } - // Add more devices here. - return nil -} - -// Attest generates an Attestation containing the TCG Event Log and a Quote over -// all PCR banks. The provided nonce can be used to guarantee freshness of the -// attestation. This function will return an error if the key is not a -// restricted signing key. -// -// AttestOpts is used for additional configuration of the Attestation process. -// This is primarily used to pass the attestation's nonce: -// -// attestation, err := key.Attest(client.AttestOpts{Nonce: my_nonce}) -func (k *Key) Attest(opts AttestOpts) (*pb.Attestation, error) { - if len(opts.Nonce) == 0 { - return nil, fmt.Errorf("provided nonce must not be empty") - } - sels, err := AllocatedPCRs(k.rw) - if err != nil { - return nil, err - } - - attestation := pb.Attestation{} - if attestation.AkPub, err = k.PublicArea().Encode(); err != nil { - return nil, fmt.Errorf("failed to encode public area: %w", err) - } - attestation.AkCert = k.CertDERBytes() - for _, sel := range sels { - quote, err := k.Quote(sel, opts.Nonce) - if err != nil { - return nil, err - } - attestation.Quotes = append(attestation.Quotes, quote) - } - if opts.TCGEventLog == nil { - if attestation.EventLog, err = GetEventLog(k.rw); err != nil { - return nil, fmt.Errorf("failed to retrieve TCG Event Log: %w", err) - } - } else { - attestation.EventLog = opts.TCGEventLog - } - if len(opts.CanonicalEventLog) != 0 { - attestation.CanonicalEventLog = opts.CanonicalEventLog - } - - // Attempt to construct certificate chain. fetchIssuingCertificate checks if - // AK cert is present and contains intermediate cert URLs. - if opts.CertChainFetcher != nil { - attestation.IntermediateCerts, err = internal.GetCertificateChain(k.cert, opts.CertChainFetcher) - if err != nil { - return nil, fmt.Errorf("fetching certificate chain: %w", err) - } - } - - // TODO: issues/504 this should be outside of this function, not related to TPM attestation - if err := getTEEAttestationReport(&attestation, opts); err != nil { - return nil, fmt.Errorf("collecting TEE attestation report: %w", err) - } - - return &attestation, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/attest_network_test.go b/vendor/github.com/google/go-tpm-tools/client/attest_network_test.go deleted file mode 100644 index 2f225c2e7..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/attest_network_test.go +++ /dev/null @@ -1,35 +0,0 @@ -package client - -import ( - "crypto/x509" - "net/http" - "testing" - - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/attest" - "google.golang.org/protobuf/proto" -) - -var externalClient = http.DefaultClient - -func TestNetworkFetchIssuingCertificate(t *testing.T) { - attestBytes := test.COS85Nonce9009 - att := &pb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("Failed to unmarshal test attestation: %v", err) - } - - akCert, err := x509.ParseCertificate(att.AkCert) - if err != nil { - t.Fatalf("Error parsing AK Cert: %v", err) - } - - certChain, err := internal.GetCertificateChain(akCert, externalClient) - if err != nil { - t.Error(err) - } - if len(certChain) == 0 { - t.Error("Did not retrieve any certificates.") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/attest_test.go b/vendor/github.com/google/go-tpm-tools/client/attest_test.go deleted file mode 100644 index 5da979080..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/attest_test.go +++ /dev/null @@ -1,337 +0,0 @@ -package client - -import ( - "bytes" - "crypto/x509" - "net/http" - "net/http/httptest" - "strings" - "testing" - "time" - - sgtest "github.com/google/go-sev-guest/testing" - testclient "github.com/google/go-sev-guest/testing/client" - tgtest "github.com/google/go-tdx-guest/testing" - tgtestclient "github.com/google/go-tdx-guest/testing/client" - tgtestdata "github.com/google/go-tdx-guest/testing/testdata" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/attest" -) - -var localClient = http.DefaultClient - -func TestKeyAttestSucceedsWithCertChainRetrieval(t *testing.T) { - testCA, caKey := test.GetTestCert(t, nil, nil, nil) - - caServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { - rw.WriteHeader(http.StatusOK) - rw.Write(testCA.Raw) - })) - - defer caServer.Close() - - leafCert, _ := test.GetTestCert(t, []string{caServer.URL}, testCA, caKey) - - rwc := test.GetTPM(t) - defer CheckedClose(t, rwc) - - ak, err := AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("Failed to generate test AK: %v", err) - } - - ak.cert = leafCert - - attestation, err := ak.Attest(AttestOpts{Nonce: []byte("some nonce"), CertChainFetcher: localClient}) - if err != nil { - t.Fatalf("Attest returned with error: %v", err) - } - - // Expect one cert retrieved. - if len(attestation.IntermediateCerts) != 1 { - t.Fatalf("Got %v intermediate certs, want 1.", len(attestation.IntermediateCerts)) - } - - if !bytes.Equal(attestation.IntermediateCerts[0], testCA.Raw) { - t.Errorf("Attestation does not contain the expected intermediate cert: got %v, want %v", attestation.IntermediateCerts[0], testCA.Raw) - } -} - -func TestKeyAttestGetCertificateChainConditions(t *testing.T) { - rwc := test.GetTPM(t) - defer CheckedClose(t, rwc) - - ak, err := AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("Failed to generate test AK: %v", err) - } - - akCert, _ := test.GetTestCert(t, nil, nil, nil) - - testcases := []struct { - name string - fetchCertChainClient *http.Client - cert *x509.Certificate - }{ - { - name: "CertChainFetcher is nil", - fetchCertChainClient: nil, - cert: nil, - }, - { - name: "CertChainFetcher is present, key.cert is nil", - fetchCertChainClient: localClient, - cert: nil, - }, - { - name: "CertChainFetcher is present, key.cert has nil IssuingCertificateURL", - fetchCertChainClient: localClient, - cert: akCert, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - ak.cert = tc.cert - - att, err := ak.Attest(AttestOpts{Nonce: []byte("some nonce"), CertChainFetcher: tc.fetchCertChainClient}) - if err != nil { - t.Fatalf("Attest returned error: %v", err) - } - - if len(att.IntermediateCerts) != 0 { - t.Errorf("Attest() returned with intermediate certs, expected no certs retrieved.") - } - }) - } -} - -func TestSevSnpQuoteProvider(t *testing.T) { - rwc := test.GetTPM(t) - defer CheckedClose(t, rwc) - - ak, err := AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("Failed to generate test AK: %v", err) - } - - someNonce := []byte("some nonce") - var someNonce64 [64]byte - copy(someNonce64[:], someNonce) - var nonce64 [64]byte - copy(nonce64[:], []byte("noncey business")) - sevTestQp, _, _, _ := testclient.GetSevQuoteProvider([]sgtest.TestCase{ - { - Input: someNonce64, - Output: sgtest.TestRawReport(someNonce64), - }, - { - Input: nonce64, - Output: sgtest.TestRawReport(nonce64), - }, - }, &sgtest.DeviceOptions{Now: time.Now()}, t) - - testcases := []struct { - name string - opts AttestOpts - wantReportData [64]byte - wantErr string - }{ - { - name: "Happy case no nonce", - opts: AttestOpts{ - Nonce: someNonce, - CertChainFetcher: localClient, - TEEDevice: &SevSnpQuoteProvider{sevTestQp}, - }, - wantReportData: someNonce64, - }, - { - name: "Happy case with nonce", - opts: AttestOpts{ - Nonce: someNonce, - CertChainFetcher: localClient, - TEEDevice: &SevSnpQuoteProvider{sevTestQp}, - TEENonce: nonce64[:], - }, - wantReportData: nonce64, - }, - { - name: "TEE nonce without TEE", - opts: AttestOpts{ - Nonce: someNonce, - CertChainFetcher: localClient, - TEENonce: nonce64[:], - }, - wantErr: "got non-nil TEENonce when TEEDevice is nil", - }, - } - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - att, err := ak.Attest(tc.opts) - if (err == nil && tc.wantErr != "") || (err != nil && !strings.Contains(err.Error(), tc.wantErr)) { - t.Fatalf("Attest(%v) = %v, want %q", tc.opts, err, tc.wantErr) - } - // Successful attestation should include a SEV-SNP attestation. - if err == nil { - snp, ok := att.GetTeeAttestation().(*pb.Attestation_SevSnpAttestation) - if !ok { - t.Fatalf("Attestation missing SEV-SNP attestation: %v", att.GetTeeAttestation()) - } - report := snp.SevSnpAttestation.Report - if !bytes.Equal(report.GetReportData(), tc.wantReportData[:]) { - t.Fatalf("SEV-SNP nonces differ. Got %v, want %v", report.GetReportData(), tc.wantReportData) - } - } - }) - } -} - -func TestTdxDevice(t *testing.T) { - rwc := test.GetTPM(t) - defer CheckedClose(t, rwc) - - ak, err := AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("Failed to generate test AK: %v", err) - } - - someNonce := []byte("some nonce") - var someNonce64 [64]byte - copy(someNonce64[:], someNonce) - var nonce64 [64]byte - copy(nonce64[:], []byte("noncey business")) - tdxTestDevice := tgtestclient.GetTdxGuest([]tgtest.TestCase{ - { - Input: someNonce64, - Quote: tgtestdata.RawQuote, - }, - { - Input: nonce64, - Quote: tgtestdata.RawQuote, - }, - }, t) - defer tdxTestDevice.Close() - - testcases := []struct { - name string - opts AttestOpts - wantReportData [64]byte - wantErr string - }{ - { - name: "Happy case no nonce", - opts: AttestOpts{ - Nonce: someNonce, - TEEDevice: &TdxDevice{tdxTestDevice}, - }, - wantReportData: someNonce64, - }, - { - name: "Happy case with nonce", - opts: AttestOpts{ - Nonce: someNonce, - TEEDevice: &TdxDevice{tdxTestDevice}, - TEENonce: nonce64[:], - }, - wantReportData: nonce64, - }, - { - name: "TEE nonce without TEE", - opts: AttestOpts{ - Nonce: someNonce, - TEENonce: nonce64[:], - }, - wantErr: "got non-nil TEENonce when TEEDevice is nil", - }, - } - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - att, err := ak.Attest(tc.opts) - if (err == nil && tc.wantErr != "") || (err != nil && !strings.Contains(err.Error(), tc.wantErr)) { - t.Fatalf("Attest(%v) = %v, want %q", tc.opts, err, tc.wantErr) - } - // Successful attestation should include a TDX attestation. - if err == nil { - _, ok := att.GetTeeAttestation().(*pb.Attestation_TdxAttestation) - if !ok { - t.Fatalf("Attestation missing TDX attestation: %v", att.GetTeeAttestation()) - } - } - }) - } -} - -func TestTdxQuoteProvider(t *testing.T) { - rwc := test.GetTPM(t) - defer CheckedClose(t, rwc) - - ak, err := AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("Failed to generate test AK: %v", err) - } - - someNonce := []byte("some nonce") - var someNonce64 [64]byte - copy(someNonce64[:], someNonce) - var nonce64 [64]byte - copy(nonce64[:], []byte("noncey business")) - mockTdxQuoteProvider := tgtestclient.GetMockTdxQuoteProvider([]tgtest.TestCase{ - { - Input: someNonce64, - Quote: tgtestdata.RawQuote, - }, - { - Input: nonce64, - Quote: tgtestdata.RawQuote, - }, - }, t) - - testcases := []struct { - name string - opts AttestOpts - wantReportData [64]byte - wantErr string - }{ - { - name: "Happy case no nonce", - opts: AttestOpts{ - Nonce: someNonce, - TEEDevice: &TdxQuoteProvider{mockTdxQuoteProvider}, - }, - wantReportData: someNonce64, - }, - { - name: "Happy case with nonce", - opts: AttestOpts{ - Nonce: someNonce, - TEEDevice: &TdxQuoteProvider{mockTdxQuoteProvider}, - TEENonce: nonce64[:], - }, - wantReportData: nonce64, - }, - { - name: "TEE nonce without TEE", - opts: AttestOpts{ - Nonce: someNonce, - TEENonce: nonce64[:], - }, - wantErr: "got non-nil TEENonce when TEEDevice is nil", - }, - } - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - att, err := ak.Attest(tc.opts) - if (err == nil && tc.wantErr != "") || (err != nil && !strings.Contains(err.Error(), tc.wantErr)) { - t.Fatalf("Attest(%v) = %v, want %q", tc.opts, err, tc.wantErr) - } - // Successful attestation should include a TDX attestation. - if err == nil { - _, ok := att.GetTeeAttestation().(*pb.Attestation_TdxAttestation) - if !ok { - t.Fatalf("Attestation missing TDX attestation: %v", att.GetTeeAttestation()) - } - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/close.go b/vendor/github.com/google/go-tpm-tools/client/close.go deleted file mode 100644 index 13030355f..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/close.go +++ /dev/null @@ -1,29 +0,0 @@ -package client - -import ( - "io" - "testing" - - "github.com/google/go-tpm/legacy/tpm2" -) - -// CheckedClose closes the simulator and asserts that there were no leaked handles. -func CheckedClose(tb testing.TB, rwc io.ReadWriteCloser) { - for _, t := range []tpm2.HandleType{ - tpm2.HandleTypeLoadedSession, - tpm2.HandleTypeSavedSession, - tpm2.HandleTypeTransient, - } { - handles, err := Handles(rwc, t) - if err != nil { - tb.Errorf("failed to fetch handles of type %v: %v", t, err) - } - if len(handles) != 0 { - tb.Errorf("tests leaked handles: %v", handles) - } - } - - if err := rwc.Close(); err != nil { - tb.Errorf("when closing simulator: %v", err) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog.go b/vendor/github.com/google/go-tpm-tools/client/eventlog.go deleted file mode 100644 index 9c74e0bba..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/eventlog.go +++ /dev/null @@ -1,19 +0,0 @@ -package client - -import "io" - -// GetEventLog grabs the crypto-agile TCG event log for the system. The TPM can -// override this implementation by implementing EventLogGetter. -func GetEventLog(rw io.ReadWriter) ([]byte, error) { - if elg, ok := rw.(EventLogGetter); ok { - return elg.EventLog() - } - return getRealEventLog() -} - -// EventLogGetter allows a TPM (io.ReadWriter) to specify a particular -// implementation for GetEventLog(). This is useful for testing and necessary -// for Windows Event Log support (which requires a handle to the TPM). -type EventLogGetter interface { - EventLog() ([]byte, error) -} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go b/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go deleted file mode 100644 index 1e75483b2..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/eventlog_linux.go +++ /dev/null @@ -1,7 +0,0 @@ -package client - -import "os" - -func getRealEventLog() ([]byte, error) { - return os.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements") -} diff --git a/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go b/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go deleted file mode 100644 index c6e7960c1..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/eventlog_other.go +++ /dev/null @@ -1,10 +0,0 @@ -//go:build !linux -// +build !linux - -package client - -import "errors" - -func getRealEventLog() ([]byte, error) { - return nil, errors.New("failed to get event log: only Linux supported") -} diff --git a/vendor/github.com/google/go-tpm-tools/client/example_test.go b/vendor/github.com/google/go-tpm-tools/client/example_test.go deleted file mode 100644 index 08a06d9bc..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/example_test.go +++ /dev/null @@ -1,274 +0,0 @@ -package client_test - -import ( - "crypto" - "crypto/ecdsa" - "crypto/rand" - "fmt" - "io" - "log" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm-tools/server" - "github.com/google/go-tpm-tools/simulator" - "github.com/google/go-tpm/legacy/tpm2" -) - -var tpmHashAlg = tpm2.AlgSHA256 -var hashAlg = crypto.SHA256 - -func ExampleKey_Quote() { - // On verifier, make the nonce. - nonce := make([]byte, 8) - - if _, err := io.ReadFull(rand.Reader, nonce); err != nil { - log.Fatalf("failed to create nonce: %v", err) - } - - // On client machine, generate the TPM quote. - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - ak, err := client.AttestationKeyECC(simulator) - if err != nil { - log.Fatalf("failed to create attestation key: %v", err) - } - defer ak.Close() - - pcr7 := tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{7}, - } - - quote, err := ak.Quote(pcr7, nonce) - if err != nil { - log.Fatalf("failed to create quote: %v", err) - } - - // On verifier, verify the quote against a stored public key/AK - // certificate's public part and the nonce passed. - if err := internal.VerifyQuote(quote, ak.PublicKey(), nonce); err != nil { - // TODO: handle verify error. - log.Fatalf("failed to verify quote: %v", err) - } - // Output: -} -func ExampleKey_Import_eK() { - // On client machine, EK should already exist. - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - ek, err := client.EndorsementKeyECC(simulator) - if err != nil { - log.Fatalf("failed to create endorsement key: %v", err) - } - - // Pass EK pub to remote server, typically via an EK cert. - // The server can then associate the EK public to the corresponding client. - - // Data to seal to EK public. - secret := []byte("secret data") - - // ek.PublicKey already verified using the manufacturer-signed EK cert. - importBlob, err := server.CreateImportBlob(ek.PublicKey(), secret, nil) - if err != nil { - log.Fatalf("failed to create import blob: %v", err) - } - - // On client, import the EK. - output, err := ek.Import(importBlob) - if err != nil { - // TODO: handle import failure. - log.Fatalf("failed to import blob: %v", err) - } - - fmt.Println(string(output)) - // TODO: use output of ek.Import. - // Output: secret data -} - -func ExampleKey_Attest() { - // On verifier, make the nonce. - nonce := make([]byte, 8) - - if _, err := io.ReadFull(rand.Reader, nonce); err != nil { - log.Fatalf("failed to create nonce: %v", err) - } - - // On client machine, generate the TPM quote. - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - ak, err := client.AttestationKeyECC(simulator) - if err != nil { - log.Fatalf("failed to create attestation key: %v", err) - } - defer ak.Close() - - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - log.Fatalf("failed to attest: %v", err) - } - - // TODO: establish trust in the AK (typically via an AK certificate signed - // by the manufacturer). - // On verifier, verify the Attestation message. This: - // - checks the quote(s) against a stored public key/AK - // certificate's public part and the expected nonce. - // - replays the event log against the quoted PCRs - // - extracts events into a MachineState message. - // TODO: decide which hash algorithm to use in the quotes. SHA1 is - // typically undesirable but is the only event log option on some distros. - _, err = server.VerifyAttestation(attestation, server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{ak.PublicKey()}}) - if err != nil { - // TODO: handle parsing or replay error. - log.Fatalf("failed to read PCRs: %v", err) - } - fmt.Println(attestation) - // TODO: use events output of ParseMachineState. -} - -func Example_sealAndUnseal() { - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - srk, err := client.StorageRootKeyECC(simulator) - if err != nil { - log.Fatalf("failed to create storage root key: %v", err) - } - - sealedSecret := []byte("secret password") - - sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} - // Seal the data to the current value of PCR7. - sealedBlob, err := srk.Seal([]byte(sealedSecret), client.SealOpts{Current: sel}) - if err != nil { - log.Fatalf("failed to seal to SRK: %v", err) - } - - // Validate by unsealing the sealed blob. Because it is possible that a TPM can seal a secret - // properly but fail to certify it (thus we shouldn't unseal it because the creation status - // cannot be verify). This ensures we can unseal the sealed blob, and that its contents are - // equal to what we sealed. - output, err := srk.Unseal(sealedBlob, client.UnsealOpts{CertifyCurrent: sel}) - if err != nil { - // TODO: handle unseal error. - log.Fatalf("failed to unseal blob: %v", err) - } - // TODO: use unseal output. - fmt.Println(string(output)) - // Output: secret password -} - -func ExampleKey_GetSigner() { - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - exampleECCSignerTemplate := tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSign | tpm2.FlagFixedTPM | - tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth, - ECCParameters: &tpm2.ECCParams{ - CurveID: tpm2.CurveNISTP256, - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgECDSA, - Hash: tpmHashAlg, - }, - }, - } - key, err := client.NewKey(simulator, tpm2.HandleOwner, exampleECCSignerTemplate) - if err != nil { - log.Fatalf("failed to create signing key: %v", err) - } - defer key.Close() - - toSign := []byte("message to sign") - hash := hashAlg.New() - hash.Write(toSign) - digest := hash.Sum(nil) - - cryptoSigner, err := key.GetSigner() - if err != nil { - log.Fatalf("failed to create crypto signer: %v", err) - } - sig, err := cryptoSigner.Sign(nil, digest, hashAlg) - if err != nil { - log.Fatalf("failed to sign: %v", err) - } - - // Verifier needs to establish trust in signer.Public() (via a certificate, - // TPM2_ActivateCredential, TPM2_Certify). - if !ecdsa.VerifyASN1(cryptoSigner.Public().(*ecdsa.PublicKey), digest, sig) { - // TODO: handle signature verification failure. - log.Fatal("failed to verify digest") - } - // Output: -} - -func ExampleKey_SignData() { - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - exampleECCSignerTemplate := tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSign | tpm2.FlagFixedTPM | - tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth, - ECCParameters: &tpm2.ECCParams{ - CurveID: tpm2.CurveNISTP256, - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgECDSA, - Hash: tpmHashAlg, - }, - }, - } - key, err := client.NewKey(simulator, tpm2.HandleOwner, exampleECCSignerTemplate) - if err != nil { - log.Fatalf("failed to create signing key: %v", err) - } - defer key.Close() - - toSign := []byte("message to sign") - hash := hashAlg.New() - hash.Write(toSign) - digest := hash.Sum(nil) - - sig, err := key.SignData(toSign) - if err != nil { - log.Fatalf("failed to sign data: %v", err) - } - - // Verifier needs to establish trust in signer.Public() (via a certificate, - // TPM2_ActivateCredential, TPM2_Certify). - if !ecdsa.VerifyASN1(key.PublicKey().(*ecdsa.PublicKey), digest, sig) { - // TODO: handle signature verification failure. - log.Fatal("failed to verify digest") - } - // Output: -} diff --git a/vendor/github.com/google/go-tpm-tools/client/handles.go b/vendor/github.com/google/go-tpm-tools/client/handles.go deleted file mode 100644 index 62273af51..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/handles.go +++ /dev/null @@ -1,72 +0,0 @@ -package client - -import ( - "fmt" - "io" - "math" - - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// Reserved Handles from "TCG TPM v2.0 Provisioning Guidance" - v1r1 - Table 2 -const ( - EKReservedHandle = tpmutil.Handle(0x81010001) - EKECCReservedHandle = tpmutil.Handle(0x81010002) - SRKReservedHandle = tpmutil.Handle(0x81000001) - SRKECCReservedHandle = tpmutil.Handle(0x81000002) -) - -// From "TCG EK Credential Profile", v2.3r2 Section 2.2.1.4 -const ( - // RSA 2048 EK Cert. - EKCertNVIndexRSA uint32 = 0x01c00002 - // ECC P256 EK Cert. - EKCertNVIndexECC uint32 = 0x01c0000a -) - -// Picked available handles from TPM 2.0 Handles and Localities 2.3.1 - Table 11 -// go-tpm-tools will use handles in the range from 0x81008F00 to 0x81008FFF -const ( - DefaultAKECCHandle = tpmutil.Handle(0x81008F00) - DefaultAKRSAHandle = tpmutil.Handle(0x81008F01) -) - -// GCE Attestation Key NV Indices -const ( - // RSA 2048 AK. - GceAKCertNVIndexRSA uint32 = 0x01c10000 - GceAKTemplateNVIndexRSA uint32 = 0x01c10001 - // ECC P256 AK. - GceAKCertNVIndexECC uint32 = 0x01c10002 - GceAKTemplateNVIndexECC uint32 = 0x01c10003 -) - -func isHierarchy(h tpmutil.Handle) bool { - return h == tpm2.HandleOwner || h == tpm2.HandleEndorsement || - h == tpm2.HandlePlatform || h == tpm2.HandleNull -} - -// Handles returns a slice of tpmutil.Handle objects of all handles within -// the TPM rw of type handleType. -func Handles(rw io.ReadWriter, handleType tpm2.HandleType) ([]tpmutil.Handle, error) { - // Handle type is determined by the most-significant octet (MSO) of the property. - property := uint32(handleType) << 24 - - vals, moreData, err := tpm2.GetCapability(rw, tpm2.CapabilityHandles, math.MaxUint32, property) - if err != nil { - return nil, err - } - if moreData { - return nil, fmt.Errorf("tpm2.GetCapability() should never return moreData==true for tpm2.CapabilityHandles") - } - handles := make([]tpmutil.Handle, len(vals)) - for i, v := range vals { - handle, ok := v.(tpmutil.Handle) - if !ok { - return nil, fmt.Errorf("unable to assert type tpmutil.Handle of value %#v", v) - } - handles[i] = handle - } - return handles, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/handles_test.go b/vendor/github.com/google/go-tpm-tools/client/handles_test.go deleted file mode 100644 index 39744a990..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/handles_test.go +++ /dev/null @@ -1,41 +0,0 @@ -package client_test - -import ( - "reflect" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -const ( - // Maximum number of handles to keys tests can create within a simulator. - maxHandles = 3 -) - -func TestHandles(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - expected := make([]tpmutil.Handle, 0) - for i := 0; i < maxHandles; i++ { - expected = append(expected, test.LoadRandomExternalKey(t, rwc)) - - handles, err := client.Handles(rwc, tpm2.HandleTypeTransient) - if err != nil { - t.Fatal(err) - } - if !reflect.DeepEqual(handles, expected) { - t.Errorf("Handles mismatch got: %v; want: %v", handles, expected) - } - } - - // Don't leak our handles - for _, handle := range expected { - if err := tpm2.FlushContext(rwc, handle); err != nil { - t.Error(err) - } - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/import.go b/vendor/github.com/google/go-tpm-tools/client/import.go deleted file mode 100644 index 6e1e3c0e3..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/import.go +++ /dev/null @@ -1,83 +0,0 @@ -package client - -import ( - "fmt" - - "github.com/google/go-tpm-tools/internal" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -func loadHandle(k *Key, blob *pb.ImportBlob) (tpmutil.Handle, error) { - auth, err := k.session.Auth() - if err != nil { - return tpm2.HandleNull, err - } - private, err := tpm2.Import(k.rw, k.Handle(), auth, blob.PublicArea, blob.Duplicate, blob.EncryptedSeed, nil, nil) - if err != nil { - return tpm2.HandleNull, fmt.Errorf("import failed: %w", err) - } - - auth, err = k.session.Auth() - if err != nil { - return tpm2.HandleNull, err - } - handle, _, err := tpm2.LoadUsingAuth(k.rw, k.Handle(), auth, blob.PublicArea, private) - if err != nil { - return tpm2.HandleNull, fmt.Errorf("load failed: %w", err) - } - return handle, nil -} - -// Import decrypts the secret contained in an encoded import request. -// The key used must be an encryption key (signing keys cannot be used). -// The req parameter should come from server.CreateImportBlob. -func (k *Key) Import(blob *pb.ImportBlob) ([]byte, error) { - handle, err := loadHandle(k, blob) - if err != nil { - return nil, err - } - defer tpm2.FlushContext(k.rw, handle) - - unsealSession, err := NewPCRSession(k.rw, internal.PCRSelection(blob.Pcrs)) - if err != nil { - return nil, err - } - defer unsealSession.Close() - - auth, err := unsealSession.Auth() - if err != nil { - return nil, err - } - out, err := tpm2.UnsealWithSession(k.rw, auth.Session, handle, "") - if err != nil { - return nil, fmt.Errorf("unseal failed: %w", err) - } - return out, nil -} - -// ImportSigningKey returns the signing key contained in an encoded import request. -// The parent key must be an encryption key (signing keys cannot be used). -// The req parameter should come from server.CreateSigningKeyImportBlob. -func (k *Key) ImportSigningKey(blob *pb.ImportBlob) (key *Key, err error) { - handle, err := loadHandle(k, blob) - if err != nil { - return nil, err - } - key = &Key{rw: k.rw, handle: handle} - - defer func() { - if err != nil { - key.Close() - } - }() - - if key.pubArea, _, _, err = tpm2.ReadPublic(k.rw, handle); err != nil { - return - } - if key.session, err = NewPCRSession(k.rw, internal.PCRSelection(blob.Pcrs)); err != nil { - return - } - return key, key.finish() -} diff --git a/vendor/github.com/google/go-tpm-tools/client/import_certify.go b/vendor/github.com/google/go-tpm-tools/client/import_certify.go deleted file mode 100644 index 9648ac421..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/import_certify.go +++ /dev/null @@ -1,132 +0,0 @@ -package client - -import ( - "fmt" - - tpb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpm2/transport" -) - -// This file aims to implement the attester side of https://trustedcomputinggroup.org/wp-content/uploads/EK-Based-Key-Attestation-with-TPM-Firmware-Version-V1-RC1_9July2025.pdf#page=8 -// For reference: https://github.com/TrustedComputingGroup/tpm-fw-attestation-reference-code - -func ekResponse(tpm transport.TPM) (*tpm2.CreatePrimaryResponse, error) { - // SVSM currently only supports attesting an RSA EK. - // We may parameterize this later for more options. - return tpm2.CreatePrimary{ - PrimaryHandle: tpm2.TPMRHEndorsement, - InPublic: tpm2.New2B(tpm2.RSAEKTemplate), - }.Execute(tpm) -} - -func makeAK(tpm transport.TPM, keyAlgo tpm2.TPMAlgID) (*tpm2.CreatePrimaryResponse, error) { - var public []byte - var err error - switch keyAlgo { - case tpm2.TPMAlgECC: - public, err = AKTemplateECC().Encode() - case tpm2.TPMAlgRSA: - public, err = AKTemplateRSA().Encode() - default: - return nil, fmt.Errorf("unsupported keyAlgo %v", keyAlgo) - } - if err != nil { - return nil, fmt.Errorf("failed to create AK: %w", err) - } - cp, err := tpm2.CreatePrimary{ - PrimaryHandle: tpm2.TPMRHOwner, - InPublic: tpm2.BytesAs2B[tpm2.TPMTPublic](public), - }.Execute(tpm) - if err != nil { - return nil, err - } - return cp, nil -} - -// CreateCertifiedAKBlob creates an AK and certifies it, thus solving the TPM registration challenge. -func CreateCertifiedAKBlob(tpm transport.TPM, req *tpb.ImportBlob, keyAlgo tpm2.TPMAlgID) (*tpb.CertifiedBlob, error) { - ek, err := ekResponse(tpm) - if err != nil { - return nil, fmt.Errorf("failed to create RSA EK: %w", err) - } - - // Import the restricted HMAC key. - imported, err := tpm2.Import{ - ParentHandle: tpm2.AuthHandle{ - Handle: ek.ObjectHandle, - Name: ek.Name, - Auth: tpm2.Policy(tpm2.TPMAlgSHA256, 32, ekPolicy), - }, - ObjectPublic: tpm2.BytesAs2B[tpm2.TPMTPublic](req.GetPublicArea()), - Duplicate: tpm2.TPM2BPrivate{Buffer: req.GetDuplicate()}, - InSymSeed: tpm2.TPM2BEncryptedSecret{Buffer: req.GetEncryptedSeed()}, - }.Execute(tpm) - if err != nil { - tpm2.FlushContext{ - FlushHandle: ek.ObjectHandle, - }.Execute(tpm) - return nil, fmt.Errorf("failed to import blob: %w", err) - } - - // Load the imported HMAC key. - loaded, err := tpm2.Load{ - ParentHandle: tpm2.AuthHandle{ - Handle: ek.ObjectHandle, - Name: ek.Name, - Auth: tpm2.Policy(tpm2.TPMAlgSHA256, 32, ekPolicy), - }, - InPublic: tpm2.BytesAs2B[tpm2.TPMTPublic](req.GetPublicArea()), - InPrivate: imported.OutPrivate, - }.Execute(tpm) - // Flush before checking error and potentially early returning since we need to flush in both situations. - tpm2.FlushContext{ - FlushHandle: ek.ObjectHandle, - }.Execute(tpm) - if err != nil { - return nil, fmt.Errorf("failed to load HMAC: %w", err) - } - - defer tpm2.FlushContext{ - FlushHandle: loaded.ObjectHandle, - }.Execute(tpm) - - ak, err := makeAK(tpm, keyAlgo) - if err != nil { - return nil, err - } - defer tpm2.FlushContext{ - FlushHandle: ak.ObjectHandle, - }.Execute(tpm) - - // Certify a newly created AK. - certified, err := tpm2.Certify{ - ObjectHandle: tpm2.NamedHandle{ - Handle: ak.ObjectHandle, - Name: ak.Name, - }, - SignHandle: tpm2.NamedHandle{ - Handle: loaded.ObjectHandle, - Name: loaded.Name, - }, - }.Execute(tpm) - if err != nil { - return nil, fmt.Errorf("failed to certify blob: %w", err) - } - - return &tpb.CertifiedBlob{ - PubArea: ak.OutPublic.Bytes(), - CertifyInfo: certified.CertifyInfo.Bytes(), - RawSig: tpm2.Marshal(certified.Signature), - }, nil -} - -func ekPolicy(t transport.TPM, handle tpm2.TPMISHPolicy, nonceTPM tpm2.TPM2BNonce) error { - cmd := tpm2.PolicySecret{ - AuthHandle: tpm2.TPMRHEndorsement, - PolicySession: handle, - NonceTPM: nonceTPM, - } - _, err := cmd.Execute(t) - return err -} diff --git a/vendor/github.com/google/go-tpm-tools/client/import_certify_test.go b/vendor/github.com/google/go-tpm-tools/client/import_certify_test.go deleted file mode 100644 index 7d6b70c4d..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/import_certify_test.go +++ /dev/null @@ -1,257 +0,0 @@ -package client_test - -import ( - "bytes" - "crypto/hmac" - "crypto/sha256" - "strings" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - tpb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm-tools/server" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpm2/transport" -) - -func TestCreateCertifiedAKBlob(t *testing.T) { - rwc := test.GetTPM(t) - tpm := transport.FromReadWriter(rwc) - defer client.CheckedClose(t, rwc) - - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to get rsa ek: %v", ek) - } - defer ek.Close() - - pubBytes, err := ek.PublicArea().Encode() - if err != nil { - t.Fatalf("ek public area encode failed: %v", err) - } - pub, err := tpm2.Unmarshal[tpm2.TPMTPublic](pubBytes) - if err != nil { - t.Fatalf("Unmarshal public key failed: %v", err) - } - - testcases := []struct { - name string - keyAlgo tpm2.TPMAlgID - }{ - {"RSA", tpm2.TPMAlgRSA}, - {"ECC", tpm2.TPMAlgECC}, - } - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - challenge, secret, err := server.CreateRestrictedHMACBlob(pub) - if err != nil { - t.Fatalf("server.CreateChallenge failed: %v", err) - } - - response, err := client.CreateCertifiedAKBlob(tpm, challenge, tc.keyAlgo) - if err != nil { - t.Fatalf("SolveChallengeImportCertify failed: %v", err) - } - if err := server.VerifyCertifiedAKBlob(response, secret); err != nil { - t.Errorf("server.VerifyCertifiedAKBlob failed: %v", err) - } - }) - } -} - -func TestVerifyCertifiedAKBlobErrors(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - tpm := transport.FromReadWriter(rwc) - - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to get rsa ek: %v", ek) - } - defer ek.Close() - - pubBytes, err := ek.PublicArea().Encode() - if err != nil { - t.Fatalf("ek public area encode failed: %v", err) - } - ekPub, err := tpm2.Unmarshal[tpm2.TPMTPublic](pubBytes) - if err != nil { - t.Fatalf("Unmarshal public key failed: %v", err) - } - challenge, secret, err := server.CreateRestrictedHMACBlob(ekPub) - if err != nil { - t.Fatalf("server.CreateChallenge failed: %v", err) - } - - response, err := client.CreateCertifiedAKBlob(tpm, challenge, tpm2.TPMAlgECC) - if err != nil { - t.Fatalf("SolveChallengeImportCertify failed: %v", err) - } - - // Make a copy of the valid data to tamper with - goodAkPub := bytes.Clone(response.GetPubArea()) - goodCertifyInfo := bytes.Clone(response.GetCertifyInfo()) - goodSignature := bytes.Clone(response.GetRawSig()) - - // helper to re-sign a modified certifyInfo - reSign := func(certifyInfo []byte) []byte { - sig, err := tpm2.Unmarshal[tpm2.TPMTSignature](goodSignature) - if err != nil { - t.Fatalf("unmarshaling good signature: %v", err) - } - hmacVal, err := sig.Signature.HMAC() - if err != nil { - t.Fatalf("getting hmac from signature: %v", err) - } - digest := sha256.Sum256(certifyInfo) - h := hmac.New(sha256.New, secret) - h.Write(digest[:]) - hmacVal.Digest = h.Sum(nil) - return tpm2.Marshal(sig) - } - - testcases := []struct { - name string - getReq func(t *testing.T) *tpb.CertifiedBlob - secret []byte - wantErrString string - }{ - { - name: "Bad Secret", - getReq: func(_ *testing.T) *tpb.CertifiedBlob { - return response - }, - secret: []byte("bad secret"), - wantErrString: "invalid HMAC", - }, - { - name: "Wrong HMAC Hash Alg", - getReq: func(t *testing.T) *tpb.CertifiedBlob { - sig, err := tpm2.Unmarshal[tpm2.TPMTSignature](goodSignature) - if err != nil { - t.Fatalf("unmarshaling good signature: %v", err) - } - hmacVal, err := sig.Signature.HMAC() - if err != nil { - t.Fatalf("getting hmac from signature: %v", err) - } - hmacVal.HashAlg = tpm2.TPMAlgSHA1 - return &tpb.CertifiedBlob{ - PubArea: goodAkPub, - CertifyInfo: goodCertifyInfo, - RawSig: tpm2.Marshal(sig), - } - }, - secret: secret, - wantErrString: "wrong hash algorithm", - }, - { - name: "Bad HMAC Digest", - getReq: func(t *testing.T) *tpb.CertifiedBlob { - sig, err := tpm2.Unmarshal[tpm2.TPMTSignature](goodSignature) - if err != nil { - t.Fatalf("unmarshaling good signature: %v", err) - } - hmacVal, err := sig.Signature.HMAC() - if err != nil { - t.Fatalf("getting hmac from signature: %v", err) - } - hmacVal.Digest[0] ^= 0xff - return &tpb.CertifiedBlob{ - PubArea: goodAkPub, - CertifyInfo: goodCertifyInfo, - RawSig: tpm2.Marshal(sig), - } - }, - secret: secret, - wantErrString: "invalid HMAC", - }, - { - name: "Tampered CertifyInfo", - getReq: func(_ *testing.T) *tpb.CertifiedBlob { - badCertifyInfo := bytes.Clone(goodCertifyInfo) - badCertifyInfo[0] ^= 0xff - return &tpb.CertifiedBlob{ - PubArea: goodAkPub, - CertifyInfo: badCertifyInfo, - RawSig: goodSignature, - } - }, - secret: secret, - wantErrString: "invalid HMAC", - }, - { - name: "Bad Attest Magic", - getReq: func(t *testing.T) *tpb.CertifiedBlob { - attest, err := tpm2.Unmarshal[tpm2.TPMSAttest](goodCertifyInfo) - if err != nil { - t.Fatalf("unmarshaling good certify info: %v", err) - } - attest.Magic = 0 - badCertifyInfo := tpm2.Marshal(attest) - return &tpb.CertifiedBlob{ - PubArea: goodAkPub, - CertifyInfo: badCertifyInfo, - RawSig: reSign(badCertifyInfo), - } - }, - secret: secret, - wantErrString: "attestation statement was invalid", - }, - { - name: "Bad Certified Name", - getReq: func(t *testing.T) *tpb.CertifiedBlob { - attest, err := tpm2.Unmarshal[tpm2.TPMSAttest](goodCertifyInfo) - if err != nil { - t.Fatalf("unmarshaling good certify info: %v", err) - } - certify, err := attest.Attested.Certify() - if err != nil { - t.Fatalf("getting certify from attest: %v", err) - } - certify.Name.Buffer[0] ^= 0xff - badCertifyInfo := tpm2.Marshal(attest) - - return &tpb.CertifiedBlob{ - PubArea: goodAkPub, - CertifyInfo: badCertifyInfo, - RawSig: reSign(badCertifyInfo), - } - }, - secret: secret, - wantErrString: "incorrect name", - }, - { - name: "QualifiedName matches Name", - getReq: func(t *testing.T) *tpb.CertifiedBlob { - attest, err := tpm2.Unmarshal[tpm2.TPMSAttest](goodCertifyInfo) - if err != nil { - t.Fatalf("unmarshaling good certify info: %v", err) - } - certify, err := attest.Attested.Certify() - if err != nil { - t.Fatalf("getting certify from attest: %v", err) - } - certify.QualifiedName.Buffer = bytes.Clone(certify.Name.Buffer) - badCertifyInfo := tpm2.Marshal(attest) - return &tpb.CertifiedBlob{ - PubArea: goodAkPub, - CertifyInfo: badCertifyInfo, - RawSig: reSign(badCertifyInfo), - } - }, - secret: secret, - wantErrString: "incorrect name", - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - err := server.VerifyCertifiedAKBlob(tc.getReq(t), tc.secret) - if err == nil || !strings.Contains(err.Error(), tc.wantErrString) { - t.Errorf("got err: %v, want err containing: %q", err, tc.wantErrString) - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/keys.go b/vendor/github.com/google/go-tpm-tools/client/keys.go deleted file mode 100644 index d172c1f48..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/keys.go +++ /dev/null @@ -1,527 +0,0 @@ -// Package client contains some high-level TPM 2.0 functions. -package client - -import ( - "bytes" - "crypto" - "crypto/subtle" - "crypto/x509" - "errors" - "fmt" - "io" - - "github.com/google/go-tpm-tools/internal" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// Key wraps an active asymmetric TPM2 key. This can either be a signing key or -// an encryption key. Users of Key should be sure to call Close() when the Key -// is no longer needed, so that the underlying TPM handle can be freed. -// Concurrent accesses on Key are not safe, with the exception of the -// Sign method called on the crypto.Signer returned by Key.GetSigner. -type Key struct { - rw io.ReadWriter - handle tpmutil.Handle - pubArea tpm2.Public - pubKey crypto.PublicKey - name tpm2.Name - session Session - cert *x509.Certificate -} - -// EndorsementKeyRSA generates and loads a key from DefaultEKTemplateRSA. -func EndorsementKeyRSA(rw io.ReadWriter) (*Key, error) { - ekRsa, err := NewCachedKey(rw, tpm2.HandleEndorsement, DefaultEKTemplateRSA(), EKReservedHandle) - if err != nil { - return nil, err - } - if err := ekRsa.trySetCertificateFromNvram(EKCertNVIndexRSA); err != nil { - ekRsa.Close() - return nil, err - } - return ekRsa, nil -} - -// EndorsementKeyECC generates and loads a key from DefaultEKTemplateECC. -func EndorsementKeyECC(rw io.ReadWriter) (*Key, error) { - ekEcc, err := NewCachedKey(rw, tpm2.HandleEndorsement, DefaultEKTemplateECC(), EKECCReservedHandle) - if err != nil { - return nil, err - } - if err := ekEcc.trySetCertificateFromNvram(EKCertNVIndexECC); err != nil { - ekEcc.Close() - return nil, err - } - return ekEcc, nil -} - -// StorageRootKeyRSA generates and loads a key from SRKTemplateRSA. -func StorageRootKeyRSA(rw io.ReadWriter) (*Key, error) { - return NewCachedKey(rw, tpm2.HandleOwner, SRKTemplateRSA(), SRKReservedHandle) -} - -// StorageRootKeyECC generates and loads a key from SRKTemplateECC. -func StorageRootKeyECC(rw io.ReadWriter) (*Key, error) { - return NewCachedKey(rw, tpm2.HandleOwner, SRKTemplateECC(), SRKECCReservedHandle) -} - -// AttestationKeyRSA generates and loads a key from AKTemplateRSA in the Owner hierarchy. -func AttestationKeyRSA(rw io.ReadWriter) (*Key, error) { - return NewCachedKey(rw, tpm2.HandleOwner, AKTemplateRSA(), DefaultAKRSAHandle) -} - -// AttestationKeyECC generates and loads a key from AKTemplateECC in the Owner hierarchy. -func AttestationKeyECC(rw io.ReadWriter) (*Key, error) { - return NewCachedKey(rw, tpm2.HandleOwner, AKTemplateECC(), DefaultAKECCHandle) -} - -// EndorsementKeyFromNvIndex generates and loads an endorsement key using the -// template stored at the provided nvdata index. This is useful for TPMs which -// have a preinstalled AK template. -func EndorsementKeyFromNvIndex(rw io.ReadWriter, idx uint32) (*Key, error) { - return KeyFromNvIndex(rw, tpm2.HandleEndorsement, idx) -} - -// GceAttestationKeyRSA generates and loads the GCE RSA AK. Note that this -// function will only work on a GCE VM. Unlike AttestationKeyRSA, this key uses -// the Endorsement Hierarchy and its template loaded from GceAKTemplateNVIndexRSA. -func GceAttestationKeyRSA(rw io.ReadWriter) (*Key, error) { - akRsa, err := EndorsementKeyFromNvIndex(rw, GceAKTemplateNVIndexRSA) - if err != nil { - return nil, err - } - if err := akRsa.trySetCertificateFromNvram(GceAKCertNVIndexRSA); err != nil { - akRsa.Close() - return nil, err - } - return akRsa, nil -} - -// GceAttestationKeyECC generates and loads the GCE ECC AK. Note that this -// function will only work on a GCE VM. Unlike AttestationKeyECC, this key uses -// the Endorsement Hierarchy and its template loaded from GceAKTemplateNVIndexECC. -func GceAttestationKeyECC(rw io.ReadWriter) (*Key, error) { - akEcc, err := EndorsementKeyFromNvIndex(rw, GceAKTemplateNVIndexECC) - if err != nil { - return nil, err - } - if err := akEcc.trySetCertificateFromNvram(GceAKCertNVIndexECC); err != nil { - akEcc.Close() - return nil, err - } - return akEcc, nil -} - -// LoadCachedKey loads a key from cachedHandle. -// If the key is not found, an error is returned. -// This function will not overwrite an existing key, unlike NewCachedKey. -func LoadCachedKey(rw io.ReadWriter, cachedHandle tpmutil.Handle, keySession Session) (k *Key, err error) { - cachedPub, _, _, err := tpm2.ReadPublic(rw, cachedHandle) - if err != nil { - return nil, fmt.Errorf("failed to read public area of cached key: %w", err) - } - - k = &Key{rw: rw, handle: cachedHandle, pubArea: cachedPub, session: keySession} - return k, k.finish() -} - -// KeyFromNvIndex generates and loads a key under the provided parent -// (possibly a hierarchy root tpm2.Handle{Owner|Endorsement|Platform|Null}) -// using the template stored at the provided nvdata index. -func KeyFromNvIndex(rw io.ReadWriter, parent tpmutil.Handle, idx uint32) (*Key, error) { - data, err := tpm2.NVReadEx(rw, tpmutil.Handle(idx), tpm2.HandleOwner, "", 0) - if err != nil { - return nil, fmt.Errorf("read error at index %d: %w", idx, err) - } - template, err := tpm2.DecodePublic(data) - if err != nil { - return nil, fmt.Errorf("index %d data was not a TPM key template: %w", idx, err) - } - return NewKey(rw, parent, template) -} - -// NewCachedKey is almost identical to NewKey, except that it initially tries to -// see if the a key matching the provided template is at cachedHandle. If so, -// that key is returned. If not, the key is created as in NewKey, and that key -// is persisted to the cachedHandle, overwriting any existing key there. -func NewCachedKey(rw io.ReadWriter, parent tpmutil.Handle, template tpm2.Public, cachedHandle tpmutil.Handle) (k *Key, err error) { - owner := tpm2.HandleOwner - if parent == tpm2.HandlePlatform { - owner = tpm2.HandlePlatform - } else if parent == tpm2.HandleNull { - return nil, fmt.Errorf("cannot cache objects in the null hierarchy") - } - - cachedPub, _, _, err := tpm2.ReadPublic(rw, cachedHandle) - if err == nil { - if cachedPub.MatchesTemplate(template) { - k = &Key{rw: rw, handle: cachedHandle, pubArea: cachedPub} - return k, k.finish() - } - // Kick out old cached key if it does not match - if err = tpm2.EvictControl(rw, "", owner, cachedHandle, cachedHandle); err != nil { - return nil, err - } - } - - k, err = NewKey(rw, parent, template) - if err != nil { - return nil, err - } - defer tpm2.FlushContext(rw, k.handle) - - if err = tpm2.EvictControl(rw, "", owner, k.handle, cachedHandle); err != nil { - return nil, err - } - k.handle = cachedHandle - return k, nil -} - -// NewKey generates a key from the template and loads that key into the TPM -// under the specified parent. NewKey can call many different TPM commands: -// - If parent is tpm2.Handle{Owner|Endorsement|Platform|Null} a primary key -// is created in the specified hierarchy (using CreatePrimary). -// - If parent is a valid key handle, a normal key object is created under -// that parent (using Create and Load). NOTE: Not yet supported. -// -// This function also assumes that the desired key: -// - Does not have its usage locked to specific PCR values -// - Usable with empty authorization sessions (i.e. doesn't need a password) -func NewKey(rw io.ReadWriter, parent tpmutil.Handle, template tpm2.Public) (k *Key, err error) { - if !isHierarchy(parent) { - // TODO add support for normal objects with Create() and Load() - return nil, fmt.Errorf("unsupported parent handle: %x", parent) - } - - handle, pubArea, _, _, _, _, err := tpm2.CreatePrimaryEx(rw, parent, tpm2.PCRSelection{}, "", "", template) - if err != nil { - return nil, err - } - defer func() { - if err != nil { - tpm2.FlushContext(rw, handle) - } - }() - - k = &Key{rw: rw, handle: handle} - if k.pubArea, err = tpm2.DecodePublic(pubArea); err != nil { - return - } - return k, k.finish() -} - -func (k *Key) finish() error { - var err error - if k.pubKey, err = k.pubArea.Key(); err != nil { - return err - } - if k.name, err = k.pubArea.Name(); err != nil { - return err - } - // We determine the right type of session based on the auth policy - if k.session == nil { - if bytes.Equal(k.pubArea.AuthPolicy, defaultEKAuthPolicy()) { - if k.session, err = NewEKSession(k.rw); err != nil { - return err - } - } else if len(k.pubArea.AuthPolicy) == 0 { - k.session = NullSession{} - } else { - return fmt.Errorf("unknown auth policy when creating key") - } - } - return nil -} - -// Handle allows this key to be used directly with other go-tpm commands. -func (k *Key) Handle() tpmutil.Handle { - return k.handle -} - -// Name is hash of this key's public area. Only the Digest field will ever be -// populated. It is useful for various TPM commands related to authorization. -// This is equivalent to k.PublicArea.Name(), except that is cannot fail. -func (k *Key) Name() tpm2.Name { - return k.name -} - -// PublicArea exposes the key's entire public area. This is useful for -// determining additional properties of the underlying TPM key. -func (k *Key) PublicArea() tpm2.Public { - return k.pubArea -} - -// PublicKey provides a go interface to the loaded key's public area. -func (k *Key) PublicKey() crypto.PublicKey { - return k.pubKey -} - -// Close should be called when the key is no longer needed. This is important to -// do as most TPMs can only have a small number of key simultaneously loaded. -func (k *Key) Close() { - if k.session != nil { - k.session.Close() - } - tpm2.FlushContext(k.rw, k.handle) -} - -// Seal seals the sensitive byte buffer to a key. This key must be an SRK (we -// currently do not support sealing to EKs). Optionally, the SealOpts struct can -// be modified to provide sealed-to PCRs. In this case, the sensitive data can -// only be unsealed if the seal-time PCRs are in the SealOpts-specified state. -// There must not be overlap in PCRs between SealOpts' Current and Target. -// During the sealing process, certification data will be created allowing -// Unseal() to validate the state of the TPM during the sealing process. -func (k *Key) Seal(sensitive []byte, opts SealOpts) (*pb.SealedBytes, error) { - var pcrs *pb.PCRs - var err error - var auth []byte - - pcrs, err = mergePCRSelAndProto(k.rw, opts.Current, opts.Target) - if err != nil { - return nil, fmt.Errorf("invalid SealOpts: %v", err) - } - if len(pcrs.GetPcrs()) > 0 { - auth = internal.PCRSessionAuth(pcrs, SessionHashAlg) - } - certifySel := FullPcrSel(CertifyHashAlgTpm) - sb, err := sealHelper(k.rw, k.Handle(), auth, sensitive, certifySel) - if err != nil { - return nil, err - } - - for pcrNum := range pcrs.GetPcrs() { - sb.Pcrs = append(sb.Pcrs, pcrNum) - } - sb.Hash = pcrs.GetHash() - sb.Srk = pb.ObjectType(k.pubArea.Type) - return sb, nil -} - -func sealHelper(rw io.ReadWriter, parentHandle tpmutil.Handle, auth []byte, sensitive []byte, certifyPCRsSel tpm2.PCRSelection) (*pb.SealedBytes, error) { - inPublic := tpm2.Public{ - Type: tpm2.AlgKeyedHash, - NameAlg: SessionHashAlgTpm, - Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent, - AuthPolicy: auth, - } - if auth == nil { - inPublic.Attributes |= tpm2.FlagUserWithAuth - } else { - inPublic.Attributes |= tpm2.FlagAdminWithPolicy - } - - priv, pub, creationData, _, ticket, err := tpm2.CreateKeyWithSensitive(rw, parentHandle, certifyPCRsSel, "", "", inPublic, sensitive) - if err != nil { - return nil, fmt.Errorf("failed to create key: %w", err) - } - certifiedPcr, err := ReadPCRs(rw, certifyPCRsSel) - if err != nil { - return nil, fmt.Errorf("failed to read PCRs: %w", err) - } - computedDigest := internal.PCRDigest(certifiedPcr, SessionHashAlg) - - decodedCreationData, err := tpm2.DecodeCreationData(creationData) - if err != nil { - return nil, fmt.Errorf("failed to decode creation data: %w", err) - } - - // make sure PCRs haven't being altered after sealing - if subtle.ConstantTimeCompare(computedDigest, decodedCreationData.PCRDigest) == 0 { - return nil, fmt.Errorf("PCRs have been modified after sealing") - } - - sb := &pb.SealedBytes{} - sb.CertifiedPcrs = certifiedPcr - sb.Priv = priv - sb.Pub = pub - sb.CreationData = creationData - if sb.Ticket, err = tpmutil.Pack(ticket); err != nil { - return nil, err - } - return sb, nil -} - -// Unseal attempts to reverse the process of Seal(), using the PCRs, public, and -// private data in proto.SealedBytes. Optionally, the UnsealOpts parameter can -// be used to verify the state of the TPM when the data was sealed. The -// zero-value UnsealOpts can be passed to skip certification. -func (k *Key) Unseal(in *pb.SealedBytes, opts UnsealOpts) ([]byte, error) { - if in.Srk != pb.ObjectType(k.pubArea.Type) { - return nil, fmt.Errorf("expected key of type %v, got %v", in.Srk, k.pubArea.Type) - } - sealed, _, err := tpm2.Load( - k.rw, - k.Handle(), - /*parentPassword=*/ "", - in.GetPub(), - in.GetPriv()) - if err != nil { - return nil, fmt.Errorf("failed to load sealed object: %w", err) - } - defer tpm2.FlushContext(k.rw, sealed) - - pcrs, err := mergePCRSelAndProto(k.rw, opts.CertifyCurrent, opts.CertifyExpected) - if err != nil { - return nil, fmt.Errorf("invalid UnsealOpts: %v", err) - } - if len(pcrs.GetPcrs()) > 0 { - if err := internal.CheckSubset(pcrs, in.GetCertifiedPcrs()); err != nil { - return nil, fmt.Errorf("failed to certify PCRs: %w", err) - } - - var ticket tpm2.Ticket - if _, err = tpmutil.Unpack(in.GetTicket(), &ticket); err != nil { - return nil, fmt.Errorf("ticket unpack failed: %w", err) - } - creationHash := SessionHashAlg.New() - creationHash.Write(in.GetCreationData()) - - _, _, certErr := tpm2.CertifyCreation(k.rw, "", sealed, tpm2.HandleNull, nil, creationHash.Sum(nil), tpm2.SigScheme{}, ticket) - // There is a bug in some older TPMs, where they are unable to - // CertifyCreation when using a Null signing handle (despite this - // being allowed by all versions of the TPM spec). To work around - // this bug, we use a temporary signing key and ignore the signed - // result. To reduce the cost of this workaround, we use a cached - // ECC signing key. - // We can detect this bug, as it triggers a RCInsufficient - // Unmarshaling error. - var ( - paramError tpm2.ParameterError - handleError tpm2.HandleError - ) - if (errors.As(certErr, ¶mError) && paramError.Code == tpm2.RCInsufficient) || - (errors.As(certErr, &handleError) && handleError.Code == tpm2.RCInsufficient) { - signer, err := AttestationKeyECC(k.rw) - if err != nil { - return nil, fmt.Errorf("failed to create fallback signing key: %w", err) - } - defer signer.Close() - _, _, certErr = tpm2.CertifyCreation(k.rw, "", sealed, signer.Handle(), nil, creationHash.Sum(nil), tpm2.SigScheme{}, ticket) - } - if certErr != nil { - return nil, fmt.Errorf("failed to certify creation: %w", certErr) - } - - // verify certify PCRs haven't been modified - decodedCreationData, err := tpm2.DecodeCreationData(in.GetCreationData()) - if err != nil { - return nil, fmt.Errorf("failed to decode creation data: %w", err) - } - if !internal.SamePCRSelection(in.GetCertifiedPcrs(), decodedCreationData.PCRSelection) { - return nil, fmt.Errorf("certify PCRs does not match the PCR selection in the creation data") - } - expectedDigest := internal.PCRDigest(in.GetCertifiedPcrs(), SessionHashAlg) - if subtle.ConstantTimeCompare(decodedCreationData.PCRDigest, expectedDigest) == 0 { - return nil, fmt.Errorf("certify PCRs digest does not match the digest in the creation data") - } - } - - sel := tpm2.PCRSelection{Hash: tpm2.Algorithm(in.GetHash())} - for _, pcr := range in.GetPcrs() { - sel.PCRs = append(sel.PCRs, int(pcr)) - } - - session, err := NewPCRSession(k.rw, sel) - if err != nil { - return nil, fmt.Errorf("failed to create session: %w", err) - } - defer session.Close() - - auth, err := session.Auth() - if err != nil { - return nil, err - } - return tpm2.UnsealWithSession(k.rw, auth.Session, sealed, "") -} - -// Quote will tell TPM to compute a hash of a set of given PCR selection, together with -// some extra data (typically a nonce), sign it with the given signing key, and return -// the signature and the attestation data. This function will return an error if -// the key is not a restricted signing key. -func (k *Key) Quote(selpcr tpm2.PCRSelection, extraData []byte) (*pb.Quote, error) { - // Make sure that we have a valid signing key before trying quote - var err error - if _, err = internal.GetSigningHashAlg(k.pubArea); err != nil { - return nil, err - } - if !k.hasAttribute(tpm2.FlagRestricted) { - return nil, fmt.Errorf("unrestricted keys are insecure to use with Quote") - } - - quote := &pb.Quote{} - quote.Quote, quote.RawSig, err = tpm2.QuoteRaw(k.rw, k.Handle(), "", "", extraData, selpcr, tpm2.AlgNull) - if err != nil { - return nil, fmt.Errorf("failed to quote: %w", err) - } - quote.Pcrs, err = ReadPCRs(k.rw, selpcr) - if err != nil { - return nil, fmt.Errorf("failed to read PCRs: %w", err) - } - // Verify the quote client-side to make sure we didn't mess things up. - // NOTE: the quote still must be verified server-side as well. - if err := internal.VerifyQuote(quote, k.PublicKey(), extraData); err != nil { - return nil, fmt.Errorf("failed to verify quote: %w", err) - } - return quote, nil -} - -// Reseal is a shortcut to call Unseal() followed by Seal(). -// CertifyOpt(nillable) will be used in Unseal(), and SealOpt(nillable) -// will be used in Seal() -func (k *Key) Reseal(in *pb.SealedBytes, uOpts UnsealOpts, sOpts SealOpts) (*pb.SealedBytes, error) { - sensitive, err := k.Unseal(in, uOpts) - if err != nil { - return nil, fmt.Errorf("failed to unseal: %w", err) - } - return k.Seal(sensitive, sOpts) -} - -func (k *Key) hasAttribute(attr tpm2.KeyProp) bool { - return k.pubArea.Attributes&attr != 0 -} - -// Cert returns the parsed certificate (or nil) for the given key. -func (k *Key) Cert() *x509.Certificate { - return k.cert -} - -// CertDERBytes provides the ASN.1 DER content of the key's certificate. If the -// key does not have a certficate, returns nil. -func (k *Key) CertDERBytes() []byte { - if k.cert == nil { - return nil - } - return k.cert.Raw -} - -// SetCert assigns the provided certificate to the key after verifying it matches the key. -func (k *Key) SetCert(cert *x509.Certificate) error { - certPubKey := cert.PublicKey.(crypto.PublicKey) // This cast cannot fail - if !internal.PubKeysEqual(certPubKey, k.pubKey) { - return errors.New("certificate does not match key") - } - - k.cert = cert - return nil -} - -// Attempt to fetch a key's certificate from NVRAM. If the certificate is simply -// missing, this function succeeds (and no certificate is set). This is to allow -// for AKs and EKs that simply don't have a certificate. However, if the -// certificate read from NVRAM is either malformed or does not match the key, we -// return an error. -func (k *Key) trySetCertificateFromNvram(index uint32) error { - certASN1, err := tpm2.NVReadEx(k.rw, tpmutil.Handle(index), tpm2.HandleOwner, "", 0) - if err != nil { - // Either the cert data is missing, or we are not allowed to read it - return nil - } - x509Cert, err := x509.ParseCertificate(certASN1) - if err != nil { - return fmt.Errorf("failed to parse certificate from NV memory: %w", err) - } - return k.SetCert(x509Cert) -} diff --git a/vendor/github.com/google/go-tpm-tools/client/keys_test.go b/vendor/github.com/google/go-tpm-tools/client/keys_test.go deleted file mode 100644 index 0ed42a1dd..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/keys_test.go +++ /dev/null @@ -1,302 +0,0 @@ -package client_test - -import ( - "crypto" - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "io" - "math/big" - "reflect" - "testing" - "time" - - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" -) - -func TestNameMatchesPublicArea(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - - matches, err := ek.Name().MatchesPublic(ek.PublicArea()) - if err != nil { - t.Fatal(err) - } - if !matches { - t.Fatal("Returned name and computed name do not match") - } -} - -func TestCreateSigningKeysInHierarchies(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - template := client.AKTemplateRSA() - - // We are not authorized to create keys in the Platform Hierarchy - for _, hierarchy := range []tpmutil.Handle{tpm2.HandleOwner, tpm2.HandleEndorsement, tpm2.HandleNull} { - key, err := client.NewKey(rwc, hierarchy, template) - if err != nil { - t.Errorf("Hierarchy %+v: %s", hierarchy, err) - } else { - key.Close() - } - } -} - -func TestCachedRSAKeys(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - keys := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"SRK", client.StorageRootKeyRSA}, - {"EK", client.EndorsementKeyRSA}, - } - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - // Get the key the first time and persist - srk, err := k.getKey(rwc) - if err != nil { - t.Fatal(err) - } - defer srk.Close() - - pub := srk.PublicKey() - if tpm2.FlushContext(rwc, srk.Handle()) == nil { - t.Error("Trying to flush persistent keys should fail.") - } - - // Get the cached key (should be the same) - srk, err = k.getKey(rwc) - if err != nil { - t.Fatal(err) - } - defer srk.Close() - - if !reflect.DeepEqual(srk.PublicKey(), pub) { - t.Errorf("Expected pub key: %v got: %v", pub, srk.PublicKey()) - } - - // We should still get the same key if we evict the handle - if err := tpm2.EvictControl(rwc, "", tpm2.HandleOwner, srk.Handle(), srk.Handle()); err != nil { - t.Errorf("Evicting control failed: %v", err) - } - srk, err = k.getKey(rwc) - if err != nil { - t.Fatal(err) - } - defer srk.Close() - - if !reflect.DeepEqual(srk.PublicKey(), pub) { - t.Errorf("Expected pub key: %v got: %v", pub, srk.PublicKey()) - } - }) - } -} - -func TestKeyCreation(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"SRK-ECC", client.StorageRootKeyECC}, - {"EK-ECC", client.EndorsementKeyECC}, - {"AK-ECC", client.AttestationKeyECC}, - {"SRK-RSA", client.StorageRootKeyRSA}, - {"EK-RSA", client.EndorsementKeyRSA}, - {"AK-RSA", client.AttestationKeyRSA}, - } - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - key, err := k.getKey(rwc) - if err != nil { - t.Fatal(err) - } - key.Close() - }) - } -} - -func BenchmarkKeyCreation(b *testing.B) { - rwc := test.GetTPM(b) - defer client.CheckedClose(b, rwc) - - benchmarks := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"SRK-ECC-Cached", client.StorageRootKeyECC}, - {"EK-ECC-Cached", client.EndorsementKeyECC}, - {"AK-ECC-Cached", client.AttestationKeyECC}, - - {"SRK-ECC", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleOwner, client.SRKTemplateECC()) - }}, - {"EK-ECC", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleEndorsement, client.DefaultEKTemplateECC()) - }}, - {"AK-ECC", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleOwner, client.AKTemplateECC()) - }}, - - {"SRK-RSA-Cached", client.StorageRootKeyRSA}, - {"EK-RSA-Cached", client.EndorsementKeyRSA}, - {"AK-RSA-Cached", client.AttestationKeyRSA}, - - {"SRK-RSA", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleEndorsement, client.SRKTemplateRSA()) - }}, - {"EK-RSA", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleOwner, client.DefaultEKTemplateRSA()) - }}, - {"AK-RSA", func(rw io.ReadWriter) (*client.Key, error) { - return client.NewKey(rw, tpm2.HandleOwner, client.AKTemplateRSA()) - }}, - } - - for _, bm := range benchmarks { - b.Run(bm.name, func(b *testing.B) { - // Don't count time to populate the cache - b.StopTimer() - key, err := bm.getKey(rwc) - if err != nil { - b.Fatal(err) - } - key.Close() - b.StartTimer() - - for i := 0; i < b.N; i++ { - key, err := bm.getKey(rwc) - if err != nil { - b.Fatal(err) - } - key.Close() - } - }) - } -} - -// Returns an x509 Certificate for the provided pubkey, signed with the provided parent certificate and key. -// If the provided fields are nil, will create a self-signed certificate. -func getTestCert(t *testing.T, pubKey crypto.PublicKey, parentCert *x509.Certificate, parentKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey) { - t.Helper() - - certKey, _ := rsa.GenerateKey(rand.Reader, 2048) - - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(10, 0, 0), - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - IsCA: true, - MaxPathLenZero: true, - } - - if pubKey == nil && parentCert == nil && parentKey == nil { - pubKey = certKey.Public() - parentCert = template - parentKey = certKey - } - - certBytes, err := x509.CreateCertificate(rand.Reader, template, parentCert, pubKey, parentKey) - if err != nil { - t.Fatalf("Unable to create test certificate: %v", err) - } - - cert, err := x509.ParseCertificate(certBytes) - if err != nil { - t.Fatalf("Unable to parse test certificate: %v", err) - } - - return cert, certKey -} - -func TestSetCert(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.AttestationKeyECC(rwc) - if err != nil { - t.Fatalf("Unable to create key: %v", err) - } - - ca, caKey := getTestCert(t, nil, nil, nil) - akCert, _ := getTestCert(t, key.PublicKey(), ca, caKey) - - if err = key.SetCert(akCert); err != nil { - t.Errorf("SetCert() returned error: %v", err) - } -} - -func TestSetCertFailsIfCertificateIsNotForKey(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - key, err := client.AttestationKeyECC(rwc) - if err != nil { - t.Fatalf("Unable to create key: %v", err) - } - - otherKey, _ := rsa.GenerateKey(rand.Reader, 2048) - - ca, caKey := getTestCert(t, nil, nil, nil) - akCert, _ := getTestCert(t, otherKey.Public(), ca, caKey) - - if err = key.SetCert(akCert); err == nil { - t.Error("SetCert() returned successfully, expected error") - } -} - -func TestLoadCachedKey(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - createdKey, err := client.NewKey(rwc, tpm2.HandleNull, client.SRKTemplateRSA()) - if err != nil { - t.Fatalf("NewKey() returned error: %v", err) - } - defer createdKey.Close() - - handles := []struct { - name string - handle tpmutil.Handle - errExpected bool - }{ - {"successful retrieval with handle", createdKey.Handle(), false}, - {"error for bad handle", tpmutil.Handle(0x0), true}, - } - - for _, k := range handles { - t.Run(k.name, func(t *testing.T) { - loadedKey, err := client.LoadCachedKey(rwc, createdKey.Handle(), client.NullSession{}) - if k.errExpected && err == nil { - t.Fatal("LoadCachedKey() returned successfully, expected error") - } else if !k.errExpected && err != nil { - t.Fatalf("LoadCachedKey() returned error: %v", err) - } else if k.errExpected { - return - } - defer loadedKey.Close() - - if !reflect.DeepEqual(createdKey, loadedKey) { - t.Errorf("Loaded key does not match created key") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/pcr.go b/vendor/github.com/google/go-tpm-tools/client/pcr.go deleted file mode 100644 index fd4d328e8..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/pcr.go +++ /dev/null @@ -1,163 +0,0 @@ -package client - -import ( - "crypto" - "fmt" - "io" - "math" - - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" -) - -// NumPCRs is set to the spec minimum of 24, as that's all go-tpm supports. -const NumPCRs = 24 - -// We hard-code SHA256 as the policy session hash algorithms. Note that this -// differs from the PCR hash algorithm (which selects the bank of PCRs to use) -// and the Public area Name algorithm. We also chose this for compatibility with -// github.com/google/go-tpm/legacy/tpm2, as it hardcodes the nameAlg as SHA256 in -// several places. Two constants are used to avoid repeated conversions. -const ( - SessionHashAlg = crypto.SHA256 - SessionHashAlgTpm = tpm2.AlgSHA256 -) - -// CertifyHashAlgTpm is the hard-coded algorithm used in certify PCRs. -const CertifyHashAlgTpm = tpm2.AlgSHA256 - -// AllocatedPCRs returns a list of selections corresponding to the TPM's implemented PCRs. -func AllocatedPCRs(rw io.ReadWriter) ([]tpm2.PCRSelection, error) { - caps, moreData, err := tpm2.GetCapability(rw, tpm2.CapabilityPCRs, math.MaxUint32, 0) - if err != nil { - return nil, fmt.Errorf("listing implemented PCR banks: %w", err) - } - if moreData { - return nil, fmt.Errorf("extra data from GetCapability") - } - var sels []tpm2.PCRSelection - for _, cap := range caps { - sel, ok := cap.(tpm2.PCRSelection) - if !ok { - return nil, fmt.Errorf("unexpected data from GetCapability") - } - // skip empty (unallocated) PCR selections - if len(sel.PCRs) == 0 { - continue - } - sels = append(sels, sel) - } - return sels, nil -} - -// ReadPCRs fetches all the PCR values specified in sel, making multiple calls -// to the TPM if necessary. -func ReadPCRs(rw io.ReadWriter, sel tpm2.PCRSelection) (*pb.PCRs, error) { - pl := pb.PCRs{ - Hash: pb.HashAlgo(sel.Hash), - Pcrs: map[uint32][]byte{}, - } - - for i := 0; i < len(sel.PCRs); i += 8 { - end := min(i+8, len(sel.PCRs)) - pcrSel := tpm2.PCRSelection{ - Hash: sel.Hash, - PCRs: sel.PCRs[i:end], - } - - pcrMap, err := tpm2.ReadPCRs(rw, pcrSel) - if err != nil { - return nil, err - } - - for pcr, val := range pcrMap { - pl.Pcrs[uint32(pcr)] = val - } - } - - return &pl, nil -} - -// ReadAllPCRs fetches all the PCR values from all implemented PCR banks. -func ReadAllPCRs(rw io.ReadWriter) ([]*pb.PCRs, error) { - sels, err := AllocatedPCRs(rw) - if err != nil { - return nil, err - } - - allPcrs := make([]*pb.PCRs, len(sels)) - for i, sel := range sels { - allPcrs[i], err = ReadPCRs(rw, sel) - if err != nil { - return nil, fmt.Errorf("reading bank %x PCRs: %w", sel.Hash, err) - } - } - return allPcrs, nil -} - -// SealOpts specifies the PCR values that should be used for Seal(). -type SealOpts struct { - // Current seals data to the current specified PCR selection. - Current tpm2.PCRSelection - // Target predictively seals data to the given specified PCR values. - Target *pb.PCRs -} - -// UnsealOpts specifies the options that should be used for Unseal(). -// Currently, it specifies the PCRs that need to pass certification in order to -// successfully unseal. -// CertifyHashAlgTpm is the hard-coded algorithm that must be used with -// UnsealOpts. -type UnsealOpts struct { - // CertifyCurrent certifies that a selection of current PCRs have the same - // value when sealing. - CertifyCurrent tpm2.PCRSelection - // CertifyExpected certifies that the TPM had a specific set of PCR values when sealing. - CertifyExpected *pb.PCRs -} - -// FullPcrSel will return a full PCR selection based on the total PCR number -// of the TPM with the given hash algo. -func FullPcrSel(hash tpm2.Algorithm) tpm2.PCRSelection { - sel := tpm2.PCRSelection{Hash: hash} - for i := 0; i < NumPCRs; i++ { - sel.PCRs = append(sel.PCRs, int(i)) - } - return sel -} - -func mergePCRSelAndProto(rw io.ReadWriter, sel tpm2.PCRSelection, proto *pb.PCRs) (*pb.PCRs, error) { - if proto == nil || len(proto.GetPcrs()) == 0 { - return ReadPCRs(rw, sel) - } - if len(sel.PCRs) == 0 { - return proto, nil - } - if sel.Hash != tpm2.Algorithm(proto.Hash) { - return nil, fmt.Errorf("current hash (%v) differs from target hash (%v)", - sel.Hash, tpm2.Algorithm(proto.Hash)) - } - - // At this point, both sel and proto are non-empty. - // Verify no overlap in sel and proto PCR indexes. - overlap := make([]int, 0) - targetMap := proto.GetPcrs() - for _, pcrVal := range sel.PCRs { - if _, found := targetMap[uint32(pcrVal)]; found { - overlap = append(overlap, pcrVal) - } - } - if len(overlap) != 0 { - return nil, fmt.Errorf("found PCR overlap: %v", overlap) - } - - currentPcrs, err := ReadPCRs(rw, sel) - if err != nil { - return nil, err - } - - for pcr, val := range proto.GetPcrs() { - currentPcrs.Pcrs[pcr] = val - } - return currentPcrs, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/pcr_test.go b/vendor/github.com/google/go-tpm-tools/client/pcr_test.go deleted file mode 100644 index 1eb44eaee..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/pcr_test.go +++ /dev/null @@ -1,127 +0,0 @@ -package client_test - -import ( - "bytes" - "crypto/sha1" - "crypto/sha256" - "crypto/sha512" - "fmt" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -var extends = map[tpm2.Algorithm][]struct { - digest []byte -}{ - tpm2.AlgSHA1: { - {bytes.Repeat([]byte{0x00}, sha1.Size)}, - {bytes.Repeat([]byte{0x01}, sha1.Size)}, - {bytes.Repeat([]byte{0x02}, sha1.Size)}}, - tpm2.AlgSHA256: { - {bytes.Repeat([]byte{0x00}, sha256.Size)}, - {bytes.Repeat([]byte{0x01}, sha256.Size)}, - {bytes.Repeat([]byte{0x02}, sha256.Size)}}, - tpm2.AlgSHA384: { - {bytes.Repeat([]byte{0x00}, sha512.Size384)}, - {bytes.Repeat([]byte{0x01}, sha512.Size384)}, - {bytes.Repeat([]byte{0x02}, sha512.Size384)}}, -} - -func pcrExtend(alg tpm2.Algorithm, oldVal, newVal []byte) ([]byte, error) { - hCon, err := alg.Hash() - if err != nil { - return nil, fmt.Errorf("not a valid hash type: %v", alg) - } - h := hCon.New() - h.Write(oldVal) - h.Write(newVal) - return h.Sum(nil), nil -} - -func TestReadPCRs(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - cases := []struct { - name string - hashalg tpm2.Algorithm - }{ - {"SHA1", tpm2.AlgSHA1}, - {"SHA256", tpm2.AlgSHA256}, - {"SHA384", tpm2.AlgSHA384}, - } - - for _, c := range cases { - t.Run(c.name, func(t *testing.T) { - test.SkipOnUnsupportedAlg(t, rwc, c.hashalg) - - pcrbank, err := tpm2.ReadPCR(rwc, test.DebugPCR, c.hashalg) - if err != nil { - t.Fatal(err) - } - - for _, d := range extends[c.hashalg] { - if err := tpm2.PCRExtend(rwc, tpmutil.Handle(test.DebugPCR), c.hashalg, d.digest, ""); err != nil { - t.Fatalf("failed to extend pcr for test %v", err) - } - pcrVal, err := pcrExtend(c.hashalg, pcrbank, d.digest) - if err != nil { - t.Fatalf("could not extend pcr: %v", err) - } - pcrbank = pcrVal - sel := tpm2.PCRSelection{Hash: c.hashalg, PCRs: []int{test.DebugPCR}} - proto, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("failed to read pcrs %v", err) - } - if !bytes.Equal(proto.Pcrs[uint32(test.DebugPCR)], pcrbank) { - t.Errorf("%v not equal to expected %v", proto.Pcrs[uint32(test.DebugPCR)], pcrbank) - } - } - }) - } -} - -func TestCheckContainedPCRs(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - sel := client.FullPcrSel(tpm2.AlgSHA256) - baseline, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("Failed to Read PCRs: %v", err) - } - - toBeCertified, err := client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1, 2, 3}}) - if err != nil { - t.Fatalf("failed to read pcrs %v", err) - } - if err := internal.CheckSubset(toBeCertified, baseline); err != nil { - t.Fatalf("Validation should pass: %v", err) - } - - if err := tpm2.PCRExtend(rwc, tpmutil.Handle(test.DebugPCR), tpm2.AlgSHA256, bytes.Repeat([]byte{0x00}, sha256.Size), ""); err != nil { - t.Fatalf("failed to extend pcr for test %v", err) - } - - toBeCertified, err = client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1, 3, test.DebugPCR}}) - if err != nil { - t.Fatalf("failed to read pcrs %v", err) - } - if err := internal.CheckSubset(toBeCertified, baseline); err == nil { - t.Fatalf("validation should fail due to PCR %d changed", test.DebugPCR) - } - - toBeCertified, err = client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{}}) - if err != nil { - t.Fatalf("failed to read pcrs %v", err) - } - if err := internal.CheckSubset(toBeCertified, baseline); err != nil { - t.Fatalf("empty pcrs is always validate") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/quote_test.go b/vendor/github.com/google/go-tpm-tools/client/quote_test.go deleted file mode 100644 index 6a177702a..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/quote_test.go +++ /dev/null @@ -1,154 +0,0 @@ -package client_test - -import ( - "bytes" - "crypto/ecdsa" - "crypto/rsa" - "fmt" - "io" - "testing" - - "github.com/google/go-attestation/attest" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/legacy/tpm2" -) - -func TestQuote(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"AK-ECC", client.AttestationKeyECC}, - {"AK-RSA", client.AttestationKeyRSA}, - } - - pcrSels := []tpm2.PCRSelection{ - { - Hash: tpm2.AlgSHA256, - PCRs: []int{7}, - }, - client.FullPcrSel(tpm2.AlgSHA256), - } - - for _, key := range keys { - for _, sel := range pcrSels { - name := fmt.Sprintf("%s-%d", key.name, len(sel.PCRs)) - t.Run(name, func(t *testing.T) { - ak, err := key.getKey(rwc) - if err != nil { - t.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - - quoted, err := ak.Quote(sel, []byte("test")) - if err != nil { - t.Errorf("failed to quote: %v", err) - } - sig, err := tpm2.DecodeSignature(bytes.NewBuffer(quoted.GetRawSig())) - if err != nil { - t.Errorf("signature decoding failed: %v", err) - } - - switch pub := ak.PublicKey().(type) { - case *ecdsa.PublicKey: - hash, err := sig.ECC.HashAlg.Hash() - if err != nil { - t.Fatalf("not a valid hash type: %v", sig.ECC.HashAlg) - } - - hashCon := hash.New() - hashCon.Write(quoted.GetQuote()) - if !ecdsa.Verify(pub, hashCon.Sum(nil)[:], sig.ECC.R, sig.ECC.S) { - t.Errorf("ECC signature verification failed") - } - case *rsa.PublicKey: - hash, err := sig.RSA.HashAlg.Hash() - if err != nil { - t.Fatalf("not a valid hash type: %v", sig.RSA.HashAlg) - } - - hashCon := hash.New() - hashCon.Write(quoted.GetQuote()) - if err = rsa.VerifyPKCS1v15(pub, hash, hashCon.Sum(nil), []byte(sig.RSA.Signature)); err != nil { - t.Errorf("RSA signature verification failed: %v", err) - } - } - }) - } - } - -} - -func TestQuoteShouldFailWithNonSigningKey(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - srk, err := client.StorageRootKeyRSA(rwc) - if err != nil { - t.Errorf("failed to generate SRK: %v", err) - } - defer srk.Close() - - selpcr := tpm2.PCRSelection{ - Hash: tpm2.AlgSHA1, - PCRs: []int{7}, - } - _, err = srk.Quote(selpcr, []byte("test")) - if err == nil { - t.Errorf("Quote with a non-signing key should fail") - } - t.Log(err) -} - -// Basic tests of Key.Attest, more advanced methods are in server package -func TestAttest(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - shouldSucceed bool - }{ - {"AK-ECC", client.AttestationKeyECC, true}, - {"AK-RSA", client.AttestationKeyRSA, true}, - {"EK-ECC", client.EndorsementKeyECC, false}, - {"EK-RSA", client.EndorsementKeyRSA, false}, - } - for _, key := range keys { - t.Run(key.name, func(t *testing.T) { - ak, err := key.getKey(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - attestation, err := ak.Attest(client.AttestOpts{Nonce: []byte("some nonce")}) - if !key.shouldSucceed { - if err == nil { - t.Error("expected failure when calling Attest") - } - return - } - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - // Basic check, make sure we got multiple banks, and fields parse - if _, err = tpm2.DecodePublic(attestation.AkPub); err != nil { - t.Errorf("failed to decode AkPub: %v", err) - } - if len(attestation.Quotes) <= 1 { - t.Error("expected multiple quotes") - } - if _, err = attest.ParseEventLog(attestation.EventLog); err != nil { - t.Errorf("failed to parse event log: %v", err) - } - }) - - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/seal_test.go b/vendor/github.com/google/go-tpm-tools/client/seal_test.go deleted file mode 100644 index 2b2586c70..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/seal_test.go +++ /dev/null @@ -1,460 +0,0 @@ -package client_test - -import ( - "bytes" - "crypto/sha256" - "io" - "reflect" - "testing" - - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/tpm" -) - -func TestSeal(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - getSRK func(io.ReadWriter) (*client.Key, error) - }{ - {"RSA", client.StorageRootKeyRSA}, - {"ECC", client.StorageRootKeyECC}, - } - for _, key := range keys { - t.Run(key.name, func(t *testing.T) { - srk, err := key.getSRK(rwc) - if err != nil { - t.Fatalf("can't create %s srk from template: %v", key.name, err) - } - defer srk.Close() - - secret := []byte("test") - pcrToChange := test.DebugPCR - sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7, pcrToChange}} - sealed, err := srk.Seal(secret, client.SealOpts{Current: sel}) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - - opts := client.UnsealOpts{ - CertifyCurrent: tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{7}, - }, - } - unseal, err := srk.Unseal(sealed, opts) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } - - extension := bytes.Repeat([]byte{0xAA}, sha256.Size) - if err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, ""); err != nil { - t.Fatalf("failed to extend pcr: %v", err) - } - - // unseal should not succeed. - if _, err = srk.Unseal(sealed, opts); err == nil { - t.Fatalf("unseal should have caused an error: %v", err) - } - }) - } -} - -func TestSelfReseal(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.StorageRootKeyRSA(rwc) - if err != nil { - t.Fatalf("can't create srk from template: %v", err) - } - defer key.Close() - - secret := []byte("test") - pcrList := []int{0, 4, 7} - sOpts := client.SealOpts{ - Current: tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: pcrList, - }, - } - - sealed, err := key.Seal(secret, sOpts) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - - uOpts := client.UnsealOpts{ - CertifyCurrent: tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{7}, - }, - } - unseal, err := key.Unseal(sealed, uOpts) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } - - sealed, err = key.Reseal(sealed, uOpts, sOpts) - if err != nil { - t.Fatalf("failed to reseal: %v", err) - } - - unseal, err = key.Unseal(sealed, uOpts) - if err != nil { - t.Fatalf("failed to unseal after resealing: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } -} - -func computePCRValue(base []byte, extensions [][]byte) []byte { - for _, extension := range extensions { - sum := sha256.Sum256(append(base, extension...)) - base = sum[:] - } - return base -} - -func TestComputePCRValue(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - pcrNum := test.DebugPCR - extensions := [][]byte{ - bytes.Repeat([]byte{0xAA}, sha256.Size), - bytes.Repeat([]byte{0xAB}, sha256.Size), - bytes.Repeat([]byte{0xAC}, sha256.Size), - bytes.Repeat([]byte{0xAD}, sha256.Size), - } - - pcrBase, err := tpm2.ReadPCR(rwc, pcrNum, tpm2.AlgSHA256) - if err != nil { - t.Fatalf("failed to read pcr %v", err) - } - - for _, extension := range extensions { - err := tpm2.PCRExtend(rwc, tpmutil.Handle(pcrNum), tpm2.AlgSHA256, extension, "") - if err != nil { - t.Fatalf("failed to extend pcr: %v", err) - } - } - - pcrVal, err := tpm2.ReadPCR(rwc, pcrNum, tpm2.AlgSHA256) - if err != nil { - t.Fatalf("failed to read pcr %v", err) - } - - computedValue := computePCRValue(pcrBase, extensions) - if !bytes.Equal(pcrVal, computedValue) { - t.Fatalf("pcrVal (%v) not equal to computedValue (%v)", pcrVal, computedValue) - } -} - -func TestReseal(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.StorageRootKeyRSA(rwc) - if err != nil { - t.Fatalf("can't create srk from template: %v", err) - } - defer key.Close() - - secret := []byte("test") - pcrToChange := test.DebugPCR - sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7, pcrToChange}} - sealed, err := key.Seal(secret, client.SealOpts{Current: sel}) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - - uOpts := client.UnsealOpts{ - CertifyCurrent: sel, - } - unseal, err := key.Unseal(sealed, uOpts) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } - - // create a new set of PCRs value for modification - predictedPcrsValue, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("failed to read PCRs value: %v", err) - } - // change pcr value to the predicted future value for resealing - extensions := [][]byte{bytes.Repeat([]byte{0xAA}, sha256.Size)} - predictedPcrsValue.GetPcrs()[uint32(pcrToChange)] = computePCRValue(predictedPcrsValue.GetPcrs()[uint32(pcrToChange)], extensions) - - sOpts := client.SealOpts{Target: predictedPcrsValue} - resealed, err := key.Reseal(sealed, uOpts, sOpts) - if err != nil { - t.Fatalf("failed to reseal: %v", err) - } - - // unseal should not succeed since pcr has not been extended. - if _, err = key.Unseal(resealed, client.UnsealOpts{}); err == nil { - t.Fatalf("unseal should have failed: %v", err) - } - - // save the current PCR value for certification before extend the PCRs - oldPcrsValue, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("failed to read PCRs value: %v", err) - } - for _, extension := range extensions { - err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, "") - if err != nil { - t.Fatalf("failed to extend pcr: %v", err) - } - } - - // unseal should fail when certifying current PCR values, as one PCR has changed - _, err = key.Unseal(resealed, client.UnsealOpts{CertifyCurrent: sel}) - if err == nil { - t.Fatalf("unseal should fail since the certify PCRs have changed.") - } - - // certify original PCR values (PCR values at seal-time) will work - unseal, err = key.Unseal(resealed, client.UnsealOpts{CertifyExpected: oldPcrsValue}) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } -} - -func TestSealResealWithEmptyPCRs(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.StorageRootKeyRSA(rwc) - if err != nil { - t.Fatalf("can't create srk from template: %v", err) - } - defer key.Close() - - secret := []byte("test") - pcrToChange := test.DebugPCR - sealed, err := key.Seal(secret, client.SealOpts{}) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - opts := client.UnsealOpts{ - CertifyCurrent: tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{pcrToChange}, - }, - } - unseal, err := key.Unseal(sealed, opts) - if err != nil { - t.Fatalf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } - - extension := bytes.Repeat([]byte{0xAA}, sha256.Size) - if err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, ""); err != nil { - t.Fatalf("failed to extend pcr: %v", err) - } - - // unseal should fail as the PCR has changed (not as same as when sealing) - _, err = key.Unseal(sealed, opts) - if err == nil { - t.Fatalf("unseal should fail as PCR 7 changed") - } - - // reseal should succeed as UnsealOpts is empty - sealed, err = key.Reseal(sealed, client.UnsealOpts{}, client.SealOpts{}) - if err != nil { - t.Fatalf("failed to reseal: %v", err) - } - - // unseal should success as the above Reseal() "refreshes" the certify PCRs. - unseal, err = key.Unseal(sealed, opts) - if err != nil { - t.Errorf("failed to unseal: %v", err) - } - if !bytes.Equal(secret, unseal) { - t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) - } -} - -func BenchmarkSeal(b *testing.B) { - rwc := test.GetTPM(b) - defer client.CheckedClose(b, rwc) - - pcrSel7 := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} - sOptsPCR7 := client.SealOpts{Current: pcrSel7} - uOptsPCR7 := client.UnsealOpts{CertifyCurrent: pcrSel7} - benchmarks := []struct { - name string - sOpts client.SealOpts - uOpts client.UnsealOpts - getKey func(io.ReadWriter) (*client.Key, error) - }{ - {"SRK-ECC-SealPCR7-UnsealPCR7", sOptsPCR7, uOptsPCR7, client.StorageRootKeyECC}, - {"SRK-ECC-SealEmpty-UnsealPCR7", client.SealOpts{}, uOptsPCR7, client.StorageRootKeyECC}, - {"SRK-ECC-SealPCR7-UnsealEmpty", sOptsPCR7, client.UnsealOpts{}, client.StorageRootKeyECC}, - {"SRK-ECC-SealEmpty-UnsealEmpty", client.SealOpts{}, client.UnsealOpts{}, client.StorageRootKeyECC}, - {"SRK-RSA-SealPCR7-UnsealPCR7", sOptsPCR7, uOptsPCR7, client.StorageRootKeyRSA}, - {"SRK-RSA-SealEmpty-UnsealPCR7", client.SealOpts{}, uOptsPCR7, client.StorageRootKeyRSA}, - {"SRK-RSA-SealPCR7-UnsealEmpty", sOptsPCR7, client.UnsealOpts{}, client.StorageRootKeyRSA}, - {"SRK-RSA-SealEmpty-UnsealEmpty", client.SealOpts{}, client.UnsealOpts{}, client.StorageRootKeyRSA}, - } - - for _, bm := range benchmarks { - key, err := bm.getKey(rwc) - if err != nil { - b.Fatal(err) - } - b.Run(bm.name, func(b *testing.B) { - for i := 0; i < b.N; i++ { - blob, err := key.Seal([]byte("test123"), bm.sOpts) - if err != nil { - b.Fatal(err) - } - if _, err = key.Unseal(blob, bm.uOpts); err != nil { - b.Fatal(err) - } - } - }) - } -} -func TestSealOpts(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - emptySet := map[uint32]struct{}{} - srk, err := client.StorageRootKeyECC(rwc) - if err != nil { - t.Fatalf("failed to create SRK: %v", err) - } - - opts := []struct { - name string - current tpm2.PCRSelection - target *pb.PCRs - expectedPcrs map[uint32]struct{} - }{ - {"CurrentEmpty-TargetNil", tpm2.PCRSelection{}, nil, emptySet}, - {"CurrentEmpty7-TargetNil", tpm2.PCRSelection{}, nil, emptySet}, - {"CurrentEmpty-TargetEmpty", tpm2.PCRSelection{}, &pb.PCRs{}, emptySet}, - {"CurrentSHA1Empty-TargetSHA256Empty", - tpm2.PCRSelection{Hash: tpm2.AlgSHA1}, - &pb.PCRs{Hash: pb.HashAlgo_SHA256}, - emptySet}, - {"CurrentSHA256Empty-TargetSHA1Empty", - tpm2.PCRSelection{Hash: tpm2.AlgSHA256}, - &pb.PCRs{Hash: pb.HashAlgo_SHA1}, - emptySet}, - {"CurrentSHA2567-TargetSHA1Empty", - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}}, - &pb.PCRs{Hash: pb.HashAlgo_SHA1}, - map[uint32]struct{}{7: {}}}, - {"Current7-TargetPCR0,4", - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 7}}, - &pb.PCRs{Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{4: {0x00}}}, - map[uint32]struct{}{ - 0: {}, - 4: {}, - 7: {}, - }}, - } - - sliceToSet := func(a []uint32) map[uint32]struct{} { - ret := make(map[uint32]struct{}) - for _, val := range a { - ret[val] = struct{}{} - } - return ret - } - for _, testcase := range opts { - t.Run(testcase.name, func(t *testing.T) { - sOpts := client.SealOpts{Current: testcase.current, Target: testcase.target} - sealed, err := srk.Seal([]byte("secretzz"), sOpts) - if err != nil { - t.Errorf("error calling Seal with SealOpts: %v", err) - } - outPcrsMap := sliceToSet(sealed.Pcrs) - if !reflect.DeepEqual(outPcrsMap, testcase.expectedPcrs) { - t.Errorf("received PCRs (%v) do not match expected PCRs (%v)", - outPcrsMap, testcase.expectedPcrs) - } - }) - } - - // Run empty SealOpts. - _, err = srk.Seal([]byte("secretzz"), client.SealOpts{}) - if err != nil { - t.Errorf("error calling Seal with SealOpts: %v", err) - } -} -func TestSealAndUnsealOptsFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - srk, err := client.StorageRootKeyECC(rwc) - if err != nil { - t.Fatalf("failed to create SRK: %v", err) - } - - pcrSel7 := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} - pcrMap7 := map[uint32][]byte{7: {0x01, 0x02}} - pbPcr7 := &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: pcrMap7} - opts := []struct { - name string - current tpm2.PCRSelection - target *pb.PCRs - }{ - {"CurrentSHA256-TargetSHA1", pcrSel7, &pb.PCRs{Hash: pb.HashAlgo_SHA1, Pcrs: pcrMap7}}, - {"Current-TargetPCROverlap", pcrSel7, pbPcr7}, - {"Current-TargetPCROverlapMultiple", tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 4, 7, 8}}, - &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: {}, 4: {0x00}, 9: {0x01, 0x02}}}}, - } - - for _, testcase := range opts { - t.Run("Seal"+testcase.name, func(t *testing.T) { - sOpts := client.SealOpts{Current: testcase.current, - Target: testcase.target} - _, err := srk.Seal([]byte("secretzz"), sOpts) - if err == nil { - t.Errorf("expected failure calling SealOpts") - } - }) - } - - sealed, err := srk.Seal([]byte("secretzz"), client.SealOpts{}) - if err != nil { - t.Fatalf("failed to seal: %v", err) - } - for _, testcase := range opts { - t.Run("Unseal"+testcase.name, func(t *testing.T) { - uOpts := client.UnsealOpts{CertifyCurrent: testcase.current, - CertifyExpected: testcase.target} - _, err := srk.Unseal(sealed, uOpts) - if err == nil { - t.Errorf("expected failure calling SealOpts") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/session.go b/vendor/github.com/google/go-tpm-tools/client/session.go deleted file mode 100644 index 07019bc90..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/session.go +++ /dev/null @@ -1,101 +0,0 @@ -package client - -import ( - "io" - - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// Session is an interface for TPM sessions. -type Session interface { - io.Closer - Auth() (tpm2.AuthCommand, error) -} - -func startAuthSession(rw io.ReadWriter) (session tpmutil.Handle, err error) { - // This session assumes the bus is trusted, so we: - // - use nil for tpmKey, encrypted salt, and symmetric - // - use and all-zeros caller nonce, and ignore the returned nonce - // As we are creating a plain TPM session, we: - // - setup a policy session - // - don't bind the session to any particular key - session, _, err = tpm2.StartAuthSession( - rw, - /*tpmKey=*/ tpm2.HandleNull, - /*bindKey=*/ tpm2.HandleNull, - /*nonceCaller=*/ make([]byte, SessionHashAlg.Size()), - /*encryptedSalt=*/ nil, - /*sessionType=*/ tpm2.SessionPolicy, - /*symmetric=*/ tpm2.AlgNull, - /*authHash=*/ SessionHashAlgTpm) - return -} - -// PCRSession is a TPM session that is bound to a set of PCRs. -type PCRSession struct { - rw io.ReadWriter - session tpmutil.Handle - sel tpm2.PCRSelection -} - -// NewPCRSession creates a new PCRSession. -func NewPCRSession(rw io.ReadWriter, sel tpm2.PCRSelection) (Session, error) { - if len(sel.PCRs) == 0 { - return NullSession{}, nil - } - session, err := startAuthSession(rw) - return PCRSession{rw, session, sel}, err -} - -// Auth returns the AuthCommand for the session. -func (p PCRSession) Auth() (auth tpm2.AuthCommand, err error) { - if err = tpm2.PolicyPCR(p.rw, p.session, nil, p.sel); err != nil { - return - } - return tpm2.AuthCommand{Session: p.session, Attributes: tpm2.AttrContinueSession}, nil -} - -// Close closes the session. -func (p PCRSession) Close() error { - return tpm2.FlushContext(p.rw, p.session) -} - -// EKSession is a TPM session that is bound to the EK. -type EKSession struct { - rw io.ReadWriter - session tpmutil.Handle -} - -// NewEKSession creates a new EKSession. -func NewEKSession(rw io.ReadWriter) (Session, error) { - session, err := startAuthSession(rw) - return EKSession{rw, session}, err -} - -// Auth returns the AuthCommand for the session. -func (e EKSession) Auth() (auth tpm2.AuthCommand, err error) { - nullAuth := tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession} - if _, _, err = tpm2.PolicySecret(e.rw, tpm2.HandleEndorsement, nullAuth, e.session, nil, nil, nil, 0); err != nil { - return - } - return tpm2.AuthCommand{Session: e.session, Attributes: tpm2.AttrContinueSession}, nil -} - -// Close closes the session. -func (e EKSession) Close() error { - return tpm2.FlushContext(e.rw, e.session) -} - -// NullSession is a TPM session that is not bound to anything. -type NullSession struct{} - -// Auth returns the AuthCommand for the session. -func (n NullSession) Auth() (auth tpm2.AuthCommand, err error) { - return tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession}, nil -} - -// Close closes the session. -func (n NullSession) Close() error { - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/client/signer.go b/vendor/github.com/google/go-tpm-tools/client/signer.go deleted file mode 100644 index 1d0dcd5b1..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/signer.go +++ /dev/null @@ -1,146 +0,0 @@ -package client - -import ( - "crypto" - "crypto/rsa" - "encoding/asn1" - "fmt" - "io" - "math/big" - "sync" - - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm/legacy/tpm2" -) - -// Global mutex to protect against concurrent TPM access. -var signerMutex sync.Mutex - -type tpmSigner struct { - Key *Key - Hash crypto.Hash -} - -// Public returns the tpmSigners public key. -func (signer *tpmSigner) Public() crypto.PublicKey { - return signer.Key.PublicKey() -} - -// Sign uses the TPM key to sign the digest. -// The digest must be hashed from the same hash algorithm as the keys scheme. -// The opts hash function must also match the keys scheme (or be nil). -// Concurrent use of Sign is thread safe, but it is not safe to access the TPM -// from other sources while Sign is executing. -// For RSAPSS signatures, you cannot specify custom salt lengths. The salt -// length will be (keyBits/8) - digestSize - 2, unless that is less than the -// digestSize in which case, saltLen will be digestSize. The only normal case -// where saltLen is not digestSize is when using 1024 keyBits with SHA512. -func (signer *tpmSigner) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { - if pssOpts, ok := opts.(*rsa.PSSOptions); ok { - if signer.Key.pubArea.RSAParameters == nil { - return nil, fmt.Errorf("invalid options: PSSOptions can only be used with RSA keys") - } - if signer.Key.pubArea.RSAParameters.Sign.Alg != tpm2.AlgRSAPSS { - return nil, fmt.Errorf("invalid options: PSSOptions cannot be used with signing alg: %v", signer.Key.pubArea.RSAParameters.Sign.Alg) - } - if pssOpts.SaltLength != rsa.PSSSaltLengthAuto { - return nil, fmt.Errorf("salt length must be rsa.PSSSaltLengthAuto") - } - } - if opts != nil && opts.HashFunc() != signer.Hash { - return nil, fmt.Errorf("hash algorithm: got %v, want %v", opts.HashFunc(), signer.Hash) - } - if len(digest) != signer.Hash.Size() { - return nil, fmt.Errorf("digest length: got %d, want %d", len(digest), signer.Hash.Size()) - } - - signerMutex.Lock() - defer signerMutex.Unlock() - - auth, err := signer.Key.session.Auth() - if err != nil { - return nil, err - } - - sig, err := tpm2.SignWithSession(signer.Key.rw, auth.Session, signer.Key.handle, "", digest, nil, nil) - if err != nil { - return nil, err - } - return getSignature(sig) -} - -// GetSigner returns a crypto.Signer wrapping the loaded TPM Key. -// Concurrent use of one or more Signers is thread safe, but it is not safe to -// access the TPM from other sources while using a Signer. -// The returned Signer lasts the lifetime of the Key, and will no longer work -// once the Key has been closed. -func (k *Key) GetSigner() (crypto.Signer, error) { - if k.hasAttribute(tpm2.FlagRestricted) { - return nil, fmt.Errorf("restricted keys are not supported") - } - hashAlg, err := internal.GetSigningHashAlg(k.pubArea) - if err != nil { - return nil, err - } - // For crypto.Signer, Go does the hashing. Make sure the hash is supported. - hash, err := hashAlg.Hash() - if err != nil { - return nil, err - } - return &tpmSigner{k, hash}, nil -} - -// SignData signs a data buffer with a TPM loaded key. Unlike GetSigner, this -// method works with restricted and unrestricted keys. If this method is called -// on a restriced key, the TPM itself will hash the provided data, failing the -// signing operation if the data begins with TPM_GENERATED_VALUE. -func (k *Key) SignData(data []byte) ([]byte, error) { - hashAlg, err := internal.GetSigningHashAlg(k.pubArea) - if err != nil { - return nil, err - } - - var digest []byte - var ticket *tpm2.Ticket - if k.hasAttribute(tpm2.FlagRestricted) { - // Restricted keys can only sign data hashed by the TPM. We use the - // owner hierarchy for the Ticket, but any non-Null hierarchy would do. - digest, ticket, err = tpm2.Hash(k.rw, hashAlg, data, tpm2.HandleOwner) - if err != nil { - return nil, err - } - } else { - // Unrestricted keys can sign any digest, no need for TPM hashing. - hash, err := hashAlg.Hash() - if err != nil { - return nil, err - } - hasher := hash.New() - hasher.Write(data) - digest = hasher.Sum(nil) - } - - auth, err := k.session.Auth() - if err != nil { - return nil, err - } - sig, err := tpm2.SignWithSession(k.rw, auth.Session, k.handle, "", digest, ticket, nil) - if err != nil { - return nil, err - } - return getSignature(sig) -} - -func getSignature(sig *tpm2.Signature) ([]byte, error) { - switch sig.Alg { - case tpm2.AlgRSASSA: - return sig.RSA.Signature, nil - case tpm2.AlgRSAPSS: - return sig.RSA.Signature, nil - case tpm2.AlgECDSA: - sigStruct := struct{ R, S *big.Int }{sig.ECC.R, sig.ECC.S} - return asn1.Marshal(sigStruct) - default: - return nil, fmt.Errorf("unsupported signing algorithm: %v", sig.Alg) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/signer_test.go b/vendor/github.com/google/go-tpm-tools/client/signer_test.go deleted file mode 100644 index 3045efe0c..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/signer_test.go +++ /dev/null @@ -1,317 +0,0 @@ -package client_test - -import ( - "crypto" - "crypto/ecdsa" - "crypto/rsa" - "crypto/sha1" - "crypto/sha256" - "encoding/asn1" - "math/big" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/legacy/tpm2" -) - -func templateSSA(hash tpm2.Algorithm) tpm2.Public { - template := client.AKTemplateRSA() - // Can't sign arbitrary data if restricted. - template.Attributes &= ^tpm2.FlagRestricted - template.RSAParameters.Sign.Hash = hash - return template -} - -func templatePSS(hash tpm2.Algorithm) tpm2.Public { - template := templateSSA(hash) - template.RSAParameters.Sign.Alg = tpm2.AlgRSAPSS - return template -} - -func templateECC(hash tpm2.Algorithm) tpm2.Public { - template := client.AKTemplateECC() - template.Attributes &= ^tpm2.FlagRestricted - template.ECCParameters.Sign.Hash = hash - return template -} - -// Templates that require some sort of (default) authorization -func templateAuthSSA() tpm2.Public { - template := templateSSA(tpm2.AlgSHA256) - template.AuthPolicy = client.DefaultEKTemplateRSA().AuthPolicy - template.Attributes |= tpm2.FlagAdminWithPolicy - template.Attributes &= ^tpm2.FlagUserWithAuth - return template -} - -func templateAuthECC() tpm2.Public { - template := templateECC(tpm2.AlgSHA256) - template.AuthPolicy = client.DefaultEKTemplateECC().AuthPolicy - template.Attributes |= tpm2.FlagAdminWithPolicy - template.Attributes &= ^tpm2.FlagUserWithAuth - return template -} - -func verifyRSA(pubKey crypto.PublicKey, hash crypto.Hash, digest, sig []byte) bool { - return rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), hash, digest, sig) == nil -} - -func verifyECC(pubKey crypto.PublicKey, _ crypto.Hash, digest, sig []byte) bool { - var sigStruct struct{ R, S *big.Int } - asn1.Unmarshal(sig, &sigStruct) - return ecdsa.Verify(pubKey.(*ecdsa.PublicKey), digest, sigStruct.R, sigStruct.S) -} - -func TestSign(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - hash crypto.Hash - template tpm2.Public - verify func(crypto.PublicKey, crypto.Hash, []byte, []byte) bool - }{ - {"RSA-SHA1", crypto.SHA1, templateSSA(tpm2.AlgSHA1), verifyRSA}, - {"RSA-SHA256", crypto.SHA256, templateSSA(tpm2.AlgSHA256), verifyRSA}, - {"RSA-SHA384", crypto.SHA384, templateSSA(tpm2.AlgSHA384), verifyRSA}, - {"RSA-SHA512", crypto.SHA512, templateSSA(tpm2.AlgSHA512), verifyRSA}, - {"ECC-SHA1", crypto.SHA1, templateECC(tpm2.AlgSHA1), verifyECC}, - {"ECC-SHA256", crypto.SHA256, templateECC(tpm2.AlgSHA256), verifyECC}, - {"ECC-SHA384", crypto.SHA384, templateECC(tpm2.AlgSHA384), verifyECC}, - {"ECC-SHA512", crypto.SHA512, templateECC(tpm2.AlgSHA512), verifyECC}, - {"Auth-RSA", crypto.SHA256, templateAuthSSA(), verifyRSA}, - {"Auth-ECC", crypto.SHA256, templateAuthECC(), verifyECC}, - } - - message := []byte("authenticated message") - // Data beginning with TPM_GENERATED_VALUE (looks like a TPM-test message) - generatedMsg := append([]byte("\xffTCG"), message...) - for _, k := range keys { - hash := k.hash.New() - hash.Write(message) - digest := hash.Sum(nil) - alg, err := tpm2.HashToAlgorithm(k.hash) - if err != nil { - t.Fatal(err) - } - - t.Run(k.name, func(t *testing.T) { - test.SkipOnUnsupportedAlg(t, rwc, alg) - - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - signer, err := key.GetSigner() - if err != nil { - t.Fatal(err) - } - sig, err := signer.Sign(nil, digest, k.hash) - if err != nil { - t.Fatal(err) - } - if !k.verify(signer.Public(), k.hash, digest, sig) { - t.Error(err) - } - }) - t.Run(k.name+"-SignData", func(t *testing.T) { - test.SkipOnUnsupportedAlg(t, rwc, alg) - - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - sig, err := key.SignData(message) - if err != nil { - t.Fatal(err) - } - if !k.verify(key.PublicKey(), k.hash, digest, sig) { - t.Error(err) - } - - // Unrestricted keys can sign data beginning with TPM_GENERATED_VALUE - if _, err = key.SignData(generatedMsg); err != nil { - t.Error(err) - } - }) - t.Run(k.name+"-SignDataRestricted", func(t *testing.T) { - test.SkipOnUnsupportedAlg(t, rwc, alg) - - restrictedTemplate := k.template - restrictedTemplate.Attributes |= tpm2.FlagRestricted - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, restrictedTemplate) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - sig, err := key.SignData(message) - if err != nil { - t.Fatal(err) - } - if !k.verify(key.PublicKey(), k.hash, digest, sig) { - t.Error(err) - } - - // Restricted keys cannot sign data beginning with TPM_GENERATED_VALUE - if _, err = key.SignData(generatedMsg); err == nil { - t.Error("Signing TPM_GENERATED_VALUE data should fail") - } - }) - } -} - -func TestSignIncorrectHash(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, templateSSA(tpm2.AlgSHA256)) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - signer, err := key.GetSigner() - if err != nil { - t.Fatal(err) - } - - digestSHA1 := sha1.Sum([]byte("authenticated message")) - digestSHA256 := sha256.Sum256([]byte("authenticated message")) - - if _, err := signer.Sign(nil, digestSHA1[:], crypto.SHA1); err == nil { - t.Error("expected failure for digest and hash not matching keys sigScheme.") - } - - if _, err := signer.Sign(nil, digestSHA1[:], crypto.SHA256); err == nil { - t.Error("expected failure for correct hash, but incorrect digest.") - } - - if _, err := signer.Sign(nil, digestSHA256[:], crypto.SHA1); err == nil { - t.Error("expected failure for correct digest, but incorrect hash.") - } -} - -func TestSignPSS(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - keys := []struct { - name string - opts crypto.SignerOpts - template tpm2.Public - keyBits uint16 - saltLen int - }{ - // saltLen should be (keyBits/8) - digestSize - 2, unless that is less than - // digestSize in which case, saltLen will be digestSize. - // The only normal case where saltLen is not digestSize is when using - // 1024 keyBits with SHA512. - {"RSA-SHA1", crypto.SHA1, templatePSS(tpm2.AlgSHA1), 1024, 20}, - {"RSA-SHA256", crypto.SHA256, templatePSS(tpm2.AlgSHA256), 1024, 32}, - {"RSA-SHA384", crypto.SHA384, templatePSS(tpm2.AlgSHA384), 1024, 48}, - {"RSA-SHA512", crypto.SHA512, templatePSS(tpm2.AlgSHA512), 1024, 62}, - {"RSA-SHA512", crypto.SHA512, templatePSS(tpm2.AlgSHA512), 2048, 64}, - {"RSA-SHA1", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA1}, templatePSS(tpm2.AlgSHA1), 1024, 20}, - {"RSA-SHA256", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256}, templatePSS(tpm2.AlgSHA256), 1024, 32}, - {"RSA-SHA384", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA384}, templatePSS(tpm2.AlgSHA384), 1024, 48}, - {"RSA-SHA512", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512}, templatePSS(tpm2.AlgSHA512), 1024, 62}, - {"RSA-SHA512", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512}, templatePSS(tpm2.AlgSHA512), 2048, 64}, - } - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - alg, err := tpm2.HashToAlgorithm(k.opts.HashFunc()) - if err != nil { - t.Fatal(err) - } - test.SkipOnUnsupportedAlg(t, rwc, alg) - - k.template.RSAParameters.KeyBits = k.keyBits - - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - hash := k.opts.HashFunc().New() - hash.Write([]byte("authenticated message")) - digest := hash.Sum(nil) - - signer, err := key.GetSigner() - if err != nil { - t.Fatal(err) - } - sig, err := signer.Sign(nil, digest[:], k.opts) - if err != nil { - t.Fatal(err) - } - // Different implementations may specify different salt length. Some have "keyBytes - digestSize - 2", some have - // just "digestSize". Therefore here we just verify with default salt length. - err = rsa.VerifyPSS(signer.Public().(*rsa.PublicKey), k.opts.HashFunc(), digest[:], sig, nil) - if err != nil { - t.Error(err) - } - }) - } -} - -// Make sure signing fails when using PSS params with a non-PSS key -func TestFailSignPSS(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - keys := []struct { - name string - template tpm2.Public - }{ - {"SSA", templateSSA(tpm2.AlgSHA256)}, - {"ECC", templateECC(tpm2.AlgSHA256)}, - } - - pssOpts := rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256} - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - signer, err := key.GetSigner() - if err != nil { - t.Fatal(err) - } - - // Fake SHA-256 digest - digest := make([]byte, 32) - if _, err = signer.Sign(nil, digest, &pssOpts); err == nil { - t.Error("expected failure when using PSS options") - } - }) - } -} - -// Signing keys without a signature scheme are incompatible with GetSigner -func TestFailGetSignerNullScheme(t *testing.T) { - template := templateSSA(tpm2.AlgSHA256) - template.RSAParameters.Sign = nil - - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - key, err := client.NewKey(rwc, tpm2.HandleEndorsement, template) - if err != nil { - t.Fatal(err) - } - defer key.Close() - - if _, err = key.GetSigner(); err == nil { - t.Error("expected failure when calling GetSigner") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/client/template.go b/vendor/github.com/google/go-tpm-tools/client/template.go deleted file mode 100644 index f2b48115d..000000000 --- a/vendor/github.com/google/go-tpm-tools/client/template.go +++ /dev/null @@ -1,143 +0,0 @@ -package client - -import ( - "crypto/sha256" - - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// Calculations from Credential_Profile_EK_V2.0, section 2.1.5.3 - authPolicy -func defaultEKAuthPolicy() []byte { - buf, err := tpmutil.Pack(tpm2.CmdPolicySecret, tpm2.HandleEndorsement) - if err != nil { - panic(err) - } - digest1 := sha256.Sum256(append(make([]byte, 32), buf...)) - // We would normally append the policy buffer to digest1, but the - // policy buffer is empty for the default Auth Policy. - digest2 := sha256.Sum256(digest1[:]) - return digest2[:] -} - -func defaultEKAttributes() tpm2.KeyProp { - // The EK is a storage key that must use session-based authorization. - return (tpm2.FlagStorageDefault | tpm2.FlagAdminWithPolicy) & ^tpm2.FlagUserWithAuth -} - -func defaultSRKAttributes() tpm2.KeyProp { - // FlagNoDA doesn't do anything (as the AuthPolicy is nil). However, this is - // what Windows does, and we don't want to conflict. - return tpm2.FlagStorageDefault | tpm2.FlagNoDA -} - -func defaultSymScheme() *tpm2.SymScheme { - return &tpm2.SymScheme{ - Alg: tpm2.AlgAES, - KeyBits: 128, - Mode: tpm2.AlgCFB, - } -} - -func defaultRSAParams() *tpm2.RSAParams { - return &tpm2.RSAParams{ - Symmetric: defaultSymScheme(), - KeyBits: 2048, - ModulusRaw: make([]byte, 256), // public.unique must be all zeros - } -} - -func defaultECCParams() *tpm2.ECCParams { - return &tpm2.ECCParams{ - Symmetric: defaultSymScheme(), - CurveID: tpm2.CurveNISTP256, - Point: tpm2.ECPoint{ - XRaw: make([]byte, 32), - YRaw: make([]byte, 32), - }, - } -} - -// DefaultEKTemplateRSA returns the default Endorsement Key (EK) template as -// specified in Credential_Profile_EK_V2.0, section 2.1.5.1 - authPolicy. -// https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf -func DefaultEKTemplateRSA() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: tpm2.AlgSHA256, - Attributes: defaultEKAttributes(), - AuthPolicy: defaultEKAuthPolicy(), - RSAParameters: defaultRSAParams(), - } -} - -// DefaultEKTemplateECC returns the default Endorsement Key (EK) template as -// specified in Credential_Profile_EK_V2.0, section 2.1.5.2 - authPolicy. -// https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf -func DefaultEKTemplateECC() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: defaultEKAttributes(), - AuthPolicy: defaultEKAuthPolicy(), - ECCParameters: defaultECCParams(), - } -} - -// AKTemplateRSA returns a potential Attestation Key (AK) template. -// This is very similar to DefaultEKTemplateRSA, except that this will be a -// signing key instead of an encrypting key. -func AKTemplateRSA() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSignerDefault, - RSAParameters: &tpm2.RSAParams{ - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgRSASSA, - Hash: tpm2.AlgSHA256, - }, - KeyBits: 2048, - }, - } -} - -// AKTemplateECC returns a potential Attestation Key (AK) template. -// This is very similar to DefaultEKTemplateECC, except that this will be a -// signing key instead of an encrypting key. -func AKTemplateECC() tpm2.Public { - params := defaultECCParams() - params.Symmetric = nil - params.Sign = &tpm2.SigScheme{ - Alg: tpm2.AlgECDSA, - Hash: tpm2.AlgSHA256, - } - return tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSignerDefault, - ECCParameters: params, - } -} - -// SRKTemplateRSA returns a standard Storage Root Key (SRK) template. -// This is based upon the advice in the TCG's TPM v2.0 Provisioning Guidance. -func SRKTemplateRSA() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: tpm2.AlgSHA256, - Attributes: defaultSRKAttributes(), - RSAParameters: defaultRSAParams(), - } -} - -// SRKTemplateECC returns a standard Storage Root Key (SRK) template. -// This is based upon the advice in the TCG's TPM v2.0 Provisioning Guidance. -func SRKTemplateECC() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: defaultSRKAttributes(), - ECCParameters: defaultECCParams(), - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/attest.go b/vendor/github.com/google/go-tpm-tools/cmd/attest.go deleted file mode 100644 index 4146f50db..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/attest.go +++ /dev/null @@ -1,200 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - "io" - "log" - "strconv" - - "cloud.google.com/go/compute/metadata" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/spf13/cobra" - "google.golang.org/protobuf/proto" -) - -var ( - key string - teeTechnology string -) - -// Add constants for other devices when required -const ( - // SevSnp is a constant denotes device name for teeTechnology - SevSnp = "sev-snp" - // Tdx is a constant denotes device name for teeTechnology - Tdx = "tdx" -) - -var attestationKeys = map[string]map[tpm2.Algorithm]func(rw io.ReadWriter) (*client.Key, error){ - "AK": { - tpm2.AlgRSA: client.AttestationKeyRSA, - tpm2.AlgECC: client.AttestationKeyECC, - }, - "gceAK": { - tpm2.AlgRSA: client.GceAttestationKeyRSA, - tpm2.AlgECC: client.GceAttestationKeyECC, - }, -} - -// If hardware technology needs a variable length teenonce then please modify the flags description -var attestCmd = &cobra.Command{ - Use: "attest", - Short: "Create a remote attestation report", - Long: `Gather information for remote attestation. -The Attestation report contains a quote on all available PCR banks, a way to validate -the quote, and a TCG Event Log (Linux only). -Use --key to specify the type of attestation key. It can be gceAK for GCE attestation -key or AK for a custom attestation key. By default it uses AK. ---algo flag overrides the public key algorithm for attestation key. If not provided then -by default rsa is used. ---tee-nonce attaches a 64 bytes extra data to the attestation report of TDX and SEV-SNP -hardware and guarantees a fresh quote. -`, - Args: cobra.NoArgs, - RunE: func(*cobra.Command, []string) error { - - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - if !(format == "binarypb" || format == "textproto") { - return fmt.Errorf("format should be either binarypb or textproto") - } - - var attestationKey *client.Key - algoToCreateAK, ok := attestationKeys[key] - if !ok { - return fmt.Errorf("key should be either AK or gceAK") - } - createFunc := algoToCreateAK[keyAlgo] - attestationKey, err = createFunc(rwc) - if err != nil { - return fmt.Errorf("failed to create attestation key: %v", err) - } - defer attestationKey.Close() - - attestOpts := client.AttestOpts{} - attestOpts.Nonce = nonce - - // Add logic to open other hardware devices when required. - switch teeTechnology { - case SevSnp: - attestOpts.TEEDevice, err = client.CreateSevSnpQuoteProvider() - if err != nil { - return fmt.Errorf("failed to open %s device: %v", SevSnp, err) - } - attestOpts.TEENonce = teeNonce - case Tdx: - attestOpts.TEEDevice, err = client.CreateTdxQuoteProvider() - if err != nil { - return fmt.Errorf("failed to create %s quote provider: %v", Tdx, err) - } - attestOpts.TEENonce = teeNonce - case "": - if len(teeNonce) != 0 { - return fmt.Errorf("use of --tee-nonce requires specifying TEE hardware type with --tee-technology") - } - default: - // Change the return statement when more devices are added - return fmt.Errorf("tee-technology should be either empty or should have values %s or %s", SevSnp, Tdx) - } - - attestOpts.TCGEventLog, err = client.GetEventLog(rwc) - if err != nil { - return fmt.Errorf("failed to retrieve TCG Event Log: %w", err) - } - - attestation, err := attestationKey.Attest(attestOpts) - if err != nil { - return fmt.Errorf("failed to collect attestation report : %v", err) - } - - if key == "gceAK" { - instanceInfo, err := getInstanceInfoFromMetadata() - if err != nil { - log.Printf("Could not get GCE instance info, continuing without it: %v", err) - } - attestation.InstanceInfo = instanceInfo - } - - var out []byte - if format == "binarypb" { - out, err = proto.Marshal(attestation) - if err != nil { - return fmt.Errorf("failed to marshal attestation proto: %v", attestation) - } - } else { - out = []byte(marshalOptions.Format(attestation)) - } - if _, err := dataOutput().Write(out); err != nil { - return fmt.Errorf("failed to write attestation report: %v", err) - } - return nil - }, -} - -func getInstanceInfoFromMetadata() (*attest.GCEInstanceInfo, error) { - ctx := context.Background() - var err error - instanceInfo := &attest.GCEInstanceInfo{} - - instanceInfo.ProjectId, err = metadata.ProjectIDWithContext(ctx) - if err != nil { - return nil, err - } - - projectNumber, err := metadata.NumericProjectIDWithContext(ctx) - if err != nil { - return nil, err - } - instanceInfo.ProjectNumber, err = strconv.ParseUint(projectNumber, 10, 64) - if err != nil { - return nil, err - } - - instanceInfo.Zone, err = metadata.ZoneWithContext(ctx) - if err != nil { - return nil, err - } - - instanceID, err := metadata.InstanceIDWithContext(ctx) - if err != nil { - return nil, err - } - instanceInfo.InstanceId, err = strconv.ParseUint(instanceID, 10, 64) - if err != nil { - return nil, err - } - - instanceInfo.InstanceName, err = metadata.InstanceNameWithContext(ctx) - if err != nil { - return nil, err - } - - return instanceInfo, err -} - -func addKeyFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&key, "key", "AK", "indicates type of attestation key to use ") -} - -func addTeeTechnology(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&teeTechnology, "tee-technology", "", "indicates the type of TEE hardware. Should be either empty or one of sev-snp or tdx") -} - -func init() { - RootCmd.AddCommand(attestCmd) - addKeyFlag(attestCmd) - addNonceFlag(attestCmd) - addTeeNonceflag(attestCmd) - addPublicKeyAlgoFlag(attestCmd) - addOutputFlag(attestCmd) - addFormatFlag(attestCmd) - addTeeTechnology(attestCmd) - attestCmd.AddCommand(attestSVSMCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/attest_svsm.go b/vendor/github.com/google/go-tpm-tools/cmd/attest_svsm.go deleted file mode 100644 index 61ada7cc9..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/attest_svsm.go +++ /dev/null @@ -1,221 +0,0 @@ -package cmd - -import ( - "errors" - "fmt" - "time" - - "github.com/google/gce-tcb-verifier/extract" - "github.com/google/go-configfs-tsm/configfs/configfsi" - "github.com/google/go-configfs-tsm/configfs/linuxtsm" - "github.com/google/go-configfs-tsm/report" - sabi "github.com/google/go-sev-guest/abi" - sevpb "github.com/google/go-sev-guest/proto/sevsnp" - "github.com/google/go-tpm-tools/client" - apb "github.com/google/go-tpm-tools/proto/attest" - "github.com/spf13/cobra" - "google.golang.org/protobuf/proto" -) - -var ( - errSVSMOnlySupportsAK = errors.New("SVSM currently only support --key=AK") - errSvsmOnlySupportedWithSevSnp = errors.New("--svsm is only supported with --tee-technology=sev-snp") -) - -var attestSVSMCmd = &cobra.Command{ - Use: "svsm", - Short: `Produce a SevSnpSvsmAttestation that wraps the PCR attestation message.`, - RunE: func(*cobra.Command, []string) error { - if teeTechnology != SevSnp { - return errSvsmOnlySupportedWithSevSnp - } - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - var attestationKey *client.Key - if key != "AK" { - return errSVSMOnlySupportsAK - } - algoToCreateAK, ok := attestationKeys[key] - if !ok { - return fmt.Errorf("%v is an invalid value for --key, only AK is supported", key) - } - createFunc := algoToCreateAK[keyAlgo] - attestationKey, err = createFunc(rwc) - if err != nil { - return fmt.Errorf("failed to create attestation key: %v", err) - } - defer attestationKey.Close() - - attestOpts := client.AttestOpts{} - attestOpts.Nonce = nonce - // Omit requesting TEE attestation for the Attestation message when attesting an SVSM based vTPM. - // We instead separately attach a TEE attestation inside the SevSnpSvsmAttestation message - attestOpts.SkipTeeAttestation = true - - attestOpts.TCGEventLog, err = client.GetEventLog(rwc) - if err != nil { - return fmt.Errorf("failed to retrieve TCG Event Log: %w", err) - } - - attestation, err := attestationKey.Attest(attestOpts) - if err != nil { - return fmt.Errorf("failed to collect attestation report : %v", err) - } - - if teeTechnology != SevSnp { - return errSvsmOnlySupportedWithSevSnp - } - configfsClient, err := linuxtsm.MakeClient() - if err != nil { - return fmt.Errorf("failed to create linuxtsm configfs client: %w", err) - } - svsmAttestation, err := makeSEVSNPSVSMAttestation(attestation, &sevSNPSVSMAttestationOpts{ - TEENonce: teeNonce, - CongfigfsClient: configfsClient, - VTPMServiceManifestVersion: "0", - ExtractOptions: extract.DefaultOptions(), - }) - if err != nil { - return fmt.Errorf("failed to create SEV SNP SVSM attestation: %w", err) - } - if err := writeProtoToOutput(svsmAttestation); err != nil { - return fmt.Errorf("failed to write SEV SNP SVSM attestation report: %w", err) - } - - return nil - }, -} - -// sevSNPSVSMAttestationOpts customizes the behavior of makeSEVSNPSVSMAttestation. -type sevSNPSVSMAttestationOpts struct { - // 64 byte nonce to be mixed into the REPORT_DATA field of the SNP attestation report. - TEENonce []byte - // Configfs client to use for retrieving the attestation report, certificates, and SVSM service manifest. - CongfigfsClient configfsi.Client - // The SVSM service manifest and its version is defined by the SVSM spec at - // https://www.amd.com/en/developer/sev.html - // Failing to specify a value here will result in requesting the default manifest version of "0" - // See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report - VTPMServiceManifestVersion string - // Options for configuring how to extract a firmware endorsement. - // Leave as nil to skip getting firmware endorsement. - ExtractOptions *extract.Options -} - -// makeSEVSNPSVSMAttestation fills out the fields of a SevSnpSvsmAttestation message needed to verify an SVSM e-vTPM. -// This includes the SNP attestation report and the vtpm service manifest. -func makeSEVSNPSVSMAttestation(attestation *apb.Attestation, opts *sevSNPSVSMAttestationOpts) (*apb.SevSnpSvsmAttestation, error) { - svsm := &apb.SevSnpSvsmAttestation{ - Attestation: attestation, - } - var snpNonce [sabi.ReportDataSize]byte - if len(opts.TEENonce) != sabi.ReportDataSize { - return nil, fmt.Errorf("the teeNonce size is %d. SEV-SNP device requires 64", len(opts.TEENonce)) - } - copy(snpNonce[:], opts.TEENonce) - - // There is a host ratelimit of 2 requests per 2 seconds on guest message requests - // and SVSM will decide to crash if it runs into this ratelimit. - // Until we fix this in Coconut SVSM and increase the host ratelimit, ensure a 2 - // second delay prior to issuing an attestation report request to SVSM. - time.Sleep(2 * time.Second) - tsmBlobs, err := getSVSMBlobs(opts.CongfigfsClient, snpNonce, opts.VTPMServiceManifestVersion) - if err != nil { - return nil, fmt.Errorf("failed to get configfs-tsm blobs for SVSM attestation report: %w", err) - } - report, err := sabi.ReportToProto(tsmBlobs.OutBlob) - if err != nil { - return nil, fmt.Errorf("failed to convert attestation report to proto: %w", err) - } - - certs, err := getCertificates(opts.CongfigfsClient, snpNonce) - if err != nil { - return nil, fmt.Errorf("failed to retrieve certificates from configfs-tsm: %w", err) - } - - svsm.SevSnpAttestation = &sevpb.Attestation{ - Report: report, - CertificateChain: certs, - } - svsm.VtpmServiceManifest = tsmBlobs.ManifestBlob - if opts.VTPMServiceManifestVersion == "" { - svsm.VtpmServiceManifestVersion = defaultConfigfsTsmReportServiceManifestVersion - } - svsm.VtpmServiceManifestVersion = opts.VTPMServiceManifestVersion - - if opts.ExtractOptions != nil { - svsm.LaunchEndorsement, err = getEndorsement(svsm.SevSnpAttestation, opts.ExtractOptions) - if err != nil { - return nil, fmt.Errorf("failed to get endorsement for svsm firmware: %w", err) - } - } - return svsm, nil -} - -func getEndorsement(attestation *sevpb.Attestation, extractOpts *extract.Options) ([]byte, error) { - if extractOpts == nil { - return nil, nil - } - out, err := proto.Marshal(attestation) - if err != nil { - return nil, fmt.Errorf("failed to marshal sev snp attestation: %w", err) - } - extractOpts.Quote = out - return extract.Endorsement(extractOpts) -} - -// Constants for input to various blobs of configfs-tsm-report defined by linux kernel. -// See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report -const ( - svsmServiceProvider = "svsm" - // GUID for SVSM vTPM attestation defined by SVSM spec. - // See https://www.amd.com/en/developer/sev.html for SVSM spec - svsmVTPMServiceGUID = "c476f1eb-0123-45a5-9641-b4e7dde5bfe3" - leastPrivilegedVMPL = 3 - defaultConfigfsTsmReportServiceManifestVersion = "0" -) - -var ( - errFailedToRetrieveCertificates = errors.New("failed to retrieve certificates") -) - -// SVSM currently doesn't support certificates in its attestation report, so here we collect -// the certificate chain by requesting a report without SVSM to get the cached certificates. -func getCertificates(configfs configfsi.Client, reportData [sabi.ReportDataSize]byte) (*sevpb.CertificateChain, error) { - resp, err := report.Get(configfs, &report.Request{ - InBlob: reportData[:], - GetAuxBlob: true, - Privilege: &report.Privilege{ - Level: uint(leastPrivilegedVMPL), - }, - }) - if err != nil { - return nil, errFailedToRetrieveCertificates - } - extended, err := sabi.ExtendedPlatformCertTable(resp.AuxBlob) - if err != nil { - return nil, fmt.Errorf("invalid certificate table: %w", err) - } - table := new(sabi.CertTable) - if err := table.Unmarshal(extended); err != nil { - return nil, fmt.Errorf("failed to unmarshal certificates: %w", err) - } - return table.Proto(), nil -} - -func getSVSMBlobs(configfs configfsi.Client, reportData [sabi.ReportDataSize]byte, vtpmServiceManifestVersion string) (*report.Response, error) { - resp, err := report.Get(configfs, &report.Request{ - InBlob: reportData[:], - ServiceProvider: svsmServiceProvider, - ServiceGuid: svsmVTPMServiceGUID, - ServiceManifestVersion: vtpmServiceManifestVersion, - }) - if err != nil { - return nil, fmt.Errorf("could not get SVSM attestation report: %w", err) - } - return resp, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/attest_test.go b/vendor/github.com/google/go-tpm-tools/cmd/attest_test.go deleted file mode 100644 index 1523fe147..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/attest_test.go +++ /dev/null @@ -1,398 +0,0 @@ -package cmd - -import ( - "io" - "os" - "strconv" - "strings" - "testing" - "time" - - sgtest "github.com/google/go-sev-guest/testing" - sgtestclient "github.com/google/go-sev-guest/testing/client" - tgtest "github.com/google/go-tdx-guest/testing" - tgtestclient "github.com/google/go-tdx-guest/testing/client" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm-tools/verifier/util" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -var getIndex = map[string]uint32{ - "rsa": client.GceAKTemplateNVIndexRSA, - "ecc": client.GceAKTemplateNVIndexECC, -} - -func GCEAKTemplateECC() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgECC, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSignerDefault, - ECCParameters: &tpm2.ECCParams{ - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgECDSA, - Hash: tpm2.AlgSHA256, - }, - CurveID: 3, - }, - } -} -func GCEAKTemplateRSA() tpm2.Public { - return tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: tpm2.AlgSHA256, - Attributes: tpm2.FlagSignerDefault, - RSAParameters: &tpm2.RSAParams{ - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgRSASSA, - Hash: tpm2.AlgSHA256, - }, - KeyBits: 2048, - }, - } -} - -// Need to call tpm2.NVUndefinespace on the handle with authHandle tpm2.HandlePlatform. -// e.g defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(client.GceAKTemplateNVIndexRSA)) -func setGCEAKTemplate(tb testing.TB, rwc io.ReadWriteCloser, algo string, data []byte) error { - // Since this mutates the TPM, any tests using real TPMs must skip. - test.SkipForRealTPM(tb) - var err error - idx := tpmutil.Handle(getIndex[algo]) - if err := tpm2.NVDefineSpace(rwc, tpm2.HandlePlatform, idx, - "", "", nil, - tpm2.AttrPPWrite|tpm2.AttrPPRead|tpm2.AttrWriteDefine|tpm2.AttrOwnerRead|tpm2.AttrAuthRead|tpm2.AttrPlatformCreate|tpm2.AttrNoDA, - uint16(len(data))); err != nil { - tb.Fatalf("NVDefineSpace failed: %v", err) - } - err = tpm2.NVWrite(rwc, tpm2.HandlePlatform, idx, "", data, 0) - if err != nil { - tb.Fatalf("failed to write NVIndex: %v", err) - } - return nil -} - -func makeOutputFile(tb testing.TB, output string) string { - tb.Helper() - file, err := os.CreateTemp("", output) - if err != nil { - tb.Fatal(err) - } - defer file.Close() - return file.Name() -} - -func TestNonce(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - // Without nonce. - RootCmd.SetArgs([]string{"attest", "--key", "AK"}) - if err := RootCmd.Execute(); err == nil { - t.Error("expected not-nil error") - } - // With odd length nonce. - RootCmd.SetArgs([]string{"attest", "--nonce", "12345", "--key", "AK"}) - if err := RootCmd.Execute(); err == nil { - t.Error("expected not-nil error") - } -} - -func TestAttestPass(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - tests := []struct { - name string - key string - algo string - nonce string - }{ - {"defaultKey", "", "rsa", "1234"}, - {"AKWithRSA", "AK", "rsa", "2222"}, - {"AKWithECC", "AK", "ecc", "2222"}, - } - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - secretFile1 := makeOutputFile(t, "attest") - defer os.RemoveAll(secretFile1) - attestArgs := []string{"attest", "--output", secretFile1} - if op.key != "" { - attestArgs = append(attestArgs, "--key", op.key) - } - if op.algo != "" { - attestArgs = append(attestArgs, "--algo", op.algo) - } - if op.nonce != "" { - attestArgs = append(attestArgs, "--nonce", op.nonce) - } - RootCmd.SetArgs(attestArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - }) - } -} - -func TestFormatFlagPass(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - inputFile := makeOutputFile(t, "attestXYZQ") - outputFile := makeOutputFile(t, "attestout") - defer os.RemoveAll(inputFile) - defer os.RemoveAll(outputFile) - tests := []struct { - name string - nonce string - report string - verifiedReport string - format string - }{ - {"Format:binary", "abcd", inputFile, outputFile, "binarypb"}, - {"Format:textproto", "abcd", inputFile, outputFile, "textproto"}, - } - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - attestArgs := []string{"attest", "--nonce", op.nonce, "--output", op.report, "--format", op.format} - RootCmd.SetArgs(attestArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - debugArgs := []string{"verify", "debug", "--nonce", op.nonce, "--input", op.report, "--output", op.verifiedReport, "--format", op.format} - RootCmd.SetArgs(debugArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - }) - } -} - -func TestFormatFlagFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - inputFile := makeOutputFile(t, "attest") - outputFile := makeOutputFile(t, "attestout") - defer os.RemoveAll(inputFile) - defer os.RemoveAll(outputFile) - tests := []struct { - name string - nonce string - report string - verifiedReport string - formatAttest string - formatDebug string - }{ - {"Format:binary", "abcd", inputFile, outputFile, "binarypb", "textproto"}, - {"Format:textproto", "abcd", inputFile, outputFile, "textproto", "binarypb"}, - {"Format:textproto", "abcd", inputFile, outputFile, "textproto", "xyz"}, - } - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - attestArgs := []string{"attest", "--nonce", op.nonce, "--output", op.report, "--format", op.formatAttest} - RootCmd.SetArgs(attestArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - debugArgs := []string{"verify", "debug", "--nonce", op.nonce, "--input", op.report, "--output", op.verifiedReport, "--format", op.formatDebug} - RootCmd.SetArgs(debugArgs) - if err := RootCmd.Execute(); err == nil { - t.Error(err) - } - }) - } -} - -func TestMetadataPass(t *testing.T) { - var dummyInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} - mock, err := util.NewMetadataServer(dummyInstance) - if err != nil { - t.Error(err) - } - defer mock.Stop() - instanceInfo, err := getInstanceInfoFromMetadata() - if err != nil { - t.Error(err) - } - if instanceInfo.ProjectId != dummyInstance.ProjectID { - t.Errorf("metadata.ProjectID() = %v, want %v", instanceInfo.ProjectId, dummyInstance.ProjectID) - } - projectNumber, err := strconv.ParseUint(dummyInstance.ProjectNumber, 10, 64) - if err != nil { - t.Error(err) - } - if instanceInfo.ProjectNumber != projectNumber { - t.Errorf("metadata.NumericProjectID() = %v, want %v", instanceInfo.ProjectNumber, projectNumber) - } - if instanceInfo.InstanceName != dummyInstance.InstanceName { - t.Errorf("metadata.InstanceName() = %v, want %v", instanceInfo.InstanceName, dummyInstance.InstanceName) - } - instanceID, err := strconv.ParseUint(dummyInstance.InstanceID, 10, 64) - if err != nil { - t.Error(err) - } - if instanceInfo.InstanceId != instanceID { - t.Errorf("metadata.InstanceID() = %v, want %v", instanceInfo.InstanceId, instanceID) - } - if instanceInfo.Zone != dummyInstance.Zone { - t.Errorf("metadata.Zone() = %v, want %v", instanceInfo.Zone, dummyInstance.Zone) - } -} - -func TestAttestWithGCEAK(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - secretFile1 := makeOutputFile(t, "attest") - defer os.RemoveAll(secretFile1) - var template = map[string]tpm2.Public{ - "rsa": GCEAKTemplateRSA(), - "ecc": GCEAKTemplateECC(), - } - tests := []struct { - name string - nonce string - keyAlgo string - }{ - {"gceAK:RSA", "1234", "rsa"}, - {"gceAK:ECC", "1234", "ecc"}, - } - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - data, err := template[op.keyAlgo].Encode() - if err != nil { - t.Fatalf("failed to encode GCEAKTemplateRSA: %v", err) - } - err = setGCEAKTemplate(t, rwc, op.keyAlgo, data) - if err != nil { - t.Error(err) - } - defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(getIndex[op.keyAlgo])) - - var dummyInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} - mock, err := util.NewMetadataServer(dummyInstance) - if err != nil { - t.Error(err) - } - defer mock.Stop() - - RootCmd.SetArgs([]string{"attest", "--nonce", op.nonce, "--key", "gceAK", "--algo", op.keyAlgo, "--output", secretFile1, "--format", "binarypb"}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - }) - } -} - -func TestTeeTechnologyFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - // value of tee-technology flag should be sev-snp - RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--key", "AK", "--tee-nonce", "12345678", "--tee-technology", "sev"}) - if err := RootCmd.Execute(); err == nil { - t.Error("expected not-nil error") - } -} - -func TestSevAttestTeeNonceFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - // non-nil TEENonce when TEEDevice is nil - RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--key", "AK", "--tee-nonce", "12345678", "--tee-technology", ""}) - if err := RootCmd.Execute(); err == nil { - t.Error("expected not-nil error") - } - - // TEENonce with length less than 64 bytes. - sevTestQp, _, _, _ := sgtestclient.GetSevQuoteProvider([]sgtest.TestCase{ - { - Input: [64]byte{1, 2, 3, 4}, - }, - }, &sgtest.DeviceOptions{Now: time.Now()}, t) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Error(err) - } - defer ak.Close() - attestopts := client.AttestOpts{ - Nonce: []byte{1, 2, 3, 4}, - TEENonce: []byte{1, 2, 3, 4}, - TEEDevice: &client.SevSnpQuoteProvider{QuoteProvider: sevTestQp}, - } - _, err = ak.Attest(attestopts) - if err == nil { - t.Error("expected non-nil error") - } - -} - -func TestTdxAttestTeeNonceFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - // non-nil TEENonce when TEEDevice is nil - RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--key", "AK", "--tee-nonce", "12345678", "--tee-technology", ""}) - if err := RootCmd.Execute(); err == nil { - t.Error("expected not-nil error") - } - - // TEENonce with length less than 64 bytes. - mockTdxQuoteProvider := tgtestclient.GetMockTdxQuoteProvider([]tgtest.TestCase{ - { - Input: [64]byte{1, 2, 3, 4}, - }, - }, t) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Error(err) - } - defer ak.Close() - attestopts := client.AttestOpts{ - Nonce: []byte{1, 2, 3, 4}, - TEENonce: []byte{1, 2, 3, 4}, - TEEDevice: &client.TdxQuoteProvider{QuoteProvider: mockTdxQuoteProvider}, - } - _, err = ak.Attest(attestopts) - if err == nil { - t.Error("expected non-nil error") - } -} - -func TestHardwareAttestationPass(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - inputFile := makeOutputFile(t, "attest") - outputFile := makeOutputFile(t, "attestout") - defer os.RemoveAll(inputFile) - defer os.RemoveAll(outputFile) - teenonce := "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678" - tests := []struct { - name string - nonce string - teetech string - wanterr string - }{ - {"TdxPass", "1234", "tdx", "failed to create tdx quote provider"}, - {"SevSnpPass", "1234", "sev-snp", "failed to open sev-snp device"}, - } - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - attestArgs := []string{"attest", "--nonce", op.nonce, "--output", inputFile, "--format", "textproto", "--tee-nonce", teenonce, "--tee-technology", op.teetech} - RootCmd.SetArgs(attestArgs) - if err := RootCmd.Execute(); err != nil { - if !strings.Contains(err.Error(), op.wanterr) { - t.Error(err) - } - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/fake_cloudlogging_server.go b/vendor/github.com/google/go-tpm-tools/cmd/fake_cloudlogging_server.go deleted file mode 100644 index 6b996a7df..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/fake_cloudlogging_server.go +++ /dev/null @@ -1,163 +0,0 @@ -package cmd - -import ( - "context" - "fmt" - "log" - "net" - "reflect" - "regexp" - "strconv" - "strings" - "sync" - "time" - - logpb "cloud.google.com/go/logging/apiv2/loggingpb" - tspb "github.com/golang/protobuf/ptypes/timestamp" - "github.com/google/go-tpm-tools/verifier/util" - "google.golang.org/grpc" -) - -// The only IDs that WriteLogEntries will accept. -const ( - TestProjectID = "test-project" -) - -// A fakeServer is an in-process gRPC server, listening on a system-chosen port on -// the local loopback interface. Servers are for testing only and are not -// intended to be used in production code. -type fakeServer struct { - Addr string - Port int - l net.Listener - Gsrv *grpc.Server -} - -// Start causes the server to start accepting incoming connections. -// Call Start after registering handlers. -func (s *fakeServer) Start() { - go func() { - if err := s.Gsrv.Serve(s.l); err != nil { - log.Printf("fake_cloudlogging_server.fakeServer.Start: %v", err) - } - }() -} - -// Close shuts down the server. -func (s *fakeServer) Close() { - s.Gsrv.Stop() - s.l.Close() -} - -// newFakeServer creates a new Server. The Server will be listening for gRPC connections -// at the address named by the Addr field, without TLS. -func newFakeServer(opts ...grpc.ServerOption) (*fakeServer, error) { - return newFakeServerWithPort(0, opts...) -} - -// newFakeServerWithPort creates a new Server at a specific port. The Server will be listening -// for gRPC connections at the address named by the Addr field, without TLS. -func newFakeServerWithPort(port int, opts ...grpc.ServerOption) (*fakeServer, error) { - l, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", port)) - if err != nil { - return nil, err - } - s := &fakeServer{ - Addr: l.Addr().String(), - Port: parsePort(l.Addr().String()), - l: l, - Gsrv: grpc.NewServer(opts...), - } - return s, nil -} - -var portParser = regexp.MustCompile(`:[0-9]+`) - -func parsePort(addr string) int { - res := portParser.FindAllString(addr, -1) - if len(res) == 0 { - panic(fmt.Errorf("parsePort: found no numbers in %s", addr)) - } - stringPort := res[0][1:] // strip the : - p, err := strconv.ParseInt(stringPort, 10, 32) - if err != nil { - panic(err) - } - return int(p) -} - -type loggingHandler struct { - logpb.LoggingServiceV2Server - - mu sync.Mutex - logs map[string][]*logpb.LogEntry // indexed by log name -} - -// WriteLogEntries writes log entries to Cloud Logging. All log entries in -// Cloud Logging are written by this method. -func (h *loggingHandler) WriteLogEntries(_ context.Context, req *logpb.WriteLogEntriesRequest) (*logpb.WriteLogEntriesResponse, error) { - if !strings.HasPrefix(req.LogName, "projects/"+TestProjectID+"/") { - return nil, fmt.Errorf("bad LogName: %q", req.LogName) - } - h.mu.Lock() - defer h.mu.Unlock() - for _, e := range req.Entries { - // Assign timestamp if missing. - if e.Timestamp == nil { - e.Timestamp = &tspb.Timestamp{Seconds: time.Now().Unix(), Nanos: 0} - } - // Fill from common fields in request. - if e.LogName == "" { - e.LogName = req.LogName - } - if e.Resource == nil { - e.Resource = req.Resource - } - for k, v := range req.Labels { - if _, ok := e.Labels[k]; !ok { - e.Labels[k] = v - } - } - - // Store by log name. - h.logs[e.LogName] = append(h.logs[e.LogName], e) - } - - var logEntryPayload []map[string]interface{} - logEntryPayload = append(logEntryPayload, map[string]interface{}{"aud": "test", "iat": float64(1709752525), "exp": float64(1919752525)}) - logEntryPayload = append(logEntryPayload, map[string]interface{}{"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0IiwiaWF0IjoxNzA5NzUyNTI1LCJleHAiOjE5MTk3NTI1MjV9.EBLA2zX3c-Fu0l--J9Gey6LIXMO1TFRCoe3bzuPGc1k"}) - logEntryPayload = append(logEntryPayload, map[string]interface{}{"Name": "projects/test-project/locations/us-central-1/challenges/" + util.FakeChallengeUUID, "Nonce": util.FakeTpmNonce, "ConnID": ""}) - attestationMapFields := []string{"TeeAttestation", "ak_pub", "quotes", "event_log", "ak_cert"} - for _, entry := range h.logs["projects/"+TestProjectID+"/logs/"+toolName] { - payload := entry.GetJsonPayload().AsMap() - foundMatch := false - for _, m := range logEntryPayload { - if reflect.DeepEqual(m, payload) { - foundMatch = true - } - } - if !foundMatch { - for _, field := range attestationMapFields { - if _, keyFound := payload[field]; !keyFound { - return nil, fmt.Errorf("wrong log: %q", entry.GetJsonPayload().String()) - } - } - } - } - return &logpb.WriteLogEntriesResponse{}, nil -} - -// newMockCloudLoggingServer creates a new in-memory fake server implementing the logging service. -// It returns the address of the server. -func newMockCloudLoggingServer() (string, error) { - srv, err := newFakeServer() - if err != nil { - return "", err - } - logpb.RegisterLoggingServiceV2Server(srv.Gsrv, &loggingHandler{ - logs: make(map[string][]*logpb.LogEntry), - }) - - srv.Start() - return srv.Addr, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flags.go b/vendor/github.com/google/go-tpm-tools/cmd/flags.go deleted file mode 100644 index 3bffee7c4..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/flags.go +++ /dev/null @@ -1,321 +0,0 @@ -package cmd - -import ( - "errors" - "fmt" - "io" - "os" - "strconv" - "strings" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/spf13/cobra" - "google.golang.org/protobuf/proto" -) - -var ( - output string - input string - nvIndex uint32 - nonce []byte - teeNonce []byte - keyAlgo = tpm2.AlgRSA - pcrs []int - format string - asAddress string - audience string - eventLog string - cloudLog bool - customNonce []string -) - -type pcrsFlag struct { - value *[]int -} - -func (f *pcrsFlag) Set(val string) error { - for _, d := range strings.Split(val, ",") { - pcr, err := strconv.Atoi(d) - if err != nil { - return err - } - if pcr < 0 || pcr >= client.NumPCRs { - return errors.New("pcr out of range") - } - *f.value = append(*f.value, pcr) - } - return nil -} - -func (f *pcrsFlag) Type() string { - return "pcrs" -} - -func (f *pcrsFlag) String() string { - if len(*f.value) == 0 { - return "" - } - var b strings.Builder - fmt.Fprintf(&b, "%d", (*f.value)[0]) - for _, pcr := range (*f.value)[1:] { - fmt.Fprintf(&b, ",%d", pcr) - } - return b.String() -} - -var algos = map[tpm2.Algorithm]string{ - tpm2.AlgUnknown: "", - tpm2.AlgRSA: "rsa", - tpm2.AlgECC: "ecc", - tpm2.AlgSHA1: "sha1", - tpm2.AlgSHA256: "sha256", - tpm2.AlgSHA384: "sha384", - tpm2.AlgSHA512: "sha512", -} - -type algoFlag struct { - value *tpm2.Algorithm - allowed []tpm2.Algorithm -} - -func (f *algoFlag) Set(val string) error { - present := false - for _, algo := range f.allowed { - if algos[algo] == val { - *f.value = algo - present = true - } - } - if !present { - return errors.New("unknown algorithm") - } - return nil -} - -func (f *algoFlag) Type() string { - return "algo" -} - -func (f *algoFlag) String() string { - return algos[*f.value] -} - -// Allowed gives a string list of the permitted algorithm values for this flag. -func (f *algoFlag) Allowed() string { - out := make([]string, len(f.allowed)) - for i, a := range f.allowed { - out[i] = algos[a] - } - return strings.Join(out, ", ") -} - -// Disable the "help" subcommand (and just use the -h/--help flags). -// This should be called on all commands with subcommands. -// See https://github.com/spf13/cobra/issues/587 for why this is needed. -func hideHelp(cmd *cobra.Command) { - cmd.SetHelpCommand(&cobra.Command{Hidden: true}) -} - -// Lets this command specify an output file, for use with dataOutput(). -func addOutputFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&output, "output", "", - "output file (defaults to stdout)") -} - -// Lets this command specify an input file, for use with dataInput(). -func addInputFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&input, "input", "", - "input file (defaults to stdin)") -} - -// Lets this command specify an Attestation Server Address. -func addAsAddressFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&asAddress, "verifier-endpoint", "https://confidentialcomputing.googleapis.com", - "the attestation verifier endpoint used to retrieve an attestation claims token") -} - -// Lets this command enable Cloud logging. -func addCloudLoggingFlag(cmd *cobra.Command) { - cmd.Flags().BoolVar(&cloudLog, "cloud-log", false, "logs the attestation and token to Cloud Logging for auditing purposes. Requires the audience flag.") -} - -// Lets this command specify custom audience field of the attestation token. -func addAudienceFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&audience, "audience", "", - "the audience field in the claims token. Cannot be sts.googleapis.com.") -} - -// Lets this command specify custom nonce field of the attestation token. -func addCustomNonceFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringArrayVar(&customNonce, "custom-nonce", nil, - "the custom nonce field in the claims token. use this flag multiple times to add multiple custom nonces.") -} - -// Lets this command specify event log path. -func addEventLogFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&eventLog, "event-log", "/sys/kernel/security/tpm0/binary_bios_measurements", "specifies the event log file path.") -} - -// Lets this command specify an NVDATA index, for use with nvIndex. -func addIndexFlag(cmd *cobra.Command) { - cmd.PersistentFlags().Uint32Var(&nvIndex, "index", 0, - "NVDATA index, cannot be 0") -} - -// Lets this command specify some number of PCR arguments, check if in range. -func addPCRsFlag(cmd *cobra.Command) { - cmd.PersistentFlags().Var(&pcrsFlag{&pcrs}, "pcrs", "comma separated list of PCR numbers") -} - -// Lets this command specify the public key algorithm. -func addPublicKeyAlgoFlag(cmd *cobra.Command) { - f := algoFlag{&keyAlgo, []tpm2.Algorithm{tpm2.AlgRSA, tpm2.AlgECC}} - cmd.PersistentFlags().Var(&f, "algo", "public key algorithm: "+f.Allowed()) -} - -func addHashAlgoFlag(cmd *cobra.Command, hashAlgo *tpm2.Algorithm) { - f := algoFlag{hashAlgo, []tpm2.Algorithm{tpm2.AlgSHA1, tpm2.AlgSHA256, tpm2.AlgSHA384, tpm2.AlgSHA512}} - cmd.PersistentFlags().Var(&f, "hash-algo", "hash algorithm: "+f.Allowed()) -} - -func addNonceFlag(cmd *cobra.Command) { - cmd.PersistentFlags().BytesHexVar(&nonce, "nonce", []byte{}, "hex encoded nonce for vTPM attestation, cannot be empty") -} - -// Lets this command specify the type of output file (binary or txt) -func addFormatFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&format, "format", "binarypb", "type of output file where attestation report stored ") -} - -func addTeeNonceflag(cmd *cobra.Command) { - cmd.PersistentFlags().BytesHexVar(&teeNonce, "tee-nonce", []byte{}, "hex encoded teenonce for hardware attestation, can be empty") -} - -// alwaysError implements io.ReadWriter by always returning an error -type alwaysError struct { - error -} - -func (ae alwaysError) Write([]byte) (int, error) { - return 0, ae.error -} - -func (ae alwaysError) Read(_ []byte) (n int, err error) { - return 0, ae.error -} - -// Handle to output data file. If there is an issue opening the file, the Writer -// returned will return the error upon any call to Write() -func dataOutput() io.Writer { - if output == "" { - return os.Stdout - } - - file, err := os.Create(output) - if err != nil { - return alwaysError{err} - } - return file -} - -func openForWrite(path string) io.Writer { - if path == "" { - return os.Stdout - } - - file, err := os.Create(path) - if err != nil { - return alwaysError{err} - } - return file -} - -func writeProtoToOutput(message proto.Message) error { - var out []byte - var err error - switch format { - case "binarypb": - out, err = proto.Marshal(message) - if err != nil { - return fmt.Errorf("failed to marshal proto: %v", message) - } - case "textproto": - out = []byte(marshalOptions.Format(message)) - default: - return fmt.Errorf("format should be either binarypb or textproto") - } - if _, err := dataOutput().Write(out); err != nil { - return fmt.Errorf("failed to write attestation report: %v", err) - } - return nil -} - -// Handle to input data file. If there is an issue opening the file, the Reader -// returned will return the error upon any call to Read() -func dataInput() io.Reader { - if input == "" { - return os.Stdin - } - - file, err := os.Open(input) - if err != nil { - return alwaysError{err} - } - return file -} - -var errMustSpecifyPath = errors.New("must specify path to read file") - -func readBytes(path string) ([]byte, error) { - if path == "" { - return nil, errMustSpecifyPath - } - file, err := os.Open(path) - if err != nil { - return nil, err - } - bytes, err := io.ReadAll(file) - if err != nil { - return nil, fmt.Errorf("failed to read proto: %v", err) - } - return bytes, nil -} - -// Reads binarypb file from path -func readProtoFromPath(path string, message proto.Message) error { - requestBytes, err := readBytes(path) - if err != nil { - return fmt.Errorf("failed to read proto: %v", err) - } - - err = proto.Unmarshal(requestBytes, message) - if err != nil { - return fmt.Errorf("failed to unmarshal proto: %v", err) - } - return nil -} - -// Load SRK based on tpm2.Algorithm set in the global flag vars. -func getSRK(rwc io.ReadWriter) (*client.Key, error) { - switch keyAlgo { - case tpm2.AlgRSA: - return client.StorageRootKeyRSA(rwc) - case tpm2.AlgECC: - return client.StorageRootKeyECC(rwc) - default: - panic("unexpected keyAlgo") - } -} - -// Load EK based on tpm2.Algorithm set in the global flag vars. -func getEK(rwc io.ReadWriter) (*client.Key, error) { - switch keyAlgo { - case tpm2.AlgRSA: - return client.EndorsementKeyRSA(rwc) - case tpm2.AlgECC: - return client.EndorsementKeyECC(rwc) - default: - panic("unexpected keyAlgo") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flush.go b/vendor/github.com/google/go-tpm-tools/cmd/flush.go deleted file mode 100644 index cf86e5fd5..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/flush.go +++ /dev/null @@ -1,87 +0,0 @@ -package cmd - -import ( - "fmt" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/spf13/cobra" -) - -var handleNames = map[string][]tpm2.HandleType{ - "all": {tpm2.HandleTypeLoadedSession, tpm2.HandleTypeSavedSession, tpm2.HandleTypeTransient}, - "loaded": {tpm2.HandleTypeLoadedSession}, - "saved": {tpm2.HandleTypeSavedSession}, - "transient": {tpm2.HandleTypeTransient}, - "persistent": {tpm2.HandleTypePersistent}, -} - -var flushCmd = &cobra.Command{ - Use: "flush ", - Short: "Close active handles on the TPM", - Long: `Close some or all currently active handles on the TPM - -Most TPM operations require an active handle, representing some object within -the TPM. However, most TPMs also limit the number of simultaneous active handles -(usually a max of 3). This command allows for "leaked" handles (handles that -have not been properly closed) to be flushed, freeing up memory for new handles -to be used with future TPM operations. - -The TPM can also take an active handle and "persist" it to NVRAM. This frees up -memory for more transient handles. It can also allow for caching the creation of -slow keys (such as the RSA-based EK or SRK). These handles can be evicted from -NVRAM using the "persistent" argument, but are not flushed with "all", as this -can result in data loss (if the persisted key cannot be regenerated). - -Which handles are flushed depends on the argument passed: - loaded - only flush the loaded session handles - saved - only flush the saved session handles - transient - only flush the transient handles - all - flush all loaded, saved, and transient handles - persistent - only evict the persistent handles`, - ValidArgs: func() []string { - // The keys from the handleNames map are our valid arguments - keys := make([]string, len(handleNames)) - for k := range handleNames { - keys = append(keys, k) - } - return keys - }(), - Args: cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs), - RunE: func(_ *cobra.Command, args []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - totalHandles := 0 - for _, handleType := range handleNames[args[0]] { - handles, err := client.Handles(rwc, handleType) - if err != nil { - return fmt.Errorf("getting handles: %w", err) - } - for _, handle := range handles { - if handleType == tpm2.HandleTypePersistent { - if err = tpm2.EvictControl(rwc, "", tpm2.HandleOwner, handle, handle); err != nil { - return fmt.Errorf("evicting handle 0x%x: %w", handle, err) - } - fmt.Fprintf(debugOutput(), "Handle 0x%x evicted\n", handle) - } else { - if err = tpm2.FlushContext(rwc, handle); err != nil { - return fmt.Errorf("flushing handle 0x%x: %w", handle, err) - } - fmt.Fprintf(debugOutput(), "Handle 0x%x flushed\n", handle) - } - totalHandles++ - } - } - - fmt.Fprintf(messageOutput(), "%d handles flushed\n", totalHandles) - return nil - }, -} - -func init() { - RootCmd.AddCommand(flushCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go b/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go deleted file mode 100644 index e984644d5..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/flush_test.go +++ /dev/null @@ -1,48 +0,0 @@ -package cmd - -import ( - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/legacy/tpm2" -) - -func TestFlushNothing(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - RootCmd.SetArgs([]string{"flush", "all", "--quiet"}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } -} - -func TestFlush(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - RootCmd.SetArgs([]string{"flush", "transient", "--quiet"}) - - // Loads then flushes 1, 2, 3 transient handles. - for numHandles := 1; numHandles <= 3; numHandles++ { - for i := 0; i < numHandles; i++ { - test.LoadRandomExternalKey(t, rwc) - } - - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - - // Ensure there are no active handles after that. - h, err := client.Handles(rwc, tpm2.HandleTypeTransient) - if err != nil { - t.Fatal(err) - } - if len(h) != 0 { - t.Errorf("TPM should be empty of transient handles; got: %d; want: 0", len(h)) - } - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/go.mod b/vendor/github.com/google/go-tpm-tools/cmd/go.mod deleted file mode 100644 index eb10bc3b4..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/go.mod +++ /dev/null @@ -1,72 +0,0 @@ -module github.com/google/go-tpm-tools/cmd - -go 1.23.0 - -toolchain go1.24.4 - -require ( - cloud.google.com/go/compute/metadata v0.8.0 - cloud.google.com/go/logging v1.13.0 - github.com/golang-jwt/jwt/v4 v4.5.1 - github.com/golang/protobuf v1.5.4 - github.com/google/gce-tcb-verifier v0.3.1 - github.com/google/gce-tcb-verifier/gcetcbendorsement v0.0.0-20250301004354-d18ce1139be2 - github.com/google/go-configfs-tsm v0.3.3 - github.com/google/go-sev-guest v0.14.0 - github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 - github.com/google/go-tpm v0.9.6 - github.com/google/go-tpm-tools v0.4.4 - github.com/google/go-tpm-tools/verifier v0.4.4 - github.com/spf13/cobra v1.8.1 - golang.org/x/oauth2 v0.30.0 - google.golang.org/api v0.247.0 - google.golang.org/grpc v1.74.2 - google.golang.org/protobuf v1.36.7 -) - -require ( - cloud.google.com/go v0.120.0 // indirect - cloud.google.com/go/auth v0.16.4 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect - cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 // indirect - cloud.google.com/go/longrunning v0.6.7 // indirect - github.com/cyphar/filepath-securejoin v0.2.5 // indirect - github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-logr/logr v1.4.3 // indirect - github.com/go-logr/stdr v1.2.2 // indirect - github.com/google/certificate-transparency-go v1.1.2 // indirect - github.com/google/go-attestation v0.5.1 // indirect - github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba // indirect - github.com/google/go-tspi v0.3.0 // indirect - github.com/google/logger v1.1.1 // indirect - github.com/google/s2a-go v0.1.9 // indirect - github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect - github.com/googleapis/gax-go/v2 v2.15.0 // indirect - github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/spf13/pflag v1.0.5 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect - go.opentelemetry.io/otel v1.36.0 // indirect - go.opentelemetry.io/otel/metric v1.36.0 // indirect - go.opentelemetry.io/otel/trace v1.36.0 // indirect - go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/term v0.34.0 // indirect - golang.org/x/text v0.28.0 // indirect - golang.org/x/time v0.12.0 // indirect - google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect -) - -replace ( - github.com/google/go-tpm-tools v0.4.4 => ../ - github.com/google/go-tpm-tools/verifier v0.4.4 => ../verifier -) diff --git a/vendor/github.com/google/go-tpm-tools/cmd/go.sum b/vendor/github.com/google/go-tpm-tools/cmd/go.sum deleted file mode 100644 index 5b4d94d33..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/go.sum +++ /dev/null @@ -1,1342 +0,0 @@ -bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= -bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA= -cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q= -cloud.google.com/go/auth v0.16.4 h1:fXOAIQmkApVvcIn7Pc2+5J8QTMVbUGLscnSVNl11su8= -cloud.google.com/go/auth v0.16.4/go.mod h1:j10ncYwjX/g3cdX7GpEzsdM+d+ZNsXAbb6qXA7p1Y5M= -cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= -cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute/metadata v0.8.0 h1:HxMRIbao8w17ZX6wBnjhcDkW6lTFpgcaobyVfZWqRLA= -cloud.google.com/go/compute/metadata v0.8.0/go.mod h1:sYOGTp851OV9bOFJ9CH7elVvyzopvWQFNNghtDQ/Biw= -cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 h1:5sgtvzlC80YG1mSB535USESeIQBbpKXMMFzwcIIDX2M= -cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8/go.mod h1:u2iGBWSZ9hlgQAwwpwoz2U9V4UBYRysd/vAW7Tg7WPI= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= -cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= -cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= -cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= -cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE= -cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY= -cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= -cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= -cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= -code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= -contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= -contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= -contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= -contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= -contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= -contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= -contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= -github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= -github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= -github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= -github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= -github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= -github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= -github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= -github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= -github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= -github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= -github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= -github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= -github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= -github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= -github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= -github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= -github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= -github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= -github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= -github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= -github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= -github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= -github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= -github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= -github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= -github.com/google/gce-tcb-verifier v0.3.1 h1:4L9YgkOtqC2U7cj4FofCUufHFCCpdD4Y0yPKI8UhOhI= -github.com/google/gce-tcb-verifier v0.3.1/go.mod h1:GZCDLQxmEOCqUTL2BMB/zjo+hgXdUrR0Wgwz1OrwRYg= -github.com/google/gce-tcb-verifier/gcetcbendorsement v0.0.0-20250301004354-d18ce1139be2 h1:YIKgTgpvaZzKUqRvuR2UOHKTFGkcjVJNqsiPJ34xYAE= -github.com/google/gce-tcb-verifier/gcetcbendorsement v0.0.0-20250301004354-d18ce1139be2/go.mod h1:3timRtslAwP7Y/trlNQQ/pECZNZ39wV69igL41ngASs= -github.com/google/go-attestation v0.5.1 h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms= -github.com/google/go-attestation v0.5.1/go.mod h1:KqGatdUhg5kPFkokyzSBDxwSCFyRgIgtRkMp6c3lOBQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-configfs-tsm v0.3.3 h1:8mrlZLYrFFxyc8PFpT1piBUFDEYBVsBjAkFCwqQ2f9Y= -github.com/google/go-configfs-tsm v0.3.3/go.mod h1:in2lmJDGaYEiPOJY4vlq4lGXjkR/GcxN1k7o5oR2qn0= -github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba h1:05m5+kgZjxYUZrx3bZfkKHl6wkch+Khao6N21rFHInk= -github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= -github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= -github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= -github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= -github.com/google/go-sev-guest v0.14.0 h1:dCb4F3YrHTtrDX3cYIPTifEDz7XagZmXQioxRBW4wOo= -github.com/google/go-sev-guest v0.14.0/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= -github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= -github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= -github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= -github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= -github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= -github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= -github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= -github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= -github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= -github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= -github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= -github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= -github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= -github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= -github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= -github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= -github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= -github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= -github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= -github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= -github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= -github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= -github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= -github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= -github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= -github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= -github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= -github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= -github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= -github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= -github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= -github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= -github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= -github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= -github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= -github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= -github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= -github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= -github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= -github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= -github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= -github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= -github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= -github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= -go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= -go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= -go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= -go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= -go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= -go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= -go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= -go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= -go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= -go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= -go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= -go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= -go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= -golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4= -golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.247.0 h1:tSd/e0QrUlLsrwMKmkbQhYVa109qIintOls2Wh6bngc= -google.golang.org/api v0.247.0/go.mod h1:r1qZOPmxXffXg6xS5uhx16Fa/UFY8QU/K4bfKrnvovM= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= -google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= -google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= -google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= -google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= -gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= -gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= -gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= -gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go b/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go deleted file mode 100644 index da17469cd..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/gotpm/main.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package main is a binary wrapper package around cmd. -package main - -import ( - "fmt" - "os" - "runtime/debug" - - "github.com/google/go-tpm-tools/cmd" -) - -// GoReleaser will populates those fields -// https://goreleaser.com/cookbooks/using-main.version/ -var ( - version = "dev" - commit = "none" - date = "unknown" -) - -var ( - tdxGuestVersion = "unknown" - sevGuestVersion = "unknown" - sevGuest = "github.com/google/go-sev-guest" - tdxGuest = "github.com/google/go-tdx-guest" -) - -func main() { - if info, ok := debug.ReadBuildInfo(); ok { - for _, dep := range info.Deps { - switch dep.Path { - case sevGuest: - sevGuestVersion = dep.Version - case tdxGuest: - tdxGuestVersion = dep.Version - } - } - } - - cmd.RootCmd.Version = fmt.Sprintf("%s, commit %s, built at %s\n- go-sev-guest version %s\n- go-tdx-guest version %s", - version, commit, date, tdxGuestVersion, sevGuestVersion) - - if cmd.RootCmd.Execute() != nil { - os.Exit(1) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open.go b/vendor/github.com/google/go-tpm-tools/cmd/open.go deleted file mode 100644 index 78658a516..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/open.go +++ /dev/null @@ -1,44 +0,0 @@ -package cmd - -import ( - "fmt" - "io" - - "github.com/google/go-tpm-tools/client" -) - -// ExternalTPM can be set to run tests against an TPM initialized by an -// external package (like the simulator). Setting this value will make all -// gotpm commands run against it, and will prevent the cmd package from -// closing the TPM. Setting this value and closing the TPM must be managed -// by the external package. -// ExternalTPM can have a TPM simulator or a real TPM. -var ExternalTPM io.ReadWriter - -// extTPMWrapper is designed to wrap the ExternalTPM to provide some overriding -// functions. -type extTPMWrapper struct { - io.ReadWriter -} - -// Close is no-op for extTPMWrapper to prevent it closing the underlying simulator. -func (et extTPMWrapper) Close() error { - return nil -} - -// EventLog is a workaround so the caller can call the underlying EventLogGetter function -// of the underlying TPM. -func (et extTPMWrapper) EventLog() ([]byte, error) { - return client.GetEventLog(et.ReadWriter) -} - -func openTpm() (io.ReadWriteCloser, error) { - if ExternalTPM != nil { - return extTPMWrapper{ExternalTPM}, nil - } - rwc, err := openImpl() - if err != nil { - return nil, fmt.Errorf("connecting to TPM: %w", err) - } - return rwc, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open_other.go b/vendor/github.com/google/go-tpm-tools/cmd/open_other.go deleted file mode 100644 index 353928aa8..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/open_other.go +++ /dev/null @@ -1,43 +0,0 @@ -//go:build !windows -// +build !windows - -package cmd - -import ( - "io" - "os" - - "github.com/google/go-tpm/legacy/tpm2" -) - -var tpmPath string - -// tpmWrapper wraps a TPM io.ReadWriteCloser that implements client.EventLogGetter. -type tpmWrapper struct { - io.ReadWriteCloser -} - -// EventLog fetches the event log specified by the event-log flag. -func (et tpmWrapper) EventLog() ([]byte, error) { - return os.ReadFile(eventLog) -} - -func init() { - RootCmd.PersistentFlags().StringVar(&tpmPath, "tpm-path", "", - "path to TPM device (defaults to /dev/tpmrm0 then /dev/tpm0)") -} - -// On Linux, we have to pass in the TPM path though a flag -func openImpl() (tpmWrapper, error) { - tw := tpmWrapper{} - var err error - if tpmPath == "" { - tw.ReadWriteCloser, err = tpm2.OpenTPM("/dev/tpmrm0") - if os.IsNotExist(err) { - tw.ReadWriteCloser, err = tpm2.OpenTPM("/dev/tpm0") - } - return tw, err - } - tw.ReadWriteCloser, err = tpm2.OpenTPM(tpmPath) - return tw, err -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go b/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go deleted file mode 100644 index 8bfc9131a..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/open_windows.go +++ /dev/null @@ -1,12 +0,0 @@ -package cmd - -import ( - "io" - - "github.com/google/go-tpm/legacy/tpm2" -) - -// There is no need for flags on Windows, as there is no concept of a TPM path. -func openImpl() (io.ReadWriteCloser, error) { - return tpm2.OpenTPM() -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go b/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go deleted file mode 100644 index 70dca8fe4..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/pubkey.go +++ /dev/null @@ -1,134 +0,0 @@ -package cmd - -import ( - "crypto" - "crypto/x509" - "encoding/pem" - "fmt" - "io" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/legacy/tpm2" - directtpm2 "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" - "github.com/spf13/cobra" -) - -var keyFormat string - -func addKeyFormatFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&keyFormat, "key-format", "pem", "type of format for the outputted key, defaults to pem, but can also specify tpmt-public") -} - -var hierarchyNames = map[string]tpmutil.Handle{ - "endorsement": tpm2.HandleEndorsement, - "owner": tpm2.HandleOwner, - "platform": tpm2.HandlePlatform, - "null": tpm2.HandleNull, -} - -var pubkeyCmd = &cobra.Command{ - Use: "pubkey ", - Short: "Retrieve a public key from the TPM", - Long: `Get the PEM-formatted public component of a TPM's primary key - -A TPM can create a primary asymmetric key in one of 4 hierarchies: - endorsement - used for remote attestation, privacy sensitive - owner - used for local signing/encryption, reset on TPM2_Clear - platform - rarely used - null - all keys are ephemeral, reset on every boot - -Furthermore, this key is based on a template containing parameters like -algorithms and key sizes. By default, this command uses a standard template -defined in the TPM2 spec. If --index is provided, the template is read from -NVDATA instead (and --algo is ignored).`, - ValidArgs: func() []string { - // The keys from the hierarchyNames map are our valid arguments - keys := make([]string, len(hierarchyNames)) - for k := range hierarchyNames { - keys = append(keys, k) - } - return keys - }(), - Args: cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs), - RunE: func(_ *cobra.Command, args []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - key, err := getKey(rwc, hierarchyNames[args[0]], keyAlgo) - if err != nil { - return err - } - defer key.Close() - - if keyFormat == "pem" { - return writeKey(key.PublicKey()) - } - if keyFormat == "tpmt-public" { - encoded, err := key.PublicArea().Encode() - if err != nil { - return fmt.Errorf("failed to encode public area: %v", err) - } - _, err = dataOutput().Write(encoded) - if err != nil { - return fmt.Errorf("failed to write key: %v", err) - } - return nil - } - return fmt.Errorf("key format must be either pem or tpmt-public") - - }, -} - -func init() { - RootCmd.AddCommand(pubkeyCmd) - addIndexFlag(pubkeyCmd) - addOutputFlag(pubkeyCmd) - addPublicKeyAlgoFlag(pubkeyCmd) - addKeyFormatFlag(pubkeyCmd) -} - -func getKey(rw io.ReadWriter, hierarchy tpmutil.Handle, _ tpm2.Algorithm) (*client.Key, error) { - fmt.Fprintf(debugOutput(), "Using hierarchy 0x%x\n", hierarchy) - if nvIndex != 0 { - fmt.Fprintf(debugOutput(), "Reading from NVDATA index %d\n", nvIndex) - return client.KeyFromNvIndex(rw, hierarchy, nvIndex) - } - - switch hierarchy { - case tpm2.HandleEndorsement: - return getEK(rw) - case tpm2.HandleOwner: - return getSRK(rw) - default: - return nil, fmt.Errorf("there is no default key for the given hierarchy: 0x%x", hierarchy) - } -} - -func writeKey(pubKey crypto.PublicKey) error { - fmt.Fprintf(debugOutput(), "Got key: %+v\n", pubKey) - asn1Bytes, err := x509.MarshalPKIXPublicKey(pubKey) - if err != nil { - return err - } - - return pem.Encode(dataOutput(), &pem.Block{ - Type: "PUBLIC KEY", - Bytes: asn1Bytes, - }) -} - -func readTPMTPublic(rw io.Reader) (*directtpm2.TPMTPublic, error) { - data, err := io.ReadAll(rw) - if err != nil { - return nil, fmt.Errorf("failed to read public key: %v", err) - } - tPublic, err := directtpm2.Unmarshal[directtpm2.TPMTPublic](data) - if err != nil { - return nil, fmt.Errorf("failed to unmarshal public area: %v", err) - } - return tPublic, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/read.go b/vendor/github.com/google/go-tpm-tools/cmd/read.go deleted file mode 100644 index e2c8b671d..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/read.go +++ /dev/null @@ -1,108 +0,0 @@ -package cmd - -import ( - "errors" - "fmt" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" - "github.com/spf13/cobra" -) - -var readCmd = &cobra.Command{ - Use: "read ", - Short: "Read from the TPM", - Long: `Read from the TPM`, - Args: cobra.NoArgs, -} - -var pcrHashAlgo = tpm2.AlgUnknown - -var pcrCmd = &cobra.Command{ - Use: "pcr", - Short: "Read PCRs from the TPM", - Long: `Read PCRs from the TPM - -Based on --hash-algo and --pcrs flags, read the contents of the TPM's PCRs. - -If --hash-algo is not provided, all banks of PCRs will be read. -If --pcrs is not provided, all PCRs are read for that hash algorithm.`, - Args: cobra.NoArgs, - RunE: func(*cobra.Command, []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - if pcrHashAlgo != tpm2.AlgUnknown { - sel := tpm2.PCRSelection{Hash: pcrHashAlgo, PCRs: pcrs} - if len(sel.PCRs) == 0 { - sel = client.FullPcrSel(sel.Hash) - } - - fmt.Fprintf(debugOutput(), "Reading %v PCRs (%v)\n", sel.Hash, sel.PCRs) - pcrs, err := client.ReadPCRs(rwc, sel) - if err != nil { - return err - } - return internal.FormatPCRs(dataOutput(), pcrs) - } - if len(pcrs) != 0 { - return errors.New("--hash-algo must be used with --pcrs") - } - - fmt.Fprintln(debugOutput(), "Reading all PCRs") - banks, err := client.ReadAllPCRs(rwc) - if err != nil { - return err - } - - for _, bank := range banks { - if err = internal.FormatPCRs(dataOutput(), bank); err != nil { - return err - } - } - return nil - }, -} - -var nvReadCmd = &cobra.Command{ - Use: "nvdata", - Short: "Read TPM NVData", - Long: `Read NVData at a particular NVIndex - -Based on the --index flag, this reads all of the NVData present at that NVIndex. -The read is authenticated with the owner hierarchy and an empty password.`, - Args: cobra.NoArgs, - RunE: func(*cobra.Command, []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - data, err := tpm2.NVReadEx(rwc, tpmutil.Handle(nvIndex), tpm2.HandleOwner, "", 0) - if err != nil { - return err - } - if _, err := dataOutput().Write(data); err != nil { - return fmt.Errorf("cannot output NVData: %w", err) - } - return nil - }, -} - -func init() { - RootCmd.AddCommand(readCmd) - readCmd.AddCommand(pcrCmd) - readCmd.AddCommand(nvReadCmd) - addOutputFlag(pcrCmd) - addPCRsFlag(pcrCmd) - addHashAlgoFlag(pcrCmd, &pcrHashAlgo) - addIndexFlag(nvReadCmd) - nvReadCmd.MarkPersistentFlagRequired("index") - addOutputFlag(nvReadCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/register.go b/vendor/github.com/google/go-tpm-tools/cmd/register.go deleted file mode 100644 index 09edab42a..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/register.go +++ /dev/null @@ -1,138 +0,0 @@ -package cmd - -import ( - "fmt" - - "github.com/google/go-tpm-tools/client" - tpb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm-tools/server" - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpm2/transport" - "github.com/spf13/cobra" -) - -// This file implements TPM registration which for now is only used for SVSM e-vTPMs. -// It uses https://trustedcomputinggroup.org/wp-content/uploads/EK-Based-Key-Attestation-with-TPM-Firmware-Version-V1-RC1_9July2025.pdf#page=8 -// which we call as import certify. -// ActivateCredential is not implemented yet. - -var registerCmd = &cobra.Command{ - Use: "register", - Short: "Register an SVSM TPM AK", - Long: "Given an EK, we'll register a corresponding AK and prove that it's on the same TPM as the EK.", - Args: cobra.NoArgs, -} - -var ( - secretOut string - secretIn string -) - -func addSecretInputFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&secretIn, "secret-input", "", - "specifies path to read the secret that was generated from create-challenge") -} - -func addSecretOutputFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&secretOut, "secret-output", "", - "specifies path to write the secret to") -} - -var createChallengeCmd = &cobra.Command{ - Use: "create-challenge", - Short: "Create a challenge for the client to register the EK", - Long: `Given an EK public key in TPM2 wire format, create a challenge for the client - to register the EK. and save the ChallengeSecret but don't share it with the - client.`, - Args: cobra.NoArgs, - RunE: func(_ *cobra.Command, _ []string) error { - ekpub, err := readTPMTPublic(dataInput()) - if err != nil { - return err - } - - challenge, secret, err := server.CreateRestrictedHMACBlob(ekpub) - if err != nil { - return fmt.Errorf("could not create challenge: %s", err) - } - writeProtoToOutput(challenge) - _, err = openForWrite(secretOut).Write(secret) - if err != nil { - return fmt.Errorf("could not write secret: %s", err) - } - - return nil - }, -} - -var solveChallengeCmd = &cobra.Command{ - Use: "solve-challenge", - Short: "Solve a challenge from the TPM EK", - Args: cobra.NoArgs, - RunE: func(_ *cobra.Command, _ []string) error { - challenge := &tpb.ImportBlob{} - err := readProtoFromPath(input, challenge) - if err != nil { - return fmt.Errorf("could not read challenge: %s", err) - } - - rwc, err := openImpl() - if err != nil { - return fmt.Errorf("could not open TPM: %s", err) - } - defer rwc.Close() - tpm := transport.FromReadWriter(rwc) - solved, err := client.CreateCertifiedAKBlob(tpm, challenge, tpm2.TPMAlgID(keyAlgo)) - if err != nil { - return fmt.Errorf("could not solve challenge: %s", err) - } - writeProtoToOutput(solved) - return nil - }, -} - -var verifyChallengeCmd = &cobra.Command{ - Use: "verify-challenge", - Short: "Verify a challenge for the SVSM TPM's EK and its binding to the SNP attestation report", - Args: cobra.NoArgs, - RunE: func(_ *cobra.Command, _ []string) error { - blob := &tpb.CertifiedBlob{} - err := readProtoFromPath(input, blob) - if err != nil { - return err - } - - if secretIn == "" { - return fmt.Errorf("secret-input must be specified") - } - secret, err := readBytes(secretIn) - if err != nil { - return fmt.Errorf("could not read secret: %s", err) - } - - err = server.VerifyCertifiedAKBlob(blob, secret) - if err != nil { - return fmt.Errorf("could not verify attestation: %s", err) - } - return nil - }, -} - -func init() { - RootCmd.AddCommand(registerCmd) - challengeCommands := []*cobra.Command{ - createChallengeCmd, - solveChallengeCmd, - verifyChallengeCmd, - } - for _, cmd := range challengeCommands { - registerCmd.AddCommand(cmd) - addOutputFlag(cmd) - addFormatFlag(cmd) - addInputFlag(cmd) - } - - addSecretOutputFlag(createChallengeCmd) - addSecretInputFlag(verifyChallengeCmd) - addPublicKeyAlgoFlag(solveChallengeCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/root.go b/vendor/github.com/google/go-tpm-tools/cmd/root.go deleted file mode 100644 index 618b679df..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/root.go +++ /dev/null @@ -1,61 +0,0 @@ -// Package cmd contains a CLI to interact with TPM. -package cmd - -import ( - "fmt" - "io" - "os" - - "github.com/spf13/cobra" - "google.golang.org/protobuf/encoding/prototext" -) - -// RootCmd is the entrypoint for gotpm. -var RootCmd = &cobra.Command{ - Use: "gotpm", - Long: `Command line tool for the go-tpm TSS - -This tool allows performing TPM2 operations from the command line. -See the per-command documentation for more information.`, - PersistentPreRunE: func(cmd *cobra.Command, _ []string) error { - if quiet && verbose { - return fmt.Errorf("cannot specify both --quiet and --verbose") - } - cmd.SilenceUsage = true - return nil - }, -} - -var ( - quiet bool - verbose bool -) - -func init() { - RootCmd.PersistentFlags().BoolVar(&quiet, "quiet", false, - "print nothing if command is successful") - RootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, - "print additional info to stdout") - hideHelp(RootCmd) -} - -func messageOutput() io.Writer { - if quiet { - return io.Discard - } - return os.Stdout -} - -func debugOutput() io.Writer { - if verbose { - return os.Stdout - } - return io.Discard -} - -// Default Text Marshalling options -var marshalOptions = prototext.MarshalOptions{ - Multiline: true, - EmitASCII: true, -} -var unmarshalOptions = prototext.UnmarshalOptions{} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/seal.go b/vendor/github.com/google/go-tpm-tools/cmd/seal.go deleted file mode 100644 index a253e799a..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/seal.go +++ /dev/null @@ -1,146 +0,0 @@ -package cmd - -import ( - "fmt" - "io" - - "github.com/spf13/cobra" - - "github.com/google/go-tpm-tools/client" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" -) - -var sealHashAlgo = tpm2.AlgSHA256 - -var sealCmd = &cobra.Command{ - Use: "seal", - Short: "Seal some data to the TPM", - Long: `Encrypt the input data using the TPM - -TPMs support a "sealing" operation that allows some secret data to be encrypted -by a particular TPM. This data can only be decrypted by the same TPM that did -the encryption. - -Optionally (using the --pcrs flag), this decryption can be furthur restricted to -only work if certain Platform Control Registers (PCRs) are in the correct state. -This allows a key (i.e. a disk encryption key) to be bound to specific machine -state (like Secure Boot).`, - Args: cobra.NoArgs, - RunE: func(*cobra.Command, []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - fmt.Fprintln(debugOutput(), "Loading SRK") - srk, err := getSRK(rwc) - if err != nil { - return err - } - defer srk.Close() - - fmt.Fprintln(debugOutput(), "Reading sealed data") - secret, err := io.ReadAll(dataInput()) - if err != nil { - return err - } - - fmt.Fprintf(debugOutput(), "Sealing to PCRs: %v\n", pcrs) - opts := client.SealOpts{Current: tpm2.PCRSelection{ - Hash: sealHashAlgo, - PCRs: pcrs}} - sealed, err := srk.Seal(secret, opts) - if err != nil { - return fmt.Errorf("sealing data: %w", err) - } - - fmt.Fprintln(debugOutput(), "Writing sealed data") - var output []byte - if output, err = marshalOptions.Marshal(sealed); err != nil { - return err - } - if _, err = dataOutput().Write(output); err != nil { - return err - } - fmt.Fprintf(debugOutput(), "Sealed data to PCRs: %v\n", pcrs) - return nil - }, -} - -var unsealCmd = &cobra.Command{ - Use: "unseal", - Short: "Unseal some data previously sealed to the TPM", - Long: `Decrypt the input data using the TPM - -The opposite of "gotpm seal". This takes in some sealed input and decrypts it -using the TPM. This operation will fail if used on a different TPM, or if the -Platform Control Registers (PCRs) are in the incorrect state. - -All the necessary data to decrypt the sealed input is present in the input blob. -We do not need to specify the PCRs used for unsealing. - -We do support an optional "certification" process. A list of PCRs may be -provided with --pcrs, and the unwrapping will fail if the PCR values when -sealing differ from the current PCR values. This allows for verification of the -machine state when sealing took place. -`, - Args: cobra.NoArgs, - RunE: func(*cobra.Command, []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - fmt.Fprintln(debugOutput(), "Reading sealed data") - data, err := io.ReadAll(dataInput()) - if err != nil { - return err - } - var sealed pb.SealedBytes - if err := unmarshalOptions.Unmarshal(data, &sealed); err != nil { - return err - } - - fmt.Fprintln(debugOutput(), "Loading SRK") - keyAlgo = tpm2.Algorithm(sealed.GetSrk()) - srk, err := getSRK(rwc) - if err != nil { - return err - } - defer srk.Close() - - fmt.Fprintln(debugOutput(), "Unsealing data") - - opts := client.UnsealOpts{CertifyCurrent: tpm2.PCRSelection{ - Hash: client.CertifyHashAlgTpm, - PCRs: pcrs}} - secret, err := srk.Unseal(&sealed, opts) - if err != nil { - return fmt.Errorf("unsealing data: %w", err) - } - - fmt.Fprintln(debugOutput(), "Writing secret data") - if _, err := dataOutput().Write(secret); err != nil { - return fmt.Errorf("writing secret data: %w", err) - } - fmt.Fprintln(debugOutput(), "Unsealed data using TPM") - return nil - }, -} - -func init() { - RootCmd.AddCommand(sealCmd) - RootCmd.AddCommand(unsealCmd) - addInputFlag(sealCmd) - addInputFlag(unsealCmd) - addOutputFlag(sealCmd) - addOutputFlag(unsealCmd) - // PCRs and hash algorithm only used for sealing - addPCRsFlag(sealCmd) - addHashAlgoFlag(sealCmd, &sealHashAlgo) - addPCRsFlag(unsealCmd) - addPublicKeyAlgoFlag(sealCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go b/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go deleted file mode 100644 index 7ebf499ae..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/seal_test.go +++ /dev/null @@ -1,147 +0,0 @@ -package cmd - -import ( - "bytes" - "crypto/sha256" - "os" - "strconv" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -func makeTempFile(tb testing.TB, content []byte) string { - tb.Helper() - file, err := os.CreateTemp("", "gotpm_test_*.txt") - if err != nil { - tb.Fatal(err) - } - defer file.Close() - if content != nil { - if _, err := file.Write(content); err != nil { - tb.Fatal(err) - } - } - return file.Name() -} - -func TestSealPlain(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - operations := []struct { - name string - algo string - sealPCRs string - certifyPCRs string - }{ - {"RSASeal", "rsa", "", ""}, - {"ECCSeal", "ecc", "", ""}, - {"RSASealWithPCR", "rsa", "7", ""}, - {"ECCSealWithPCR", "ecc", "7", ""}, - {"RSACertifyWithPCR", "rsa", "", "7"}, - {"ECCCertifyWithPCR", "ecc", "", "7"}, - {"RSASealAndCertifyWithPCR", "rsa", "7,8", "1"}, - {"ECCSealAndCertifyWithPCR", "ecc", "7", "7,23"}, - } - for _, op := range operations { - t.Run(op.name, func(t *testing.T) { - secretIn := []byte("Hello") - secretFile1 := makeTempFile(t, secretIn) - defer os.Remove(secretFile1) - sealedFile := makeTempFile(t, nil) - defer os.Remove(sealedFile) - secretFile2 := makeTempFile(t, nil) - defer os.Remove(secretFile2) - - sealArgs := []string{"seal", "--quiet", "--input", secretFile1, "--output", sealedFile} - if op.sealPCRs != "" { - sealArgs = append(sealArgs, "--pcrs", op.sealPCRs) - } - if op.algo != "" { - sealArgs = append(sealArgs, "--algo", op.algo) - } - RootCmd.SetArgs(sealArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - pcrs = []int{} // "flush" pcrs value in last Execute() cmd - - unsealArgs := []string{"unseal", "--quiet", "--input", sealedFile, "--output", secretFile2} - if op.certifyPCRs != "" { - unsealArgs = append(unsealArgs, "--pcrs", op.certifyPCRs) - } - RootCmd.SetArgs(unsealArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - secretOut, err := os.ReadFile(secretFile2) - if err != nil { - t.Fatal(err) - } - if !bytes.Equal(secretIn, secretOut) { - t.Errorf("Expected %s, got %s", secretIn, secretOut) - } - }) - } -} - -func TestUnsealFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - extension := bytes.Repeat([]byte{0xAA}, sha256.Size) - - sealPCR := test.DebugPCR - certPCR := test.ApplicationPCR - operations := []struct { - name string - sealPCRs string - certifyPCRs string - pcrToExtend []int - }{ - // TODO(joerichey): Add test that TPM2_Reset make unsealing fail - {"ExtendPCRAndUnseal", strconv.Itoa(sealPCR), "", []int{sealPCR}}, - {"ExtendPCRAndCertify", strconv.Itoa(sealPCR), strconv.Itoa(certPCR), []int{certPCR}}, - {"ExtendPCRAndCertify2", "", strconv.Itoa(certPCR), []int{certPCR}}, - } - for _, op := range operations { - t.Run(op.name, func(t *testing.T) { - secretIn := []byte("Hello") - secretFile := makeTempFile(t, secretIn) - defer os.Remove(secretFile) - sealedFile := makeTempFile(t, nil) - defer os.Remove(sealedFile) - - sealArgs := []string{"seal", "--quiet", "--input", secretFile, "--output", sealedFile} - if op.sealPCRs != "" { - sealArgs = append(sealArgs, "--pcrs", op.sealPCRs) - } - RootCmd.SetArgs(sealArgs) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - pcrs = []int{} // "flush" pcrs value in last Execute() cmd - - for _, pcr := range op.pcrToExtend { - pcrHandle := tpmutil.Handle(pcr) - if err := tpm2.PCRExtend(rwc, pcrHandle, tpm2.AlgSHA256, extension, ""); err != nil { - t.Fatal(err) - } - } - - unsealArgs := []string{"unseal", "--quiet", "--input", sealedFile, "--output", secretFile} - if op.certifyPCRs != "" { - unsealArgs = append(unsealArgs, "--pcrs", op.certifyPCRs) - } - RootCmd.SetArgs(unsealArgs) - if RootCmd.Execute() == nil { - t.Error("Unsealing should have failed") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/svsm_test.go b/vendor/github.com/google/go-tpm-tools/cmd/svsm_test.go deleted file mode 100644 index 0ce4fd555..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/svsm_test.go +++ /dev/null @@ -1,277 +0,0 @@ -package cmd - -import ( - "crypto/sha512" - "fmt" - "os" - "strconv" - "strings" - "testing" - - epb "github.com/google/gce-tcb-verifier/proto/endorsement" - "github.com/google/go-configfs-tsm/configfs/configfsi" - "github.com/google/go-configfs-tsm/configfs/faketsm" - sabi "github.com/google/go-sev-guest/abi" - sevpb "github.com/google/go-sev-guest/proto/sevsnp" - sgtest "github.com/google/go-sev-guest/testing" - "github.com/google/go-sev-guest/validate" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "google.golang.org/protobuf/encoding/prototext" - "google.golang.org/protobuf/proto" -) - -func TestMakeSVSNPSVSMAttestation(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ak, err := client.AttestationKeyECC(rwc) - if err != nil { - t.Fatalf("failed to create ak: %v", err) - } - defer ak.Close() - akPubBytes, err := ak.PublicArea().Encode() - if err != nil { - t.Fatalf("failed to encode ak pub: %v", err) - } - - var nonce = [16]byte{0} - attestation, err := ak.Attest(client.AttestOpts{ - SkipTeeAttestation: true, - Nonce: nonce[:], - }) - if err != nil { - t.Fatalf("failed to create attestation: %v", err) - } - - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to get EK: %v", err) - } - defer ek.Close() - ekBytes, err := ek.PublicArea().Encode() - if err != nil { - t.Fatalf("failed to encode EK pub: %v", err) - } - - var snpNonce [sabi.ReportDataSize]byte - h := sha512.New() - h.Write(snpNonce[:]) - h.Write(ekBytes) - measurement := [48]byte{0} - - configfs := makeFakeConfigfs(h.Sum(nil), ekBytes, 0, measurement[:]) - svsmAttestation, err := makeSEVSNPSVSMAttestation(attestation, &sevSNPSVSMAttestationOpts{ - TEENonce: snpNonce[:], - CongfigfsClient: configfs, - VTPMServiceManifestVersion: "0", - }) - if err != nil { - t.Fatalf("failed to make SVSM attestation: %v", err) - } - - endorsement, err := makeEndorsement(measurement[:]) - if err != nil { - t.Fatalf("failed to make endorsement: %v", err) - } - svsmAttestation.LaunchEndorsement = endorsement - err = verifySEVSNPSVSMAttestation(verifySEVSNPSVSMOpts{ - TEENonce: snpNonce[:], - AKPub: akPubBytes, - EKPub: ekBytes, - SevValidateOpts: &validate.Options{GuestPolicy: sabi.SnpPolicy{ - SMT: true, - Debug: true, - }}, - }, svsmAttestation) - if err != nil { - t.Fatalf("failed to verify svsm attestation: %v", err) - } -} - -func makeEndorsement(measurement []byte) ([]byte, error) { - golden := &epb.VMGoldenMeasurement{ - SevSnp: &epb.VMSevSnp{ - SvsmMeasurement: measurement, - }, - } - data, err := proto.Marshal(golden) - if err != nil { - return nil, fmt.Errorf("failed to marshal golden measurement: %w", err) - } - launchEndorsement := &epb.VMLaunchEndorsement{SerializedUefiGolden: data} - return proto.Marshal(launchEndorsement) -} - -func TestSVSMAttestationsErrors(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyECC(rwc) - if err != nil { - t.Fatalf("failed to create ak: %v", err) - } - defer ak.Close() - akPubBytes, err := ak.PublicArea().Encode() - if err != nil { - t.Fatalf("failed to encode ak pub: %v", err) - } - - var nonce = [16]byte{0} - attestation, err := ak.Attest(client.AttestOpts{ - SkipTeeAttestation: true, - Nonce: nonce[:], - }) - if err != nil { - t.Fatalf("failed to create attestation: %v", err) - } - - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to get EK: %v", err) - } - defer ek.Close() - ekBytes, err := ek.PublicArea().Encode() - if err != nil { - t.Fatalf("failed to encode EK pub: %v", err) - } - - var snpNonce [sabi.ReportDataSize]byte - h := sha512.New() - h.Write(snpNonce[:]) - h.Write(ekBytes) - goodReportData := h.Sum(nil) - goodVmpl := 0 - goodMeasurement := [48]byte{0} - copy(goodMeasurement[:], "good") - testcases := []struct { - name string - getConfigfs func(t *testing.T) configfsi.Client - wantErrString string - }{ - { - name: "Bad report data", - getConfigfs: func(_ *testing.T) configfsi.Client { - var snpNonce [sabi.ReportDataSize]byte - return makeFakeConfigfs(snpNonce[:], ekBytes, goodVmpl, goodMeasurement[:]) - }, - wantErrString: "report field REPORT_DATA", - }, - { - name: "Bad VMPL", - getConfigfs: func(_ *testing.T) configfsi.Client { - return makeFakeConfigfs(goodReportData, ekBytes, 2, goodMeasurement[:]) - }, - wantErrString: "report VMPL", - }, - { - name: "Bad measurement", - getConfigfs: func(_ *testing.T) configfsi.Client { - badMeasurement := make([]byte, 48) - copy(badMeasurement[:], "bad") - return makeFakeConfigfs(goodReportData, ekBytes, goodVmpl, badMeasurement[:]) - }, - wantErrString: "report field MEASUREMENT", - }, - } - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - svsmAttestation, err := makeSEVSNPSVSMAttestation(attestation, &sevSNPSVSMAttestationOpts{ - TEENonce: snpNonce[:], - CongfigfsClient: tc.getConfigfs(t), - VTPMServiceManifestVersion: "0", - }) - if err != nil { - t.Fatalf("failed to make SVSM attestation: %v", err) - } - - endorsement, err := makeEndorsement(goodMeasurement[:]) - if err != nil { - t.Fatalf("failed to make endorsement: %v", err) - } - svsmAttestation.LaunchEndorsement = endorsement - - err = verifySEVSNPSVSMAttestation(verifySEVSNPSVSMOpts{ - TEENonce: snpNonce[:], - AKPub: akPubBytes, - EKPub: ekBytes, - SevValidateOpts: &validate.Options{GuestPolicy: sabi.SnpPolicy{ - SMT: true, - Debug: true, - }}, - }, svsmAttestation) - if err == nil || !strings.Contains(err.Error(), tc.wantErrString) { - t.Errorf("got err: %v, want err containing: %q", err, tc.wantErrString) - } - }) - } -} - -var emptyReportV4 = ` - version: 4 - policy: 0xb0000 - signature_algo: 1 - report_data: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - family_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - image_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - measurement: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - host_data: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - id_key_digest: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - author_key_digest: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - report_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - report_id_ma: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - cpuid1eax_fms: 0 - chip_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - signature: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - ` - -func makeSnpAttestationReport(reportData []byte, vmpl int, measurement []byte) ([]byte, error) { - reportProto := &sevpb.Report{} - prototext.Unmarshal([]byte(emptyReportV4), reportProto) - reportProto.ReportData = reportData - reportProto.Vmpl = uint32(vmpl) - reportProto.Measurement = measurement - return sabi.ReportToAbiBytes(reportProto) -} - -func makeFakeConfigfs(reportData []byte, ekPub []byte, vmpl int, measurement []byte) configfsi.Client { - report := faketsm.Report611(0) - report.ReadAttr = readFS(reportData, ekPub, vmpl, measurement) - configfs := &faketsm.Client{Subsystems: map[string]configfsi.Client{ - "report": report, - }} - - return configfs -} - -func makeFakeCerts() ([]byte, error) { - b := &sgtest.AmdSignerBuilder{ - Extras: map[string][]byte{sabi.ExtraPlatformInfoGUID: []byte("test")}, - } - s, err := b.TestOnlyCertChain() - if err != nil { - return nil, fmt.Errorf("failed to make test cert chain: %v", err) - } - certBytes, err := s.CertTableBytes() - if err != nil { - return nil, fmt.Errorf("failed to serialize test cert chain: %v", err) - } - return certBytes, nil -} - -func readFS(reportData []byte, ekPub []byte, vmpl int, measurement []byte) func(*faketsm.ReportEntry, string) ([]byte, error) { - return func(_ *faketsm.ReportEntry, attr string) ([]byte, error) { - switch attr { - case "provider": - return []byte("fake\n"), nil - case "auxblob": - return makeFakeCerts() - case "outblob": - return makeSnpAttestationReport(reportData, vmpl, measurement) - case "privlevel_floor": - return []byte(strconv.Itoa(vmpl)), nil - case "manifestblob": - return ekPub, nil - } - return nil, os.ErrNotExist - } -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/token.go b/vendor/github.com/google/go-tpm-tools/cmd/token.go deleted file mode 100644 index 37c6e514c..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/token.go +++ /dev/null @@ -1,215 +0,0 @@ -package cmd - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "log" - "net/http" - "time" - - "cloud.google.com/go/compute/metadata" - "cloud.google.com/go/logging" - "github.com/golang-jwt/jwt/v4" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/models" - "github.com/google/go-tpm-tools/verifier/util" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/spf13/cobra" - "google.golang.org/api/option" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" -) - -var mockCloudLoggingServerAddress string - -const toolName = "gotpm" - -// If hardware technology needs a variable length teenonce then please modify the flags description -var tokenCmd = &cobra.Command{ - Use: "token", - Short: "Attest and fetch an OIDC token from Google Attestation Verification Service.", - Long: `Gather attestation report and send it to Google Attestation Verification Service for an OIDC token. -The OIDC token includes claims regarding the GCE VM, which is verified by Attestation Verification Service. Note that Confidential Computing API needs to be enabled for your account to access Google Attestation Verification Service https://console.cloud.google.com/apis/api/confidentialcomputing.googleapis.com. ---algo flag overrides the public key algorithm for the GCE TPM attestation key. If not provided then by default rsa is used. -`, - Args: cobra.NoArgs, - RunE: func(*cobra.Command, []string) error { - rwc, err := openTpm() - if err != nil { - return err - } - defer rwc.Close() - - // Metadata Server (MDS). A GCP specific client. - mdsClient := metadata.NewClient(nil) - - ctx := context.Background() - - fmt.Fprintf(debugOutput(), "Attestation Address is set to %s\n", asAddress) - - region, err := util.GetRegion(mdsClient) - if err != nil { - return fmt.Errorf("failed to fetch Region from MDS, the tool is probably not running in a GCE VM: %v", err) - } - - projectID, err := mdsClient.ProjectIDWithContext(ctx) - if err != nil { - return fmt.Errorf("failed to retrieve ProjectID from MDS: %v", err) - } - - verifierClient, err := util.NewRESTClient(ctx, asAddress, projectID, region) - if err != nil { - return fmt.Errorf("failed to create REST verifier client: %v", err) - } - - // Supports GCE VM. Hard code the AK type. Set GCE AK (EK signing) cert - var gceAK *client.Key - var usedKeyAlgo string - if keyAlgo == tpm2.AlgRSA { - usedKeyAlgo = "RSA" - gceAK, err = client.GceAttestationKeyRSA(rwc) - } - if keyAlgo == tpm2.AlgECC { - usedKeyAlgo = "ECC" - gceAK, err = client.GceAttestationKeyECC(rwc) - } - if err != nil { - return err - } - if gceAK.Cert() == nil { - return errors.New("failed to find GCE AK Certificate on this VM: try creating a new VM or verifying the VM has an EK cert using get-shielded-identity gcloud command. The used key algorithm is: " + usedKeyAlgo) - } - gceAK.Close() - - var cloudLogClient *logging.Client - var cloudLogger *logging.Logger - if cloudLog { - if audience == "" { - return errors.New("cloud logging requires the --audience flag") - } - if mockCloudLoggingServerAddress != "" { - conn, err := grpc.NewClient(mockCloudLoggingServerAddress, grpc.WithTransportCredentials(insecure.NewCredentials())) - if err != nil { - log.Fatalf("dialing %q: %v", mockCloudLoggingServerAddress, err) - } - cloudLogClient, err = logging.NewClient(ctx, TestProjectID, option.WithGRPCConn(conn)) - if err != nil { - return fmt.Errorf("failed to create cloud logging client for mock cloud logging server: %w", err) - } - } else { - cloudLogClient, err = logging.NewClient(ctx, projectID) - if err != nil { - return fmt.Errorf("failed to create cloud logging client: %w", err) - } - } - - cloudLogger = cloudLogClient.Logger(toolName) - fmt.Fprintf(debugOutput(), "cloudLogger created for project: %s\n", projectID) - } - - key = "gceAK" - - fmt.Fprint(debugOutput(), "Fetching attestation verifier OIDC token\n") - - challenge, err := verifierClient.CreateChallenge(ctx) - if err != nil { - return err - } - - principalTokens, err := util.PrincipalFetcher(challenge.Name, mdsClient) - if err != nil { - return fmt.Errorf("failed to get principal tokens: %w", err) - } - - ak, err := attestationKeys[key][keyAlgo](rwc) - if err != nil { - return fmt.Errorf("failed to get an AK: %w", err) - } - attestation, err := ak.Attest(client.AttestOpts{Nonce: challenge.Nonce, CertChainFetcher: http.DefaultClient}) - if err != nil { - return fmt.Errorf("failed to attest: %v", err) - } - ak.Close() - - req := verifier.VerifyAttestationRequest{ - Challenge: challenge, - GcpCredentials: principalTokens, - Attestation: attestation, - TokenOptions: &models.TokenOptions{Audience: audience, Nonces: customNonce, TokenType: "OIDC"}, - } - - resp, err := verifierClient.VerifyAttestation(ctx, req) - if err != nil { - return err - } - if len(resp.PartialErrs) > 0 { - fmt.Fprintf(debugOutput(), "partial errors from VerifyAttestation: %v", resp.PartialErrs) - } - - token := resp.ClaimsToken - - // Get token expiration. - claims := &jwt.RegisteredClaims{} - _, _, err = jwt.NewParser().ParseUnverified(string(token), claims) - if err != nil { - return fmt.Errorf("failed to parse token: %w", err) - } - - now := time.Now() - if !now.Before(claims.ExpiresAt.Time) { - return errors.New("token is expired") - } - - // Print out the claims in the jwt payload - mapClaims := jwt.MapClaims{} - _, _, err = jwt.NewParser().ParseUnverified(string(token), mapClaims) - if err != nil { - return fmt.Errorf("failed to parse token: %w", err) - } - claimsString, err := json.MarshalIndent(mapClaims, "", " ") - if err != nil { - return fmt.Errorf("failed to format claims: %w", err) - } - - if output == "" { - fmt.Fprintf(messageOutput(), "%s\n", string(token)) - } else { - out := []byte(token) - if _, err := dataOutput().Write(out); err != nil { - return fmt.Errorf("failed to write the token: %v", err) - } - } - - if cloudLog { - cloudLogger.Log(logging.Entry{Payload: challenge}) - cloudLogger.Log(logging.Entry{Payload: attestation}) - cloudLogger.Log(logging.Entry{Payload: map[string]string{"token": string(token)}}) - cloudLogger.Log(logging.Entry{Payload: mapClaims}) - cloudLogClient.Close() - if err != nil { - return fmt.Errorf("failed to close cloud logging client: %w", err) - } - } - - fmt.Fprintf(debugOutput(), "%s\nNote: these Claims are for debugging purpose and not verified\n", string(claimsString)) - - return nil - }, -} - -func init() { - RootCmd.AddCommand(tokenCmd) - addOutputFlag(tokenCmd) - addPublicKeyAlgoFlag(tokenCmd) - addAsAddressFlag(tokenCmd) - addCloudLoggingFlag(tokenCmd) - addAudienceFlag(tokenCmd) - addEventLogFlag(tokenCmd) - addCustomNonceFlag(tokenCmd) - // TODO: Add TEE hardware OIDC token generation - // addTeeNonceflag(tokenCmd) - // addTeeTechnology(tokenCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/token_test.go b/vendor/github.com/google/go-tpm-tools/cmd/token_test.go deleted file mode 100644 index 89345be8f..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/token_test.go +++ /dev/null @@ -1,251 +0,0 @@ -package cmd - -import ( - "crypto" - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "io" - "math/big" - "os" - "path/filepath" - "strings" - "testing" - "time" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm-tools/verifier/util" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -func TestTokenWithGCEAK(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - secretFile1 := makeOutputFile(t, "token") - defer os.RemoveAll(secretFile1) - var template = map[string]tpm2.Public{ - "rsa": GCEAKTemplateRSA(), - "ecc": GCEAKTemplateECC(), - } - tests := []struct { - name string - algo string - fail bool - }{ - {"gceAK:RSA", "rsa", true}, - {"gceAK:RSA", "rsa", false}, - {"gceAK:ECC", "ecc", false}, - } - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - gceAkTemplate, err := template[op.algo].Encode() - if err != nil { - t.Fatalf("failed to encode GCEAKTemplateRSA: %v", err) - } - err = setGCEAKCertTemplate(t, rwc, op.algo, gceAkTemplate) - if err != nil { - t.Error(err) - } - defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(getIndex[op.algo])) - defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(getCertIndex[op.algo])) - - var dummyMetaInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} - mockMdsServer, err := util.NewMetadataServer(dummyMetaInstance) - if err != nil { - t.Error(err) - } - defer mockMdsServer.Stop() - - mockOauth2Server, err := util.NewMockOauth2Server() - if err != nil { - t.Error(err) - } - defer mockOauth2Server.Stop() - - // Endpoint is Google's OAuth 2.0 default endpoint. Change to mock server. - google.Endpoint = oauth2.Endpoint{ - AuthURL: mockOauth2Server.Server.URL + "/o/oauth2/auth", - TokenURL: mockOauth2Server.Server.URL + "/token", - AuthStyle: oauth2.AuthStyleInParams, - } - - mockAttestationServer, err := util.NewMockAttestationServer() - if err != nil { - t.Error(err) - } - defer mockAttestationServer.Stop() - - mockCloudLoggingServerAddress, err = newMockCloudLoggingServer() - if err != nil { - t.Error(err) - } - - if op.fail { - RootCmd.SetArgs([]string{"token", "--algo", op.algo, "--output", secretFile1, "--verifier-endpoint", mockAttestationServer.Server.URL, "--cloud-log", "--audience", util.FakeCustomAudience, "--custom-nonce", "fail test"}) - if err := RootCmd.Execute(); err != nil && !strings.Contains(err.Error(), "googleapi: Error 400") { - t.Error(err) - } - } else { - RootCmd.SetArgs([]string{"token", "--algo", op.algo, "--output", secretFile1, "--verifier-endpoint", mockAttestationServer.Server.URL, "--cloud-log", "--audience", util.FakeCustomAudience, "--custom-nonce", util.FakeCustomNonce[0], "--custom-nonce", util.FakeCustomNonce[1]}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - } - // reset custom-nonce - customNonce = nil - }) - } -} - -func TestCopiedCustomEventLogFile(t *testing.T) { - if os.Getenv("RUN_TestCopiedCustomEventLogFile") != "true" { - t.Skip("Skipping test: run this test manually with `go test -c -v ./cmd/...` and `sudo RUN_TestCopiedCustomEventLogFile=true ./cmd.test -test.run TestCopiedCustomEventLogFile`") - } - - ExternalTPM = nil - var dummyMetaInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} - mockMdsServer, err := util.NewMetadataServer(dummyMetaInstance) - if err != nil { - t.Error(err) - } - defer mockMdsServer.Stop() - - mockOauth2Server, err := util.NewMockOauth2Server() - if err != nil { - t.Error(err) - } - defer mockOauth2Server.Stop() - - // Endpoint is Google's OAuth 2.0 default endpoint. Change to mock server. - google.Endpoint = oauth2.Endpoint{ - AuthURL: mockOauth2Server.Server.URL + "/o/oauth2/auth", - TokenURL: mockOauth2Server.Server.URL + "/token", - AuthStyle: oauth2.AuthStyleInParams, - } - - mockAttestationServer, err := util.NewMockAttestationServer() - if err != nil { - t.Error(err) - } - defer mockAttestationServer.Stop() - - tmpDir := t.TempDir() - srcPath := "/sys/kernel/security/tpm0/binary_bios_measurements" - destPath := filepath.Join(tmpDir, "copied_binary_bios_measurements") - - // Read the contents of the source file - data, err := os.ReadFile(srcPath) - if err != nil { - t.Fatal("Failed to read source file:", err) - } - - // Write the contents to the destination file - err = os.WriteFile(destPath, data, 0644) - if err != nil { - t.Fatal("Failed to write destination file:", err) - } - - RootCmd.SetArgs([]string{"token", "--verifier-endpoint", mockAttestationServer.Server.URL, "--event-log", destPath}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } -} - -// Need to call tpm2.NVUndefinespace twice on the handle with authHandle tpm2.HandlePlatform. -// e.g defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(client.GceAKTemplateNVIndexRSA)) -// defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(client.GceAKCertNVIndexRSA)) -func setGCEAKCertTemplate(tb testing.TB, rwc io.ReadWriteCloser, algo string, akTemplate []byte) error { - var err error - // Write AK template to NV memory - if err := tpm2.NVDefineSpace(rwc, tpm2.HandlePlatform, tpmutil.Handle(getIndex[algo]), - "", "", nil, - tpm2.AttrPPWrite|tpm2.AttrPPRead|tpm2.AttrWriteDefine|tpm2.AttrOwnerRead|tpm2.AttrAuthRead|tpm2.AttrPlatformCreate|tpm2.AttrNoDA, - uint16(len(akTemplate))); err != nil { - tb.Fatalf("NVDefineSpace failed: %v", err) - } - err = tpm2.NVWrite(rwc, tpm2.HandlePlatform, tpmutil.Handle(getIndex[algo]), "", akTemplate, 0) - if err != nil { - tb.Fatalf("failed to write NVIndex: %v", err) - } - - // create self-signed AK cert - getAttestationKeyFunc := getAttestationKey[algo] - attestKey, err := getAttestationKeyFunc(rwc) - if err != nil { - tb.Fatalf("Unable to create key: %v", err) - } - defer attestKey.Close() - // create self-signed Root CA - ca, caKey := getTestCert(tb, nil, nil, nil) - // sign the attestation key certificate - akCert, _ := getTestCert(tb, attestKey.PublicKey(), ca, caKey) - if err = attestKey.SetCert(akCert); err != nil { - tb.Errorf("SetCert() returned error: %v", err) - } - - // write test AK cert. - // size need to be less than 1024 (MAX_NV_BUFFER_SIZE). If not, split before write. - certASN1 := akCert.Raw - // write to gceAK slot in NV memory - if err := tpm2.NVDefineSpace(rwc, tpm2.HandlePlatform, tpmutil.Handle(getCertIndex[algo]), - "", "", nil, - tpm2.AttrPPWrite|tpm2.AttrPPRead|tpm2.AttrWriteDefine|tpm2.AttrOwnerRead|tpm2.AttrAuthRead|tpm2.AttrPlatformCreate|tpm2.AttrNoDA, - uint16(len(certASN1))); err != nil { - tb.Fatalf("NVDefineSpace failed: %v", err) - } - err = tpm2.NVWrite(rwc, tpm2.HandlePlatform, tpmutil.Handle(getCertIndex[algo]), "", certASN1, 0) - if err != nil { - tb.Fatalf("failed to write NVIndex: %v", err) - } - - return nil -} - -var getCertIndex = map[string]uint32{ - "rsa": client.GceAKCertNVIndexRSA, - "ecc": client.GceAKCertNVIndexECC, -} - -var getAttestationKey = map[string]func(rw io.ReadWriter) (*client.Key, error){ - "rsa": client.GceAttestationKeyRSA, - "ecc": client.GceAttestationKeyECC, -} - -// Returns an x509 Certificate for the provided pubkey, signed with the provided parent certificate and key. -// If the provided fields are nil, will create a self-signed certificate. -func getTestCert(tb testing.TB, pubKey crypto.PublicKey, parentCert *x509.Certificate, parentKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey) { - certKey, _ := rsa.GenerateKey(rand.Reader, 2048) - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(10, 0, 0), - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - IsCA: true, - MaxPathLenZero: true, - } - - if pubKey == nil && parentCert == nil && parentKey == nil { - pubKey = certKey.Public() - parentCert = template - parentKey = certKey - } - - certBytes, err := x509.CreateCertificate(rand.Reader, template, parentCert, pubKey, parentKey) - if err != nil { - tb.Fatalf("Unable to create test certificate: %v", err) - } - - cert, err := x509.ParseCertificate(certBytes) - if err != nil { - tb.Fatalf("Unable to parse test certificate: %v", err) - } - - return cert, certKey -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/verify.go b/vendor/github.com/google/go-tpm-tools/cmd/verify.go deleted file mode 100644 index e38dadafc..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/verify.go +++ /dev/null @@ -1,165 +0,0 @@ -package cmd - -import ( - "crypto" - "fmt" - "io" - - "github.com/google/go-sev-guest/proto/sevsnp" - sv "github.com/google/go-sev-guest/verify" - "github.com/google/go-tdx-guest/proto/tdx" - tv "github.com/google/go-tdx-guest/verify" - pb "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm-tools/server" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/spf13/cobra" - "google.golang.org/protobuf/proto" -) - -var verifyCmd = &cobra.Command{ - Use: "verify", - Short: "Verify a remote attestation report.", - Args: cobra.NoArgs, -} -var debugCmd = &cobra.Command{ - Use: "debug", - Short: "Debug the contents of an attestation report without verifying its root-of-trust (e.g., attestation key certificate). For debugging purposes only", - RunE: func(*cobra.Command, []string) error { - attestationBytes, err := io.ReadAll(dataInput()) - if err != nil { - return err - } - attestation := &pb.Attestation{} - - if format == "binarypb" { - err = proto.Unmarshal(attestationBytes, attestation) - } else if format == "textproto" { - err = unmarshalOptions.Unmarshal(attestationBytes, attestation) - } else { - return fmt.Errorf("format should be either binarypb or textproto") - } - if err != nil { - return fmt.Errorf("fail to unmarshal attestation report: %v", err) - } - - pub, err := tpm2.DecodePublic(attestation.GetAkPub()) - if err != nil { - return err - } - cryptoPub, err := pub.Key() - if err != nil { - return err - } - - // TODO(#524): create separate, discrete subcommands that verifies SNP and TDX attestation. - ms, err := server.VerifyAttestation(attestation, server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{cryptoPub}}) - if err != nil { - return fmt.Errorf("verifying TPM attestation: %w", err) - } - err = verifyGceTechnology(attestation) - if err != nil { - return fmt.Errorf("verifying TEE attestation: %w", err) - } - teeMS, err := parseTEEAttestation(attestation, ms.GetPlatform().Technology) - if err != nil { - return fmt.Errorf("failed to parse machineState from TEE attestation: %w", err) - } - ms.TeeAttestation = teeMS.TeeAttestation - out, err := marshalOptions.Marshal(ms) - if err != nil { - return nil - } - if _, err := dataOutput().Write(out); err != nil { - return fmt.Errorf("failed to write verified attestation report: %v", err) - } - return nil - }, -} - -// parseTEEAttestation parses a machineState from TeeAttestation. -// For now it simply populates the machineState TeeAttestation field with the verified TDX/SNP data. -// In long term, it should parse a full machineState from TeeAttestation. -func parseTEEAttestation(attestation *pb.Attestation, tech pb.GCEConfidentialTechnology) (*pb.MachineState, error) { - switch tech { - case pb.GCEConfidentialTechnology_AMD_SEV_SNP: - tee, ok := attestation.TeeAttestation.(*pb.Attestation_SevSnpAttestation) - if !ok { - return nil, fmt.Errorf("TEE attestation is %T, expected a SevSnpAttestation", attestation.GetTeeAttestation()) - } - return &pb.MachineState{ - TeeAttestation: &pb.MachineState_SevSnpAttestation{ - SevSnpAttestation: proto.Clone(tee.SevSnpAttestation).(*sevsnp.Attestation), - }}, nil - case pb.GCEConfidentialTechnology_INTEL_TDX: - tee, ok := attestation.TeeAttestation.(*pb.Attestation_TdxAttestation) - if !ok { - return nil, fmt.Errorf("TEE attestation is %T, expected a TdxAttestation", attestation.GetTeeAttestation()) - } - return &pb.MachineState{ - TeeAttestation: &pb.MachineState_TdxAttestation{ - TdxAttestation: proto.Clone(tee.TdxAttestation).(*tdx.QuoteV4), - }}, nil - default: - return &pb.MachineState{}, nil - } -} - -func verifyGceTechnology(attestation *pb.Attestation) error { - if attestation.GetTeeAttestation() == nil { - return nil - } - switch attestation.GetTeeAttestation().(type) { - case *pb.Attestation_TdxAttestation: - var tdxOpts *verifyTdxOpts - if len(teeNonce) != 0 { - tdxOpts = &verifyTdxOpts{ - Validation: tdxDefaultValidateOpts(teeNonce), - Verification: tv.DefaultOptions(), - } - } else { - tdxOpts = &verifyTdxOpts{ - Validation: tdxDefaultValidateOpts(nonce), - Verification: tv.DefaultOptions(), - } - } - tee, ok := attestation.TeeAttestation.(*pb.Attestation_TdxAttestation) - if !ok { - return fmt.Errorf("TEE attestation is %T, expected a TdxAttestation", attestation.GetTeeAttestation()) - } - return verifyTdxAttestation(tee.TdxAttestation, tdxOpts) - case *pb.Attestation_SevSnpAttestation: - var snpOpts *verifySnpOpts - if len(teeNonce) != 0 { - snpOpts = &verifySnpOpts{ - Validation: sevSnpDefaultValidateOpts(teeNonce), - Verification: &sv.Options{}, - } - } else { - snpOpts = &verifySnpOpts{ - Validation: sevSnpDefaultValidateOpts(nonce), - Verification: &sv.Options{}, - } - } - tee, ok := attestation.TeeAttestation.(*pb.Attestation_SevSnpAttestation) - if !ok { - return fmt.Errorf("TEE attestation is %T, expected a SevSnpAttestation", attestation.GetTeeAttestation()) - } - return verifySevSnpAttestation(tee.SevSnpAttestation, snpOpts) - default: - return fmt.Errorf("unknown attestation type: %T", attestation.GetTeeAttestation()) - } -} - -func init() { - RootCmd.AddCommand(verifyCmd) - verifyCmd.AddCommand(debugCmd) - addNonceFlag(debugCmd) - addOutputFlag(debugCmd) - addInputFlag(debugCmd) - addFormatFlag(debugCmd) - addTeeNonceflag(debugCmd) - addCertifiedAKBlobFlag(debugCmd) - debugCmd.AddCommand(verifySVSMCmd) - addEKPubFlag(verifySVSMCmd) - addTeeTechnology(verifySVSMCmd) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/verify_sev.go b/vendor/github.com/google/go-tpm-tools/cmd/verify_sev.go deleted file mode 100644 index 4d8959f18..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/verify_sev.go +++ /dev/null @@ -1,40 +0,0 @@ -package cmd - -import ( - sabi "github.com/google/go-sev-guest/abi" - spb "github.com/google/go-sev-guest/proto/sevsnp" - "github.com/google/go-sev-guest/validate" - sv "github.com/google/go-sev-guest/verify" -) - -// The policy on GCE is to allow SMT, and eventually MigrateMA, but no debug bit. -var defaultSevSnpGuestPolicy = sabi.SnpPolicy{ - SMT: true, - MigrateMA: true, -} - -// verifySnpOpts allows for customizing the functionality of VerifyAttestation's SEV-SNP verification. -type verifySnpOpts struct { - Validation *validate.Options - Verification *sv.Options -} - -// sevSnpDefaultValidateOpts returns a default validation policy for SEV-SNP attestation reports on GCE. -func sevSnpDefaultValidateOpts(tpmNonce []byte) *validate.Options { - policy := &validate.Options{GuestPolicy: defaultSevSnpGuestPolicy} - policy.ReportData = make([]byte, sabi.ReportDataSize) - copy(policy.ReportData, tpmNonce) - return policy -} - -// verifySevSnpAttestation checks that the SEV-SNP attestation report matches expectations for the -// product. -func verifySevSnpAttestation(attestation *spb.Attestation, opts *verifySnpOpts) error { - // Check that the report is signed by a valid AMD key. Do not check revocations. This must be - // done before validation to ensure the certificates are filled in by the verify library. - if err := sv.SnpAttestation(attestation, opts.Verification); err != nil { - return err - } - // Check that the fields of the report are acceptable. - return validate.SnpAttestation(attestation, opts.Validation) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/verify_svsm.go b/vendor/github.com/google/go-tpm-tools/cmd/verify_svsm.go deleted file mode 100644 index edcdd5865..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/verify_svsm.go +++ /dev/null @@ -1,235 +0,0 @@ -package cmd - -import ( - "bytes" - "crypto" - "crypto/sha512" - "crypto/x509" - "errors" - "fmt" - "time" - - apb "github.com/google/go-tpm-tools/proto/attest" - "google.golang.org/protobuf/proto" - - "github.com/google/gce-tcb-verifier/gcetcbendorsement" - epb "github.com/google/gce-tcb-verifier/proto/endorsement" - tcbv "github.com/google/gce-tcb-verifier/verify" - sabi "github.com/google/go-sev-guest/abi" - "github.com/google/go-sev-guest/validate" - "github.com/google/go-sev-guest/verify" - "github.com/google/go-sev-guest/verify/trust" - tpb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm-tools/server" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/spf13/cobra" -) - -var errSvsmNeedsTeeNonce = errors.New("tee-nonce should be specified when using verify debug svsm") - -var ( - certifiedAKBlobPath string - trustedEKPub string -) - -func addCertifiedAKBlobFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&certifiedAKBlobPath, "certified-ak-blob", "", - "Specify path to certified AK blob produced from TPM registration.") -} - -func addEKPubFlag(cmd *cobra.Command) { - cmd.PersistentFlags().StringVar(&trustedEKPub, "ek-pub", "", - "Specify path to EK pub used in TPM registration.") -} - -var verifySVSMCmd = &cobra.Command{ - Use: "svsm", - Short: `Debug the contents of an SevSnpSvsmAttestation. Currently only supported with sev-snp. For debugging purposes only.`, - RunE: func(*cobra.Command, []string) error { - if teeTechnology != SevSnp { - return errSvsmOnlySupportedWithSevSnp - } - if len(teeNonce) == 0 { - return errSvsmNeedsTeeNonce - } - svsmAttestation := &apb.SevSnpSvsmAttestation{} - err := readProtoFromPath(input, svsmAttestation) - if err != nil { - return fmt.Errorf("failed to read svsm attestation: %w", err) - } - - blob := &tpb.CertifiedBlob{} - err = readProtoFromPath(certifiedAKBlobPath, blob) - if err != nil { - return fmt.Errorf("failed to read certified ak blob: %w", err) - } - ekpub, err := readBytes(trustedEKPub) - if err != nil { - return fmt.Errorf("failed to read ek-pub: %w", err) - } - - rot, err := getRootOfTrust() - if err != nil { - return fmt.Errorf("failed to get root of trust: %w", err) - } - err = verifySEVSNPSVSMAttestation(verifySEVSNPSVSMOpts{ - TEENonce: teeNonce, - SevVerifyOpts: &verify.Options{}, - SevValidateOpts: &validate.Options{ - GuestPolicy: sabi.SnpPolicy{ - SMT: true, - }, - }, - EndorsementOpts: &tcbv.Options{ - RootsOfTrust: rot, - Now: time.Now(), - }, - AKPub: blob.PubArea, - EKPub: ekpub, - }, svsmAttestation) - if err != nil { - return fmt.Errorf("failed to verify snp svsm attestation: %w", err) - } - - pub, err := tpm2.DecodePublic(svsmAttestation.GetAttestation().GetAkPub()) - if err != nil { - return err - } - cryptoPub, err := pub.Key() - if err != nil { - return err - } - ms, err := server.VerifyAttestation(svsmAttestation.GetAttestation(), server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{cryptoPub}}) - if err != nil { - return fmt.Errorf("verifying TPM attestation: %w", err) - } - ms.TeeAttestation = &apb.MachineState_SevSnpAttestation{ - SevSnpAttestation: svsmAttestation.SevSnpAttestation, - } - out, err := marshalOptions.Marshal(ms) - if err != nil { - return nil - } - if _, err := dataOutput().Write(out); err != nil { - return fmt.Errorf("failed to write verified attestation report: %v", err) - } - return nil - }, -} - -func getRootOfTrust() (*x509.CertPool, error) { - data, err := trust.DefaultHTTPSGetter().Get(gcetcbendorsement.DefaultRootURL) - if err != nil { - return nil, fmt.Errorf("failed to get root certificate: %w", err) - } - // Certificate may be PEM, but also may be DER. - rot := x509.NewCertPool() - if !rot.AppendCertsFromPEM(data) { - rootCert, err := x509.ParseCertificate(data) - if err != nil { - return nil, fmt.Errorf("failed to parse root certificate as PEM or DER") - } - rot.AddCert(rootCert) - } - return rot, nil -} - -// Options to configure verifySEVSNPSVSMAttestation. -type verifySEVSNPSVSMOpts struct { - // Nonce that was used to generate the SNP attestation report while using SVSM as service provider. - TEENonce []byte - // Options for verifying the SNP attestation report, leave as nil to skip report verification. - SevVerifyOpts *verify.Options - // The validation options for VMPL, measurement, and report data will be overwritten to undertake the expected values for SVSM. - // Validation options should not be left as nil. - SevValidateOpts *validate.Options - // Options for verifying the VMLaunchEndorsement, leave as nil to skip verifying endorsement - EndorsementOpts *tcbv.Options - // An AKPub that is trusted. - // For vtpm service manifest version 0, this should be sourced from a TPM - // registration process such as seen in client/import_certify.go. - AKPub []byte - // EkPub that the AKPub is co-resident with. - EKPub []byte -} - -var ( - errVtpmServiceManifestEkDoesntMatch = errors.New("service manifest does not match EK pub that was certified against") - errUnsupportedVTPMServiceManifestVersion = errors.New("only vtpm service manifest version 0 is supported") - errMismatchingAK = errors.New("certified AK does not match attested AK") -) - -// verifySEVSNPSVSMAttestation checks the SNP attestation report, values in it, -// and bindings between the SVSM vTPM, SNP attestation report, and vTPM service -// manifest. To verify the launch measurement in the attestation report, we -// also verify the endorsement itself. -func verifySEVSNPSVSMAttestation(svsmOpts verifySEVSNPSVSMOpts, svsmAttestation *apb.SevSnpSvsmAttestation) error { - var err error - if svsmOpts.SevVerifyOpts != nil { - err = verify.SnpAttestation(svsmAttestation.GetSevSnpAttestation(), svsmOpts.SevVerifyOpts) - if err != nil { - return fmt.Errorf("SNP attestation verification failed: %w", err) - } - } - - svsmVMPL := 0 - svsmOpts.SevValidateOpts.VMPL = &svsmVMPL - svsmOpts.SevValidateOpts.Measurement, err = getExpectedMeasurement(svsmAttestation.GetLaunchEndorsement()) - if err != nil { - return fmt.Errorf("failed to get expected svsm measurement: %w", err) - } - svsmOpts.SevValidateOpts.ReportData, err = getExpectedReportData(svsmOpts, svsmAttestation) - if err != nil { - return fmt.Errorf("failed to get expected report data: %w", err) - } - err = validate.SnpAttestation(svsmAttestation.GetSevSnpAttestation(), svsmOpts.SevValidateOpts) - if err != nil { - return fmt.Errorf("SNP attestation validation failed: %w", err) - } - - if svsmOpts.EndorsementOpts != nil { - err = tcbv.Endorsement(svsmAttestation.LaunchEndorsement, svsmOpts.EndorsementOpts) - if err != nil { - return fmt.Errorf("failed to verify launch endorsement: %w", err) - } - } - - if !bytes.Equal(svsmOpts.AKPub, svsmAttestation.Attestation.GetAkPub()) { - return errMismatchingAK - } - return nil -} - -// getExpectedReportData the expected report data for the v0 vtpm service manifest version -// defined in the SVSM specification at https://www.amd.com/en/developer/sev.html -// This corresponds to attest_single_vtpm() defined in -// https://github.com/coconut-svsm/svsm/blob/main/kernel/src/protocols/attest.rs#L336 -func getExpectedReportData(svsmOpts verifySEVSNPSVSMOpts, svsmAttestation *apb.SevSnpSvsmAttestation) ([]byte, error) { - if svsmAttestation.GetVtpmServiceManifestVersion() != "0" { - return nil, errUnsupportedVTPMServiceManifestVersion - } - if !bytes.Equal(svsmOpts.EKPub, svsmAttestation.VtpmServiceManifest) { - return nil, errVtpmServiceManifestEkDoesntMatch - } - h := sha512.New() - if len(svsmOpts.TEENonce) != sabi.ReportDataSize { - return nil, fmt.Errorf("the teeNonce size is %d. SEV-SNP device requires 64", len(svsmOpts.TEENonce)) - } - h.Write(svsmOpts.TEENonce[:]) - h.Write(svsmAttestation.GetVtpmServiceManifest()) - return h.Sum(nil), nil -} - -func getExpectedMeasurement(endorsement []byte) ([]byte, error) { - LaunchEndorsement := &epb.VMLaunchEndorsement{} - err := proto.Unmarshal(endorsement, LaunchEndorsement) - if err != nil { - return nil, fmt.Errorf("failed to unmarshal endorsement: %w", err) - } - golden := &epb.VMGoldenMeasurement{} - err = proto.Unmarshal(LaunchEndorsement.GetSerializedUefiGolden(), golden) - if err != nil { - return nil, fmt.Errorf("failed to unserialize golden uefi: %w", err) - } - return golden.GetSevSnp().GetSvsmMeasurement(), nil -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/verify_tdx.go b/vendor/github.com/google/go-tpm-tools/cmd/verify_tdx.go deleted file mode 100644 index 1136774dc..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/verify_tdx.go +++ /dev/null @@ -1,35 +0,0 @@ -package cmd - -import ( - tabi "github.com/google/go-tdx-guest/abi" - "github.com/google/go-tdx-guest/validate" - tv "github.com/google/go-tdx-guest/verify" -) - -// verifyTdxOpts allows for customizing the functionality of VerifyAttestation's TDX verification. -type verifyTdxOpts struct { - Validation *validate.Options - Verification *tv.Options -} - -// tdxDefaultValidateOpts returns a default validation policy for TDX attestation quote on GCE. -func tdxDefaultValidateOpts(tdxNonce []byte) *validate.Options { - policy := &validate.Options{HeaderOptions: validate.HeaderOptions{}, - TdQuoteBodyOptions: validate.TdQuoteBodyOptions{}} - policy.TdQuoteBodyOptions.ReportData = make([]byte, tabi.ReportDataSize) - copy(policy.TdQuoteBodyOptions.ReportData, tdxNonce) - return policy -} - -// verifyTdxAttestation checks that the TDX attestation quote is valid. The TEE-specific attestation -// quote is extracted from the Attestation protobuf. At a granular level, this quote is fetched via -// go-tdx-guest's GetQuote client API. -// Supported quote formats - QuoteV4. -func verifyTdxAttestation(tdxAttestationQuote any, opts *verifyTdxOpts) error { - // Check that the quote contains valid signature and certificates. Do not check revocations. - if err := tv.TdxQuote(tdxAttestationQuote, opts.Verification); err != nil { - return err - } - // Check that the fields of the quote are acceptable - return validate.TdxQuote(tdxAttestationQuote, opts.Validation) -} diff --git a/vendor/github.com/google/go-tpm-tools/cmd/verify_test.go b/vendor/github.com/google/go-tpm-tools/cmd/verify_test.go deleted file mode 100644 index e612648b4..000000000 --- a/vendor/github.com/google/go-tpm-tools/cmd/verify_test.go +++ /dev/null @@ -1,234 +0,0 @@ -package cmd - -import ( - "encoding/hex" - "fmt" - "os" - "strings" - "testing" - - tgtest "github.com/google/go-tdx-guest/testing" - tgtestclient "github.com/google/go-tdx-guest/testing/client" - tgtestdata "github.com/google/go-tdx-guest/testing/testdata" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm-tools/verifier/util" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" - "google.golang.org/protobuf/proto" -) - -func TestVerifyNoncePass(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - file1 := makeOutputFile(t, "attest") - file2 := makeOutputFile(t, "verify") - defer os.RemoveAll(file1) - defer os.RemoveAll(file2) - - RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--key", "AK", "--tee-nonce", "", "--output", file1, "--tee-technology", ""}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - - RootCmd.SetArgs([]string{"verify", "debug", "--nonce", "1234", "--input", file1, "--output", file2}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } -} - -func TestVerifyNonceFail(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - file1 := makeOutputFile(t, "attest") - file2 := makeOutputFile(t, "verify") - defer os.RemoveAll(file1) - defer os.RemoveAll(file2) - - RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--output", file1}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - - RootCmd.SetArgs([]string{"verify", "debug", "--nonce", "4321", "--input", file1, "--output", file2}) - if err := RootCmd.Execute(); err == nil { - t.Error("expected non-nil error") - } -} - -func TestVerifyWithGCEAK(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - file1 := makeOutputFile(t, "attest") - file2 := makeOutputFile(t, "verify") - defer os.RemoveAll(file1) - defer os.RemoveAll(file2) - - var template = map[string]tpm2.Public{ - "rsa": GCEAKTemplateRSA(), - "ecc": GCEAKTemplateECC(), - } - tests := []struct { - name string - nonce string - keyAlgo string - }{ - {"gceAK:RSA", "1234", "rsa"}, - {"gceAK:ECC", "1234", "ecc"}, - } - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - data, err := template[op.keyAlgo].Encode() - if err != nil { - t.Fatalf("failed to encode GCEAKTemplateRSA: %v", err) - } - err = setGCEAKTemplate(t, rwc, op.keyAlgo, data) - if err != nil { - t.Error(err) - } - defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(getIndex[op.keyAlgo])) - - var dummyInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} - mock, err := util.NewMetadataServer(dummyInstance) - if err != nil { - t.Error(err) - } - defer mock.Stop() - - RootCmd.SetArgs([]string{"attest", "--nonce", op.nonce, "--key", "gceAK", "--algo", op.keyAlgo, "--output", file1, "--format", "binarypb", "--tee-technology", ""}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - - RootCmd.SetArgs([]string{"verify", "debug", "--nonce", op.nonce, "--input", file1, "--output", file2}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - }) - } -} - -func TestHwAttestationPass(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - ExternalTPM = rwc - - inputFile := makeOutputFile(t, "attest") - outputFile := makeOutputFile(t, "attestout") - defer os.RemoveAll(inputFile) - defer os.RemoveAll(outputFile) - teenonce := "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678" - tests := []struct { - name string - nonce string - teetech string - wanterr string - }{ - {"TdxPass", "1234", "tdx", "failed to create tdx quote provider"}, - {"SevSnpPass", "1234", "sev-snp", "failed to open sev-snp device"}, - } - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - attestArgs := []string{"attest", "--nonce", op.nonce, "--key", "AK", "--output", inputFile, "--format", "textproto", "--tee-nonce", teenonce, "--tee-technology", op.teetech} - RootCmd.SetArgs(attestArgs) - if err := RootCmd.Execute(); err != nil { - if !strings.Contains(err.Error(), op.wanterr) { - t.Error(err) - } - } else { - RootCmd.SetArgs([]string{"verify", "debug", "--nonce", op.nonce, "--input", inputFile, "--output", outputFile, "--format", "textproto", "--tee-nonce", teenonce}) - if err := RootCmd.Execute(); err != nil { - t.Error(err) - } - msBytes, err := os.ReadFile(outputFile) - if err != nil { - t.Fatalf("failed to read file: %v", err) - } - ms := &pb.MachineState{} - err = proto.Unmarshal(msBytes, ms) - if err != nil { - t.Fatalf("failed to unmarshal proto: %v", err) - } - if ms.TeeAttestation == nil { - t.Error("found nil TEE attestation, expected a set TEEattestation") - } - } - }) - } -} - -func TestTdxAttestation(t *testing.T) { - dir := t.TempDir() - file1, err := os.Create(dir + "/attestFile") - if err != nil { - t.Fatal(err) - } - file2 := makeOutputFile(t, "verifyFile") - defer os.RemoveAll(file2) - tpmNonce := "1234" - teeNonce := hex.EncodeToString(test.TdxReportData) - wrongTeeNonce := hex.EncodeToString([]byte("wrongTdxNonce")) - attestation, err := createAttestationWithFakeTdx([]byte(tpmNonce), test.TdxReportData, t) - if err != nil { - t.Fatal(err) - } - out := []byte(marshalOptions.Format(attestation)) - file1.Write(out) - hexTpmNonce := hex.EncodeToString([]byte(tpmNonce)) - tests := []struct { - name string - tdxNonce string - wantErr string - }{ - {"Correct TEE Nonce", teeNonce, ""}, - {"Incorrect TEE Nonce", wrongTeeNonce, "quote field REPORT_DATA"}, - {"Incorrect Nonce Using TPM Nonce", wrongTeeNonce, "quote field REPORT_DATA"}, - } - - for _, op := range tests { - t.Run(op.name, func(t *testing.T) { - RootCmd.SetArgs([]string{"verify", "debug", "--nonce", hexTpmNonce, "--input", file1.Name(), "--output", file2, "--tee-nonce", op.tdxNonce, "--format", "textproto"}) - if err := RootCmd.Execute(); (err == nil && op.wantErr != "") || - (err != nil && !strings.Contains(err.Error(), op.wantErr)) { - t.Errorf("Expected error: %v, got: %v", op.wantErr, err) - } - }) - } -} - -func createAttestationWithFakeTdx(tpmNonce []byte, teeNonce []byte, tb *testing.T) (*pb.Attestation, error) { - tdxEventLog := test.CreateTpm2EventLog(3) // Enum 3- TDX - rwc := test.GetSimulatorWithLog(tb, tdxEventLog) - defer client.CheckedClose(tb, rwc) - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - return nil, fmt.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - var teeNonce64 [64]byte - copy(teeNonce64[:], teeNonce) - tdxTestDevice := tgtestclient.GetTdxGuest([]tgtest.TestCase{ - { - Input: teeNonce64, - Quote: tgtestdata.RawQuote, - }, - }, tb) - - defer tdxTestDevice.Close() - attestation, err := ak.Attest(client.AttestOpts{ - Nonce: tpmNonce, - TEEDevice: &client.TdxDevice{Device: tdxTestDevice}, - TEENonce: teeNonce64[:], - }) - if err != nil { - return nil, fmt.Errorf("failed to attest: %v", err) - } - return attestation, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/go.mod b/vendor/github.com/google/go-tpm-tools/go.mod deleted file mode 100644 index adfea8a73..000000000 --- a/vendor/github.com/google/go-tpm-tools/go.mod +++ /dev/null @@ -1,27 +0,0 @@ -module github.com/google/go-tpm-tools - -go 1.22 - -toolchain go1.24.8 - -require ( - github.com/google/go-attestation v0.5.1 - github.com/google/go-cmp v0.6.0 - github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc - github.com/google/go-sev-guest v0.14.0 - github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 - github.com/google/go-tpm v0.9.6 - github.com/google/logger v1.1.1 - google.golang.org/protobuf v1.35.1 -) - -require ( - github.com/google/certificate-transparency-go v1.1.2 // indirect - github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba - github.com/google/go-tspi v0.3.0 // indirect - github.com/google/uuid v1.6.0 // indirect - github.com/stretchr/testify v1.9.0 // indirect - go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.31.0 // indirect - golang.org/x/sys v0.28.0 // indirect -) diff --git a/vendor/github.com/google/go-tpm-tools/go.sum b/vendor/github.com/google/go-tpm-tools/go.sum deleted file mode 100644 index 504e13f8d..000000000 --- a/vendor/github.com/google/go-tpm-tools/go.sum +++ /dev/null @@ -1,1252 +0,0 @@ -bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= -bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= -cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= -cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= -code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= -contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= -contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= -contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= -contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= -contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= -contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= -contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= -github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= -github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= -github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= -github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= -github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= -github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= -github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= -github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= -github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= -github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= -github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= -github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= -github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= -github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= -github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= -github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= -github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= -github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= -github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= -github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= -github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= -github.com/google/go-attestation v0.5.1 h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms= -github.com/google/go-attestation v0.5.1/go.mod h1:KqGatdUhg5kPFkokyzSBDxwSCFyRgIgtRkMp6c3lOBQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc h1:SG12DWUUM5igxm+//YX5Yq4vhdoRnOG9HkCodkOn+YU= -github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba h1:05m5+kgZjxYUZrx3bZfkKHl6wkch+Khao6N21rFHInk= -github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= -github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= -github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= -github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= -github.com/google/go-sev-guest v0.14.0 h1:dCb4F3YrHTtrDX3cYIPTifEDz7XagZmXQioxRBW4wOo= -github.com/google/go-sev-guest v0.14.0/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= -github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= -github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= -github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= -github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= -github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= -github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= -github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= -github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= -github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= -github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= -github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= -github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= -github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= -github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= -github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= -github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= -github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= -github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= -github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= -github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= -github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= -github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= -github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= -github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= -github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= -github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= -github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= -github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= -github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= -github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= -github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= -github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= -github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= -github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= -github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= -github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= -github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= -github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= -go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= -go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= -go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= -go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= -go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= -go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= -go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= -go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= -golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= -gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= -gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= -gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= -gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/vendor/github.com/google/go-tpm-tools/go.work b/vendor/github.com/google/go-tpm-tools/go.work deleted file mode 100644 index ee7498572..000000000 --- a/vendor/github.com/google/go-tpm-tools/go.work +++ /dev/null @@ -1,14 +0,0 @@ -go 1.24.0 - -toolchain go1.24.4 - -use ( - . - ./cmd - ./launcher - ./verifier -) - -replace github.com/google/go-tpm-tools v0.4.4 => ./ - -replace github.com/google/go-tpm-tools/verifier v0.4.4 => ./ diff --git a/vendor/github.com/google/go-tpm-tools/go.work.sum b/vendor/github.com/google/go-tpm-tools/go.work.sum deleted file mode 100644 index ffb919bbf..000000000 --- a/vendor/github.com/google/go-tpm-tools/go.work.sum +++ /dev/null @@ -1,2168 +0,0 @@ -bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= -bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM= -cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= -cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= -cel.dev/expr v0.20.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= -cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= -cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= -cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= -cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= -cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME= -cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= -cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic= -cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= -cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= -cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= -cloud.google.com/go v0.113.0/go.mod h1:glEqlogERKYeePz6ZdkcLJ28Q2I6aERgDDErBg9GzO8= -cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go v0.117.0/go.mod h1:ZbwhVTb1DBGt2Iwb3tNO6SEK4q+cplHZmLWH+DelYYc= -cloud.google.com/go v0.118.3/go.mod h1:Lhs3YLnBlwJ4KA6nuObNMZ/fCbOQBPuWKPoE0Wa/9Vc= -cloud.google.com/go v0.120.1/go.mod h1:56Vs7sf/i2jYM6ZL9NYlC82r04PThNcPS5YgFmb0rp8= -cloud.google.com/go v0.121.1 h1:S3kTQSydxmu1JfLRLpKtxRPA7rSrYPRPEUmL/PavVUw= -cloud.google.com/go v0.121.1/go.mod h1:nRFlrHq39MNVWu+zESP2PosMWA0ryJw8KUBZ2iZpxbw= -cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= -cloud.google.com/go/accessapproval v1.7.2/go.mod h1:/gShiq9/kK/h8T/eEn1BTzalDvk0mZxJlhfw0p+Xuc0= -cloud.google.com/go/accessapproval v1.7.5/go.mod h1:g88i1ok5dvQ9XJsxpUInWWvUBrIZhyPDPbk4T01OoJ0= -cloud.google.com/go/accessapproval v1.7.7/go.mod h1:10ZDPYiTm8tgxuMPid8s2DL93BfCt6xBh/Vg0Xd8pU0= -cloud.google.com/go/accessapproval v1.7.9/go.mod h1:teNI+P/xzZ3dppGXEYFvSmuOvmTjLE9toPq21WHssYc= -cloud.google.com/go/accessapproval v1.8.1/go.mod h1:3HAtm2ertsWdwgjSGObyas6fj3ZC/3zwV2WVZXO53sU= -cloud.google.com/go/accessapproval v1.8.6/go.mod h1:FfmTs7Emex5UvfnnpMkhuNkRCP85URnBFt5ClLxhZaQ= -cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ= -cloud.google.com/go/accesscontextmanager v1.8.2/go.mod h1:E6/SCRM30elQJ2PKtFMs2YhfJpZSNcJyejhuzoId4Zk= -cloud.google.com/go/accesscontextmanager v1.8.5/go.mod h1:TInEhcZ7V9jptGNqN3EzZ5XMhT6ijWxTGjzyETwmL0Q= -cloud.google.com/go/accesscontextmanager v1.8.7/go.mod h1:jSvChL1NBQ+uLY9zUBdPy9VIlozPoHptdBnRYeWuQoM= -cloud.google.com/go/accesscontextmanager v1.8.9/go.mod h1:IXvQesVgOC7aXgK9OpYFn5eWnzz8fazegIiJ5WnCOVw= -cloud.google.com/go/accesscontextmanager v1.9.1/go.mod h1:wUVSoz8HmG7m9miQTh6smbyYuNOJrvZukK5g6WxSOp0= -cloud.google.com/go/accesscontextmanager v1.9.6/go.mod h1:884XHwy1AQpCX5Cj2VqYse77gfLaq9f8emE2bYriilk= -cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw= -cloud.google.com/go/aiplatform v1.51.1/go.mod h1:kY3nIMAVQOK2XDqDPHaOuD9e+FdMA6OOpfBjsvaFSOo= -cloud.google.com/go/aiplatform v1.60.0/go.mod h1:eTlGuHOahHprZw3Hio5VKmtThIOak5/qy6pzdsqcQnM= -cloud.google.com/go/aiplatform v1.67.0/go.mod h1:s/sJ6btBEr6bKnrNWdK9ZgHCvwbZNdP90b3DDtxxw+Y= -cloud.google.com/go/aiplatform v1.68.0/go.mod h1:105MFA3svHjC3Oazl7yjXAmIR89LKhRAeNdnDKJczME= -cloud.google.com/go/aiplatform v1.89.0/go.mod h1:TzZtegPkinfXTtXVvZZpxx7noINFMVDrLkE7cEWhYEk= -cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE= -cloud.google.com/go/analytics v0.21.4/go.mod h1:zZgNCxLCy8b2rKKVfC1YkC2vTrpfZmeRCySM3aUbskA= -cloud.google.com/go/analytics v0.23.0/go.mod h1:YPd7Bvik3WS95KBok2gPXDqQPHy08TsCQG6CdUCb+u0= -cloud.google.com/go/analytics v0.23.2/go.mod h1:vtE3olAXZ6edJYk1UOndEs6EfaEc9T2B28Y4G5/a7Fo= -cloud.google.com/go/analytics v0.23.4/go.mod h1:1iTnQMOr6zRdkecW+gkxJpwV0Q/djEIII3YlXmyf7UY= -cloud.google.com/go/analytics v0.25.1/go.mod h1:hrAWcN/7tqyYwF/f60Nph1yz5UE3/PxOPzzFsJgtU+Y= -cloud.google.com/go/analytics v0.28.1/go.mod h1:iPaIVr5iXPB3JzkKPW1JddswksACRFl3NSHgVHsuYC4= -cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8= -cloud.google.com/go/apigateway v1.6.2/go.mod h1:CwMC90nnZElorCW63P2pAYm25AtQrHfuOkbRSHj0bT8= -cloud.google.com/go/apigateway v1.6.5/go.mod h1:6wCwvYRckRQogyDDltpANi3zsCDl6kWi0b4Je+w2UiI= -cloud.google.com/go/apigateway v1.6.7/go.mod h1:7wAMb/33Rzln+PrGK16GbGOfA1zAO5Pq6wp19jtIt7c= -cloud.google.com/go/apigateway v1.6.9/go.mod h1:YE9XDTFwq859O6TpZNtatBMDWnMRZOiTVF+Ru3oCBeY= -cloud.google.com/go/apigateway v1.7.1/go.mod h1:5JBcLrl7GHSGRzuDaISd5u0RKV05DNFiq4dRdfrhCP0= -cloud.google.com/go/apigateway v1.7.6/go.mod h1:SiBx36VPjShaOCk8Emf63M2t2c1yF+I7mYZaId7OHiA= -cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8= -cloud.google.com/go/apigeeconnect v1.6.2/go.mod h1:s6O0CgXT9RgAxlq3DLXvG8riw8PYYbU/v25jqP3Dy18= -cloud.google.com/go/apigeeconnect v1.6.5/go.mod h1:MEKm3AiT7s11PqTfKE3KZluZA9O91FNysvd3E6SJ6Ow= -cloud.google.com/go/apigeeconnect v1.6.7/go.mod h1:hZxCKvAvDdKX8+eT0g5eEAbRSS9Gkzi+MPWbgAMAy5U= -cloud.google.com/go/apigeeconnect v1.6.9/go.mod h1:tl53uGgVG1A00qK1dF6wGIji0CQIMrLdNccJ6+R221U= -cloud.google.com/go/apigeeconnect v1.7.1/go.mod h1:olkn1lOhIA/aorreenFzfEcEXmFN2pyAwkaUFbug9ZY= -cloud.google.com/go/apigeeconnect v1.7.6/go.mod h1:zqDhHY99YSn2li6OeEjFpAlhXYnXKl6DFb/fGu0ye2w= -cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc= -cloud.google.com/go/apigeeregistry v0.7.2/go.mod h1:9CA2B2+TGsPKtfi3F7/1ncCCsL62NXBRfM6iPoGSM+8= -cloud.google.com/go/apigeeregistry v0.8.3/go.mod h1:aInOWnqF4yMQx8kTjDqHNXjZGh/mxeNlAf52YqtASUs= -cloud.google.com/go/apigeeregistry v0.8.5/go.mod h1:ZMg60hq2K35tlqZ1VVywb9yjFzk9AJ7zqxrysOxLi3o= -cloud.google.com/go/apigeeregistry v0.8.7/go.mod h1:Jge1HQaIkNU8JYSDY7l5SveeSKvGPvtLjzNjLU2+0N8= -cloud.google.com/go/apigeeregistry v0.9.1/go.mod h1:XCwK9CS65ehi26z7E8/Vl4PEX5c/JJxpfxlB1QEyrZw= -cloud.google.com/go/apigeeregistry v0.9.6/go.mod h1:AFEepJBKPtGDfgabG2HWaLH453VVWWFFs3P4W00jbPs= -cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8= -cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E= -cloud.google.com/go/appengine v1.8.2/go.mod h1:WMeJV9oZ51pvclqFN2PqHoGnys7rK0rz6s3Mp6yMvDo= -cloud.google.com/go/appengine v1.8.5/go.mod h1:uHBgNoGLTS5di7BvU25NFDuKa82v0qQLjyMJLuPQrVo= -cloud.google.com/go/appengine v1.8.7/go.mod h1:1Fwg2+QTgkmN6Y+ALGwV8INLbdkI7+vIvhcKPZCML0g= -cloud.google.com/go/appengine v1.8.9/go.mod h1:sw8T321TAto/u6tMinv3AV63olGH/hw7RhG4ZgNhqFs= -cloud.google.com/go/appengine v1.9.1/go.mod h1:jtguveqRWFfjrk3k/7SlJz1FpDBZhu5CWSRu+HBgClk= -cloud.google.com/go/appengine v1.9.6/go.mod h1:jPp9T7Opvzl97qytaRGPwoH7pFI3GAcLDaui1K8PNjY= -cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k= -cloud.google.com/go/area120 v0.8.2/go.mod h1:a5qfo+x77SRLXnCynFWPUZhnZGeSgvQ+Y0v1kSItkh4= -cloud.google.com/go/area120 v0.8.5/go.mod h1:BcoFCbDLZjsfe4EkCnEq1LKvHSK0Ew/zk5UFu6GMyA0= -cloud.google.com/go/area120 v0.8.7/go.mod h1:L/xTq4NLP9mmxiGdcsVz7y1JLc9DI8pfaXRXbnjkR6w= -cloud.google.com/go/area120 v0.8.9/go.mod h1:epLvbmajRp919r1LGdvS1zgcHJt/1MTQJJ9+r0/NBQc= -cloud.google.com/go/area120 v0.9.1/go.mod h1:foV1BSrnjVL/KydBnAlUQFSy85kWrMwGSmRfIraC+JU= -cloud.google.com/go/area120 v0.9.6/go.mod h1:qKSokqe0iTmwBDA3tbLWonMEnh0pMAH4YxiceiHUed4= -cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08= -cloud.google.com/go/artifactregistry v1.14.3/go.mod h1:A2/E9GXnsyXl7GUvQ/2CjHA+mVRoWAXC0brg2os+kNI= -cloud.google.com/go/artifactregistry v1.14.7/go.mod h1:0AUKhzWQzfmeTvT4SjfI4zjot72EMfrkvL9g9aRjnnM= -cloud.google.com/go/artifactregistry v1.14.9/go.mod h1:n2OsUqbYoUI2KxpzQZumm6TtBgtRf++QulEohdnlsvI= -cloud.google.com/go/artifactregistry v1.14.11/go.mod h1:ahyKXer42EOIddYzk2zYfvZnByGPdAYhXqBbRBsGizE= -cloud.google.com/go/artifactregistry v1.15.1/go.mod h1:ExJb4VN+IMTQWO5iY+mjcY19Rz9jUxCVGZ1YuyAgPBw= -cloud.google.com/go/artifactregistry v1.17.1/go.mod h1:06gLv5QwQPWtaudI2fWO37gfwwRUHwxm3gA8Fe568Hc= -cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw= -cloud.google.com/go/asset v1.15.1/go.mod h1:yX/amTvFWRpp5rcFq6XbCxzKT8RJUam1UoboE179jU4= -cloud.google.com/go/asset v1.17.2/go.mod h1:SVbzde67ehddSoKf5uebOD1sYw8Ab/jD/9EIeWg99q4= -cloud.google.com/go/asset v1.19.1/go.mod h1:kGOS8DiCXv6wU/JWmHWCgaErtSZ6uN5noCy0YwVaGfs= -cloud.google.com/go/asset v1.19.3/go.mod h1:1j8NNcHsbSE/KeHMZrizPIS6c8nm0WjEAPoFXzXNCj4= -cloud.google.com/go/asset v1.20.2/go.mod h1:IM1Kpzzo3wq7R/GEiktitzZyXx2zVpWqs9/5EGYs0GY= -cloud.google.com/go/asset v1.21.1/go.mod h1:7AzY1GCC+s1O73yzLM1IpHFLHz3ws2OigmCpOQHwebk= -cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= -cloud.google.com/go/assuredworkloads v1.11.2/go.mod h1:O1dfr+oZJMlE6mw0Bp0P1KZSlj5SghMBvTpZqIcUAW4= -cloud.google.com/go/assuredworkloads v1.11.5/go.mod h1:FKJ3g3ZvkL2D7qtqIGnDufFkHxwIpNM9vtmhvt+6wqk= -cloud.google.com/go/assuredworkloads v1.11.7/go.mod h1:CqXcRH9N0KCDtHhFisv7kk+cl//lyV+pYXGi1h8rCEU= -cloud.google.com/go/assuredworkloads v1.11.9/go.mod h1:uZ6+WHiT4iGn1iM1wk5njKnKJWiM3v/aYhDoCoHxs1w= -cloud.google.com/go/assuredworkloads v1.12.1/go.mod h1:nBnkK2GZNSdtjU3ER75oC5fikub5/+QchbolKgnMI/I= -cloud.google.com/go/assuredworkloads v1.12.6/go.mod h1:QyZHd7nH08fmZ+G4ElihV1zoZ7H0FQCpgS0YWtwjCKo= -cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w= -cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro= -cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= -cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= -cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= -cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA= -cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= -cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= -cloud.google.com/go/auth v0.16.0/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= -cloud.google.com/go/auth v0.16.1/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= -cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= -cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= -cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU= -cloud.google.com/go/automl v1.13.2/go.mod h1:gNY/fUmDEN40sP8amAX3MaXkxcqPIn7F1UIIPZpy4Mg= -cloud.google.com/go/automl v1.13.5/go.mod h1:MDw3vLem3yh+SvmSgeYUmUKqyls6NzSumDm9OJ3xJ1Y= -cloud.google.com/go/automl v1.13.7/go.mod h1:E+s0VOsYXUdXpq0y4gNZpi0A/s6y9+lAarmV5Eqlg40= -cloud.google.com/go/automl v1.13.9/go.mod h1:KECCWW2AFsRuEVxUJEIXxcm3yPLf1rxS+qsBamyacMc= -cloud.google.com/go/automl v1.14.1/go.mod h1:BocG5mhT32cjmf5CXxVsdSM04VXzJW7chVT7CpSL2kk= -cloud.google.com/go/automl v1.14.7/go.mod h1:8a4XbIH5pdvrReOU72oB+H3pOw2JBxo9XTk39oljObE= -cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= -cloud.google.com/go/baremetalsolution v1.2.1/go.mod h1:3qKpKIw12RPXStwQXcbhfxVj1dqQGEvcmA+SX/mUR88= -cloud.google.com/go/baremetalsolution v1.2.4/go.mod h1:BHCmxgpevw9IEryE99HbYEfxXkAEA3hkMJbYYsHtIuY= -cloud.google.com/go/baremetalsolution v1.2.6/go.mod h1:KkS2BtYXC7YGbr42067nzFr+ABFMs6cxEcA1F+cedIw= -cloud.google.com/go/baremetalsolution v1.2.8/go.mod h1:Ai8ENs7ADMYWQ45DtfygUc6WblhShfi3kNPvuGv8/ok= -cloud.google.com/go/baremetalsolution v1.3.1/go.mod h1:D1djGGmBl4M6VlyjOMc1SEzDYlO4EeEG1TCUv5mCPi0= -cloud.google.com/go/baremetalsolution v1.3.6/go.mod h1:7/CS0LzpLccRGO0HL3q2Rofxas2JwjREKut414sE9iM= -cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= -cloud.google.com/go/batch v1.5.1/go.mod h1:RpBuIYLkQu8+CWDk3dFD/t/jOCGuUpkpX+Y0n1Xccs8= -cloud.google.com/go/batch v1.8.0/go.mod h1:k8V7f6VE2Suc0zUM4WtoibNrA6D3dqBpB+++e3vSGYc= -cloud.google.com/go/batch v1.8.5/go.mod h1:YSWU2RTIeoHWVwieZJDTLEfWWUsuk10uhAr5K1dTMiw= -cloud.google.com/go/batch v1.9.0/go.mod h1:VhRaG/bX2EmeaPSHvtptP5OAhgYuTrvtTAulKM68oiI= -cloud.google.com/go/batch v1.11.1/go.mod h1:4GbJXfdxU8GH6uuo8G47y5tEFOgTLCL9pMKCUcn7VxE= -cloud.google.com/go/batch v1.12.2/go.mod h1:tbnuTN/Iw59/n1yjAYKV2aZUjvMM2VJqAgvUgft6UEU= -cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU= -cloud.google.com/go/beyondcorp v1.0.1/go.mod h1:zl/rWWAFVeV+kx+X2Javly7o1EIQThU4WlkynffL/lk= -cloud.google.com/go/beyondcorp v1.0.4/go.mod h1:Gx8/Rk2MxrvWfn4WIhHIG1NV7IBfg14pTKv1+EArVcc= -cloud.google.com/go/beyondcorp v1.0.6/go.mod h1:wRkenqrVRtnGFfnyvIg0zBFUdN2jIfeojFF9JJDwVIA= -cloud.google.com/go/beyondcorp v1.0.8/go.mod h1:2WaEvUnw+1ZIUNu227h71X/Q8ypcWWowii9TQ4xlfo0= -cloud.google.com/go/beyondcorp v1.1.1/go.mod h1:L09o0gLkgXMxCZs4qojrgpI2/dhWtasMc71zPPiHMn4= -cloud.google.com/go/beyondcorp v1.1.6/go.mod h1:V1PigSWPGh5L/vRRmyutfnjAbkxLI2aWqJDdxKbwvsQ= -cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= -cloud.google.com/go/bigquery v1.56.0/go.mod h1:KDcsploXTEY7XT3fDQzMUZlpQLHzE4itubHrnmhUrZA= -cloud.google.com/go/bigquery v1.59.1/go.mod h1:VP1UJYgevyTwsV7desjzNzDND5p6hZB+Z8gZJN1GQUc= -cloud.google.com/go/bigquery v1.61.0/go.mod h1:PjZUje0IocbuTOdq4DBOJLNYB0WF3pAKBHzAYyxCwFo= -cloud.google.com/go/bigquery v1.63.1/go.mod h1:ufaITfroCk17WTqBhMpi8CRjsfHjMX07pDrQaRKKX2o= -cloud.google.com/go/bigquery v1.69.0/go.mod h1:TdGLquA3h/mGg+McX+GsqG9afAzTAcldMjqhdjHTLew= -cloud.google.com/go/bigtable v1.33.0/go.mod h1:HtpnH4g25VT1pejHRtInlFPnN5sjTxbQlsYBjh9t5l0= -cloud.google.com/go/bigtable v1.37.0/go.mod h1:HXqddP6hduwzrtiTCqZPpj9ij4hGZb4Zy1WF/dT+yaU= -cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc= -cloud.google.com/go/billing v1.17.2/go.mod h1:u/AdV/3wr3xoRBk5xvUzYMS1IawOAPwQMuHgHMdljDg= -cloud.google.com/go/billing v1.18.2/go.mod h1:PPIwVsOOQ7xzbADCwNe8nvK776QpfrOAUkvKjCUcpSE= -cloud.google.com/go/billing v1.18.5/go.mod h1:lHw7fxS6p7hLWEPzdIolMtOd0ahLwlokW06BzbleKP8= -cloud.google.com/go/billing v1.18.7/go.mod h1:RreCBJPmaN/lzCz/2Xl1hA+OzWGqrzDsax4Qjjp0CbA= -cloud.google.com/go/billing v1.19.1/go.mod h1:c5l7ORJjOLH/aASJqUqNsEmwrhfjWZYHX+z0fIhuVpo= -cloud.google.com/go/billing v1.20.4/go.mod h1:hBm7iUmGKGCnBm6Wp439YgEdt+OnefEq/Ib9SlJYxIU= -cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q= -cloud.google.com/go/binaryauthorization v1.7.1/go.mod h1:GTAyfRWYgcbsP3NJogpV3yeunbUIjx2T9xVeYovtURE= -cloud.google.com/go/binaryauthorization v1.8.1/go.mod h1:1HVRyBerREA/nhI7yLang4Zn7vfNVA3okoAR9qYQJAQ= -cloud.google.com/go/binaryauthorization v1.8.3/go.mod h1:Cul4SsGlbzEsWPOz2sH8m+g2Xergb6ikspUyQ7iOThE= -cloud.google.com/go/binaryauthorization v1.8.5/go.mod h1:2npTMgNJPsmUg0jfmDDORuqBkTPEW6ZSTHXzfxTvN1M= -cloud.google.com/go/binaryauthorization v1.9.1/go.mod h1:jqBzP68bfzjoiMFT6Q1EdZtKJG39zW9ywwzHuv7V8ms= -cloud.google.com/go/binaryauthorization v1.9.5/go.mod h1:CV5GkS2eiY461Bzv+OH3r5/AsuB6zny+MruRju3ccB8= -cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8= -cloud.google.com/go/certificatemanager v1.7.2/go.mod h1:15SYTDQMd00kdoW0+XY5d9e+JbOPjp24AvF48D8BbcQ= -cloud.google.com/go/certificatemanager v1.7.5/go.mod h1:uX+v7kWqy0Y3NG/ZhNvffh0kuqkKZIXdvlZRO7z0VtM= -cloud.google.com/go/certificatemanager v1.8.1/go.mod h1:hDQzr50Vx2gDB+dOfmDSsQzJy/UPrYRdzBdJ5gAVFIc= -cloud.google.com/go/certificatemanager v1.8.3/go.mod h1:QS0jxTu5wgEbzaYgGs/GBYKvVgAgc9jnYaaTFH8jRtE= -cloud.google.com/go/certificatemanager v1.9.1/go.mod h1:a6bXZULtd6iQTRuSVs1fopcHLMJ/T3zSpIB7aJaq/js= -cloud.google.com/go/certificatemanager v1.9.5/go.mod h1:kn7gxT/80oVGhjL8rurMUYD36AOimgtzSBPadtAeffs= -cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU= -cloud.google.com/go/channel v1.17.1/go.mod h1:xqfzcOZAcP4b/hUDH0GkGg1Sd5to6di1HOJn/pi5uBQ= -cloud.google.com/go/channel v1.17.5/go.mod h1:FlpaOSINDAXgEext0KMaBq/vwpLMkkPAw9b2mApQeHc= -cloud.google.com/go/channel v1.17.7/go.mod h1:b+FkgBrhMKM3GOqKUvqHFY/vwgp+rwsAuaMd54wCdN4= -cloud.google.com/go/channel v1.17.9/go.mod h1:h9emIJm+06sK1FxqC3etsWdG87tg92T24wimlJs6lhY= -cloud.google.com/go/channel v1.19.0/go.mod h1:8BEvuN5hWL4tT0rmJR4N8xsZHdfGof+KwemjQH6oXsw= -cloud.google.com/go/channel v1.19.5/go.mod h1:vevu+LK8Oy1Yuf7lcpDbkQQQm5I7oiY5fFTn3uwfQLY= -cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s= -cloud.google.com/go/cloudbuild v1.14.1/go.mod h1:K7wGc/3zfvmYWOWwYTgF/d/UVJhS4pu+HAy7PL7mCsU= -cloud.google.com/go/cloudbuild v1.15.1/go.mod h1:gIofXZSu+XD2Uy+qkOrGKEx45zd7s28u/k8f99qKals= -cloud.google.com/go/cloudbuild v1.16.1/go.mod h1:c2KUANTtCBD8AsRavpPout6Vx8W+fsn5zTsWxCpWgq4= -cloud.google.com/go/cloudbuild v1.16.3/go.mod h1:KJYZAwTUaDKDdEHwLj/EmnpmwLkMuq+fGnBEHA1LlE4= -cloud.google.com/go/cloudbuild v1.18.0/go.mod h1:KCHWGIoS/5fj+By9YmgIQnUiDq8P6YURWOjX3hoc6As= -cloud.google.com/go/cloudbuild v1.22.2/go.mod h1:rPyXfINSgMqMZvuTk1DbZcbKYtvbYF/i9IXQ7eeEMIM= -cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA= -cloud.google.com/go/clouddms v1.7.1/go.mod h1:o4SR8U95+P7gZ/TX+YbJxehOCsM+fe6/brlrFquiszk= -cloud.google.com/go/clouddms v1.7.4/go.mod h1:RdrVqoFG9RWI5AvZ81SxJ/xvxPdtcRhFotwdE79DieY= -cloud.google.com/go/clouddms v1.7.6/go.mod h1:8HWZ2tznZ0mNAtTpfnRNT0QOThqn9MBUqTj0Lx8npIs= -cloud.google.com/go/clouddms v1.7.8/go.mod h1:KQpBMxH99ZTPK4LgXkYUntzRQ5hcNkjpGRbNSRzW9Nk= -cloud.google.com/go/clouddms v1.8.1/go.mod h1:bmW2eDFH1LjuwkHcKKeeppcmuBGS0r6Qz6TXanehKP0= -cloud.google.com/go/clouddms v1.8.7/go.mod h1:DhWLd3nzHP8GoHkA6hOhso0R9Iou+IGggNqlVaq/KZ4= -cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs= -cloud.google.com/go/cloudtasks v1.12.2/go.mod h1:A7nYkjNlW2gUoROg1kvJrQGhJP/38UaWwsnuBDOBVUk= -cloud.google.com/go/cloudtasks v1.12.6/go.mod h1:b7c7fe4+TJsFZfDyzO51F7cjq7HLUlRi/KZQLQjDsaY= -cloud.google.com/go/cloudtasks v1.12.8/go.mod h1:aX8qWCtmVf4H4SDYUbeZth9C0n9dBj4dwiTYi4Or/P4= -cloud.google.com/go/cloudtasks v1.12.10/go.mod h1:OHJzRAdE+7H00cdsINhb21ugVLDgk3Uh4r0holCB5XQ= -cloud.google.com/go/cloudtasks v1.13.1/go.mod h1:dyRD7tEEkLMbHLagb7UugkDa77UVJp9d/6O9lm3ModI= -cloud.google.com/go/cloudtasks v1.13.6/go.mod h1:/IDaQqGKMixD+ayM43CfsvWF2k36GeomEuy9gL4gLmU= -cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= -cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= -cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= -cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= -cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= -cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI= -cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls= -cloud.google.com/go/compute v1.26.0 h1:uHf0NN2nvxl1Gh4QO83yRCOdMK4zivtMS5gv0dEX0hg= -cloud.google.com/go/compute v1.26.0/go.mod h1:T9RIRap4pVHCGUkVFRJ9hygT3KCXjip41X1GgWtBBII= -cloud.google.com/go/compute v1.27.2 h1:5cE5hdrwJV/92ravlwIFRGnyH9CpLGhh4N0ZDVTU+BA= -cloud.google.com/go/compute v1.27.2/go.mod h1:YQuHkNEwP3bIz4LBYQqf4DIMfFtTDtnEgnwG0mJQQ9I= -cloud.google.com/go/compute v1.28.1 h1:XwPcZjgMCnU2tkwY10VleUjSAfpTj9RDn+kGrbYsi8o= -cloud.google.com/go/compute v1.28.1/go.mod h1:b72iXMY4FucVry3NR3Li4kVyyTvbMDE7x5WsqvxjsYk= -cloud.google.com/go/compute v1.38.0 h1:MilCLYQW2m7Dku8hRIIKo4r0oKastlD74sSu16riYKs= -cloud.google.com/go/compute v1.38.0/go.mod h1:oAFNIuXOmXbK/ssXm3z4nZB8ckPdjltJ7xhHCdbWFZM= -cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= -cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= -cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= -cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo= -cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= -cloud.google.com/go/contactcenterinsights v1.11.1/go.mod h1:FeNP3Kg8iteKM80lMwSk3zZZKVxr+PGnAId6soKuXwE= -cloud.google.com/go/contactcenterinsights v1.13.0/go.mod h1:ieq5d5EtHsu8vhe2y3amtZ+BE+AQwX5qAy7cpo0POsI= -cloud.google.com/go/contactcenterinsights v1.13.2/go.mod h1:AfkSB8t7mt2sIY6WpfO61nD9J9fcidIchtxm9FqJVXk= -cloud.google.com/go/contactcenterinsights v1.13.4/go.mod h1:6OWSyQxeaQRxhkyMhtE+RFOOlsMcKOTukv8nnjxbNCQ= -cloud.google.com/go/contactcenterinsights v1.15.0/go.mod h1:6bJGBQrJsnATv2s6Dh/c6HCRanq2kCZ0kIIjRV1G0mI= -cloud.google.com/go/contactcenterinsights v1.17.3/go.mod h1:7Uu2CpxS3f6XxhRdlEzYAkrChpR5P5QfcdGAFEdHOG8= -cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA= -cloud.google.com/go/container v1.26.1/go.mod h1:5smONjPRUxeEpDG7bMKWfDL4sauswqEtnBK1/KKpR04= -cloud.google.com/go/container v1.31.0/go.mod h1:7yABn5s3Iv3lmw7oMmyGbeV6tQj86njcTijkkGuvdZA= -cloud.google.com/go/container v1.35.1/go.mod h1:udm8fgLm3TtpnjFN4QLLjZezAIIp/VnMo316yIRVRQU= -cloud.google.com/go/container v1.37.2/go.mod h1:2ly7zpBmWtYjjuoB3fHyq8Gqrxaj2NIwzwVRpUcKYXk= -cloud.google.com/go/container v1.40.0/go.mod h1:wNI1mOUivm+ZkpHMbouutgbD4sQxyphMwK31X5cThY4= -cloud.google.com/go/container v1.43.0/go.mod h1:ETU9WZ1KM9ikEKLzrhRVao7KHtalDQu6aPqM34zDr/U= -cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= -cloud.google.com/go/containeranalysis v0.11.1/go.mod h1:rYlUOM7nem1OJMKwE1SadufX0JP3wnXj844EtZAwWLY= -cloud.google.com/go/containeranalysis v0.11.4/go.mod h1:cVZT7rXYBS9NG1rhQbWL9pWbXCKHWJPYraE8/FTSYPE= -cloud.google.com/go/containeranalysis v0.11.6/go.mod h1:YRf7nxcTcN63/Kz9f86efzvrV33g/UV8JDdudRbYEUI= -cloud.google.com/go/containeranalysis v0.11.8/go.mod h1:2ru4oxs6dCcaG3ZsmKAy4yMmG68ukOuS/IRCMEHYpLo= -cloud.google.com/go/containeranalysis v0.13.1/go.mod h1:bmd9H880BNR4Hc8JspEg8ge9WccSQfO+/N+CYvU3sEA= -cloud.google.com/go/containeranalysis v0.14.1/go.mod h1:28e+tlZgauWGHmEbnI5UfIsjMmrkoR1tFN0K2i71jBI= -cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= -cloud.google.com/go/datacatalog v1.18.1/go.mod h1:TzAWaz+ON1tkNr4MOcak8EBHX7wIRX/gZKM+yTVsv+A= -cloud.google.com/go/datacatalog v1.19.3/go.mod h1:ra8V3UAsciBpJKQ+z9Whkxzxv7jmQg1hfODr3N3YPJ4= -cloud.google.com/go/datacatalog v1.20.1/go.mod h1:Jzc2CoHudhuZhpv78UBAjMEg3w7I9jHA11SbRshWUjk= -cloud.google.com/go/datacatalog v1.20.3/go.mod h1:AKC6vAy5urnMg5eJK3oUjy8oa5zMbiY33h125l8lmlo= -cloud.google.com/go/datacatalog v1.22.1/go.mod h1:MscnJl9B2lpYlFoxRjicw19kFTwEke8ReKL5Y/6TWg8= -cloud.google.com/go/datacatalog v1.26.0/go.mod h1:bLN2HLBAwB3kLTFT5ZKLHVPj/weNz6bR0c7nYp0LE14= -cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= -cloud.google.com/go/dataflow v0.9.2/go.mod h1:vBfdBZ/ejlTaYIGB3zB4T08UshH70vbtZeMD+urnUSo= -cloud.google.com/go/dataflow v0.9.5/go.mod h1:udl6oi8pfUHnL0z6UN9Lf9chGqzDMVqcYTcZ1aPnCZQ= -cloud.google.com/go/dataflow v0.9.7/go.mod h1:3BjkOxANrm1G3+/EBnEsTEEgJu1f79mFqoOOZfz3v+E= -cloud.google.com/go/dataflow v0.9.9/go.mod h1:Wk/92E1BvhV7qs/dWb+3dN26uGgyp/H1Jr5ZJxeD3dw= -cloud.google.com/go/dataflow v0.10.1/go.mod h1:zP4/tNjONFRcS4NcI9R94YDQEkPalimdbPkijVNJt/g= -cloud.google.com/go/dataflow v0.11.0/go.mod h1:gNHC9fUjlV9miu0hd4oQaXibIuVYTQvZhMdPievKsPk= -cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE= -cloud.google.com/go/dataform v0.8.2/go.mod h1:X9RIqDs6NbGPLR80tnYoPNiO1w0wenKTb8PxxlhTMKM= -cloud.google.com/go/dataform v0.9.2/go.mod h1:S8cQUwPNWXo7m/g3DhWHsLBoufRNn9EgFrMgne2j7cI= -cloud.google.com/go/dataform v0.9.4/go.mod h1:jjo4XY+56UrNE0wsEQsfAw4caUs4DLJVSyFBDelRDtQ= -cloud.google.com/go/dataform v0.9.6/go.mod h1:JKDPMfcYMu9oUMubIvvAGWTBX0sw4o/JIjCcczzbHmk= -cloud.google.com/go/dataform v0.10.1/go.mod h1:c5y0hIOBCfszmBcLJyxnELF30gC1qC/NeHdmkzA7TNQ= -cloud.google.com/go/dataform v0.12.0/go.mod h1:PuDIEY0lSVuPrZqcFji1fmr5RRvz3DGz4YP/cONc8g4= -cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8= -cloud.google.com/go/datafusion v1.7.2/go.mod h1:62K2NEC6DRlpNmI43WHMWf9Vg/YvN6QVi8EVwifElI0= -cloud.google.com/go/datafusion v1.7.5/go.mod h1:bYH53Oa5UiqahfbNK9YuYKteeD4RbQSNMx7JF7peGHc= -cloud.google.com/go/datafusion v1.7.7/go.mod h1:qGTtQcUs8l51lFA9ywuxmZJhS4ozxsBSus6ItqCUWMU= -cloud.google.com/go/datafusion v1.7.9/go.mod h1:ciYV8FL0JmrwgoJ7CH64oUHiI0oOf2VLE45LWKT51Ls= -cloud.google.com/go/datafusion v1.8.1/go.mod h1:I5+nRt6Lob4g1eCbcxP4ayRNx8hyOZ8kA3PB/vGd9Lo= -cloud.google.com/go/datafusion v1.8.6/go.mod h1:fCyKJF2zUKC+O3hc2F9ja5EUCAbT4zcH692z8HiFZFw= -cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM= -cloud.google.com/go/datalabeling v0.8.2/go.mod h1:cyDvGHuJWu9U/cLDA7d8sb9a0tWLEletStu2sTmg3BE= -cloud.google.com/go/datalabeling v0.8.5/go.mod h1:IABB2lxQnkdUbMnQaOl2prCOfms20mcPxDBm36lps+s= -cloud.google.com/go/datalabeling v0.8.7/go.mod h1:/PPncW5gxrU15UzJEGQoOT3IobeudHGvoExrtZ8ZBwo= -cloud.google.com/go/datalabeling v0.8.9/go.mod h1:61QutR66VZFgN8boHhl4/FTfxenNzihykv18BgxwSrg= -cloud.google.com/go/datalabeling v0.9.1/go.mod h1:umplHuZX+x5DItNPV5BFBXau5TDsljLNzEj5AB5uRUM= -cloud.google.com/go/datalabeling v0.9.6/go.mod h1:n7o4x0vtPensZOoFwFa4UfZgkSZm8Qs0Pg/T3kQjXSM= -cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs= -cloud.google.com/go/dataplex v1.10.1/go.mod h1:1MzmBv8FvjYfc7vDdxhnLFNskikkB+3vl475/XdCDhs= -cloud.google.com/go/dataplex v1.14.2/go.mod h1:0oGOSFlEKef1cQeAHXy4GZPB/Ife0fz/PxBf+ZymA2U= -cloud.google.com/go/dataplex v1.15.1/go.mod h1:+cUJLSCSIWfH53dIXOS5gLErCSz3MP0mZiswVVI8YTA= -cloud.google.com/go/dataplex v1.18.0/go.mod h1:THLDVG07lcY1NgqVvjTV1mvec+rFHwpDwvSd+196MMc= -cloud.google.com/go/dataplex v1.19.1/go.mod h1:WzoQ+vcxrAyM0cjJWmluEDVsg7W88IXXCfuy01BslKE= -cloud.google.com/go/dataplex v1.25.3/go.mod h1:wOJXnOg6bem0tyslu4hZBTncfqcPNDpYGKzed3+bd+E= -cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= -cloud.google.com/go/dataproc/v2 v2.2.1/go.mod h1:QdAJLaBjh+l4PVlVZcmrmhGccosY/omC1qwfQ61Zv/o= -cloud.google.com/go/dataproc/v2 v2.4.0/go.mod h1:3B1Ht2aRB8VZIteGxQS/iNSJGzt9+CA0WGnDVMEm7Z4= -cloud.google.com/go/dataproc/v2 v2.4.2/go.mod h1:smGSj1LZP3wtnsM9eyRuDYftNAroAl6gvKp/Wk64XDE= -cloud.google.com/go/dataproc/v2 v2.5.1/go.mod h1:5s2CuQyTPX7e19ZRMLicfPFNgXrvsVct3xz94UvWFeQ= -cloud.google.com/go/dataproc/v2 v2.9.0/go.mod h1:i4365hSwNP6Bx0SAUnzCC6VloeNxChDjJWH6BfVPcbs= -cloud.google.com/go/dataproc/v2 v2.11.2/go.mod h1:xwukBjtfiO4vMEa1VdqyFLqJmcv7t3lo+PbLDcTEw+g= -cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c= -cloud.google.com/go/dataqna v0.8.2/go.mod h1:KNEqgx8TTmUipnQsScOoDpq/VlXVptUqVMZnt30WAPs= -cloud.google.com/go/dataqna v0.8.5/go.mod h1:vgihg1mz6n7pb5q2YJF7KlXve6tCglInd6XO0JGOlWM= -cloud.google.com/go/dataqna v0.8.7/go.mod h1:hvxGaSvINAVH5EJJsONIwT1y+B7OQogjHPjizOFoWOo= -cloud.google.com/go/dataqna v0.8.9/go.mod h1:wrw1SL/zLRlVgf0d8P0ZBJ2hhGaLbwoNRsW6m1mn64g= -cloud.google.com/go/dataqna v0.9.1/go.mod h1:86DNLE33yEfNDp5F2nrITsmTYubMbsF7zQRzC3CcZrY= -cloud.google.com/go/dataqna v0.9.7/go.mod h1:4ac3r7zm7Wqm8NAc8sDIDM0v7Dz7d1e/1Ka1yMFanUM= -cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c= -cloud.google.com/go/datastore v1.15.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8= -cloud.google.com/go/datastore v1.16.0/go.mod h1:WIGbYyZE4GUJC+RLuVgpl6myNMKZGzlfbtN3Tch4R+8= -cloud.google.com/go/datastore v1.17.1/go.mod h1:mtzZ2HcVtz90OVrEXXGDc2pO4NM1kiBQy8YV4qGe0ZM= -cloud.google.com/go/datastore v1.19.0/go.mod h1:KGzkszuj87VT8tJe67GuB+qLolfsOt6bZq/KFuWaahc= -cloud.google.com/go/datastore v1.20.0/go.mod h1:uFo3e+aEpRfHgtp5pp0+6M0o147KoPaYNaPAKpfh8Ew= -cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww= -cloud.google.com/go/datastream v1.10.1/go.mod h1:7ngSYwnw95YFyTd5tOGBxHlOZiL+OtpjheqU7t2/s/c= -cloud.google.com/go/datastream v1.10.4/go.mod h1:7kRxPdxZxhPg3MFeCSulmAJnil8NJGGvSNdn4p1sRZo= -cloud.google.com/go/datastream v1.10.6/go.mod h1:lPeXWNbQ1rfRPjBFBLUdi+5r7XrniabdIiEaCaAU55o= -cloud.google.com/go/datastream v1.10.8/go.mod h1:6nkPjnk5Qr602Wq+YQ+/RWUOX5h4voMTz5abgEOYPCM= -cloud.google.com/go/datastream v1.11.1/go.mod h1:a4j5tnptIxdZ132XboR6uQM/ZHcuv/hLqA6hH3NJWgk= -cloud.google.com/go/datastream v1.14.1/go.mod h1:JqMKXq/e0OMkEgfYe0nP+lDye5G2IhIlmencWxmesMo= -cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ= -cloud.google.com/go/deploy v1.13.1/go.mod h1:8jeadyLkH9qu9xgO3hVWw8jVr29N1mnW42gRJT8GY6g= -cloud.google.com/go/deploy v1.17.1/go.mod h1:SXQyfsXrk0fBmgBHRzBjQbZhMfKZ3hMQBw5ym7MN/50= -cloud.google.com/go/deploy v1.18.0/go.mod h1:7Nv2yKPQG5Lv3sscLUuY58DlrEMqPlq6nedtpb1Prcg= -cloud.google.com/go/deploy v1.19.2/go.mod h1:i6zfU9FZkqFgWIvO2/gsodGU9qF4tF9mBgoMdfnf6as= -cloud.google.com/go/deploy v1.23.0/go.mod h1:O7qoXcg44Ebfv9YIoFEgYjPmrlPsXD4boYSVEiTqdHY= -cloud.google.com/go/deploy v1.27.2/go.mod h1:4NHWE7ENry2A4O1i/4iAPfXHnJCZ01xckAKpZQwhg1M= -cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE= -cloud.google.com/go/dialogflow v1.44.1/go.mod h1:n/h+/N2ouKOO+rbe/ZnI186xImpqvCVj2DdsWS/0EAk= -cloud.google.com/go/dialogflow v1.49.0/go.mod h1:dhVrXKETtdPlpPhE7+2/k4Z8FRNUp6kMV3EW3oz/fe0= -cloud.google.com/go/dialogflow v1.53.0/go.mod h1:LqAvxq7bXiiGC3/DWIz9XXCxth2z2qpSnBAAmlNOj6U= -cloud.google.com/go/dialogflow v1.54.2/go.mod h1:avkFNYog+U127jKpGzW1FOllBwZy3OfCz1K1eE9RGh8= -cloud.google.com/go/dialogflow v1.58.0/go.mod h1:sWcyFLdUrg+TWBJVq/OtwDyjcyDOfirTF0Gx12uKy7o= -cloud.google.com/go/dialogflow v1.68.2/go.mod h1:E0Ocrhf5/nANZzBju8RX8rONf0PuIvz2fVj3XkbAhiY= -cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4= -cloud.google.com/go/dlp v1.10.2/go.mod h1:ZbdKIhcnyhILgccwVDzkwqybthh7+MplGC3kZVZsIOQ= -cloud.google.com/go/dlp v1.11.2/go.mod h1:9Czi+8Y/FegpWzgSfkRlyz+jwW6Te9Rv26P3UfU/h/w= -cloud.google.com/go/dlp v1.12.2/go.mod h1:AkJim14g+g5JqE4tTr9IJYQp2HHKhBYw/r/G6KQLQi0= -cloud.google.com/go/dlp v1.14.2/go.mod h1:+uwRt+6wZ3PL0wsmZ1cUAj0Mt9kyeV3WcIKPW03wJVU= -cloud.google.com/go/dlp v1.19.0/go.mod h1:cr8dKBq8un5LALiyGkz4ozcwzt3FyTlOwA4/fFzJ64c= -cloud.google.com/go/dlp v1.23.0/go.mod h1:vVT4RlyPMEMcVHexdPT6iMVac3seq3l6b8UPdYpgFrg= -cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs= -cloud.google.com/go/documentai v1.23.2/go.mod h1:Q/wcRT+qnuXOpjAkvOV4A+IeQl04q2/ReT7SSbytLSo= -cloud.google.com/go/documentai v1.25.0/go.mod h1:ftLnzw5VcXkLItp6pw1mFic91tMRyfv6hHEY5br4KzY= -cloud.google.com/go/documentai v1.28.0/go.mod h1:ZTt9RkTRmqOn5GQgU4JxHJxbobemOoo6FSy0byEQHqY= -cloud.google.com/go/documentai v1.30.3/go.mod h1:aMxiOouLr36hyahLhI3OwAcsy7plOTiXR/RmK+MHbSg= -cloud.google.com/go/documentai v1.34.0/go.mod h1:onJlbHi4ZjQTsANSZJvW7fi2M8LZJrrupXkWDcy4gLY= -cloud.google.com/go/documentai v1.37.0/go.mod h1:qAf3ewuIUJgvSHQmmUWvM3Ogsr5A16U2WPHmiJldvLA= -cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE= -cloud.google.com/go/domains v0.9.2/go.mod h1:3YvXGYzZG1Temjbk7EyGCuGGiXHJwVNmwIf+E/cUp5I= -cloud.google.com/go/domains v0.9.5/go.mod h1:dBzlxgepazdFhvG7u23XMhmMKBjrkoUNaw0A8AQB55Y= -cloud.google.com/go/domains v0.9.7/go.mod h1:u/yVf3BgfPJW3QDZl51qTJcDXo9PLqnEIxfGmGgbHEc= -cloud.google.com/go/domains v0.9.9/go.mod h1:/ewEPIaNmTrElY7u9BZPcLPnoP1NJJXGvISDDapwVNU= -cloud.google.com/go/domains v0.10.1/go.mod h1:RjDl3K8iq/ZZHMVqfZzRuBUr5t85gqA6LEXQBeBL5F4= -cloud.google.com/go/domains v0.10.6/go.mod h1:3xzG+hASKsVBA8dOPc4cIaoV3OdBHl1qgUpAvXK7pGY= -cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY= -cloud.google.com/go/edgecontainer v1.1.2/go.mod h1:wQRjIzqxEs9e9wrtle4hQPSR1Y51kqN75dgF7UllZZ4= -cloud.google.com/go/edgecontainer v1.1.5/go.mod h1:rgcjrba3DEDEQAidT4yuzaKWTbkTI5zAMu3yy6ZWS0M= -cloud.google.com/go/edgecontainer v1.2.1/go.mod h1:OE2D0lbkmGDVYLCvpj8Y0M4a4K076QB7E2JupqOR/qU= -cloud.google.com/go/edgecontainer v1.2.3/go.mod h1:gMKe2JfE0OT0WuCJArzIndAmMWDPCIYGSWYIpJ6M7oM= -cloud.google.com/go/edgecontainer v1.3.1/go.mod h1:qyz5+Nk/UAs6kXp6wiux9I2U4A2R624K15QhHYovKKM= -cloud.google.com/go/edgecontainer v1.4.3/go.mod h1:q9Ojw2ox0uhAvFisnfPRAXFTB1nfRIOIXVWzdXMZLcE= -cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= -cloud.google.com/go/errorreporting v0.3.1/go.mod h1:6xVQXU1UuntfAf+bVkFk6nld41+CPyF2NSPCyXE3Ztk= -cloud.google.com/go/errorreporting v0.3.2/go.mod h1:s5kjs5r3l6A8UUyIsgvAhGq6tkqyBCUss0FRpsoVTww= -cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M= -cloud.google.com/go/essentialcontacts v1.6.3/go.mod h1:yiPCD7f2TkP82oJEFXFTou8Jl8L6LBRPeBEkTaO0Ggo= -cloud.google.com/go/essentialcontacts v1.6.6/go.mod h1:XbqHJGaiH0v2UvtuucfOzFXN+rpL/aU5BCZLn4DYl1Q= -cloud.google.com/go/essentialcontacts v1.6.8/go.mod h1:EHONVDSum2xxG2p+myyVda/FwwvGbY58ZYC4XqI/lDQ= -cloud.google.com/go/essentialcontacts v1.6.10/go.mod h1:wQlXvEb/0hB0C0d4H6/90P8CiZcYewkvJ3VoUVFPi4E= -cloud.google.com/go/essentialcontacts v1.7.1/go.mod h1:F/MMWNLRW7b42WwWklOsnx4zrMOWDYWqWykBf1jXKPY= -cloud.google.com/go/essentialcontacts v1.7.6/go.mod h1:/Ycn2egr4+XfmAfxpLYsJeJlVf9MVnq9V7OMQr9R4lA= -cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY= -cloud.google.com/go/eventarc v1.13.1/go.mod h1:EqBxmGHFrruIara4FUQ3RHlgfCn7yo1HYsu2Hpt/C3Y= -cloud.google.com/go/eventarc v1.13.4/go.mod h1:zV5sFVoAa9orc/52Q+OuYUG9xL2IIZTbbuTHC6JSY8s= -cloud.google.com/go/eventarc v1.13.6/go.mod h1:QReOaYnDNdjwAQQWNC7nfr63WnaKFUw7MSdQ9PXJYj0= -cloud.google.com/go/eventarc v1.13.8/go.mod h1:Xq3SsMoOAn7RmacXgJO7kq818iRLFF0bVhH780qlmTs= -cloud.google.com/go/eventarc v1.14.1/go.mod h1:NG0YicE+z9MDcmh2u4tlzLDVLRjq5UHZlibyQlPhcxY= -cloud.google.com/go/eventarc v1.15.5/go.mod h1:vDCqGqyY7SRiickhEGt1Zhuj81Ya4F/NtwwL3OZNskg= -cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg= -cloud.google.com/go/filestore v1.7.2/go.mod h1:TYOlyJs25f/omgj+vY7/tIG/E7BX369triSPzE4LdgE= -cloud.google.com/go/filestore v1.8.1/go.mod h1:MbN9KcaM47DRTIuLfQhJEsjaocVebNtNQhSLhKCF5GM= -cloud.google.com/go/filestore v1.8.3/go.mod h1:QTpkYpKBF6jlPRmJwhLqXfJQjVrQisplyb4e2CwfJWc= -cloud.google.com/go/filestore v1.8.5/go.mod h1:o8KvHyl5V30kIdrPX6hE+RknscXCUFXWSxYsEWeFfRU= -cloud.google.com/go/filestore v1.9.1/go.mod h1:g/FNHBABpxjL1M9nNo0nW6vLYIMVlyOKhBKtYGgcKUI= -cloud.google.com/go/filestore v1.10.2/go.mod h1:w0Pr8uQeSRQfCPRsL0sYKW6NKyooRgixCkV9yyLykR4= -cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= -cloud.google.com/go/firestore v1.13.0/go.mod h1:QojqqOh8IntInDUSTAh0c8ZsPYAr68Ma8c5DWOy8xb8= -cloud.google.com/go/firestore v1.14.0/go.mod h1:96MVaHLsEhbvkBEdZgfN+AS/GIkco1LRpH9Xp9YZfzQ= -cloud.google.com/go/firestore v1.15.0/go.mod h1:GWOxFXcv8GZUtYpWHw/w6IuYNux/BtmeVTMmjrm4yhk= -cloud.google.com/go/firestore v1.17.0/go.mod h1:69uPx1papBsY8ZETooc71fOhoKkD70Q1DwMrtKuOT/Y= -cloud.google.com/go/firestore v1.18.0/go.mod h1:5ye0v48PhseZBdcl0qbl3uttu7FIEwEYVaWm0UIEOEU= -cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c= -cloud.google.com/go/functions v1.15.2/go.mod h1:CHAjtcR6OU4XF2HuiVeriEdELNcnvRZSk1Q8RMqy4lE= -cloud.google.com/go/functions v1.16.0/go.mod h1:nbNpfAG7SG7Duw/o1iZ6ohvL7mc6MapWQVpqtM29n8k= -cloud.google.com/go/functions v1.16.2/go.mod h1:+gMvV5E3nMb9EPqX6XwRb646jTyVz8q4yk3DD6xxHpg= -cloud.google.com/go/functions v1.16.4/go.mod h1:uDp5MbH0kCtXe3uBluq3Zi7bEDuHqcn60mAHxUsNezI= -cloud.google.com/go/functions v1.19.1/go.mod h1:18RszySpwRg6aH5UTTVsRfdCwDooSf/5mvSnU7NAk4A= -cloud.google.com/go/functions v1.19.6/go.mod h1:0G0RnIlbM4MJEycfbPZlCzSf2lPOjL7toLDwl+r0ZBw= -cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0= -cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= -cloud.google.com/go/gkebackup v1.3.2/go.mod h1:OMZbXzEJloyXMC7gqdSB+EOEQ1AKcpGYvO3s1ec5ixk= -cloud.google.com/go/gkebackup v1.3.5/go.mod h1:KJ77KkNN7Wm1LdMopOelV6OodM01pMuK2/5Zt1t4Tvc= -cloud.google.com/go/gkebackup v1.4.1/go.mod h1:tVwSKC1/UxEA011ijRG8vlXaZThzTSy6vReO9fTOlX8= -cloud.google.com/go/gkebackup v1.5.2/go.mod h1:ZuWJKacdXtjiO8ry9RrdT57gvcsU7c7/FTqqwjdNUjk= -cloud.google.com/go/gkebackup v1.6.1/go.mod h1:CEnHQCsNBn+cyxcxci0qbAPYe8CkivNEitG/VAZ08ms= -cloud.google.com/go/gkebackup v1.8.0/go.mod h1:FjsjNldDilC9MWKEHExnK3kKJyTDaSdO1vF0QeWSOPU= -cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw= -cloud.google.com/go/gkeconnect v0.8.2/go.mod h1:6nAVhwchBJYgQCXD2pHBFQNiJNyAd/wyxljpaa6ZPrY= -cloud.google.com/go/gkeconnect v0.8.5/go.mod h1:LC/rS7+CuJ5fgIbXv8tCD/mdfnlAadTaUufgOkmijuk= -cloud.google.com/go/gkeconnect v0.8.7/go.mod h1:iUH1jgQpTyNFMK5LgXEq2o0beIJ2p7KKUUFerkf/eGc= -cloud.google.com/go/gkeconnect v0.8.9/go.mod h1:gl758q5FLXewQZIsxQ7vHyYmLcGBuubvQO6J3yFDh08= -cloud.google.com/go/gkeconnect v0.11.1/go.mod h1:Vu3UoOI2c0amGyv4dT/EmltzscPH41pzS4AXPqQLej0= -cloud.google.com/go/gkeconnect v0.12.4/go.mod h1:bvpU9EbBpZnXGo3nqJ1pzbHWIfA9fYqgBMJ1VjxaZdk= -cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw= -cloud.google.com/go/gkehub v0.14.2/go.mod h1:iyjYH23XzAxSdhrbmfoQdePnlMj2EWcvnR+tHdBQsCY= -cloud.google.com/go/gkehub v0.14.5/go.mod h1:6bzqxM+a+vEH/h8W8ec4OJl4r36laxTs3A/fMNHJ0wA= -cloud.google.com/go/gkehub v0.14.7/go.mod h1:NLORJVTQeCdxyAjDgUwUp0A6BLEaNLq84mCiulsM4OE= -cloud.google.com/go/gkehub v0.14.9/go.mod h1:W2rDU2n2xgMpf3/BqpT6ffUX/I8yez87rrW/iGRz6Kk= -cloud.google.com/go/gkehub v0.15.1/go.mod h1:cyUwa9iFQYd/pI7IQYl6A+OF6M8uIbhmJr090v9Z4UU= -cloud.google.com/go/gkehub v0.15.6/go.mod h1:sRT0cOPAgI1jUJrS3gzwdYCJ1NEzVVwmnMKEwrS2QaM= -cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y= -cloud.google.com/go/gkemulticloud v1.0.1/go.mod h1:AcrGoin6VLKT/fwZEYuqvVominLriQBCKmbjtnbMjG8= -cloud.google.com/go/gkemulticloud v1.1.1/go.mod h1:C+a4vcHlWeEIf45IB5FFR5XGjTeYhF83+AYIpTy4i2Q= -cloud.google.com/go/gkemulticloud v1.1.3/go.mod h1:4WzfPnsOfdCIj6weekE5FIGCaeQKZ1HzGNUVZ1PpIxw= -cloud.google.com/go/gkemulticloud v1.2.2/go.mod h1:VMsMYDKpUVYNrhese31TVJMVXPLEtFT/AnIarqlcwVo= -cloud.google.com/go/gkemulticloud v1.4.0/go.mod h1:rg8YOQdRKEtMimsiNCzZUP74bOwImhLRv9wQ0FwBUP4= -cloud.google.com/go/gkemulticloud v1.5.3/go.mod h1:KPFf+/RcfvmuScqwS9/2MF5exZAmXSuoSLPuaQ98Xlk= -cloud.google.com/go/grafeas v0.3.6/go.mod h1:to6ECAPgRO2xeqD8ISXHc70nObJuaKZThreQOjeOH3o= -cloud.google.com/go/grafeas v0.3.10/go.mod h1:Mz/AoXmxNhj74VW0fz5Idc3kMN2VZMi4UT5+UPx5Pq0= -cloud.google.com/go/grafeas v0.3.15/go.mod h1:irwcwIQOBlLBotGdMwme8PipnloOPqILfIvMwlmu8Pk= -cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo= -cloud.google.com/go/gsuiteaddons v1.6.2/go.mod h1:K65m9XSgs8hTF3X9nNTPi8IQueljSdYo9F+Mi+s4MyU= -cloud.google.com/go/gsuiteaddons v1.6.5/go.mod h1:Lo4P2IvO8uZ9W+RaC6s1JVxo42vgy+TX5a6hfBZ0ubs= -cloud.google.com/go/gsuiteaddons v1.6.7/go.mod h1:u+sGBvr07OKNnOnQiB/Co1q4U2cjo50ERQwvnlcpNis= -cloud.google.com/go/gsuiteaddons v1.6.9/go.mod h1:qITZZoLzQhMQ6Re+izKEvz4C+M1AP13S+XuEpS26824= -cloud.google.com/go/gsuiteaddons v1.7.1/go.mod h1:SxM63xEPFf0p/plgh4dP82mBSKtp2RWskz5DpVo9jh8= -cloud.google.com/go/gsuiteaddons v1.7.7/go.mod h1:zTGmmKG/GEBCONsvMOY2ckDiEsq3FN+lzWGUiXccF9o= -cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc= -cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= -cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= -cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE= -cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= -cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= -cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA= -cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= -cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= -cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= -cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74= -cloud.google.com/go/iap v1.9.1/go.mod h1:SIAkY7cGMLohLSdBR25BuIxO+I4fXJiL06IBL7cy/5Q= -cloud.google.com/go/iap v1.9.4/go.mod h1:vO4mSq0xNf/Pu6E5paORLASBwEmphXEjgCFg7aeNu1w= -cloud.google.com/go/iap v1.9.6/go.mod h1:YiK+tbhDszhaVifvzt2zTEF2ch9duHtp6xzxj9a0sQk= -cloud.google.com/go/iap v1.9.8/go.mod h1:jQzSbtpYRbBoMdOINr/OqUxBY9rhyqLx04utTCmJ6oo= -cloud.google.com/go/iap v1.10.1/go.mod h1:UKetCEzOZ4Zj7l9TSN/wzRNwbgIYzm4VM4bStaQ/tFc= -cloud.google.com/go/iap v1.11.2/go.mod h1:Bh99DMUpP5CitL9lK0BC8MYgjjYO4b3FbyhgW1VHJvg= -cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4= -cloud.google.com/go/ids v1.4.2/go.mod h1:3vw8DX6YddRu9BncxuzMyWn0g8+ooUjI2gslJ7FH3vk= -cloud.google.com/go/ids v1.4.5/go.mod h1:p0ZnyzjMWxww6d2DvMGnFwCsSxDJM666Iir1bK1UuBo= -cloud.google.com/go/ids v1.4.7/go.mod h1:yUkDC71u73lJoTaoONy0dsA0T7foekvg6ZRg9IJL0AA= -cloud.google.com/go/ids v1.4.9/go.mod h1:1pL+mhlvtUNphwBSK91yO8NoTVQYwOpqim1anIVBwbM= -cloud.google.com/go/ids v1.5.1/go.mod h1:d/9jTtY506mTxw/nHH3UN4TFo80jhAX+tESwzj42yFo= -cloud.google.com/go/ids v1.5.6/go.mod h1:y3SGLmEf9KiwKsH7OHvYYVNIJAtXybqsD2z8gppsziQ= -cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE= -cloud.google.com/go/iot v1.7.2/go.mod h1:q+0P5zr1wRFpw7/MOgDXrG/HVA+l+cSwdObffkrpnSg= -cloud.google.com/go/iot v1.7.5/go.mod h1:nq3/sqTz3HGaWJi1xNiX7F41ThOzpud67vwk0YsSsqs= -cloud.google.com/go/iot v1.7.7/go.mod h1:tr0bCOSPXtsg64TwwZ/1x+ReTWKlQRVXbM+DnrE54yM= -cloud.google.com/go/iot v1.7.9/go.mod h1:1fi6x4CexbygNgRPn+tcxCjOZFTl+4G6Adbo6sLPR7c= -cloud.google.com/go/iot v1.8.1/go.mod h1:FNceQ9/EGvbE2az7RGoGPY0aqrsyJO3/LqAL0h83fZw= -cloud.google.com/go/iot v1.8.6/go.mod h1:MThnkiihNkMysWNeNje2Hp0GSOpEq2Wkb/DkBCVYa0U= -cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= -cloud.google.com/go/kms v1.15.3/go.mod h1:AJdXqHxS2GlPyduM99s9iGqi2nwbviBbhV/hdmt4iOQ= -cloud.google.com/go/kms v1.15.7/go.mod h1:ub54lbsa6tDkUwnu4W7Yt1aAIFLnspgh0kPGToDukeI= -cloud.google.com/go/kms v1.15.9/go.mod h1:5v/R/RRuBUVO+eJioGcqENr3syh8ZqNn1y1Wc9DjM+4= -cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= -cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM= -cloud.google.com/go/kms v1.22.0/go.mod h1:U7mf8Sva5jpOb4bxYZdtw/9zsbIjrklYwPcvMk34AL8= -cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY= -cloud.google.com/go/language v1.11.1/go.mod h1:Xyid9MG9WOX3utvDbpX7j3tXDmmDooMyMDqgUVpH17U= -cloud.google.com/go/language v1.12.3/go.mod h1:evFX9wECX6mksEva8RbRnr/4wi/vKGYnAJrTRXU8+f8= -cloud.google.com/go/language v1.12.5/go.mod h1:w/6a7+Rhg6Bc2Uzw6thRdKKNjnOzfKTJuxzD0JZZ0nM= -cloud.google.com/go/language v1.12.7/go.mod h1:4s/11zABvI/gv+li/+ICe+cErIaN9hYmilf9wrc5Py0= -cloud.google.com/go/language v1.14.1/go.mod h1:WaAL5ZdLLBjiorXl/8vqgb6/Fyt2qijl96c1ZP/vdc8= -cloud.google.com/go/language v1.14.5/go.mod h1:nl2cyAVjcBct1Hk73tzxuKebk0t2eULFCaruhetdZIA= -cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= -cloud.google.com/go/lifesciences v0.9.2/go.mod h1:QHEOO4tDzcSAzeJg7s2qwnLM2ji8IRpQl4p6m5Z9yTA= -cloud.google.com/go/lifesciences v0.9.5/go.mod h1:OdBm0n7C0Osh5yZB7j9BXyrMnTRGBJIZonUMxo5CzPw= -cloud.google.com/go/lifesciences v0.9.7/go.mod h1:FQ713PhjAOHqUVnuwsCe1KPi9oAdaTfh58h1xPiW13g= -cloud.google.com/go/lifesciences v0.9.9/go.mod h1:4c8eLVKz7/FPw6lvoHx2/JQX1rVM8+LlYmBp8h5H3MQ= -cloud.google.com/go/lifesciences v0.10.1/go.mod h1:5D6va5/Gq3gtJPKSsE6vXayAigfOXK2eWLTdFUOTCDs= -cloud.google.com/go/lifesciences v0.10.6/go.mod h1:1nnZwaZcBThDujs9wXzECnd1S5d+UiDkPuJWAmhRi7Q= -cloud.google.com/go/logging v1.4.2 h1:Mu2Q75VBDQlW1HlBMjTX4X84UFR73G1TiLlRYc/b7tA= -cloud.google.com/go/logging v1.4.2/go.mod h1:jco9QZSx8HiVVqLJReq7z7bVdj0P1Jb9PDFs63T+axo= -cloud.google.com/go/logging v1.8.1 h1:26skQWPeYhvIasWKm48+Eq7oUqdcdbwsCVwz5Ys0FvU= -cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI= -cloud.google.com/go/longrunning v0.5.0/go.mod h1:0JNuqRShmscVAhIACGtskSAWtqtOoPkwP0YF1oVEchc= -cloud.google.com/go/longrunning v0.5.2 h1:u+oFqfEwwU7F9dIELigxbe0XVnBAo9wqMuQLA50CZ5k= -cloud.google.com/go/longrunning v0.5.2/go.mod h1:nqo6DQbNV2pXhGDbDMoN2bWz68MjZUzqv2YttZiveCs= -cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg= -cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= -cloud.google.com/go/longrunning v0.5.6/go.mod h1:vUaDrWYOMKRuhiv6JBnn49YxCPz2Ayn9GqyjaBT8/mA= -cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng= -cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= -cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= -cloud.google.com/go/longrunning v0.6.6/go.mod h1:hyeGJUrPHcx0u2Uu1UFSoYZLn4lkMrccJig0t4FI7yw= -cloud.google.com/go/managedidentities v1.6.2/go.mod h1:5c2VG66eCa0WIq6IylRk3TBW83l161zkFvCj28X7jn8= -cloud.google.com/go/managedidentities v1.6.5/go.mod h1:fkFI2PwwyRQbjLxlm5bQ8SjtObFMW3ChBGNqaMcgZjI= -cloud.google.com/go/managedidentities v1.6.7/go.mod h1:UzslJgHnc6luoyx2JV19cTCi2Fni/7UtlcLeSYRzTV8= -cloud.google.com/go/managedidentities v1.6.9/go.mod h1:R7+78iH2j/SCTInutWINxGxEY0PH5rpbWt6uRq0Tn+Y= -cloud.google.com/go/managedidentities v1.7.1/go.mod h1:iK4qqIBOOfePt5cJR/Uo3+uol6oAVIbbG7MGy917cYM= -cloud.google.com/go/managedidentities v1.7.6/go.mod h1:pYCWPaI1AvR8Q027Vtp+SFSM/VOVgbjBF4rxp1/z5p4= -cloud.google.com/go/maps v1.4.1/go.mod h1:BxSa0BnW1g2U2gNdbq5zikLlHUuHW0GFWh7sgML2kIY= -cloud.google.com/go/maps v1.6.4/go.mod h1:rhjqRy8NWmDJ53saCfsXQ0LKwBHfi6OSh5wkq6BaMhI= -cloud.google.com/go/maps v1.7.3/go.mod h1:Jfe+h0i3YdG8Cc0wuNI+Q+WglTt7YnQ3PbKCqpBdTwc= -cloud.google.com/go/maps v1.11.3/go.mod h1:4iKNrUzFISQ4RoiWCqIFEAAVtgKb2oQ09AVx8GheOUg= -cloud.google.com/go/maps v1.14.0/go.mod h1:UepOes9un0UP7i8JBiaqgh8jqUaZAHVRXCYjrVlhSC8= -cloud.google.com/go/maps v1.21.0/go.mod h1:cqzZ7+DWUKKbPTgqE+KuNQtiCRyg/o7WZF9zDQk+HQs= -cloud.google.com/go/mediatranslation v0.8.2/go.mod h1:c9pUaDRLkgHRx3irYE5ZC8tfXGrMYwNZdmDqKMSfFp8= -cloud.google.com/go/mediatranslation v0.8.5/go.mod h1:y7kTHYIPCIfgyLbKncgqouXJtLsU+26hZhHEEy80fSs= -cloud.google.com/go/mediatranslation v0.8.7/go.mod h1:6eJbPj1QJwiCP8R4K413qMx6ZHZJUi9QFpApqY88xWU= -cloud.google.com/go/mediatranslation v0.8.9/go.mod h1:3MjXTUsEzrMC9My6e9o7TOmgIUGlyrkVAxjzcmxBUdU= -cloud.google.com/go/mediatranslation v0.9.1/go.mod h1:vQH1amULNhSGryBjbjLb37g54rxrOwVxywS8WvUCsIU= -cloud.google.com/go/mediatranslation v0.9.6/go.mod h1:WS3QmObhRtr2Xu5laJBQSsjnWFPPthsyetlOyT9fJvE= -cloud.google.com/go/memcache v1.10.2/go.mod h1:f9ZzJHLBrmd4BkguIAa/l/Vle6uTHzHokdnzSWOdQ6A= -cloud.google.com/go/memcache v1.10.5/go.mod h1:/FcblbNd0FdMsx4natdj+2GWzTq+cjZvMa1I+9QsuMA= -cloud.google.com/go/memcache v1.10.7/go.mod h1:SrU6+QBhvXJV0TA59+B3oCHtLkPx37eqdKmRUlmSE1k= -cloud.google.com/go/memcache v1.10.9/go.mod h1:06evGxt9E1Mf/tYsXJNdXuRj5qzspVd0Tt18kXYDD5c= -cloud.google.com/go/memcache v1.11.1/go.mod h1:3zF+dEqmEmElHuO4NtHiShekQY5okQtssjPBv7jpmZ8= -cloud.google.com/go/memcache v1.11.6/go.mod h1:ZM6xr1mw3F8TWO+In7eq9rKlJc3jlX2MDt4+4H+/+cc= -cloud.google.com/go/metastore v1.13.1/go.mod h1:IbF62JLxuZmhItCppcIfzBBfUFq0DIB9HPDoLgWrVOU= -cloud.google.com/go/metastore v1.13.4/go.mod h1:FMv9bvPInEfX9Ac1cVcRXp8EBBQnBcqH6gz3KvJ9BAE= -cloud.google.com/go/metastore v1.13.6/go.mod h1:OBCVMCP7X9vA4KKD+5J4Q3d+tiyKxalQZnksQMq5MKY= -cloud.google.com/go/metastore v1.13.8/go.mod h1:2uLJBAXn5EDYJx9r7mZtxZifCKpakZUCvNfzI7ejUiE= -cloud.google.com/go/metastore v1.14.1/go.mod h1:WDvsAcbQLl9M4xL+eIpbKogH7aEaPWMhO9aRBcFOnJE= -cloud.google.com/go/metastore v1.14.7/go.mod h1:0dka99KQofeUgdfu+K/Jk1KeT9veWZlxuZdJpZPtuYU= -cloud.google.com/go/monitoring v1.16.1/go.mod h1:6HsxddR+3y9j+o/cMJH6q/KJ/CBTvM/38L/1m7bTRJ4= -cloud.google.com/go/monitoring v1.18.0/go.mod h1:c92vVBCeq/OB4Ioyo+NbN2U7tlg5ZH41PZcdvfc+Lcg= -cloud.google.com/go/monitoring v1.19.0/go.mod h1:25IeMR5cQ5BoZ8j1eogHE5VPJLlReQ7zFp5OiLgiGZw= -cloud.google.com/go/monitoring v1.20.1/go.mod h1:FYSe/brgfuaXiEzOQFhTjsEsJv+WePyK71X7Y8qo6uQ= -cloud.google.com/go/monitoring v1.21.1/go.mod h1:Rj++LKrlht9uBi8+Eb530dIrzG/cU/lB8mt+lbeFK1c= -cloud.google.com/go/monitoring v1.24.0/go.mod h1:Bd1PRK5bmQBQNnuGwHBfUamAV1ys9049oEPHnn4pcsc= -cloud.google.com/go/monitoring v1.24.2/go.mod h1:x7yzPWcgDRnPEv3sI+jJGBkwl5qINf+6qY4eq0I9B4U= -cloud.google.com/go/networkconnectivity v1.14.1/go.mod h1:LyGPXR742uQcDxZ/wv4EI0Vu5N6NKJ77ZYVnDe69Zug= -cloud.google.com/go/networkconnectivity v1.14.4/go.mod h1:PU12q++/IMnDJAB+3r+tJtuCXCfwfN+C6Niyj6ji1Po= -cloud.google.com/go/networkconnectivity v1.14.6/go.mod h1:/azB7+oCSmyBs74Z26EogZ2N3UcXxdCHkCPcz8G32bU= -cloud.google.com/go/networkconnectivity v1.14.8/go.mod h1:QQ/XTMk7U5fzv1cVNUCQJEjpkVEE+nYOK7mg3hVTuiI= -cloud.google.com/go/networkconnectivity v1.15.1/go.mod h1:tYAcT4Ahvq+BiePXL/slYipf/8FF0oNJw3MqFhBnSPI= -cloud.google.com/go/networkconnectivity v1.17.1/go.mod h1:DTZCq8POTkHgAlOAAEDQF3cMEr/B9k1ZbpklqvHEBtg= -cloud.google.com/go/networkmanagement v1.9.1/go.mod h1:CCSYgrQQvW73EJawO2QamemYcOb57LvrDdDU51F0mcI= -cloud.google.com/go/networkmanagement v1.9.4/go.mod h1:daWJAl0KTFytFL7ar33I6R/oNBH8eEOX/rBNHrC/8TA= -cloud.google.com/go/networkmanagement v1.13.2/go.mod h1:24VrV/5HFIOXMEtVQEUoB4m/w8UWvUPAYjfnYZcBc4c= -cloud.google.com/go/networkmanagement v1.13.4/go.mod h1:dGTeJfDPQv0yGDt6gncj4XAPwxktjpCn5ZxQajStW8g= -cloud.google.com/go/networkmanagement v1.14.1/go.mod h1:3Ds8FZ3ZHjTVEedsBoZi9ef9haTE14iS6swTSqM39SI= -cloud.google.com/go/networkmanagement v1.19.1/go.mod h1:icgk265dNnilxQzpr6rO9WuAuuCmUOqq9H6WBeM2Af4= -cloud.google.com/go/networksecurity v0.9.2/go.mod h1:jG0SeAttWzPMUILEHDUvFYdQTl8L/E/KC8iZDj85lEI= -cloud.google.com/go/networksecurity v0.9.5/go.mod h1:KNkjH/RsylSGyyZ8wXpue8xpCEK+bTtvof8SBfIhMG8= -cloud.google.com/go/networksecurity v0.9.7/go.mod h1:aB6UiPnh/l32+TRvgTeOxVRVAHAFFqvK+ll3idU5BoY= -cloud.google.com/go/networksecurity v0.9.9/go.mod h1:aLS+6sLeZkMhLx9ntTMJG4qWHdvDPctqMOb6ggz9m5s= -cloud.google.com/go/networksecurity v0.10.1/go.mod h1:tatO1hYJ9nNChLHOFdsjex5FeqZBlPQgKdKOex7REpU= -cloud.google.com/go/networksecurity v0.10.6/go.mod h1:FTZvabFPvK2kR/MRIH3l/OoQ/i53eSix2KA1vhBMJec= -cloud.google.com/go/notebooks v1.10.1/go.mod h1:5PdJc2SgAybE76kFQCWrTfJolCOUQXF97e+gteUUA6A= -cloud.google.com/go/notebooks v1.11.3/go.mod h1:0wQyI2dQC3AZyQqWnRsp+yA+kY4gC7ZIVP4Qg3AQcgo= -cloud.google.com/go/notebooks v1.11.5/go.mod h1:pz6P8l2TvhWqAW3sysIsS0g2IUJKOzEklsjWJfi8sd4= -cloud.google.com/go/notebooks v1.11.7/go.mod h1:lTjloYceMboZanBFC/JSZYet/K+JuO0mLAXVVhb/6bQ= -cloud.google.com/go/notebooks v1.12.1/go.mod h1:RJCyRkLjj8UnvLEKaDl9S6//xUCa+r+d/AsxZnYBl50= -cloud.google.com/go/notebooks v1.12.6/go.mod h1:3Z4TMEqAKP3pu6DI/U+aEXrNJw9hGZIVbp+l3zw8EuA= -cloud.google.com/go/optimization v1.5.1/go.mod h1:NC0gnUD5MWVAF7XLdoYVPmYYVth93Q6BUzqAq3ZwtV8= -cloud.google.com/go/optimization v1.6.3/go.mod h1:8ve3svp3W6NFcAEFr4SfJxrldzhUl4VMUJmhrqVKtYA= -cloud.google.com/go/optimization v1.6.5/go.mod h1:eiJjNge1NqqLYyY75AtIGeQWKO0cvzD1ct/moCFaP2Q= -cloud.google.com/go/optimization v1.6.7/go.mod h1:FREForRqqjTsJbElYyWSgb54WXUzTMTRyjVT+Tl80v8= -cloud.google.com/go/optimization v1.7.1/go.mod h1:s2AjwwQEv6uExFmgS4Bf1gidI07w7jCzvvs8exqR1yk= -cloud.google.com/go/optimization v1.7.6/go.mod h1:4MeQslrSJGv+FY4rg0hnZBR/tBX2awJ1gXYp6jZpsYY= -cloud.google.com/go/orchestration v1.8.2/go.mod h1:T1cP+6WyTmh6LSZzeUhvGf0uZVmJyTx7t8z7Vg87+A0= -cloud.google.com/go/orchestration v1.8.5/go.mod h1:C1J7HesE96Ba8/hZ71ISTV2UAat0bwN+pi85ky38Yq8= -cloud.google.com/go/orchestration v1.9.2/go.mod h1:8bGNigqCQb/O1kK7PeStSNlyi58rQvZqDiuXT9KAcbg= -cloud.google.com/go/orchestration v1.9.4/go.mod h1:jk5hczI8Tciq+WCkN32GpjWJs67GSmAA0XHFUlELJLw= -cloud.google.com/go/orchestration v1.11.0/go.mod h1:s3L89jinQaUHclqgWYw8JhBbzGSidVt5rVBxGrXeheI= -cloud.google.com/go/orchestration v1.11.9/go.mod h1:KKXK67ROQaPt7AxUS1V/iK0Gs8yabn3bzJ1cLHw4XBg= -cloud.google.com/go/orgpolicy v1.11.2/go.mod h1:biRDpNwfyytYnmCRWZWxrKF22Nkz9eNVj9zyaBdpm1o= -cloud.google.com/go/orgpolicy v1.12.1/go.mod h1:aibX78RDl5pcK3jA8ysDQCFkVxLj3aOQqrbBaUL2V5I= -cloud.google.com/go/orgpolicy v1.12.3/go.mod h1:6BOgIgFjWfJzTsVcib/4QNHOAeOjCdaBj69aJVs//MA= -cloud.google.com/go/orgpolicy v1.12.5/go.mod h1:f778/jOHKp6cP6NbbQgjy4SDfQf6BoVGiSWdxky3ONQ= -cloud.google.com/go/orgpolicy v1.14.0/go.mod h1:S6Pveh1JOxpSbs6+2ToJG7h3HwqC6Uf1YQ6JYG7wdM8= -cloud.google.com/go/orgpolicy v1.15.0/go.mod h1:NTQLwgS8N5cJtdfK55tAnMGtvPSsy95JJhESwYHaJVs= -cloud.google.com/go/osconfig v1.12.2/go.mod h1:eh9GPaMZpI6mEJEuhEjUJmaxvQ3gav+fFEJon1Y8Iw0= -cloud.google.com/go/osconfig v1.12.5/go.mod h1:D9QFdxzfjgw3h/+ZaAb5NypM8bhOMqBzgmbhzWViiW8= -cloud.google.com/go/osconfig v1.12.7/go.mod h1:ID7Lbqr0fiihKMwAOoPomWRqsZYKWxfiuafNZ9j1Y1M= -cloud.google.com/go/osconfig v1.13.0/go.mod h1:tlACnQi1rtSLnHRYzfw9SH9zXs0M7S1jqiW2EOCn2Y0= -cloud.google.com/go/osconfig v1.14.1/go.mod h1:Rk62nyQscgy8x4bICaTn0iWiip5EpwEfG2UCBa2TP/s= -cloud.google.com/go/osconfig v1.14.6/go.mod h1:LS39HDBH0IJDFgOUkhSZUHFQzmcWaCpYXLrc3A4CVzI= -cloud.google.com/go/oslogin v1.11.1/go.mod h1:OhD2icArCVNUxKqtK0mcSmKL7lgr0LVlQz+v9s1ujTg= -cloud.google.com/go/oslogin v1.13.1/go.mod h1:vS8Sr/jR7QvPWpCjNqy6LYZr5Zs1e8ZGW/KPn9gmhws= -cloud.google.com/go/oslogin v1.13.3/go.mod h1:WW7Rs1OJQ1iSUckZDilvNBSNPE8on740zF+4ZDR4o8U= -cloud.google.com/go/oslogin v1.13.5/go.mod h1:V+QzBAbZBZJq9CmTyzKrh3rpMiWIr1OBn6RL4mMVWXI= -cloud.google.com/go/oslogin v1.14.1/go.mod h1:mM/isJYnohyD3EfM12Fhy8uye46gxA1WjHRCwbkmlVw= -cloud.google.com/go/oslogin v1.14.6/go.mod h1:xEvcRZTkMXHfNSKdZ8adxD6wvRzeyAq3cQX3F3kbMRw= -cloud.google.com/go/phishingprotection v0.8.2/go.mod h1:LhJ91uyVHEYKSKcMGhOa14zMMWfbEdxG032oT6ECbC8= -cloud.google.com/go/phishingprotection v0.8.5/go.mod h1:g1smd68F7mF1hgQPuYn3z8HDbNre8L6Z0b7XMYFmX7I= -cloud.google.com/go/phishingprotection v0.8.7/go.mod h1:FtYaOyGc/HQQU7wY4sfwYZBFDKAL+YtVBjUj8E3A3/I= -cloud.google.com/go/phishingprotection v0.8.9/go.mod h1:xNojFKIdq+hNGNpOZOEGVGA4Mdhm2yByMli2Ni/RV0w= -cloud.google.com/go/phishingprotection v0.9.1/go.mod h1:LRiflQnCpYKCMhsmhNB3hDbW+AzQIojXYr6q5+5eRQk= -cloud.google.com/go/phishingprotection v0.9.6/go.mod h1:VmuGg03DCI0wRp/FLSvNyjFj+J8V7+uITgHjCD/x4RQ= -cloud.google.com/go/policytroubleshooter v1.9.1/go.mod h1:MYI8i0bCrL8cW+VHN1PoiBTyNZTstCg2WUw2eVC4c4U= -cloud.google.com/go/policytroubleshooter v1.10.3/go.mod h1:+ZqG3agHT7WPb4EBIRqUv4OyIwRTZvsVDHZ8GlZaoxk= -cloud.google.com/go/policytroubleshooter v1.10.5/go.mod h1:bpOf94YxjWUqsVKokzPBibMSAx937Jp2UNGVoMAtGYI= -cloud.google.com/go/policytroubleshooter v1.10.7/go.mod h1:/JxxZOSCT8nASvH/SP4Bj81EnDFwZhFThG7mgVWIoPY= -cloud.google.com/go/policytroubleshooter v1.11.1/go.mod h1:9nJIpgQ2vloJbB8y1JkPL5vxtaSdJnJYPCUvt6PpfRs= -cloud.google.com/go/policytroubleshooter v1.11.6/go.mod h1:jdjYGIveoYolk38Dm2JjS5mPkn8IjVqPsDHccTMu3mY= -cloud.google.com/go/privatecatalog v0.9.2/go.mod h1:RMA4ATa8IXfzvjrhhK8J6H4wwcztab+oZph3c6WmtFc= -cloud.google.com/go/privatecatalog v0.9.5/go.mod h1:fVWeBOVe7uj2n3kWRGlUQqR/pOd450J9yZoOECcQqJk= -cloud.google.com/go/privatecatalog v0.9.7/go.mod h1:NWLa8MCL6NkRSt8jhL8Goy2A/oHkvkeAxiA0gv0rIXI= -cloud.google.com/go/privatecatalog v0.9.9/go.mod h1:attFfOEf8ECrCuCdT3WYY8wyMKRZt4iB1bEWYFzPn50= -cloud.google.com/go/privatecatalog v0.10.1/go.mod h1:mFmn5bjE9J8MEjQuu1fOc4AxOP2MoEwDLMJk04xqQCQ= -cloud.google.com/go/privatecatalog v0.10.7/go.mod h1:Fo/PF/B6m4A9vUYt0nEF1xd0U6Kk19/Je3eZGrQ6l60= -cloud.google.com/go/pubsub v1.33.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= -cloud.google.com/go/pubsub v1.36.1/go.mod h1:iYjCa9EzWOoBiTdd4ps7QoMtMln5NwaZQpK1hbRfBDE= -cloud.google.com/go/pubsub v1.37.0/go.mod h1:YQOQr1uiUM092EXwKs56OPT650nwnawc+8/IjoUeGzQ= -cloud.google.com/go/pubsub v1.40.0/go.mod h1:BVJI4sI2FyXp36KFKvFwcfDRDfR8MiLT8mMhmIhdAeA= -cloud.google.com/go/pubsub v1.44.0/go.mod h1:BD4a/kmE8OePyHoa1qAHEw1rMzXX+Pc8Se54T/8mc3I= -cloud.google.com/go/pubsub v1.49.0/go.mod h1:K1FswTWP+C1tI/nfi3HQecoVeFvL4HUOB1tdaNXKhUY= -cloud.google.com/go/pubsublite v1.8.1/go.mod h1:fOLdU4f5xldK4RGJrBMm+J7zMWNj/k4PxwEZXy39QS0= -cloud.google.com/go/pubsublite v1.8.2/go.mod h1:4r8GSa9NznExjuLPEJlF1VjOPOpgf3IT6k8x/YgaOPI= -cloud.google.com/go/recaptchaenterprise/v2 v2.8.1/go.mod h1:JZYZJOeZjgSSTGP4uz7NlQ4/d1w5hGmksVgM0lbEij0= -cloud.google.com/go/recaptchaenterprise/v2 v2.9.2/go.mod h1:trwwGkfhCmp05Ll5MSJPXY7yvnO0p4v3orGANAFHAuU= -cloud.google.com/go/recaptchaenterprise/v2 v2.13.0/go.mod h1:jNYyn2ScR4DTg+VNhjhv/vJQdaU8qz+NpmpIzEE7HFQ= -cloud.google.com/go/recaptchaenterprise/v2 v2.14.0/go.mod h1:pwC/eCyXq37YV3NSaiJsfOmuoTDkzURnVKAWGSkjDUY= -cloud.google.com/go/recaptchaenterprise/v2 v2.17.2/go.mod h1:iigNZOnUpf++xlm8RdMZJTX/PihYVMrHidRLjHuekec= -cloud.google.com/go/recaptchaenterprise/v2 v2.20.4/go.mod h1:3H8nb8j8N7Ss2eJ+zr+/H7gyorfzcxiDEtVBDvDjwDQ= -cloud.google.com/go/recommendationengine v0.8.2/go.mod h1:QIybYHPK58qir9CV2ix/re/M//Ty10OxjnnhWdaKS1Y= -cloud.google.com/go/recommendationengine v0.8.5/go.mod h1:A38rIXHGFvoPvmy6pZLozr0g59NRNREz4cx7F58HAsQ= -cloud.google.com/go/recommendationengine v0.8.7/go.mod h1:YsUIbweUcpm46OzpVEsV5/z+kjuV6GzMxl7OAKIGgKE= -cloud.google.com/go/recommendationengine v0.8.9/go.mod h1:QgE5f6s20QhCXf4UR9KMI/Q6Spykd2zEYXX2oBz6Cbs= -cloud.google.com/go/recommendationengine v0.9.1/go.mod h1:FfWa3OnsnDab4unvTZM2VJmvoeGn1tnntF3n+vmfyzU= -cloud.google.com/go/recommendationengine v0.9.6/go.mod h1:nZnjKJu1vvoxbmuRvLB5NwGuh6cDMMQdOLXTnkukUOE= -cloud.google.com/go/recommender v1.11.1/go.mod h1:sGwFFAyI57v2Hc5LbIj+lTwXipGu9NW015rkaEM5B18= -cloud.google.com/go/recommender v1.12.1/go.mod h1:gf95SInWNND5aPas3yjwl0I572dtudMhMIG4ni8nr+0= -cloud.google.com/go/recommender v1.12.3/go.mod h1:OgN0MjV7/6FZUUPgF2QPQtYErtZdZc4u+5onvurcGEI= -cloud.google.com/go/recommender v1.12.5/go.mod h1:ggh5JNuG5ajpRqqcEkgni/DjpS7x12ktO+Edu8bmCJM= -cloud.google.com/go/recommender v1.13.1/go.mod h1:l+n8rNMC6jZacckzLvVG/2LzKawlwAJYNO8Vl2pBlxc= -cloud.google.com/go/recommender v1.13.5/go.mod h1:v7x/fzk38oC62TsN5Qkdpn0eoMBh610UgArJtDIgH/E= -cloud.google.com/go/redis v1.13.2/go.mod h1:0Hg7pCMXS9uz02q+LoEVl5dNHUkIQv+C/3L76fandSA= -cloud.google.com/go/redis v1.14.2/go.mod h1:g0Lu7RRRz46ENdFKQ2EcQZBAJ2PtJHJLuiiRuEXwyQw= -cloud.google.com/go/redis v1.14.4/go.mod h1:EnHDflqTNQmCBPCN4FQPZdM28vLdweAgxe6avAZpqug= -cloud.google.com/go/redis v1.16.2/go.mod h1:bn/4nXSZkoH4QTXRjqWR2AZ0WA1b13ct354nul2SSiU= -cloud.google.com/go/redis v1.17.1/go.mod h1:YJHeYfSoW/agIMeCvM5rszxu75mVh5DOhbu3AEZEIQM= -cloud.google.com/go/redis v1.18.2/go.mod h1:q6mPRhLiR2uLf584Lcl4tsiRn0xiFlu6fnJLwCORMtY= -cloud.google.com/go/resourcemanager v1.9.2/go.mod h1:OujkBg1UZg5lX2yIyMo5Vz9O5hf7XQOSV7WxqxxMtQE= -cloud.google.com/go/resourcemanager v1.9.5/go.mod h1:hep6KjelHA+ToEjOfO3garMKi/CLYwTqeAw7YiEI9x8= -cloud.google.com/go/resourcemanager v1.9.7/go.mod h1:cQH6lJwESufxEu6KepsoNAsjrUtYYNXRwxm4QFE5g8A= -cloud.google.com/go/resourcemanager v1.9.9/go.mod h1:vCBRKurJv+XVvRZ0XFhI/eBrBM7uBOPFjMEwSDMIflY= -cloud.google.com/go/resourcemanager v1.10.1/go.mod h1:A/ANV/Sv7y7fcjd4LSH7PJGTZcWRkO/69yN5UhYUmvE= -cloud.google.com/go/resourcemanager v1.10.6/go.mod h1:VqMoDQ03W4yZmxzLPrB+RuAoVkHDS5tFUUQUhOtnRTg= -cloud.google.com/go/resourcesettings v1.6.2/go.mod h1:mJIEDd9MobzunWMeniaMp6tzg4I2GvD3TTmPkc8vBXk= -cloud.google.com/go/resourcesettings v1.6.5/go.mod h1:WBOIWZraXZOGAgoR4ukNj0o0HiSMO62H9RpFi9WjP9I= -cloud.google.com/go/resourcesettings v1.6.7/go.mod h1:zwRL5ZoNszs1W6+eJYMk6ILzgfnTj13qfU4Wvfupuqk= -cloud.google.com/go/resourcesettings v1.7.2/go.mod h1:mNdB5Wl9/oVr9Da3OrEstSyXCT949ignvO6ZrmYdmGU= -cloud.google.com/go/resourcesettings v1.8.1/go.mod h1:6V87tIXUpvJMskim6YUa+TRDTm7v6OH8FxLOIRYosl4= -cloud.google.com/go/resourcesettings v1.8.3/go.mod h1:BzgfXFHIWOOmHe6ZV9+r3OWfpHJgnqXy8jqwx4zTMLw= -cloud.google.com/go/retail v1.14.2/go.mod h1:W7rrNRChAEChX336QF7bnMxbsjugcOCPU44i5kbLiL8= -cloud.google.com/go/retail v1.16.0/go.mod h1:LW7tllVveZo4ReWt68VnldZFWJRzsh9np+01J9dYWzE= -cloud.google.com/go/retail v1.16.2/go.mod h1:T7UcBh4/eoxRBpP3vwZCoa+PYA9/qWRTmOCsV8DRdZ0= -cloud.google.com/go/retail v1.17.2/go.mod h1:Ad6D8tkDZatI1X7szhhYWiatZmH6nSUfZ3WeCECyA0E= -cloud.google.com/go/retail v1.19.0/go.mod h1:QMhO+nkvN6Mns1lu6VXmteY0I3mhwPj9bOskn6PK5aY= -cloud.google.com/go/retail v1.21.0/go.mod h1:LuG+QvBdLfKfO+7nnF3eA3l1j4TQw3Sg+UqlUorquRc= -cloud.google.com/go/run v1.3.1/go.mod h1:cymddtZOzdwLIAsmS6s+Asl4JoXIDm/K1cpZTxV4Q5s= -cloud.google.com/go/run v1.3.4/go.mod h1:FGieuZvQ3tj1e9GnzXqrMABSuir38AJg5xhiYq+SF3o= -cloud.google.com/go/run v1.3.7/go.mod h1:iEUflDx4Js+wK0NzF5o7hE9Dj7QqJKnRj0/b6rhVq20= -cloud.google.com/go/run v1.3.9/go.mod h1:Ep/xsiUt5ZOwNptGl1FBlHb+asAgqB+9RDJKBa/c1mI= -cloud.google.com/go/run v1.6.0/go.mod h1:DXkPPa8bZ0jfRGLT+EKIlPbHvosBYBMdxTgo9EBbXZE= -cloud.google.com/go/run v1.10.0/go.mod h1:z7/ZidaHOCjdn5dV0eojRbD+p8RczMk3A7Qi2L+koHg= -cloud.google.com/go/scheduler v1.10.2/go.mod h1:O3jX6HRH5eKCA3FutMw375XHZJudNIKVonSCHv7ropY= -cloud.google.com/go/scheduler v1.10.6/go.mod h1:pe2pNCtJ+R01E06XCDOJs1XvAMbv28ZsQEbqknxGOuE= -cloud.google.com/go/scheduler v1.10.8/go.mod h1:0YXHjROF1f5qTMvGTm4o7GH1PGAcmu/H/7J7cHOiHl0= -cloud.google.com/go/scheduler v1.10.10/go.mod h1:nOLkchaee8EY0g73hpv613pfnrZwn/dU2URYjJbRLR0= -cloud.google.com/go/scheduler v1.11.1/go.mod h1:ptS76q0oOS8hCHOH4Fb/y8YunPEN8emaDdtw0D7W1VE= -cloud.google.com/go/scheduler v1.11.7/go.mod h1:gqYs8ndLx2M5D0oMJh48aGS630YYvC432tHCnVWN13s= -cloud.google.com/go/secretmanager v1.11.2/go.mod h1:MQm4t3deoSub7+WNwiC4/tRYgDBHJgJPvswqQVB1Vss= -cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4= -cloud.google.com/go/secretmanager v1.13.0/go.mod h1:yWdfNmM2sLIiyv6RM6VqWKeBV7CdS0SO3ybxJJRhBEs= -cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= -cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= -cloud.google.com/go/secretmanager v1.14.7/go.mod h1:uRuB4F6NTFbg0vLQ6HsT7PSsfbY7FqHbtJP1J94qxGc= -cloud.google.com/go/security v1.15.2/go.mod h1:2GVE/v1oixIRHDaClVbHuPcZwAqFM28mXuAKCfMgYIg= -cloud.google.com/go/security v1.15.5/go.mod h1:KS6X2eG3ynWjqcIX976fuToN5juVkF6Ra6c7MPnldtc= -cloud.google.com/go/security v1.16.1/go.mod h1:UoF8QXvvJlV9ORs4YW/izW5GmDQtFUoq2P6TJgPlif8= -cloud.google.com/go/security v1.17.2/go.mod h1:6eqX/AgDw56KwguEBfFNiNQ+Vzi+V6+GopklexYuJ0U= -cloud.google.com/go/security v1.18.1/go.mod h1:5P1q9rqwt0HuVeL9p61pTqQ6Lgio1c64jL2ZMWZV21Y= -cloud.google.com/go/security v1.18.5/go.mod h1:D1wuUkDwGqTKD0Nv7d4Fn2Dc53POJSmO4tlg1K1iS7s= -cloud.google.com/go/securitycenter v1.23.1/go.mod h1:w2HV3Mv/yKhbXKwOCu2i8bCuLtNP1IMHuiYQn4HJq5s= -cloud.google.com/go/securitycenter v1.24.4/go.mod h1:PSccin+o1EMYKcFQzz9HMMnZ2r9+7jbc+LvPjXhpwcU= -cloud.google.com/go/securitycenter v1.30.0/go.mod h1:/tmosjS/dfTnzJxOzZhTXdX3MXWsCmPWfcYOgkJmaJk= -cloud.google.com/go/securitycenter v1.32.0/go.mod h1:s1dN6hM6HZyzUyJrqBoGvhxR/GecT5u48sidMIgDxTo= -cloud.google.com/go/securitycenter v1.35.1/go.mod h1:UDeknPuHWi15TaxrJCIv3aN1VDTz9nqWVUmW2vGayTo= -cloud.google.com/go/securitycenter v1.36.2/go.mod h1:80ocoXS4SNWxmpqeEPhttYrmlQzCPVGaPzL3wVcoJvE= -cloud.google.com/go/servicecontrol v1.11.1/go.mod h1:aSnNNlwEFBY+PWGQ2DoM0JJ/QUXqV5/ZD9DOLB7SnUk= -cloud.google.com/go/servicedirectory v1.11.1/go.mod h1:tJywXimEWzNzw9FvtNjsQxxJ3/41jseeILgwU/QLrGI= -cloud.google.com/go/servicedirectory v1.11.4/go.mod h1:Bz2T9t+/Ehg6x+Y7Ycq5xiShYLD96NfEsWNHyitj1qM= -cloud.google.com/go/servicedirectory v1.11.6/go.mod h1:peVGYNc1xArhcqSuhPP+NXp8kdl22XhB5E8IiNBNfZY= -cloud.google.com/go/servicedirectory v1.11.9/go.mod h1:qiDNuIS2qxuuroSmPNuXWxoFMvsEudKXP62Wos24BsU= -cloud.google.com/go/servicedirectory v1.12.1/go.mod h1:d2H6joDMjnTQ4cUUCZn6k9NgZFbXjLVJbHETjoJR9k0= -cloud.google.com/go/servicedirectory v1.12.6/go.mod h1:OojC1KhOMDYC45oyTn3Mup08FY/S0Kj7I58dxUMMTpg= -cloud.google.com/go/servicemanagement v1.8.0/go.mod h1:MSS2TDlIEQD/fzsSGfCdJItQveu9NXnUniTrq/L8LK4= -cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DRwPG1xtWMDeuPA= -cloud.google.com/go/shell v1.7.2/go.mod h1:KqRPKwBV0UyLickMn0+BY1qIyE98kKyI216sH/TuHmc= -cloud.google.com/go/shell v1.7.5/go.mod h1:hL2++7F47/IfpfTO53KYf1EC+F56k3ThfNEXd4zcuiE= -cloud.google.com/go/shell v1.7.7/go.mod h1:7OYaMm3TFMSZBh8+QYw6Qef+fdklp7CjjpxYAoJpZbQ= -cloud.google.com/go/shell v1.7.9/go.mod h1:h3wVC6qaQ1nIlSWMasl1e/uwmepVbZpjSk/Bn7ZafSc= -cloud.google.com/go/shell v1.8.1/go.mod h1:jaU7OHeldDhTwgs3+clM0KYEDYnBAPevUI6wNLf7ycE= -cloud.google.com/go/shell v1.8.6/go.mod h1:GNbTWf1QA/eEtYa+kWSr+ef/XTCDkUzRpV3JPw0LqSk= -cloud.google.com/go/spanner v1.50.0/go.mod h1:eGj9mQGK8+hkgSVbHNQ06pQ4oS+cyc4tXXd6Dif1KoM= -cloud.google.com/go/spanner v1.56.0/go.mod h1:DndqtUKQAt3VLuV2Le+9Y3WTnq5cNKrnLb/Piqcj+h0= -cloud.google.com/go/spanner v1.61.0/go.mod h1:+hdNE+zL7EWNfOWRetw01jxz8H5qsE/ayZvF/pfrAl8= -cloud.google.com/go/spanner v1.64.0/go.mod h1:TOFx3pb2UwPsDGlE1gTehW+y6YlU4IFk+VdDHSGQS/M= -cloud.google.com/go/spanner v1.70.0/go.mod h1:X5T0XftydYp0K1adeJQDJtdWpbrOeJ7wHecM4tK6FiE= -cloud.google.com/go/spanner v1.82.0/go.mod h1:BzybQHFQ/NqGxvE/M+/iU29xgutJf7Q85/4U9RWMto0= -cloud.google.com/go/speech v1.19.1/go.mod h1:WcuaWz/3hOlzPFOVo9DUsblMIHwxP589y6ZMtaG+iAA= -cloud.google.com/go/speech v1.21.1/go.mod h1:E5GHZXYQlkqWQwY5xRSLHw2ci5NMQNG52FfMU1aZrIA= -cloud.google.com/go/speech v1.23.1/go.mod h1:UNgzNxhNBuo/OxpF1rMhA/U2rdai7ILL6PBXFs70wq0= -cloud.google.com/go/speech v1.23.3/go.mod h1:u7tK/jxhzRZwZ5Nujhau7iLI3+VfJKYhpoZTjU7hRsE= -cloud.google.com/go/speech v1.25.1/go.mod h1:WgQghvghkZ1htG6BhYn98mP7Tg0mti8dBFDLMVXH/vM= -cloud.google.com/go/speech v1.27.1/go.mod h1:efCfklHFL4Flxcdt9gpEMEJh9MupaBzw3QiSOVeJ6ck= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= -cloud.google.com/go/storage v1.35.1/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYEsng2xgOs8= -cloud.google.com/go/storage v1.39.1/go.mod h1:xK6xZmxZmo+fyP7+DEF6FhNc24/JAe95OLyOHCXFH1o= -cloud.google.com/go/storage v1.40.0/go.mod h1:Rrj7/hKlG87BLqDJYtwR0fbPld8uJPbQ2ucUMY7Ir0g= -cloud.google.com/go/storage v1.41.0/go.mod h1:J1WCa/Z2FcgdEDuPUY8DxT5I+d9mFKsCepp5vR6Sq80= -cloud.google.com/go/storage v1.42.0/go.mod h1:HjMXRFq65pGKFn6hxj6x3HCyR41uSB72Z0SO/Vn6JFQ= -cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= -cloud.google.com/go/storage v1.50.0/go.mod h1:l7XeiD//vx5lfqE3RavfmU9yvk5Pp0Zhcv482poyafY= -cloud.google.com/go/storage v1.53.0/go.mod h1:7/eO2a/srr9ImZW9k5uufcNahT2+fPb8w5it1i5boaA= -cloud.google.com/go/storagetransfer v1.10.1/go.mod h1:rS7Sy0BtPviWYTTJVWCSV4QrbBitgPeuK4/FKa4IdLs= -cloud.google.com/go/storagetransfer v1.10.4/go.mod h1:vef30rZKu5HSEf/x1tK3WfWrL0XVoUQN/EPDRGPzjZs= -cloud.google.com/go/storagetransfer v1.10.6/go.mod h1:3sAgY1bx1TpIzfSzdvNGHrGYldeCTyGI/Rzk6Lc6A7w= -cloud.google.com/go/storagetransfer v1.10.8/go.mod h1:fEGWYffkV9OYOKms8nxyJWIZA7iEWPl2Mybk6bpQnEk= -cloud.google.com/go/storagetransfer v1.11.1/go.mod h1:xnJo9pWysRIha8MgZxhrBEwLYbEdvdmEedhNsP5NINM= -cloud.google.com/go/storagetransfer v1.13.0/go.mod h1:+aov7guRxXBYgR3WCqedkyibbTICdQOiXOdpPcJCKl8= -cloud.google.com/go/talent v1.6.3/go.mod h1:xoDO97Qd4AK43rGjJvyBHMskiEf3KulgYzcH6YWOVoo= -cloud.google.com/go/talent v1.6.6/go.mod h1:y/WQDKrhVz12WagoarpAIyKKMeKGKHWPoReZ0g8tseQ= -cloud.google.com/go/talent v1.6.8/go.mod h1:kqPAJvhxmhoUTuqxjjk2KqA8zUEeTDmH+qKztVubGlQ= -cloud.google.com/go/talent v1.6.10/go.mod h1:q2/qIb2Eb2svmeBfkCGIia/NGmkcScdyYSyNNOgFRLI= -cloud.google.com/go/talent v1.7.1/go.mod h1:X8UKtTgcP+h51MtDO/b+y3X1GxTTc7gPJ2y0aX3X1hM= -cloud.google.com/go/talent v1.8.3/go.mod h1:oD3/BilJpJX8/ad8ZUAxlXHCslTg2YBbafFH3ciZSLQ= -cloud.google.com/go/texttospeech v1.7.2/go.mod h1:VYPT6aTOEl3herQjFHYErTlSZJ4vB00Q2ZTmuVgluD4= -cloud.google.com/go/texttospeech v1.7.5/go.mod h1:tzpCuNWPwrNJnEa4Pu5taALuZL4QRRLcb+K9pbhXT6M= -cloud.google.com/go/texttospeech v1.7.7/go.mod h1:XO4Wr2VzWHjzQpMe3gS58Oj68nmtXMyuuH+4t0wy9eA= -cloud.google.com/go/texttospeech v1.7.9/go.mod h1:nuo7l7CVWUMvaTgswbn/hhn2Tv73/WbenqGyc236xpo= -cloud.google.com/go/texttospeech v1.8.1/go.mod h1:WoTykB+4mfSDDYPuk7smrdXNRGoJJS6dXRR6l4XqD9g= -cloud.google.com/go/texttospeech v1.13.0/go.mod h1:g/tW/m0VJnulGncDrAoad6WdELMTes8eb77Idz+4HCo= -cloud.google.com/go/tpu v1.6.2/go.mod h1:NXh3NDwt71TsPZdtGWgAG5ThDfGd32X1mJ2cMaRlVgU= -cloud.google.com/go/tpu v1.6.5/go.mod h1:P9DFOEBIBhuEcZhXi+wPoVy/cji+0ICFi4TtTkMHSSs= -cloud.google.com/go/tpu v1.6.7/go.mod h1:o8qxg7/Jgt7TCgZc3jNkd4kTsDwuYD3c4JTMqXZ36hU= -cloud.google.com/go/tpu v1.6.9/go.mod h1:6C7Ed7Le5Y1vWGR+8lQWsh/gmqK6l53lgji0YXBU40o= -cloud.google.com/go/tpu v1.7.1/go.mod h1:kgvyq1Z1yuBJSk5ihUaYxX58YMioCYg1UPuIHSxBX3M= -cloud.google.com/go/tpu v1.8.3/go.mod h1:Do6Gq+/Jx6Xs3LcY2WhHyGwKDKVw++9jIJp+X+0rxRE= -cloud.google.com/go/trace v1.10.2/go.mod h1:NPXemMi6MToRFcSxRl2uDnu/qAlAQ3oULUphcHGh1vA= -cloud.google.com/go/trace v1.10.5/go.mod h1:9hjCV1nGBCtXbAE4YK7OqJ8pmPYSxPA0I67JwRd5s3M= -cloud.google.com/go/trace v1.10.7/go.mod h1:qk3eiKmZX0ar2dzIJN/3QhY2PIFh1eqcIdaN5uEjQPM= -cloud.google.com/go/trace v1.10.9/go.mod h1:vtWRnvEh+d8h2xljwxVwsdxxpoWZkxcNYnJF3FuJUV8= -cloud.google.com/go/trace v1.11.1/go.mod h1:IQKNQuBzH72EGaXEodKlNJrWykGZxet2zgjtS60OtjA= -cloud.google.com/go/trace v1.11.6/go.mod h1:GA855OeDEBiBMzcckLPE2kDunIpC72N+Pq8WFieFjnI= -cloud.google.com/go/translate v1.9.1/go.mod h1:TWIgDZknq2+JD4iRcojgeDtqGEp154HN/uL6hMvylS8= -cloud.google.com/go/translate v1.10.1/go.mod h1:adGZcQNom/3ogU65N9UXHOnnSvjPwA/jKQUMnsYXOyk= -cloud.google.com/go/translate v1.10.3/go.mod h1:GW0vC1qvPtd3pgtypCv4k4U8B7EdgK9/QEF2aJEUovs= -cloud.google.com/go/translate v1.10.5/go.mod h1:n9fFca4U/EKr2GzJKrnQXemlYhfo1mT1nSt7Rt4l/VA= -cloud.google.com/go/translate v1.12.1/go.mod h1:5f4RvC7/hh76qSl6LYuqOJaKbIzEpR1Sj+CMA6gSgIk= -cloud.google.com/go/translate v1.12.5/go.mod h1:o/v+QG/bdtBV1d1edmtau0PwTfActvxPk/gtqdSDBi4= -cloud.google.com/go/video v1.20.1/go.mod h1:3gJS+iDprnj8SY6pe0SwLeC5BUW80NjhwX7INWEuWGU= -cloud.google.com/go/video v1.20.4/go.mod h1:LyUVjyW+Bwj7dh3UJnUGZfyqjEto9DnrvTe1f/+QrW0= -cloud.google.com/go/video v1.20.6/go.mod h1:d5AOlIfWXpDg15wvztHmjFvKTTImWJU7EnMVWkoiEAk= -cloud.google.com/go/video v1.21.2/go.mod h1:UNXGQj3Hdyb70uaF9JeeM8Y8BAmAzLEMSWmyBKY2iVM= -cloud.google.com/go/video v1.23.1/go.mod h1:ncFS3D2plMLhXkWkob/bH4bxQkubrpAlln5x7RWluXA= -cloud.google.com/go/video v1.24.0/go.mod h1:h6Bw4yUbGNEa9dH4qMtUMnj6cEf+OyOv/f2tb70G6Fk= -cloud.google.com/go/videointelligence v1.11.2/go.mod h1:ocfIGYtIVmIcWk1DsSGOoDiXca4vaZQII1C85qtoplc= -cloud.google.com/go/videointelligence v1.11.5/go.mod h1:/PkeQjpRponmOerPeJxNPuxvi12HlW7Em0lJO14FC3I= -cloud.google.com/go/videointelligence v1.11.7/go.mod h1:iMCXbfjurmBVgKuyLedTzv90kcnppOJ6ttb0+rLDID0= -cloud.google.com/go/videointelligence v1.11.9/go.mod h1:Mv0dgb6U12BfBRPj39nM/7gcAFS1+VVGpTiyMJ/ShPo= -cloud.google.com/go/videointelligence v1.12.1/go.mod h1:C9bQom4KOeBl7IFPj+NiOS6WKEm1P6OOkF/ahFfE1Eg= -cloud.google.com/go/videointelligence v1.12.6/go.mod h1:/l34WMndN5/bt04lHodxiYchLVuWPQjCU6SaiTswrIw= -cloud.google.com/go/vision/v2 v2.7.3/go.mod h1:V0IcLCY7W+hpMKXK1JYE0LV5llEqVmj+UJChjvA1WsM= -cloud.google.com/go/vision/v2 v2.8.0/go.mod h1:ocqDiA2j97pvgogdyhoxiQp2ZkDCyr0HWpicywGGRhU= -cloud.google.com/go/vision/v2 v2.8.2/go.mod h1:BHZA1LC7dcHjSr9U9OVhxMtLKd5l2jKPzLRALEJvuaw= -cloud.google.com/go/vision/v2 v2.8.4/go.mod h1:qlmeVbmCfPNuD1Kwa7/evqCJYoJ7WhiZ2XeVSYwiOaA= -cloud.google.com/go/vision/v2 v2.9.1/go.mod h1:keORalKMowhEZB5hEWi1XSVnGALMjLlRwZbDiCPFuQY= -cloud.google.com/go/vision/v2 v2.9.5/go.mod h1:1SiNZPpypqZDbOzU052ZYRiyKjwOcyqgGgqQCI/nlx8= -cloud.google.com/go/vmmigration v1.7.2/go.mod h1:iA2hVj22sm2LLYXGPT1pB63mXHhrH1m/ruux9TwWLd8= -cloud.google.com/go/vmmigration v1.7.5/go.mod h1:pkvO6huVnVWzkFioxSghZxIGcsstDvYiVCxQ9ZH3eYI= -cloud.google.com/go/vmmigration v1.7.7/go.mod h1:qYIK5caZY3IDMXQK+A09dy81QU8qBW0/JDTc39OaKRw= -cloud.google.com/go/vmmigration v1.7.9/go.mod h1:x5LQyAESUXsI7/QAQY6BV8xEjIrlkGI+S+oau/Sb0Gs= -cloud.google.com/go/vmmigration v1.8.1/go.mod h1:MB7vpxl6Oz2w+CecyITUTDFkhWSMQmRTgREwkBZFyZk= -cloud.google.com/go/vmmigration v1.8.6/go.mod h1:uZ6/KXmekwK3JmC8PzBM/cKQmq404TTfWtThF6bbf0U= -cloud.google.com/go/vmwareengine v1.0.1/go.mod h1:aT3Xsm5sNx0QShk1Jc1B8OddrxAScYLwzVoaiXfdzzk= -cloud.google.com/go/vmwareengine v1.1.1/go.mod h1:nMpdsIVkUrSaX8UvmnBhzVzG7PPvNYc5BszcvIVudYs= -cloud.google.com/go/vmwareengine v1.1.3/go.mod h1:UoyF6LTdrIJRvDN8uUB8d0yimP5A5Ehkr1SRzL1APZw= -cloud.google.com/go/vmwareengine v1.1.5/go.mod h1:Js6QbSeC1OgpyygalCrMj90wa93O3kFgcs/u1YzCKsU= -cloud.google.com/go/vmwareengine v1.3.1/go.mod h1:mSYu3wnGKJqvvhIhs7VA47/A/kLoMiJz3gfQAh7cfaI= -cloud.google.com/go/vmwareengine v1.3.5/go.mod h1:QuVu2/b/eo8zcIkxBYY5QSwiyEcAy6dInI7N+keI+Jg= -cloud.google.com/go/vpcaccess v1.7.2/go.mod h1:mmg/MnRHv+3e8FJUjeSibVFvQF1cCy2MsFaFqxeY1HU= -cloud.google.com/go/vpcaccess v1.7.5/go.mod h1:slc5ZRvvjP78c2dnL7m4l4R9GwL3wDLcpIWz6P/ziig= -cloud.google.com/go/vpcaccess v1.7.7/go.mod h1:EzfSlgkoAnFWEMznZW0dVNvdjFjEW97vFlKk4VNBhwY= -cloud.google.com/go/vpcaccess v1.7.9/go.mod h1:Y0BlcnG9yTkoM6IL6auBeKvVEXL4LmNIxzscekrn/uk= -cloud.google.com/go/vpcaccess v1.8.1/go.mod h1:cWlLCpLOuMH8oaNmobaymgmLesasLd9w1isrKpiGwIc= -cloud.google.com/go/vpcaccess v1.8.6/go.mod h1:61yymNplV1hAbo8+kBOFO7Vs+4ZHYI244rSFgmsHC6E= -cloud.google.com/go/webrisk v1.9.2/go.mod h1:pY9kfDgAqxUpDBOrG4w8deLfhvJmejKB0qd/5uQIPBc= -cloud.google.com/go/webrisk v1.9.5/go.mod h1:aako0Fzep1Q714cPEM5E+mtYX8/jsfegAuS8aivxy3U= -cloud.google.com/go/webrisk v1.9.7/go.mod h1:7FkQtqcKLeNwXCdhthdXHIQNcFWPF/OubrlyRcLHNuQ= -cloud.google.com/go/webrisk v1.9.9/go.mod h1:Wre67XdNQbt0LCBrvwVNBS5ORb8ssixq/u04CCZoO+k= -cloud.google.com/go/webrisk v1.10.1/go.mod h1:VzmUIag5P6V71nVAuzc7Hu0VkIDKjDa543K7HOulH/k= -cloud.google.com/go/webrisk v1.11.1/go.mod h1:+9SaepGg2lcp1p0pXuHyz3R2Yi2fHKKb4c1Q9y0qbtA= -cloud.google.com/go/websecurityscanner v1.6.2/go.mod h1:7YgjuU5tun7Eg2kpKgGnDuEOXWIrh8x8lWrJT4zfmas= -cloud.google.com/go/websecurityscanner v1.6.5/go.mod h1:QR+DWaxAz2pWooylsBF854/Ijvuoa3FCyS1zBa1rAVQ= -cloud.google.com/go/websecurityscanner v1.6.7/go.mod h1:EpiW84G5KXxsjtFKK7fSMQNt8JcuLA8tQp7j0cyV458= -cloud.google.com/go/websecurityscanner v1.6.9/go.mod h1:xrMxPiHB5iFxvc2tqbfUr6inPox6q6y7Wg0LTyZOKTw= -cloud.google.com/go/websecurityscanner v1.7.1/go.mod h1:vAZ6hyqECDhgF+gyVRGzfXMrURQN5NH75Y9yW/7sSHU= -cloud.google.com/go/websecurityscanner v1.7.6/go.mod h1:ucaaTO5JESFn5f2pjdX01wGbQ8D6h79KHrmO2uGZeiY= -cloud.google.com/go/workflows v1.12.1/go.mod h1:5A95OhD/edtOhQd/O741NSfIMezNTbCwLM1P1tBRGHM= -cloud.google.com/go/workflows v1.12.4/go.mod h1:yQ7HUqOkdJK4duVtMeBCAOPiN1ZF1E9pAMX51vpwB/w= -cloud.google.com/go/workflows v1.12.6/go.mod h1:oDbEHKa4otYg4abwdw2Z094jB0TLLiFGAPA78EDAKag= -cloud.google.com/go/workflows v1.12.8/go.mod h1:b7akG38W6lHmyPc+WYJxIYl1rEv79bBMYVwEZmp3aJQ= -cloud.google.com/go/workflows v1.13.1/go.mod h1:xNdYtD6Sjoug+khNCAtBMK/rdh8qkjyL6aBas2XlkNc= -cloud.google.com/go/workflows v1.14.2/go.mod h1:5nqKjMD+MsJs41sJhdVrETgvD5cOK3hUcAs8ygqYvXQ= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= -github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= -github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= -github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= -github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= -github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.0/go.mod h1:dppbR7CwXD4pgtV9t3wD1812RaLDcBjtblcDF5f1vI0= -github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.2/go.mod h1:dppbR7CwXD4pgtV9t3wD1812RaLDcBjtblcDF5f1vI0= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1/go.mod h1:itPGVDKf9cC/ov4MdvJ2QZ0khw4bfoo9jzwTJlaxy2k= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0/go.mod h1:yAZHSGnqScoU556rBOVkwLze6WP5N+U11RHuWaGVxwY= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.50.0/go.mod h1:ZV4VOm0/eHR06JLrXWe09068dHpr3TRpY9Uo7T+anuA= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0/go.mod h1:BnBReJLvVYx2CS/UHOgVz2BXKXD9wsQPxZug20nZhd0= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.51.0/go.mod h1:SZiPHWGOOk3bl8tkevxkoiwPgsIl6CwrWcbwjfHZpdM= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0= -github.com/Microsoft/cosesign1go v1.2.0/go.mod h1:1La/HcGw19rRLhPW0S6u55K6LKfti+GQSgGCtrfhVe8= -github.com/Microsoft/didx509go v0.0.3/go.mod h1:wWt+iQsLzn3011+VfESzznLIp/Owhuj7rLF7yLglYbk= -github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= -github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= -github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= -github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= -github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= -github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= -github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= -github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= -github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= -github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= -github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= -github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= -github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg= -github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU= -github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ= -github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= -github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= -github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= -github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= -github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= -github.com/akavel/rsrc v0.10.2/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= -github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= -github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= -github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= -github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= -github.com/alexflint/go-filemutex v1.3.0/go.mod h1:U0+VA/i30mGBlLCrFPGtTe9y6wGQfNAWPBTekHQ+c8A= -github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= -github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= -github.com/apache/arrow/go/v15 v15.0.2/go.mod h1:DGXsR3ajT524njufqf95822i+KTh+yea1jass9YXgjA= -github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= -github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= -github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= -github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= -github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= -github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= -github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/bytecodealliance/wasmtime-go v0.36.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= -github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= -github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= -github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= -github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/checkpoint-restore/checkpointctl v1.3.0/go.mod h1:dqZH4wDvbjnsqFGK2LdUDk21yFQ1dCAtzgRMlG44KDM= -github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= -github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= -github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo= -github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs= -github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs= -github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww= -github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= -github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= -github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= -github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg= -github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc= -github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= -github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= -github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= -github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= -github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50/go.mod h1:5e1+Vvlzido69INQaVO6d87Qn543Xr6nooe9Kz7oBFM= -github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= -github.com/cncf/xds/go v0.0.0-20240822171458-6449f94b4d59/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= -github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= -github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= -github.com/cockroachdb/datadriven v1.0.2/go.mod h1:a9RdTaap04u637JoCzcUoIcDmvwSUtcUFtT/C3kJlTU= -github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= -github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= -github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= -github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E= -github.com/containerd/btrfs/v2 v2.0.0/go.mod h1:swkD/7j9HApWpzl8OHfrHNxppPd9l44DFZdF94BUj9k= -github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI= -github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= -github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM= -github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= -github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= -github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= -github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8= -github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= -github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= -github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= -github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= -github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= -github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= -github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ= -github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= -github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s= -github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE= -github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0= -github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0= -github.com/containerd/containerd v1.6.23/go.mod h1:UrQOiyzrLi3n4aezYJbQH6Il+YzTvnHFbEuO3yfDrM4= -github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig= -github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= -github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= -github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= -github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= -github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk= -github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= -github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= -github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= -github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= -github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= -github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= -github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU= -github.com/containerd/go-cni v1.1.0/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= -github.com/containerd/go-cni v1.1.3/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= -github.com/containerd/go-cni v1.1.6/go.mod h1:BWtoWl5ghVymxu6MBjg79W9NZrCRyHIdUtk4cauMe34= -github.com/containerd/go-cni v1.1.9/go.mod h1:XYrZJ1d5W6E2VOvjffL3IZq0Dz6bsVlERHbekNK90PM= -github.com/containerd/go-cni v1.1.11/go.mod h1:/Y/sL8yqYQn1ZG1om1OncJB1W4zN3YmjfP/ShCzG/OY= -github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= -github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= -github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g= -github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok= -github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U= -github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0= -github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA= -github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4= -github.com/containerd/imgcrypt v1.1.4/go.mod h1:LorQnPtzL/T0IyCeftcsMEO7AqxUDbdO8j/tSUpgxvo= -github.com/containerd/imgcrypt v1.1.7/go.mod h1:FD8gqIcX5aTotCtOmjeCsi3A1dHmTZpnMISGKSczt4k= -github.com/containerd/imgcrypt v1.1.8/go.mod h1:x6QvFIkMyO2qGIY2zXc88ivEzcbgvLdWjoZyGqDap5U= -github.com/containerd/imgcrypt/v2 v2.0.0-rc.1/go.mod h1:3/Ab3iliBt/aBVNYOwecT1YagCqAiHidOmVsrjtHF1A= -github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= -github.com/containerd/nri v0.6.1/go.mod h1:7+sX3wNx+LR7RzhjnJiUkFDhn18P5Bg/0VnJ/uXpRJM= -github.com/containerd/nri v0.8.0/go.mod h1:uSkgBrCdEtAiEz4vnrq8gmAC4EnVAM5Klt0OuK5rZYQ= -github.com/containerd/otelttrpc v0.0.0-20240305015340-ea5083fda723/go.mod h1:ZKzztepTSz/LKtbUSzfBNVwgqBEPABVZV9PQF/l53+Q= -github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= -github.com/containerd/plugin v1.0.0/go.mod h1:hQfJe5nmWfImiqT1q8Si3jLv3ynMUIBB47bQ+KexvO8= -github.com/containerd/protobuild v0.3.0/go.mod h1:5mNMFKKAwCIAkFBPiOdtRx2KiQlyEJeMXnL5R1DsWu8= -github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= -github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= -github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= -github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= -github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= -github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= -github.com/containerd/ttrpc v1.1.2/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ= -github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= -github.com/containerd/ttrpc v1.2.6-0.20240827082320-b5cd6e4b3287/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= -github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= -github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk= -github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg= -github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY= -github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= -github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= -github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g= -github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw= -github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y= -github.com/containerd/zfs v1.1.0/go.mod h1:oZF9wBnrnQjpWLaPKEinrx3TQ9a+W/RJO7Zb41d8YLE= -github.com/containerd/zfs/v2 v2.0.0-rc.0/go.mod h1:g36g/XCEGDRxUXIFdM3oWAEvmTvhfz/eKWElqg4Secw= -github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y= -github.com/containernetworking/cni v1.1.1/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= -github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= -github.com/containernetworking/cni v1.2.2/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= -github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= -github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= -github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE= -github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8= -github.com/containernetworking/plugins v1.2.0/go.mod h1:/VjX4uHecW5vVimFa1wkG4s+r/s9qIfPdqlLF4TW8c4= -github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM= -github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= -github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= -github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= -github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g= -github.com/containers/ocicrypt v1.1.6/go.mod h1:WgjxPWdTJMqYMjf3M6cuIFFA1/MpyyhIM99YInA+Rvc= -github.com/containers/ocicrypt v1.1.10/go.mod h1:YfzSSr06PTHQwSTUKqDSjish9BeW1E4HUmreluQcMd8= -github.com/containers/ocicrypt v1.2.0/go.mod h1:ZNviigQajtdlxIZGibvblVuIFBKIuUI2M0QM12SD31U= -github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= -github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= -github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= -github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= -github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= -github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= -github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= -github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= -github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= -github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= -github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= -github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0= -github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= -github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= -github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= -github.com/dgraph-io/badger/v3 v3.2103.2/go.mod h1:RHo4/GmYcKKh5Lxu63wLEMHJ70Pac2JqZRYGhlyAo2M= -github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= -github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug= -github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= -github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= -github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= -github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v23.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= -github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= -github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= -github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= -github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI= -github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= -github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= -github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= -github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8= -github.com/envoyproxy/go-control-plane v0.13.4/go.mod h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA= -github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw= -github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= -github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= -github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU= -github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= -github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= -github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= -github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= -github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-ini/ini v1.66.6/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= -github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= -github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= -github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= -github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= -github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= -github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= -github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= -github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= -github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= -github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= -github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= -github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= -github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= -github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= -github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= -github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= -github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= -github.com/golang/glog v1.2.5/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= -github.com/golang/mock v1.7.0-rc.1/go.mod h1:s42URUywIqd+OcERslBJvOjepvNymP31m3q8d/GkuRs= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= -github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= -github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-configfs-tsm v0.3.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk= -github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= -github.com/google/go-eventlog v0.0.1/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= -github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= -github.com/google/go-pkcs11 v0.3.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= -github.com/google/go-sev-guest v0.8.0/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs= -github.com/google/go-tpm-tools v0.4.2/go.mod h1:fGUDZu4tw3V4hUVuFHmiYgRd0c58/IXivn9v3Ea/ck4= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= -github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= -github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/cloud-bigtable-clients-test v0.0.2/go.mod h1:mk3CrkrouRgtnhID6UZQDK3DrFFa7cYCAJcEmNsHYrY= -github.com/googleapis/cloud-bigtable-clients-test v0.0.3/go.mod h1:TWtDzrrAI70C3dNLDY+nZN3gxHtFdZIbpL9rCTFyxE0= -github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= -github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= -github.com/googleapis/enterprise-certificate-proxy v0.3.5/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= -github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= -github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= -github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= -github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= -github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= -github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= -github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= -github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= -github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/googleapis/google-cloud-go-testing v0.0.0-20210719221736-1c9a4c676720/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= -github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= -github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1/go.mod h1:lXGCsh6c22WGtjr+qGHj1otzZpV/1kwTMAqkwZsnWRU= -github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0/go.mod h1:XKMd7iuf/RGPSMJ/U4HP0zS2Z9Fh8Ps9a+6X26m/tmI= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= -github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= -github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= -github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= -github.com/intel/goresctrl v0.3.0/go.mod h1:fdz3mD85cmP9sHD8JUlrNWAxvwM86CrbmVXltEKd7zk= -github.com/intel/goresctrl v0.8.0/go.mod h1:T3ZZnuHSNouwELB5wvOoUJaB7l/4Rm23rJy/wuWJlr0= -github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= -github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= -github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/josephspurrier/goversioninfo v1.4.0/go.mod h1:JWzv5rKQr+MmW+LvM412ToT/IkYDZjaclF2pKDss8IY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= -github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= -github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y= -github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ= -github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= -github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc= -github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx v1.2.25/go.mod h1:zoNuZymNl5lgdcu6P7K6ie2QRll5HVfF4xwxBBK1NxY= -github.com/lestrrat-go/jwx v1.2.29/go.mod h1:hU8k2l6WF0ncx20uQdOmik/Gjg6E3/wIRtXSNFeZuB8= -github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= -github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= -github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= -github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= -github.com/lyft/protoc-gen-star/v2 v2.0.4-0.20230330145011-496ad1ac90a4/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= -github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= -github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= -github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= -github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= -github.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE= -github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= -github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= -github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= -github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= -github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= -github.com/mistifyio/go-zfs/v3 v3.0.1/go.mod h1:CzVgeB0RvF2EGzQnytKVvVSDwmKJXxkOTUGbNrTja/k= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= -github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs= -github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= -github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= -github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= -github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= -github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= -github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= -github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= -github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= -github.com/moby/sys/symlink v0.3.0/go.mod h1:3eNdhduHmYPcgsJtZXW1W4XUJdZGBIkttZ8xKqPUJq0= -github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= -github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= -github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= -github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= -github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs= -github.com/networkplumbing/go-nft v0.4.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= -github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= -github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= -github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= -github.com/open-policy-agent/opa v0.42.2/go.mod h1:MrmoTi/BsKWT58kXlVayBb+rYVeaMwuBm3nYAN3923s= -github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= -github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= -github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= -github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= -github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= -github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= -github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= -github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= -github.com/opencontainers/runc v1.1.2/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= -github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= -github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA= -github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= -github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= -github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI= -github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= -github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= -github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= -github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= -github.com/peterh/liner v1.2.2/go.mod h1:xFwJyiKIXJZUKItq5dGHZSTBRAuG/CpeNpWLyiNRNwI= -github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= -github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= -github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= -github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= -github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= -github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= -github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= -github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= -github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= -github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= -github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= -github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= -github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= -github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= -github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= -github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= -github.com/safchain/ethtool v0.4.0/go.mod h1:XLLnZmy4OCRTkksP/UiMjij96YmIsBfmBQcs7H6tA48= -github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= -github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= -github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= -github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= -github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= -github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= -github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= -github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= -github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= -github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= -github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= -github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= -github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= -github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= -github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= -github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= -github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= -github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.19.1/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= -github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0= -github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ= -github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= -github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= -github.com/vektah/gqlparser/v2 v2.4.5/go.mod h1:flJWIR04IMQPGz+BXLrORkrARBxv/rtyIAFvd/MceW0= -github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= -github.com/veraison/go-cose v1.1.0/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= -github.com/veraison/go-cose v1.2.0/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= -github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= -github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= -github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= -github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= -github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= -github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= -github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= -github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= -github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= -github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -github.com/xhit/go-str2duration v1.2.0/go.mod h1:3cPSlfZlUHVlneIVfePFWcJZsuwf+P1v2SRTV4cUmp4= -github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= -github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= -github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= -github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= -github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= -github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= -github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= -github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= -github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= -go.einride.tech/aip v0.67.1/go.mod h1:ZGX4/zKw8dcgzdLsrvpOOGxfxI2QSk12SlP7d6c0/XI= -go.einride.tech/aip v0.68.0/go.mod h1:7y9FF8VtPWqpxuAxl0KQWqaULxW4zFIesD6zF5RIHHg= -go.einride.tech/aip v0.68.1/go.mod h1:XaFtaj4HuA3Zwk9xoBtTWgNubZ0ZZXv9BZJCkuKuWbg= -go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= -go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= -go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ= -go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I= -go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= -go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU= -go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI= -go.etcd.io/etcd/client/v2 v2.305.13/go.mod h1:iQnL7fepbiomdXMb3om1rHq96htNNGv2sJkEcZGDRRg= -go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk= -go.etcd.io/etcd/pkg/v3 v3.5.13/go.mod h1:N+4PLrp7agI/Viy+dUYpX7iRtSPvKq+w8Y14d1vX+m0= -go.etcd.io/etcd/raft/v3 v3.5.13/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw= -go.etcd.io/etcd/server/v3 v3.5.13/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ= -go.etcd.io/gofail v0.1.0/go.mod h1:VZBCXYGZhHAinaBiiqYvuDynvahNsAyLFwB3kEHKz1M= -go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.opentelemetry.io/contrib v0.20.0 h1:ubFQUn0VCZ0gPwIoJfBJVpeBlyRMxu8Mm/huKWYd9p0= -go.opentelemetry.io/contrib/detectors/gcp v1.29.0/go.mod h1:GW2aWZNwR2ZxDLdv8OyC2G8zkRoQBuURgV7RPQgcPoU= -go.opentelemetry.io/contrib/detectors/gcp v1.35.0/go.mod h1:qGWP8/+ILwMRIUf9uIVLloR1uo5ZYAslM4O6OqUi1DA= -go.opentelemetry.io/contrib/detectors/gcp v1.36.0/go.mod h1:IbBN8uAIIx734PTonTPxAxnjc2pQTxWNkwfstZ+6H2k= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0/go.mod h1:vsh3ySueQCiKPxFLvjWC4Z135gIa34TQ/NSqkDTZYUM= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0/go.mod h1:5eCOqeGphOyz6TsY3ZDNjE33SM/TFAK3RGuCL2naTgY= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= -go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= -go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+nrD5xk= -go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= -go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= -go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI= -go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= -go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0/go.mod h1:M1hVZHNxcbkAlcvrOMlpQ4YOO3Awf+4N2dxkZL3xm04= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0/go.mod h1:ceUgdyfNv4h4gLxHR0WNfDiiVmZFodZhZSbOLhpxqXE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0/go.mod h1:B5Ki776z/MBnVha1Nzwp5arlzBbE3+1jk+pGmaP5HME= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0/go.mod h1:E+/KKhwOSw8yoPxSSuUHG6vKppkvhN+S1Jc7Nib3k3o= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0/go.mod h1:TMu73/k1CP8nBUpDLc71Wj/Kf7ZS9FK5b53VapRsP9o= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.31.0/go.mod h1:2HpZxxQurfGxJlJDblybejHB6RX6pmExPNe517hREw4= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0/go.mod h1:U2R3XyVPzn0WX7wOIypPuptulsMcPDPs/oiSVOMVnHY= -go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU= -go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= -go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= -go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY= -go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= -go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= -go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= -go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= -go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= -go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= -go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= -go.opentelemetry.io/otel/sdk/metric v1.29.0/go.mod h1:6zZLdCl2fkauYoZIOn/soQIDSWFmNSRcICarHfuhNJQ= -go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= -go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk= -go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48yyE4TNvoHqU= -go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= -go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= -go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo= -go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= -go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= -go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= -go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= -go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= -go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= -go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= -go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= -go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= -golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= -golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= -golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= -golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= -golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= -golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= -golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= -golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= -golang.org/x/exp v0.0.0-20231214170342-aacd6d4b4611/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= -golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= -golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= -golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= -golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= -golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= -golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= -golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= -golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= -golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= -golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= -golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= -golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= -golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= -golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= -golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= -golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= -golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= -golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= -golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU= -golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA= -golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= -golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= -golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= -golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= -golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= -golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= -golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= -golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= -google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= -google.golang.org/api v0.152.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY= -google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYlAHs0= -google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= -google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw= -google.golang.org/api v0.178.0/go.mod h1:84/k2v8DFpDRebpGcooklv/lais3MEfqpaBLA12gl2U= -google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE= -google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= -google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= -google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= -google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE= -google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= -google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= -google.golang.org/api v0.229.0/go.mod h1:wyDfmq5g1wYJWn29O22FDWN48P7Xcz0xz+LBpptYvB0= -google.golang.org/api v0.230.0/go.mod h1:aqvtoMk7YkiXx+6U12arQFExiRV9D/ekvMCwCd/TksQ= -google.golang.org/api v0.232.0/go.mod h1:p9QCfBWZk1IJETUdbTKloR5ToFdKbYh2fkjsUL6vNoY= -google.golang.org/api v0.239.0/go.mod h1:cOVEm2TpdAGHL2z+UwyS+kmlGr3bVWQQ6sYEqkKje50= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk= -google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= -google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= -google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:EMfReVxb80Dq1hhioy0sOsY9jCE46YDgHlJ7fWVUWRE= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= -google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic= -google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= -google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= -google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= -google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw= -google.golang.org/genproto v0.0.0-20240528184218-531527333157/go.mod h1:ubQlAQnzejB8uZzszhrTCU2Fyp6Vi7ZE5nn0c3W8+qQ= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:sAo5UzpjUwgFBCzupwhcLcxHVDK7vG5IqI30YnwX2eE= -google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= -google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:SUBoKXbI1Efip18FClrQVGjWcyd0QZd8KkvdP34t7ww= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= -google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI= -google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= -google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= -google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= -google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= -google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE= -google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6/go.mod h1:10yRODfgim2/T8csjQsMPgZOMvtytXKTDRzH6HRGzRw= -google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= -google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas= -google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= -google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= -google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M= -google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= -google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e/go.mod h1:085qFyf2+XaZlRdCgKNCIZ3afY2p4HHZdoIRpId8F4A= -google.golang.org/genproto/googleapis/api v0.0.0-20250425173222-7b384671a197/go.mod h1:Cd8IzgPo5Akum2c9R6FsXNaZbH3Jpa2gpHlW89FqlyQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw= -google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822/go.mod h1:h3c4v36UTKzUiuaOKQ6gr3S+0hovBtUrXzTG/i3+XEc= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20240311132316-a219d84964c2/go.mod h1:vh/N7795ftP0AkN1w8XKqN4w1OdUKXW5Eummda+ofv8= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20240429193739-8cf5692501f6/go.mod h1:ULqtoQMxDLNRfW+pJbKA68wtIy1OiYjdIsJs3PMpzh8= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20240722135656-d784300faade/go.mod h1:5/MT647Cn/GGhwTpXC7QqcaR5Cnee4v4MKCU1/nwnIQ= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20241015192408-796eee8c2d53/go.mod h1:T8O3fECQbif8cez15vxAcjbwXxvL2xbnvbQ7ZfiMAMs= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20241021214115-324edc3d5d38/go.mod h1:T8O3fECQbif8cez15vxAcjbwXxvL2xbnvbQ7ZfiMAMs= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:h6yxum/C2qRb4txaZRLDHK8RyS0H/o2oEDeKY4onY/Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230731190214-cbb8c96f2d6d/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240513163218-0867130af1f8/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240822170219-fc7c04adadcd/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250227231956-55c901821b1e/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250425173222-7b384671a197/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250811230008-5f3141c8851a/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= -google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= -google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= -google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= -google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= -google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= -google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= -google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= -google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= -google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= -google.golang.org/grpc v1.67.3/go.mod h1:YGaHCc6Oap+FzBJTZLBzkGSYt/cvGPFTPxkn7QfSU8s= -google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= -google.golang.org/grpc v1.71.1/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= -google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= -google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= -google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= -google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= -google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= -gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= -k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= -k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= -k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= -k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= -k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ= -k8s.io/apiserver v0.26.2/go.mod h1:GHcozwXgXsPuOJ28EnQ/jXEM9QeG6HT22YxSNmpYNh8= -k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE= -k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= -k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y= -k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= -k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= -k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= -k8s.io/component-base v0.22.5/go.mod h1:VK3I+TjuF9eaa+Ln67dKxhGar5ynVbwnGrUiNF4MqCI= -k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs= -k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ= -k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= -k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= -k8s.io/cri-api v0.23.1/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4= -k8s.io/cri-api v0.25.3/go.mod h1:riC/P0yOGUf2K1735wW+CXs1aY2ctBgePtnnoFLd0dU= -k8s.io/cri-api v0.27.1/go.mod h1:+Ts/AVYbIo04S86XbTD73UPp/DkTiYxtsFeOFEu32L0= -k8s.io/cri-api v0.31.2/go.mod h1:Po3TMAYH/+KrZabi7QiwQI4a692oZcUOUThd/rqwxrI= -k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= -k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= -k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kms v0.31.2/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94= -k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= -k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubelet v0.31.2/go.mod h1:0E4++3cMWi2cJxOwuaQP3eMBa7PSOvAFgkTPlVc/2FA= -k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= -k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc= -oras.land/oras-go/v2 v2.3.1/go.mod h1:5AQXVEu1X/FKp1F9DMOb5ZItZBOa0y5dha0yCm4NR9c= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= -sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= -sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -tags.cncf.io/container-device-interface v0.7.2/go.mod h1:Xb1PvXv2BhfNb3tla4r9JL129ck1Lxv9KuU6eVOfKto= -tags.cncf.io/container-device-interface v0.8.0/go.mod h1:Apb7N4VdILW0EVdEMRYXIDVRZfNJZ+kmEUss2kRRQ6Y= -tags.cncf.io/container-device-interface/specs-go v0.7.0/go.mod h1:hMAwAbMZyBLdmYqWgYcKH0F/yctNpV3P35f+/088A80= -tags.cncf.io/container-device-interface/specs-go v0.8.0/go.mod h1:BhJIkjjPh4qpys+qm4DAYtUyryaTDg9zris+AczXyws= diff --git a/vendor/github.com/google/go-tpm-tools/internal/cert.go b/vendor/github.com/google/go-tpm-tools/internal/cert.go deleted file mode 100644 index a4a2cbb7c..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/cert.go +++ /dev/null @@ -1,84 +0,0 @@ -package internal - -import ( - "crypto/x509" - "fmt" - "io" - "net/http" -) - -const ( - maxIssuingCertificateURLs = 3 - maxCertChainLength = 4 -) - -// GetCertificateChain constructs the certificate chain for the key's certificate. -// If an error is encountered in the process, return what has been constructed so far. -func GetCertificateChain(cert *x509.Certificate, client *http.Client) ([][]byte, error) { - var certs [][]byte - currentCert := cert - for len(certs) <= maxCertChainLength { - issuingCert, err := fetchIssuingCertificate(client, currentCert) - if err != nil { - return nil, err - } - if issuingCert == nil { - return certs, nil - } - certs = append(certs, issuingCert.Raw) - currentCert = issuingCert - } - return nil, fmt.Errorf("max certificate chain length (%v) exceeded", maxCertChainLength) -} - -// Given a certificate, iterates through its IssuingCertificateURLs and returns -// the certificate that signed it. If the certificate lacks an -// IssuingCertificateURL, return nil. If fetching the certificates fails or the -// cert chain is malformed, return an error. -func fetchIssuingCertificate(client *http.Client, cert *x509.Certificate) (*x509.Certificate, error) { - // Check if we should event attempt fetching. - if cert == nil || len(cert.IssuingCertificateURL) == 0 { - return nil, nil - } - // For each URL, fetch and parse the certificate, then verify whether it signed cert. - // If successful, return the parsed certificate. If any step in this process fails, try the next url. - // If all the URLs fail, return the last error we got. - // TODO(Issue #169): Return a multi-error here - var lastErr error - for i, url := range cert.IssuingCertificateURL { - // Limit the number of attempts. - if i >= maxIssuingCertificateURLs { - break - } - resp, err := client.Get(url) - if err != nil { - lastErr = fmt.Errorf("failed to retrieve certificate at %v: %w", url, err) - continue - } - - if resp.StatusCode != http.StatusOK { - lastErr = fmt.Errorf("certificate retrieval from %s returned non-OK status: %v", url, resp.StatusCode) - continue - } - certBytes, err := io.ReadAll(resp.Body) - resp.Body.Close() - if err != nil { - lastErr = fmt.Errorf("failed to read response body from %s: %w", url, err) - continue - } - - parsedCert, err := x509.ParseCertificate(certBytes) - if err != nil { - lastErr = fmt.Errorf("failed to parse response from %s into a certificate: %w", url, err) - continue - } - - // Check if the parsed certificate signed the current one. - if err = cert.CheckSignatureFrom(parsedCert); err != nil { - lastErr = fmt.Errorf("parent certificate from %s did not sign child: %w", url, err) - continue - } - return parsedCert, nil - } - return nil, lastErr -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/cert_test.go b/vendor/github.com/google/go-tpm-tools/internal/cert_test.go deleted file mode 100644 index 9a502b36e..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/cert_test.go +++ /dev/null @@ -1,76 +0,0 @@ -package internal - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/google/go-tpm-tools/internal/test" -) - -var localClient = http.DefaultClient - -func TestFetchIssuingCertificateSucceeds(t *testing.T) { - testCA, caKey := test.GetTestCert(t, nil, nil, nil) - - ts := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { - rw.WriteHeader(http.StatusOK) - rw.Write(testCA.Raw) - })) - defer ts.Close() - - leafCert, _ := test.GetTestCert(t, []string{"invalid.URL", ts.URL}, testCA, caKey) - - cert, err := fetchIssuingCertificate(localClient, leafCert) - if err != nil || cert == nil { - t.Errorf("fetchIssuingCertificate() did not find valid intermediate cert: %v", err) - } -} - -func TestFetchIssuingCertificateReturnsErrorIfMalformedCertificateFound(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { - rw.WriteHeader(http.StatusOK) - rw.Write([]byte("these are some random bytes")) - })) - defer ts.Close() - - testCA, caKey := test.GetTestCert(t, nil, nil, nil) - leafCert, _ := test.GetTestCert(t, []string{ts.URL}, testCA, caKey) - - _, err := fetchIssuingCertificate(localClient, leafCert) - if err == nil { - t.Fatal("expected fetchIssuingCertificate to fail with malformed cert") - } -} - -func TestGetCertificateChainSucceeds(t *testing.T) { - // Create CA and corresponding server. - testCA, caKey := test.GetTestCert(t, nil, nil, nil) - - caServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { - rw.WriteHeader(http.StatusOK) - rw.Write(testCA.Raw) - })) - - defer caServer.Close() - - // Create intermediate cert and corresponding server. - intermediateCert, intermediateKey := test.GetTestCert(t, []string{caServer.URL}, testCA, caKey) - - intermediateServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { - rw.WriteHeader(http.StatusOK) - rw.Write(intermediateCert.Raw) - })) - defer intermediateServer.Close() - - // Create leaf cert. - leafCert, _ := test.GetTestCert(t, []string{intermediateServer.URL}, intermediateCert, intermediateKey) - - certChain, err := GetCertificateChain(leafCert, localClient) - if err != nil { - t.Fatal(err) - } - if len(certChain) != 2 { - t.Fatalf("GetCertificateChain did not return the expected number of certificates: got %v, want 2", len(certChain)) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/pcrs.go b/vendor/github.com/google/go-tpm-tools/internal/pcrs.go deleted file mode 100644 index 598ed9ea9..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/pcrs.go +++ /dev/null @@ -1,132 +0,0 @@ -// Package internal contains private helper functions needed in client and server -package internal - -import ( - "bytes" - "crypto" - "encoding/hex" - "fmt" - "io" - - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -const minPCRIndex = uint32(0) - -func maxPCRIndex(p *pb.PCRs) uint32 { - high := minPCRIndex - for idx := range p.GetPcrs() { - if idx > high { - high = idx - } - } - return high -} - -// FormatPCRs writes a multiline representation of the PCR values to w. -func FormatPCRs(w io.Writer, p *pb.PCRs) error { - if _, err := fmt.Fprintf(w, "%v:\n", p.Hash); err != nil { - return err - } - for idx := minPCRIndex; idx <= maxPCRIndex(p); idx++ { - if val, ok := p.GetPcrs()[idx]; ok { - if _, err := fmt.Fprintf(w, " %2d: 0x%X\n", idx, val); err != nil { - return err - } - } - } - return nil -} - -// CheckSubset verifies if the pcrs PCRs are a valid "subset" of the provided -// "superset" of PCRs. The PCR values must match (if present), and all PCRs must -// be present in the superset. This function will return an error containing the -// first missing or mismatched PCR number. -func CheckSubset(subset, superset *pb.PCRs) error { - if subset.GetHash() != superset.GetHash() { - return fmt.Errorf("PCR hash algo not matching: %v, %v", subset.GetHash(), superset.GetHash()) - } - for pcrNum, pcrVal := range subset.GetPcrs() { - if expectedVal, ok := superset.GetPcrs()[pcrNum]; ok { - if !bytes.Equal(expectedVal, pcrVal) { - return fmt.Errorf("PCR %d mismatch: expected %v, got %v", - pcrNum, hex.EncodeToString(expectedVal), hex.EncodeToString(pcrVal)) - } - } else { - return fmt.Errorf("PCR %d mismatch: value missing from the superset PCRs", pcrNum) - } - } - return nil -} - -// PCRSelection returns the corresponding tpm2.PCRSelection for the PCR data. -func PCRSelection(p *pb.PCRs) tpm2.PCRSelection { - sel := tpm2.PCRSelection{Hash: tpm2.Algorithm(p.GetHash())} - - for pcrNum := range p.GetPcrs() { - sel.PCRs = append(sel.PCRs, int(pcrNum)) - } - return sel -} - -// SamePCRSelection checks if the Pcrs has the same PCRSelection as the -// provided given tpm2.PCRSelection (including the hash algorithm). -func SamePCRSelection(p *pb.PCRs, sel tpm2.PCRSelection) bool { - if tpm2.Algorithm(p.GetHash()) != sel.Hash { - return false - } - if len(p.GetPcrs()) != len(sel.PCRs) { - return false - } - for _, pcr := range sel.PCRs { - if _, ok := p.Pcrs[uint32(pcr)]; !ok { - return false - } - } - return true -} - -// PCRSessionAuth calculates the authorization value for the given PCRs. -func PCRSessionAuth(p *pb.PCRs, hashAlg crypto.Hash) []byte { - // Start with all zeros, we only use a single policy command on our session. - oldDigest := make([]byte, hashAlg.Size()) - ccPolicyPCR, _ := tpmutil.Pack(tpm2.CmdPolicyPCR) - - // Extend the policy digest, see TPM2_PolicyPCR in Part 3 of the spec. - hash := hashAlg.New() - hash.Write(oldDigest) - hash.Write(ccPolicyPCR) - hash.Write(encodePCRSelection(PCRSelection(p))) - hash.Write(PCRDigest(p, hashAlg)) - newDigest := hash.Sum(nil) - return newDigest[:] -} - -// PCRDigest computes the digest of the Pcrs. Note that the digest hash -// algorithm may differ from the PCRs' hash (which denotes the PCR bank). -func PCRDigest(p *pb.PCRs, hashAlg crypto.Hash) []byte { - hash := hashAlg.New() - for i := uint32(0); i < 24; i++ { - if pcrValue, exists := p.GetPcrs()[i]; exists { - hash.Write(pcrValue) - } - } - return hash.Sum(nil) -} - -// Encode a tpm2.PCRSelection as if it were a TPML_PCR_SELECTION -func encodePCRSelection(sel tpm2.PCRSelection) []byte { - // Encode count, pcrSelections.hash and pcrSelections.sizeofSelect fields - buf, _ := tpmutil.Pack(uint32(1), sel.Hash, byte(3)) - // Encode pcrSelect bitmask - pcrBits := make([]byte, 3) - for _, pcr := range sel.PCRs { - byteNum := pcr / 8 - bytePos := 1 << uint(pcr%8) - pcrBits[byteNum] |= byte(bytePos) - } - - return append(buf, pcrBits...) -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go b/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go deleted file mode 100644 index 5391af189..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/pcrs_test.go +++ /dev/null @@ -1,33 +0,0 @@ -package internal - -import ( - "testing" - - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" -) - -func TestHasSamePCRSelection(t *testing.T) { - var subtests = []struct { - pcrs *pb.PCRs - pcrSel tpm2.PCRSelection - expectedRes bool - }{ - {&pb.PCRs{}, tpm2.PCRSelection{}, true}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1}}, true}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{}}, true}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{4}}, false}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}, 4: {}}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{4}}, false}, - {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}, 2: {}}}, - tpm2.PCRSelection{Hash: tpm2.AlgSHA1, PCRs: []int{1, 2}}, false}, - } - for _, subtest := range subtests { - if SamePCRSelection(subtest.pcrs, subtest.pcrSel) != subtest.expectedRes { - t.Errorf("HasSamePCRSelection result is not expected") - } - } -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/public.go b/vendor/github.com/google/go-tpm-tools/internal/public.go deleted file mode 100644 index 7a3e501f0..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/public.go +++ /dev/null @@ -1,49 +0,0 @@ -package internal - -import ( - "crypto" - "fmt" - - "github.com/google/go-tpm/legacy/tpm2" -) - -// GetSigningHashAlg returns the hash algorithm used for a signing key. Returns -// an error if an algorithm isn't supported, or the key is not a signing key. -func GetSigningHashAlg(pubArea tpm2.Public) (tpm2.Algorithm, error) { - if pubArea.Attributes&tpm2.FlagSign == 0 { - return tpm2.AlgNull, fmt.Errorf("non-signing key used with signing operation") - } - - var sigScheme *tpm2.SigScheme - switch pubArea.Type { - case tpm2.AlgRSA: - sigScheme = pubArea.RSAParameters.Sign - case tpm2.AlgECC: - sigScheme = pubArea.ECCParameters.Sign - default: - return tpm2.AlgNull, fmt.Errorf("unsupported key type: %v", pubArea.Type) - } - - if sigScheme == nil { - return tpm2.AlgNull, fmt.Errorf("unsupported null signing scheme") - } - switch sigScheme.Alg { - case tpm2.AlgRSAPSS, tpm2.AlgRSASSA, tpm2.AlgECDSA: - return sigScheme.Hash, nil - default: - return tpm2.AlgNull, fmt.Errorf("unsupported signing algorithm: %v", sigScheme.Alg) - } -} - -// PubKeysEqual returns whether the two public keys are equal. -func PubKeysEqual(k1 crypto.PublicKey, k2 crypto.PublicKey) bool { - // Common interface for all the standard public key types, see: - // https://pkg.go.dev/crypto@go1.18beta1#PublicKey - type publicKey interface { - Equal(crypto.PublicKey) bool - } - if key, ok := k1.(publicKey); ok { - return key.Equal(k2) - } - return false -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/quote.go b/vendor/github.com/google/go-tpm-tools/internal/quote.go deleted file mode 100644 index ba18361c6..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/quote.go +++ /dev/null @@ -1,135 +0,0 @@ -package internal - -import ( - "bytes" - "crypto" - "crypto/ecdsa" - "crypto/rsa" - "crypto/subtle" - "fmt" - - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" -) - -// SignatureHashAlgs are the hash algorithms we support for Quote signatures, in -// their preferred order of use. -var SignatureHashAlgs = []tpm2.Algorithm{tpm2.AlgSHA512, tpm2.AlgSHA384, tpm2.AlgSHA256} - -// VerifyQuote performs the following checks to validate a Quote: -// - the provided signature is generated by the trusted AK public key -// - the signature signs the provided quote data -// - the quote data starts with TPM_GENERATED_VALUE -// - the quote data is a valid TPMS_QUOTE_INFO -// - the quote data was taken over the provided PCRs -// - the provided PCR values match the quote data internal digest -// - the provided extraData matches that in the quote data -// - the signature hash algorithm must be in HashAlgs -// -// Note that the caller must have already established trust in the provided -// public key before validating the Quote. -// -// VerifyQuote supports ECDSA and RSASSA signature verification. -func VerifyQuote(q *pb.Quote, trustedPub crypto.PublicKey, extraData []byte) error { - sig, err := tpm2.DecodeSignature(bytes.NewBuffer(q.GetRawSig())) - if err != nil { - return fmt.Errorf("signature decoding failed: %v", err) - } - - hash, err := verifyHashAlg(sig) - if err != nil { - return err - } - - switch pub := trustedPub.(type) { - case *ecdsa.PublicKey: - if err = verifyECDSAQuoteSignature(pub, hash, q.GetQuote(), sig); err != nil { - return err - } - case *rsa.PublicKey: - if err = verifyRSASSAQuoteSignature(pub, hash, q.GetQuote(), sig); err != nil { - return err - } - default: - return fmt.Errorf("only RSA and ECC public keys are currently supported, received type: %T", pub) - } - - // Decode and check for magic TPMS_GENERATED_VALUE. - attestationData, err := tpm2.DecodeAttestationData(q.GetQuote()) - if err != nil { - return fmt.Errorf("decoding attestation data failed: %v", err) - } - if attestationData.Type != tpm2.TagAttestQuote { - return fmt.Errorf("expected quote tag, got: %v", attestationData.Type) - } - attestedQuoteInfo := attestationData.AttestedQuoteInfo - if attestedQuoteInfo == nil { - return fmt.Errorf("attestation data does not contain quote info") - } - if subtle.ConstantTimeCompare(attestationData.ExtraData, extraData) == 0 { - return fmt.Errorf("quote extraData %v did not match expected extraData %v", - attestationData.ExtraData, extraData) - } - return validatePCRDigest(attestedQuoteInfo, q.GetPcrs(), hash) -} - -// Get the cryptographic hash used for the signature and make sure we support it -func verifyHashAlg(sig *tpm2.Signature) (crypto.Hash, error) { - var hashAlg tpm2.Algorithm - if sig.ECC != nil { - hashAlg = sig.ECC.HashAlg - } else if sig.RSA != nil { - hashAlg = sig.RSA.HashAlg - } else { - return 0, fmt.Errorf("signature is missing hash algorithm") - } - - // Convert from TPM2 hash algorithm to a Golang hash algorithm - hash, err := hashAlg.Hash() - if err != nil { - return 0, err - } - for _, alg := range SignatureHashAlgs { - if hashAlg == alg { - return hash, nil - } - } - return 0, fmt.Errorf("unsupported signature hash algorithm: %v", hash) -} - -func verifyECDSAQuoteSignature(ecdsaPub *ecdsa.PublicKey, hash crypto.Hash, quoted []byte, sig *tpm2.Signature) error { - if sig.Alg != tpm2.AlgECDSA { - return fmt.Errorf("signature scheme 0x%x is not supported, only ECDSA is supported", sig.Alg) - } - - hashConstructor := hash.New() - hashConstructor.Write(quoted) - if !ecdsa.Verify(ecdsaPub, hashConstructor.Sum(nil), sig.ECC.R, sig.ECC.S) { - return fmt.Errorf("ECC signature verification failed") - } - return nil -} - -func verifyRSASSAQuoteSignature(rsaPub *rsa.PublicKey, hash crypto.Hash, quoted []byte, sig *tpm2.Signature) error { - if sig.Alg != tpm2.AlgRSASSA { - return fmt.Errorf("signature scheme 0x%x is not supported, only RSASSA (PKCS#1 v1.5) is supported", sig.Alg) - } - - hashConstructor := hash.New() - hashConstructor.Write(quoted) - if err := rsa.VerifyPKCS1v15(rsaPub, hash, hashConstructor.Sum(nil), sig.RSA.Signature); err != nil { - return fmt.Errorf("RSASSA signature verification failed: %v", err) - } - return nil -} - -func validatePCRDigest(quoteInfo *tpm2.QuoteInfo, pcrs *pb.PCRs, hash crypto.Hash) error { - if !SamePCRSelection(pcrs, quoteInfo.PCRSelection) { - return fmt.Errorf("given PCRs and Quote do not have the same PCR selection") - } - pcrDigest := PCRDigest(pcrs, hash) - if subtle.ConstantTimeCompare(quoteInfo.PCRDigest, pcrDigest) == 0 { - return fmt.Errorf("given PCRs digest not matching") - } - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb b/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-no-nonce.pb deleted file mode 100644 index fb69dfc6aa03b20c38491a118722ee26ef2c52db..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29596 zcmeHw2|QI>`~Sub>{?}5dM~(9US#-{!Mr?+SnU2M0d+I7dWa8{ioE|fskcJuC4QVnm z@**6><`{?g2d=;?7DTE<%!q{9810fe1DV7b>Gh+|Bg`uvb-afOrv)h3xJxQuvk}_j zR-0L$IpnU=DQ=#A1&@o>=#r3`q(9~0LU(`VJxhFWp-U0tNDL}E;Z1I(%ZD2llin6y z@?(V^DZM_K;@Ww3#QiVNyn3UCQ6#iEwB$+G>32wjGLGi%J>xT7i>0?Y^~A1Nd^8OJ z%+V8+R|Y8J0u>3W}zY^`-5>R8&cmyNk$j7kJYRENbbb6OL^H)KTBiAUOtZL%-( zP@U8}{6fK*ZjqG2d(%`+D~uW70-)mrpLGw6i^K;{=ETKhPIL!UsRSTL`lPWT9jmSB zL=@YlHv7U*4}9A45x{p5(*nErw~G@(w7Iznz&DEd?l;(21b&v~9%I$YP&S{;te(_jtN!Li|S{08-jr4KH)*0*6P_2`LYp^XE^p;M_aBuK0Ysi*QC?rS-1q zxn}a9>m|2?RMg6*v^w_eo!}viccrfcIAdC3r^|WbIJ+;jY((Gn^=KZ8&nna^quBd8 zq+s&7(v{Dy6-7j&df6ohRwYeq^7MJ+(k*j_oz(Mt66v1FX1CmIRumNgRX3tx4mP!QL;;sq?cIt@mP;ZMzStJ$RKpgWTbQqsxPqIN>mZ`w5Q)U?J7XpIw4LL;S*4F87(@8O7z#Ru7iN*H z10i);D_+{AH^w*K$T{?6f$uQ=Py*T?N$mXS0)!#xFjy;?HRuD)bIEzjS;L z8_0*4jzKy5Jw(B!zCMv+?7#956N54<(@bVGJ1^ zgHJ#_w74U6Z11aMkuKewwVbf&!(eI*Ka_yxhp7Q{46UN=wYwWVGpe;z8R<53^){w6 z-qEE}{HZpd{{1!&-EQ-cSgG!crMNXqD;Rm^%e~~ml&2@`dJ7@t!q3)Sg_+6z(dI*Z z9zQziazk&znyno8Xfi%y6?`^Y?n05+l99qevsiT-y|zs%6UXS?bDsp!Oo-gKPD>v~ z7x>#QCClxu>#XV%R)3!qCzTd0ODZqQ$Iv%9*K2pa!r<+>wpT-a=@%gb_u@M|X`Ub5 zdx~NCbx)J2mEiu~+m|;z;98AMlE*~h)#0hC^x=G>4HusW4Gn&XtBBIi(X=KcKjC6T zs~c}kImnDlq+6Un978+(x!fe*q%y;Asn)?uTS^y@YJ9mzx`3@X!s5m7a=TLz3`P|I zKW4|FCCSM8Xz=m|Fk~yJ<=o79F{8k0PIRfgn|(O{Nm^2@(uD)TnYPn{C!rQ~Pik4y zNWoUk1GX#pH;wuaUXY584*rKG{!IW#MMMWz&`9`f)V@%wSsN zbnprGgf%jMajshnQ@vL-((46>`(5Lk?HOwIgwrqUlA}Q?+Fz2M{+Fl-=-?h#sjXZ; zeyUH^({_7)8gg+^_onO-d5zxUs|RzvOdd*u9Es`Rj0q2P4eZn@S@q86mL~TJGWx$t z5@EiyUm-t3Q;EM{AEW~4;M5Xr4EBkqZkN7@dnu7~ApUv5Y~EZd>HIWb$9T!K%sr3_ z`b*`-@JrG&{t^|04*oEu`JzDiHQC+X3H2-~Pf7c6M@i?*uhjIveL(y65hN9qi{zKS zHYpuk3^V*uknrG%ee|s!kj)#VbH=gn)fyMeJVQ5@I7YNifobjfCAlbnsU&EAiHh)- zq^JI+v?%D{=;~7&yc^<=$>$w7-{~w8BQ+jasEW{z_4(?`0ksc(!92o#A+1!(KZS`; zzK@BpZA^6AORYTwF$&nVeC|Bm(KUa8usVhJk=;I;h|6KcrLJ@Tz(nhg;&8G)bxGK< z7?MFmr`V0I=73QoU;p9cCT?dD`0h^Yn+xj-R{Q6i{rA0$pvexTXHF{YI$xyXtUhzET_b=6_C9rTA!g&wUUTx3HIM!1L(I}Ut`q5(HE3bQ!n@X1^)~VB>@oL3ui`-O z%%&*5IqAR;Chr&udFxc84+gu1A{4WnIZzUZyD`hcDVF5jt{hR}6g{E2?s40j_BuQdLN$F75q3(@)bM*0EC1T&NuA2sAwHHkHi0{lwiWMp)R z565IHrhJS1l5bjAcAX7SwTs2TQxAwoFvfa4y_%m#OY))5l?OA=kD2wqb0NHQ8hi^% zhxh|@{v-f=i}Fvs#q_7%qWM#A(b6Hlf%>0%!F&&%f0l$>avQYOaET(e^~6|CuWuFQy*Xpb{3E6=pmn=JMozeu0U3-Y4> zQ>8)lr@j}24iPGAd&N8TO2##P=xMetN>absIg0mJy|izhRbEL9pDE}%6y1^3bm^KC zFw_&Am6GybW!cK!2ju@*HF;9-pD2UxZb3^(z@py4{| za1DQq2M!^&O-Tq4;@^SbZEOGzz<@9Ch#&OWj!^Q7AG@>!IGNQdOH%F9I!FVfr-1_f zpB7m~%hy**CeI}d>kUdACw*xsXLV%5GAQrbk3~(p793f1mns_fwe6=j@R=3V_ z&dm-PB`GFkZa8XBd>zBnxc8+A41J{$C`{}Pax|W?7N7=bfMOg1u;BO$4)6m|fE(!7 z-155v0ifRpz+$GSgaSvpc<8muVdiF~ za=px$`qc+M)E;Rzcd(6`r}^0#X>P#)TIXl`r5X0-m4u~<_uOmdJJBvU9>Xuz$dc>6 z+MIPpXZaBNh5Y2M>`(o4hQ!p6{cyabY8r5TPY-QRU!0DIlP5Sl^tB@eysj|3}o zcbaMW-Tt-&wy`xSDBv(~%WUkO@$TA36FCN)xMXe)wkj|8(P4ia|GDsIrys(AV3_yG z{Ws080y)ULtQ+QjDSd=~zAS2Wg#wMP^n$aEyr*(YP_sRyH1+r1n$A}*yF>mcF5#DQ z)B)r0&JfTA3N2dCO`k41aI*FSqqX2$pPe`%kY?~>_+U(8iB@KsRfSd~TPz|1!h(n( zA}AmtBp@WDvF9XQq5ZtJfU-S+9WgVuMNpEE3q)&2zo#T1fD!|U@KhueK~6$s1|gv* zG&4ccBWUp+GI|O%lpEH`)5imgLheE^-~&nNDfK-4Ja8zi2mBBg6M$qu(BZ===%HGk zp3ZI<_`!o}!bncUZhR<|ewUi(7BR*LZs3K(x?_Vej&K7LBnN^WPe4S^Xr`g512=R- z;Xp?2a9vCg+#iWRa4=DdA`sFDNu-Rpw79q>6Qvm5EB?j%Unz400oU(~mVg)_iXfl{ z5D^3vgb@S;z&RbtAR(=l_W`lT`f{GX(u`DMZFsN!#{O(Z;!}=KOr&zW&lL=hxG@t} zwCQy;itVZ*m*Gvt4X(`eOblUFP{I73lDVAn&Fpb<@A$L_KRIq*sAaoaX11BF$Ypci~|Z1cXEc070=U0*jyqzx{4{0)kBlF@gxZA@<<|s32Src$fHE<;9Mfg#+0k zqv$jf-CIj#9!BR@N*CVa*9qxx0;Es%VC4t zHJb|@4`MP9ug9n!2Ub$>zL9mM3vyt{@W`W-XB2w%CYbHv-0eZ@M>$U3n|*K-Fw_> zMI&#L3@0zNh-R(?`kz!WW}Pf}xAu%BESlHkA(ss(I1#IiC`SSM3pmmrJiz=1nRY-x^vMN~e^+DJFaU&;$12me!AlP6l45 zMvaC(cTb&y&?3dqJ#BOR?l+2xpI;@QTa)GvN-W2@Hq^RuoVHJE`5NZDnvGjR43m$4 zR!mdna_`;TZ9=&S1!DEw1KeX>)1F|WsZPzAdCd{#CaWZ`L|%CtSY>A9Xb1ytp!TYs zixl$Lb-~i1-uI~}$0 z7nsup`@KH`-A=6J_koTJ1UiasprZvYngwC`o>%T;GQ3*6cwemI_sww&>C*rGNXLbM zZzCPc7SiDXP9qTQg7R?2d>`#35MQAk=tYG8m&*M!#A|Tm3Y0Z>8djKS2e>WEPpaQ^ zwf-b95R{%(Tke7(=$%@7U`;C6Qluh}88#Y;E)Bc1!Iy0ci22IaB%RISvw3Y}q!591 z#uau4Cp}}g?>^2`mhf;$rLbMeS`j12wA)g_d2r>rIqMRrNEhe)AHraPrFPZMWt962{zhm-R zp4p*O7eC=bQ}gmSP>a;+)5?an2F8BSms3)0EjGb5WQ8w~zL)Eqrk6BaiB~W_&Q~hx z6OaT+d!Mlo@ur9zh&`Eltv8}SyGy37q>V>2{%S)W=9dt!f7-%UtBsIrwgS#V%;roS zF|Dg)&S`9yO|m599eeD+SBUph;_o0{lD=!)0z|rc^V9hV$q)4+?qm{&&Rn%x&8Tw+ zl;tI3H0+PXHSy7FHC9?g>x9Q>yZMzCFVqQb-bIvtveOK@f><-0g9knQ0O^z{Dp7JP zh2$&^&khbZh?WeE$JW>(@;!a^TO-jiilX}98_#ERv-Q#S$R{ly7E?xiVUFsvMcL5rR?$@s#*4B8X8sE`t z^3qedGH~Y80nh@7c6yKJ+-G*8|s z*v|e~f(EjpX%KBRU|;Co!zFWJa`Z{&*NAudhJNiDD}x4yQi=NVCn~gTX#Y(p06nD7 z-tPyFbIZ9|(Rq(prMhUmD3Fr%8o{mus;;e$FhKSWT@F})WkDRWq) z27aFgNULz%ZCdLvneHlns_KFI()=N(rb-luSKT!%!?Fq)8pTbc{Z!5v&mF~1;S1t9 z0uFyr>~`Yzd>`*95fOwdUlcpd0k%dC?nm~|9QK8asuDQ-0q)}e{cy*O*tHFJ)LU?; zuKELzllU6sBtVe+uafp>(AM9R`g)qG_By@ktOkSgDK1-yx81F;pM_~f3sRC~HF!&C zVTN_yWhJH$$apQSpGehFdbB=&@q{`&{+2?7shDGHPt>SfSE~H#?IRgY`Bhv~tJ6@< z@P;?9pP)vv*WYXE-n?NtULsQ7_J)h|vHpJQJicON-VhT6f+VVq;g)3^^{k24B|^AL z!Q1gfJ44+oN0y)BMofi@bbkrjboFbz505-KV0F!Y#W|E&i|nS|=m)(>iV%w~T@p(^ zp0A+or^Mfbwtxo#7V#h64Vx8xwvdUF?iG|#2zI|>_vvzcPur(%k``H^vf^VNcaub! zUsb8*?Niz~+brd8{QhM}pu+{oqCAB);ZVsQq1s4oV}WG1=87tfJB(LPSF0 zNa6GL6Enk;7kNWuZys8z?YV-uwa~F~;p`!|(LKle-UT2=(l$=l*D7|G_BW@qOB$1l ztxkPFB$fz1Lx%o?CS>B(j~! zG!K_9`Cwm|b8$jRKK;Ra&h;DStJetyD|X+$dqz#KFm}H2^8MDQpXsVv3ACRRnsg7T z7fHT0)^qRS5WTX}^fj~%ImLO`K=bXct4a}2=v{3e9uHuK0x~U|25JDQb|H0LW^s0u z7ID%^wfQB-1EOOCe7rBF2w^~~flpqZR}bP8b@)Cx!*TS(nc|PE1C!!bGa2yS9Cu3| z5}&v=rP&+z>COf+)1JP53LJ0v7TR`{Id}Y61nBV47WfBn%lZO*$G#74E}$}JxD9UP zKt+B{b#5}e{99BD{g;E<7aJBz4^?yV@pQ-fx#LY#CIsU)l2LtwWT0(|ltzkz<|q<0 zN0A_qiQ>HyU%ZI_xPU*yu1em}~9MAZ~L(@h2_{nB|A_=Ye#9Ns&bW(Q& z=tkY-c9qLHBLzfcYG%wn(fbEoJuH}Y(CY9fuEfrHTY>rZYGLEXp#Z-k5$)E`Cml z?Kk|eo^?zd=R{#}HNciKejB^OUm(JtZH-famgg=A!-KIi&W>W5G1c!xY2sI>Pg_dA zRYZhe*)})BFCfCp!@f&X7#>v;9{wNy>Jh(dF)+N)^gG7&cW{%>bxdks*ggq1%}>sR zFkq6NzQv{R*nbl+?LlyE0~7NPEy}MU3U5&U4x;b|<$sZ^KSQfFDpa%4 z$783%C8ZnhdSM>$h*{i@pWb+#Sz=AP;Pw)PmmqD9{i)?l=qcvalBQYy)KVMl_{9Wr zSuM9+RCjKkQGQ0-ao;XsF$ml6oNpt*&ii)$(=r=J4boY{x00U02KO|kW)=oxW7k#E zpElmSLd*P-o%Zn?CKA}?MY%USnC0TBPxG<-h4b_w>aI_gjN^XAX^K+njuyVzK&OCNYthHq9MUCM?v|A7f-gA9adK1HShIP5y^6}9xXtjt4 zfBieOf>c;KR-TCH$!u78#(=Z2>XuWz_L903txWX8|M^hM{ToRt}-&6rW;QB|C z`YCW(-VQiZxf>8~Uy%2&KS>mrNzT52e1BMftis>t99=O7LXlK@lSSsPpsgryb9!%l z8>w*aL@O$i>i&n4x>OP2HOL8-fTO(db)Q7IPE$%m(`D|#n%uf-kv;1*=RAA3H=gY6 z<+o4!7PyGM0M|=U|N7%J0MQU=EjI1|*H~utz>WLfi{Ap*5A+q-_lEyrKN$XpeKq{Q zqfo)Vt5CtdRjA;2g$f}qDut9lNQy~WGE<9+f&pSk#Fu~{b*}$D5q}0!wO4jg^Lq+X zSo6PhW0(c*?M4{ZmH4f*o`q-+v@k}IjoC5Zr;sR1ald*bxlkX&Je*~8%)TQoU&;>H z@4YezQPudE1I^=fS&=w>cloIHoA|2EFt>#}^?@1vaKX#B4+d2_lkKs;fBi+;l~0#7 zbEcmQP@hyt(J&aO^bof=nnpLqbRZS2RQ*=|{4ueX^YK!?DLz`u`|cPUk%vE>-!rvJ zZ0^{Rtbi-rP3-sv%3zWd94DOGp@tT!T?u|7=B}(5Fy9lDFTmc)IIQn|(o2viex2H6 zpBaKIQm)@&)BcrDE9KE_a!8I^;+s)XH7!f3L%2L(5!z!4hh$x5Fp$;R1}Q^?{_h~l zqyZU2vMe}KRuNVa+LiMR5I^F%)pdcx_uw!=7{hl7ehLBMHPW2#3oKXUI$Hg{m zPgvJ&LP6F1ixILNIvY>ihhmS^2;_w@t-hiYYG#>kq-|V_;`7{df(-pQ!9$Rz&hzuBXNmbpPGK_W4M|Hzh173Q-@jA5!Svt_{g~PG#QXQunLHlT$m+BG)6dmq zT8>xeD@RM17Be90&01pE+Xpc@9c8OtkeWwP+O(ZvK$4+>W3}8JmhQzS5rF68yQ@vn zOJ|?#x^DdZzO27jhZK}4Y)dt0F`T~+0(!9ImNRrY+2C6wdUm^7nF}N05J=FxA(!pwcRH@=x1KHJ9 z>-(BzwjZ18F5+_gPi5nnRkKZALLC(@D_kD;y;;4m*r@eAV5rx}UV3~=zTF~U=|NBj z;qC-xtA($C;kyJs1%~6q4ELU1FPTF6lQ`(qoC0PB24A~r`>3eepAR|sMvU1!;EbWH zzc=E!lVYtFf%q9^7hfIokME8UB%ec*6^oP+6b&B8UW(Ef(Z`AO&WvdC_db5YxcVqz zu$(c*SLM9C&GDYSHRJk5uSnQG7C>GFX|UBxJK(BxYqH&t>{BuAiIewI54~RV$Zpgb z-`})*k0FiMo{*OwfY7E`Cn$j^t$iXnY+mUQ% zg@*yS-op`G@qypf1kOZ**WcvjDp`GfW_7G!w*>!qoi466;uEtV6hLOSa3H7)?J1d~ z+Dn=bq!gMG->B8RC+xOLZkHe_0LsfVCisT>qm2 zc!57KXQT{3SM&8_uhzs3D&`cYFJX2SLP!{ZJr(;k8T^SfB0b{jmYukfp_`Cz@+omM z=%`a4Ct|}k--z6>xA}b6sgqDZ@MVd`GxFPwfidfc`DIRiW`_<8-E84=?V9yJ^};$) z2L=?Gh~2Jgo5)6ppGpX&jg^xZyt^6_)2>?lAbR!v$EnUjp5VL@Yz!HNyY6)6{q?#O zP|6?W(;ke&yRY+!+>(?R%%=vp)=39|10LWCCwK6B*@0_y@N1qN0UPMdF`cYmK$gy{ zwD6fUKzOAdK7YS-2nr}T`&?bqzwehmEU^Ee-3H@Iqt9)_&?!%Ws;SQ0Lt+guAfRBh z1}Uh|VP38mZMo-p&Fe(x;5`Haqv5#}Sy^F$L&M6e;;x@58qQ1Kg{z%O^u}-X0@u;F zVLhDT_@yo?US4ikGzy3H^ng2oqm6J?Pfy&|;uueS<=CpV|G5^7FQfkqcl_Mge~$Zh zp8r#M$LIS$mv`d-D0i^+{s;4p?=vTW9Zaxh9$ky_iM8&fFYr}oVby$?p#d)Xd;dYP zuJN?<=Vz5i5(&l=Y1||fn5OK66-nojR;-<2dNAM&rHM9knt4M{C_jhC@H>pn$B302 zi~{-QaE^>wO@KN%u`;Wi#R3PKae|N5d`UwC{Mg@4py2C2-r?tc@eV(M@<)pv^7s5N ze(dvKwG8pcv(-P->;Inr{e{JRKb_M3{bIhK5`SkNBkBM6{4XB5K>+=t(uA$VIvUgF zZ@h0HddhZp5*JcN83F~yBgd0+b3LU$SR8=_bZg02S2MR;8|L}CC)5fhdrUxJfSR~z zs4%Z7X?rP3IuOdDQz~%$)x7d_u;KXi*A=}IWA^!12F_PCXbKmVye+NPdhZCb+*-A( zVr+_6rL93J)M)dP@vwzgtMP7gQ)%mwYugKqfAP;2qzJq?q9>9qeV?m0(pz!|_QF6q z{GZkfxmFl>$Gb}koz#(0K3YjZ3fK{?WPJ ziwR%~s>-IIBKg;xjezWDQG+s-YkM#Dh@L1WKO0MBLM*ABp0?Q-WkRu{04~hla+~*l z&u5bWzmU-w&TpJV6 zul|Mqb~)@YFa`|3pXp!b|84&Dg(kzjkg6TcPk<>hr88Kdf1Bf`!OmCT_WzcD)g6)k z)cxE1zvTbCG8?LX_8gRZ?+G!r5uhKkmG0)f?Q+;*@>~A@8vk$eKSRUgS7oD_Tk(S5 z(3F{dN?CcESe-`@bN|M(Lx{;E^(qY&24t5%DYx@?rz z&1PE?e7EorskUQSKoKk+YAK_tyv1*QxOCBZW;Ri;MH*__@BOi%U>`5Oap=L zf#kxAS}XPuEHY}!+ez-+cNqMu_-mtF_UJf*8z}TK7)KCrb6Qc;5hdzw)vGlT{i4@s zzpw|Cb{@V6U<{apCbapEIDh)i?<;VVb8V2eK^G|KQtXlo&Wqx@m8yd{@iLIXGL^I! z=qK7rd-L9QJKVm4eZ!UkF9hPS#TFL-+1h|l59IKrcf0ZWrp+mf&lKgg>yAbP?-h;I zJBOgaSoy>JbsqJMi*YsSBs$%{x(dUTq%dF^;;&4I1q6!w;ox5(-9b4fPex zbe$h1p79n+KX$eI>Z6($Zs$FaPi{tsT_UWOm5pN~8$EKj0OZR2wz3JIwKWPl{Ounu z?90>72OuB>0^m+E(0wVRou2XAG9)B~KoDRLx?N`0;GoDhcK`Nt7?1?S0pTwc+d~^) zmrOL7cBK+siqYbfF)oGnUg+^Psn?*{(lDZQ@-z|MwBugH`BEO?7~|abV4dT~^^dWW z5<5Lm1&2@=?sVob^;IvsP6?(Z8@uRxhbr?&XqN7-Yyd7xCd9};nVvoA(BmBQNDtaQ z^!_e>2i;HIAUK@$kPNu=wPkgO=2Ho67W0rbS;L+anBAq4HlwRh;Dse)YvJg%g%0%y z6Y8nqLyvmG&7N)AMfR=8xepk>RfYjd(|Zq@bYm_izK!NJumMq%jzokyU;M904VTWB#%^~EI}p0lnk!1 zyK1(bd}ZCMrjIR(coA43~pbIwQ!<*~ibp4(;wJ3wOjgq5Rx%Dhi^&*WwfpW|9>K_X*wY zwO1YJ8QC?#3{!^!N@ef$;G(r$TET;v;kUJ;1p3ZAo9yk@v#Kq#s5=OAh5<{%EGj+n zGw21JBN1;Q-QxMImVD>U3r`D|#{3gAVh)#EON29@G`CVg`$6J5ZpVFB990FeZ^UVO z!V!Dw&dWJbi$Hggo}*5@3;S}QKn7~$lIVtzJL&Bk_6)Iaaj(RLcRzpRYg|Wv%eu7p zZUqcz_sY<@YI#TYos;#!qJ#7#O{}|>5pxB&|YtxMpRxvft$Bk z8S4@shX+gcH~De4LRwaH9`hZ?-Iea2=U1<}qyz(Mdd{i!C|c9>SKUtKPzd1x}1sumj;AAl<{=|_=+vr@|cXE$u4hD`^OouXkRc=;rqy${Z4F^ZS zZN3pGcb_XCoNV&5qtSs<1!iwz=a|VTD4?_P@uE!<523UG>NrI~YoBH9jF@TK#;C7N zaNvEJ8;dYtGGU4{}qR%DE-}^3og7ow-M2CL63Exz?}S=m5sKjG=f*hDJB85hyTJc52zX?#9e;XXb`LKiHBQ^DL_Ji+{XvoQGbuze z>GiD6C&7E8iz6;7r-rh&as5#uaEmg=(+{VB_@;~`dYBKUIL#bu5lxU^vuaw>ef`D> z3cQM>cPBdgR7J(ZJ0DWk=`b-7ib=jYwi;70G}*bX_zVU(*d-l&7s9q*YrRGLPJjSm zoQVGNsd~}9aT7^$Y&RmPB$rRC+7n`2B5GwxQ{2?!_x=j>*tOEAAAE)ULZqoGq*p+O+g9_!Kdis2uFK* z_^v|yVGooS)(#h_fP{bHFYM=m zb;4pC?aG>d25Fn7)OwanA5UL9j1v~V?eGPsULOuGbv_jMR29sCX0NH&H@$V5h5I&}x>!fBb~2&fy+G^n2_~ih7%;Km zXnHs7!wS3LgE&PQq*2Ug%Dx$0K?rFLEJ$`5-lx(kP&wf6Gxy$9i^qD#igXh zP!4EOClpc?C5Zva!0rs?hUbHEkdkt8kU_|Zp&gu@BqULiPBLh4)v`ER+(}A8LR=at z<%j^8A;lb|&{9&47;za1F-J)UX(uN%Qj+Trtv7+~4ORz<6>tRZ9F~>;1b&z`*~vRgB-7=zo3d{gn>s zJFWMZU;F>P^~xBvF_@xC$CW?Tq97)ZHm_!JUIte?PTij?jM_DDLfTdQvSQvnZOz78 ziE%wVkLtCb>hLiez<}PMiA0ChLfgkNx0_;X!^TtU%}rWv=Nfelc0W~oQf%vrNxkdM zcH=SHtyCyGC1CSM%AATD4pewiI1Jp(M0I;X*>5HSKWHZJ7uzR-SNwOZguhj~e}PK( z&szaMGAsVj9b__vr}a4ySbTa*DN;I5rad_tS^x!@~zm?mp0`e0qEK<*Z7xW9q1?3;A5PFuFWsv%b7?@c;Wb+Kw{!jqy?xV?icp<1O#y8t}y4tKLov$xa0Y zx}+6(V^@L>h3~QU*W?u$@LJb6DYIg^mqRB;V^@-uEev>e1~X-lXkif6*pOh+T`C{P z!OWuetRj-~Gu5ln@?rff7}Gw#)njpah?XUd%Ak4HuXN47E#Ch{i}zpC8~wT#`L`1J zSCvQrzs~))!D^}H#X5us#>rx&JNUIK*O65;eHIj$q4!-Xc6U-p-grE1m?%Qy=C%=W zGTpD6P~L-MhQ7fZ21FfvMr6cW+xAj*$n2wBJItiIqa-9aGm8Z3XArkiY`lEv#)+dE z1v4bU%G&po4nD;He}(UiI)TIGzn`p4?X^7LK26FU5(n;&I#92En&?0ZILLWqUB0Rx z@{$iu0Yj1^o8zwb%CHHg_dRv)PvS_j4S@lh$%|vjU5SK`)X&2X)5x(23^l~cmAoS? zAUWrg&XDTBtHh0=R}Rbf|H_mke99MqPy7BoCHa?6ZT#_a$*<09l=%B_ zpT7_H`TKC6zk0Y22&mv1$gk%BWlo4pg%>h1UJNl2GqiD=g0H?k0R<959647BcOTMP zD+wQ?_q<~8z>vq6xLGUU3UAHiX zK{g-qYpOh%K0Z*melGlNwDwcjaxgond2J7(<0mCS%?l&@_gusO&RoO4RrBHk2k`z@ zz5c4|#RdLvwBPR~QC<`9}|mW3GKX0P0>N5CzwxCn_b9uGCc>IVpSX z4R;aR_|{{C3d`4{_iV4S!GJxw&^Po!e)hED+5tGF#{wo14V^EE93JxYyjwL@KE|e7 z`F`ZXKAWM@<~Nuc|A2|zAXkk*aKdhD&zK3u#~+Kv_`-EO{K4r#{Eo7(#nLj&CQ*Q%n?k)9Sdo;Ek#)?FN>&`j=d^?0TjXn zcWmZfGM__KCb+}PmB|}g++t&S^U^63mX$kaGqJXg_su$(4q*28hplo$as1yG%NT?6 z1E=8};Q?5j3*5vH4a({(+C+hfAeIK#U%|IGrPC8wGp7MJ6nboD9(oaIFxb3R3HZbI z^!mSWw9c2~tSRUzemkKWNrk{~Ck79wCRTIv^m9ZWMjXQXiC_jeFLyhPtDQg64vmko za{-Sx7XoJoJup5(2q95~C_)Gc-bGE3;<5-)S%kC@LP{2afa}U4_rpbHwN>@KRK!dT zRUGtW5whSZ7T|VvQ6xfI3@IvxL?R^chg%>dzyMKkFhCLv0JnJlY_rM#^?$p!y@@=6 zU;!+t*{v_PeR?z@Sa$fckaiA~pzrl=I9x+vRLoC>sn5u3+)YV)3jDBSf+PgQ#H0iS zkOK&9gyxPPK^QITg2Q?F%8H11xnhN#!2`@iwm&-71BY?O&#Z`isSfx6A9su+793== z6BS1L;1Ifa#+(p!gepS0K(RpnFC^xMpu#6cjXx0^LPSU!hM>Xw_d>`Kq$I@7;lyMF z2rhgGIfMj?f3-11*=f3 zqpY};xF-0MLQ;cGY%81)2JtsF)ccK)Xp2x3fv=ljg$*X5080--@GyvwfDz(`I0B>e z^A$qlS0$j_kU}UzVm3=HYb=Z%UwUpBVYH{aY=9ri4I|`?_7cK@b1vYmCD8^q(@RxJ=%Qq;nwM@;@d_eQa^Uq8hGw5vD zA?^KMg(L*Wi_rPU$qOB5_*z~bFx@PRcewQms~P&BbbcjIqyM9MVf@$(iSwFNn9-yG zq%BWU)>4Md$Eib*R1!;dI+--=_QNK}{m(uHerFD3jJZhubsRPMI9S-u7_}y s02c4vxG1WU*N0}w;=U;qFB diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb b/vendor/github.com/google/go-tpm-tools/internal/test/attestations/gce-cos-85-nonce9009.pb deleted file mode 100644 index c8b4be221cbfdbbd19e8898d663fee8e7b3cd781..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29602 zcmeHw2|Sct`~Pi>bp{zkh)J@B8T-Dk$-ZSb#$XuxSSx$kWvP(J7E&ZdSzBn4B~ejI zk;R0dcyubH-|DWG;=Hov1S+DDy`<(B&uCt-dh5%#$44?q~0RY$n zFat1Z@C5)pJ1TvsPvWC_HMsXsAI`OG#2>e}(6j#R#84%SP8q*WG+;xBXjyPvm8GVp zDI!Ac4{%9-ymoXFnV6u}E+se2l3!4Uv7;-!mkZ6gHfj7@zf`Be+T}7(LJ}iw|#GxOR-3 z7J#JDkm_yxwdZBfrd_W@qsV5`9TI{+nLTU!H=tHt~e8tkn@KFjYMWY;;aYCPtT z&7XgC<|IP#uG}lHB*b9|=`)Z4gyi@3+@F~wG_@p(b}JC+rjKT0Kh<^LQ4tV4W;vTu zy`uFbf@_4ZwJ}LI5`n$jY9{A##WlvWi$}%V6CFPBCaZ~W#Y=S#x5)MKo>Ae*M=t9z z2kY3zz2d45PxPJAkjRNtRvI|GTt0ZwkG49?-EjqT5bYP#Td+*0+*)E5cwWjgAbKC) z^cnYKD`w>yS>a732VZWjh<-H8bEPPDF#42B$e}I)9hQlN>vYVC0^yZv*&Xv5B3ce@ zX~$<4M0O3x8hLD?wU0nj3JYrJw!jubqkZBI>>g%1ua{D8-eFK;&Bdp^(`_UZ*z<`i z)NU6X=Au{ebaC+5yTqzB{pN;v_V-X~D1wce7Qy`5B8L5bcwP3quWsqpq171$=gw>} z1cqQHRqeM13}HergO&XU1BS5tFoY7pTvM(5tL-Ak;8G`xc`0(SQbB}EWavS>!{lcuyAKbwKhCqIp8{&r? zZ2e&f6v2#fZ|{yT$0Z=&-xEti^xbOwbU7EK10a~MiMQ5nZ}d4{t)tF@Sk*UJ9X@4{VQyP~7(#(yR?S(Ytu0~Y z9_wVReXr0SIm5q`RHNiStR03Q=0=TR_76^i6}P1i?wULh?z7d z{f}NRLjE|myXVtn+?3)2?_J4p7nL!ae@9_3KXyaRM7h*}CXtqc zcS@oA0-n#0*JD53qo&ss?%P%5gCm3r^$B;mAAf9Re-ikZp03Ea_GZ=tVS~H&XAGq8 zO9duz-}R^RJ+pgO+Pyc-W*A}qaWS}6YC>iAn<9$?idzFYa^)sH&j^e4ItYJ&B)$^f z`;;449M(O0uvb9S6W|wmj_>35F!(%Hv5V2fxLU1#kjX8-Ut^#`KX(^FtUjJaA-H`A z!lIy6z@9+`_G@175BY7s{?-k~qCp^Ea3(KN2TAhWoF3`AsCBGfxWC6Uso9CS)w z1$`PU7>fmg`~wtx;{nFn@=FxS5J>M!47Q%1R_fCYbP2DHLeKT;Uzhh#)aoj}v^US! z?2#;(7dZl{q?P>HqLX}rTT_L_xn(M4o-=TGMS{3Q!jwxx#R!B|Yc#24!?@dY4| z3{p3kol-Jym%dJXBbB=+=~cma{zN*})F^-3P|2v=J&+>emnhQz5=CkRGCvo`Smp6R zqhj>-)tn=1%U%4OaYkI9>K|py3Ql?x*g%TRzeI8CFU5lVQmw*&iF+sl`6#XVoKX2? z`R#tm_1n^(Q}qz{Q%zW1tm%38kn!DPXgbI}1p>*E{7~P>QIn3{;7nfWk#1p@pvhD* zw)4A{P94`)5$G`lW6}K*MTTFBMT~+1O298xFzhj&|V-e1{z;r^Xld z>1)Ex>rl#6+lF+6I+pD*Fv}4Al;neL<$9)j&1#C{O13|uaHF^VXj?F$V7_p$$~`vQ z6W_?zYA7lG!Qw3p8?slhdDj6YBAYKG8?ENaNrehxzB^P9+lgFUXuV zsHfPTX_CyJ?SL%NT4 z@Go2z6!W0LLdbJjqHn|NKAf+#*e_7rUevfFca3huEY;3x<|uU(Qr?}%ggt|n8jg?z z*xs_+<(IXm<$f~lV6b~o_ zQ;{Q3CJ8&MKU(yp6a=?>oITA`Kh!;hxtY^l+Qyb}ucf5Qz}PhJ_-6z5)$?@@5y!6X zYy(r#BT(NW?$6v{sx5yi6$Jv76ts3!o^e#YgJ-)jRb}UY{^E+e} z?8gwEY^avQ-X~h-U+QW$S?@Y{jwz21OvUi0YJ(bq`glOTVkDp_@W^#*oA#5z>W&FG zWcnV-XqE)u=a)|9Gg5x+_TGQkU#a6 z;eV=JTmMuY(jZW~8ZEL8XckP$uAcYVE7sOkq=;-vs5~Qg$}}wnRwgMXaHB!_nEZth z=YWr}7h{?Sz;eO<6o+(wDiz{Sm5b?5rDFb5saXE`RP05KWF$l){{busg8pW{I4n|6 z6R8!1^CqGsHex~m2q_Jeq-O(201kWsI?~j~Mu3WM(%|{`fU8BVsxL3LZ9)^yq_Va|zyU9^3(=y~>M8d!Bp1pOZ+7U- zR1uWT$tRG7Ru&=Vj6@hg(^c zDs-{o>K7jRGk9m%-@!L(9~Iza*>V#OFuJ|mEz7(sza%n4vh!Xu|Djglp?Cp_#%+0C z3(eUl^yVzFuN8;4=B)G}j42qPyOAVLHMEe1KHj=M0Yp7-S08Ya=xaj-Izhk4jXHd= zdVkhHRZY)e@<@AHo0�|3PXP(7B?2Q6Ropt0{5fNrQ#3^T8a+_<%nmK=w7eNkk3q9a8LU z9U123cYAIma||xYzyRm_H!TJ~m~O9q{36$gn|Nd=7e|$^*OUGrqQL2>mq#DLfiSpV z-0tgEmw;UKUG`P0z_e~iV8Awwx6ZF?@64yF=e(eQWEZl| zBmn4vVI*S==mUk;*G`WfE!z`UdzQsc_?`b|mC z6-`c7Kn@{;K(;t>L*^MjFHK_{_TUFBOdU{klr%zzbq_Dnk&(eD08~^u8it~wB)5Q4 zGC?fN&`c;sl7pIwRs%!8yZZQh<1y&1C}xr;6%(C-PoOsugZD;S;&H)fW)y>yNv6(Yb;RC;J?~2RX*;rS1h{!7;=ysLw}y(J}t}n8~f`%SX3U=xZ&JY`B>mOwd3m;Y2EiJQy<7H#X4K) z-J6ZHZz50h$lwGGYkR~#LrqBA9=CjNTutQ~j$?)|3D%+I^rFOC-OGtMr@u_`! z%(mUV5APx)Uywn_$pErqPZS=-0Dk-JOk`whPzn?|XrTm29`sNiD6(C0sq$Rg*z}&9 z@F&M!QxH(iJ1Mus4(Iet=`-^_4l+gwlcMf~@}hVme;)bkmJWUnGC)DuwdiIu#T5m7 zSgUq(fy-Xpan##E`llh4w0tx2o`_Iq=HuS^bc!q@lQUr)k0x&S+C9#FCjEqn|G<7y z7cX;74!X!Jc-q}3mGzVE@Uv_8A{1CWCc;#pEAz^l`)cS}`Yt1#-c^=WmrSSWzV+%P z)QZPkr|ds6-6Ebf9}*O&X39QX@L}oYw#dWuk1~|Cu9r|$Rpz_GJd|MQ6VRg}5uXEh zrqz+nc5za<;&lo6E0zyA`&+JkvWyG4 z!hm@a@yaWG1j>k(z;@o45b(NMRQ&1^8DdFxXJ|?}(X*k}lk2EcM$6YQ=i6-B5^j9t z;AiCwbsn#-we4nfvoIjRz$@4*!879-?l67kgoW<}B=3mYk@=X5??S39Ok9lNz*WpH z_0usTLHh1^guctfe*8>N%r-&8d}Z@WO%dj7JO1jBR@aYPG|wIP;C^WpeLmznFt<5S zn|^^geQ@0SBhYPzN`D{dctD_|-2gg9;G9J$p8r*)Agl4E;@Jlh6~FI}>qvL(-;Z=W zDC7pxZCgh=62NJNVBIm^Zn*EGofPUTv;&=}sQ*&Fe};GsE<7RfR<8X@FIs_}Hsx`e z*FEi4gzkqP%dRbV$B}i7EIqWN5^gC{Q^fU~3>+?vJip4HV-83J$k(Kv%;mR#Yj2_y zjdvp!c7&zABP%{i4U+*gMOB0?PD>+&cU-R2xOjEMAlwtE9tfvBy5=4*PlYU3Ya3arCqe zU(UC%%sjV3j7ZNvwThW#&>U4Yb}%vxguNM&xzS=DRzqF*8Xa(<&UN&?mM6tL&fo1~ zMSU`wEOpn*ZRC7uVtW$e(l2*K_vEz8)s@`f)lRz9kdON%#OoQgcF?&2;Tf+$ZlmCE zqlg~WSFz$YbArQ@}n4kR}5GwC!|S|8Sniq|CsmKIOfiLBj4m998yhh9W28BZWXAAN-0k}4`u zA(TRM-}jIA_BV)^^bIA{I34kO(Hwju!uwz@?$EJUmXt4zpBcAL-o7@tU&vEY>bah` zksghsUct!DGtcB`$JNc-##y8#c zjzN>JfzrkM*Dvj}dThE1eRptqKZ3H0)llv=jvC0 ztizqA`VT-(>T8gb0zvM-irb$-TTf^D+fn-3D@^9&TFh>lJPuOtIJLTAYIp6oohtl;_9xqRwJEVzBx~UXxF5z;mGxmu>d%EJnZI9zkr>b~H z7Di#*Q4KS1pJ4`amKU}4uU|DEDiJHcF~h_C)UZ$A;~6jW>>+cZWyZa2wnzFHiY6=^NJg?HhQu$M&+*yjujD4)t}%Cm#)BXv3}B z^(k%mdB1|TpGN*3v;{v5wodx^q2HqDv$b5JY?rW{Qkd68$CV37oi|oGC|l%3%8Czo z-%S-~o2*jL7gSk2*(?)ey7;Co#Q7|AR*}{Y(pR!Wq&7y^ROkqyxuQzz4$GxX>#@h0 zWce#0wEpi_*qEQa&hMk1d1Rxp<09(jbld9Lla_=hI}Ub#2u2NLtRAheRqiP5X+Fj& zZAv4tFtRdfbEv=g5Q1}Nn(}#9dg8NmvX8Wd3C>Rg1UacV3)#=_|4_5*3Vh|2Z98)c z$B8VfDA|&aPKCMWUZ^M@d$`EGeAQ~<3PiYK`|Z0YGz(;mLxQ%DKY&~I7vMYaeQGn`o<@oWVoIHkceCfK~r*Pvyr}87B0_ z7}&BMr) z#SId#Q!HgpC3KflsJ8glXF|n`tJQ_~!+C0Fo6KO-eTR%nwxnm&O z7Erl0*=js0IyQe8>1Qua`8t5?_-wK5p^<}_!#MMkXEk>|v0A>v7jl>c8Mp-uH0{ zoKYk9+r*`**UveZAKEs2i%U@n|0ZDCf#Ti(Cbl1HlwU&>Num55M3EHA{~}(0hE_M| zG0i5Q4jhe=mTkQ2i+ji`VSPJkboFgki5=B6;SC5cp}JhV)5}@0BWw#LP2&RTrS|xt zbICOFI)ttCcdnmMeaYDNz%h9?6yNZQe>K?A@Aj$ZW%e#wRO66$(mr8E_q0aFrh5|- zmer0uZ@hkyk?j*FdO8A9Yg&8c9n-%YiBu5XmM+=N%%I(fBp_c=q$2hb5SB2k( zhWqh!uvAvfZt?LHxbBR2{(64rJEIRLET81q$30E6URab%N#SG6@Pd|!inRB{o7gkO zUZS{R76UV^Jjpqs?Wj7Q?Ksev;94{4uGKt^#h@iBXDO{veb5`oC33KX;uGH%am*0y}%p~jHjOKR7b99us zHCFHAbtJRDnf`cURaB=_vEh??&9;HhRVRimUVIp2u0f3(AhQcbCM(Pw8t7!kROvEr z1yHUk#9cmbJ@VSl3Le2tJ~cS`fSOOpMN#yMe+p8sDJ{C`!p`2Byt-oY}^E{!K~{0S0DJzehXYbkXPW}oBoIYVEP~a z)%5?SKn4GZdPtyAUp#&^xc>WC{255qUfjwc z;3G_HC-8>AJPzF3jxw$*30!7B3Dv#d!V*h8=*aefR;nz`>ypQjLPH!|f40d1r?$jX zGLFD*zxiIMy4I&$SU$J=ywuUVbNh8?lB#Y+5~lCehaB%g3SYRrH?-1?dWX}4E3Y#y zu3XU09epLl5T}%;WpuyNThe-e24awPPdZkm`kmsL0}?G~l4JtX{B`C8@0gmen>oi9~voA0k$?I)^lrhTi zcMxUPfR3k}6CNn5h^&Zc&wU9@#N*(Zl*&gZ)IV zyF=uT$oAV1Vf9nzqUGE4R-bwGC3w^b<%hE_Od>>@w~aP3HZH~T`|LPGjeVMIrpjcC z5zSbe6nj=$>$|s6%ys`(XO&uZI)77*GV15FSwtC4DUagkd~z(D_iLh-xK&tS9Cd_2 zpXug2B8{zy-ff-Y@{=)aPDY$$XRfK6nQwo69ruC4Fs0+tVvzN>5U}kF1gw4^0>(iI zxW5Sj<=g%8<<4QrzlDGw$pioL4z?+~z<(^e{2UGbo4EZMFy!vIe-BM*ZFYX=&K!x? z_0=s$V$_c7y*iVAl7gQy6L*}+n5yK7h~`y>2X~5BSs%_Y4O)!8SX^Yt;`JUySD)+| zeWfYaaR~DKVrF!`MN2$qYcDRht!%*;TJtzom+@94kZNq?Qmt@jTgPmZ7{L4K z!=2vsrI|cOt$)YCJQgO*Pz_*XZ4@ zt8Y`(EPd_nZok@=Zjae%{u-JW-n_lUBUR-QGyQ}?fQV+e1X2g9nQn$nYhyRvuTpWj zf%?)ly9e534xgIq&Jpu^GINM*>N#d_U@l4*lr9VfT(6#eQH=6lbtl#HN*D4q3cGJ&!Cy>AJ+{%Yz@XTtZ+NU&K2 zpD>mW@4OK^k<(b}VzDx^qTW3@?_;$F42fc0V*}a(T~D8} zEIdx`EoX@jP&=b&f3R~`&5)tVBqisk0_bF@7Dv6TGqFm)CWnCL9EopD8NQcp`F6=W zr%`WcchmMA#ypbQ;(O+*r`ivDzTvX59?2|Me40Yu(>c+8Ha?!jCW$)oa;_>#2WOQ za!Oqf-S67Xjaqd$WkO@z)qJKsGY$p_zbUbPNprg~Bz}3HfLz>XPT2jv>n;4A?c+h2 zukBLw;6Ra?#OnQL?l3XDj4m7o48;tk=H>awezf+026yPl*;TW(+8O5ucqP}09Pxeu zg##Lr<`JTN=2Wev7}*fmHoa1zgOgLLqhZEFSKd~1New!kx_JLgRfD!@QOUc~YMn(F zkmUNVT{Tm4k|=Ela-qSPe}n{EB(a)g*49+kUwJm1z|a@>ctM)bYYzjl9N7mvT`_*r zo3IxN#v}ddyjHjd2W^r$uXKwcCe~jkHB<>dpmT8azFXgcXjLQDBOTX#`?=0W0zI+o z@iy~bcYqHwz#J5n%|Su(uNiwG`Oo4;Wonmqo$C}oR7`U+f!>TlTK8DST4Ssk?Yt7W zF?-#t-TOVAH8RphMpM8L6j#-LAMj7VLq@JBhATYNNmPt@U#Pe;HPW3rb7-egRiQT5 zW2M9!tU!3WlMyORz;DMeEifcxjUwy;< zTlv*DS^87m0x4i>rdI=mj9X!wz9@SQ=+8g#kt*%I+SXv8`*B! zn?!yq|6im3ZU55>^DdM9tOv^`i+{8r72N|EZ+!Q)dtZNlBe4A&Y%=o~Y^6Y2QQiD% zjTo5=CK(+Z4kclC3oWU1T_S^v;7KqWId#>I%s1@~7XYe?I3QqM(GLQjE}P!}wEZo8 zgHtCO$n^IdDLkh$?-adFPD6Dg%T0Tez`u&VF2;R_o(p(@!VrgZ0RcDn8fG-QM3Ydx zP!ruFewpzLc|c|JjlH)MRM?aHAIaJ$ z7d&w=HdMCIcYB<2!cXMbflD2i9@o4kobg6KyM8$GJfvD)K9Pg^iO1ankSg1|$|h3L zmS_mMfa%iGTkE7 zy2U>>fOYgO-X)!&`>E*#r?VbW1LwcitnO@CDPhcJ>$9V7*l`HAy;R!%$pQ>`ZNqY{ z@X6)rHqB@=hLL{D$DL6YFV`Gny5|+V?wh_-g##+1yDZH*aOYCq9p*E#ZJ)loPvq7i zC3NYP@ecX=oaES;7ch#OdmN(lgvme9O%Tcyz?%7yX2tlWeUdaQ@QBpkn$+K#)ZaU4 z!DBJ&$D;nPYf|gDcAhj9PY3>y#x*E#o;`Niq1b+2c)6 zZ&(J9Pq$T}=7HbZ$NiCwPl@q39%t8MEFd*E|3GI)te1;C(go*=2_z8Jl*ECr*(vVL zqAm>U7P;Hyq<+71VCxGuxF!rxDO)r^ir4b!g!N`c-PVm2>OS#uxU0j!wzkZ=ZZF&o z4!rN*rq-!AhMgw5kn%`Kxksy?Zof0 zqpl?J4LeQGxDqn&yqOTU4)GG}-0#XaEtm@fj$;PSi?51!QQf}k#GLSsI4L2z{ng_D z(>kV`cBNf+E8sw@?{U3LHh1JdxZ3SaO%f_C;eV=Dp-XfA@<)s4mxoVR)sY=>5Q}Ui~ay?nU7Wkfsy);+8<&oJ$x<*1`QZS~_znQN1f96ecoj3JwcuRZZuABt# zZeoF?>h$#y6}b6S;V{5wVCdZS7)tJom1zqX}Y%x>8NW87m75ze{%EmB)@Eu*x#X}yI4u|s`J}5lhvNz;O#b^ZUSM_F# zL`xw>2t*_bY5xsFd4it&Nb2FwE+%_QmDv0!+~S90VSwK1r*rnHybxI-%t6|MYuz@r zV-n^Wt4{*#!$Ka&U7dvks~=_C8JEy*O&2EY1TH$K#u{$_TyXZy>DB1Avj*&fLU+#6 z_r7uW^0`LFN9)YRn8fxKLjgGAW>fz|OE=OiDJwHo#s;%Y9Pdk#W^N?#48VZCvdlTZ zx~pUTG4rnl(R(X(un!UrmvLc8DZg=vb(i3$FC7Kax zUJr}hUdo`3P+iHs^(<`H;o|6Xs_7BzH+cTY5qLxy=MzX&LVZ(5Qk`sj(_F_6w1_7w zF4;D{*MB?X3Iir%n7qhOK37xo_B#bFyXE}iMFj51rNM>xioW4n%gQg|fU{%j-Vfm% zyLFaZbngTUK@!Cb=Q8WXcO||^Rp8)_zaomFwi>3kdYWfiD5U7+;Vec$hl~M^KUh zeMmX_yCAVX-T^)YoDz{3YKB4v;IM(DZm5Lu^~Lym`S>G)@c!VkmZLY0DC&*z#XAy1 zl+eg8^hE=`@veBBizC*}-zU)5(H)QT$M|F2LzP@HgaF(>q7iUz7;LEHmsFdvLCQpb z9|8gA|0Oy$z)RExAAoTt;9Ni=1RsoxFWy@e7lI`Oy5N*NasJ*of{2%oOCWe8eZvY6 zA;kiVz8=+)=#O`E1COO|1d0aW-5hb?Ee8Hr9GD*xFNc;A1%q&4GX>pPf1dzHoGTu= zVMrCHWDL%JSyQgXar7DaW%UM%zXnynPww<>*G$q=?bdNv`?uFP5 zywCiJ-t7lz7m{Ad)XQE_mZeLkD^{ z3Mq+_k&%*?MQ-qe^u>g(gY7?skw|w;fIHD2hx_NCbv;=C5#vu(+T;R5a8n9!$B0Ww zgZ%jr9o=yuE_gRw08vRsPD)lr9EU@JP%Vc=qg-6ESVnIDJe-=w2TW1B!-r7mch!%xZot^q$FIVon>8Jv1nKH>*csz_ly0*#il6<05NIIkUQ-{ZhGTt>61vF>;S{2ILJZ^}+#se&M9XXGBT; zHD~S7mb7PfMoDu@O-90o*~y-z zk{6Wo@9Anc-b_jCGIz%)~0vaoM|1U+8Le*o{!p7uX&Vw zPZ~JM>9MR>)dPLQkEDg8snE@dm%8LQM2>Yock4;zN_7Z_18YZS2amL;KptzJf$!U* zz#-Jvkf2cV0a8GD+W#1Hy7Nx8#>}`OSL!bAQ|$SbB}wE+0Dv3~_)uK~&(5*vvsWMMfMZYE)DPZ&WiygLK~ zlEYoN7a-d$b(Tt^2AO;=8a*`T4WMY&3BJgey9Y}F-d^T75YKMlZqva_m(aE??d=Tt zEj&u!>t%fP0}xMM^23zttvy*sS?96lGu2})iYljx*HNl@~_$^X69@V~Rx z@Nbp8c)$s~zeTUVDthsN{~_)7XUR0>J@-dnK5uCxDyR7PVR8KBPkTVwYXGX`x&Kh5 zRO-dLDvvn%%QHKRu%vbJYVJ`jv|V9|i6Eo;1(kYJ!4aYzL`og@6lo>u1KyaQ;DfEG_`4=N$wt50Xxl zea)7Rh1Rq7kp8PZ(w{oRMYAJx*-p{HfLfzK^^O7ma`wEuiI`mB6ykyKW`|OYo$8#J zX6fK$0UV$eCA(uk@rLa*sxsLNS*}Xc&_YN^;LATomprF>Ydj0@;PSwtjdc%hcTeQP zP8d<(`)rxwh=JfToC`7-Pjp9`1!6&71H_wXQPC8#;QlM*#-Vg3GCQ^m;Hpxm!`LHV zGA(BNcWS|ZIG$er7p~U%a-B6T6YXy|RHNxpq~pZk1=SQ91fM_`^gfg&$xRM7BKmqc z;yfLL(2iJAh@(4ry}1auI_Qn_7eR@Lqr_1nXwVinM@!11#N|=4A}ASo6bh*?kKTrx+v{UHwtoC-knJF4UiWT^Yz4wx`7v%i*0;#yf+c&Mp{`B`_ddp z9{yf97d$x0<|rnlP8*IdAZ zuMlbnvzNOJsj)r*>)r)O6c-5rfI`v@;6>mAC?-8hNRQK`$2TajzD>=>>b|ze ztIw>fW7r(|KHc5Eg_L9mi?F8-(iA#x;ct1f$9%0U$@%6aUOVDp>C}9_R?jD^!lc15 zO1CAMNRweB=#6}7c^f%uf7do)Drr3Z(IZrmw;wgR?0&iO(DZThwIt=3(%0@t-N*E; z)2C1uOSHucCLc7#OdsMrkY@QrpnK0-npS1psef9tV03dT` z@q+T4!4LsNMDPh2AO^4i$XOmb7@cLdbFP*#h63HxBnQ5dZ88h@%XuJJz&j5t2@L5_ zqFN-qn`8$_7~+m!Vx9#ui#}y_DOr8-RTm$uPjlp`gH5d~QBbC~-9%O^45N(j2VF;X zH-a|AxD|x7hiTikn#Mdum+oQ#eaBO%ZV7DN)^!FwgAe`dahVBI{ImU=nh|^v4U>{7 zU~~cC@#*&n;QJn-fp?JZ%`<*EAp|Vqx>OY^l5%J|DDNP4R*>ET(2-yHW-TigAGHyGX2Ym}iaran}ZH04u;7 z@Bm{ez!m)S0)B2A?R5fiG3#A^H-bv!_gvv4kNx~NumGcI{mxqDT<7#X!7+&M=;aUH zO$h>$iqZMJ&kOBr$t%pk8G~;d))!c~@?$nN0A(Q8u=(L^>LaD7>JpNxtQ#KZWe^aP zbP!8%EZCrSo6CP<`6YG^G!zLN8j7%;gM^5Hh=>6^@{i}vH4H6);-F%%L@Gq?;UFMj zp#abeT;xzvR3u$wBy2n-R~v|ygO$CFAB0&$`7#tjhQlQY72@WBa`ABS@f(rjadUwg zf;`Y48UMC+C<6Uo8$&<=kU|mg0FWt6#83nTpia|FI*KIXi4NQ5r|Hse4-=*rFSZ!@ za)M5$pZUchj7=ws1}&U!m`xYKOG3}d~^fd z-C}wPLQ?*)#&gVwSe23a0b?)Up?_;I_eLQ;v|+Ymw4$AD%AiH_p>j3O(=2=pIj%rP zq9iYDA8EsEG-}Q@?^-si=NGF2=+n$Tl3HIxL_z=%^0lFwP-<}esd14>k%?>D4pcUF zM^%{}Ke{#4jC{L=g%5$!!ip~-LeaLDp z52Zg}XDdPMPC!Lw*zq83U)n=@F2z!%i8p18Ru?Unv7U2!pz#bGMwRYsYNVB09121$ z9FlCzh6iby_p3SYemN}?^;gULpu{Rmz2!-B;i(EnvV}~m9kUMo!mWXBoS2{WRBJ2N zkbzg|>harsl;Ur1*;bHDE@J^us$lavXT#|x)lh)@=xy6E9ctFL9)S*3N7m>06zz!s zj9>Nie6iI7%V0qnko}FOiv57m|6WsZL8aI|*VLEjxQ+72$<%PO2&LqrfRdeQD*j(J zRaq8JRk^u@epXdj#=o!rzv*hpmAt5{o5Pk5^E92%19uxC@2ZUJOb%Gyo!a=%kc~MZ zvds)u=-jJrATT}2u)MhA5ZHpG;`Opf1J%Ys)kurrE4p+wQmn<~mbG`^*RLp# z$ITVV8hXONLSjlkCfsi@j=>a$5Z<8L$dVXe&hnEsOOpC(w^WUiN}b2OJxP-#%o^}b z#w=xB>ET0}M>O7Ta(>T%uG?J4*B=RSi1a?s3NKmY8E1%8JndGn^wH@HQ1dNXI#QVI z@D*qdT_4Ntu-JNeG-O%qqx|X6#nMk&-F-zAU4~(3pSIv_EADakl}B%VOFtu8wRc#{ zV&@iRD#x-f-}z|mBAgJ~|M>CmboB_0=HTvrI+G(>qdMfW4E;CHZ+JiH>Td!6iLMq5 zTa4G}JPN|r=j7~z?8m1kwGHud#;a)gmCtGk3a-#;+Aaw`{+h;*apd;oNm3M2|7*Hy za+Zl&ORLdHhObdhTU-kV%1=eVH6HU&_%(;^9C%3fx4penR6kr{*)pmn&Ti>@izW~A z2*GvWiBT<1V?Ba)!z6oHfTS2ssegX_3%R46ceZ>&4D_uSR9vqUzPzt-Evcbb7wXmD z&3)%g>m1L^n-GvVvZRKyt-)6;mq>}M(&400pw2hZu(tXH`<2~lp755V=$yQsVTuy{ za(#6Ki6$o7v#`AT$8U10)~qGSNt5*PEGCtQSCgSt&u>(4tY`}63kLOF!JUzk$%VIb z?psnja(;iF<%z^0dU?h0;2}$C@f?~k* z2bBm>SDT9nN&ris6JhFGc-lL-*m=3SaN$F7VVP(|Xj(Sb&aN)jTr^NBSPmu;iK>H@ zhpVTntrtYv)x*uz!@|n}tRVswf|Vl?asRd)qGRviVGYr+@bL13s9Jb9+IYD+Sy+K~ z*45PuN&^~LE+{`YFE^Bzi(ANu42PTlEXfB;LPKu;S9oTDGN18G_j{hf6$K(K3E_r< z%>8dGL;GTNOjDUYV~}ac8g| z36iATezh|l{v@+!#d~11!2YDGEfyI69AdKkBDFX(l{dKw1di9r+W$r8n z#YebsHAv6@C)oeo?_QT1AWZ z{m~o}NX}MQ(=$h418VGvMpN6tMqwdqtGKjrG0J2G-ak`fn)m%}_=rUiCZlDkyV5 zUp5(p?lkYz*88I6vz}y4@al!Hgm#rnGPvDyTsld_8%?L3TS%p?V!@7AK4rd)@4q)1 z@NnRI9m*TORlLOHd#xu^u0c+C{_k33Kk#a%3*pU~>Wz`3q;I1YNE z9eJ@Js=M&mAn2Wg9Z6D9$YwCn98PS^m8kILncha}xia?fl-t)>jRIs2wTeUDuv5L5 z)|vtc_A^CW%qu_fROd$z*ic|zSSSrBXbFu{6MVvn(?J~NdK}NuAXKw3-!?tl!xX-r zDz$z&Hc?JeB!tp#>_FPkrW>c>7)Vy%_7-{c_|i8GNeRDcc6H2aOxInsR?{8)EAaNB zQ2J$C%e09@Xpf-C#RB{m@0A=VdB^NmM-cm*Qn82noap_^o@_KA<;j^pZbxgS3;lY$ zx#-7j-ZWPFke*n%t7S}iIZ#}muWDZ1`&p$q61{eLk{|U*mLx4nq>fwFM;t!9fJ$DE z`a9+#8-B}qRa7QWftLj@UV1oMT{N|c% z_*^wbdEtIX;R>7#|I6KyjMUG2Ep8qzI0p{Q__wwHw^cev-h3P*BqKKF ziw>g+4;Ho6b31l{LAUhnz;xTEAt3}Rg=UZKn+r6BzgX6EY=~b+4M5s6FVW1bo*Ir1 zb0ZMkQ+o8dsqrdCfu1cTpYY?u+n8#&z0|>{Yac8!<0#h`_qDgoOH6qjZ&7CJ_BDi2 z`ztQqdUO|WPXBIGh(>^nM|}8;B3va>Pl-`+#hG!r$&QGOFM&d#)t|ZB2t$K>DZArS zZ+G%t3S*CYXvpJPppd6`(zJZN_#1{A)5*#}ak*Dfl&< zeVPvm#BO|}drOG^-bK_W8HGK9sWhXq?v8D;nZOdC0LcQ+$p%tyz%dDA(<*F9Td}|P zvM{y}Nl{!FAta$d|DDyu8h2RCfoAnV1AW7Zufob0efIKRN%e%h#76m!_!AmQ*>+Q z39<#z=otUCdF0fz_{rJZbG$AsDIW1blE*t%72=P-G#$Lo+v2)%8&&&LXXTxl2RnEq z3k-qu6ecZg=y$4ylT^3Zh8KP3m3#=9$XEEE!0Qg$5C3iX_x{@`=)X0c`)_F1^}g#M zI=u3PME_TOA#N!2%on=+r!NHa%^=dCopP{su(I&7fk=9L*}Hl;fG!-&44%1dTu?3{ zEM6nQlQ#PE}hvp%KRc*)1>@EyFE>&2Oi64g`IUYBHDZbb3-dk zbx~9&b)6S6T#MwAT3phvNDg)9i<=-`Q(bYOWnjL_e|juUf|)u^@vLvEmGE<`G1D58 zFErMe1;dg4mbN)5TeCg2cKwRt)_se(2zv}q8I!;~9o7$idnA2)CQekWS9=@oU5s^g zsb(DKCu&n4VJffV7LiP5`}DfUXR%mEZSN`;a+J+8Y4W0~X=e(b6{Aas3P|U!n>6UU ziT_*I?eS$qq1&YGcYJ#i4<4vzehSd7(Eev!x8YsA?u5m>tCscyqN$0-qrI8r?NGfl z*G(O&3RTWg%#n|j{adaZD88WZf--yNv_bjVxp}@jZARx#8tAmCK~ z?AI+zKj=7VKn)6)15Q#OsomaQ35fL6Z`GpnQ!q9<9cQvHeHW;)cTx4zU<%O|>4da6lg zOJtkP<+4-}BzeZrF>myK^b|4^E4gaEGKGX+G=#CVy_+6U6Ra6+D^C%hS4k)u!eWo& z^CC&b(!Zt!?REW)C|)F7Wy>2GOI_c3l>|E33-kl1PDCeb@r({f+MgmuAPRqZI_@&- zKqv4qWMJ2u0>y49Mc?!?rO=x-_D?;tvYy8MgS|IONGU?)4Ejy)hdi~baN^r+m=nMB znJ*918+DglFXNpr+W-pXa(^_!{bKyDC{y)8;G0I&tc!H*2fj|94aiXWS(6Bn-WH5+ zvezG^-j`S|$L^>4cJJVx&G zDX^q641zZU5`LEamR_Nt3dqDrEJ^0J335c$&oZ^4HkAH~nr1Dx8!XTY*|>{0L^{-P$of!I z&}8SRe!>@V;&cU*GJQC#mV#)hrrBS@{}U}UQ|IBjo+;IQP-;-~hD?>8(A@hf%UIPW zLATHLmxw!g3eW|H4IE5|0#;j)wb2*UDp{he&@Ei8NDRMJvHFc-TiC@IADfm%1=mN~ zsk<8x(j(K;_r|X4xC6Z!d1W8eWL{9{`V?&DFumq9Q7nTH5_ zSHIul_&nH0TWO0yfLbk=(H{@ucJnXWeWJ1^X^h5Dw|jBJ>Rc|v^mk(@-~BT-n*q{p}i^gL>ARASvE& z{HSEH2@r|qrNKi{2nW!bUU*GS(j?p*UM1h=Bqnv_{Ae3j zd2#M__}J=~7M{>DJ!NwCul8wZJ$)M<8|5!PL`K|Yqf_Bw-M~}Yu#c)v*5&rjy%u`y zNNrt(T$#ez$}C>KCxFe&w^cMzK>R5~873$jyF|ck4hZl8Ib5H?+$rYae=7 zhqzEaoq_WWP~4iq zD-JLE+lwGrFt;r8^AoWH|&e|z#Fbp$b zByDd|(MXmkeJpvvpCZky^4%f;02GWh6($+YC_X7=QXK7vy?AQMps6W5;@L-PR@6aMBzzIq*((uwK9HG@*yL0!3qP7whJNwf)l$ilz z@nX8aLreXkV-13P=MGME)XU+-hb{Lw0^Yt{7OO=|TPMi9XSDKnXoZ=_+A1*7Vg#gF za6GXnNHL@cem2W@btw0+zZqilLG|y@!p%bT_%J|ahG7&q*-wB&Cnr=V7_%qo&-f(; zF*CeP^zYDO>Pl7(5c06UoS8uO(xjTs$CERhf@e}~popx5SwnawbV zrpxF&FN4uF-}kS@b=?gLasTMBregiK=25|Kk>yE>=M6d*6>Xa1;$icm9P3%?`FA$W zwXYad!hpZSm!cRY=1U&E*Zk(c3r<_i4=9l2Re z*WvLOR>EtQoopTwLLR?#4@uX8(&1Q+3|&#kxaWA;h!qnR9zWk@za%MVnYkhE(7Ny9 zxNdm>eH!4}@W%If{6QQN?;Je7?Qy0YPJwlfew%@FSntkuIr?*aA-~mI++OS(tJ>JM z@OXox)C=ord4|$YkIWeGbEd>+RSY^!F>8^dE_>UT+;NA;YbUkk9TCtW78cV?GL-v# z$~JMu=)qX4(#W81>M>0I0*@bIBnhIv<{sN}sU$ux;DrquTaK{5BSTDB-| zzTawvc{iwD`>Qp3Q{XAjt9+IZk=f=%C!`!~++VxroZ<18UoC4ryCR$$%Qm*^Qe+;m ze&z5}{Rx4M_tnjL;&3Gyczoi~0-LJ;wxcK;eGB!M(oQL=F zDT?K4_8lZK0)@%7Irf(viq1Ot)qNvxtOo~v;h#05k5P&v`GnuBNx2P&3EkQi zr!q&Jj)@2k8A9;%S)14%)qWkPWm?m!Ibt#CSFAN+&CbRc9Dg9o|?3e$Z1RPsNJgdUvYCh zzF1W>RL81W@e3Ym%Y3Ng1J!4)SCR`{=oh@9v*R#yJ-gS`d*#+(JV^>XeSY-S`kgX7 z$pYeBpBqh_6{dDbymqE-8Kw?=p%1W&2jTI8l7n>o@g!lRS1}Ri>CA;xozyVx%xiYh z>X0lOB8(B?@#4K%*;8U0_jR-?4@_r6TAyz?dkK5`x$E9`Bf8cr<_V9NzVp5->_M;< zT0k{+@|1J~J7-nVPB!DW8@S5v#=S|C;qmfs(Jh!hqh>}<3p=i}y~E${FmiUB;HR^1 zqhy<5F`9zMYesXOc!pLJ_luFdqN9(EsnPLk#BR#(XzAaMzX!G8gU1^!DSnC8T~3)5 zns{aWoL*dk7c$ zJ>EX!{AIm$iq?^jA2$4)qFKw>>{Q#d&YD`rC&(A&F_5y)G0;T-Pv4c8`P9900(ZEA zmczfPyTm%6)#k%aRZ33{;|`{&+QeNnR!kjd%IUnB$~-a#kN0J&$lzx?+;9&pn|;zWEgdu9-eUBjRpGhuepi8V zRR=siq^Qp3MfgyZW9sF{Iw5bmkf6M4j#4cGEbO{?CCuP9E%x@KWlI&vf0B|$F5n#_Z)!%(&k9v{2S`|JVmc8>%xuO|`R zrW;{JL^S6L-%Aa%DgR-s9Xfb?{O!D3eG8aWXeFLD-OOv6t3y{dHJlftkIF`Hn{Fyl z!Q(UT4q3G)y(De)s>iQWO-=$x2|QgV3#IdItsC&TjHKZ450o6pxGd~BbdMKLcFdQf zS7=WrE06(N+vcu4w5sR4@c6=N5?X%Up}Yzlc_u?Y$Jqi1u1?ycF$ZrI1%(JN^hfac zM_Zg4@oJSPWtr$f2WkWLm@6jpd+V+ng{&zrr%Yty;qhhmjGt1S8Hc`X*lgs8ggD<)=fbm8%}8@}UVc}nd(bXF|8BEPciCqIfy&6Q)LT`C~0Gl}7eZvDmnz9MTW zda}k6Ld9HNM5z)s+8Jw%&BRP?frz#|pWK=r49`y|9*-?q?ZQFW9UY?1J72Lpml=b{ za0Z0oLF*+=@dg`1{ZYQd%R3Ui@c6OrgheN6&);0$k3FQ zoIF&edJ#$Yw+`X)OKkMZB6?CIS7}AGmrVRc4v zKnca_Bdh9qc)ZUC3cP%r=u=Y>gbSGSG?o~?*hE;`rrlBV8__XXj-2rLH&>nr(U)cH zn0v{2e-L<^I$35!+g&KnxyDQ2J}$Hv4v!Z>jM5gvZtGvUP;{|-|1G?VUr-&pZ-so3n`uz0n?8*N*qJ+8%A?Z#HC`E5hTg^^L~~eKR?T z%k*}6X|*aG_puLT0AEAzr42Q9>rq*FyzJ{Y<=&WmFBHBBXa!mmey~<8A4|H@6LYCk zHNwGe>NafWiws_8AKxcBbonmGVlr!bN>hqyb+l?_%z9!0Q{onPksotTNa$0rw~LM{ zeDR5y)M`+STSU3kOk7Jq0jm!SXEe?~Y;!i&D2`wc}zH3!v894|bH<`U{j+jG%vnN%9Z`A|_KD1d&}uA1Sc?|nU| zt^zm!F5pLzz90`;fF#I^%z4q@iYr84;e~~J$lvx8br_QmoE_5bLaSeYBwhZ9M@8U) zqZ?p;*6#V(o)iCT`?er2PT&Z5{vV75Oy|M*`5`NOSy?pi>o&uw6W(#LM=+yh3iv$3 z0&H8nb{huSz6cAvkRP|b|4?#6AvSBNq>G1JxQ$$J<4MVw|_1zIbazqoVO1J-_yhXVC{MVe;vhh1O!k8EWo+7 z0PKG7iHyK&l4PON9Y_*$VW%N#7o9)xD-Tv+0S~1ToT|YHX_jK{7`8M8!-%UJ|D{a5|1g>@DTKlhg#fXQjxe<%kC$i%>c_vefpZvo}J`3^x- zC!iZPSHFx7l;C??@)1tWHG~t=6)KWEq|=xA|4I3P*$QwC{h_z*m*{-( zeu{1Jor~bZ0)}bsLz+L`96SCvv@kqvtW>+`&k3E+(BsZk6H4L67pVkkkV_DL_eqBR zU^DP%Nc{2mi%&v^M2HDW$tif$@t1!8U(k!6`#oXq`Al|H@>sSlSIksyELQT;?M^Jf zU!(8VO{eu!i%fdka)D2K3)?MHgzr;jKLlwayCil+r-FSWZ+5GOb+MT=?nh70RNU)F z>YwU23#bj(LEGf?!(Q9~*#CI;{r>C)uG?oi4_jVv!0XI+3LYw1VL7>Nj~Kgf?;EkO zUT4y62P}Y}T@NXWFttD`Y6|;`RSV<}hq2%tH))c(d;1dC+KFnM!D)n9CI@hJgRQip zVEeE%%tAVW?RkSoMP0wIz#L${Gq}bTn^Plytz?S>~H?R%Z%6=WB zX9dQh;3}f~-7boP2V!}_HI5J90q;WK%E}Jjg}`TP@QD}T2JvTk7GMtV_fjtK3AQE) zf~7WKYzfxo1%yH5d0QSoj=Dm?oU=o(q5$U)4md%+EkKUkz`7n_?(b{){OJ4H*qDKQ iyMpzc!7&mApIp9|{+R>o9|RmjE-<$Jj<5w|;C}!kVk%4k diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/confidential-gke-debug-251000_eventlog.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/confidential-gke-debug-251000_eventlog.bin deleted file mode 100644 index 7dab81d782866f8444a55efeb00c0caa5249b2b1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26947 zcmeHw2V4`&7WdLif`C*NBp@n11roaSCRK_^C!|261d`B1X;PG4lqyY7Py`WC5d;f1 z6p^MVMG-qi0mXtM--hxO^*--=@BZF>-}gEElG)jv%sF#*_J7WtIXeIV05E}{pCxJV zq>VoT2Q$%!83YmhXb8oHYK#CQ{Wr`2KL7z>02DwhoTr~$xUf)O{ta1P{7DJ=lXL(4 zR55tj#!3Z&kVm4?3rs48$^t+~HcPRqnTk;)io8GR2)v5Rh)nkMA;`f@{BR0@;6e$e zNA~p(q!C~Sex4*h0>A()uSRc(8Ks~+-zO=Ml3_~h!HClB21%h%u_uXyIYWR1Pyk;b z7{G!#0k8&40P~+R{NI-hjN!i_8ITB20e-w_G=HiZ98RT?DOgW}g6F)rvHm2g0*>qp z_rww0XgCiyk{^xWNg>ff;p8A+qFV??$qh&Kg%j`?f(H?Uz@X6>RUDdtQ^F}C6|oo; z4ue1tRS9@iydnmP!61=1WmQ$QvWgNGt)i%`s)WN3u>=A_1&LHecwo>NC9EnEt%^pW z5K4HAA|9=bC!$bjgaQ$-KqYzl5%53W9Cq;3!kE=Ye&Ln=6ir?^P$ig~(RSqR^!8E+ zFtai*HTtyE&Gyv76gS_e9L;n2qHmP>dA&ahUny-YbAbZl-P&cPkoq{=xK68E2SyEf zSUt|d6@69ecln>B-VnHal|4j}B-v0QJRs9vUAN*e{b4Zz^Z*0!(b+mbf@nY>ID&k@ z^7kVO1_S}9MW%WG!D(T_d)_=$rgQ4s7 zxIYA3l1hL8&MiZagCIKcmnK5LTx&)PMcsS7{f*_BF>PA65&s3`X((`g+luY(ApuVg zP3r9aP;@JUe1fh1b+qA{^IH-lIQloh^ zo~!^+E;Gu`a5`$#xMnXRnt44Unu)8J ziIIVkk;j8iW7v(zd)#8(h1y*!Z!#dbSUF_kjN{&OF)%<_07O(a5`y4hWwK*t>K^PCcv-iAbjSk+4WX1V8;G8y}ZBIna-WCHcX&k_f>_e#A=pc}_maB66CU z=_w$^5Tf+65I#XY@_c0i1!n0_Bl(hc5b!Wd8>A#cf?k1%Z;hRSp$W{&2TKD9`NB*I zp|Btn0(>%22t~wNA+CiZqzXzIrR*rgrAWVkTrB<%a~{ng@vWE{SOBJI25tZm&A`bR z&AmuG!@s{T+V8NvylU!EFtNt^I_cuN zBJmRm+80l7%O4z1jyt)7w6V#3n*GUJajr*?Y(Dh8G%$WA(1;j79l71qhiviQy{)x$ zr(j+or2Lj)oK{I_>F~{{vr@fTf~)YIx3~_RXUFN(*z&q}=4tEBt?mlgZ?n&KiomsE zhUJWZjgBuP69d3d>Wv^FxWREC%E!Pk$IOCY0yBg({lp4p31*nFYlrUkyYAdjVRZsToyOMeCrx;%;JQVL|e!SEwJi_*c*5ztP zhDg%XLvfId!J8@I`!0kjyIOC>^(f4?DF=G zz&d=QLaZvegR2(%R+QU(WY&>0Hgf3h%nD-rrOeE-TxW%NJ1^+I)Ye?anl#tO;9=yQ z*zKVXTC2TAja?aETUHk-e*ApcX8n~DCwQHBLvD9wrb~uI@}H}oFl!u|V6SWc(9-Gl zAZT+IXCjbtDWkQzqfh@qr<_a}zVl8|*k*S5OI4pn1zEjlWfmgKAx~wi_s+EY{is2g zj{=5PjB^bcYb+o@oVitQX;x~=YRg0GjWSp#-fua!oPvbo3<^T6VPYSVN z0rbS?L644g1|c{vte+?0p8=nu;xga^i-@TIY3_doeq+0R)ZF*>?85s8DDi?=gJYm zUC%lyw^j7Et?TCTdU5jzrdm;4$OvYoZM5!N(vb8KqzjVrYAUyP$+lCFnBV7-K zC%QRv>pgK)O*O?%0mbbfKbL(7x;_)LqaIuSbR$fww@6Cl;Xd^tL-z|d_it^?y*TX= z?>K({6MyjR6WtN(+=C}nSc%e!3XpOu}s)3QbR{!@;PsvpZY9}ukDSW+Th_~q`G z$bGTJTH&9yc1lELYoC?=(DpMWCyt{LT!&Z zzI_lI5at@ceU)Qkwu$|AZgHDh$z|a8%gR3iKM@YVc+TZxUrQ^Ggj32I^prwmjMR*r z(B89B;z#;cc3xqe6%O}K6IQ4QcaE>qnDjg?+k9F%`ozoUZFf^vWU0Z{-^hC+7Pd*o zF+01Rt5O>4uX=_C3FW-`8Ll?Gx-Abs`R1DUO?$NJDnZ%cF{E5~gIz}F#cGF_5G%p! z8C&%Z={0YHhsH<3g1cT=l4WPbC!i96$cip>je0kw?KxwE^)8f4g0=AQzO|6Tt(=Ot zN$ZP>dhlz{$BgkQH0>bPIkdNbxc2Ung6pR1+s!%JpS;0bFlXc}XCj(vmKw#pgb}+@ zU+mLfS@AR!9I%)0cGtX@Nl71aeJ9}#D<5UtwH*8oBl^`=?Fbn#-6|t3lv_CL9G3`! zpKJa_aXrI*VSGEbdYkXhzlMODu0R*0c4^z94kntXdakcyg(rc$ zWbc_Qf*&66_`%*=x+ec~=vxIsAHyQ_X~i5#ddY>3KgD#??}S0>svn>){l5==YY`#~ z&?hhtefqlp6!27*1D*;9c>jYu{|e?B&fVEpMbhuNkrR`=opP5oH+NNua(M}?9hZLQ z>Yb**`zkvlRuV=Sno{d@jHbw}us6j)RTw7I*UB#)pSvDo9+?$Q<2ky;{gC|nX7a8p zA2PL>@*&QIxJ?re$s-$1-#!`E;Bs}}!9X$F9r^b!o>AKk@eDYTc6rn2wZUsG7*mC; zw>vQF&&CNtYk(QjbTNFRRJZvnqOqJMpIKt}kV{t1M!j?LpLIJsLXProcmELgsyHFh zJ-2o3vn|09hH?e{{j2R&>dx_eI@bQojKhDG7-u}QSnZ8X`){vbh1r+XXHw|4Wnd!R z?&$G?eD+IZ-x$KguE|KtwH6XpQqLbSUYz_>Fz1)|k;UBgRlenx*DnUT=V&cc36qkY zPO1U>uMb#XWK>-SbHA+o6PV-hZgB6XwCikQ5A#m-6KA{I`6zqlu<;A8_oq}JT8qJP z;YnXYEuHclZ}C|s9b*kTJX^q2cv!P1Gva>Gu`P`O*0?sIPg{%Cbhx&N=7df{NmZ;-R=4?@>s=ttvfx^RUX0or08&%{e!z-n4!Y2)@HVux2^TbrTZ;Y9U2#^}5OooaS{cy$^zgA%JT0oTVPXW?aI3 zI=eJC#)u^)UTOD^lw9Caz{z4TRp(teNj5Iy7Q5e(~B(F zt$bfcNmfe22d$UqdsZF@5$4@jp9#7ozK6Lb8_$>St^gAq=0bh|x|~H2-1&2$^8$g+ zY60jtfTKmVH3g}#itiCF;x7ld#c3{t52EKqA^Va7ed)7UA%wsJs;yXtYDoIT6{&(m zAymM*s;UwagfkSqh+Zrr{&og`gG z*)LWqUzb_g=c6uIq3(&4fveWOu=~sx6k4}UHpk3q+h>X7t7EP*V=Xlb){Wi4f#ObO zUiKR__({~84k>2*3463V+~No)xgKy!-05?1x$`($#sNLB&pgj$bJ>Ny%bxbUWdZe? zyU|{O#N?Lqfh6*2p|yulP?#Rz%9Xf)T~W^vQIF?c8Q_FekeUBZf1W2^(Qr@A8x&9C zyC?e`RVFqeqE0T%LZd1XQ5BItty2;eQx+BVx8L>XZ=M(^ooT+MIrmR+bE9{^vUH?0 zdX3>{PsTk)rD$6=nHwT9r%JDW@i{tlzNVxzT;kN^IUC4$H*X_{8sW3*i}yJBvJr#x zNd-rf!pmmy7MGn5*tkar+Xtx`!fF}bM;{j4z;SMEdV4&_i7+9SDtW7u>HP@@*?MOm z7+p74xJ<1QOtOC&6&+Lf2o~UiVtqzs$eJv5iXGmCjU(6|sMKHAXaDK?TK8xf@jW#c zHA@S5y`p?nG@sP&e$-}UmDs}QDn@AW9;{c$VH123&QM>LkjC6M#oR5kw>?>E`2Ot7 zWj|z@h-a)-MN(TrNY<0^=c`6|aG~;|;jWd(!iSM$+Sxbl$6JOkH*dkdQTg8Cc6Je$ z3Vx1Dpwo>hU5$*j_SDV8}ZxZyOB1 z81LG<_mj^4hm99c@(Rz0@D98dVuhZVRDX@*^R$;7N_5+r(C`3>n*vqUlRRW^sf!*fA3mF2H(~iEZ);z!OZ-5Z!@KvY$;lgdGklrL735nx z_H1$Ci>YI|WV0J$QFTCM#L!K9Tyk#c3u5}P|0(t2Xd(;6znUp({{wEtxH*DE-s-nE z9S6b|(P|PA_39h6Vm|7KuZoRs%Wjx{%ujQ1x~Z;{kBDksM61&va7FU}tWHT(YFSj$ z|Iz>ef$JZS)GvX{@mg?Rl_;RpGOiJHHl8UYn?qzA`F@*4|Ir}Ip_Qd;5u4al=2ofR zkaa}?7oV(8yu_wZFmwUCdqvO3veW5sh1ZU6ycpN;9&F*RdEK(tY-DWoidip$mQt+j zmX5NM6WCC3Ztp$W!hmCvY%5t4H(I4iW8l_M`8NGYbmbQQl%ZQG7uC;9$+NspGQJWm z=0#d_v)r?>W}BoNgUgll`y;aoMr|4mGrF~_?tQ7wdt^8Crk}qS@zNZYQ#?F+)W)@e zOZkO1SLRhJ>#TbGnd1(_&z$X{5n@bZ{i8kX8)Wbr3iXs^n8~@c=yNC5b=4M}u7Qhx zsy#$*TQ@tn{+5(`#`nO*v(-2L^NaL5^(ir*L0rm37GsIxctWw_%t(+n&-tNfH4!ZKF&3vEuvY1K?<9NDSZd?Znsnnp2tD}CL1 z3rEz$G4bJdEcW=zshYGBQ5O7b2)|9rjs%7D%X&EZQ`0*J6@9fg1&_6b7RiWQ5a_iC zi1(LeO8mraBW;IZ->u%^G3P!?xxf{c%fXzlm;Aa9rDx>0Vk@l>n1r<1!kBYT@LQ^x zEP#|1!r~iVSOumul#7_(TLXk$AHpy^1SK-z52ok!ASm}R`?|ZMAfQ@y)SlD ziwLX`JfqVtoj=DGKP6OJCj~on>C2?2>$N*uvNJgoXASoehj(-{)iyb1vpH^OJv=Q~ zR39Uqwa3PIRY#R&^@r2rhE}m}<Zi9*BE7Wi;hLBT{f8=^zGiey;i0$T(cs)_Uda4>_}G%KGT-r4Ki#3W#*pMtu;| z5`e5Z?bA;lZz`a1IBhYxW>i{nV7IWlr3k~33%WM8qR%c8-mq9C->iEd?2s=;4go`mTVX3AKNa!MuYz)Zhr*~`Qn|ok*p3j z$JedPReW}~ra5)DPL|2jBk2cNHnL_CviPjn%KGH>&vW-&FP#;-^O~>U?#a;m_uSc% zeov4!2RfcS)mLraRa2xLhqf){N1nB7-Xqe|MaaKg{?4Dd_I`{p@6|{k#mW+2qketW z&B=3cKyv0y-MP4_1A~I~)=zuXg8VNlLsoWaM5JkMpsadO@p6pcri<#AKx#n0%uK$l z9qu4$IkEoyt7M(6{?0c<&tFb=!LGA?##|8IBwDsTMe8pAiV<_FyneVM%m}BSZi7p^ zyxKZU>*$#V_PPtsJ%;73Gfk(D(F!^;b7{i5xi-%sc+C@TF@S?Npm5(t+N7wyG zxY=t(Vf)}bE482i#8cv?Q$`F*dD>o76Z@Gr+Zj?1;n+*zk+t9Si8L7-k@ibR*=s0jJa!s@|GS)>kfB z=RToAfQMSx9OfhNer@|z@|QJxjYonL2CUDSB)wpfyue@2y9)Gq>*<^kmh0Mhj|Ovv8HTpsHzpB94jAsZ}dI(C~XI;cd~hv z;?_#@2rVn}T|&le56slGD&d|~ZkQX@_=64=u4c+YR1yij zGDniv@0{w#K!F3ri7K8W5VdkXCeDX^bi6JbVLBid2ZJNcHru@AsF!o1Eaa<(M6tMeF9jr zn(q-6jO?O<5k~~T5B%1jFL{Gk!9FrTfesy}`EVr$23GJ%VPa&TZ!=rVa zU>>_-c(t{hL+x^@NR+*MmG`c{SQIVw;It|2RP<+ISqOm4ZeEMvE^+4)j%g`t+MHHm z%X0pd;cW$7@15cu&$~&!WugXS1N8wF%07HxLbE8s7!G3OUYH!t6NWWr5t-41i%5ZDhEo11n2<%;2(Iu+4zChruv#AQ(GZ`rYEKDgGEo^{$3e5Gq+iR=|;*mtB7H;O!e^9f~|@TP$0OtuNEn5vDUuA zJkC-4Y3-|I&mH0nGJR16oH;p>A>F;&@07g1a5fxKxdGG5OAeq%b%OCvJ|sU+7(GNu z$KT(Fgu~KEWIq@YbOFP3$zL5D(jeVyZGDE-;CLoKuHBO~Wd=As@LNtq2RbDxL@HhlG`ns!~s}zFPVa+Qs z3b7aR*Ql{&v%DQCCt8DX#KxQ({HP)EKZ;8HR-@`k7t}Z(c50adZyw|J53&Wy0&%jf!2sJ>5{(SRni}?~QYrqox zv;B|hf8T$jLem2)Rn1ECt1mbR8K*#ijs=QymP>b?USOt}ipkqOA&fQ*+!xE9N{r}JCf8YO`w^t=@Ei#ii7UxqTd7+A+t-U~T zDPN-hwf}lcr~a+{`~J5FZC#lZXAG~Kv|593Zcx+FUTAhHUn26g|Nj~N@1MT{NjHzJ zw>H-lxD5rLotQcS3@ylgP6)q5dOo)V@BhzVSX)-@mj%s0P6gw_8ok}hC$?nVT;tjq zQ#Wu3X`)&QxISgMy~0LUd!dP?e4zw@6Mq6YNv1mhg236-eF^|TjSS<08%{Hy32W4**p@Zd`@76bww1Y9a4X^2zMbSwvM)_SQ$m1B`S zptW?c$bdCq54sTSm)QBYb1ACKMX?WEybY#6aqFg5^%FCnePu&7Pw$~Mm~q4%9S1s? z=G&gT%{-qke1p1S-hm+x;;_R!7XQ1Wf!-cSVNtss48_08$l69exhB*)PFLWOx=dIs z1Ta`L%XB$$N4fOCy=tw5qlJYsr!R=|+#K8Rd7SahUfXOaa3LbvgP0bf zde2N_K;XTQ*RxV2zjD63z3ZTZ3i1p-bL7L^rT4}TqB$T{;R}-U+Dv%eius-`eT6I@ z{IRoznL!48a}`XBvRTrI-^-4Xk(n6*YR&~&IfKri1v<<)jN`S&*4FI6KGw9rK zfgifunE`9J_grQ(rgA|ChqW%7uw`e;c27Zo9t2qtq)M#Y=1s&U9xzVzR^=%wgO|8nfN^+LPvJpq;Rl$sd1b*hBFJg zaG{wu_&t_~?zl21dz+D{w7-c1x~p%IgKczw&NuTnfp{0y`gnN4oLa``qC)Lsfg4ho zAwY&gW}Y1(G{JQeK2(rsa(@5nl!(2>ZRLjqF(gf$QgbLUsW-eY8TYwcUm<4A$?f67 z>;V%M`v^K&VlO)t{5vQiG5qyP@P~1P_=YR>wpoY6eKjO6c80ZgY?!j%kc zuc$vzXiVxl^SINU^DeR__E2xzutspKK_2LNmV2=)Zrbg3WiTgm7zfuul>ZFO3-xd$ z9J-G@XCM}pHz>J|)@-+i3nx78vrFe5H^}zleYd3qQfc6;w#()Bd-nbxzfSq9neeg~ zDHVT**Z&T${~ccc*M!$Ew{Mz-I8H`o7jY1u39nZ03vzcJ!bF3cTWnsnw(_&6h3wk& z$IrbJ=0?`+Y2M0tHdiULd6nS?;Tuq(X}tl)(z~^SsXyyW#pu1*UB=B-w-ee4CgZaN zeUSj|4nHl_>I1SR4s4>FCw7bF(r4?!X&dM58+KQa!Z%4{@tB!e<)^lZ=e$zz0B4py zprZ2zRRw*M0R>Ri5y9gH8-=bEzuGA6msPsb*avEJ1%?fzx+`kwtAj#^qFKjD!cbi{<~6TrXcqW z!HkjE6_ghYIeoEvIJ!s9dZ!(ll62al&j(V46Nn_Z2e`BX_oM`RDBy^m0Nr%?%FOZA zF`u^7Yzyk$Pc(9>TlXd+Qa%_0JcSpsX_hDHMBB2%3`DD6ws1^;@~>@Q6T_N$&1O&c zStx+vSMYDnmVPKeIHhbmD>As!FMDP(>m0KmBm*eq5>&7437GpB7TGvJ+e47>Anq3c zsnS_+!};RXV0Z!%8|XvR(L{a6PH9&*d&!P=`5U*~bvxVc2@VNE^&x;(`FnF1>Xd}h zj;`#eYsN7$?Rk$M-MVS+bgJCpv>DVBTte<$rPHSI0yj>>Gi@kYIe8?fxyW;_@?ptT ze^7GPo^2J*=qTZMdnX-SAalayYY9JPM^{tvJ9f?uuHBn?{rL#WA;cHn7Dn7KE}ahn zvat7#qh{rO*{+>;=ifU)8&y;geR`j2eVXrz^Wj@JjzWPJ|16U_$Lnfuh|Xpyi86=F zHV)_e=A&Ko2@)DI_v|`wo~F9sxta z=tZ6HczbyAEJP>y=JUP#2V5m_{;!Gmbe=(gi`P~QoK7By+JWgf7btdtx%plGz{Xv) z8!8=RQu?*WwV*(4+abNSO%4`;z3yJM$>|Y%hzHKj1y0d$b#E(p?%Ir`>+MZQ z491pFnz%~;Id4kyyylW@Tm5xC>pLnYgzXw+D z5>fmD&-A3WX>K@mSbyZ!`LHxa!DVuDf+@k|eP}Q=%;h_Nl1faoY}H)lo9$>^yi)vE z_u~>CLjZHF4?c27&aN1TH+VeGcbKk@{r|dfIYSV{)(bD=hf1I=jr1QzmZg4K zdAao_T(H1MR(B$XztKnH9t7wv&wLwj`uvOD-P6yck!Dp!xSqXn6}QZ%Yy%Zdwcmn{ zN!#7NN(9A%npCmt*V;B9(i4n*%Jd_2eD56ee5{N}WvkD*I=EwfTxs+%?evJ%mn44V z2;4S;Kn|p7BEFN+u8V$or?0WeukWN%rZ)w$-Gv@L4*|5*&C{+h>8)OGJiL)Z!nlS5 z_a=46+4cQQ|A10(s7XqxaqDh2LC@}O6s5q$AWIgA40T`-nJ0}o(+WD0>A=t}^b z2e%~(BKT-3!*FCjD%ppiNuz}#zb)7xTW(u4@TEG7EzvjNaU*~`$WU+ukP8?I+^I(aBtig(BUr{!$W%8_ zE5Kl|MY$>XVyWJmf&O?bjUZ2$-=Rr?N}vRha0D1#JVX*6yh9|ckG!WhLBR`40gGS< ziC7;h;U8@*BD&k+=yIdduoRjbC`V0I1cC}S12Rt`(+D_l!a~1DBM<|9+(6;dNc0#0 zO<&kXJXO<=jPoG};?=1OH)Yc`}*q*5$&p6lubA1I*QlN)?c9VdJ3sjI5_wpF{Y zj6E<1 zq`neLMOj|a5QUUiMJQq9bufx(c>|Q8p^kyRKE_Z_=ZA4FvWw$JuVD0g8iV){?)SkiswND3W-Pp z_b2)d>2x*lS3)}8*NrY+TBrhnLLpP!JP2OcAkbjcRD^xKz4-}rJ{((f^YmFk;;nT-hX%xWxSFyS{>A`-wFqb zKq(Px^D~HOkQb)Ys((+gsiC zOslG$6ikVIY$++j371c4_@fz_jt>o-nuCS{%+5x4ArSqm`#}oyz{x2}FE~*bJrKX= zW&gswY#v1ZH52Rq4V&}_<6*n<4wC_vNs|ARm+2=d*4UH`?hFV}omcv1q^bKMduy)D z*eQQ4Zz--UvJ74)5IYsEU2tO#+)Y?F*2)Dc-e{g95u5ThyHHWH^>g3!ZGp#Enk?EH z#H3H|j+;qg1mhKIPjF3~&=+6-y%!R6vtWIx^ETZ#GqUfUwz7P0va|M73+5bnlU#M) zM}5m#+hhoEes<2+hZe;dzJ>SBJ;@fo{pU^6qQbrAa+O=^HofE3fC4FF?5rNX$BW9L)awrakPEdHd+uI1FP!)lk%iCayCBbzdj})g#=;mQ5J{$jSHH`SC9} z`TiQ)<&Pe_KjA0*@3{&8nU`?EJ@`knz&|+&{8JXlKk)2N)&8oIf7>hn*V!w;^3~ft zvV3hd_1;&4FStdOUUe@J7Dn%d06q`$J9ppsB&F5&xC5p( z%nyS2k4qoAV2sqd=B+l1QfWJ+E5)RkRR?KraNn7Ioj&7zjD_FgQv2VoyW~?*us0% z6AHMuu{b09WlQuoj`2;wK&miy{s=Gw*sE{Rvmes(g=IorrDfy2;AvOJ*!vz$uutmm zEHoj&l~N`Q)cK+BQ%$T38}g$^&9Id1y*TeqGkrcmi#~IFtEGaf#{D~`d(O;k z&Vc~;m^Hn_Vyn<8Cr?*zk5@bMdfh>s^_2n3qmHloZoAg40sk3_DdaU@XrMc(y5Z_`CXc(4ZExP$YVTZQTJ`?kM`@StzNXiN+MwVeQIM)Z2)HOd|Dv_c!ul>1 z{5L&8;JQ0~33fSKMs@~+ts%YVJ1{eC;R-ns#==Eh5a5($pzh6kl#0~_1tYujWs_+; z!<$?WW1Y3%!u1dLj}}7#P6dYRE+fx{4Im5|Uk663J4L zQV|s?NtQ(Z_gLPiJoW2&-{<|k&-?rQpW|cBy_~tvbnD`FVxN?L1f0w&m8Ixe zv<_~EGH!1GY(x8bIYXNG21}MfM01Nm4 z1i%+S0XT49b8X)p@CWyO01SA<4?wI73NZXbQsM2mcfIJHVW_mk+UC-t&@PXA`yqg9 z2Opz$A=KO~U;Z8&=H~oEpKTt=Hg~YKnx_RgnYXt>0S4!n`(&8*WaWh>OLpC_-+SV= z@UtiZiQ1j#-RJAmGju*3LcdZNVL7|pv%`>L8~HvMQBpMxn7*fnwkMvT3km2e}$T2ar(V(+H(F%;1OFVe|`<7hWT+LX`)>_0Tvv&4Q>1w6q&0zmS; zxUmE^ZXP5%TW7Lq;oY8FaU4$;r6GVrZ>!mpS>s)mk6&aOa1&1L=He*vavvJ-BM4jy zdwKd16bOQPNA7DjuK+R;ciC6WeG|J$eepZhs&a&C-57-@YWY*n=b5No8Qa3?C~1UFYM)%7BO!rM0PwIR z1O!e)NoGb)$w+Euf?$L*5O=5gQZdr$dHQ+~P*@MxAuPrp z!35tyJWk69(em_k#$jLw52}eGxZ%5qMH+KIkWez9d z{kCgKC;+l>l5GGyoP?G%oP-3pq(c`dqBXbRAAPhtbNsF5aV7Se1?_43bE)yqxt3X} zA)3iO1yLCSlVl3_;DzQ)4?i*sqF+305l-f_^RBTBmzarxFV zql+*XD)FhqI!spGeGl)#LSK-Ol92!;xo&VQd>eT0cQKNXtddi}$-oRQNIXDK&PxvK zkX$Uj+VbYzfwRFwXI@d@;PtyHw?~Ye?U~YL;(P382p1+6-A&F1=MDXJ;qON}csob{ z`Tb58Tk9#R<*`AxHS4n-4`Nc`@1M{=4JfANpO$mm5$M2_>XAjKz%251I*8-ZWP6|W z}O)BO;6X4lCeCGzFD{pyFy>6!a)!0bO1 z7nJ3_OVobv-i50aKi*6^aOz!yc-mZmU!;mL`$+ce;>(?(C+Qz0@7HL~qbMoPa)P)j zLJ%3`rvpO1`tDAwBAMypQ2A`2nsst2b2)Bc-X2bRE&oPw)`*gEYyTIKGjs~g5^~jt z9&!#eG%X#945;3Q8VVVAPZ}j>KuDmwZcPffH(tyguOQj6D6=~-zL4NnQ|ZQa+CI7A zd(3&&8#e?So;vn*f3hmC`@Pj&CUi3pAX?Ae-#ywbc^Gq&K4sF(Ym)T*DV0-m$FF|~ zC^0i~G=u_;s6DEej*Ix|x?p$cI!+$JPWK$&DX5>d-?Ug=gel#6Z&|=?r_bBfuco?k zzcddo4fp}(HXqc+8<^7tpL@Rt-R4=TAA^n;1Rd=<=oo;jW`Wqf9WNZVPP(0Iq$2`OBLMA!@^Hrdn083`ceDd{;bH%!a{r2WHIBRia^_A0 ziZ5;hyDbYN)tlX{mxX!*&!krtx?o7|jV?a4rV?(rsG@)wFd96WA6mMy_pB)(ftM>! zIG4HC=Dm%PVmQ{Bkkc8I@RHNM^B7-2+@pS-dIqCi$u7sfJRM#3RIGW6pC-$Eeq743 zF0;Ah_P8ElP&PR`QQ*qCd57AG_zX%Bh9YvtB{GZPujHC=Y9{fEnGuRwtY!yn&fZ}! zHQjSp>jXzn%gBu^vqLFYmkA+BSr=ANGuzb1lnreSjC~=mN2PBy*aVeR=e$DTuT?pX zebjKHn8WxuUoW~DhagGV^KvH{f1=od=*XlS_riP5cF0!c-Qv@Xt*FVu{2}7?j9J)f z-6G|kD1z;z;Bcl0AJbJb=Qg%GOZid6JNoE>?}+!y!apEhg1%eKJ93$_)#c0KQlD>% zxlh>~f)fQWv)Cr5y#`)&wzN->hy$jD@w$lu}4qr5! zgatnOOx}jPn5TrxC(ryiFwr+qBc9j)EV|tOl=q8z|63s*$1*V|&WsB$ixHwEN#9S;K?8atir(cOvcrU{9u)Y8Lj@UKx0+q#^M7YpA?!DMbeo=tj8KkKgn z?|lFEQDwPTlJOnAIxjuN>%Gkths_@wuaJK@_T|V9%6qK(vacw|F*kDS9PG8sP#qJW z;*P($X?D%#9qSZLoA7PUr^xN(bD9Pxje6~K+`D*XuZ#>0r+rVnYmNGqi|kAqTuOQB zpO)#-av?p<5CC#WpR>m|Y_GUH&T5DEpjDEK#;a^;Ij=$N7eLjm$q@?3-GNCQ4f_&8 z7Y*RbeKDr@1EgdRi2jVyC!4JV(IccZ%KSIi4T$jt(A9I=7+NY4&o|a_xR>|I$G)Ok9=3;di); z{mHQdeWi_Mega(sy3a>5lLub?b zm!VoGh3P2MYrK(Km;s&H^!PKqvR)s*oJi79di-VT>IrpNY^!3psf1%wSHzHfN0P#P zyK8FQg%aM;`7sE0Sk3hNVbtK+FAJKw&5fqd^27>nP4jX;)$iAJ9VWvj zqPT)e_5G9`aO$E?o@WmwVgL2kQTMUroYE(7b;b+m2xapKpNXuedrKUz4s;41+;^FI zb-%+E?W$Bh(1+-k+`S23d-sC25IAz2w zrdG>a+a^rBN=acV*&m+8+ZpO!cm4F7FlZ`rQTGp_O;^9%`|#lK0jnGKbIu`bTGY*U zL!b4I(*|2~=u%ql<@*k8zbyPCwD~{uw}|~bJ79M4tA%Wg%spXQ#US_VcFWgdyKXIa zQZ~qm6yzTDxSJr(_O?VdOHgU$T)niP@xtqt0Ea8&GYYiUr2Tn3B9+IrjfGC(>WfM= z?l4!RSiE_xPLj18Kb z1E{ofwpFF&o{i9=NQhLM`sjE-{7LU#{#T=`Co9XV3!btqOiQZBv$>S<11{Yd^K?d}Vhi8|jsh7(g+ z98;Ok10pCt!5>Tc`wzI?#t+1<@WV`WzJ3zaI~&Qe>b~1wfK=@B*VaKuTIKr(bAq$Z zdZ+0fs`d1&m?>)B#kb*I4&|3c+G~$$0E>HlPg!!DJx4KlkHGir#Us-h#@La10Wzf4 zRD5gNn;p`3gmw(!Ei1Yf4k8a>siIhbx9lwQv+=2V%OOf_6i>Ma?MWxTAnQAOb?%AI6F#cMwQKq zZ;zcHJ8dcRVLv?V`ntIpb_E_*82ZC9IbjibVPSvyT@U|e#z2WeGj1B!Kj7wGwcr?V)Jcr#xhv|shs?j+;j#}G;)yD2 zR?N*}a0$c7D2|mMAL-IEjJ-{2%Z<71He4;5PQ@}7Oj4Z}lSn@Fk-T3hx;tKA^zq74 ziw7c))A@v9VO&>CKz$L^(Sahnf^Dx{4IV{!5^m0Rm);(2X)r>~%53$f-Q3{P z`5$u$^r(?}Z*pns)pO1-53Oppaw#nOKLjQoIQKf3*nVnJevc@kLHP}$hz8| z)h&8dz0uOq(_vCFwRgQR5BVf4+GEF7-lyeRQ@z8z2JsT8&9yJ7kQF`3HlJ5FA&``B zgMD^2jz&%k$3lOnIYap+L(2oZxS2p~&G_CGe>?B?3(pH|95tvWNIyt<1{vJf7=81u zFFN{*%9-c2&DR;&mN*%nPP0-%ug%C$qZyse`Ci1@xvD&xXAs-p;oul}10Vi|Gksu1 z_c3R0}p%u4XwzFEFFtagmiHS~I&bp9tFkHO7t!(;s^ufugx2*>U;Dm&1X}ctG zvwh6`g>}(`!dc!|`KWeK#_lydB`76k3>E28pFv(RVoG>%FQHlf#zzr~={W7yaBdeY zM`wX^ZP{TyI})4Lq{ovhqFP-FHA|}HI|sj(WQ>@-n0>-j4xiA2rDu=6Ei$pKp_6{2 zOqbGzr(BVbyisZ~`pViI8p2IB_2lgXYJMR{1<`7sc$iLIVtC!P-F@ZftIEW9zLa0` z?ApCDyyu>Peezatk!^tMHK>36ei?wQAG8*0H^KEJt*p24f%nW-aQ#GIf&R$-5B-Vz zANrm9e^a4?{!pQUZdIsYM1=}2DK3pb!lfjnE!nn-i-QLw5b%uyKYO_T=S2J!q$;no zY!mPlrnMG$jboYs?(c#dR^|DAVLwN%-P^z%LH)#z?Ex*aAkn?T^;C{NhHW6-=%{^5 z%mryXV4wF~AGxZ=QYIve+hq=U`tGMA+S9QmZK1e#cWwrx_P~U%wI2*DcBbaBe^C7@ z`TFuT&CIcJp>2_hi5dpI#U7FtN0N6uVLgz9Rx10TaQUc2!{u0Me4>xmC&4?$Ml@m1 zr+7x^Da;*PPAL*{c2PJ^Lzqkwf?`CITGY@Ym2*ME67I_T{inJDF9>lqF%Rf_M|ug9 z#eUglB4`GuJ}%$muxkI-r-|;!SsL<8wfN~FaWySV`a^^)UN7md50obKmUuT?c+aDUGrO?K%Xr6W&4eBQ=ueVI2vUH`)pJTaD9U+(+ zWum>ar`VumvFe?s;fYToH`yfRdquXVZQq{p45`ySrfqsZGh54b#NYFiWk?U}b2avi zOc&cwp3shVQeo8#SHtC6bXJDl`=edUg|dQK=ilxSsoyzP%TT)*vDcI51U33;oQX1{ z6-qRD^{v=&ex=vJS}~_1EDlPQ>~ucHY6aBKY10VO>PXkz=lrtFoW12?i`+`g5RNL` z6VG?`=Ls}cMmp_UxrOJBv)LPPl3Z?5H8I`wsu?p&p&#E_vEXO16#+Xp5U}!N1WbSk z=-os>;V$ni*{f)>tqAy;KJag!V4J!N^yj+EuW9h#B<-)jkjc|~A3Z)vJGm>Y52qQQn2o(ySlE`v=P`yTJJ&Nd zt}feftn7mFNu+5m6XK>>Llo!jK1^my!MqoF`Qr#}hPF^3!O+05O#aT!&Y3zffNyEG zqVD9!bHgmv#^Vp<{JdJEAv^jMLJ}4EeRe)8oS0%V>BD=(U~7;QDe*1J!4`Z5ANDl9 zk5@V5Wqo&7V@r|^YPabt^7FyZ`62&iAC8C9tWUHF*tjRJ^8m?HRtg?A=VQ){nq&Qy*LUG)3XI#Ra8@ zfi0xF;@GU-eFugg7WgF?j!`h(e_ow8itwX!&?!#=-t_jp$7%bhsM=o+J~%DGX6~P1 zDCg%5A9vbcsYN20q3nX!F<+W>B{_8oO`R)NKytC~z}b%x8iV=-v3qX@H3jZH9cG?? z9M@OK9EDf8tYCAjYft$zeWSOOoJ-l{Zv!71b^R}IgZFmPQ=WOv?npU2^!G5eWL#)?6 zkHDFaeUI$#5co3L_nkSwM8fkOPU>y8*8?Xa$V$Y8?BGTW=Yk9m7L_=Srw_ z^2=gRl+AaFv?vZ}Px{9^HLlZ%dqct3#8l0&6AH+xsoY@O*SEK|tt@yEfIc5YNwo+H zCzxaK#leqDR7fryW~;dA-7&pvKT>>QNA!mc`m9BNfd1``XpdYaE4xS6?hb#-D}KK{ zNTFkw2vZ*faO1*f)94-v6Oqs2z5m4^To#e8WxUTIhs;+VYe>2+1qvA7%odr@ys0In zYd**WMKj1J9zN?KBwx^7Y+A}tLX9sw(K{~O#AWby{Ajjyj)brj*w(Gl9yH)FV%n5! zGs43FjQ4N^BR+hym|BQGv=RU??MVZtI{P@hA*=TLjXit0~dT-jy)Y) z#O=KL1Bp4N6pfXd_eF8@GH>Mts|n}UQ+=0Xmk77gJ-}MG%1ewhBBuT8**_vu;9wvU@s9=+bst~`#{Z}Q zUf>_tGAbsZqrUp++eJx(qRIVZr5KhRa!MwEr)ZxhlOLJJagUg)PfoiLA*N4PUXnU_@hhul{mJN+bjjew}CWlBT^jAnMCu0oll}oRHrB=7zm)9TR>judL&B zpuj~FiT09PFV4axQ{qAxqU9BY@6HED-B!(gcyfMWX|yeeFDPpe8%0g)t~-|Y;7e5^ zDCN)EY5&7^BGx432ivIu#yaT$Fu((haB>IlmmL_ZLyUQH1Vq5rJA&UPC4mAxDr9S6 zJtQQQV26;gZeRQU#-#yb%k{5PhcR5R&^tjt%5J>RqMSG$z&WxpLho&RqJhYtQfb(0 zQbW!!{b+pQ;~@y3=l+< zK9_l+-bqWI@$&ca&OtmRLPKHaY17j~1NsM)=Ox{~($-v-xeHUvi1!u%YX#$Ia99s# z7%|jE#mftaMWYBI@ssRT5EqvZzReRd` z>&s%-c#>!F+i^%m)=@jr{Zvy3EB3ZfJt&YtXQIuPY+ln9BEaP_FpIHS3ZKiwDAKGB zWXhVA`>WGXD6`93yyHSMzu3!Q{!v2%yxCh9P>AE7n277X#6(;``MpI?{`dMX(f9f9 z3Pb$)YW1)5`oGtI|3EO`FPC(`4d(l0;UBDHB>aEA{!2tR2+$3crlH+w_K^tTDzl3~ z*q7Ydg>YwDLkLiZX|*v|L9rx5GroEPWxWOMPvl}gT6cAd>xxiyYIQ+@{6}Za-F68{ z>m4xG7q6|GO`m^s@%5q(ZfD#TJA()Iy?Xk^HVk(TIuy5g6w%Ma$sNHe*P?b+j7^EE zv^6LNOKJs*h%KU8O-$zi*xDxV`Yv!}W54H3tp}@+Cd)|&XVY|4V8JH#Lcwyx|DKUg zphWAbRIzQ_@dzKSgg`~?pw_XmnGY!;1ZQ3G+=;8m!;PbCKu^S4K`=aiv)Z+N6TlQy zl}$lK^3Nq3A-S*O1_dfN_FU}}KaoqLdH62h~-TZ%_Qw+oYq_3c>QjS}_VCA9ECzr*wI|c3sa<9Y5})a4!HOxdim6Z`8lu z51SPj0|wxq>7TBDYx_O+g&g2{rh7NuGPLn<*2*N%vtHw>!FSyc261k-Uv*QYe<|PE z{^?86C$q8od{MEnNG&Ud{Xh@-+I3g&ulK`dCBL=*&(*)R{g;|Nj0PfcIZ-Qc z)dNbK8yf-`1LmL!ZN4eaznlx;g_^k+`xt6;f$Wa`9r7$_d4*>Tnhg1iA)`iTlFtD> zWNX)6y}v#W*FV8$!x6E zhYH^baHfa~dC?4NpOc|LM_-@yclWhzC+o1gc{_FCe7$jdHdrg$i%WIHrhWKGN6h|_ zLN~U4?SLRB5dz;N1JgzyZ9W;d_8}=LIXN7Bg0A1-rO2oN*2~8_eP}3MQ;wfMdLiq7b09zv9>kdxp>f=4tC2FcC1Gj*_P7=~Roy{!~RRH@|KuU?uZh zw!L9We&yW3dgWWJbqynly-PG1j;$Ziee}zU)BIy`wS(?>XhH?nRnYfzB2iUi%Pw3S z+`z)-dvR+*0}AUIKu#|6!vX0Gg4GvnnF!b(6yOH>BZ+S(ih}KP0=L%(=J)sHZ+rSr zzbN-}3-!BKIQ~w=L{dYX|pN*#`g8aAVs$O=cZd#abLW>K_ouYYClZp)LPzbQQ zmoDbmfh_VNRe66kF^4_--<<7p#lCVT)1g%MNHc#81z1O3a>HLn3~wuU87YzNgIQxQ z44$B;6mFntRMiMN`zC8pIbz6IwmD@vQ70Iu05F2Jiea3vVh-R^fS9w7uY)Ms$r&I% zZhsS|ls)2$QQ2X?fiq58Ru#KvLqbLTA;7p;7L{T_oJzPUHB4hy$;54%xi4Pj-5e2= zDeWdv{Wqb26qBe|Lz>`oW=y5D=?drY4v(~@nbbOR4@feQMaLpv{=j?n^O4Znr-UdB zuY=PWX0TSG2zF?9M>&`y#tG$%Bd92fZxJWAFO51Us9WUjJ$u#Ou0fU;Y*2Lwpj5D+ z2NSR4)e7oM3v1Vo5bDl&IdZR4&#JP(qUs>j847$H*s0Q`@CN;k;7G=wvt#CRdcy_h z)ho|)K0fh_PmMZUXpIbGi!`@VLHm-&w6w?kP#jf7i7n#P4Rb}O+<84IZV})v)^)^* z|D9ka1V}{4xKp(^+A~FeAiR|j-8KFgZ(POLYMp=YZV?o??UkxiVR=Vx*2(%{ zLab1J-rlDwMcOo_H$Iz%zdU)Vq>AK}z36GHvH7aN^6raC7kIzx9cM3smk-v{2TKTq zxj4dM;xOW_$`;w4U%v@aiSK+JedehxAKGi$X;9@A1ZZw&XReBW8WtqgQ|HUwMBXr; z`E>6w!d;o3DFOBJQY9!*-gQZ>YrloQ?|{8ac|5X5lajBr>CERo{;Ubj7E_?T<_* zlhmSPV*OD$KJ|3D|Fdk8YqF_skuCAH%l=qscO5fnf>wV&L7tmm843YB2cKPSK2FJf zy*P3Hnk>=?6_|X+zt8@3!FEnr*h+M|((I_j$YTX>h;@Tjb z@EvWpg%hsDwkOZq&dNXCelTFDXe@;FyMD8RA&@W;903N0*=!N$yrA1&81=|kN23Gz zifrB#&QT)~5I|>T>8ecvAE}HG>KJWyQ@3U18wu0ol_9)MP{0G(#u+HE@>!;XVG-e6 zcWu&I;JQOXg#NCt*;ig)S_yBtqQ@>Mbmt0v-)k3l&n6OnS_dwMShnv3!ea=VL;ZIn z-9SCBpul)P+MjtcwLeyhsTRjO2m$&FQa*WCHNF`*KKDuxaj;km{UG{e;XS>NroIxo z%AYc!fa!5}NsPq#vQyl5+PnDSNio{EJoOM2_lFmqUrNJIQB|k64F~NxnHzppIVptw z7VqyR0^gU%c={3);amFXvHiKuw-R%aD`9VhkJwY;y0aXdAiyP_NSb!v1xCG^l_@D> z^v%{w-n{*To;kVd4)^qe!ug;8Gwby|={R@hzC2%t@Kg-+vQ+D-_hULkWEN#{eok$+ zSGh(?g|~Uzx>gS>35sIAcpotw)`3`nfN^)+%wa^}DXw462i){WVF@rF zPnd_N4+ih+jsY)B{7nHr3{FuRhW7Npd*U#P1VSL<+Z_`)439zk5+|V|%F7GoDL z^TYapE39@N7=ow=$_r~p2v9`8JlwH%{wM<4#nIDQ5e`G+-9;U-c$5PU;|QL`d7>P> zupXkA05s0m5u@ma@$tamMBF_ceZikKSkLex#8RNdYenq{K3HdG@TU#dPm1EP&UP5^ zmoR+L81Q;9tSka43ZBA%qYKma}!V>-qB`PVS#@(HJEI68sPX+@4 zBn)=N2|gH9J*P>x2b=*yC>``~nG% z?smk^A_R(Je0)58>>MyIC_hkvP?UiEcFG+UVCR7K#4Cy*zB%fM@dM!n!W1OSTKXAY z*1#eL78i4L7lDIUP~=6x{D?u1DFq7WtcZ6(i6f;z`8)}BE|>sEtTP4=mXL9jl#r4@!co!~ z83_kRjI0b2?I__SjggjhLP<(WAd%A2k`fM*;^LALV9+=kBY{A`CDABJX@o2q=?KH4 za0EpM32_MrI6~4v%1Kg60wFE#ghojtWl#t-5+x-qiA0H`WiUt?X>kV(9D|TXV#J*! z9VFps8F5*pgE-28_ji-7fE(X8(BGe{Be<+|DFGg7@U@!~0@RnJ`EW>;@HM12>85KL z2KfcaPJBB09`{CeAC$X^6f_Qu_f~oBMUg@rb8k+_(27;!b8&*LRZr^_JP!u+77nZ) zKQ(&lGj*buUZ73Jz3s-9e{j!zQ7YXEbJe2?AhX1--?ZMw+Mf7qPa-3yOI9C*V@SF4j%^sa}2xrQHh!{J3A4 z%Cr^6G{RqJs*)|JrzD&87HUa9{&L3vi=PQ-E1e8GnQA3+plOxhWj&>`FHS5V+~90b|A4>{y-;| zKSixQG8B>x0hCkUqqr_Ajy-7$v|y28pXiS(B0(kNOH~3Jj9GRE)jeD@MpLji?Qty~Fr0PO5*(r)H3|_riSUhqis+#1+#U}Y%UTEH!JzK3r(7Zso72Ad2dP7874u} zbY0USPl9^BQ^@|ejIjU1HrT%h{eN83`diWZvx*k*y$hD>kx96r;Qc|(8!75%JlP+^ z)#ZqbzS+EydMqI`eF=G$oZ*eVdz^J{ef}W4G9*XQO<7ar0siu4b(A-P!&b8_3&pxh zUwVVlAUB8Ad_rsI3J+sooZHE9#EnC9Ii8P?u@qLNpKR7-0w?+p+!x^D>bFbKi>I&3 zAvucVtjC7qJ#~VsSbQW=5TH~AMXkcz@vu2kOdbCCbhbzj@U=Uga| zdP)peSu-wOyqrs;8mjno$X~uhDvq4@@SCv6D1Pgnk)0{H3-@k>2N;>=ds!Q)!N6LT z=Zr(Z49HeHP0W6m{yNEEP{ClLI6sr@d%yL0pbq$OeDnk==~J4ZPW&*z#Q#17XgI^n z%<&n0HD0EIHa?rwtn$=nNGL#=D$U?_u{lm!0}76!S;|dx_9>>x5fh=5i*$_R~APX^a{|gSOzghSbr`8s$ zlNU5Q|Ayh8g&{9M4DbZk)Hgz4)aBfcgx@GVWFRW5@c3bF)QzPB=@4L$T+!{wiDG2J z^{NurNVyx+yDy@RTb~*fS-u~-Z(G3u1$cBJ(~N<>_6(BR{sg6`LMGugZLi539`SX} z&YLP9<Gn2v`Z==mkSx$?bO zT4ox<9RUN4JyJ_u!J_FQ+H4mFJw4x+;Y$ji`U4j?Kxx)&TX=)m9(b4=_XXxTSDYs3eVQn2Bn61 e5MQPFfmp^Ef-mT*b%gn22`(@bUo3qUa{vGU$iVOSk`P#E z=8ZwY^fX~w{uoaJTynh{DL_j64>`aDKmZs31>o!D)L^!LLB%^^@XANP#iCMGW*dvn zf$dPn?GT`Ad4^r0cxk@i#f8K^gC6OlRBwzGY!9v21jSuUW^D|G0v;q+BgClHlOCo^ zEfmGyY1f;}ZfcQNk!3}k4M*-usA3w9|5TXB)L9sT#KhgCK@kb-02+W6$c80=1@Hg? z@B@$l4m{UhJNEzrz;ir+0ZaS=#5$t@!@oEc*^Zm+M(qqoW~A0NT`39c@O+>Q0S>kC zGwK#Ytt<)^9xaZlKme#QA8JRHDCs z_$7qed^xvj!8Rzc_jyF2`TAzCmzyyhOdj0NQeE{ehX6vI2|R8aI|jpCpr=m2n7HSPeVZ9 zG?Zi(2+{HKa>Zd_2M%b6A$Z_i#8L<&i-y-)Wegr>y zp{1<{GsYnaAR!N!J|+m}kATCuS?MI;a5=aPLS9NvO3H?nPLg;kwQ>57qr^hk4Y1= zWToOAjoaKBjI>)7?ARO+@jpCkBvkEWjs_;qn`FHy;A7yAecmd6bHRf44B?^OY;y7m z@p^1MY}=Riq4@X`PQ`76#D2;L7t&!SvVNvReT(xM=DDcnMLvnpw8JV~O1MHhxzR zcN!?F6|lk0+6}qr1DI3rsljc}0!wKHruVt;2y$jR<(WgL$SnGPI+)|hySqJhPqT+) z1_;<$_A|Oz*<14DpO}O$xOpYBe$jm~bn9WL0`sAF!7Aj-^U9hBE4DHB-herMC@m^4 zm`v53^60=-N<=nM_N7cVN@UCj`p2l5vcJfkU3|GSEPC6MbY-ok0*bQI92dwTB?#g) z`H8^LuYP=~RU|VV9BQA9)N`UIvX>M47M$RuR|{{H=Dbibz0)3V*;z`kprQxJkmzV84!}Fj@$19J#L=Qe|4Q?$D$lxP*O3$y|&Vw`-D?^=Kl4bkbx!WxZcL$x!tSolJkUSV&d~8Q0(s*7?5z}YVA6*!BWo1v6IUwn~uOj(O z_8$8wdlRJytScd}JvjL#r&Ie;{-VSuy?PA{CS2)mN0*+BE_*4}zW1Fb%N~xDv8m5) zDryWSH+Hh(niSyY}N;<3-`|Y#tv0pLY zeP8DoM_0>>8#xx1$1g7vLep~2tsrOUHOEwq9gIxavA%m zCwG*z_=3xF1;&qK#JLudd zChNY8|Z?9;=JLGSap3a1pGk%oZVp`J&xF~?56vZQ=zJY?MV{_d^8 z!@};0(!+Y5MtU@kdby)~sqE&-si&xAhuGj>W1Z51NpapNA zdjF)d!aL3Mo+Ze>l2ycn9SJRzvyMl&>&1^6Q1K@2S&EXQ6NjbrR>_z+J*$ z4|i;EmUXzJUxPbM_1^(G>2E9Tc^#xbwBMR~ z8Kx60LPwcd>m#j$>C>CdOgh;u@BMMG&fA>Hy1sx|A(MW->|~xVE@p5+Z#^vuAyu?)J={9 zpA8~uL#*5MDQ))fe*{ zY}_YWlz+tYezFAH`!e+$A(fRg4YK~GpWd_tI$t86QKYpa?Jd|PS{bQpDx89AC@Isr z$9(;`_1mYKBst50wD=FpY)nJ1b9$+#pV(;Zx(2^9*|Ku!j3sVh*U`?|0C<1;%88mv z<@Um^hLfB!rZkcZqs#AYj`igq+rc?KNjdx=Eq*ACLdb z%5IV9z9Kbi@6|jnGi7Sv(ZMZoZNC0nXzO)}_o;xKbF5aEC80IA-rV;*fDHo3H?A6K z093kp^i>)8Sy4I^$uSxeAJO|I2D|qNydEWm0%=D0oE+~C_;LDhAqC^-s3&jpzp!_| zkg|Py3icq|!-k&{AHS$Fe)G|eGl6UjC#sKw_J*y{wkgbc5N#1)B0^i>Z@?{c1Ne@7 zAKctPVa|9R+-QK3a~0)hQ((ngQ7!bp4r&`ZEQArF;fD9}!1{R*Ra90u^E#4k+k#}E zZiDNYm{+hZ(Q;+ig5P zk;5^OJscQCIR}3#6A;kn-t60#up$66)B8FnWRMlZvg*MXAV@0y`Rkp2NJizo0Whf6V|ugI{5%oe5`7hV>IR(-E(^0#{>5Ek6%UzTT4GXVQ^Y+f5EMR7FR2V z0-tK7NNG1em!#&Keps(6R_+TDP?!ebK$ozNUE#0c;V;+h6rkqGLeBJf@U$yhQaiSM zR$_a?!q^ELxev*R$;6@-WX?N2@8S2G4mWSVhPx&97r?r|TK z6$%rQ=FnbtC5_d|mo}#ozRxLKncw;qS2A+5Jg+;1w{oW53^LivP)D;5vn>Di6H2t; zoz~67vn7ck1uJO77P~WMP7wiC{`<6H6(pY`3Rwhb>bcW8V`#1(W~C?TL;KU1MPT!pZP#nw1iIbw*(t#pr6qKa${hNbSi2gSc{=Gdk#oZ^T>9 z%)S+osh|)a-gf5FvYG8(?t)FuJBDA+^L;RyJ#9IVWgqh_)q3HRd{UACL%Iifk(g*( zSFDLWW7Ktu+h&mv!_qUH@3b9NC;3-LzQX4Vy(<-RBU~u(-eqLrC!f1Ffn+;0j~W9E(b2s30DHkBsJgMkk6GIl5LBlzT_;k>4u*4sKVMjhUT$xI4b*KD& z5eEsNX>51GZ7Q*|Be#%|+a7%`s7ezTo3@#CBjsQ?-%MXV-5ht|-NgGl2m0WIUov4z9(j=5q;TV-D8+Q5?wtr8 zH!Meck!xM~L4HRP`#Wh*->r!0bSTz-QLot9|F!J&3yYE2L8c1$xB)CPcl3RUnL{m| z>|0g3aX(kRGh6U7vHs1 zalxyDZ)Irr13{U;u3vOIh;J3tnhFrJ1kvWQb(2?yCt#nbU$Mr)gd4?FazD$!N zPA&20WF3LMKJz`~>RMm2Avrv5^U^2o&mGpCPAF>)!%g0+2|U#W6S;c#Kv1bG^)9DJ z)vwd9Enn5n9(yHBAET72Wz=2jDP?^)ea9f{{xp|Mb8eO2ULbs$S5%Rbw(9;kmv*h4-v9uNqlxXFA@Q|d3s&c?YN6-dg->vXN2ner`dYxms<`1)Tbq>7<@S3v;?P49) zU_YJh<`A|ktnDtTi2Aw95&K&7R)#!!;|^5_=Y+5>yx$?(uyd@Ap>8p1kJqka)Tn2P zW~z*~NU`+Q_u@l^mEH&H#9a=vIIC2$)8S1uil~QaGYGPp(ueYg1>~7IyDP#Mc~qDo z996hMugQk91R7fty}LU3#b+YfoQyb0F5Xf%Gv|8Ugqfu?>UAj zKhrh#N>je^X!$wSXle6&CPa-zV=QNL4<@^%Xu+Gj;%SsFLu(k2Y;1%sSGc#ceWqR< z;Qumvy*~QmnIV>H(^rr7`Fpp>LU!~hhNdbB;CDVR9-m+`>+$uB$JR=ZA5Usg4YB4o z`mp=vRFaydx7~fNn=NVfNIvt|t2|-a_RhdpR5L^pri0QGXA#)cv&`N=&`MX8u0Ho|DxaLG)A=4S)EHu~JUgz~ zY<*7UaZn2>S0bD3RomO@8)wB9Cdx#|E0*X3cyols{&;G2BQCj_m1n~!N`?Uoh zJR4$Oc$(N#%pB{hc2Uv(Xvgk~=Y}TlDLKF7lD`kq;;4~xCY0${WZ@8;qp{6NFCL~@ zPAz(7)#*LoThF!2m{%%OV*gzEL|e4`8*Urx(c{I6&yvWxI^MNiiVdw=Y-?kB=si=t zuk%ij<5awOa`m!phWPyIE^Jsi<>&|3dh~4+L+*Q4n*#digvLo|1!s%@muc1M8|+8h zPm6au6%aTJu~X8$ZGubhIy~k{tBJ-SA{G!$G2}oh_I}_SEm}bnUkwgr(>u3Kv&MWO zz_1E3ll-FipsLkQ(H5mX-FE@;&rIv}65mqr-(sp}*a-#XHPmjf?d{ofr?os}5r7W& zBV}5IM3SvAzNH~g%hX8D9b~&+W>p8|bqZ{Q=syH=;fARcsxfT)jUu zS5P{&Jy@}gOO&Yx0=RSg=F;dN4i{C(;eEJd6d{ku)G^&_lt<>LfHfwiKMn;g%yfAOUR>`%=zr?^?E{ZI_IK;xJwBMkD(SDG7YikuOb%56y2_NQ@va{aM?0n5zS zyjJ~I%d0)fmp_pQzaDqJlhSiB;S1q*rYA^sE5F1zBVtls&;AvW0tW+;h#wk|)xCfP z82_UNc!M9XWmHT+TSN7c_lr_SCGV8Su3%X5$SIkCT_t<9nf%GLB0b})=3Mv?p{wLu z+9}->bl9bn2fpHP&V*jQ>>5B;%> zM@vk8s{0O!cY2z@|5sD&t; zP;1;{R!c4*`{dQ9kCqTX$rXQn(eRPq$v)w|2OL+J=j-ryjYCJhgv&--&ss{>LV|>6qzcB- z;IN*qFk+~SnzuI&i$W5xUY;-)(Ao%7_wpjF1;=<12gll|{rhGxv5)>9>O|kz-$#AD z&3{+hiS7RT+D`GeQU_=6-`IBInmGb&VuBspz+x0W&h7zYuCL}!cI_vpw7{UhPoI^m z>Q1!_ocGSvjamc2F101BL@Gt*^Dx2o+373B8po5k3FiI~sE zDABC;Wy@Ps1ZdJwsIn_qPjaJ}NA@sSebmwdANE!U3UT}s6VdNWOhgCDZ#8=IpZ;H> z?eo7ChWPv5>L1DVKmEUdAeirmF5O=T^Zl^$cl;R1|Hu8mMCb+qbVH=+Ji-$5aqogs z%z>oWjs?U0vP2&Tgu=i|Al!mke*h-b+?;(ZY5BeMy6VPGBN zcVtF=3<~DNbVaF^J~9fglN_Xk?bkUv*6rGRBtq4QHKqNQcOUnqFrX`HtsWR2ze#rO z+zc=WMP+kPko35*V1hmR2AB zn$9W-F_6&|Fa*U_wO?QOw~t9js}(~OhIHZ;LqFyzE>DbhCQl#ZGb+o|=6iZ{CKG5nF|oU-Nz&~`hhO;wfn9w z9R02HPb=87Nbaj1B$Fie$%1r57ht^p+*cod`}~c-=Wnpd%%8}W{Ak5=bILU$Wv`l~ zw{tiY1mDlIq|!x)1)PT_Ky2jIRo8F6nXjJ#psI)geAg6xfAAN*S^RJ3Tj?8|J6%hn zzdt4Kvd+9y#7=n))%9C$=9>imTl962ZoBl*;06jq34Bi zKo{BCy;mQu&%^a!aBWyq;6(v5z#9A#ari$Q4aEC_6gF13n^R5p$F0B87FRBzO}alR zn`pN7LV&^IC+C*$Rh<-E|DZRVZUWumAyG+c4kC8@Msq zq8VXEKiX&cv?JW&<*H+3=e&YPx9JB}D4;U7+tREZb2;flw1AOq+vNR&qOHf25QWv_ z?fYu75~CtVAQX4@JA~_rkj>J)!xbrjJ@b2-6~o5(Bx+XR7O9__)K5+7XCy7SEoN<7 z)cQWJDT!}q#+6A%(Y;usgKxHD)K7I($_Ig6oOTmhns z;1|BGutzPKlppl(JL#fhd!27KG)y!A0=yE>p;9VJREsdDhG}t?jW^TGFL_sVazs%c zziSrTTLT4Tn8dsrGlYhjF_p6BE1W|+JTtz`oT?}HgroyGbSw%Lk9<}?9}cT~Mu^4m zI=h@?2B{KRa71~a_rcH@7o;DKpr$0Tg`NDK4C=h#PSN`hoYcEJ`dLQUpqdasrRb9Z zOrnxkC%7jg{H|`4aOdflFCMfT*j5%-5LV=HcJJmWA-=Zc7XflDk9Wxg*8_&6} zUK-B(IOv~rD)wNpopd-`jFqh#%8xw0-%5O>`1dvD%JSOo)iH&AQkf zNKOzgEZFl*twfjR%8kz!5ig@JlvRR(-T@z-Hy-PS#}a~I z;G={|z=)@6TX-A3Rs&H>YJU@V@|goa%6rArfUCz|3`h6szuFn;3e`5A7 zO(QNoApn_&Z=lQnpLvs7<4t`FZ>ewGloOzx^~|KnI=#IF1s(xaCZ%K&`36on2>ceLNN)mCu+v8f&Xmt)ItOS{IBH zxu@&?>DZxChv>5ovkK3)9|#;M84G3orr&H~2x*uojsSzh?6)v*x1jQYh_w8{QL zB{m-l*Vq?P5I}F`%Vqmyeo{GMntSQZg_VewO9t#h!uKw1>v`km;dP5dfYzCtA%X21hI}!E&7uCA zk#3|}P*h~9j0#|Wcd9o*hN%w6+YbSHi;mCvRNZ{r7dii02yviP2lXf}y7+;?M{_?( zebu>aC}1AxA%&4VTb{ym?{0?xJS|=qSD+cH=JEKv>q}X93RQJx>rn9S==_Mws%fF@ zw|Rfd5x8|4~=?=C7sV;AiG)g2YF51?A)SsGmfdKC#89m6(46CVm`kW&# zYIPnN3B{ybA6$qn>3z|XoEI~=!&lfL_!#Wcy5HKF-%^XGqJf-#9;laZIB$fcf zd%--t@EBh|4-9zV8-Vl%34)u<{V_NtS+In7M?4ya^78cc!eNvMgdj6G%ol_5BThpl zq_;N`@8N}q`D5{*yUo!PLlE;sdSe|4fl3J227NIK`Texo|d*Fy}A^+h`4Fldkn&I^h5#(Iij z0#P_WG)BoCgZISXL_NIFe&AO5^~_h4SPN|WT2)5^9_#7~ZkJ!bDCUcGb;N*gSHPn% z;Qe4&d4#kWcnJdzQ}7&x_wscFmkZc>B6ggTF=&;uu+Y;~($bdG($Lb95S5UWlNMFe zlF}AcLrBSpBD6H+B{k*LG$atRv`4oLD6tVAdy%@gp@z)qamu;$=fyDP=ODmxSuhid zv!ce({LYD;e0MoCC0l}ZQ%DUS2HHIzVPy?~0wa@X^ZQ|+=Q%|l$1BStOk%&%b-vXX zA*afXqz>6HaQWn-z|xaa;iKC1Ws$hX7TZ5Epw$1z0j2(PK>fu7N?Tf6OF~XdR#aA7 zOI}o7LrO|iO&YEajxPymIcZ5rDR5N%W?L6H)_B!G7_IdZW2MWCQWQ(fZ(*$L9^kD(oj6!s z9PJ?r2k)T7i-7qPOTl%)6GL1&5PRV;DY&exw2T~VogbJtGH4BK|1FG!xgmYs2zU(U z--Fh*zxfi7c!JU<7f76|lCK+5LRtpo&x_#bh6zMtT`|4{C0TiCIavt|1`a~CJPH9v zyP!}~Xc<{&DQ9^Zl$Gc50{rjIlH(>%OGW3LqMOIo`N)925hJ(ZqlFqUySy?njN?uwLE#oZb z;(|iR@cw4@CUQ(;b$|q)vuAG0P>}6aUwyN30s`Esp2_Tws~Q(wUCf%%{pyp6zp z+lql_oYVL03#A??fX&H!ukm$9LCq~^?XkwxAv>dlIi-3d5yQ+x_o%ySixpR;9U6w6 zcini6@#3j3mHvaX_vea$f&Fib7{5%>fBfwIBMZ`ZX73;V+yC#gSKj0{lR2{Rx$1Hy zlHBa+>h(;Xt6&u7=%aUeQ7qlZz0lUE#ap~_g@g{{(UXr_tc8tEC(5^;pv^uB-YCx=)?;r zsC8cqgyup3)l*YQ?(<4xgRMc<^9Ko zbi;SY-;Ap@pwkA_-Duvmi=m1`R%?n&UtEfb!>* zP>h)n;4P!?$9xYLrIeLtW5!A1+i|#+h?tXp?WBsH+;16ct)M{EftO?^0+qMlsP|fY zQD}ymmA4dx1ZQMYLi~*4=krbHEN>n=td;wgGFVmjp~`_LOdw=@$La){@qg_^PJ3W; zv3ZP&FC-q^x3#}U^90%cRM5zIXi2fGi~P+V7%db*g=mPs{y?5X^knC-YgaONvO@?I zSWTH3OleCZeX4m8dT_e}hj4FgoI=4YX)fgj{7I%XXFj#M<1x=+LsWaKtF9eX?D`|F zQrM_302}lD=_>uxZJmM(;Uh}Ip3&INOVlGnNs zo#>PVB`?grpT36w9bdy=DtYmO2E3o5*Pj)=cmZNS_%D0hH21k5j<|8f(nw5R@#*9I z*c)H=gR)mYxsvOxP@(qpELvFiWA=81E$~4I#I1MVVapUl@B`g&XjlN2;081ELxH^d{yzc$O?&_V diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/cos-93-amd-sev.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/cos-93-amd-sev.bin deleted file mode 100644 index 8fc3f1d7de2387d6af246569eee05bab587d8b03..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24158 zcmeHv2Ut_f*7gn^5=5j5h@nUoNa#rKAX21=bOH$w2`vfDMpfxj6i^UB5D}$_fOKi1 zG^Htsh>BQfHmV5n?@;bJa`f}ud+vA7{h!atlgysklUZwK&%CqNnl&2$0Dv6)elG}v znP%P?XSlu=T-y)hNkmAk6(a-4NdKV#m;opN2VekVEuRLA)^4bJM?We01h`m~smX3( z)!nxh#%z^0RCVa4`9F?KLEMLD8Tp+PDQukrn;TChoDm8s~d{)gF8GsRiMD3 zR(>YEJeZ|Lu3{%UrgH8fp20KG?jE*U=Zp{+%ho$EfYJ5kZh7Wi89Bj;(j5Eo-SShWSyIh zh#I^A^Mcp63?M7DNK)c9bPg{af9bJ8(> zej(S8>a)e%YB^hA!0zF$mKn3Ymf3WB=1J7GmST3Kw%R4xqg9fJO!GyNwjDJ0-SSxP z)3&@9x%-N_aHkAN74>X1x-F@PF`piIo=PqnL$}V-28U)~|2cy_OX^1rzzh5k0m!%P zMiVu6^2l(owGwLsE^9Mo7x?$*i&AIv9< zXFMqW$S&DByZYcgQZNAwfGn%}%cEzm>^)U>jm1{<1AgP47+9ufF{CFVHb*xl(I#KF znllm+O0gXgN)E{+CxeiYZFSs9Hp}>RVG3ox7dv2KYLB3&q7^x*cXFN{0)bKjh>!#% z6hTWxZb3oCL}p=zWI`~K5;RP7nkXFB#S8C=MIl)c%%n_eCVE3JUr!j^)A#rPwc z5!*=lbWBiPFE3Xd2EK2frZ{pZVh1S~%EYSawOSa1hZ}nnu^!mN7&P4249Sh)A{8KK zVzJQH(TAJhP(+ZB2iyP?2=_xG5Zr9^k_d!6LKdkYEiWx?%|i^7>7ON)E_FX9JGK+GrHG-Mj-{yaNcpry!7 zlNU&I)NOIAHP&fSv}JcV#Q)%ev2cZ>IU1O}wEx_j96m<=h~XB6+jACl>BI-N({XWU zBxlK(gHtSOf$3>~}ChAS)D<2y!q&2$M3lQ1DW~TcsBY zt~bA(+I#N!;Mv!dI7BTU)zP(T5l!23P!+X9`KlRY!&l~}|k-XG?CG=8_o_Ho)% z*+C+9nj>8gD_5^TG0!Y~+084CZBg&V)A|QNiY$l5535ov&8lb}EZM@+dkgOPq2Nk! z&Q!eKJC6=rnPgZ4RsZR!I?0sT0KZe}rW`Larx#vs4?el&QKE`=Lk?wOL52(TkTMi` zp5jbE&{to+_;Sd{4o>yY#u^zXC)1W<`sW-GWH)ke6=b|nHNDgOMeHoSQiIfMp{vTZ@0FEBQb=w4Ok&V9x)vF=-# z^R6|mJ8p9N*jJTA4PKAVl^tgEAE7{`p@+Xmq zaTV##{^ya77Xe>Gy6vk-M*=wQ0B1Lprz__BXeWdC2JOHkBILi6@1G%F6`D6-kEKh$ z^7AHu&pPjvR)f3kl1O*p+0?Q;Hw>h6WZ|JLwP@WXbtO#y{(+OZ!9~l0=ga{q!k&`2 z^fW=ccXs=gL$R*JtoFlkFS#7skMUoLdDN?4%ea3>qT8`ALnBLG%2gAD_vC5M!ep&$ z(i#ezUKtVx6cRJzg|4N~IaQCvo~IIH%%@;lB)2;Ll|lzW!z_6zEnHcb&0??JxqBQ% z=DXT-PjGfMzqplQaUkjX5-}(t@e+F@PbJ*y4DCACs!*QO$gdM!T9twMQ;63!YGtq6 zNX9#s58qD7=}H+oYM^Sl)70S{)h98Z$fJ9|LA;+9{tn{B8M#MIQOFmsEL{zi{ah*G zK_heEe5uV`a=8bfrX(Ao?RYe*MvzIjy1?qBen^BK&NnxEs$6WP4UxO#pc8l#v0yR| z4}A2QqDAIXjw&vfBJETESWkbIWKQpJWQpTxpXasyjX|Er(l95^zB)kl(&VX0>%`sq zCr3owm1Lgjdm8K0I_PJP@WpeO$Hgbp$US98e2s8o=x{Y%$eWOb%U3?0PI$a!+Fu*d z{%+z?S&4Uo={>_5Z$ssq-3_G&EgzdMQ+zn~<;XUwPBtTj*Ho`Cx3X)T9Ca;Ftz$DW zVQ(ufZrDw+P13fAHgOHfY^9jhF+RD!+cC?dgID3&i@~QU-y+_P+eT#z9L(C>sySLS zOIw`x1a&n)0q6lEt}fpYK}kiN%{HF_n*=xQ*O_vAya%vf01fwgGz{2t4=!~y(k@`mzn|;h*#|;+xzz@Cu?Wd z40dgC#dvK9cFOCBhX$PfAlPl(!*ZobEkFP(%#BsCyTe}KE_ z|2*8WBUsnqj$sw)#jSORE-bG|^^~?{$u?{8%HxJD`BMz90T{8Gn&}Lv%;&X7|>0X;#jo?7B1! z4uhW!!|0A%wHi=a3-W&hZ9gsiJ!tcP=x-JMdAi@?(pM{mDEUrN1?9sYHyxI4M0YeU zwNusY5xbIo)Uz#4l6|63BSTnqIlWfS&vgDxbAZz|ijPWkwq(6IJYr>GdZr?$akcq{ z+V@yWldRr8)`Da#1<>I?EU_~`eVx%u^Zt>wCeKa8ovG&KYv~7YgFMIXPx~VV5|__Z zmZ`MocGaHck~O83nj2Y~us+eBePSEe`zfktoe5D-6Cj`IvLc;^2*O;{Tv;4NN2W`5 zRlt^B*|ajpa-L7I43W?I?3k5y{kf{r*@yExzudN*s~{82-*LC?yryAR_v|5 z7t%Iwli{6d9@hL+_^1WdvDqB|f+j$1-bCn+UKW6x>3^LOHavHVb;X0vUx-ZN^Vd5A(3G-weY3*T zu7+o}I8_)L+OSYoO~tkl+z#XxpK{b2(FPU-eNS6+o=c}3?Bos>CS}Za71(qHZP2Fd6aEUjzWzt?`vZ+|yw7S>d zm&Yc@%~C*#8B1ulirdE=6`|JUa1wKqewcyx;h>$}!8 z@u^S_lX3HPiEX;=i}fmJ4y@vY8*Vmpr8U%P&M1nEVroW5VwG}2tRA2lt%*_u|l zj!PH5k4vCMjofDgmnL67Nh#HEu!G?q585CPY@gy3HH&kYCE`ZuIE#yObPT>M7hC5MBcHxOXSyu{n>h&*jvN z2_@v(VTZ5B(C*R2v2MB7a9-^tV{@NF%*Q}%)hoeee+Qqt7oT0RLu*ryk$sT$I&Azv zd*tm@Ph{j5^|Q~a8*VbPFLE&sy=S9>-T0{Z-kHhOlK*+M!y)xYbBq!ytxo8`TZGWJ zT&exbqVEEa`|!526cm2k>g6uf;I!@8>sh`J#?$8y44$()H56|(H?I&IE5MlOL2*S~ zthFm*za3L}DP^Ns7}TgBooigjL2ZhE<@r~{Y_4~iVrHldCEmM`Jml;!gVf0t4DWf4 znRe@;BkO4O5fSq4cW6bCZ;dWE5!#VbHT#m8XlK)|sGf!hsar>@auB$JnZH*iE97)e zNX&oJ004pOA5-e5z-4{c|9rs?K)Pv4$*=Mhc|Zy+*A#O8pwW|jKm6rw+1v;fYWbDz z3T>kHl0d`guINT;@e9xEQDIy9KIfDtNQl3;o^~VSWW3bGQ2f3ra^Lvm#GQTp2x45O zoI`@7#cmdXyqd@X(F~vK{M6g1q6JM(3(HEF!o)hXKFVC%&m8x>Gp<4L)+aH__c3~R zLU+1hIoq$eRu>=ScYxU4Nq9WIEUw$3RJEv4vVGud;rSO9&!?X-mmtOr;i;J;6ZvNL zRrGRi)##I22vp08r*0Kljl8zCgaz#+pL{aWM8?&8$HdLRMZOMPZ$SC$kJ|v`y`Z*Oy#ZWLQi{88_xXI>3|v2uS76^W z|HFP@{)c^I{@)O&VBZy}V4DRhI7y&FNK48gWe~Dba@On&l9FJC6cVwX@uS7{KgZ(F zK&tE}D}#`iD4ng)8yxc(@L&hRq&&y>3r9MIUUwZ!IL#9W_C7k9EAbwshfZf1Vc7dq z_aAj^j=Cu40POae?V-@nUQB~#>~x!zIny?CMDKlcVM{P>>Rx3)au;0m#@&5^1+Fwa zj(ruc6K^iv&`BG8CBkq@IbPeiyTDW0>PX_YCv1BYoK=fIC|x}&Rd+R7ju4O6oe{og zx}P@W*(A@%9Hk|?`Lr@IYX>FzJ(Srj?r@ZNLbIl`SlR61r&1njD*lrlffq%%>RI}Y zd`@|bl1G1GFcY>w(1a;=IjuNO;Ops+oTH^k(~NyTD5{224<;JfcUG48a+@F#}7rm@=#%1JiFL_C=bqclhA*$S2 z){7P4!pRY4dfU4Sj0+dar*uqC%!pO8ODlGZZB5y__584m{{2xs^9N~}x`$r)d(Bt} zb+J9uTpOQiyU|GKaFC2`I2|b(e%J z>{Mlea+c$scumz_Aky0G*T1WqotGZQ?r6*fxmvGbX1?Qf17@1iD7L+H-p^_?1Z-c2 zfaUK)z!(St-5U^)x5Fnx;kq;VW(fF^Jn(OyU>mXv?8map&(Yw&iQAt6LmE%_10!m%YsP@IBKLi_z!v^9(8c zo}-%!V$~0L+qUhv-JD>D;xm6uap8FFj+{ers*jkrj2jZfw2n)`b)B^m%$(z! zIZThJ=HIHKDXq8d)45{5SX+Lbc%dul9Fbk)oY@;FTKR_ZjbTDV@zlp^-R}WIr4hDh zC`qZw>Z0nyz-F=?G3+)|-vGmR3;Yxqj!`l{cvg`!g7l+u(l1E@-gfuA!|CDGH5{)V z-}hdM-O~TO$sRu+#48t-GF^!Dc{MkJzUAWdA;{^=&NSH)S0I;q_MZC`u03Exl<0gr zpd-{d^ps`paZFDhO9Vmvs*>HYj$I|gM*AnIxE3=hCIYoNE9IStg$5<(a7eC^h^E*V z4-yW%Tkt$rtv|fGW(SW6uXL*9-kIXb)|2jUxUH>5lJb;>V#&KY##^sN1eGtewlY8P z{#dc+{+&RFcTo~?6-zcL60<8j*x+KSkq@pl=tgJ8%n3H@9EOw8byKhsu4cc*_iFEN zaU5$uFVXFoL*&ZEzLV)~75XyX;W0~AK{5uBuz+NWp#b8sZ2@nz>4f$ZG&xmF?=+g8 z8zn%2XR4@FimMV&)GW7)H7ob)jr&IpnbzpXyrtx?XRct}4g(Z4)o-!y?h(AxQha;? zfIS;P$u2byg764&d)u`+#w@0Ty8)t3teItg#yTw zI&K6*mLolTcvDX8-uNtY%G+f+55#eEv<@+{A|Stf1(`vnsE-oTnYD2`ezZ=HN+0^= zuzviS)nd?c;6_i}^?8cJug6^PobI_Ay+~|K^#rMI=9lDWL<%Zv(LX#=5TGLx=|c;$ zx*MLQ>G#Ch|B$*h-LeW`)N%&Yp=E@oq__QZ*r_&(%!8Oi1>0)Na561E@*deL!F>| z>zH5CYui|T7;wo<>TY4<^K%I4q?jPaNJS;lwz=aGO&Zw`PtMIRjuU$eJPIzx%^Q(9lzU78vHjI z1O{}eldrnjcfJC z@Xs79L5do2Tjm*_wB~tL@-Ei(Fb_mzFysPVYHDymZ@=1{wEI`Os;lyCaLx0vK0+W> z(2oX(^>l@kTwTVD)6cOv?33maljc^SwFXF0mj2CHetd82hZw8b4=`vd6cXTI{nRm zRw=JOIf3z_Uxa=*e!<6 zreTz6SNhWwEK2;fXere=6s@MXomrj>GFpDp)&?K;<_#3m_$LL@zAq_|HcS@^+KSd;oA>>LG$TQ!0u|BsQ~lfRwF9Nq0WLh$XrmTRo`MxbsSlttrGbS(BJ*K z$`_3%nGbTi(%7^eQTzIuj-GCjLxdJ}=zBwbicYd|^Dw)ySaN=~``~UF!@j=~4U$~- z+Eq6-CyCOwAQv|F`{zlpwc%o&4!~D0c}baIII^Cu{KU1$W2avjy^r5R%f@VO1NMT! zGNkVWM34XjV^SzmZea)u$Lq!gDq{z9kButyq!cO8sG;hX)t-&$8(08c;j869_xKI6 zt7$X992Aw!K|%7b1v`;FUnPyNsNdRky+iUuHf=_d=$rPoz{+TcfxUZ_xj({hAwD|5CiU{W4Sv11hI93a;Zik9$j-kEpAyRl5;y5c#eB ze~td;`DbjPr62RbkU#uIeUy;Zwqn3!?YXZ!`1bi5gU{b^gPFe&EBn%k>tz&chRNO7 zpV-c6&v8x={j6PoAOTRv`J^tGYpAVNz7emb08mxL0EAUV-w*snZ)E?|@n-s&C0M;( z!Fms4S?44y=CZ;x)z+%qh&KrQyXfno+<5fS-~kFF35K9fED;9;qbpU8c6kl6xLU_hoOzZs{O1VGED9XyHa1A zO?pw|4g~}|M&m4Q-Y%bTqRQzIHOol}MgX$O36DKUnUlEG=&l21?U?JaA5IDw+q6!#9TaOhp^VI}7;E2C zc`hbA>^YS3&R+WveNpmh`f=P9MX+anq**bpk57_j1s;+5rAhtLq<(qQg2!T3k461o z*Q8c)t%$UBKo5RN>ly{{BL5M?HIDYGw&j_@!0ix2ws zpLNl-Ddn3E3KsK+00jZK$aB%iO z?}4K+E+}6dQC(Sb6Fb>GDKuG!?~Ao{I%;%x46r_DhiO3p)hqLcaLF=W-NQX8A$Rq{ zMed(}`J%Jk(5CE)Rrx-cD-8J5zg@jU>8-n;da4 z&sHXc{gkDRy0b4uRP)`a@3NzzEVYT9ny1{6N%!82OIihZNOT-=5ttHAg96E@fg;Ie zF%Rmyw;h=yKM*IR#CN=UOfW5Hx?`K$*_ICjn!JPF$F{$TJUe91@9h2FWkCHk6ll21!BQSO6mnR$tHyU{Jw@GI+K}KeVw-%|q>xrg zktz%*>A0-fp<-p^+wbUB5-ZcCL&aZI*RYVq>Gt*#6?Y1#!JvTG!0`2kFshw53*zT)D9G$b1ty;L z?{PeHWiIYWwAQFJ45%`-zr&MW|LH_jcs5h!NQ8}Yg+UfmLG@vr=si96`4fi<>`z{> zpH>{&x-Vcbe>8~gn|`x_BW2)XI3gSYx7)2b-5K)aQ4GOyF{lew>yf!a(O3@{J#kj6+| zC_cUO-rWuXL_(AvE=Ma!-Q(dU*OzjL)6^BIEl&^cI+-1MT`eJqqmlQI9D(PhFFraR z%581&e3QeVTK5|icwjtz!M7&h1K~I?XA};O^+16~7}eoN=-_a0cgr^bEJv!;f06$Ve#PZnu8~X zDDH{!#ySuKl#%dt%HqDBSQjh??cnT+_wx02aKmEoD7>>&2Z39^z;$0p*0lpg|%yFBIAv>nV;2aK`zfG0N^3ye9@H=HZ3* z1y9DWMFcTYDX`J2MIDHEtg9<{I)3e@I05VGfB|2ofOp1#_5H4;NH`p;fRqsj%VEIL zO1g>nA~=An27E1$`cK&ew8&Xl=xZq>WHhz3wY1g6q$M?F#Uv%A<;65)HKfGUHKaAQ zrL@)Mz|#tJ$2N^C6aRwaOODJBt_Ce0dCc)#F_`i!5j+}~vONKx-2*|sQ4--eseQls zh?=*RzOiNSg~SstF7gGyfCr+fTZB0yY#z=j-McJA$Le{WXjr)qzqF{xn|z1Q$3e~J zz8|@0@yLPr@Q2Mac)dR}t~CC~ai#HVT>U-cN>*A^T3ZsKC5Dti>WIl9r8UG9q$M@P z4%_D9PU3{-cnE_HZC|J~2=ngU5T}9h@+3 zC_hkOQkH`McFO}5;NXPyA}EU?f0v8K_&Jc)0}$!f!jIr@75F5;;u2^NF$7qHGA|PD zN6H143{MPcJwfh9z@-s#ax${=@HKwm-l)J;9R8;e6Yhp0xDoLf%s&UTtA8U9QFx;A z1{Wxtt1`h2B`G5d^5;c#aKi+kv91^bQCS}Cq#%PqJ4s8+qU5BINLeXq7iW2CgaSqu zgL0BmaF&&omzQ;xMmr&8Q5X!y1t}}*m=)fagkL3 z52;DYNI5B>WL)IHA15b-tdp~x6H?LzDJKW|TRTZg%gUk<(k=*j1v$|DS_b7JEzSFf zNi61Z>12G=ZsgE}Bcq<@o#poP?~a0#_=2h3@;slzxg=6zuiON~INmcKj1ot6K%f0iq(Ek=U_a+zg&5?dm)sqm7GN%;N! zuzLMJIf;L*5C1W_nhrjWy4= z-_!>oP=($tCA?+@S=S(b$$9@iIq#p>5Pqa`{9$oOVGBvT?*y@0`amy{J4vJWVlXHZ z3aBN&LvdeH9(~dhXvHeeG1eQC4?!goiqr$^Oj-F3gBmICt!_tcX{xq|M)c3_j=dRE zuSF*eYPivkw~IUH9bc);D|m4&q5^X3QoUlMw=-|luFYCIsPdsa2&;=aNv+$E@HQzn z$vh7p-(uJa)PD2`g1zJ|%=NSa-#sUA(KiNOQ#f`-bk~2WrI4wK4Ie9h zW#4rh2IQ6YAF4YVCZMEnJNk+^@_Co#)mv4Zvf|VH`}D5d7Eh0HJNA&WC#Puz_l|P} zvm^)qMgaZaQi^}+#OvDs@5RNxvNZj9$?}(A`Bw!?;9C>B%00*Jf_!IGGQG_QUQ=#? z?9#Y*8wwC6$rtMEZQii46rL8ijVTpi=k~AUQOR3YV<>L6Kbi*vZoX0CAHcy{x*CSc zSjuKn&kUd6ZHoGIqK1S10~6&V7?03|0FCbDHklCP-D!OiRm>o8e8)Tm8u@>}#Z1o2 z60YeLFdETW*wm76E9>;9IUXo5MAv4uukg7XWzAy9@gNtM#DO#)d6t<##lzK&na`m( z7=SKeza}8NtMoz^o5=Z_N2h9f=v|`68=9)F?<+*paRm8i9;I{>Ro9(Fr|;)ib-(>* zHd3D#odBNSIPq&E^)J6`^2bh|-@Ii~=GQBUe!Y_D*DHzs>MMyrKm|QFzumi>*m8{` zPsw>%@UVRRUfxMvH*!{9DB#H_`q|!jYuI&h`RP;iu{0OSzS4z=c|r0AePEQjPHL^+{4Cd4y$#RJhpaKVDtTu$UzIRS|=c+g}jctO+NF9GbY3Shhd$!Ywzb8uRF+>eCbDmq{+uAubz zVRpo=#l5LeV1Po|{m6*|nYf$fg@;b(}OcY_b?OF3Zxj{)>OQ=qRS zqqLqsQFTbfEVQcS4Y|`J{*LK6bG4(K1_kp2pM~vu2W#JBO8oqv?*OT42Y~x~tLNR! zFnB+#Gll@y_w)mI6G^AxzGX|-Li=fJK>zJ7*~O0I;;BJ;>=)^wK$)?xM*9FhkK@9H z@vt<}SmM#+wf4CvTeTSpt=uOQnJ|D(9CFWY{0;kML_v%PJWq|bsty+!DUflNK4wO( wWh@12kM6T*X4{L|-4#5?2PKk@=Y5AQQw-4;+`B`={jo$hxS6jr$SdLh0d=cDK>z>% diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/debian-10.bin deleted file mode 100644 index e461a2930fd2a8b9d885c715847b10232e4f6a88..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 22220 zcmeHv1z1$w`tQ))seqJ7!wiiyNOyO44qYPM-5`iGf;57(bV(^7p$JGQ4blq8ok2a{ zcZTo$zjL4a|3A-t?mcV7nYGt%zw6z5ul3em?*ae-0944Ih;z(`>H~n4W`igXHnFq< zE+zpk5OQ1^AOVmBPyw_6wg6XvJHP{A3UGkbrLOCa053@06<`TD;t2pj@X&$>`Fk3D zD((`uFPf}LN#8}{%4=Kk!=DOrTv|esN(t;F19o$lb+Q6Oj{I{$fmGoDfWWECw_g=S z#bgz?5{43c)g>nAAE9zX+DsQ$V_v6B;629zEM+1v$D;o_9dgcfQHSti4&f5YlQ;kj z`M3k%eiPMePsJ}k6y|!CEp$6&Qss;I?Dni2!cC&^zlhy~v_XpsKpv2<+gZGt`b;jO zp`6HodEfPS8#)9t@jYlFGOkEEBU%5sbSqgDFc|&>7!0?NhX4-;503_TCr7w$9b&i% z#6m`63YQ5##e##wKmq`9LD)b{WCTq_1WY6+OD|`8;2jby5Fe0_1H=L127$QsuB-eU zz+ctBI3pO2=Feo|kN^n5a5w-+_vrA!aBzT;=69%mXO8yfnQ=6OYTy5zh^#5K>q)$GM3VTJ zEj3QcqxT-U9Uu}am9D)&+VfWeS}W)?(wjNJ>M6rA1oNnZ3;s{(`4K%r2>0qH3mmow zGiJu#lWx|f3BEu?K^cRO9)Evd6*p3Zu0~#X(W?KO+53-FVafK!g@-~e!i>OfT>1>{asU?UPE5@xD|B8VTd zf5-@?XUK2|Ng0_8_W>!P&9sQ5K;po^2H-#e1aNRyh)6&L$k(55JLG9XZaW+xI{%Iu zo(ReFFYPsV%VR1zYGf}Tat#XvdYTBu&%d^}?bc6SZz6aS%QDke@hDigrva~*t-yh} zcsr9~9|1(mb2bbNvA%zwlG%)!#Dt~gnC%;b(`zed9fol01lv#t0KE>~6BRi9y2Ad-*}Ec-Ov*{YdAq)3 zS>qnL>k8$gsu4CioON?>ZHVx=d~{5i@)VNi)|}aNPedxniXIDPs()Am)! zeO{uBh;IhaTc{sQ@fLtIBe#ms^;Q3kQhE{<=f&U{s zGXWWX@=X2LJj+YUQ%Q(XaR5Oeh#dK^(h4B?qRb(( zN|wbl)que;9Y-OIVJ#OdA#F+*m}R zxLvjO(_IT5#T;h0?3 zzJ(A7UeTek+jvS{wJ5)uuXJJ3d47&P;Ulz~Z7DFq$dr5Gs#~yCmArStO%T`*zrAWa zlH)nLXP(?u?IRlM6A`eYR=S?^5XClu=%;)MhEs;zDS03+G8!{793osWFA*FfMEV2% zBz4R#Bu4Xui-xW7C-mnuD;|!#j5Y?|`o{@`@Q9dq&;jZYAgR%#NT{B`g;rj?%3YN86+pp_tR;9ZI4IaLUfak15o_d=;jm^Avst<83PCi*2z+1mMEhY1A zZyAf!vA~?x9=ug(j5PhB|BdaKj66rKOGk6fzh z{5WeyTC=1`=|?Cf;xF>NE>UkCxM+>!hSL^B43}K$_)pnd6D9cv9Rv`pVZ}rXMucvy zjI~RwRkDVr#M?3J`91iq_B?2imArLHZ4rQXmL=3>QuB$kp)m5TOw?zIRTL z?UUJKi``gAPKA_l_L{H?Fw=Y3Nr>xV&y`2k@Yv+gpr%h-iD!Z%wBzY-?Se*BfQ$Hq zKIpu_G|&X+1r5o-kgGi=05Dv4Yv#UCx@2M7`#0Fumf+uZoHV2jS}Y(l3)YSk{iS*C zLcVX>amct3-E#I@x1dh;UeiH@8Jz!D>lR*!G0DLNH6^cg3#7^ktpbCB{zr5RGm!D8 zZlU>W-J&TeCHrqHmts^0g#k%4J9*5a&WHeH4@?O-4T~k>0F<5NM;LW(9hm6-a+0Qb zeZ;KklgG??=Zdn~Vu6W*%^H`V+ur8%7Li5=h(#OdhS+el#!3(Ey0lR%XGQy6JrIdY z;HbMNQ{~aHJEU+&?w0>*a2AEPmm+3O`w7k@@nqX~=3-So!{hUo58m(}uC~$1(%*$N z-6Gg{+4)fP;U`K4`l0W8T1Mob{Zsur_aD^x@UOkEGmBB|;B#KKxl1_2S%k{_PRG`0 z(r>2=Q62S*QVmmtIjSkxoJe=Gj@f4h)6_az|I(;3BA_MQTG>Shp9YbJW-Mk;!v!#= z!mZ<(hPrE4TLAa&w{r1>C>K{C{y%gDM7bbcw*hJYI0g?jZO^*w8w0%5 zJ;b4M4*Zi2BB<<;Kx+?neiHjm8RYbiCNr9B>OVT@Uue0%)Ir>+;#a_tu~SdXN?aQq zZbm5%PkO&Sd@*`)GP&oDL3}d01e%8%I$R~h7{SjCD}&z$hKM02)KeTFG#}nJB>Sq8 z`0a&es5k>TReN2PDq&w|MMfGmdEy703$LeXZb^}^+uPNekyNl2wV&ph?qIDs(#?tD zkcbYB70PuhR%hW;plT$v541Hi3&}E5a$ML^+bU-d`ipa2@F0`KBv6TVzR05UpdTGV zC_FKI`-Mltw^^lO68|kqN2~kd{GEircRQpgI*M zO;a#SqPgu(5i2B({h(yECYy`9_WMiqQkJ0YA|#i=oTip_vIkbH(i+(DS^+O|i8JfM z-`EHz(l)RgC8&hO^~VJpi{&4&VJ$tLaPU}tY1=>@{vGA*$+F_x_mwPO>UZckcn2KR zT+_m9zH*z|-8!xl2vX51;b8qy5cN$woSsxOKlrs?_8Bl!gRn$8osNC*-l|yYZ3B3b zwe*!ReL-Q7R%v2a&1E{8+PQ~c5RjP)Pwym3^#HJ@Z$+(ObJLq4xDb`>y`j&`)8#ce z<4bK?@^(IJQ3#JnJz1)Pm)y1Nep%>mOYDJ?oPAuLIt3ObF>5r|y_DyCW`lI8w z{y_26y4D}4H}ps3|A;K+00Mu?V#YsYG1Tv%l7QG?wpO<0rtX$hVjk``U{_m+djd7_ ze!3(eAc!Bt#|7fzxKu3IQ2L(O*t z)VclECb#LEBglU=57DB5OQn*!oYDowCWi|}4B_n*w{0ou7z}u>E+vT2Q}jIZO^8`KZ79@Rwq*}ya}A|a0}R9n%X$gY(z+$bTVC6GcfZRZ z{MH;25X~X-U%Dk_jPU&N#Jw5bqlw?1DrbH2)2vqi?@fXG5&rial7B(_FVz6yg`bORu}`;C-5$Sio1hww6SD{|f!mK#n>R8gT#C`@NcVO@ zQi-NM(^q_KlJ-ZPYYa{ADH5VTpv~MKP(bIgvWwj&n?X!0B_%1!ZeAAU;PLG3((CV7 zMeN)po~-Dx*)yy7sNtXj)G68W`;q!gDgJ2NFWgPLTaDU{OYg8ST5AyTJqp^+Sbb}eg=>I%)7C5Vr4=ENWlhl9LB%L>QLa#FZFaZ#o5WCK4T`I%%@zvj zL~xCpl31>2uJKwvQypHCTQoJp{@8*Wzp-$+fywqF0&eLf+Q!jIdf3YV)krJpTX6+7 z_(DNUHb`ErNeX5UUv{AkwD?AFAz;g!`99uweK97-JH%R~?MMDYXub(Y@B4J`3-~bj z`AKYdAG`cG3rvGMQ%(tBQR5_{7uMAd z+y`xIB6pX$3(!4~Pe`>MPkFPvMIzgJ6A72|9QP~IVv9eEc_VT*Ep_iVZ--?a5@a6c zBz%OCqPYXsmT##!qC2FLU&o>i?1jq_CY?!{(CwCtrQg0YN9Q=Gp5dWna@JcD*F|-a z*KY9-3EHO?JR9W}{3>&}FRjSXY&y>zm8#tX*Xxncp=5JzM((h7 zAegfZaonrOj9l0Mw<}_FdOIS}Dpa)!8GkXm*zerv$y$9s+f7&Gcc3c|(grP1SH$~< zGopg{vy}_--JbQ`OBaDdvE78>=u3jPJTMrM3ZhIbP7tNwK&9Yr!3N?2a$JjK zOy+-XfY5Psw{-n$C33AluA^BX5GOy7528P=gIl0qRbarM)W^T%@?Y}w>!L6)G1M*1 zJzOoR#3AYo^xNmaq=Dh|ParCFTWcpsln){g|LcI(ka4zI0!EERaK)>kWwRCeiQGHU z?@Vtq8}c1Bjx}dBNi<1hc$F&$U^+`-Tm(4wJ8lLV!A&$;-HBMha(p9}QCeJ$X|8}k6_({({T-H-A`xt(TVwN#(=LmJnujA;gWYK7OW6h0*+ z0eau8KO1;U3gJ4|km%mS>(gEdPzr82VNn|7RlEu#3YA{k5%3FWtKNV^dWH$^*@!C~ zdsVVBD%haI^0XU)+=Pag|4IzLi?PU3^@@}0xj50cH17-6iz3aOSDyQ4*e6)OFm!9X7V!exmO@~jns(14I_E-Evq__y9uX+Zk7kaMN~nDph`>BkrK`JhQX1H(tc9q6m8>-D;i1nOf8$r`8%n}tKcvDAPbeputQ z>6bit^4Ibt5+YBWf65ayEOLH>XUV=Q-7xnRDE2!jjzNH;0d}x;gh-KJudUDtkR)u~ z%)uZEAlbF3ARyGTb#?cENRVqc|EH}f2Bf-vjl~7z1o3k5a&qaB;&1@@`GL>_JRp8f zpdL`{!}_@S1n^C&G)3DQ zX-Dn5wp+4mpjS;asgm;8M z=cxI9y)`)$k*(tPdgR^dq`|!?v!X-ktz(ID@+VIL&Z7C;Uq`(+`)YsNgF%ox_2~K~ z2L%rFRTeb5jC`#re$I1LATs1IG;raD?~i}iWvjp!l`~yfP|jSJ>A&;AOej=gU#KX|7rd& zkqta=8F-I}x`7TRdariJ9DPRys0JAg6jX@vKv|&lFENBh1jh^j@&kE)_XH0|%>4Jf zIzxuFxvixeJ5T~jlM+!7cpu1@$CJku&hhtWLnG&ZTqh(p{>O_(f<-nFjjcoJ`KqxF z>dE0cZasx8nE7=rw@j0|;td5NJP{*FBj!O3K};Hl6BrZZVa@TxE}{O7FJDa=7=tl{ zhIikQ;%$c?J5L{D(5K?aPk7k242zF9+9GRAlm3VeuBf2dHC>2b$S}F3w5+^_lRIjX zJBZeELTPXpZE!pQ&b@Y)RI98?%obsxL$8+eEU;UwOfIQe&cv2x9`KI2 z8gt!!%`=EIcVc;{rT;qQ^+nJTw)ENes43=?Ns?I2I}?{~?5R;66*EM~JBfsCMEdVz zEims5ygX{i&1#x~m0K*o%q3jN_f0zp{sJH)7(F(0v?3mN1vrN4(r*;J2xU^Qr z?$a0u(~UUNu$gA0RcEs)>b&&#hVQ{{{$8g~zwoHw6((VY+jd3`khWKqeP`2qt6$DFHX{3lw@U_CpT)!17?_{ z8`XjIe)CqDXyCX0#{ojZQw4UBy727mLWBJb3*tZK)P(MKUx;Snop^S{wp#v_I*|DY zdDr?6(*O=CbP#c`%}xqBM5r$L!-#D;~amXbV zv6ad4Sg<$@kwYuHN4>kDW%x;W&SQ8aphIzWJxa(QPdq}j=iQQv&pg24lZ)9vX7?~X z27B(v_V<{&LyV_~2R%c%ALvpNi$+`F*5Z$5G)wC}#6Xuyh6tp2-4%TcQeWoD$MN6g ztV`#l#Bz*2c;`L<%+fB_dgDKigjaub$oTC;w)#Xnd!?PnJxPm}7KZeQ_{M!7?eD(W zf^vMxZ3k%wUl`t;&Su^=;(yv;8Q6aK9$!So)0#2&Ee86XhztYQ4~KB>avxDzJU8qv zKGJ-Uf}g2I@7p12!(lG_5Z4g^t}JNmQw_*f*XO2?ht6 zpFRV0wGQlD39O&91$AJ-UnZ5@x%F0=qDbwtW1VPhsfnT(WwK>1IxPN}J*4palk@3h z99M?BA65}0xhC|(Q103bq&=!|A{+CC#rMt4=7%p2vZ7T#X95SXxkX?JTb!~eq3&7x z*oETYw8P?WZ-+L?J6IOuQr<{F7;O}7w@&3TO~4&E6qdaE5AEq5wGX$OoEROxg~h)y-)1=RZ&Ckh!P@cYinG6v>0@}V3BeCyHWrSr z!)uPPc*g!MwR*w(`7tcBJ5Hr0etUx7Kehb8v-B`H_)Hio_W%~3c>V?3cA8T(PM8GK zhT}us1lkfk9sS}evA=HN?DFW;oP9z&%stkTUR>S%&c1d z2o^6gmYusOyq}|?R`bnhHK@CB-_iZPn~#fTyfcB_n6MixUU~%8lztgGD}3p`{T|B{ z?pdFnqx}aSYMUN1mK7$wMOeJcK_Ym9M%G`WP|B?QZpOtRE|nL~F@ep-%3R0rrMU+z zKKO&cSp5mA#8^&7&)bO6Y+bQYp>gTB#cBa-9 z)4q{T2~sH*B(Btbx{}SX__+9jsPQl8{1u*d2i~=ReNNC|ItFRYBou5H2Ut4VwkPBz8s zZG^=;{rG{Q4<{Y-FjWC}vb3ULq=+gqav3Q%8hKdf?o3M!EItQNr7-0yHV`r|b12^F z+1&-^A~>2@RCycpTA-ma?8bbYo%;OoWR=yuq?l*Z>=K`3l@Wu`;Hd#mS|OSEUc+$_ zEd2woYUS+tr0DhBLW8asN?e%=h*cSu94vx0vf7F~DmU~gR=0x3*6ls5=CAjg7fhD7 z^LteRT+4~AFC0$LHL_`M=<5)jpo3y@z86OiqrOW?Hl~G zEFQ1!|9FPyOkR3Uv)ao?y>f>d^O%)F+5Mx+*Ejrau>AL`m4}+RE$WTYjg%yrw=rohwTfeVF~`m)!P0*? zG^}Ahh66|0fNIp#;`O#-BBWPDPTNGVi{OA|tIr1(zYgFxe1(mu9kdQm^{#I@F3{e0 zB1)nz@zXW7Tc$(4gvFEB&%Ztx#2Oa&teUy+l1dsw{9t`x_>D{`wr;i!)(o4fd_L|Gk@ z_1y!kj|OD33i2di@yqfcJxyX48KIa&w->CR$P_VV%!c_IPc@*NDQmsv?rjKgT zJN_CMAcH2eeJm{giwz|ah9ICt-E9ti5 zF6p86C4i-Gpo4VFE^LE0O46BR>f4qLL$jaQaCXV$JmmYU!*D(qEmpBZvivvBh3i-oSs0F2f1C6^rF|mi^2> zVjHaMAWNWfo)FU#Si;_#BoB*6_t?asaNaDMJaoV7*q}U6FC3t2$IXe>++(ji=izDu zi^o)*Nd)(%;K_O#mWBt5+q3+5YFBjNs=iqdz$4^Xc?OHeDJ;l(qY9k)p?@@?YiT~Z zLlGgG{(OWK*EWTTO;$Av7EkB}tY^pjAuF;0|B~)b#watGYtrsG1^AT$zKA^)3*`nr z;ZuT(Uhep(q6cF*R{>$+PwQzou{z~J3OJ00j?bRL;>i+|h)Sp2)(99%y=mLc$Ukc? zR%v`^{_c9&$rz3|-2{uLh|%e~Y*`@BclLAYh9y7EqC;Y29evRGp)vcz*vxP^f zSi$;{{8uDa^h#IKuz1FiA`PWN;51RvK&Y(&;S+mA08Pb1{ixv?2EbcX(Hs6dGfn1Z zfjwklpl0+2+rygGGlN6|V$53Zsw1IUOu_b`0>&1ZZ%_pE#KeWKP`}KU`Ra%sQOp@yuFe)j-U$#p!1933}|M z)h;0Yvkw_SkA#dOTEa;C(@BA(5a; z78EJzNIQqc1Cr0RElC(xVe`HbRoO#8KOJuJ{j#r<0zgMk(tl8Q0-4mHt0N|7Q0v3N?+5J^@6>~~R zWiZhMXUVt_QoxIWWrFpLS9{``-*<1=Z}-1ANWOO7AjKro&7>4JW1UcK%Rm3z4A;lj zMeJ6?eM9~Ttbf_!isSA|PPjE-8)_Z-m{{!X$vB#-LO#50in5z7EI-2h_x79e_1@)+ zS+`pFh6)NvP_G!aJ(yn~E~ilX;B>NeJ-maSmGm9)d%zoGzY zABL`REMOkrhRb?j54ZP1wT&*v3l=XKVXruAI;DRaWiTFSbE4s)g}&py<>pJ23h(IPrP#|_+}{l*aNVOVZ`!+wyyA~UZQeR+Yn<3m6I z`mFk1pN*Xa$FS;%NT~a~kE0frAMMXc_rH&*(X@MxR)fxVBBL}c=+xc!(0qeuje z*q`QgZjY0h`NuU8}iNSIYHh|_boofC*p?u^q+U+3~!0{eHm4(h&=X!Lpb;f zOW($A;)I;BU2Q{S_e$66d5E>d?fKsX?6maW~|fW9#OGaBMi{S$%-}`9(36 z;>vPNBmqGy#hsCPY3URtSo)5eZ#lFVdq(<;UN{rCBzYKbENxSYsQ^>i^xCBN{UTxU z&iRt)2bKJqww35VYUjG>IFvTfxB0tuBH_5EqF7bSVezir;9$S4`_c+2k zNRwORFAWpL>a2#SUIoMAy-6%^sUu74Yu%k-cP_-5s5KdksDu1Lp@1jLtkI0&^K!4it`zS(}4Iog_=fy*{eF8}@Kq$~30! zEnQ1O&$W3e`AE8sQD=-HEhmN2W?seeE| zLh8qF@$d#-Bfl(1bGVkPKw~Pkz#amoFzUf z=q=|W-RZe6S&T(TUDyy|SGdUni!Yk|X^)F!YP16lu!X8S7V8i)6T$$CX+{zeW#ICW@6Oz6!zoj~V z2#aqPL4K^85JUAHtD=kL;)0US#z(}->nWm-k)t1tI?j#v7p-vb5jb1TpZJppI@V}W z3`MIGAF%J?CZ5M(tU6Z7-tb4-Jig&xao`vu^ZYJi8{2sM20yP(tpwIK6+32aobEc`K>#ZtoCl0rm-Jcfq>iEWKDZ&@ zx}`F7yHfoLk6s$PmL0#ShODY~eQ48)mBeSzAx>f!4a-lDivHm?ZZSp0D#?I-%v&`6 zJj=I-N*+yx$VMyV{nPNhmz<;mR6s%E{x;IDOmdb zITpoD{HtX7*5YdZBuI9oV}kVH2`8?^+hhZ8R%mX-SBJR(c-322?!Cp4FPvJ6#L|gT z*C)OQ&X;!axeluM+=yR|#BVz_Q?qnL`Ra}NN59(sgpzyPaSz=)EoqoY`s;ouEI;D} z1rlAOY=W^{{?51v5o5#WAxLzs-`+H0`cxjSi!s3BXS49$I>^LLowsRF$fJBev&OPQ zOO;7jlc(%Ba8?q(VGqn%MK{ogp<0J`aW$;Ae>lCX79?QnMw8XdlwYh!MRp8J|2?CMLdev?Rd^!81Zs+H#lc`Y>RI(O3H$F-H{v0S@XzZ*BFa8Z^{X+UK6zRGDShzh zMf$*MYfst&fvwjGEd9l#im)=}QOxro&33<6-zx~4`gYwiey|MchDttV%fDg&EU7j| zZnx|d1EmJA?M{#q(r8!^O|_ePyPCVl`;Dd6VCkQS*O*`RZ!DCk7E<*j>;Y((emN%u@M*|%lu=GENfe8Y9 z9qc!+)VB|mI-W))k)H8sdGBTO zS@wZXBA}JAAaMzvh`351nwBBnpY4Wz*_~P1JJ`{D z%H*@lL;2XOTHwy(B+v>*<0WL}U=_NnH7q}0>rYe#ur%as;s`3cllDsca>X%==j((q z^pL;%W1$Mc;t%p2xf?WW#Uh?ziN3aB)IB;hU|HI1y0kd0U}`?@mV?C~QcjunZKUCf ziVXQt6wH378Zpv%D%nPorL_vi?9PuK(!% zn4s#Txf|~z29ZnzmGk(#oWu{z`w{DN(nAqwJ|(kiA(z#(Hgx;|!_ucDMu{B*Qxp-V^;ZC`tTkwj-ub(0_yR_p6ld%WuQYiTKT zw-x{-(KfJ9MBjM2_Vvf3qRL%dU%?>?R>BD$NE_^qEohKq(DM8I-@CLZL-uU3fb81h z3TcCE*#Y?_lDpLQf4Pe8!T1m9yZV-{PXJ{d%r-IEnk1o zAOu+envh*=xl8}9LWC2u= zU3Q>5)mTGz)`9M%qjG&0+#tNVL3XdP1UNzde{fy1hqOZO3mhikjTpl9);Dl)ko+?Q z1bEbInowSqDo}&)a&;BMu$OPEvFO%8?=$2%29Dx+1NiP3Sa{2#*8=U+nx%~g{K91Ub-B6{`T6sgIkfPru50mP zm^4w8GKrCkLR{yv0;+?dCGgkZnVzuauO;_@YN39dkWg3Ycpo9#S?NcsR0#^=w^O7| zqA4zSr#meMe`-qr;5Th3o&U}vV`@V!YXNq0SF*IUfLyS?LIP`JvxMo(ZdA5cp82uY z+Z94OyrTT??DY>?3~o$alxGuoE%Jc8A>knb=JR7`E(39g#M-mdNLuwr*CrUW|Eu43 z?2mK*JAOfJ5eVf#>3cjrA0mZ(=PKJ$rt{Cw(2U_YGa+rHOY`l}ewx?`pgSkR!i;=>T{DTmZIT2mk8pS&XpS;#p?E9gfWXOTZS1qUzeUw7>$I7@b6< zI6ujrW+Rj*eFNcGrQFa&Y6&1w{!(Zb_hSq#v}0%~`1L&00X7h0*%7h@BEnP1PK@C{ z6GiXc?U(J~1eDLOmyBKR@~fc7zjb9$ zDbArjS}|=wL$DfLRJzB5L4;#Y$y{CD%TSc&}9jw{5&_Fa@0pvYy134KAivt zjRVDgCvia%(71t|K+x|xBms>MnwI4T+04ws&6LgJI>Uzz>}t(^oq}e`Y6i&)W;Hkc zryMeeu`z!I2P{fc*~5?Yiz5cDVo&pdgnvp)`IQa_I0X_wv%u&OF@fm6yF@^M$(j3$ z9oha!`})hS{(0}u>r@u6bYbbCF|_fRs4?B0d)W6dnk&ng+w->~ec-P^3qOwSQ1(m- z@SN{-JW;Z8_+*Bk0jF&#{ZX#}^k|{(iHp0=5iZ9-p+-2oZ zzU6>tbWnJZZ)}DGtg8GfV`cG(=K&Tnmk?WZd`=G}(lX1twCigeEMOfEi0&;~bx?K@B2Q7UotzplR0P3&i>DtGiL_?000{B^Rpxd zp0x16V_^o`Fr5IrHyJLwT#Xu_ru>E$-~b>141fag<@1!2%NLf*Yri3Di$5tre{$}h zpE?3wwlGtG!=(@?)H0K@!4d$_olSSd(MUlr0!ciSctWObYh5j?d#X4Mg2*u*|X5jPB1a^>yA?%7Ck@<&;cKvT}vZ~4ETd1 z$P+AoKcZkj0DxR!n(ZH)7RJBV^i7&pPqz}-cA48xo^a|*7z79*KPWMJS(|NDv8m!k zV@IWVlB(^0SYoX1t}3)_fLpv?H$Hi6Pgi4Y#$nSQ9~#CkQyQLBoM18S0G_gfw& zU%#&Z`RPgKUKwt)uAsT58Alj}Q!O2s3DH}hNFp0}yAoG;`I<3+hu|oPSe9Y`LeGq` zx`u)AL`p~MRST`&ZJ~@1p!2igSnM=S5 zyhcf8fFV$9bLrTV%(5ME=PEeuC8qsWuPK6cdgmj147*B#L(a)QJL2$u2C?^@%S&WJP-ee5H8@7vp4@7XlH&D(qvqM&p z)5u6m8X*AZr<{ebb7>KmD&zfNraokX7hx|R2Q#%m2*ZUa6=>KuS?TB+z|1@`WRQ>- z%n%<83qZobCld*mg>U9&Sw2E2Amx$rw%jbTlnaQJ;{Pz`QB*?TikXTIpoyYl1>jLs z%+yg-R6u`DilFHTUv|;c$JbGmDVeqAn{yWYl_%QOs?dCy5tH=J` z9VPp?@(Lkkw{&CGii1nWZbqIL9mwM1#r51`Ied{3t5I#q=G>E~uDQ6e*Y}V`rsXW2 zW!*eoy-&4<7c~tPKvm)aC%{?3alp?`MYTvv2d4ouxESTcI$9xGn7(7T=AOF^&$?36 zxgwra1{|cn>@B9)Z8mpgwr3)3rW-Cnsk((0983|vuDo{CgSUeU@PJTFhQE-0b2;gF zE33@lMgb1j_kPgRb@or?Z~^OrNT=%Z!g6_^9MX0quD_qG-&S}m&fEBOiCI{<sprQ@vJp_wTixzyFEj!l7M zh&wTRf^F0`x=-jkQolB>Dw6&9`MAZ_wling?AU^C_hh6A2SspPsG2rv8l7gW?fTH# zbQx@Odijp>_AAV93KS#C*IO7ce2V_Wso>8IcCLgWrV+lkVKN5t?KJh=b`62kLI z!bKLQ>5s&A*iCFYYN>YGAMmX7Dt&v{#P!snjeG?Ud9`zSh#$|sy3hFh`NsV}fjo+i zpd^PC$TI|W;E$lUdR61+peF@_9_I?^nVmV1o-{hHXMGKu@-(e!{hmtB2m3=aS|powAfi0c zTzj7#MoX_Zo$434%<)J7eQteiGPRegqk@NSz@Doi18{5h8<)BJG^Zz&b9PSgUesti z!4>+fyJC0wKdL^oPTOpE-$$1djJU z;F<1Y&TVkRl2nysdpKqHeEeMcA>jIa^xg(c+0$(>wSgj0zK5C0qq@$QEbiahmV0^5 zCC+y0{wI#Wg(sTh=BGO*6_N5D9Hw_!ER?KsR;yREobu<*;> zFA z*}i=c;~U}_w};m@A=|)u538U>jqn=q`(@>yfFB;xy^vkwHe#Xda4mh&SgM%iIhp+{G+= zo3OR0s2{iaV)P`tbn{-BZugumr796$~@^DtYm*JN->iAB`8CEty9l93$j>CtPc=rYk8}1SpV4010SZ$&=#-B;VNRWct6C|05QrB$j1c3GSvIY-tA zCpRG8_%ZDia($;I(qQ*=D8grA9qeKfr?greL)NpcEnXmW-K^mqP*Tm(DY-D%z0M6! zT($QMR=^Jjxcp%6tzMJ*IrQ;@&_}fbeQMDs5?`{Q;?B{W^**DM!utdCrTzDzZ!?^4 z8TvSvpif)#p8}r3TEJ5P0q=j1=U>5GUF!`>VTs6^8kzLtM!``qyq?f3$J>iUyAosUUvZ6SuX zeaKL!$%okEW4BK~B#w*J-98)A=+K^d)L+1IZ~pzu^-B98ZoX$yuWp~XHgc^MZ77}f zb}xGC`B*M!H84+@J0i19w9ojJtG=WuyHP^ls6$rHHmwU%pEY~BgHE#TasCkd>PUQo zb8g4xXFCJKbtMaihBjI&)LvNs=~UMVbftnlJ58d9%i_T0OG$?f1IXs%-=ksTJ42+%GHt1m>7L8l8vyx-_;khIpiS3o_j8d6YeWT>pjp`*Vs9%>`tz zVToUYP3`h*Z?T&uo}v#pzED6@cwDtVBm92Ashv%}=Gac|PrHsNYg}+--LP*VDL*hE z^+4itT0BHyKTAfFN)t64n5}5Qey*AhmT5P(`Y1TJ?~`cLQJJ17u9(rA-OeA09|fp2 z5^uQ!+PHPC!P3R2W@t=2EG3d)a!9~q6!@tA=4-m28HHV&x>+9w-x()u~{c4}A( zx7n4%jJ-t{YhP%(OtTT9f=!Q(0V+3uou7cv&Dz4)+0*YU{2Lhn3Ebe}Z0clH`jFUQ zt9b>*DCWf(<>sv;K;RvY;Z18{uFo~zw+2$=)SxL(#cW*LI`ANn2LdRzEShQo4En{a zb=f7k(Ry^raaxnJxE;u$o^2w}#;Bn{nyFu5p-(3~gEdl2+3W%K?u(N7jXjU#>|SKS zZsmK~3e)?=e^7gQv46wiARe~Nh78ap@jc9~+IU_RcLkUzFc6txR(v><}$?KcW}G--|Mf<%V-EquRPPsD_|SToDQg zBwPWUt18MNKsZBEil~(${BLLQSJ+kQc1J-iD=U*v$RtiAO~0!M|MG(WRUW}{yDKXZpNAG zTpEmx?KtTgr;^%9?z@gx$2sed=>Q+L`KQ=!$~{asev2&pVDzr#412<(W>FfH-egi+ z_KOYj*TpvsdMb03E4v}YWfW^(Sbb&>2(H~Nkz-`H`?F9|`=q1zWNWpwc~f7Yzo1>I zyS0c42Z40cCfSH1{(yS7Q!M^0%L7)SJA)1mcOFNH+n|Osjq?n4lwKOV>SoPW>f4~Y zALZ`vn$&vHpFphR-h2!Rg=qnfED6il75NMv`FP2d0ZvG{XgTf-<+nLErIC?;`(2Ov=81t)m}Xy{bN>W4w|NZ7i$#c` zHtBwLqduTlg0f@~zriPduB82o=gHBF)x|wwLg!{KSU{%w*qWG>@Shc5yvItFj_X`Z zEI64MR=R*QxoUsd!Z|9?IzUMmRzvkZ>NuAO(}m4xU2#ljLb&NFrOeKz4aFa27+83q zcimX}Dyfny(fVa%RCM7Zn6Cqp{uzlXYo^35W-JsFi?=*np}l3$`qTBz&Qaom2dXct zmK3tNM|vu#KB?LNs8i1@p_STE0N?5{(jc9~!1W}Is-ZMKm3DBJwom+ESCZ)1{e}6f z-iT5@w-~eX#LoDjtS4d5dB@jdgQfVx94k(RjUkBS^KZINw~k$H*@=0h@V&$B{0c4= z{2Z4+ryGs$DlSbvd&u|cj$PyTxDx{ja z>OFYylg6QkO_$HI@yzqF4Zr55hn|^HevM^!vlbpraN47B_Z^$e_6`?Za6KvN1z*m< zg2b!fFkhjYoRw8G>xmwsmt8hId^Wdb+VoA{uEAV~xZzZrckdOGl0?|jy=cp%r8>F~ z>~vs{uBE$Tu^(bmd6;ip*GYX!cyaU#eD1inJGrICsM zO9KD|u75mIzXUGZYk_%{{D55RluE$)IGUhrCcY`e``so(Cj(XSTU)#QMr{2VNw3W5`b?ZT+@yUrcqX9TM`G~wz z8q!LVQ>6UD!Fv*gzNds4Hqa+*GfNRe%a}u@I<;p|6+1bSM{gxxR<56wqI;dF-xej{ zPS|v_%&n<I` z|3aN5qn$**pd43!+GgyTy)`skfM#-NqMuPj9H%1P;Fkn5xR4rk;mnranu5A&8Np9A z$B3O<7Dl$-5_L}h9=K>$fa^JEfBm>pK+^}0qHbCRuA%Jeo{RmyGv5Q(AJ{9qhiUbDS~#N_hn#r&nNek_UbTBticRo5135eQ zIbV%0l6L|medl^--!R0zBMqxoJ*{$LpKQyC1bI@bpWa)s>*hO| zA|Fl)j=iI^#$8QOB^UG4;a)>HERy%eOQ&7c!b+W++dCrbrM^9IvNO0yobM9nfQfIM zj|5G^CsqqFD>&nR|uLqG@dbaC!kqdztNT(%?Hs=h7sgl7m zNSVP+zJVxl~&jaU*;P`2UUqV1+je@}YBeqK6 z{^eZt8eL-fiwtqI+$FW5uwz%g%(yvTyR$PpgE?VAH`8@&Zy!xfvu!qm?H>B$b6iCY z(PCK#EcAK1D^06D)J^G{#k`d|&m*VYBegzz{rbEID1)vi`j)rzkLc}r6i9q)8{WUEq%O9{++Xec^w#%>4;D3qRUjakDV9#v?y^Y1` zEn9MBpPjF6N!hQFW$^Sw+F`nF^cnapb~A?3K`HHvto_$Z7P#-cW*@S8GWz~KYqqfW z6GZjl?k7*R6l+zsFWL9&mO0Kh*PS94bZ6v}c{Fn^o@DX!K+-s&;t<-owdR4z&Ix+H`6ILw!8)7HE4YxW3~O>d5qx6@T9Y2# zPTTeBgLiI|!2`(){DNjeayiHyZ>uLeVm+R3wzV0{C|4OyqUr7&@2EHsUiYD+gX6Z( zOoLKaTd>osc$wse&vw}|bBlt6h-&(=X}1fwD_FK86Wq3?tg#6#Q_vc|s{!+`)nC_d z4855r)8kx9<~vS!h3e}N{WRX`HAme*aRyPafZ~dw1yTt&f}ZOzi|!<8ZQ5?$cEvpR z2?+u`RKw)Zo{$+*x8{|)syd)Q9vDAte!(E|1)cCEjs`Yf(C4kCQO_gUyREIgI_v`g zeRvOpzA7e>Y>g*XhTX5ypeowUQ+wXGy9;i5i+^FbL_c&x>?C)D&Z29JC81^ZM#%|hM{QhMksL1 z#$+KMscHW1@!=ctg~eQENoqw#nJ7W~>YePZ9b7Dx?l>yeiC*dR47vS75NBg1kfMf` znE^~&!%|}{3uk5Di@j~{&P1HN>@b)z*Dv`{SP%k4D6OjqDSjNf*-BoacVPO!M9%(A z%7+CMW%iUQU-mdXFUIO4(f% z#^Gva#JjpojRMsFgoWMr55wa*#Jq1x=ICzlOCc4nPX{CCP}Vrw(M2a?hNmz4DzyXx zFb80UhL!R6L~}!&NctZ%pg>Y`${S&s*)7ha4_zHD)YR{pYcSOrKOZgH_GC|iwo#bS znY{)&bFCrP$88ICJ+Vstfdz2UVI?w0W%n-H7vV8BB$B}R{xN}yjP%~m5WuZs#BaUu z^r8tw%}D05a$94+6eMV8|E_yUFjdZzrDjmTZ~bXr4#z9yV`gPvk_%s*VyAj4JXjHh z_C&W}j9V?Kj~-mVS^vgeJ{{R`8RTWtVKjInzK_hIutiC$Lu54?#}tgs!GX~^eoKRf za@W4{%Re>r;;M$k`j0trKyE*M$m2ozw-BJb8XrV0x!AHe;+{CC1KYQeCJSESiXRX^ zk+gN+><}6X96mxkLTpCcs99fP%u>3i7~^Z4Mb0wO_R|x!Ylmowdh?BX9b@LNI55Z1 z#4cl4co?MmJ-?KgFiP@V&i)ZS1P22h;Q(TZ+s%L#xO%M%M*P9RXf8^0ksDYa50=c9 zdPD*vyGUTf5gzaczqOZ29^h55k5o{gTZ3jPT#1T`9(+=0s2P{q3}2)LOinRIvK84F z$E+LMXfA0}vsNlXrSD$ly&F2hj}m=QXGlI5^_fQk0wA(mHp5wqomqIITT7dFq!wG! zT|B3ITiWv-lT#vEJOc`BsXP*Hj+v2>JJOu28^GjpxAsmzDc8)G;&#LKU1xfePrawz z`|PD#TT1VVgn9Cn9B+`%Ka$G!pGpM|FoCQ}f>I#>8h{V@2i|W64xppCVc*0DIn$Hl z+n=1qa~0Fla{z)TC3QIhXms{_$Jf1e-GZR>n=&>);9422w^)aC5XUDqTDDm<(u&C6 zefoZO7X(ms^Q-+}((iw0KwQ$uX@PUD$?uw3_!v>VYOK9rmuw>x2s|=agOD)UY+Y^~ zYb*G)=2ep0UO_7H!N>yUoScZDz5(@javoop8&4?QfNA9=`BI`f!T2Xng0~xt5~8Hx zVKc) z>Hb#gAUgexeWw^QqrfUAAdd8@oJ*em9HQO}ZxN`hXsbJV8Umbr-P^@d0zqle=N0P( zS#$fSRGW50pBbfE*BEf-obo3qkhHqfydJ2q#V7g-7Y(7VRlgZED)2H8+|EY;4y*{G> z0h%`kWYg>AM}P|J5tEyeR$HFo4;oHcsA~)F6-jJb7Y@cD*$(Sn!n-*fqI!Kn>E!M8 zwKH6HatnJ!%ssX{HeWqeI(<`PTJe5s)E(=7wz&(n*|9i~+K*PHf&P1V(`MD4+VGcB|DFc229d zv+j@f(@PFkCEU{seZp^}8?!G{J2tmj!1|I3XioFsz+V9WXnUyuepvvPps{EP8q)t+ zau8Sgf;27DsNZ_36B$#&lo=K?wYc4sHdThF!*-0|C*~T{ag9>{g2b+4;NI^ zO+AhpTdW!(-T=Cn_2%O3WjU-8`P%>gjQ;oizj>QCVONon_^DXWa^Xvrcy;wa*>!72 zb%E1p;Q8s~e#ax1I(YMXx*eSM6(paBki3C0AE$AN%Lf+UVIa~V$N$QX58X;oxeArGjn z9;`564p@UO1nX6H{_R|pBz{@oLoZvSA#kK)dx!Fw`OjVwK|AISkQlCZ63CY#yu0`AAtjBnATL zY+9hXny|M_Z1`T4TKvhvLh-sw{OfN{ihQ1;esj<=8wy+sk8*KM4QD=|h0iL4yi>eq zq%zF;p4Mlm4iQa zw$M_EgKw^aX+<`x8u5GCQB%{>!a>csEGv7^8MKVqUypVJXh05-Ua0{96n6%N8y4_G zkvlD5?)09;Xx>mV;OLmzRRf0X42iy32#^%7RAqLjceg@^J5gdc zL5qDht<_K<;?-7P*&WswQ@11uW@+m^)nq8pr<;#E5X5~V^rjyZy}J_AnNwJ!fJ>KJ z*aF{U)>9l;#zYSz0*U-LaX@kPt#GiL;?MbJ{>B;Spx6*66ThgG{<)}7{gl5*GA#s1 zm(Iwu!UxAY&d7`wBp6&gv@tpS;E~RUl7@uX_ts`qs3LDL=` zk;Waz;^P|I8Z5Jphk2=}%n5UrRrq-r3)!$6N55ngOgokQ$Sx>V73A)F?pKHQs`54l zy^S6q@5>%WOAtQ&SA2~)fNJf?yO^K@zt^ifLOx|tEa%%)9IWy1Jp?eE+aM#SW7($s zK)NZhxBhXDGxJ?UYs|5M&M}q17@a)O^DOxyG(ZZ`M!gB)(G;h^Gn|gGV(+p*ODWA9(6RO`*c{{!fZ!ooh*XHw8 z@Ag(hZageeY{S6Md}hBuE@igP5b8!c2@5W7&zprXIH!BO?ZSwBC?( zppb=2xu)ND@nc9t(=hn}UdYAu5GP30&ClP(3G0PZg5mJ47=KT)hAI+R%T7seHe>PL zE~y*0oHcto?{SUtK(!%&TG@MJ81kHu-rnBq$ZPu1;$3-u8)i=Av=q55Ry-`89STUwI(GXKkl}^{0)$dM*B^>}aaW ze#g#*k9%2wlln}j>pxmWJ&rwARY#TLES+ih-M`n-0%r|}E| zT)wuEvo2{kaxc33g1^8e+Lm|u!`nj1Hx#-jMYU^At3iR9&SP4g+igtz2b|q&l2F~c z^unhvxE?;g=s!!w*1j!Yf7fC>P3vHMLLjEtubHLfpYtZS#GB@KybZJG?EXyG)Umm; zVXSzap6&Bn*E}G=WZ1%>+UF~_r|E#B!CNjp;LF4fB_4>>jNizAdUyKtAt(^_`lO!E zhaGiJ*^&V^^gCIz6uL*OJmbv9y&sspOF(jPKGPE2ttxWvxc2z1iy^79Tx;ZJ2a|(I zd6Ho$n8SDcBo-THSt>b7wOEl^*hD$n4`JgULjYs751x`I&aa!2X>@sm_)YN4;~Jiz+pz*F(>z22{cKT`RBI)J0r8 zu2FF=xgO7jY2aDI4+&3R9qB)eEK}{$vNH4S*g($ltiA*^N0X<}JqXZOmhslN?&6Dq z{d3R65Jr`H*#3jD<+qGyE&XK;)!%}?K+FAJa(LN->J)+N*E&VuY4Q4=rP|>dUU!bV zJ(h>3Ff`<}kL=wVTM~6jJuQ6W6`>zF0(WY_6aC4m@b6?4df7X#?iz#C)*h1I+;)G4 zyU^noA%MEFacUcl*2b;+W80X7^sAY$Z&LQ2-#T<4^3dtKf;KKtppBPWygu#riIPx+ z%d88YMHW)-!oy`Dd+9pX$^7ADNug+n8|yWlGNYv4D~HC9J@Tgh774uY-u~boLw><9 zPa+oM2_txc8_B>lU?I#f7`Q&`9|V&j1(TMJWCFY>`Ce%a7{QxBR+aH5`N?<^TqqUD zcrV;)4)X(7Zv!y|GI#*w?{$6;nd2lD70KBKFJPb?pCJ{aHs$_C7;@g4+ToQpm zA>nWs36J%sJbtPeA0LdL7ts$EK=1>Xhn>9fWNB}3gBvGukSYS^?L}}3#E`M>IHH>> z90qP`BaI`FFfN{W9C+1}h{5>~yruC$SWkZ(UeyEd=Z*K2@*?8=!99sw34UII7(YC0 zxlEFxR99X3jT70A;N}Kytg%|l3G0a=k)(YvWOr4W0L*f~y#ok10!C)F&Pq#^J#U=w z;HE8pSUkuDi~w$qBMlP4gToOlWBrIEC%h{G27|50P1*}X@=*2n!C}aFDg4r=NYW&{ zUjPA%hf&1iO2C14h=B2wa`V7TyJP&oBG^G!j3){Ik2Y2i-DzcXIg!X1Ke7`jM^!~Q zoCG!lGVezuh4Vy6 z+|gcVKC$3GGtM>t={VQ?J_oF8$?G}-1{*gRkW{h${g z*`JS1?|78k@H+VNAQYIlx=E)iqkin8*2^ke?;XCAzQF0NpUyIz&5Vgy>vyz;7S0u1o{o>6gBWyLORaNi6UKcur%J!kLc&* zf_KLRfCi(gEbQwgFHDe=3xP;dl|p=T7KaZ2RTii{LCvs~{vS~fONv1T?41nGO9~El zn4)K;v3__^)2IpsP%cYKO8OBc;V?Nks28dy zplU;+&@eQ{6|R6*ba9b$mB(OlSVcS*fpEpb@v>-H7c5?0-c?Rf9^4QQhk?W8kx0C& zoV*JTeAO6-0c)a>VAJ4B$clJ`iyT4$Co89bRYZYRK0loRPA_ z?oWd1Z~Nh|vy;Cf=WkG5vAO>eQ2jH;%U9g^Q?Q^-K%$L_gRy3 zFh~149~Yk{oMc|NeF_3RKzqU;HOEI@h%sX3&@(BZeWcFq6H8m0Se)@uCGSEB6cEbx zq=GS3Z8qt>5z4p6BQj6ybH_Em(L*V(%XId1I31W%R65I*9P`*zSe#i#D!K8GW@H+k zWN>N@8VWEg3(e)&@2~C$QP2Y?DJv%90$LEO9*E!bvVUP-wge*onu+!QhE4i|@vujJ zufZ_g48dpC-SCqreN1vXYdQp|$}4#@-rV<)u_IS}@|=&FhbT)HQ5>h?kC}~9FSxM? zZs4mKW99%AY%j1o(hU2g{LVxb0<@LTprQ5;y`HLK92gKE zU8=`KE$_v8^ceYIdNt0@^g)5**F)WfrTes~cJ2K5xa8?I73oiswvS@?2u{x>t68>g zC@tSN$$G5(Jaf#M!HCn0JXN4TmRD9NOUs}(!7Ke_$>_H>`K?WUw&?V)XcM8ePQ~Bq z0PGMiYoW-lpLs^-;o0W?$N4xgv3;$lF!yv?TJ&W zf4$`>*1T=l^rY>p!P}0to524+VhDN79_;VTCZ``rRvQ+#h-z$qPUCV{xbw|BOZ9!5 z3@hK?`zYqnH`x3dUlR~G$`4Z22?7_zm)>o*SYF>Hf&UpN09<#cEWxg2OV3JYq$6nH zVmEreGfX-sT%V_i1p=Hi_1C<4&#!!ALBaU`e2FCTzOZJ;;~0DOw=&wthbE3d0cL5c z>ki}3d5*y=6TM*N>P(F-o(B(#6dqzpe5>C6GMnIt>$kefy#p`V9r11pge>}Vw#@Nl Ve{i)N2MZ*S-C-8~SS+4I`ac8J_`CoB diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/gdc-host.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/gdc-host.bin deleted file mode 100644 index 4c607a9cc8787fa24545f9447cd230cc4820103a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 50430 zcmeFZ1ymf}v*?SvyK4vzgS&fhcXu7!LU5Ph5(qAV;I0X7!6jHoa0{*>fxsP-eD{3+ z;rrin-dg9Zci&oXBE5F^Z>np$cUA4Gy}KbGARwSY|NiMi3EHXdY-vs*CrKgYY3bw+ z;DCU90HGkD9=6C36c4T60)FrK-TwFgV}cH;yPLYYdpIiq%}pI_-F<$a9v*byw}>&5 z`u%Si+woRCCj_4+9qUVti%fM$2Q;MFjp7Gy%ZQ0Vq&N`hP9fuA>S{ruXld%^;c96? zq0TI!rlI)j)Cm7u7?tbsz;*8@b))TKg?OQYUb{?llFvNKyl=P573@fQJWxO+I|K^^ z2k0NyukS)YfW960TNUNHmd1@28K(X_GeZp%q!usaHiP=xOzp9fCt^q)Fl5=25;ki3#4~P5a58T$ zhF$?%pU_r`ZCYd{D-@-^BKB5m(flLf&o^OyZ6ALBgEqgfL-Yx8D^AKaOGgFNHuPa9 zi*o#)3E|n(qBs#RJC2>$I64ri1f=i;I=Gu!TT%e6tlTW!DNLO#D3m3P6_h39Da>r$ zDQw*+K)e6k=s#B&Q?Hcv)98)lG+t%S#FEy#uV%>MNGb0>HWxf^BTqC%`@Kr_bvb(J1;d-$kBSVEXXctE&wdQh<`neeJ|#8xz>0K^H=)} zRehkBZ)|oTF9MDMwqJ@pOY=TtI_%@q{JEkKZlGfi9~B6Bhm_kGrleBbjpwO^1w{ZeG0Ih8;-6-Uo%vso&01OWRG79xC zK+eg^)zr=1)x+E!WHS`%KnD+ZTcDF0g^VlE!!0|vsqcHumI0_X9Q+F$%t0RTH zr4NOSr4t)B1&2I<0w0x~9l*}U#l{W#pI46nogKjSX9wHEj{h(JxM0YFzuziISP1A~ z$an}qFl01TFk}$K5d9We&f1LuDb4k(&qP>(rsn|e-BkOuy0e+*cK#HlWi4yF&~bjF z=`^{dd9KfG_tJFUC2C5#CG=94fAO_!;j>{K=~4&acrg1|1n$?q0E)Nf55}q@!RZNQgIa_i-$@1 zQ)N1H^mm;)Z0(W@GXb~XoC1HoS)wbsMNnjGUMGXen%3ikLa=xKM73!H$va$FT)GgV z`nKgP=*h9VXg9^0+;E$@V&YS)Dg`J@mW+97(ygiW+!QuMC}>Cs$U-TA1ON@xcS+G9 zA@5;eprN2H09X%g?1wf201mW)f`t5KE~IEMcrZ8z{->cFyq>AW0w2ZZY9XIMx%ylF z{YHaq5_F@3AUxT(6Jq(&U4jCMQlOMr_Y2omgXqtD(+jlWLmOOa_~}?vBVEPBVBZ=^ z5IJZZdJcRHmc+E5r8^`&^>EGa-Yen|;S{&*VwSV<B);UeZXy7UhTae_^;`|mvV$XhM#6lpCR6pSW zGe9AuBmdE8&xMXp;_W-+XGuc2Ba|RqoOl*e(%Z%+;@!#O95GF`~ zQ%I6Cyr}b+br>3`MQri9R zwbag6I;ypqkpkx|)eJboaE~4NU&9*$(6NV)JcQIgxbnY_-hy2DyUZV6y3p*3?@Z_} zcH+I|L9Tokd_ZI0Bt4*vJ4R4}KR38&}cR+!g2sv~s7A0J=H@T}>a{Gn)W_@0VZ3X8*_I z6dE?RpplRYXjtV#p=j!AZ|UyrU}|m&iV;9}02w|i8ykR|os%8F$;Qs72XfZjznfeS zO+ZlK|A@{E0J`5gQ~tBg@>22?5@HnW0FZLQkW_!alD~Z{`h$-}0{K`-h`!y%=*~** zr!`M|zwX><`$|F?!lN!d+j3{vu0cO=+&>6t-Ow{<_rt_jM%zGs!;72za^P|`v^Fz~ zY3H&zaSm~9y$hza0zk4Ndk&|PY4JuiU?@yEo+5nwj&&{fKDg^}Z*2TR-Oh|3S)z5F z=I0&k_t`$2a?Ew=s5s~5B2vYJs;$>Q@OtLEM`m~XShrpsJ&A!nh&zk<+WYKA0uu|_ zzfmU1VR;)SYX6c0W*-BR!DZ`v2)5uo4I-)8iAb;3F4MPCH3&fGKQj=Ko*TL+Z zQ_7*%L=fPovMU7`JOJb{ngDfxYMyeQVz|7GySp<#E33Jy1B>HdeVN4^=*a49Z~L&9 z)!7wj0UCa|v4XkoXE~wvvIxVQL8iP6mfEn}`z{LVW0VZ$=pdShg3l9kiqXAF@ zsQlFiK!r>GIgyu_*FT-e()GV^2KT>rI*|E72ZJu=Y-r>qP6`3k2L{0#h9nY{`Mjyq zT{WxHqk={c-vo%a%tfAhUwxWedF)i5V_00RS)4&xzyDTB?ES87JW|I3WlnpDu+SKG z?$f}e?YOKwd-J~GG~lx9vZc)%zL4=Q>l3F|=t1y@Dlr=8*YJz_iLFZJ(BzkPjCy{O zKh)j^4Kb6nud1y;U|wemb(_?zaWoc2PFWHn5$#m?6?F$kDDl>^qW0rN0Ds1@bnrFp zZ1=8ij?so5r-&cZ$0SIL2?P;aFMOBKwH!h1_z97ueBmMRrtHbBikPU+Dzh?@9j&L6 z+F_dQ^J?^O5wMd|J(cP>LF6|8n72IKrc2Lki8&W+4(FgI98yqbCLE}IDr-+VpbMl; z%KG4YD1%Rbp6&Xun{+Nz6jR~If9PJ2-+v*Z%~iLp?9otT0!^h}mFPn{mnBAy8?ND8 z_XU*;-LHnzwJqI5;KXOYppL|_0IwyYe~+IEemJ15s)(FWAycxVEGg8oOM4I_XalmV%X?# z(Mz*?()t}^iP4G^KYQyK#4D?dt$Dtu!&!od9Q@X>GI%L4L<}yzf%FWz^_<9%_*5m~ zd%b3;I2{SaySge>oc^wg^i)ccgiq+VUOB05iIE@Py;Ez2RY6_R&dD=9MBQ?vSrkRb z7abZeeAc5_ory(?pb`IWu%nexNRE-5{nn1sRyk|PU!3!n8xB7voaD@hg~PAi9Kn@Z@&wGM zHmUGq6DO`GRqda{!!npC6*w4A(4U>yL^LL8vU}v)1=|T0(qI-HR?fpzjVy@j=7mnB zDwriw5xJAb3dx{JmTcB!adOrEXi_g_3OXo)bs5TTY1<{1wAz%>KzpebP@jvJQ5QaG zBb-3p$Z8a?5*9ZQ7i=t+f5C#f`fA$2W3$P&kuv-T{M6OD;?z~U6T=S;1 zta>|Nw<&~2q+G35K}j81_B0jx+v0h^CuLohbm)fYfX5H`Kk;M#pR<*DQ2glpD}KOx zYW<2I2#?}NH0Ko4g zg$=;Q$HvRa#>xIGZ2WF=Jv0G9q5mVQvH+NVt4i}9s%qOhSpdDD#u-G?t3ZY2{? z=knW{IiPKgAh~NDrbYyoN+)(Zr3s47j1-C(LfI)E*pk!G8F1hKl)yzwStV?kSn0u9 z@6o3{qV)#E=rbVNQ$?wp;4yXCkgB&G$em}K#)jD-x=9+oD9~X1?DGwGg3Hi>gwbHU z<27{*(5dn1A~$xg@*HhdE4zSL64Tn?nAh%G4W(}e$S@I>4H5*Ub*qkqUI%(le#k=q z6*)kKPe_sfW1><<55@NquP@zuEa7{Oa^{+!X0`f%Pe}N9r8N@2TVP;jGbNOgpg%vJ zNzez-`kkmK0~7)Bd2)F&;ZpyP5*1MQ1$ACfpZ%Sp0JxdiIew)mdVi%PpcF+3pa6LG zR~wX~2>;holz$`pAHx97t)Gi(u}_av-7%kVhoBm|6Qc+Qw%c8)&7^Dzr($#(?9(GQ z=>$`sxqDs~Df^4AExMK^()j34i1S2)3P{{mcCiP<^Dqge1o%Z+t?Q!f+@5{idIO!C zFkN5qW-5AZj?F4QYdEL?bV~O9?o!?;y}UT^3wP7*QKNL@)H^SX)*6CYf=4{Oj@cN$ z@PAo#a)lg?a3eBI>KdTlvj5(Ebwh~FvL8Z>A|&;{C};$n3Wmr?4w+{!Hf0a9Pxpec!zu)^+gVxET|% zpht@q&zRf3r(}yB5=fnnM;q7+mqX7u6EGmzts2WreKbd6KdYYSCTDQg+Y;ABaFN$; z^A8C+p%lCz>F#e$NJfj4N)F$vrFiu|W28T|$k1#q&m4i`od<^33!!tV*4*^m5$!-A zM;Xk7SCJWsu0MDfxcO7tS^;hK_dXWJBdN>O-=nt=c2(*;9P{QU?0E*+shl#UR7m5%x? z-$+eZ2b|-w_@D)-w~u<#rZwCBKuE5u2zA$87Qxqc+=5lS+iL9~MK2EwLN4mOwHUh7 zkd`-0zCQ*;b_zPsARS`?rJI&nwhNbBP6D?IDXD(Qa>W>1(NDAzyA?#=(W{LWug%V1 zoiyQx5=z9!rtx1WTFc8euwlO*P>A0Qkt|R_D)Ok$9j<9b$=&Z59E{;)&ZOB3$|w+A zVknNE3b@+B#1Vmu!Xbx=COL!+5Nh4|j2Q}BBaqONJ4*nIVx*zk@I|S(66Qi6202VR z(l9>-D}44;ouqttbEUwsdi8axpvM3ufzK6F%~jiSX}w`fgRf}7b{|xY9(Di}By?d= zH6W=koWv=?JL25 z>y!_ZU8LABe+o~3n;ZL8mjTrPosSz>`ueJ@76>S4Nl@ZYm2;BocP_S4fewgLK6tbg zz1b-uHJ`e6nx&H7$jiNvh)F@#9sELI$rkFN-o@2{hs>Cq_3=hcEl(Fgkf-PpQuSKo zo!N6PnuCG%M#}60e8a$K)LUYO2=x&22IP-&$*8tht{ewTM?-vZ74dfO136mOY&Im3 zte`!lK73$U#W+%flVblsY~4Khq$BHnL82}Sl0PTIQ|017+}0Tx>M`VA`Qemni78-& zEMMD~W4vJO5k({s*zWxI76Ek{vuP;a=FlPOYo=fITV7M{>~rMANgm~Zw8ru?q8Aj1z$_qS=JsZ@gjX+sik)s>2QO z^5s5O?Vm2&!@vA8*P21))D9URXy|uIdwl#nN8w4Jo!to9?47$Axix2XG!2#MclBjx zn8Q~HdGEcOO2hZgq4rB|el`#Xw^t?Q-<%R65-IjL<(WGOl zf7Bi{DGR--%+cLl;)8pN9qigZkEbKG)Ft3OYj^=84M@CmLA{x24vAC_f*LnyM1D8A zw+D$ud}^`vU{$YKe^E;_qSP zkbnW>cCcE^=rBOiGeO85-c9~{Sf>I|`kNDh(G3tLzj=b(hJJElXjEe?jC(czF9qX& z1pZSqM|js%(ym#!zo4LC!g~C4F@VQcmLa=7g_2Sje#!Is0T1NYdswpViAbU_r3Rvk zupSgLGlcm1?|PwnRNLQ4`z8T7e1eI%-k0kX#A-;6IHqi=>eBZVguoP-SI_DY6@x23 z0nT1LrDVW1==RCv?W5noppAyjUlp@!FW^524X%G%$*Qw_*a4j%dqe5e_DC$?9>@AcwY*igr!hi}C<)eR_IgTsl$32szaoIb4bX--H93}@}*>Beuf6lPOo6Dc>J zmZMt{R+W*5R$hPjMwCE-J-5oEZ5mqZ%E@<@lc4!Qq^U~i$vaIxwjAo>O7*Cho&)k+ z`Rp~c!I-$EKP1;o$HmE?X2J*&@2o(wtMl6r?g_Gg8pA0L^y&8$frYj!bUO~J2u?3} zAuZCn+EpwoN7@El`4)xBIo$oWN%8hHU$qB?YB-RSx6(hvXKwLE^Au{5@9R>@%1rkG zeZEM>k@#XttFM=cK;p+N+Z>b4YKG+6&SCDOt%B*a?V8|m1M7u`5~Df>xAkpNw809q zLo1>LY*5Mn*DDhkXqhSo!`bB|p%lJ=j^dk|EbKew~y6n}rO!fxNxr3B~SgLC7|m zKf3^eK-y;e6x_WJ{=~}5Q6uAP`Y##`7Lj6=n!L_Y)R()i#z*A;L(iP-v%xqbNjV`AkeF8 za?gYmTU?DLFLQc7GX~ShE5FuSn9M1|;G7nXIDc5;1-uO`K|z$mMrE20#RyeeVVuX; zFS01xJX%cm9@d(7xkH+>B0KRcqLpM$5HO;{I}P^68AiF>bLEXC#BalzG%8M_Aw|Ac zlS*lnytN-9l6(+EJ!s?S<61Bx-aWzCSz5H~cX&#bR@W9tYZT3%-=@*+;3=GfC zs)qe!4CD3(yQbBz$q;0{*M;R1U6^Xm;UZrqyaL)jA1{(sn=KykPBNGYp}~74G@n1e zt-rLq4b6f!>jQHcEnT10>it>!T4@IZr4CVWPGCaI_l4qJ-_7{<+qZIpPvk?x;J)rO zeTS_z@R7pOLFsHHs}Y&*9o1X1(q@jS{W0Dm(!h*%=b%s_HM)WWd2;!Vgo+t z3WU-}x{oJx{*1IBhCs(2J`WQ*-Vjgm`nnZVl0+-Y#J+PUOVBC&J_rE-Z7pxtG&4$Z z#7oPFcKOEGGsT>QpIK8Cb5^${h&IiYyza$5-F)ezd-?oK_M^lkloYtE3fkYo9%O+} z4+Sqd55yudZ>Qr7)b&lyKeFf*|p5pqG+PTDZKPitZ@N2h(XUgM$ zZcp>#-N-wWE2Hx%aDLMKfbPn_P5sn@x%0(6$3P*&=kQz;>^nRbCic^jEk|&keqdj% zL6AQ`hH2r@sno>pSn$VM+a0E*hr!u4PUtg9a6aK?2hDblLo`kpAH|0KQ{6P;DlHA| zN|TV>bgFB~g#tK_0j&5saqv?KAmDxxm=~C_J{icE41780K2CX#7jE+!oX1z$XS#31>Q^E zu-Yd;+P>lg=UJQ+t;0*cxv7%BAs{bDCv|Sr9$;rFqpmBRX=PNcegV#ljA!Mp2%ltY zsMUNo+6?MxK5=yCck^-4eCdpBH!kc3&dZDB*wGT zd#57CvUJ79gmy8|bbyRYT0Gju*5G{foUHC?YU5>G_1hF=J5%e5Ip0X9cfwywnTq3XQ1U&W?Mi{*Bh`j*8S zlkbqNEX*3f&q0-O&4XC>Q7<2y??Zf7A>&cG@G0pnRbw;3O>9cOG!yw=5niidG)H95 zEjT}b-(6aJ#1KS6*H}ud5Hdd;qmM#MM`{WMzrUT-lNJEZ52JHf;kWF34@uX+9!@_+ zcH4g%u#k_^y78`az`FcX3^;G0t-pxnoymezsddFku2yY-jq+U*!dus4??j2&VqOZI zml_xb{KFO&$BQ`nKIBLK7Gu_U zq%f`O99MYv>Yz%edRNAd4vFIFt;-eViwU_lR&e?9;WovymK~o#YggiK@5N!1M<%Pr z*>9aOONA3nc5@NI`Ka@$tIe=p&N0|*#MF(kpIxvnwV@drp}vyKnzHN5H{ks60T&G1 znUiMbeFHS=`u-OUE?5PwvJ4ab_z9SF<~U7ozJ3di6TQ=3J3O5u89w((lYNmT{Dx5? zX$?06!`Pm)95|m#V1B5L-<#6Fa*AXHUn^OnpHJSTo&8<@W!*{Nm`OJ{|5>+M3qcZY zBi8(8H4Gh)H-_aU%|Mx?i(aGOqq~ju$e((HSZV{-tPZ+YI8M;r<@W7g`*lJU*R=oOg*fm5>bb4C{X?Jq+R2jIN^lb4A?E@47K z#Z{l;I_-d20PLA8(T3mpcK z61zKmYXq0yPCDhN4uN0}q^5>`QwkKiPs0S$Lg7nxEmG$=TTNEA+G%VuZ@)s zx#OWaos)Qx1gSqH{tO_LKuxJZAq3}BVRF&Lcm@+{rafI!w}5VeFR=KRudjAGnH67= z0*s@;d8lnlyAQ_}kfP+png{O}MQe-Cv@#EqQcZcPbYxjho56XfyE|lkNST=DDGC@f zr4d>#(`ea3eZT=G$t(`D}*mb`Db3$%2~^a(Yv{Y2Ho{a zoEZu*Rq2-OOoBCX+KSvNkK!q6kAlZO(Xm$RDSzu1ll6oAK2-?L^@R3%hbttFEb2$` zIz%VvtXP}bS+{Y>T!lcBE@@B742Wqw`~kk=+q+%uNBXp_TyCD+y}@)QDZQcE?Bk`} zAfrUNWF}R1|EzL4$=3m{f1g@;sEON(-Z;%@iK4wP;vyU%n#girO?0Dg|3lg6qxgOr zE5M9LCBU1Pg-8n~a}JW0dy zhqEE9i8l?&FR@+j7}FBbH{mIPiyCy+%ntr;c;LM7IPFONfh6zf7IiCa--+?Efi6Ff z)u#*vBMD!Tt9*NK-sVV}eegYr)sS%1=j5+PSSh%fol*@wgUl}mM2Mup&c)|JQQNgt?w9T4Yn1~tIydN@`JwWY3-S^LF1IcidD%$$Mc_{6B7jy=^ z&8T|!#o6^A{j(Xv=I1S7I1fD93d2a;x4`8GmDUY=5bcwf zzxnjVXwR0k>+2B%TW<_bVkwTbR!OrnIR8@pcp3LvZG5X_kDjeVd>c=22K`EI^v$lT zT5pkV8ZtQlikU0(P4Ty=X`5CB%vM=Fdy;Jlvzo&ONs>_lKR%1+;Cyb;M<|h5;ScxX z5N-Z(66!SBjQ&QhjfhV7fwXgu7?1AnjBD5A#n0hOmK<{GTdgBkv1j<_DwE?SJ$76r zy_CM#;PMT0U^5e zr{-8Sc5gTLTUM^Wyg)z=){o@7$G4(Yx|adx=|_t+lnMcJxQT>)3el)o?C7%#i_^3kTIEuAT zru|(S2GOJZh`o|MEjX*saiYTL^GJ3l6WO5w=CuG7#>8tUlfjJHNBxHrwUAMVgXATn z7I8HIrEF!cm1LS0ZFRj+PN#N&CMOJBA8wWzQi|GD=p;HUwlW|R(!>`i(xfzrT;xf{5cn9 zf&eAYZc!F6EF0-m_s}lf+pdHYoac44HCSPm@?0hUFnYO}{YtZ|<%cI6j{t;E zNwU}@vu?NW4HXoUpxiL*kX+s!;t>mArh7C#6h#_v)NQUwDceAXEO`gX ze@_a~Mi1H1WfdoVZ+y`f4=!IUESTJ}T)&j_xpx7haVC<7^9O_EH;OXRK0+aFeHpNi z_^G2>uP$~a{Lhx!=b>BdUr;WIATuTHA&=`-J7}`Kz=@#bD2OFDhTXjjFg%uy&u<8O=sOP4iy%wC;-cIEIF{(!O&U37q?fNh>O2dLi z-TfHRH+cRsb0#$noYzVCLFGa@=$LSrV?N~1Z^?0#cXg6qAVS_Jg`G9f@u=QnNR~O$ z{_F*myp7rll&Im}n!1cGR+ZiQT zgzjZq!Bksu`+z#kKAnsI$~~wb2#Bcr%=XB?S-r*1JM1CkReUXO$Va<<_{@+{w0~zz zu_E%)3ljS56kNWI+w>I){X4ZijiY;AueTxA60g#Oh|KOOnNor{2I3z1H^=s`)55Xg zDAx@E?l-r^6p9<`F_GBV?WAO*%Q7;_O5pMxzfQ4huk?-%6xBQ9wIzBO@2wt?i>Uxo zSoAt%PW&RldFOm7q_avsP1{POyV}KW8g`{UqyxSlok&Q|*(he!a&X?Y2N>+PpOlfF zkw!dFhnC(H=3~scJ1WD4eu{TmC|I*+q-C%FD(vj`~sl;@xogp?qi&QJ7*K zKai=a;UtH;kWb;+s8hu5xq2!aI=DUoa-;Q#>;fddwIs>Ink|EpCk4$0Y~*rA1PLb2 zDiE~bd~ijZ>_=*ciEoyfw>Y|rM+uB`2rQ?CNXS_#;dB$6kL)W-(VLGuo;_nUQE%6s zn&wBwz(`dJ3M>(g3VciPNF6KaX-cJ zqw#QD@*IjSp{^y4=hm{c{2D{p54FIi%O|t>y|=@YvJ;QSR|)2qH~m|_ORB5_P8 z)?8~nKbC9H4&|bopyA&!uY>>IL`%D(V>todCwa|J*=0A^=d_E5WaA=Hn)D&v5ZQ0k zAMxoVIO&})^#?-vD*EEg_gj9H|MXNG*<}?d^ZGC}VF%8qID3EhGfhj2<==aqX{cl6 zA0EkcH8lJ&%DO16-SzT>aiNEuB z#r8q0*ix1JLb>c^u+5%CiSvv>@%pUbKd@Pt~9;#ow0aUz9P(OjBM{woM$ppaQr>*qkQ}|P3{PQ z)Oe83|D(q%^VMT}?oA5qpKdTt_LDIugYMG ze2PB7F8Wicl!5a(Ga~361jt?N*9or+`pP*84tx2ficx7O3mYTs3coUe^F@o^&3*6k zHMl+^T(|17^b}X#V10dFiDSog&OzjRmdB{q#Y4v>GctAsK%8ebwc2aK2Rp?v-wQ48;%Bif*RcTXGs39}y?792g%X zM?Wfc^hfgr?T|~*9PQ?>{Ye5HYqUs*qt)@wSdTFhZsL$P9joLX|C&M zdg4q54OD=>2^h03>9;ye8At4seB`fsq|(i^Ee|~^bOj@ytKWHB_g~*p@Id!h&(NYL!v_UeE^=Q1&$Ba3MGGP>Zev|m~ zj5Jb|vNFV>BzlFZ-6yph`7&}AT>e0|MR5z?CUL&CxSBsctR2C)AT4m(i8FzScyMxq z>QOy&gcAa@dLPxjuQ;;asjWyX4G&>=`bXe$X*aLykc!WvdeP|11E*F>rp_o|y>b8O z_Xlh6xkQe~NZzT5Be*iBC!yf_OkfvCbdRwJ#_sz&V?alYkKBa7(zJh{Y)0{^Jl_?g z1LqeqF{d14<7RIB}^9G3h?X4{dX~S&0y+01|GANocoEalpWJd7J{~-71?QO#^6jE#@XNven*=}GHV+Ep}z93;0 z3Ky?RAex%)r9aD~cyTnpdVF@MnZw|7#7+LntXhEVRU+F4a`R7k4PX_Lt2MYjrwv!C z0;n3#Y~rvhdlHXJ`*X!nikItzk@ety_@g2Sf%9kij$Dlzwqg-)P(?r3(Cc2D8!)YY zZTV^Ot%9NTvga8%e@;GY+P{~IAu2NLM_RB@HnQ%l`+~h~C4SD{OU^hh1)RTl>A2wX zGF8B&K$+=%2~sNMmn!Q|G~)U%_{RlRUo1YV{|~{M2rB3CdO3-onGe7;WT%BfQ>`U2 zYr&P(v^RF%0m0>ykavWj;8y{bz1K!cKZ zNAr2fDagsA;PUAry-!(UUOS9jK@JKTD`gl|pr7B?^e9QLIS-3;0`Eobx*0RZ zg@!W$Pleq%OrCI;J%BbrF0%ho{Mw{(t*&rIH+)9o`}P{@BxPy5DfnWKHl(gyBoD!? z`qBLUHnn5-5xfGtpD#%kpJj?WAoTef&9|y%(!_i^Z2qs0_~VH8QAOC6FLqsVGBlaK zuby{*BOYM>VcvSC-(j_D@yI`1?k0V9>g)OPtHyTLK*UpmFpNScjp~n1X>Ji;Um#;DdQ&{A zw=YNE2fWQDf+*ZzIqrLWC>A=Xccv$)-&7bWvGo!{$8d=?X%)Zn_N24@qra^UiLyq zajpNr5`|`afZE((4f0*EX+R&uEG|0I5w&K+2XMaHr&iR$gt#l?g^Wx!S>iLQSlBtL z@g?ZyqAO>dyB%xr71~UHmIq>hw&1cr4`JMb9!1*xy+Run;*E6N@!ywZKRkp%@z?8r zps{f!EzN9Ao&M#y2??=Zk4$ib9;)JI<7H>(0)QTw0KLKIKbn9iY*YY>Ur%0O6aIsQ zhbJ#AT|sL6pI@>wGZm76zGPXz3a@99y8mr3+>auB$+EBnYhPbreCS3b-&Ho3cuoukwP_+%_At7xa&8NfN6BQY?invky<}iYb*_`fr&4mkW_iFD${-+Op;en5 zW7=G%sTa!Zq2Q!Tdu8kim4PtLs3R4NX?kjP7K@@zlfO4qFIwx5I(^zNFACnH;8eIB zq}SjY9Ug8Kdx&_ix{R}qha9T20Wy@fze5&8MwU<`_@Opy@Z+T(8u=I{DBX>{{Sth8 zmFA)(C)YZ&S5qD^&mhyR4xsg0w#q;RPWfL32no*?*hT6>v9byc4bXiNzgtujdeU<% znt^%c*%{kz`FrUwAAkq+qCG^Da9POkYjMz1ouF6az+eDyA0AJlfq7UikM!r|J4n!w ze|vonXod0L*8cwW(2_QBk%@$3u=bqi|XR1%qQ1jJD{fD?6=!|8b;yMF> zl?BcHiqB-~yR{OU@WI!$I{bNe<3Fuy<>m;TQY2?V_Qo}{2<_9Y)Gj1AmPmVQB0H(m zpP$v~32s}AolI|9P8Z2(kJOrO7z`)nTJ#vR)Lt7}nZX6Y)M#FV^Gt4w95ii?BU@3k zMFWER$(p*yNjE1dhbn#R2x@SrFTiLr785>22PGtHlcp>9R%o-1 zF#Sh$Y=9Nr4-GGXHeK5@=@&bbyuKQjwlki&<3=6_QPXj_kLKMZ(w9Dj!Ug(5QpyGW%v`?$7*tx=ba^y_AFyM{yE*QAEHvk%JbFUJ?@6_z^cqLIU9v4ykvle@JVW&70shE@L8Ip0l0k6! z0Ro>{lB&d>Q%a1!5)9akOE$kRF?ii)+EfJp#^+U#J2IqglZe&Atkv5RTYt>{oOM5;HkGiMMoj$D2;Pue`Q z(N_kzzx_lYO{lK)t#?*~>p1;eMmVO6vLw6r~*!%L`WBLg1qS|IRCOo1Lg3uE{mz%1+Qb-*KanO$4EXb zPj7Lu*!NWD9UkRDs9{TQWr>M*B`DSyRlI!^3)1K+8U$>I60+%uTT?$gs$;NbzHAy= zd+CoEeU}BYf`ylZ4rm2h_v8$rjQnV27mxgv*y!r5v?t;R?wG?ish*^>_rzwbt?yyn zCRBIIoVK;p!1Y(!)T4aPTiVUzwSr)BN@Jwfc0Q2}ukN-%G`~J%#PkWA&p}OaKb4jy z&m7;G4q$q*@P0?QiD7{0Isp3pYM-j*qqb|XB^gXh#{z`H>)0dTMQEPV% znt3D2F_d<2`K@(m$-;~d9K-hrFR2s*Dd^5J752A~8t0{;`pPS2aLL$O85m~Gv{)X+`|%67e8}~sm;EJ4*`M0?Su)^tfEAxV*!f>E-nHux zFEhKk&w=xB1J2jljMtfMYeF~+DLBs;mFk5`xp!rsFqcjC z1#fsO7LK#-+q6A7l?v&i$kHQwe^!B%gOGi_S7A-Fy7Ga)n+V_Cmxb$spOLpXK6<^t z4P5@L>*R8qh~XUZMlzP9%kwj8x*wrPF?}15AI7)I0!Q-1J8`c~e9bjsP#m1Uzo0Bzo;l{N)G>;wC_<=U zQTVh{;*)^Z?HpyM#D?^!4ijCBcq2`Mm?=mc=txIIhUMW!wuFo(@*;J$n^+K^b01uO zX(0fOBd@@gj&HOrG*HmUof%7o*iom?sU?6NGJxqGe5^_G=M_o+G}eSS`U(ddr4f^7 zQg?TVu_Q<_c$bAg24$bJTN2WOsm2R_ZusqiQXLCm?eTyQ^c`I-9wa%n^n}?2GRU%f)0<{$OXD4d8_GWS-yUBZ;;z1l9nobTe1K} z6_y@st5G3_Pzruimh39R6xlF zB!dG;lALo=GLmyNPO)Q9z_5-!oqQLqS5)*>4@YB#i1`BIG%DUIp`cO@9uB0?(4)MdS>?^%w% z%?%R(%Nu=C`W&u16F(_3*kt^U^Lz+9*NE-4O%hwdiRUuJY$jlNWVnt(^lQWMc+JO5 z&ybJnzOp402?z^>p?c%jIeXhqfaOv4k`+2wm$;YKC2rm9Inr`v%2Iw4Us^TBJ|(Sndvd%= zH7*uHdcxId=-!1a8|xZk9wUrcaIgII8A08bnI(h@%!c0fli5%roy6QX2=|MMiXm>t za>4jTc1&Xl4oojUFWH%dzx4|l7E^7PAQ~?YY{s_e71xJ? zDl1v2m-HW_co#m9>zL&AZ4In{m)Pc0!~V-3??>+_ldd&NZZw?Ll&XOn>JJEPvaU#X zf#u({&m;+~*s=*;QNP*Qtb~A>k{wn4ghZ*H?>bDnzO)IJ|HMu|Bc^x0--NcIZBe1m zP(k=hwg1ClO4&pw!|?~b81mn&^3=W9TVHN3c5G~)*y<6o2n#dlvkaL#X>)7H(cusn zzm1FrrW}3cBz1g3RL?ivmnnf8y_ETmN96Eiw3r*3jKT7{RksK~NYs2&G|F!l>Xxb? z{VEZ=S)NjGxsYNm*Q)#pSl;tJ1#uQ(_^z4QAxgX{T1#9nf>Zd~X6<29^WhQr_FQ23 z7V%OM`l6H-3paW9_d*>BLq$es+V3fFec?ah@>b+yFvi$G`}^G4hB{Z(Q5Eh6VXYvmaWkXpXgHWGFJT#x)CTO4i)$ zl;pDj>uS>zAjzolcKSw8>R9>uX@!nkTT{0*1D)+=%imS|T*JuwSY))Pdz9~xUonxW z8}nsC6>-(}QY`w;dL@um#wKgeg7N42+I3Nm#|!6X(>}JD&atEp#21PoD0;10+`rXB zZ@&i1-za|3n4;&Fr&Ql7ENiv&fX(P0W6pEvw)*tjYJ+Ayx}JYE3xHYl>A-*sWr){|aFgA9LCEeQU5hZE-)la!r|*{Dm=; z)TN>ho?PYSJ{D84Q{e=S7wLyFVkO<8-?hbQzb}_x@i~f$4g=phE51|qb^K^TY!3O- z>oap;d`7&{C!vH6^4DZz`?+67QfC}nO>AW!Kc>v86S{UL8N=5_?xfx8HVV6XQ>fhB zvYNdqUn-}>f4a!yQ3>%wXe;LZM`GO1r}7!vE4$(4B8SaSmbM%pkPTQgscTR5-LaCw z!O%zQ(|RxMP}Vki%5kjV;foDTOob04U6YMusV<8WinQr~^_NS~Z;YXmBfL%@a(zpL ztIez0Ni|O>l;v8XcjQp*{B^Lr5xJThj{Z1#zW`}a==>Ufxh<#KpqGogMl()m1Mg=H zd(GG?Ya&TUtKRRrTiDo5rFoQ`q^NfZ_=;zIOIQk0l?cZ7fBy}qQMHkqBS+3tK%9K% z>4`_w52tX{>g!3r9OoJh0L#b9e5O>hUsxVsXSv(cdp4itb?!@hlI<&3w7<$SSnOh~ z=ftltNTxXF4$@vs%^W_9Wo64U-Gn@{SUs&mUWOO{<=+W9Q7 z{BzbT0?+fmHa^pIzEtShm&!E7kt#gQ=&(EEnenB?2IGFZ7Wd+a=yF*~eHT<{s#?=D z&Hd>-_vLe3)!F4-to$h$^RPi$6PQ+Jv}8qT$>$;^w}-BPYlb!gdTS=&@juMaOA?(TL)%7EpU z-+b-SZVEGlQXOFkXo=j7Dw2Kb2RGzd+ zQ;Wa;^70)6l#*x%qB$VgXJVbyJ14 zoTZ?Xq4`aotH^KXf?u~Kv^&+$d>l)5jGcQO^^^~+zgAY8Y8AsX>xgG6ACaRRHJ3yS zT6h?2N^zj3vySYU7C5jtRuDwOE`D5E*X39 zr?=v)Q#=!EAY=5vm}`YF>O-#K^1P^|bRC&b&pBx_aQHKP*;rbqUS1MHCN%`sCt92L zp@zOsWofd1{LWphGF;+ImgAOm=dD+CDo7;*FxJ~+-V_|6NSl5w(^1Whn_0T6uSH?Q z5y`NXyR&=v4PGrP7(ZU1^}X|<%vm+wa}}Arw8)FEzLLs5BeWu^d}743F@v#gkh;Mr zGbMSyMnAY(cF<;{;wTfDx>~(gQy1^&RfR7#nPB|vhuwLZOa{~;YVU#3@J`6DcA?@yL%ea+1uz3O^|@3Fa*+SQlw zVcXi|R*&e{Ofc>jJ2D~%VHUqY9(Qv-%~i>>B`D+AHn!7+=eSjU0%v%_df&6lN!cM+;VYzJLzF0TeyzEX)QBhEL`R3 z@S2@kqoX>4(O+Z@h^;k_ULTraoM6Q-+;!9u+SYD)Xj#c0q?bn;*m3-Ari8Lielo#za2sv)C zJU0+9x`dH$C@Z>VQDkKe3w-9)cNy8P=9wkY#ZxRIK{J*@6WHpbOWscL_xVgzH zWw(voItj)%D{Hp9P^NvqX0|%m!z1bBbqE2uK$O>uCkp~ODaa!j_Xoj)hT0>!&A#DR zmkc%cCEm-cqnQ`ELK)F4_z5@SoHd63*mAd?n0k90_dFq#t70iZF9N3^>C=)Fck`!n z1ulFXc3^#+v^$NL`Acu9k+hw>Y-p=>G%fi~M{>2_<)zbl6tnyo@!6%~&=(>3cP^eN zhsWy1GMAI+3?w+hi$Z*t>~hrC>@nuXo}JyT*6P;-cBL;5^IU2Wc;8!;|GXlnAW?RZ z!@BYgMt*)7_e~W(sfhhiqvA_!|*SOCv=W%>^8m3bhyw1mXCV0Qyjj$9CsfX z=3;YL&|%?zFuh7hA%}?4O7ZmVuNZaN8`)R2?9U6oFn%%IcWt2lrN{AGY37pgTIuiH z8((Q^iGuNCHE?^o)9k7~a9a-ty{g1F=$j|W5XSD1wq}0G@OE1OET3`QM^7z2`L;fm zdT&IY@ytns8QCOAIk`0g!)c-%*ApC6iWAML)SHZDEi zk1z4!2w1*UsVqI{#JD2!)+lK-cRLeBCm+1lDbRH~m*>UW;USECsmlBGyF1v-{yBF3 zQ8K4ER%5j^{n;|LUfGBkOTSv|#pvH^*`25!XNissU7dZj zGsPihYcL)FcVT;3eV1^fV*Kx2}gKcwvF{?^-jZ$@>(0|K>}l z2ogOOC8&SeYvLwumM2%4{Y;p9@WJx0YffyzZf(z5pS=}N;AK{1-X_94-z9FgBSn)s zuOd_jmVcLWf!W3FCO)B`6d@euv4oQBn-{&I895`4gtCQqkbvbs-$vDUg_>E&7Vhdh z4V-*6BBe>f6Q=#O`|F(Z7X!Osu>3;X%li;x{r+*z9N+Y(w4Xj;v%SwwSy`+Xyg)V_ zmYV>UUsF;r#0$&7J}jBOetU#K_|5B}HW}A-DD_O^g|FVW82R}YehuTL&n6oZ`L`FX z13S(yPd~Be9khDPY#BdQ?F^Q2V9MAyUcb!-F3YI0F^Hel32X{^7Z-kp^i7?>fy&r9HHb|d@>C#Z=Eq}zAzcXE|(TBT4;CDP&yG{K5 zl<2jfBU?`DP_1?xg{@Tx5k`DqLXxny3<)O$J`7ZOUJ}MI$nvG@LG@w#>bZ;#nV0s@ z!TPXKrFX1^lu~Qb!)bgIv{g!Z3NDAK(OVvg3>lRCD5(mT=SA2y@76zdc>ItJ+xcU} zwT{#L-QC>y$ATHcF9cyyV|!r`XuVu<0g-rUvgI(lhW>scaHQH&nM&n z%Nr>?D5c?g+bPn-+&fjL{Ozp;is^nvhS!mHz#q`#e5Z;=4ybX0|xl7%9^L0uz>&=QH z1wYj1bw`SzlB!GRjT@tWN~D ziTTsZdK(jTsy>6)$*g3S4-+$}i<5j{5V+~XA&BAsapWdU=R@4iw~ypeG*7k zHVw3sqK$|pZU6&nWEHL~H_!*(T zT?m!ySDp{mPoL5_RQn}|=Wl&rq}0lpJ7lBP4aTqVd;D5F&U~h*r0aqn6dAH6NiXME ztk(a7Ne-8fMA@GcV{oT@Mv_5YKxPH5bu-<#`xRedb9UA zPSN&cy7R!hB@SHC>s&MA_pv>mga|p0QAuL>TNmZVcGsoe+mJU5_6!fi*ToIRVZj+e zHXp8kGC>xoo&xLhitHJdmWgk<%o7$nA^0Cyk9r&N>WO}F6N)K7mC|R zdKnhm=9qQw%odAyAN*rQ&ZL%}fL)-aRwBOe6B)R#T<{bD1*_=`HnJmq)F z-@g4kH6j-r;?6ch+|6nt*ypNACAX${I1DVGf~3(+G~E(R4!t#W&Y8%*!{e--i@iy0 zF008#xC}iWSl(Vo$$ul(2;q4?a^$*PDd`)x#`QeG^4e`73GC%(Uor3<$W-fXr7mwd z(dL@ExTfxmR|b!hOj1s*6mYN7XG1XN3+;*7eWRo2jP-g9TNfD`cx|;mN6Ge0Y$9bt zEpJVP<%9JZy4=z`bYcRlaKzD)`Ra9nGKR{4dG29fe%kP?)hrlB{u7SVP2l@_39(P4V^`gEJ!=&YBN+#oLNV(3UGRoPy3XL_&9{~x)(CZ9U|q18#chV&BWP~S zgphe;gY{vJ!--LcIdP!0KfMkl&G)B|lTxj(j4*gAn^F}tyXXv-f8#~AW`$ci3DxmB z)~+x5nIOh*OoqW*^t^CL5c&DgO0awfl=C{X_N;sBmx3mfG?6d&Hs|zltUqy21R8pD z@^Qq1<$V+8HOz%dZ(TU|w?Xgbrwio)YJ$}_HoJ!hth2z9Z84{N_Q z0L!1cyW~5!r9)OxDKwrHh`jzfY(VuYf~2f$u5|~QMPzUYSPBMS0q8wGE^d8Ud z)Mnnq?vHYfGMOR`_do;6T+mR0%F5`-{6OA6b%g!JiE}o3V-}ULh%`u~yG0V-&YL); zt5tfbbQgT{v<{q#{*`Uu^}Q7jB?^7nRVOzfr^W4aDlp6`5>1QwDnV8KP%C_N%mI!h z1EghDWzf%9bAwx!Zi{O$>M}ZI-^a zp%Rn+9M0p1I(XuMG*p_^4A?;+Q$L=(x_1Pj-rqs6j*)+Vx4+xv*>64nT`b5!w)@;! z%2E9J4S4FPqy3f1BBmXLjVl#gFSLfYc&qj7LigC5>G#;kAAi5U>^n9Fo8mspE^Pn% zLI1DWu7~0mc=Fwz_Y5fr`+C;ChMO{TNwY#M$Vo9gGm=??bI&#i?VfFq&*2|vF$~+9 zzPDuJ?`->b+2Zt^BSjlZRfreKKO4fEwDG2y)=nZqE6>CkX!lAIYwX!3O}S^Aa1_yB z+je{3i*^~&E)9WT_S=8N#{I9d-N64hZTrXAjvP}uoLxKZO`{;(4~5X}*#^0{*ByWS_v4zz!Xbeq7Y+K1`MW8^S-80}UodmP>@%LP zJBh@8d}~MvPgY8%e!$;=^|W=5X%xE0B;D`_$=;hkGbKd|hvD)X z$%SVRs?(M!%V9EwHQcScMUZBaqT$_hsqe;V=Nu37Vb*~B%!uB`X9oCqdrSe}nHcwD z#1FndGc75a;*~xmk*{Er4rtd+p~qyxt8*7S6Q3EvNYwaX>*3lXSbu9+S)OTdyE5?{=g|fLwy3re3ql5G5v) z=A9yzFDC2Ob~27Jg%fF8x3jeMJk^5EkI=m~F6*wG+_&k~9#cT!?``T;;}^56S5$wZ z8`snx44=kiVmiIcdqr)TCH4v(*VD(_k!P_ZcDh%Z*V^&Y3pzhg4DB&lH0&{1Bpn>X z$iEY#y*!R%UHNd z=1T|U?J?ch?hGDT?@fBU&YilD@NHsRkIyn6lZhX-rZMYq?@&Zj zfCBe`@Qv%wmrE6sCKPCbwLV)eI!Ns?Y3wsSv--V9oJ{Bwz7WQGK2}U6w%>WD6O*a` zf+Jl@%_}yc!vzt?kKgTvu{IW$L{F1ntGq#<=!kuFkI8wz^)ljqZ&N*0Za}W&mhA2P zJ5`aPSk9PCA@x@))>u_>(ms_?cv#3^Zc}5tlrJ(+lFMT7z!+P?e~;-w_P*~)AIvkz z|Kt(Hon%$|ALymiYyBCTW|%)e{GHE6Jp)SzR{?myT=6C_j2j^-+Otz4IN>3FVG zm`reGt-KE~A+3%0qr_yZ++$x3sRi7W5sTrjHl`C!qHy118r`=kfcp0~6*`Vp_}!FL zzUyv!**sp`6_bgjv%igvBGVdI`1XRlK%Tp^%F$# z`!m6Q(NDo=1&Ui;UML5#Y4-aZ6)wYM;#$$scd(23B>WCgDlgx?h zpJb%28Lw0b`W_l65>&|G*|@}LOtHk{azeCS@8%xU@%?^+jQ_r$;FI!0GzAFxv;uwx zH_ogqOr~IKFC$_hmK!PGkiM=gQ)~^%x!#mCbETFIm`vyMGbSLxmm~S@A9Lai;I9T$eAr;Z#)~S+Klk#j;OYHQBVeD& zLh$!Yd@3ij`OE~A(vcobZs9sxm`v6twd7SN9;s$z6B-hg9{RZb)#r6o(S|aXGGFYu zmYX_zHhuSU=<(mTp4CSItn8LRg=h{@J&Jdo?wCwY7jgK^8wVO|7hL-IivoLrgct~pX5$4^t&XmgJ9o# zFXfmkuU^D@a#@>7;uthTa4*wCBLUvByZh zUJD#OzL%7}$t6SWr2SI2(GvwQ(=p&P^yaa@gZyCP1|HXi{)c9;gy;e2FjjiH8qkVetdKAqSC%C;@x-KcSca{bUF9 zm;>;@FhK}E1hY?mwjf^NeJ_huau&ujF_k)U?*hfr5lhTcD#h91hu^sAFw8Xq?7y=s zVNWv%$S$5e{VgCD0KGIJP+;%A=TA<6K2V4j(AHKEd%(w_kc)thj=*2Neq}fLerz5I zT2EX$rE&glG-=0274bT>-MoLY8}$d?-?19O&s+J-Z0QDlhG~`W=NUCh1m#UmFM*(p ziaEYv7_1+iX#LJ=%U@c}i?%v|9Ow@RpeN7;IJ7TW16Ha5?Qj9u^8hamKwA{h(?5=2 zdq?O>8Upx>&?78Huoh?bW?(P)-i}Psmkw zMt^`d2_0b$0WW;Wh!iXtE1zpnTAzZWQDQ*xvuDJRR*h2BN9?oDNFJY{Kue-GwDjLU z3mwb<{#j^m`1@y}&-nXip~rx~e-=8P{Qa}g^`5_f7P{quN@&1-f1L>IRCac1HSN+t zd3-%Y4(kc@$2G{*vla5a(Ve^yg@s z0Smq(hH;r+pBcW=bE9cww9LZE2G$Vx(Y(IukXH4_!{T^^tCIj6+NU&Rv~hc!-rYN}f1Dc)2Or=xauQf<+&Dy*`wE5HDdhW6wdp|v>n>|n(c zJrbk0|JzXujYbH(4goKG2p5Gtc7~pUb;mt7GPBO4YcXzf!m-Uw;!_KLElfv9mC=Kz zs+0XigsU6m;F-}8qQx4o`wWCzO^zrRb@}QcYJv%oeyt(;}7X5-DT+uVr-P=8y^^BxJHwWdUi8LQ@O*QOJeD3W+zz z-$yc_;n3U3{T+}_SwdhyxW5Pt4j#Y@330WAxv}%G^8yba=0-n(SQzi1!YV5#x%lOD zUWg5IR!8+!PV`#f_47Or$raUoa@&hqKS?d2zSLbL<+E@4RGTTh*-qW2T~7M?KJi(61ap8wmR>&zv;(kIYaogS1NGZcyg~i zRL~U}d+Q^2Vd!pE8B!k|@c#nX#`PDNR31*k`AW>+Zu!=K#GMzE^o${CI`k2;`I(uL z)BWZ41*X5ov_g41yE**=SAISG1()EHjS3EnnrNK!mw1$mjEL7SU9iljW;}U!q zV&&v$gRr$hAmLCj-EVxmP3*EZJeq=O_G7il$sK5!T75xj;G^rCc_x{*ClaJuDSn~( zA5aHXUCJBuGCUO&&)O$)X$D`rZhP9!BbrC}<;02x5_w&NkM)46#!wE|Un&WA^njXz zd|_3FJ|w_8+-%-e@_bWP-^(3qCYLpmLBb@Ja023EZrtR*(GtJ{T?IsufRe6oH>e%V18$Bs832=TL%G92i0f5%Jd;Ik zd<;;uZX1qWf|XZT5HwunnkioQx*sXqcjeRpM5GhU+8nLcL1+Kx4D737y*hPiHzk?t zLy7L_2D9I@^{^EFF<%JDl`}GWWa$UhF@{1Vpu9kPAMDDY?7M0gve#hb#a1k)c=JXJ zB8wKAAAH%Nu0GT>OTuiw0O7#^=?XksLq%LeP~NG)7nRZcdPUa3JKj-N6iRcmG%mLm zjvi8ex-OszSPRh;*QD#1+#!BTf>9N(Ocvdpc%voV->s%5(ezRE))=6B{U-prudLxV zFn6Sz1UJYYIXl5Kl?GHi*&NnJ<^0@SRcq&q3WO?m#aznS~;id{59fO#JLd8z)CM z33o??m6J92O5559`J8&`ibU;_irJT@yQ+xc1dDuvv~ZPF2jT7e!G2T+fY4VO8Vvet zFe2ND^;Zs$NEB@dIgYYys#}aO(0+PeuJe#4qr6fOVt)_}?Oe7tUJig#5-@i+Cs12^ zFcrRe>UO^2gS()zWMaFhn6|hn(-@kWdmyagV3>cZ#RpDluL#DJ z)w5vVhzn#%y7ksEZ;&=BP)W+mOIXaKQ0$;>2uD}IE+{aE|D{qv28OIP^(#D&B?piC z;D+cKEaFDJztQ5*u7PyPBBN46j}Sk*?>iXKR_H+u)J%brsb+%O>epjCa4smVg%q1{ ze>t8i8sIKZ7EVl(l1h&LIisIY=r%_>S;3HSb87?&oQ81i{|Uq(^!ZZ!j{k?J2_uPZ zL58Gp-}K+4%!p@V2U5+pw4K0nJgDp*1I*D@0`6$83p{5Qp#PaK-AApgGQ2`%opCG_GKEMAxeh}8up92?2KNG|UQ!Y*8L~td?3u2qZ8c(Zxjm(S zmOP6kBbQ;|Y?{`?PK8coe%k#b8!&frcXM{%^SfWP z?&HAKl_^%9i$w}nudapWb*e7vxbvwbZqvN=Oc{0HZ0L1Qc^j-i)TPb$wUS z89b5Em7C8Ty?yT*L^!&8nFBGyd@sP-!{N>#>*+^j z7-`GZW_X>?>KhhFM!u}{vG%J9uLvytyp6CZkb@r3`}-IP)Fl4|3qphk^&{Q6nJ3u% zTkcf(k+JJX85@Zj2oFyOM4Oo@Yj&X*gMMCZ0#i6ZYEOv672)8FgmVaR^YHTW@bGZhSn=_2@LO8ha9G+1a&rg? zz(uSCc|-(l1Vo^|c(^FIl@rR^28KZ5;qE1pdxHob?)Q-idiJ2jc(^~Jk`KZOIIw{N zna$Zfqnwd2HygmQ(P@qs+!1Oj26eLo_TNwN0!|S7ae(x3az-E8ApQV!hN0Zdf$8%f z9{@3r7Y}!TrV7~T=)_@zbaHm~2HxAaa_r4pIXHl>mOxKT|D!1^U?IBuaJf7j&~Jcm zdvJFGof#`pSa#?iOHofq&g>Sf5c|M%+&W*{VU)Hp?`XitGgxIiJ&sp9xz8MxHWV? zA#{ZT-SE??{_GsE?~?zqd;D}#=6x?^hk7F1?4TFX4GI0(e$0P3}JTuz44|w+h_x`8J2%EJP@AIosG@`0IxE4M^F09k=7_E;PMAA zjQ=tJ69xtq0bveXIPe?^gw_9`*BvDK-vId^W&t2S_z@rvw&ss;gb^k|V(9GSeIqBA#|@u-Z2RzfySTy49r|;I`Uhv}#!z6<2bgrA{|6UW*{s+|Oj7a1 zPtB~_P)?kTPJdhjDRxh2mYuaX#J^$3cd&@|eYmwmB0#0|xCNAfYfHOEIQb))o-0QuL;(3>v%&IE0 zAnM4gJmN*fkUn4j`3SFWE!}~ctc@oyHo7~br;V;0uI|q0+Apy5dazPeqAu(%~ zKnq(|_>531r9Vl+dNzIB2U3fBOYqmWS4_IiHqeh zuSrv`pP+5zfYAjQnMMkO19mNgCcdcv?`!|Xw6>M;roouEIV zBzQnz-PyKI-`r_VD@^-D+hp*S-;$i;hrE55h23XC9$QFc2wv9UaD<{4urNAD&4+%& zzF6LGei7k5TIWI1U&R{FO$~oCm1hFyp0ub#-&XK*CcD=;7#Lmb4M#nnM2j^W+t67( zF9aTUuc}f^Heg;}D;<5N;>if@0Ss64q8fUo@27Pj+x~wpsdMGwn5IwQ3abjNzvd>l z_jF(ytJdRPPnCb|7+)&Q!gg>)2Ifo(-d3N7cdRFCqV#IcOu|EDKOj4?` zbtXBpyvL~n)aXE(4S+erywSxYiC^HAn+8`u$RH*&t8Qu|^(TLS>Gq>rB&P-HI*@7` zFT}`gC=Ya^F%%5}1e3iTIGmHvboYpn34U~fxzJB9QSW}db9sI<*L9(0j%97We)AN1 zt^KD{p{D>IZsvBty#P)&HWD6goIl+geA^^4t4wD>mfYycN3KT zjzP@{jY+`=o&Ha=G7t`VsE*y@WbGY-#@+XK`OKwFaYmw@7Op;YT_HO5@l2d5*jBIo zk!!zP2EwxJ^ms{~)l2BcDc`h9c3i%T;{A;!SRV7YCVg7N28D!!Sl@N}QDFdKJr>UH z3nd7|4#eInz2S4FaupwLNQHY#3_^H|=S|-h^q2ObYZD-xm}qL3yDEGw@N#Uus^#-k z^0&`qPrlu>(1KHZkbaN&pbu()^i3xJOz94!h}%j}s}A&uF@4gT52^i6Z5K6<;qPd^ zyeLbe`e-+(ox$gTB6}%3^uJg2`x`|+Q1Y-M?y!mznwXUqkN;G+nxXl0MZq0BciRU! z8R`Sn(F8f@q4XEJfh-Pxv+*SJ*2idsM|nQ2E8CFl<~M8ov}cKk28TEmi9tYM$OX757f-snE#?T-vdg{M)w?1CnQ(%&E*vr76%+?k|AQH@fcM zhF1blcEfRai;SKkjh%CZRy3GsJ(@H-R*d_#iX8j#{U-E+!W_NWb@WwsQC&t>PS#vW zRYpNhR1{rS+rRbLbx*mUnE#b>=;3@8z(lVH?x*tmrtjUs3f!>w{a(d4SQ7TWAw>c) z4=ai-}=C Lw!0O;;rf37k?@ND diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/glinux-alex.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/glinux-alex.bin deleted file mode 100644 index d797b79d6a3d3bd5ec98a1f5d58c29c534954b50..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15881 zcmeHucR&=$)^EcMamYC*B}g2GELk#0&QYRdhA1FN7LcF_2m%TSh=^nb0YM~6kR%F- zvM5=}SwP|SfZkn4_wIe~?tbt6@d{?DPxY@)ovJ#as-_D70007hewEn4LVZsMI~FxX z7NrXg9=>p)V;ClYi3wgo0SW*HupF16m>d@#(?5R0ek6ZEk%DFVzBb;zex7HMb~bL# zzJbSr;ea=e86%#q9;T)4P8xry7O%Tq?8-v&bQT6+JmZqi8vn}NE7{n34C5z&49%q(9?kh9sozMXgb*V_<1|nv*`0F=ox4p3G;g`kc=?d zxII5Zzpja%ej7>E<`ahNFhKJu-5`61KaUmi{K->ci8WrEx7;cu{MFFQjQ3qhmmqOK)zLR?sl0F3k-PW4U@xDh#;?p7==;q zLhxi=KgB(|#3lWZ$K%1$lQlyU@Oh?vR|5h@L%D)dt<5It+S8~`!uS_oTiwg^5-Ru0 z6Mp;6JpN**yPM}7H5g#)UQA~(`ox5J(U%>bffvn0w^WC0hC4CKVq+^93`?N+0s#5p zQ3ezpWvG4!`Gy^juyLFdXNLG=upn4=;f51WbU`0kXKq{W25`H`jd9pDFegZUW% z3I6#4z>k$b=-YnvnxA>`0b{;r7}I&FrE|%6Fo1j}R%XZbdKQ~u$0-46_V^;?_Hr{U zj8mwqK6M-0drKKqeDumujX@>0Zmhx zL(fPdD_NSXRp9P2JOXna9)U5I3&F&|#3V_@)ah_>aJsLQ%#fcc8$k~z#Kz-}R*l{v z#K3@I0dP`5Vz3Be2!)VipHzQd#b6n|IyJuNOrTSWMiKRvfGbq)h_372hof4SN3*w*`;^RPb z7bBlDtn;2K!q)`8y>(m7RQ1#1ZXt8YwEW7{M4DBgMjV&!0Cz`=?8eHM-bB{M_*tLI zFEqWIfz$T6^3z&l6D1EZAs7HgzA{`9eg^DoMhvJVTq2CbX0L6S#5$ULg}l>m|HSBt zJLJFU+lap!La?VXfTR%80QG46A$w$)I)VHOJGZlWkj2EscanmGh?dCk36(xAplkhg z`oM{+*$2aR))H!0oy-5Pi8@fY(v_|q(fd-$*rQj}w~6oSxfwC38J zyB44UkHDITM?eOS?GfJwe=zol6XcHugR;c%>w+*i9?BH4$uSM}1wmy%5xC^|#x_1q z&K{1wNDo00I1#E4ha5-G!QLI|VK2x8XF!$UlT&Is+j%2>kmr3_6p-GYNN*coXYdJ7 z(@^&z8gYtAnqnn~j|Viyji`d*liP;i3p(1YB4UApyDq zgy=CTf+FGJVgHEC+;FaAnOT1=vxbrei-J500xl>Bx|o0OdfMizKh5nM zUsS}j#33A0pYi3Mtsq`>Usw#Sn=-RQ1d~#06HUSHiBqOr?bv!BRhgN^JGb@t`Y_&y z$!E}_5;((z>ISw>ru{wL(9X-+*I1(a4g@~r97a4_`q~&1k0aSj^EZYiK`(0J&cSK_^#BDXlz<5z z42FJyEua9%!(pf=iJ>Sq(QslEL5_iO2*rX!zzoieDmVe9fm4N1D4o|+_z+@3+BB?{ zeZmk|@-&-E5!?a=V1^pP_2Ig?+PRw18cx2xo~H!_?7ZFh-M{NHza7$Dz|++kRVv`= zjkNc(^Ysw`)dJLUP<27Q1(g=m)pMXS!1=&`xClQ8g47I^StH zX0+nBiv0cke^rr#_kU1>FPiy6BEZgk6&1ThkxGNv%`LUhoy9gTy4kwogHUyT?4ScJKHXeNa6xlKjFxz%0AV{t4DxFte}hEL+-&Rn>0ZvL zmDDpUr{a^8X`+M9lo_wJwkq9ZRC_?}N2--Yvnhu%_}b5J?) zP7Kz7QcI~mML6?599k?UYBQ$pOfNj@v^0#_@0Ln1)bGX?SX#N-0LfFfzTbw^!Wyym zb$vb%Vcj%Za+i%lqq})jW8splu}Iadw%?-)YY3Zu+4Vri;VgM(%4h@6s^17jh=VJH zz3bDhC07F%@~Rjt^QdZL+CS27SEsWh#dD^v@5Ke)Y;`7joX^05mHxS#q6`>m+jvGn z;^!)yOJAK~yTvP!_z0 zO7@@yqR$B*ehXFUV6LnBj^iBd2lY(a{m+q49$JC%ClZ_&x*o?MVhEn9ZIZBGa*Xhe zm=k!KXqpT+{L!aV!zn>ah2jzrX(7FRomdoXype9s9yZ@6j`#%FXB|9{7m$Jsa5@wc zLO_08z+$MRtoF@O3m?T2VYnbd7@S-RBZN`YN{|$k_(uLy)&5m{XpoGo^{j|bQSam~ zr|zoEU{-P<=aeF_o51pnVr{x4q4@yReamH7q)cg>2E>PD@fryivm~PB)QwgRGw4z zh0cTwe!5XUZ?%iOT0YO+b`@flAkRxwC2F3~(2S#Yxr-wcOX!Vb$LL)Ty)XG&B$ZOJ zak~`?)&qEQH1YLi7VPKy07(*f*(z06bY~TdG3o2R{1P^=-GZs(_@D#V`a>kpxLz28 z__Q+4d+qRxD`rTmV)m_TKR9%a@aH-uOm~@k&h63A`yzVyoNTYc2~ZB5{Ja1Eah-8A zNyXAPAK`a?pS!0*Av=@K?I$Bo)7`3T?Z|-3d$wYrFItoFY)R&sP>rGS&6Y!inZrit|S zcJ{g8?B?e1FB1mWe#a(E2`5LvVB`c~aP@EnH&sxR$Rpbof{O{k1%(8K5TYpC1xbX+ zHxm9oBgJ2t@_3Vf0sW-mJ#Oo~rq}*~C0D~uBgG6V2J1ozD%)D zsD-_c!CW@=@X6-O5>sgtQ;xAGMdzxN?%%0+!YLf!OH(5^nxwU&sJ9=xZE_#x`PqDQ zCil)+^N9897YVvT7iBl$$~i+#{F%6h9eC^dA(vWj4%~3MG6%sQmn5q&;<(8-qn}QKlcxKAquvDY}nXG0fnL6laniA*}aVTpn;o)g0V?6;4zX}hJ z52N@M=8jXr`Tv=LjrfCl|D_WdqBC=9HwX4Jx5j6=z7Risp%;`U{(yzxbcudZ{dA-{ z>+1N}JrR-inbZk^%7Rh(q+OFSf9KD*S-c2#N)4B1)8>l6JMHAeqJh$D`7XZi;E`PH zBn(x-G`4T|Y=h137%1QQP~Y-6^Ih@cvbq<~Sqv_g;C`(g7P=r(Mb|og9Gv0#C-2MS z(`~8QheI+#X4XAiu!6+WI#`x{;&>arb~SLCv?$v=zUndR83TD700W92%6F@eyKTk^ z2Mh-$f0%D6Xn(bQEBgL$rhGHW6oFL36jsCFO&79Tiyw@gYN|xD$FGpJ1Zce&OAdxz za`f7iC0=K&-`AeFLv2SM2a4`R{$E~u ziXj9M2w{=$Yfq3ALXq(B@E={@-?U!lfuBNoKnOY8uh*V`nA80A;`1)9+u7$zcrF?Q z1x>)1_#CR+4^$l_BXZ z@fZK>8$Q=#yBizz>acVOCycXmZI%dU+}YpA5mU=`_T{U$XqIP^G2$9rYkb~N$0M!A z!;JXi!s@J@)fsX|_=_kub^J9Jxn~bE+5I?syCC`7mVbKI%2nXE^9dCvW}ZilE`4eiiYPVGpy69{x`ET%zv{hO_GCQz@=adWvqC(p z#OkX~G1bY22){cn5iU~s?4$)tr6bU?o>4i|+^E4DXKk;u(fKkaNUIPj7EV`W35!(j z)#w-ThA$Rid3D~dt)Hh?JU^{sKy=k8^kELw&8p}DCz+%Z)dE)6bS@`$Bu1Q*zq83t z_&(#Mo8NSeb2V%99?szQq~_pQDX+gi6FWlextpH%jp&Ls5gQlUtt!cI9iu`7-$CA$ z-80dgG=_H~y3Mja!*3c;6sn}L3v_Z!%cs&=V9L&ChVQ`&!6gG}Y5fljz zkNQVM<%jbgi^~4HsK(A7_DFvp7MU$`@=Kh;=xnE(;Z5@tkU#bA5m7nW*2#IKlBm z&zW~()xOGUT;?&>CwQCQsoZtk(dEqcUcf2rs$-JW7YUvjTI8&YVK}JkI)R5QQoi2o zktQWS)RQl3iRq%b=*-N{Wg&X_Re=&e^*!yQ{)rZ{$rf|YWzGP2yg4_XE87))YbxGn zPK^5Xi)tIUZ4xd!;rS?9Udl7z84ui{>=&_gW8ksqYq)hH9_dld@kW%qRePATtPUY5 zpUnH=d9VL`v4Pf(1q>SF@JNBCsOr5tt^cCg$vsub_sF3DMh@A3yKQ;@6sE*gsD~=&@u*snkZF+8Blh5tB_a1YC~_K5Efm&_OT*$=7F15M2^>BY=T~ywd^W>XJH~h| z?k(O3-Se~fqUT)_7U@TzNkuf&1zB~IatP52ZOvvKP1De4pQwgPTAfyGOU4b{bl@h1 z3&97e_q48VE(S;Y7`N!L`UsnCentj zwR=A$E$C1YKC@oZOI45~T~wLXa%LbY>YM@N;gwJIj4DaU3Lh=`9J!oxGk3VFNU!_E zv2v~U{pKTaPUeAy_2LACq-Y55(Rmp*l|F1`ZeV1@(fceTW3d&6xHF)w4D{`ByT$Fwu6*l*#3+kUiI zjzcNNR;TDCI+yuA^iC`Jm=C<{yZC^LHbU8C!0LARL&tJAk@bcd*^`qZdH8SP;5KPOjV;P^oec7#;LSQ;{ch@Qxg{E< zwZ1qDSD6QpAx|1^e3$pF?b&};u?#u6rrYLZIzY7Nu=!=%HM{k@3n+P$# zUN2;#9n@wl(3^Fyl1nJE)|6*XcF4g;$8QNl=I`CwA5JFr<~sRy8loip()=>cNmt1m zmr6Y7`!1s6+uw}diJt7_!z(Z5MuzhH#1P8Z@9=8jt~ds|L=h7=qT@w{q6RgY`C$Q+ zw)RnNrlrRDG%E^e9M-A>Chd2!nl7N@=@z4EHQXHTlCj)>>J^@*2WKU;9UhWW&A8=y z%8Ume8y!E}?etMz**0@k*16@ghwF;%F8pCIvY|8JapGXJUed33zVek$F{jXYC@hx_N)NpdG-r_Y*nS>e}0V@~-w zJxKRL$Ln8j&D$qs#VjmlddFVo{~^Z`iPwv_T&0u2*3@g7{0SXD%t0B#=;9UMeDXnJ zUhoqK9Nyg1L9XnV8haY8x2-k?(eVRzi(K0w_4;e}d`*`Qg*x)N$D?zs$q%Ubc@b+p zGw$g4QymL>kEBlDiRT?%@+h(nUXj}SP=7$`;AgQuOA)26h>lO%pCfV}7LrSpp(b!b zysdhP_nwoTbD~CC?d1*c!p*bjcpR%w*jQH#;&ZL54wgv9q*$IGWKs8Gx~9$-M%I$* ziT{M3?I<#_M^>(M1VRqDDycA-PdFYV&pzc5&B#8K7|2G)<4v5?(j~)P45)J_8wh9r zS_6qroXSCZCkN=6W;xvAK*z(LC?t=ST&&H47nC^o3DyPeJ%H}Q2+L=7YZj7n?R?Sk z1T-lU7x*?rA4m^i7uZdBnMw3lY$hvPSQELqjx=6LK*tjjKJ7-HTFgZX(OvSMj@2N; z3w@}1^E5X_?ue{52?g;__^yrpj5Jo&*6v7AgkPe}t1pQ#0H@Aea8~accdz*ubUX>N zz4gN<0A4*RnQ@2o?>XalDxmFv!v5DiK~abb_pHN?|I!Z zx^Txwm-!wI^8;c=&uZfi1poaLRYgN}Ji6sS;o;}G_6+>t#$5I4%9rK_#4j3bIS*aP z>9g`%yz(-UG6kK#DDG1IRw=Q30mU8vi%kOMR*n#1N2}HhD`%02Y=YvK=y-AYm#m_R zl#wGA_?WY-))Ja-TKJCEHQP9K5Zi{!=9uVs*}klt37OT~26`2{R@31vk5}D&Px}OV z8D8}ycj=SyLB}hkk99|8huYx;R}&;pC^Ya1R26OIaD2H)r19#FA5}6sUgZU@4d*0w zX7u~ht}DE+NItilxx2mM7z8#FH08H9 z4{Rphg4>9o?TF$kEGx_^y+#`^tzmxKd7nafqig`!}wNJN^cFv7XIk~D|EcqdJ^&_n_7rL zzOwCulj&bNNm%@ex5%A7PQ7XB`D*8fj`wzzsWE`Mz&AciXQlN)wmm-8*n?y;-L6z0&g}L?%d{F(WbKbB^fvD`x4Jx2d}sLtbe& z-%){iZLG10+rBxx{o?fGL^73hIXXUWSk-jxM)g)=d2uSt#m2E@_+qTbHRTk0YH!wd zQ>8j|eEg>Hqio>C4kcz@ZxXIU55}UTbgq=hQ=M}YL9gw$Skdu`SM#p)&*3xRJn(Vo z;ab*R8j@Pqai5RfFC8Xo3R7i3$7kFevTM8kl&aCUo}^AQ`8q&F>Vte&sE~i&zJXZK z>vRDNk-?37qt1S3RaGzh;@(5Y-`fz-Nz|%1D9ywT+0`1X$6vIZ-C04d7V@M#ov>6& zM8}spaePR1=NS65;bal}=F;WgBsF`ai6+a!pJQ1MN*S}D<&zNn{Y$)Kow;W||eXV=i^VN|eMCgU~hC5%f@Fb4xIEJC(nkCNxCH*RBSq9)sJcR z6H@Oe^D=)dpsKTs6N+v5DgJg)Hy2edbB8l!hvS2{@#y#-*URy8L%BCEm{3+HH|wga zS!;IC$M;F@JvAK;o-axKs!p}jCbQdeQdhRY!PIy}Wbf3LTpv1q zv}Yk*WXq99G(zEjmm$sLe$j)cI^Ki#Nm*=3r3Ngr^q2aD-$?N6l9d}pH zG^*61kjamVjTtAC;wSy-re?HJPYfYrNJ&i?I4~T_2;Uu~yYB%}!k5?MZ0RsZ=Wke- zMK~kfaG+{-|G8MdYz@_l^!2^!jN;%2v`hEws_W75{^PX7`Gm2DR+1QW__Iv5cmV|D zFnz0@nAz3XIGC#dI=)k?Qi82CW6RoC*>7CzMe4g!Gv=N`6@g`8Qm;1>^HJz{Nz531 z8G_bBu~tLJ+Z&s|Aq&Xlrzkbr7G~Bfcl}JTs|W;``h8s0;_|kDm`c zJeKh9YA1^8-^J^=-~XQeN9{KJU2>uL{9U}jz4X707izTsPPssS-}F^f4n_gQ>J$gz zJ8X3AwdQ5`v)+XPjEWy8;9w6{*gHv~^0wlkLgt0j4BH9K>;USh3YZRwkMqC# zo6Cp0nfdce(s~Ubw@ao=vLgMwTzH?hMnwltUqIAjN8tEK3UEj*{X^ACfHI&4uz)Yh z1_D0dNf8IY9i(&s8}R&yFW`LiK>{8>Jo77}T)KleGRj-!YM`|9sLG{jHf9$-;@8ZI zmGLFj580$S0Gi`^51B9i>hb@&488sl8RDSjPfp57!#kmtQyj7Y%W=Jj#K&X(Uss66 z0OfN){rIM zxL`5KE$L*7BV84H!fQVmKtx|&z`9eDOjJ3d#<^GrmHWcW_^{%UobMw4de=BBN#QSK z_@=tRg>SNamjMo-{sfQewLOx?7StGm?>86eebO5(BQ*D1+dfR@^x9r{^KbKgJ2z5;K_=)u{=KzlQ5Asc$JQc_ z>U{}Hbu95|0A(#EAjJYotpoOv@X?jWkuA9aTwn`Mfh9^H?Q}F=9^khxSfT))%<=&L zP^Yy}mWHBOKs@3IuLkCVfCRt?oCQ$l_P)ndltid#ip>mxu>%EVq!hdFQDuLUAO!S( za_6`Yp#i{(ialSKWUhP(t)}h({n^?7iPjuP{4?4Zpm4uiP5y{sAmX>A1j^qY7_L1O z9dSNo*q_&_tVU7gG~Nx4Bb%`fa%9E z6gnEijej$SqTooVf#ZSlhyVA-kPzh<{-Y#^jyf`wzZ~R$rn$c!h4VS$8+Nc^fg+SfR<~#G=@~7C^cUEj(O+54$3K+9V02}sagNzF4 zsPy9?ivlRu2?t$>!;z7BgC=GN4yz#;=4`=S5iGxOROSHUFrXB`oZnaHyE@#rII$r$rr@ay;M zn#&r=2xJ=up3vWX-Jl*B0rL2>HtB))Q0d1uiG6F60w}!z_%Q-M|7}Z96Buw}8isP# zP=Ki*9iJl|N3GaKRL*I-A%FOk6*Cw#B41y4`Iu+LN#*u!$~$g(_?<{MmnG`wSKo|P zKM$YIDF&aVc`s@OW&pr~;`Dop`*!)=fnk93(Q*Lucu@eMCOI-kfL%P{dY#9?KOZ>$ E7oXGm`Tzg` diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/rhel8-uefi.bin deleted file mode 100644 index fcca9f4388871f1a7595b6da3dada1b54016f676..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34034 zcmeFa1z1(x)-S&4*qctJL8M`CI;6Y1ySrPF?rso78bKNfDe009DN&G6QX~yf?%u|E z-*@w#?|k?9|Ic&obMLosvzTlB_LyVMHRhjdkFV0Hdmc}nA&+yzwd#@&B=2RsVtswqAb+hI;IQ564tRSKoTGgWkUyG5AXnZ0lWd`04Hc$ z=11EZ;0tYg0IZ=$d;pN2i~{if!Re#ePZI74AH`C&sTg`lJoxOZz6SyU_q^T|EA2F9 zX;+d}Znuq8Ya|F8yxv#gD9YZbvHQm03IaS>l?xO<%W0#6g8KaA(J7Ra2+q79M?mys;_wfm-govNj zQHqsdg8-~=rUp+n=LXLnnh@@rR}R*ZLZrotcmvuv9WK#a!FC+y0JCol#NnTNIr zYp8gjy_&CX#=S_J!Fz%QSj$FYiO2lK6qK7EnCN;8P15Ggn3AXleR+# z(o*|QCaN!Jw)7p^=e3?ggz;l-gHM`Y1*sgqOYYrc#yl%bC^)f%-4{a=!6p4tW?7%vh8Fs z;84VKa45o?0whEPL_`e0O9jGh+c4u@FcvBXbEI74CoBX6APNAC3&941P?5Bekw7Re z*1m3zU`i4!2tSyg6T%7Mfk1c+el!I*!M~b+^Nmmh+CP&;Kmj0yBH#d^-D4t#A|L?9 zT3@0Ee0FxU+$BLAu{Z^$jeJku$O~YVo`^uu(2xtbki6Z6RT@)w{F-2hcRR>F<4L^h zR1uvkcdu&wBget7L}bs>dmbjbMWskg*wf&o-Cy?3?}Cs}tMwcP(_K6l(%HaVkloD# z*UlMNAX&x~T?)L-ER5>!@NwOZ-(JN zTM?j}@J&70oG&lv{$`6y#z&1@$ww=4cPPd?1oH8Vw`H+pp7E}vKFuhfP}q>6(^Eu5 zLI5BXYl79m6wr~Tz(yuUCd^g~N0K<U z_Zp^eKO=Y;&$`f2bw5QkD0D~U=Lp4H_9k*v@E?N-^wdl@C(qv_Z+?ThN$?t@`ZNJ6tzeX@U zTotes#4n2{8FIssOHFsf^HEt))a$-=g-g$Sif9;7Ltz-a2D|oAV&Ndx^k5F*8sSm5 zek7jWRuOmfhT_5M#ap8H%_>P<3qIT>%bE1f-&U#|SC6vO<7!w!=s-rq<)>%PR-}-= zu;t37e<)f-Rw5}iHaHL5C~L5{nwhSf4eERt6KMV-R-{J_ZPZ%r4WtL zu$C3JyqMqB;p{u_?FY4P7+7)!;E||eZvY?j6Qv~%o~?z~=j5`!KWj;u$9TKmja*&@ zCSR31K~>AKdaNEa9HE*-9Xaux<8A&`X!pU+_{6EEgM}bavUQ#Q+jo>NbNz&sc?~Dt1 z4;O*ied|jY!JR953=TUVnX5L{=PT9j%z95QuxI>*H*>9p#+aD%FFo{&_G(fO&v^)f z2NCx-O~>+l#t$u1dusi~!u_LyHZ;n&^X{S9ClUSBT%ic6(2-IEzY@2M5m1|BuMK}4mN^)oeEhS4ArUyss+lCigsRJ zZh{;fmL5**&c9`u-O|;W!_Cnic9g@-!_~^$(#w+rDi%-~hl(y#ZlOX8l~q%yFo4;h z|G+%#P$<|86&-q^C@5$M2*_Gs4Y1npHW)Ed>Q_g;zP^9gk+sKvqX#dz>5CK!9n87# z=rh7}Qp6X`cP^My$w3PR(?{DHHsv3Rn!N8O1D>#z_!#W^x3uy(sNci2I)7_*jA;A( zQ#qMmXWK-yo)u_bclbuJDa!n-!72L*IYrKvJ>wbhS@+qqHb1mtmhZW*xOKw!LtoU0 z)4M%%-1(l2vye%(^*)`dff+=i38o)yTNjD*`wXgNzc!}t{Hv^xN~!h@q`f{-G4U7H=Y;oOZ(C8iG_sVV(xHRYFITR&A=s} zBM1N(ZMd-@D4Z!>+_5}`ZENlN+xL`(o`Y>x&^Zh5dy4(CX}6&J>%J!{F4Ss${%y6; zXZwH9L536i|D&xIAJhTn*dXy(BmFQt&h~iOkq_=2G^#nV0asF@2}zs{x8-WQn?8&vQ7YUB z+zid3@bgs$)pefZ%o5Lbd}S$B=QlpPXnW;{`08pOlPvRP*s~i1JI&qq#O}SNVq_Tk zdZ=SU{w^>*u=}G_gTKJma)U*jau>hby4@|p5v~$+zL$FTCbIztJ;<8q?^WuUqb$+Q zT`h_9cNAlpp87bblN}gt_CNdmLMWd^HtL==msA3UA-Tp>_-YlXWAg?vljl z40U@L|56p=@{%??mTc~StlK}apMPuJc+e%Tz+)4id_dK>c6vNaGMqjP0f+eF3=(7t zPn<*e<@5=(Pj>XU%ZP!YPmHTWmxIH^QIi@ej*(hVZW@yvsU?4TsvR!DNKW0^P@_&b z&|Q_4K|`MW3g^=IQHEzq^o!0;jaC#jtX17d1?C4>Th8=LVmKsX!xO~{y~?#Y_!Q_` zNu5I-tt`UwEL5DA4m9?vxx;}H+?TwlByma9V%<-3=)D=nN05roji=x9YTa#BYnsKM zM(b+#T3w+`3VwM&ddfja?8x!PCcchtYbbp2V7G@Wv|2}zl8w zwpo|U%~SuiS+krqWWNN(eK_w~+cue$&8DmtcA`$u(|qFWhR7*9kz~3i4wEFch=jp} zP*d^3Q+BMi2QyCIo6Yu3G?8D?rq9=vryCKL9d4X82!*KW zlyS0sFN*mh5y?QRT^RbpAonvkTZ^zvHj|!X`1YoF`b{H5(XGsl2*W!fqV2N89@^{l zwDn8(-Xozh7k{Emmgxgv&EJUGz~*7FKyoK4JDg%DDA4CK`^=yIY|YQ@bDL6RRQmZ^ z4Wjf1>)z(#Kzm|uwA9?QvJU+)J$U0;%rWW`1vUByYhXy_{=kaH-0|7$>ApG1AZq6TO z<7blx)&z%y|65pP2ebZUmHrP_b?sfOTzx&M)qXm>&^V4-?Y|rFyau%wZL(u*ydU_K zY2N{$>9ptKI;=(>)e8QA8rD8Q9lrEwChmm4uCk<>Ex^Jb$krvBq|4&4dJjPDsEJhO@59#7uU7Bt$@e=f@ z&NI}satev3vc4S}_uYP?rSi!Lh#Y0zC`nr0u;zTjci-UFS2?8LmO~P1IYj@p8=05SQ)HX zAYULGDgD0{@Ib{ED!fpc{Tb?jdD%F*euO#(ze5{nsG|Z_0xSG(Lqi>r|6Zu`PiX(G z86dn2a91z&?{#T76cFjSqk-eXB8p4k`Mun3O0JAsIW`mJ_6LYevbq2K6+gSQ<7xL6 z(qyLX9atNQE?EvjB? zIjMp5%Ju@jr$1InJlzk7^wjOupz-83I4O?R8Ae`4!#MaHw=r=Vm{{}i92kp!Av!|g z5v2KS@44mLhA_msE@bPtYMi(vU%0$Jw^w2+Iowo>;womhjY2lrwa!yTJYOu|bgPiL z0WZZfmWJ`;#2ZfmQ;|v|v;9>h-11qBozwHoh~^;mXdBrZ2}O1I!XeCdD8B6}N*4E; zd(ej3?nZGVVJlkPeX#T5azcS`gsnt3fc(4g$}=2;uk-y+5hD-{qbVS1yU zlj=N}^JASxA={gZM#y`DdxWyu7RYMZf|^T5)BnZKX6oqUOM0Hz z0jc!SM68jcNF~y&8!0oU!Zu<*&mJAfC^5E}FR(y)S$s-I|}3KdKw-%2k0p>04q!t{?c< zAjjm>&8T3TaP=Bg{MFpjfD4m{Ta7?Kc(J2SN~>pr*gcE_3|h+8Dw8qwkm;|Rrl*2i zVj~^7Ab>;!JzItXqIiX0;?{sl+1kZL*U>p{-%4#m=NW zX|6>Qu+A#9>iNjJ#fIWcK4t7n^P4Qj{HHAwtvSympGju7rT=|ww*e;G-T!57gIxP|5{f6Dmu-ySY0_hT)Qd!JM$0E~C63s`RAQ}u#l`(Zg6KTYJfH{nEg(j<=b(7xtMK2RA6Yww>dOBG8~a5qSxtoWIt_E zNC7w`@5iH>pAP^K!GNF73+Q3b3w~>DBqUVKUpYEVBvhz#fMFIXhY zG&p~9^9cV0B_Yb>$iQecfzH#Kf~fTkt>e7B?MU(9f`y7v(-)*Lv5=Lhhj&EDvDEX^ ztue#pY&VNOmnnRFKR(`>zJW1g%tlOxLIfO@Y7{Y-pzUWiQW>BqUSHE_*gK75S>YEj zzKAZ=u{LE}qozLI;YVuK{Tz>~G1MtQvL@a%~Krkv1=Vdi}Jq5Hf3EWPD$w3v+XGyHWqX zP-A>CSrc_}t4O$OJPn{v0N(9=_Di2U{Cj;84b>-ZKlKR)7P)}YR0S7XO{d z2NIxZxjNZ9L$%1Shj^F-D3bP`maY&AFxd}PK|rWu@8RVQ)gV6-2tU18aWM6dhkD## zE(jkt9~ZX)DGn!CKmZIozzY%J0vmuu|3MP;i{!7T2S5;-xQmy$hqWh!4C?Q|o(_QU z|I&%3w}qtmzns<2lq08Tidb&sCu5fRWUQrDB#5M$A6o}bzl)|FM=y;dRn6o0 ztVn5>a;T)<`zgrw^oGpim~Rp|Z%ZZ=9hhvzhHdwgcGlipeq67X{y0;v+a3ojj`h^u z(4D>P?N8cO`x+`QXH)OTQY5P_cgM=I5%+~-nGk_DqYlz@f9_lBM3nm%va7RNPrnd2 zo$gVu;+hbe<6*tteF*p>Q=X=4i*lgxRo64sBiOetmej`7nE%NmP;7ddBJMI80HT=F zEVf|E%9(1^sK~gCh@XTP-XQ&$I8Wp5(T&-Ws9ZJA7h^9!%^KZ~u_!r_-8+-4B!Bn_ z;3ihcb2RR^J5c}I(+q)*)cqe1W+-rA5B6Xganv7{;^#a^2ctp{!;>eK2()@hR$kY`mJo@1!Dc*kMncMsskRcsMamL%eZB$~i#U52_p7eWs zXjK*M2lF?HZ?ep8sI04Q;pC5-LGFJ0shTK7HL-qU?0-uW6c!L5z@>8kc^xAwEtykq#cUly|Z)ieX zF^X;499S~vbIg4~a|d^(+}o?;KhheB(2qIOvYTgR)aJ4)>oo`ZA@*Uner+&hcyqt# zIf$^zb3dz&$mHN)tJGW6Z_RyzV(uGm*<)8D)REJvpaQ_K?}^XEt+74fEAl;4A<$vvmjxSxgv*XeMAlp;o(8XHxl2M zG=y*UUW#Soo%?jfw_E?zI?(wDeLnmT*8l;gbdYg>xSbUA$S_;-hZBMDr$=>Y!EpEW z$6V1RD=|}I+Bv@OXq5J9%qgE#)Lt&f`;FB}m;y${ZJG}|I>v8Bmb^#Dg1VG9w_}6@ z@g$z0;-nv^1W%rIU06Fr<_P@q8oB$u49QTdnzoJh|E*Wn}*h)NI&@ONE z7KeOOF-9US=&c%fBlCWRd=md<-nMLBT0G~t)Jv}+aE@-N&Q#ze3SQ&s3DcKXxtcSb z9Mulqx23Jx+88sV5?em{>wdk9eMf;mwc|MB_&wv)r^W1>CIXL|tb;pGmhnZ^d~BKW zr-7K1QCUVFuTBuW6kemX`Rq7czNUR8gSb$OIdDMKfx}YqDxoXLwYsQfKv_ZdX^&2F zGs$h@{vIW@RI#cG@h`k-l8jEYKVt^in_Td7CAe|P9@2${_${T3^2W3(MTy2c=LWI( zax-Ods#NQIOnCemM_BRKhZpmyI3A3*UTq>tbI%w?pxts5%D7+ULN;+19zU?OSQxoJ z%!X0>gxNKS-7^YH#Of2P3i_d~ze6|Yoo`Pn;i z4<0%)8L(iY!sGiYa%8YdtO|7d^qj*c&Q5F4TW|&Z4`MjI*ghU;f^6XNdKc+84>OAN zC7)iH(&HAaif$_DjhJ9QLyltdwyVr?hsSHC^c7v;(IA#RpB&CX3urs45Zmivt7fo+;c zR%~7Oueb(_nO{fdn-P2`W@qI*8r^b+$1@G?X*AvuER17aJa8#D3pl*<^=;dCJZo>G z<9CGN3R3X+a&5+)fkIr6#p8oFIiEacA z6C$4Qc-b*@bB1-)oX9mn$3xaR+|L6B&W^8mY3%yQST~prR^jpP$H}fUwDN&k#WEI^ zx3VsWajAWA&Is&wHkP_Zzgc?2<3nEwO*EdPOHSlv^-V{O=jw}(3vc6M>$$Ql>+tEC z+QQ>w=jHT|GMdg3YM-P79n5X3=I=(kB*~;%k$BJy=u5Z4;}a5#VkX~XlA~36T8}b* zP(PTxbFAjP9eq(fkKGk4M-Gp#*{gx5GvIq3WISQF#S=JyR7BW<1-WRmKl5Q!yfi3; z$M<7&R>^u-FTP5BLfh0rdJ&&qD8ov%Q$pNo9Lp8mdkK#pBWYtXjxRUACt zO4o1+-!F%quv+Jwn@XeB@iXX)6u?j4d*`DHo7I9eJYITexW*fEvR&?yPvgE7{%b4c zn#Ghm{VH?r9wIC*+@MAl@t*k&v}*( zD#}~LFY1wgcNt@4!+13oa985R7CzVg1g3uAHGPXaXF6J(S#v@pvVFc^qgT5v>%fRf zef!e=oaX+dd>aQmeZ@$-(mCsn*U0b<45*+kWr6av~#W+k+9bH-e~clDDhNe zn;9leB4@EBXv5>5ZlQAHbUErqW^tvV<=<*{EU`x0FiD}P<7H+Z-*JbM10J7&oR2NeH1^!B)N6P(Vhs!fNy5NfK9xHcab=ia?O-(>SDE9Kp_ z_=Zoi$pj=cdSt|#QA{Rr*mPC`Pyg7rRyB7eC3ZW%*r?~J3U{^=a!r;sC+nR$d0k~* zwQKeit5?Z;@8+RS>ycpV8?*KO!hUrC_j+>sQ>SxGtz5cm_Bu>2h)UfXiA_1 zp8tN0%5XE!Rf7rou`*@HyBJHT;Mkkidm3UJ{d+Ge#;)1-qezkAmQ&I6YQhU(oPxdl z-FWN$4rcAOb_r}>miUzvc>4E7Mzt&_a1f}P&`qAT`A%2Og!PLm=$hT>Avk8;8}Nt6 zZvzC3pJOBIhHL}W{TkcOigZ7^5T($R1?ZbPtka`@gU6FMuDm!N#-DuLn3hQ3{+%T= z1!ohD#&t=H(U#3A(32P*FEYU}`gC84e{74cm7)Km>57rQAfL^vY$X%PyQ1fXj_`Q9 z4>FuX&&h3uMPgp3?S8;dC(7xPZtNXmyFVnKQ&b=ck6%}W7-$o_%L&INdp>1*OQ!sG zkG+!S<~O#7ko+?f^eK4!`(B`6W5|9qG}~9o#22!tXmGPvHTt%rhTHr7#wYar@c6*0 z;0mH)rMcRD%NXP(m3q5!ZGZKWmjZR}U`A~g$9Q=Bdpjy32+b~~?I*>Ky77T6L^oEl z_yN;qV>h;o3c03Jc>K!PowwcCn|1ZbQL`QeUuDmFU3H7~pWkB$rX*CUYU_u`BkEqc z<1iC%#ys^(>-Ir@JYHeWv{?SlZl<}`QUDoZ438H~`S@jvF{tQ)()~0b>rIolO51OT z!3vuh)dTVU(s!=Oo4h8#AKNMSSRJdfH1Fxlz&w_Sg#{~Q?tSmJ;s|oDEqMANu|WE&)7!BR!NG4iP(iG16`%b6@uC7+V9xM{~<& zSE$DDOf~LavyZ_lJW7^!?FYicsjEicG^_LPly*Gyeq+6`rrtLvPwm$Fj$g-IU;pwBd)5h%VkSSAN zi4s|;JJbbc<+3^*u2;GZuJ+u>Pbh`QV=#Uci~B_Xj>2})oxl7;hejqFqwJ9jPZY5b zF}8Sf^)>vL*b1D88}V44pK~7vM(w-mJINEMT_nY|1($KOrzpbXF}-(z6mGjEvnO7+ zoSRgK8byNi9eB7fTKgPTm%Kep;PD{!g=E+MG(349r6O+_Mg6Y2YIY#1f8lEVOI*q_;`#2Kke3OQa@nu7V;WA2rf)VRb7)lyI1gogY7f z$CD+e5S7n)ZV@n+`_Xk;kiXMjt=UW*VgB)b`5_QvK1B$sb)o!k&Sk6T0JItSKpQbyoy-48Qk`0gNvtF?8 zHvAGNagPTtS%`*jyCl~&A`kOO|G**A&!LPP9?$P=Z?wuL?XyPqV(e`5k>9ddk?W^9nUrWBeeZ~k2`^GMep zb)`Z?`!rQgeRzIE1a5zPR%r0DP~5iN>TdWQVM&?|;|{5n?O{IgAU4Kp{-+q`ptF8U zU3$d^5TUFSLGX$Ktcw%&UY|pP;<@Q*TM|5d@rY0==SstJ?t6YkET%b_-fl09(jF_z z#`+6~we@GCT*FU)sQ2yWR3Uk7t$Px_#rXzwb`v2-$`Rr4sd@)}o-aIJI?7Rb(R|KO zFg+N}3-PXTqk&w*VTO(Ud(D54y&|)$7i+#mKJX_XfV@**He}}@!7;8mB@*tv7~rgj=STNlis08V4cbnh z@mk2|gXkD7D|$_@LyWtj3uigA8JX~Sz2vX7?leQr$p?=thXVzzxjqz}e=IB#rRtX^ z$Q|ssmd`P!%o%N0xR0o4r?HBt@3uZM?|M%A0pa1)LC~W3SoO8|+I*tF*tbg`vHN?? zh8uTR*2@kTRHAi3^3}F?8)p}HuKAyqROq^mq|&^s$%ENIMcn>o#&zN6x0-jH@MAYt z>RwjC^KaeoevEVpsSmP>r?Kk!0&9eGCZFViSIB@XII7__Zj1>+lH1MkO`tD?_*5s;3L;OX0W&YY7ob!zNreYn#1eG+CX`5-Igro|NvYkCOR zV8S*1=G?wJBN878`rH`gb#Ylrt-P@w7fnFWPC+@gA}gDw0#Dz0cbZdowQp>&aSjJZT@pJ--4uK8C%@?%diIEBdX)|01=Xg?d0 z`dHLr1fh~QAx$=OQv)!-^B-E(CijxgY4VeG&LyF~@`q%Wd35%pVoYGJS|sBn_qF*I zqwFWZo5YztmSV8&#eM=_D6)BQsxKRV%*x`}5P@(lA0Ce+zksfLbL$CB4}ql|9VZ%R z)}q~UvR;Zc)8PR1;Wd9aA#EOHe?#Az&}VB!M)56k#8-{r=CfOKg?*PJQ*x8n{HtWk zvx|YPyUlN$(xVB@sNZ_j`@F2wog2=_F~cVL&bAJJy(!iXC5Q4t{I?2PZga|QuFvb1 z4$CD(gPIKyJTW*gG_T>a$O*H$5)B8#1*-ZJEcc#$t^DSrJi5&xRN?z#c+vqLpYG=O zCBQs0GhT4#VUDq$O<-g+>-q4=%NW~|%=Wvdci{1vn`-H5v%$-K7FUT(+A;XCRODNF z5i?jZz4wYLrZBF_PgYpd2dUJZ?UX_7qtjrXjJ#^;JJ=S2AHUx_?k@F<*np>>ReBRc zO3DK3Bz|#FowX`C$NQV)-M5=FOiaN(=5!&~ag9|0cBZ*s7;owe{fvh zF3R?v~ZYs5i=a`tO?dfAQg+~V{G9x-sK1h%^q@~rx)h6^rno7}p?H@S9$&KL*V5lvsKxUV z{d226dv9s=1^({6YC;E|{U&g_)wO(S#jV*F^UD$~0=bz583nGS=k=AP&phj1o)mnb z@obE9f~Q|Cv=!4WtCID`u%U}fQ(msc@fniO>WW_d_XXRgLc>dV{ImI{_YwD`!>|zo z?rkjURPSXCF=5x)7zoP>D(Jb#Z6Ed)JcpxG^(*3~4<7c3#v#V1$@e zF);wo|8q&>PveYFm;(|TFGD9u;R#YoYIJd)%{Y$4cQh>XIOF zh=u2;PtEXTAGegEYLjHhF>V?|pul?iM8*4AF{;T1`C#rf|D>M{ZwNGL5`S`$^6i)+ zT8yST%&9DPm9^bJqX&2vJqJ&JFwd&=nZPDlp{;~QAPI^C>BJod*BKY?FTzmh+rLb;fc&dZw#6CY z@ryZl(@t^;a~B<26pCnHKigv2V5G|>Z7EW99lNPWT=NH(Y+{=jBG7Fkd$^l6J70ae zr4b@z?@61}%3N5gOigwMPk))m>>G%)NhxgZ_$o3PX$C#bzUp{56a91TV@b!aGS~7U ztB6k;!=ftQ&JAiXqCae|e49CZ`ZRNBv%N3l4S~JyIXwN+fmpog6fk*@CCP z;e6?yM?=`Vk+T~e{)kb!lGD{S=)DTIW^SO?A{Fm7{kf5yavIk$koN2#aw2rX#9@@&AxnCSUWsE(0;`1|ACk4fkmwl<%1N+2C(HD^v%HPEqn2($5>)7?3naVPmEaC zcAtH-`c%c-de*A|k3XTBGauN=z!ei637{xitQcK))4$Kzwwg5W=qqoUkPeSOO>|y# zPs|W9D^g{BUWS=L^QOl36}^PveZh%4>i3tfJ&zbhF}tH$!0+oKacnt=+?bacjzs%5 zl}!h=qOQHE>$@vFeJWzK_z6JXIs2)+6z zDmxy_P7u;)w!-7J&=Fp98~5~yoI;)&o_4>Bo4wKG+gkayV)AITFJCJO_WnHV6;jyi zSjd26`xk!ir7;=RJtfIRGzNM#9&CC70jr|s*~k?fuf%k3u=NWs$nE;Zu4r_~$8V$D z>Lz@KcLM|vkQ8qrWu0Ld7_1BY3;?Yzn)CKEu_WqRdsYW7)rceH>yb9Lx{n-Qn!T;g z$B+5=>!np#B_9BEaqzEdK77%O?ROd4AlOCcH0<$7vIk~wNPqxeT#3pX$-Gt{y$5v& zvK$hrS4%=O9hy+)?M=d~-+P>a0LS5}b5uoJlo3K5RTld>msov{vH4);i!OejvByIW zsY6mk7%h^5`|h`L(YBVe+4!No!k5RvfF6TwzgCg`qk@krw4RR@w4#p(j87=Pf8|(n zg5-;R|D^g6*VkzfY1N^er{@e1fTk(=bbY+GhA_WM8ix|~a&BAwl_;GB;>(_QPqE8E z+#rCcaUHllQRKGl=vrh6BC>sB%W6%n;77Uj z0@^n`$FNFLur253?jIaOU*m@UaQ@)b0-yoq-3mYrkb_ou@`CQA0WQ!z?0VdwAA5i& z^lxf_67(+@Xek9hC@o|J<{#e${O;h_%4{V*k3;b7LYe4!^xJ8Ecw&f%$jICPBPc}~ zfIM{X@uMfZAN?3X>DobQIzuV)0=NO}&~rA>HUJQGg$y@_v?b>sa?W2BQ1CFmX;$=V z3cVy{0RkXd&ndw;g=Sc!;e92Y3dx09C|yl5lk86C7^d;O%xNG1U3Ec_hWQZ(cR^>O zj1PvzeB(=>65^xpg@cNNI`uP&RiBXWzT2@KNSdjL`|8!3?E>xnpN*l&-;N;|fC0VT ztN?8&=i<=ua)XTy8X;h$^I5>&XKvLeyCR#l*2IO#sDuETC#*7rK1kAGF0sw0Hgu5d z*GX~kYP(;Y1@}vK6yU)e>b;F+zEdEeyw2JWk@f2N)oZ)>GimC8n@E}9N*n71=86RR zfa6!ZAi%={*89ES~~%U z;-iQE#dSLU?R7$a+!0FXb^g4U)X;iiu=-WD&>CSd=}?3I_JH0|n6$uT2PQ#MKU$8^ zv(Oog00K;jBmF3dg@6E^K}bl5=s#$}MnR9BDwa)$k#~_AU(q^KwWYW_EV4-|T|eIk)3?%(e>t7u1qD3GR&0 zUM0<)oS^GNs9`JL#ogSXZv_7+N<(eq;p+TjnF+P38>~tV6#5_5iT^o`4AXM|x!!+T zq5qUMf?fB2?%JX2mj8pj!|dLF?%H8q$Qt0cP5|M=>#U{vR*jnp7LR7$WKj&!Hv$4M zAyLFQRX5oAE~R#S$Eov9C}_#~7RwE`JLRpN5k41z0EV3RbJN2y$g^@-T@cPnJzgh1 zm-k^ZXS`opRrqcGK1KLr#zx5y4yqk!>>W11X17Pd?pO z0|FB5ayQI{I!m73Z3-m;f8v}lY*){Lvli*4wbBU!3~i{tacXHUznH-{O^<9q z@z*UlM7z7@H%(%y-_7I9wJ={6j(9sGr(E(A@BP})VJm2S0`q3o#5J^F(Ww!XixCnH z7MSINp8By}T?N6MIsom@Cg9Dlc60I`^PRU@;)(0}I|oeqD?dO`Oz^Ky5@#01?_-Rf z%so_}XYkq-0RBSP@8;O|)RO7@r8{MFa*cmn#8*RR;Y`A0kft2XQfjUZqjS7$E-S7rE74|3(e|F`Ts6B4R}M5x zKVd0-Rb=%kS{Ln?N6SiMnLP#q5@H2w)Lzc$@sAiGDO69~(~8f@U~fq^;dNQo4AAeZ z0|A0R(7SUf=yoO3CD3F_$!{Hljg+5aka9Y!}(}LzX>WJlRD1#B`3>`s!?Y zjyrX(l)Se&x*#HQ0|e-qg4B7*=p~insO$?zP%k~2qN3peKGdTmI2|Y-!XGuc^L$Kv ztkO$HTT(JVu>PGHlm*f{${(UJj79-%{jtH)Td?iFO3&CrCm^hH=HI1fet!E$kp3s9 zyblLENOD!kPp_Sfv4t~S*FIG)1qeuGqNFK9_);jbuCqF9sO}(Hzr#esUc0OLttqs|6EAdKGCzceix;}ql#3r)4i;MV`bYEM z&%nQ0raIBKD^5ZlQW%ZVRXA7iRg*pMQOBha<3q4U0q_)n!#f-%eqJ#`ByVl?vccz( zUJpCv?qnLjqwIWJ>cD5fd*4!B`&IG!{$xWo>K?BrNRh$KCHjXI(NZQFVspMkg~$;P z4^Ia3PjGPN!(}#YR&G1YFUGpaD!kZGk|gqaa2J&`evPYZ>$8ll@Gf?`P?zxQxbq-z zytEdu-=ba*8 z<>ss=0y5`XCsHAI1&qQNlE?2!&z#lkXK{zI=QlZTAS&K$m|0;ezMVmVfV!z+?}s`I zmXfOT_8rrz-gKd*y)wQ^Lj`@w7JMks0t%Tr`Hc1$BhK|JJVW%hoPF)W&dperK2`Txy*mQZjMDW46X^@eW_~0s`{$IsHg&`B?pU56e;O-4hO7~=K|Nkh-S2~M6I%J6HLqbQBIm2O(=DRmRv^HE6OH;aZ`QrbUe=U&nQ7^U zj_RSx+XQ@S-c@YwSPyjatI0fSH)r$I6>lfAJB-P~4E{fuHKe{aXwxoyRCG~c(lhg? zY}qy-VUDi|xj?`b^YhJQbNM&qkX3#u!~6FS9z9s9eaJHMBy&lAdS;&s1o(Q1h3r0* z>8pzwv-qVPxZ6r_;+sj)n)%$M9XMWZg`#hI(#O2V{IdR7sjSZA3P4rb%z2D5W=vP0Od zo%l_;*!}oh9`64Rb*mC9o2$*v; z=GVY{TBI(8!-rb<@r9(I)$R%l&IfJ3h3#*)W*#6wu{OB_!!wz2OI2rP+v)C4y8;Uu zrP=Y+8QS8Zwo6i)ywriKmD}%M#*9KZ@L7-9V1dd%?yB+~uD);O5m<<=*?r-MMjlapsa0Lms2DFW#uFJ{028;c*^B!^TX3OHU5a2Qkl z1v#v)2?Th?V*T{Hof(*z$mVEAxAA28F+v6I`Dywd6~_On?n(opY}@v2UuNu*-FV2B zeGAzVWyu~Q48{zDVVJRINm8jHOO_JKzJyAa$QlZXvM&jVLWL|P^4_DKKB?#VmS27T z%-lCW4##;N=XEaElEgrnapmDBsQ97s;sOsi!=ODKJ>Y0htS=s% zFt%YLygYGU9>`q)XQSUNl#9kSE>+A&o4zk7t6AFuGd_tdi9JJAUxJxUBo;=-+j`cM z{kCdeAABzPhBo}P`+FHE;G=3(UV-tx*L*Zhc!Q32O@Z3-GixM8w49jb0omwVhG|sO z1lE=L{@0f;9z1D#x`)`M`Z4r>0QB<3|F;PLFkjJc&#nm6v51&H6NpItn4mp#-<=Ku zJh!jYZ0fLc`gxorDqnFdmITf_%Yo_&^V&8c~|N zOsTj>|M68#l5&>dZt^A;S8-OKL+w$9AC>r?u#!-}&i;c5NjEwtqrx!U z47S3^wv)z_Zd|_r^7TYI!?BJ&ju@QUE|!?kMayQhmJHU2E+vDs(z4A@7i1wo@%x4F zqWYeLQRHvmfA!+O+DAt?GHIG$$)+Mh`DW1ojM-H1oih}N*hoj06zB-Uk%>n4pGeIZ zD|Z*trWtBIQ7VdHv>Yi$tUgx!=A3O37pwOOZypQv4P#hV3Tb*ZuE&Q^=Zccl) z5_I!MgTU*P^xaLvxn@|eJWRSEdeSK_n2zK@ZfuNxLm7?d{a}TMP{57L=|x<#ut84; z^^#}dnb7EodU+aZeFuD^;GHx5UphFcUU?^BGW9Q!n=j}yBoQc= zUuH@Q-UBT%0bglDf#Q-;^Fumw1zo@D_$(cea^snJLIKZ#%{p! z-3_BeRW#)uWqX8b$UA=@!?^;McoLdGRwxio_ini?Jun$>t-9{AF3RC3uj*u>!!@*c zx}NkTivI?sxm(7)ENMhOc8w<>2C~fX13Xg^9!-1c0mEIp`0oYt4^V` zF(bxyTMyG?4K4~fvdv`f!IJT&2nmtGgTqBqQfYKgR$E6iRc`hE1nE0X;IPNT!B~73 zO93j+?|o$)RX;D3)9vms!faq!Fa*XpuZ0|x%Vwz}u348~TeTOniriurF`ZoXj@LbF zqDB1?EZk06e*yM?ie+c&h9nvvpT-oL2O2Rw6A&DB|kn61d}0`-T@H0BHs2GFkqL~cC|avdontwGt1 z3P1p}$UT%E_829a8G2rXkkt^gWuB{*@W7m45$8&7Zge^nh{sLDtm2KSx=*C8KEmw3 zU7E?#Wp@5A&a&RB%jPRb99!Dd-+i>F=eOd0EW&DgMlW@z#c)VRAA~Cy(|CGGpgg>= z*g)_*3Mb*~i*_bPI!L@4kwWk*cvTW!!U^q#`$6a5FTrE;etG8v9)pNM;vGHI99+ED_bAT6yRi&U0#Ldos2(I2QRo@(XSEp4Pa zS?^UIYQ{~>9I_-Ug8&hBgFI{zv;;Y&?uYs3hbuJ}K!9iC&1O08!l-Nxk=WZ=mC%O= zCUe82C^u|_CMy;k(D$G~8f`v077CZF;4_U=UJ16}8sLeDy1sOS>{^TefpqQ&T+DIK zi;Kp?*zg0k`9n)ur~jAAB2xIbh;}MV=I@s~l=b7?ZJ55;0r+V}>4{Vx^`?wC4K2J_V9-O*rkr4)oW^Vq)(6% z$LX^QG8lK7>98rQAQ8s9s(0)B*~0hRcSyyQ@J5=!WAwm_NNFeX+P? z+IN6|l@>Pm-~xa1C0Od{6YZ^O9S$||$95Yk+&kGJreMUR3+{?`M#8<^f5~<>9LgF_ zu77@8>~uEIaO0IGjkqZp1Smps*b3{eHTtmZCEv=xB;t@44rVX(AWv5&h1#$zV8Q8H zcJf2G@s-tGx>^1qQ^Ae$?Iv1vm;CI$ISw*;Xbi))tK~JFdyUr(^ThmDYT16hZoAtmoJ@Lt- z(QwV3Sbx<1VCI3~k@*;6-@z9PPDEfFNIV!>0z4ZT;}1r4uv4@&DF5x>(uV9}xyzuh zjXLY2_ujMp)xn?Zlsa#S_d$S=Cb!6zrK^`NbDY@f;g}2H)6|tMOfArOK8&px-skZg z3M3oMoS0&Je1U`UCB_>aVbzR5j&Plo9oRD_ZapU&`FXf+o-bxOVYO`X^P$r$W$vzX{M}b z$FjOF5^_704zTNgSZoxs23>9-)3V}hd-&IrRLMWJ9Q*c)CITrDIb)cQX5;5ftcI zdRHOki4+PS3F&D!8H#bSXq0nryN+F-(skNX+k~>G%^mc)eDhV%$q)0lLJ-G)n#{h> z^WX}7`0psn9U(bK`?6Spq)x9jr=GU(aoqW22(TR6)@av7&rxD0U^k&BoO3?q7>5kW z(XBf%@5#okT8==0t9|e*4MT6*mU6Ink85aWxD3R^DEuV~E0VT59PP;$3dz*cPF~&n z6<=JkF2%PRxvO%Ghq<5vz!F&?(ROO?NF;Wb=@@i;OayNjeBovfYhq7QWE#6PE(igd zEXWc^Yvv89jA?cJHbtvh$g90qdZM`L&Iw*lyV|l01xjOz2p5k{QGS*&FD6N)y` zj+Q^jE5Fn~8V>9LlY(HnAL5=4SI=)K#D`!q#z{eIkg|R(I``C%C7=H{gdp zWkscku3E|uLwq0ful=q+DBJ~zi+cX6N!%E(Mc!tez&o$(o;GfhED&IHF9dA9iYdIu z+smFXO!DrgxooDP<-B#M7`ovE*=NwSa@R5&3JBInc_Tr9ptH1|_MKuO;=p$^!ZD{^4t|iR?(h?7nz{OeFMXftx237}TCVD4VBJ zJZ2p5BCjK4P0g3dSjE~|ll|zNx1-h#6xD3vhxf1*=7={o8~MX3o5cP@!?b!e_yJ&R zV~HRC`15mgu^o4S3Gy=RgXkW ze?IK*Ji8jHVhomH<_nVo+8Vz)%`{W!*Bev&nhd44&ob`2n)2)-|4X%|*=tdR^A69T zj}$4;?Lyb-Z}ozBw&$>K2@J8<4^oHxe?RB8{|8A5cXOx0C2`Lh`flyYguW(k~?SQ~@C*(5HR_*QiPg~{#Lju^1I^>3|f zNi@b~mxgj|Dh-Y1xzm=kS8>)8^;=HjX*J+xQtIB+V6&RRvct@Ji<1FpvdwY$L)Of& zC;cN&X_o;w6j+X$7rR+vHvE_Ib!A#N3b;F#e9V+?lJ$gcVJ6d^iX>{UFRvd6%wbjs z$M2mPR*C&pLweio1Aw?D7u;F$eQBPyiueOVVO*Y#5%z#zGr`>Duc zg_yF661Vdzl^+B$5oRr;#)UTThr8_WaX|ro1IP!KKwk$Yd0l_J#;BP2nd;UVGN*pQ zCm&ajYX)-}6t4|_7PadcuKj?#>*qgCT#Tm^fX08@QD%Bj{SiUArb)834lu&vi9bs9s^=&fR-nrMJd9OZFy!-U300d8z Z_HSUBf$=I>32=t_qw%gV^KW^;e*il-1lj-q diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-1804-amd-sev.bin deleted file mode 100644 index ebdb904f6bf93b483fea764f724193a938bbf244..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26013 zcmeIbbwE_z+BdxEn4wbv83gGVQbLe!73uB)h8nu0JCzg#5d=g)2|-Xw1QkR=LfWE{ zMp97t_L#S$=REiM-t)ZY{PAub_pH6Iz1DAC>#B9FHCq4x037i1r-KW;sN;sPfvG9N zlzb4bUU1>BWY_>U`Wak+8h`*W01CjrUMB=kUvHdtOBk>C0NCl($cmBDs%Vl!smLKf z@2B;nLdE-Ag%dXuhtKqj1`*6@Ntrl)HujGzxk&dg1PZud-3{j_luvq*Dzbem{%NP$ zW_HUHiPIgfEVBmSOLyp zS@}!Z1@HyS9smNo;sXeN1qx97K*~ezyxeDVB+M!^xuK<^G_=dLTLuC+cCb;Y7DEm6 ziln;f5p~;x9%QbmX3vlf%ITbpG~`dA0EPV&uQ>II>xH4IB3&<1@`aPWTqg?h#_ z*dtKjMd4%{{+5UJg*6v_WEb~c$_T^$3rdYPE7xzjwh+CjxPL?ze^;gGmWFxx(0yT{ zB~h?dtGCk$&(r!TN=blsS8#X|iN8Vmj!*~WpAE=aG#}*w6!^yr0DgsQ+>}mvdqYO# zR<`ufv;nO-`H`g&2ml#xn98&>j6yu^x{_aBJFTAL*Rh^v(l56W;h`8w-v9+}+320R zjPDB_xH(I(`>tgbtNVkV@s7@(B(vjz!r}#P;?1I6vXSZ6|)udFVfguhaj=c>J z$9j{8gN=oaO#}?8Q_tH+m@U9b@QJviRik%Eu&^L_0GwQq6b{A5(Zj`o;<+Mx-JIaZ z=tu;`;o?GqLV}`#f}+M>iV{NbZ^b`65sr2IuhnAV0XX4UWB}MaF?Ki>7SL5UNEo>5 z;$*WxhuvYl2}$cXNS?|G}TWNATT-nq?!bTF-!)lk;`hf?}e#KS5JIq-^?W+gZ_ zarvJlCNAHIc`S{?UNw;Ky!0${xMz%hp(^84H7)@`4|e>EG0F4fv8PW|YRGiG{x~*% zelUeLi|GbIQ|#nA<-PT4Aoc!~{cKsH<13ESOs`&^b#9?;T79F>Jw|0@N#s9J5@?Y0 z`Fyg~$()d&>HDr3Yuecg*I%igV(M;`$fYcpS0Pb;AoeP?I-|HpeM*_tPy-tW3&1MS zfuDynft+R{#ihlizM>V0BflXqo*B-;ndv2{Y;M{46wZvk&5BD8rw#ox0U4Tr3JdEH z7Y~jDp8m>qa5O=-V*&9uj%ibzrYoIms${#JP$pEV_W6QHr&OqqrS!#D&z+F1Ch7AJ zsIDdQ4maKj3O9OOL-B+^-PD$o5V~AaVkj~Z`NV#P@l@DE0~^2pJF32CcLGO4 z#8oI1!j3ozYZ**=UM~uXdHr}&{gdYf4FaN=_6Q;|;{{}lY$TL7JybxtT)NZk365xM zos2tSRY6hPKtqkk%^9SP2g(y==LJ(hdAOlGth|um6H;&q^nDyEp+DY-={g`i zY++hf9$x;iGgcl>2roBhD;oq%8-?=vVn_txVnQN9a1lWv3DA%TiG3}KqKojb(Ek<8 z+;GmXm|6aeSwl$!rXU9sf(r_Q7V4i{t|#*~@y%rh?3L_~7v}a20u-^$2uQ}%XS}#) zE6J8z7MDWmri^Wb0x9UukxoHwiPNNAY}#``F(fKrjDbvBt)TZ^2Fx@ypJ!RP~WDQWQ|L5yI;t3 zW~qGU+8%A|a7*XQ`6mK1S6A2)aF&ujBrH5u-&dfZgap^9q&mNv#f@9s62@I5$KrOM z`4~ZU>hJ`SfP;_nVg0#>ugcuH4NLb)`~9V-vk_8VT->>zJdE-e%TrgkMX5sDu$QJS zx^jHFS8Y;TD*R<5{bNF=w2S9+E)XCu(R{UB;aKNDPHDi&@riiwv2d}%PtsuFf_??~ zi#@acq|luwQ`l)w*>5tccjrP^ZM+5i$d3o8v2mfthyfkY;aY>ijT{^Tju8_XF1ng% z_-|(IuZB>`PFrCj*pQ-m=VqjTQ9OlRYU0hqFFzD>(SPOdOv~!o`dXh5&g)e@aN@nC)}<%y+24M z8@|juGndX>#SKl;IOOCazpyhLc(c!^4)2-&GFfu!wbp~Ts9K>_!&q&x9Kf)tAy>7 zmYl5rJHB(ojvPL&+RK-b7b?hhV(@yETFZ2(!tj5%l3?d^A%R|^NoYSEL zFPxA2m)%`!#K~8-EO|oE$`Zc*`NO=wkY)48otww0HJ-POXeG~ zUwMoqyX>1#3u*6*6w$&ML6)}OFg(4 zV*g+5wN8Qou#gBk{Qcs!z@jj^2oDSUU-4QzaIUXj>-e9&mY$Nb+TV6tHwm3J+m(nM zHK2u$VnXn}p$b^Kw(n>|2$oZWAXT2tP~tXqC9Axrw0xHbws`XP&!}a~g(jb>)BQZ# z*q8I9kUl;{F5c8A!a=AZQKe(Wy^-ZyR(#;0;_0MILRIXl<=!WH4X)=|EtAZ+oEViQqmzBsQ=r~@rXq`yiBR`aQ+s0_ zkF**Ov(P6;7Ua3?XTkC!pTzL#5-!1HA5~|a@aE|5z$w@^>zfnP4XD$q8KCSVXm0R& z`|8-G(7|Q;O#y0JCxJJ1iIuD~?U5tP3oXLoW%?TQeCrMw1l=#zJl4t^UPnh=;bqYj z=2;_CUvr45N!1hbzTp_|c&gw8Md5PUFm8G0h^$dwWM77+b;|LhUQCJ7Dx``<)0NpG zqIdUdb&7ezmJ0FQpXEHLpJ!0Cn^w^!y{I2jolASAD!SJ}CYiNH!2FU{R8m_~xP{z} zO@5MhSNom4r)!ZlEYW)eecO{~`o_w5eRYnV5IWiJtnHBzUAZo5<#=SPN-9iCzetGh zAV2P-d^88W-i`3*#@V~@E4tK0Dwj_PJY%1hOFwFgeR}5dRFugnnbQp_v>tksCyw78 zy)cJ^&t0%{ELr(6Kr(bBZi-Zt!y3n(rf9X7BQMYBq~)%7`h$0VZoBoG(J|@U@5-^2 zRuHYV1;I#KZ-Uh9t)fPw2t!Q&LGaCgEdF`cGYtBV=I{Q4z(@a!{~-L$f5iT;*kU0# z{HrbI`e}>NGa8rz7~LW5kTzCc2$-C=mjlWJ2~K>_!Q+eo@UPBx5r}>Gd=AQ0cMm7R0 zO-Nzk)iT^p-Ov^Mh=!-I$kCntgbne^+l6I(f!6+bhg0gOaYbQnQ%~lc-d%en=KVfi z@O6^g%&U_%Udop_O=2urd7EFU+_c|0&vD&jk)Wuf?wFL0XyDAi5=UJO<3U{qD-o(# zIio*L!WedvdM5y7X1^r{?`f5Irtg4MxI)p zO0?3yG~ofo7ZhGlX1`8#;9`72!e6F3#^0wl;8f=jzI zDbW4=P5)Ncs#OV@##7p4t~{s7sXPyg9eP!ZM9#!t#$#U*R8F??A37B0S902XG{gB| zjOkMRIMMLYc1>b2JIBN&hGE>~VtTs5?7B%=Au*pPEyiul)3}coXb0{*c38E(^IF$g z3vO7n7+HqNrNC%UgH~-8PZ8sdf_VLBxMKuF%ex6vJ)6N7%h$Fc@r3)QJD5B| zbRH}|w0SorEr_TLoB433o3=1ly7+E(t9);Aq=hciVcbGJlS(qG((|lbu57Nw%nj}; ziWJXy7S6SvH=Ys}GPg}Fm)_!#7Y`7<-`u_&RU2|X)=uR}Qhp_+bQre-o^L~nruBu| z7J~NrfEW=RQVr{XtM8wG>QO)0!B=Py$aoH(SY-q4e3>?mx>h3Zk)X(Y?ZH(`C- z-be842ht48xfmp#t?*5BPb+zv^!E1z+@?Jeu58$Ao)cDWU*RnJp>gIk+oWhdu{ZuU zz5dmge!P8n42!+7SUIKS>v(VLgL!T4<7cz7Jo)J7JZVUWFUFHXiPKd$`hljA!JH2;DUd>VqS~)>uw$GPXRe zOHLz=RZ5F~e;0Q3;g!y(8HHxnLwPoYuqJPE-yrD?rMleA+)jf~lyC{|3*SO(Mx)?g zCpp(~Ya{NK&B?pHvW$4`?$~8hAPlalWFy4 z5!g8<$DqJ9fJ+8N5PYHb_BvxhNXS0lsmGBGoDkhJjcO5tq3{v`a+WeXwwrWTIN8m0 zVURi-Ix&({b?=uDF( z=jPlcKaJ3Pqe#JK670_@MaPcxontE0o^`2`O)R!NBgdSI$R)<4-x7!@*t@nrluG8o z$u>TXqa@OA5=Fq~B$W|#$CaTc0F(ad=*W%e$!B~-6{Xy$5Pr`X5*gba-m`?O_Wq8M zWMoa4^kTx1eP@{YA$~O0wvkVa$_xtVR~0U^TdMXNKE09M?1M>vbSd(IhBM+OC9LG3 zd)Q@dI17pO(7-9xtJj>kjCqLhG3jTYJG_@uw$55Rjcna@by~Il2(J!AH9qsZpY$;i zM`Q+*{&7i`GD)Frp21^7mx!LN&2qx~g+=vv8&e)C3>%8 z(i6S4ID4LwaLKREg|av7#OGR^=%lG!lt-$cwox|X8apOEq(LEd>`uUgYug!^f_{Bvft=CHukSxW>J0oJVH#!J4xo{ zrz8kKP-h}It9^;P+vF1_Jvr*m!i%NPXW>#_o1uB3S0;NydD2i9+r4^NHfWrbLd!>nJ7aJhb~j7+YO`i5^nvp|KpJ&uUI z`QxkRNYU`?(9(WPdU3ga7O^Cnh+$J=>{%8|i8Ib;iR~?Gw+ZTStQ(_DurcXR_hje3 zm08Qt)vo+#J{{J2f6c{9($n8v@1h%(V~>m{CcQ%D*z<_%AvOeoHPF_?edN-45bp3EyU_ArcFzXx0#Ib%SZ7FytR+p zqqY~DdMroAV~R=d#6%V9H!T-ml(cxE+8p09^@Ymy#l-1u%DG;Tu6qK%*<0sWU6rIk zqsg@M57-|$KWJX%NiP!>7me}gOWWn|drpB_KZ=_3(7j`vbg+V%|3Y);ZQH%;X z2;bP1&c57(v+ef27{AXg9>;x_?@10XYs+u+@0#fCUzp|S-=>LwEA_fDyjiGtq?9Sq zT)^c+I_J;`CcPg=#Z@uhy*2lsvgy0c?-b(u+*^!ax2oPZ*?nH9QS}s)KCHM7(GWQh zXW_%OX-xX?ajBkr+k^@|Ihl|9V!E@9`S zJY)JN4J_<2>EnzuqqgauGX=jq*K$Jz;=ZwdT-$B&QL(C>m}thTRIPxr$$P3nDhyoBKNKXT{|?``Q6Ech)%2}De1gZq7St! z-d-5A*Iu`qLXvw{PMu54_YqsvHN91q|KqKjF|LSuMF5cNqI=y z6Ev2`q`$6?q!YAq;Me;+f3Rh_7`w!L@TvkAV77bo ze21Xwz6d6LQ4I~VnBG8s1&IoWk-yV)A&gWv6 zgux%r_SF+Fna%F3qSlId(jLAwQ%b_5FLPj@NOxf$SlDndjU5e&dLwnFQ<`+LJggnh zvhS1u43oZmv0U&x2c_q7Mk&8Ng~YO8Nt8WYQuz3l-IGKmgT^;7=_@92i1&kd$EZH; z2}@#6owGk*u|!cxKHja!{8m#IyBd?e=G?JaF&pMG2fQRHqLVmBTk4>lboks7jL#h^ z#-~a2FzFwx`He>8t3MHDu}O;+rS4AS6|SJ4d+iph87{iXVIYP{Ul%|ahj$IfVtr7< zrACUP&d1JS^rIeIAa(-h$>BWBQB3;Am?DSyBX+9SY6w?C&quUeckE_+LFa!h&$@pq za*Xsh{y!mVx})MD_l2}|X7R$Yt-tx-HoBJLyDQvbjGQ&a z44M(c9SJ5-4o)U3Y=Xtv)Yi)(n0PwKgze}a%zcc=)TQdkT!(lrvWJY^fYwblHMiN{ z9#6oe?{tbvkR8ao;$uitliG4#UCr`b#Sr0g=CYX@3b=wjsIrf4s43g`SErPeEQJ!@e{>{qTX zSeSSYUQ`M7@n6+&Q8nXrxA%y@scjTlW?FR2oAx*}K^FCI^7EXI$x1ybn36FqJ+b#d zZ{TX!$G)Q_t~g4>a@riNZ6=uY>(ynG%t$vLs2Z2FpL}t;mUdM-Wv}LHY2fW6%eQQ5 z>M`kkUmqbWAc;LRm%=(qJbTQV$PY>d(J}9gnO%#Ghd2pf(my+OSK@ft)h$aeW$)J~ zyV75k88delsR*oyP`Hmu%tvCiBl?_}&qLjXs;AZh+K3xDDzm1WB}bP&LoT>kcv zWHH+{?>2p^Ovj6`w}s)C9c%E0kmiwPa~@kz;6r5UOXmEUV^LC#cdVDPK9M|jiqC~} z?>CG4blqxqOl?=BA-b<1x#Z54O)xWdg-;x86>}>b5gHD7e9IXB*sXUC+`DHB?%wl2 z;{@^kikO`fDL22Qe$IS@-WA?DT_xc zvzT~!lJxQCP=M;z&Kf>!L|5&TZz9Z4WVJQ-oaot}XPZ{ZPokrarwz-!GOCg;wfDGF z*LoXTaIU=wY#S3XdeMD}@6>UyxdV*$UwexPIB+363xpH$aA_=lu4N z*4GThM8{Gz+y1Od!g;{h_|4#DY;0Uy5x^AON~8>^foJrFitn|U0-k^axJT3l%w&iG zA^<cCz6Fm%J?SFrVe#2=Y&UH!iQ@+*Jf01-Hpynr5vTn=yp|A5>fpawdc z9t1A#ikvH5keRMP(B8nsrv_L`d6lVsaFilk<7+qVSOtIYr)Z1+1-l+*_-FIn^F&(R zO(h*^F%W=fuFzN!6)uvN z7(x*zb&BWtc5v)t`GUdd?VY{Jwi|2#*GG`Cgv2fy)0r>#Ym@&;KP~^*Pr)xE!VdQH z>sZ1-S?~eJ4gpwzJ5$j+d~E?fu=lp$)7V&0pjQs(%O+MVEKn10ap=guJpZlgFC%>R z4q+HYuF;t&(#fORyhc@MT?VblHy!RK8&?u6T9SLnp;M2`esXAL=Yu{3khb@@w|n-b zcg8R`ucpOknym(pcCC;}6nFV#TaLbPJrwZG8>=pYkr~e*fqC4z4-=2U|z`vHxt}K?L7yf^k{q z6$zBa40Fqy1LNwM78MsP}XS)z^0+6(kcP` zc?2tY*6p{S43C%NJm4I6EPKVI!OsCjC0!|)`7FLXABUQ?Rk#&n`tcok#R(Yu%&6ZKbb#&*7uil|t8} zXuUxnq2E4SV?M**v-uU$ZDbLV9x508rI8~lLDQu+6mVX$1+`Q^EUL>60{Vd8SIX~o zqwD#19;#LjENZqWSFf`Oge}-%3G2+w!GX()H~U2hYuv-}fN!C}A;-V7)t_~7dUCfg z@AgyFYXEs2G96Nw(Zl!X;?Vay$9_Kh@A&pjuD?ka%Urs+A?dT6ZLhZz>^j3iRJ;;m z5P-k1(~9g) zgZ}SFV83!FOEWOe*i80uvK7mrQQHA~fTqwp2oPbBPMTTYy3^twmd)Iyu{g)gc=pyX zn^x?qP`?hLNi`Ixyphc&VXU0IQsPgmD&3k=kZ8&J7FNpT5`{09-t#aybGv3V(K;pH)?*Zj6Z27Hl6adJN0_a$q1pIvU4$o4{8c-&XL#+i^$RU}?r&}zi{UCrY zthIf&9N2xN9T4B;f}J%OFCyZ!+j=T;Mut?g;>aQtP+mI-cuZssSE#1p`~;bg+f<+PirPigF2niX-4{?d|I2 zEnx5AZOw0EXa7ZUej?L%$|o0&T^}Y28m`1Gu04txo|uOK1<<2!^&w$qI5dhG??We^ z=-iWzp86zkbov^%toOYVaVStiQTPVeTbQ)8bCgNV+!#$Y_ATl%r3mX?(Nth?X%EQKi-_Fy*+Z$;MgNq>q5rTGhd?F$e z)_fvDVm5r%f}$dPC#?{IHa21+Vpc-7Fb^=;!2sVuHa^lQ!TC{IZdJ~wK+f#LVB{hM zu)m^o{|bdA&a0KQ_~4klzzabyd34lfl!Y4h!f(myGC+ZLE>4X#CuLLdX1lq znJL0~|2p)4fg|82E@mMn!Uy6N0C#b_Sh?ErJ9~Ozpj=BqmV9~bqOeG*;p1lIIXqgFC^XkW=2dxUx*TUIL5;T7e`4BSQQCR_0pKCfA4V;a zxSppil%75$*|T`*Lly*J@Ii@}sBs)*Uuc;pS`(A;y-3}LH4p49a2)0L9{8jH4t4L* z8ERa)qln6WN6VvFLsBVcy?n#X%)4VEiNzE&oksONbmbm!+tnH}iZzMvz2x~D0Bt<{ z-MmnL0BLuhy=_RNg=io>K7(@$dm%mT;wA)8-i>`KAXfjemd~;=318k(P`%8UY}Zl2 zx`gor<&C%3pg<@g+h@u%>!b^xo$AG&UVbdOU&Ap4I2pF&mi4^6fb*<8b@%$l^Ho;m z>Ly*&&m(X6{su@dgog{#)ynw`OtiE7sq>VP4`&=I_=QLvab8VfDbn-I4IYC4F=y~) zW(R#;BE3GnpHZ%PTYL9NU7LQc%E_{<;hYBaPeOm{yba3L4rykV)UT$~ zU|CWvn8l;@rp^u1QVU`%Z*uZZ2=JLAv*5{Z!hV z6~&jRNfL_j7SAv!px@9Ptx`18Jon5UB}U$JxOwNsy~j+e>Z6+>0nRH94H3-KUf6c< zhr_)(6Wk@<$M}C?q6v)8^B=Ph;pzi3!_e%i;D>rqmjpAjZH?s>Ys_8u#?O?4p@Y20 zv-7V%oUc6W5M5!abGoql^26KcEPcw!@He=vryqeE)@@J9__p0IJ;c+RuS3XS7bl$` zwk3_YDRq=w?qFDLY5Vos{LA?FVw*mTdZ|%nH<|t!|3F|Eru)>{Y>F#OEtVDA*t}$y zYpMipQzIb&sU+RICl}?1bI;KD%u^^n_5#%}$edADwiakM{VM(crK9H#ZDtM3Y9e4PVU)uaQUxBiSMEcAo-npX z2C_zIO}C10VqW{;mZFP)nyaEDjOp^-)LTv9=pE-j;Wi`S(QtKRHM7&3>E#yP!Zd9UiosjJ>2!fc;fbn3_gode5TSjpXtdZR5E4he*uCPBU^->mAA8( zG#mrbR;B&SHQLkmce5i<58uxh#@x8}8UiReh%w(cWDqRmvo)>}feX~_$d{F#y#IMZ zo5c({X|xXo$nWmhZ;)SODZ*sV_*EPx-yZ_b(p{yDY`46Gs;lbD8)30^y7S z9ah(Sb=qGLnZW$~VbbV-FgetuO*8`~LXdshYVG4rnCA#q2xWx;MC(Ck_BArst(9$f zS?=CpIniNC9eZ_U20yofK}1ZC3JOG9Wt={r7?)Tl8yLY{gs=O#;tFoR+11X+%zfH= zHA3~hijR};7fEqht@OQrc*hQh^%p!Y2v=|LtpFbW7D!tQ)RzpEG#?+*7K2&Vsz%x6 zBz|2@H=>pWda%Nm}To|Im%%MOA zUylT7$z;UJ1?kmV+fPX$>D(Dtni5=KC6Q8`ey;7UAx;(fiBMXsQ~R;w_iG$Z`~nW) z2mUV83-$+$81VjU#5}0gV+^~Jlyov9&Z^;R{?rlIR&{XAf^Gfz>^;uUz1b}q_-{{G zq~VjTndv{K^kt)sy1XN80R>D4G*_-oY8Fjn6_a)<>*6r%znFPi#dzeyXtF&jQfEF3 zxwLshr?v9L;f2CVNq%mYU-g{5H0Cfyl`WCGFpA`%V>xv3 z+Iq6H5a3|A1D=*lNvF=r!JK=;x8O=jH$#PU_wmNA_m16o)O}E(Fi7|KDm5M@@p0vw zCQoL!NoF@oamio7%*;dUb9w^qh2BZaWAF2(#IBl6D9A%W5FzTAe>jCjp>UE+h~-pmDFm}dYZ(}p+? z6euURdSY_w#ItJ)r-R;1+mc=MwT#{w61Z2_GH9iG;~{P{#T!Qn9Yy^MI*Bf8E(F(q zHRYh0l7B_9GObRin6iE_?R$Nn^qd zFSfI1-&`cI48bAuAF znJLK?=VB4^Td(37*Y)XsH4JFe>4kJbfa7N2>E-W?kaj@Y+9F&rG%rW+!7Qo#L7LU7 zQSw!n8jkRD$;Tl;_f}dFWohYRhKEAKv5Op|C`}L7r>x!LTsYxP>w8;gzzwZRJU8o# z$TcsHP<7#_-k-hZ^XQQAeeR=;IN2@Pdx!^4$1dqPL@gS3y4L0d ztO_nuC*48MB2@Yb+SnoB1TR^02IA{?z^R$Ck>kT83jaVIwBdQt zMYQ74Nled?&Sgp|(h|q(NN;_xt@m5wXAUJY&9)2YS~|?+)qEO#_skVHk$;BL0cr2x z41T<%zd#iD@}1A#!^$56t-Mf7AtXhkhB|Xx=p&(BX5apGN(iuauewzbC;Vdm9v-eb z@28p7jz06NhjndCo@y=dlX4YMAi(&MKdM;Z>|Sgwi$qiv)rjA$S}eZfRYM;vyBASU zH+|!Qf)|k)y!1uS2R5Q~I?<`DpF9OMl;uw<%EjB0+<%cytoS|kye>)h+Ek}l3Is5V zJ*(Y2kunm_;M-oTQ=G+z7pbD~?0s0wJ+Bd9y?qu6+9V_zQ%Lp$anH6xjpd;I zI*!3g4r%ViI{0{@4fG_;J1=#7_^Fyj#VsY7-jf(;`2Nw9$j_VV1J4HwG7+?o3%n1~vBpfrgzd-=kYaV8+Sio&UwkJLyBq z8}?q;pv#t~CaJ?35rP8gRBR$!YBNwk+f5;dFemd}o)l-bVR4`Ymz^ntbK2NW@qMPm z!JAy#_2EaMe2Rd$b>f(nJKsAdbV~fMLoN-2|HeOu%m9wjQ|6pvJ5SG8pLuy{<i&e4qGi1Fs_prb^%RKP?jBR-Y~hmRL#NH8U!50PrNKo#Z$ArrJ3k8-lr2Kq z34w6K;8V`Z+MeQBqv5=ZRu(6$W7+2pUVnrD$KT1FI979ZQOJ$Wz^GIvVc>p%ZBSio zZP?v~Pe{vBB`B~pBWC8BX`4Z-=_HoPug zqg9SoHo~if{lcejvC*&aFp#A+afO6#yfDS9$vXe^qUz**i%<>-phlE9vmTP)iwrGs zXK1jMKh|=b(6W?~x*#&6aImU+0SaJY)unze7;?Z*AGaQ1qdRw_L?vs9F^+oWS~-kf zo%Q*?MndL&v7+ULb#{MowdP|N!3Bz+Blsg+gXw+AXu|mTY@Dq;Jz-xHoIi^8uHJlK z;Q#f?kMAf?@GF>d1gX9d@p&R$+?)}7e=7xfftbhxVT1CpwX;Gx6BB)zv-u!x5h!9J za3s+K31j<}bHqeQS5NQ;%sv1KQX%bNV5H9WrBmPwKD_KeYmN@v{SdA&Gbxyt19<-S zfFJmP)c1mO0Ll$rv_t-=&<%W7hy|GD{c!=|=Oy%`1v`Y5m$wJP;(H?&Uo);2;2TW5 zzReT9Hb+bZ`<9Ib`QnP=vvWqdx%q?N?L7IuQfnA4vJHD`(=xfH+#|2#q;1lH+;YYuDLPU(u-p1`qvRGPEPF_h<+Qu2>ZHsiV z=R^0w&J(-^`yR?ldwKcmz|kB;dU@D>tMO}rAN|Cyl@bSG=z-h>HY#vxts(AooqJ*& zk(yCnNhk!!eh(=ta~BUCJn8R~L2?a}`@E!xM{XSI%c-5$aXa=R6!@rtlN@X9)Ls?H z=hXP1xI{=JUGhAx+AYP0=UTgCn{LJ^YW`0f*VH`gc^Veqh{-sWEz(7^~MOS}O)_<(6zpCrMMPI*H`BP!PU-_!B-y8WC zRQBJmv)`2VU#R%+X)Ri9iHHz34k#iHO)$lU-pcYPDT49y^K+n$#@FNDuHhIE&^nH^ za)xHE5pFDtUDzKJDX|g-XVRwZV*6tR6=TiUNB3o{Nq{f&J=eB~>e&yY;sMtPEU4csU;Rp2)Pla-wHi zlXly%f`@pdRPFMFQ?|3v-Kk4b_l|1*5`%+K1O5mV#%J~arx$eXj)=uE#{%*(+@rS} zhg7B3NWf*uW;60ayGJ{I^jC><$X-3$<5jY%Pfg*oXv|S>nK}x9Dd_^@3)B1AiwVcW z52>kp3xn@6h^ZW9=X}YjF%Ss_j zpWId75q4mU^lCeCvL`i{4lr##oJ2YTc0G=Zeqt`^Z53Zo5&fBa=KxQnkLyK=GywVPym}> z<>_?xMu*5|?59Vb^r{(JMQ3Wc^8)h}J6>PoCi{qg(v~4Grpb3oT*eLOdfpy-UHGRJ z@kB2kqL*2Jjv9s_U7ERWH?(vl5~dQuwv+OnYh7nT5d!$I-yV7BCEq&ZEv7D$(J3jV zbIP!yp%A;j>Gs=QGp=?h(0QMz?{q~F?Rtv$(Mj(Q+<+*K_;r3YV#^mh35%x&m5=io z9l;$u5~CV|)7>OD?f|D1|q!1-^>Ive#2C{$YBf2+H9A^-epjK8eqv1te}Or^6W zcCo636E8V6j59NP)U|m0SYnvkX+J-4DWBU?P=NYEQ#S!_UpfzqdtT;TWklpU{_}QJ zkip5BgULpI@i*h)3@PujS|aZ`-Fp>%uejn@J^L2CfP1MezRcG#m_$`}H0iBvV3_K< zXSQY7a6~L^O)dlwD8@ItK1C#cMs#-&PVeOF!amWUFSMJbJm{KsSC$i8C-@MMG_EHo zx)O?Qz~Nmk0byuYlxdh?h(0x(HR}XJbYs6y+^2)Yxl>+ojO`{kwoCVmEPYQI{2}+l z&uH)RI-7QF7}jlSH)0_4=7Mi61faQzm4M~@;+oo{I)93{_H!Rv(gv(#PCw~bypmtj zi|T>`f#x^vLW)vph)CIzC&+U6YPN4yF1iv9*mW(&cPjctdB`7U+_GUUOzW#IG2EjH z#1L*U7yv=JS^1;I=}$Q+ZMmAaH>3UI%rbUz_lPaz>oxQiAV7^-WJ6^h8J&4U+jH6w z`qz%v?qyTch&FdQpZ)k$irx+i?6fNyHIUHmmb0bM8^&A z2~m86G6`ZDd&t%4vk}%b^lMt)1cqi2n6~(G!d&2lCj>Mp^GHYZRx6(2+Jd`@+<1K# z0{Hvvhnuj|k4YY-TL0|H_Fl;MWYcA3%D#QzemV+cFnywa=rn~axU*XJom`v7S|Cf?xA3;JkXhY!%yq*{8e+MB? zR(teed8o`zTbsi>OuPsSa}52!9cVvtT^N`OC)&2~{O<)`mZRufU~!xM$l4(XzNE3+ zXMnMwkHm{#x$TgST)F4S>*NiqVvd70gJVXmD(O(*`J=TunYo2RbFuD%y^Y?RTc1*w z&ageMP#-l^MjBlbsl{ofsDjNn&G3vr&fht=|0||%Jo-NWz`#^-n&9@G>!$h-1c+{5 z5sJerZP;Fg01w0q`=g;@cwu<^casB{?{7m8MhryRQUFP|;7I>I49pG7-%KBk{d}{? zgqp3eFp+n&QtY*Fj{4-)3Z?r4Qji0J!V=`bqcM-xdYz9e3p+)B95-}o00Yl|ntU2cDHp6DY_$iS`x?V9Wdp*@z?YwJ% zp?Bz=qyKZR^6#W4Fc=)~?IHn9nB$w~8@!V6&?LiN1`fWZo|&xj-El3`+67M^-thY# zn^t(2J@$fLO(mp7htoK2mJ?BnUnTz66$8`RC($+JyMGc}+<+j2*y%4WdUe7*#6 zU(S-+vwfiCa;2JD1&WnE7#^&k@%oy1cgbAjFa~ZiVK$&;^Dnn=gyLvzV=3wFfTMc6f(KVSpWqZb3eC0 zPdAR%uiUzmVbs*Mbjy5RFY>vysUN#^^n%$D0)_oX)o@|$?2EbUMoM>!(VTWdc(@{* z(c6weP9r4$eVoSFh&1s^q&QyB1lYSWessUp>JEvo5cpplaJpM8wB~1V&!mM}5hrYi zsNr5d!fE*=#y&@@X5v1$9dP8N=upo+VuT}?az8Yj?u5|0Vx>z)S68|oRprF4BSs?y zwE~%LJu}DWSRZ?6ay=jYzf}ATN5AH(zxC;B;SY&x451kCE}d&z56y9?y2W9C$M~8k z^y4ECDp5MqX;Iz)(Li;VY!1=u%jM!T*GY$$FXf6Cwv~>pK!E|eUHj%RTKkk!I6ACH zwm+5Lz$FgPKpuJG_X5InDPYdSd@pi~sl2my(JxgB?=}tWhfw@uWau9d{rq8_qNLM> z@cR||=lCT~jSd#X-rrNd0s%&FrJXKBm5E-gt}SmCE1Sl0rn)*X#5vZk_P@wmBT@A-1lKZC%+w292_vk&j$v17l6Ah$DtLOg*Cv1fC diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-dbx.bin deleted file mode 100644 index 90d277f2f8bd6533a9836f3d25989135b8616bb0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33824 zcmeIb2|QH$|37~0%Zy!?Y$N+VWUa`q5VBL2!C>q$wvaVDWeFu~NcI+FE3_a>mSk%o zlx>nedN`f?5e_@G~1 zQ-6OaS+9_xaH6`USUX1A_~o>QPKs1-L!b_DQjura1lSpnlz?1tgR>@m_Cb zwof(V3G99-@HFSmWBe6Y3!iyMeN-FoP0C=yZXcyu%h~i?rv{>@rIqxu`0FZp*VRl* zo>v|enHB@Dig-O1^(3L2qJRV#PQl@eCjJTvM6>nK0p({2N){tWdB7R`hX#P%aE9o?Ed{$OhS1f3 zg0$2-l7#OG?a6&hus+-{htXWk z_QJ*f3X>BfIq;zcr~z3<^|@n-*Hy#H3-_Jon|IwgMht$Y`(t2tcubB;a{Q?Rl^TW! zco6m~JP7MmCJr_hHZ~E^t4cj#6KpaGC&4G;4LugRMuLR}!2{sr!lZC0K8_wP4iwJ` z>FHt*XQm|)mV`@+2#W}d2@8uEZ*5A6z`t((Nt<3t$ob*lLF^`lH7>0#g|k~;uHR;O9j!+ zo!M;8qK%q2)9oLB+{bV?vEgd0OIVzI2a1&}!Eew#dAJPZcgs&7^IuLb?L}$Tmpg)?8v8shfb1*ALS@h zlWBYTVQ}bVZye1PrYwTG@HY#TcNT5~@s*=CZ;PYtUT_^{dhtxdp@F7u?v+08AeE6h zk$2AxUxS#>Codu-()|6#DxEIPYo{utzc_Y;sl8SzgYw#h3W@Sv@fY#8FXeZrjw-Vm zs$t_`0a({`;3wfsprn~dacOX=Q?x>GbPCfvjxd|}dMiBG=FlM)J_}Y_bN=cT z!4KR{Ppn-GxkGI(ph6q~E<=v1TGV*&UGADY>7G|DC3L)?#E^GNbc6E*3RNPFCV;7-Ei|!BOnTE3MLXaoiVT#|z~ zMU6@6lg+_Yj;lwD7;+R8+uD1YAxCoBVrf!3ksZK%)n${tX1M;8f|S zx^ODeiqKC$&^oBWg2=~#YF}RE0b^@}M*Z?2C{PbvXQ0i)lTDcMX6}gEr=KkSYIQK~ zKJk=6{Ox9Wc?tP)9);Yf*KFK5q6z0jyuxMhf9%6wyDmTn9>YA;KvMs)7w;V1!24M* z#+!f#;dE~IVqyewSNPVMaP~AjJTOie0w==sV|*%XJsn{xI0a^dkc!v<;bx0+vOzmL z36sM~F*^yU2(*z_j?PY2!pv|+%pPK@eJ44wxTvs*6i6f@;@g{I zm`!+Kz`q4EFPwWDGwaVWt0}3$6y#tcaA9GPq5hb;9!``;-Y+)bEaQAI`RPMQ!zJ}Ik6Ay*PFVC_^;Y`OYMom6Y{iHxa2{~7;67TThEpEir z%0b*IaxC66;~#>lj%;!e3E6rmZ&qvGdr^Fb*RbFdX}7oZSSs>x8xL>BhO1HbR7w2Y zsu)$kW9;cMv$iyk_BqS=hEi|Y5brSmQSJPRG#>)gg?-!16@;Y;N=gk*j!(pgkA;gB zB(V<*7qlzDZ}`k&L!muWCa2YgvisD4UXf2*MWh*={@WL*v2mfy#DETHa4kURMh*@E z+lYw_7jv3W_z$%9TOw4l)>arfXGn4Xxkfsh9^v6b2ki3Ur!ik=!PSFLBR2qsxMp&W=JZ_9)C=As1I?D|bt@n-HiLppJv83+gSXw4kn3^42o&bC zknk1iL^|vzyhlFq#xp|uGP@Qgw5{`Jv&-GjUIYpRay*PDy(_CE>`wZSTdj^*En?f; zTgzwgs;lk@H?)F2H)y86W`_5C=y4~i82kJ{z8UhO*fgcP?W zD)LBJ$kb>@ox*srKuAKY9iOqU;z#X*z-9r)nqlqN0LA(h=?3$%k%Q&e!n=_4#QWbB z`Q|hPg=t9M6e4*<9p?NwMzB_@;@#T^!(;7SA#;iHb39QOmE{fxGT8KgP%uKalGJ_% z;x(7u4`08*zM&;2>pd)>No>dE;iNs2gz_mRTMNVMRB9~Np$=sE1jj9q5JwEEq8LQ` zZD*ciKXpii_B?es;9Y!kz7{82+5E;sf=1S$h0lu<-XiAr`-^f9P^&#@=vSNaJ8B?y z>#e5yoicNr13D#f-b~L^bl%|MIuJ#TPEsSoos%1-g_$h7Nbcv&E2p^?-^Fh zlR2CvGe+Y+MtY|_K#^8nV}#))uRozK0s0;;)l-wZ+lyv0lwUSqI$ie2KtsG+B;!S?`dnf?3-lFe2B%P#mt#+`J)CTFi<9n)r$1o2ou+Q%GJ!QYzGocb_-e0QhjX%LmydUJ2+kGhUV^t+Y<|7(`q@ESN%ugqd zr^*FfJW{3m`E6}i+QS^WNPoG=(?-FzA~n$}Ewg88Sv9Xj`fe&7jkzFli}P5Cd--gO zI85jCfK2I$ZdGxWGbIBRz^ z8>@H6YYd;-e6zp@2R7@#38|?k;Uml26GAcjdi0c zzOO)37vyp^x>r-!srNuiB*U}+S-0P@pFg#3VubRW@V1UM4`?yDt)Uo?vWN$l?;NEZ zmpp@Nfn%WLF(WFyrT2!Sc{Grq0+ZsP!GK^n{0n!O7ICVU_M0#)XkGkpTQ5YOn-Nxb ztK=m0qxz!cORS6+hsZWO(=WNjg+HmQ)2_nPB6)3)o{5+t8F%CukR_v)ZSJ_H+IXV$ z3MCVv?uELh+A2Qj<9sY48+NQH&D7>|@}e8!__R?MV6yeMuW-0?wYT70TQ%u=C$4+8 zN~^qwvWwt;4f^#9<_iJ6Gjz*B)HL=&udJiX*v6Ye`e!B^4h9wLtI-K8*j^%Ne>(3v zUsCfj^n40GtNKB{c{0^`+pzL@JrVaTyCAzG*ElG0W{Uf8OIrJ7jWR>JE~#6@9oUa% zik4O(Rm>YJOBEHn`LRMLpFeOq2k%UC+TH3221V;J6YEc?gT?%wI?Nm*5={=;u9rf~7Q_&C z^eeXx2Wsi(i3ohjj`$!S%0;J_74*b7bse6fOP!~Z#39toIVP95|1|c|@ubo7r;f-R ztx=(I)qBHn;O2nOI~;u8YirCGl^*~k&*>vZNyWGKlj$9@oa=x^B% z!XNBM_`ijVMd0vlF6Q~p#h8c&rT}_(C~K4@0*!>pxub2JT~T1*gK-|WgB@YGu#~W* zsIaKWmf6_e6vJ%714I5TPzB-q+fX^aLp4A-Svh;U!L+s=UNDY>Y5i)z^AcKzptwS9=I9H6@sv9tiA6)YY7BaBb9knD`R+v*P;A`QHw>heM6ju!9GWzhH z{qWU#argI;!Y^Z7#$QO3qm`4mPlcJY@!x-;l54Yek}KVHiXgA0iutgPnD2PcG*?v^ z*&m3|F{k0Lw`J0)o<6>mhKN3IOXQ|#;+L(<_tJZ9-%~LY2S&cr9ko~4qMV(| zIS0h49%w%2Dyb4VEEmr|($wxbQJ|}_b{c{khPuIjg5n8-eDVcR90c=1$U#}&GVaQ*Fo zM-zSmu9kT`QzcaCF9kfH`hv;}>g;x?0~Z$%Ik*+-81IBOV5p-3SBIRq;yX%C<@P1tw)0q?=!wWAJkD8R<%Q5%ukFQYRL-wu_!-=)=93Pe+@RTJ=U&MBL+HgYo10W4QH`G(ANR zZ09VBUg|n%!431Ke7_`K*N9!7_6>D2Xw+tP6E$AC7OCHiJ4iq@vmQ0tv3xGJWPTMA zN%-k#3zMtA&fTedmcygc!pO3~@x`Kcnw$*j{F|wb@|_n$%ygMHBPOevR4zJ~xoOB{ z$Yz+0XYt;mh;xf%<(}_&VFa9n(hN;eQth5611-#eQ=lCrv@l)AYAAaz1cw3mq@9-LRQTSFa_p$YN=qI18_f@wmJZ;Tbi9>T|(? z^Q=df85v%j8Lb8Z&IfPc zKK0D8U^F_nJIHZUWN-O$p^28}AuMURQa#-5Fs&&B$Z)R+I=pGOfUT+l6F+nHrEbiT zTE2x>vFDaMXRtn~eSiXVZBAJ8k0&n|u&rkY$jc-a2M#zAPn`_V(yU+0f!;=>^`t(( zVcK9z96DoH_8};S6Eq)tgPfh@+?Hhl|6qa~udMua^7 zB6DiarG$OpOPqA)|@*%7F{Qt;;jAc_ALpB9%|- zF^ob1+9GOq%E)Dh^!#-KOAdvHiu>S>oeodZH)5YkQBgam^oT#l&?>LRcW$-I!lac(s=(^ckyMrn@rXS{-+K zG6D|*1l}pl(#(6Qoz=^2!$j|2*R4_KcQyJ$X>fxmE%~Lx0#HEbm3wy{8$=>=?Iq(- zG=%U@gXDu;nS%YgzOSr~unaO2W3!JbHfac0ysbwFH_qziftdDU-ofgzh4?#WI9SYs z0|&Q|T5Kht+ySSpsv6kFSiArk=JVWNzofOT7qV-4PIDY6`QVuS&a6|5{@B>KxT3&m zFoCNK90y-9X{?>IoCe$gTd*?c24|3{MFJ|fD-7i;uD(J9EWEL&Xn*asaiZlJS5eq`1 znRT(s9z+(;@AP`)&@6n(daU+X|7Le=(HidAx9@EpUFg0M^%32e;sjp(_v9n<^;UP< zbXz`ffCy|#en1aIE(f@P|3K*wPy;P>cYUYUMKud1WyVU8G+DU#)BtM%zcRH4j#98w zWW};IoA8hK$uu)G@lcMB{6k6@aQPX&&*-4UG6cvkLwaHJZ{FK{X&b$w1oPdGlLRlc zM)vXEh~e;E91@2DS2LY6o$JJnjvCYxCLQXRI)COw5;{pk(N%@})MJPOw-e*AV=ggM zVfYF`4V92u`qe+UPluo0r|?#bFoXBG-Ig%0+KQ?E*?<*ROhr{|OS|1bDY$_;g51&+ z#jP!S@F>_nv7kVw9L`ob5ep0SVsUV=3AfIPk%C4MVIW0@(TVee4MG8)g-l^9NiM2} z0s(YcuY7y@!mKWw<@cghdg67*Z(#M>!ILGVT*H=b6#ErV*(?nxE)|*NiK?}(qX>fk zKq@*vm5RvL9k70@IO~A5QH%_@!Jfkp_8orkl?S~49Z3KH9u^aZs{nnJD_Y0W4aE)T zKgbW~fhnTg?6(x30wmC_it1N7YbP6063&~JyT_$djms(Ve0*(D9|B0*xZYXUc;3c8niv?dt3ZlgGI7 znl6|f7+L&x>HfcWbxh;^_pZKeVE zR`bms{Tr<3Ncygl@jC5?00PXYoZ|athAjr4D@tC3PU4&;)1m>6xKkD9i*cN1vw#Aw zU5JC_Bo)%5F*oG9N@7Oe220%%Ts-8kuM?KU)pdchMLn&%fY*!_TNurMW1&P~4CG-9 z7ih_8>tfuj)1VBxLe6!W?ck$H~Rw&RP$b6NMBF^@vKF4WC zlszBjP9z1Q4RP$IH}Lv1-dh)0(y? zN5rCMB;%SMA9=gr*UX7SqY4G^4jN1%>CCVo(FH7x$fvy%P~WCN4$W%|8rY5CO~`$tBl?M_TJe1Ctz5Fd7@Tdm2LT*- znm!##4)v;z{u;qT~6?d#eKSEC+1L7v89S- zZk2;gimLed*!Az@aFUmwzkaet$eq{`a?x{vy8#o#d_`cm71<4cBc6R>CQ^69gd#T& z#cyP!%NDtF#^OSNc)^4#dPwg`(*>d7w5a3vFYS-@kH~Dho=YQ+l9s!60tzfByh)6) z+~`ph3}Lu!caDzm%zS<#QZ9+*eV3q1r>hs*oJgPZM70jH;L9+cM^loDAOx*K6LaNZ zK%uZgx}W@I6x&X0MF}3mJaoWV0s;D(>Y%sj0X`i7Hwy%sUzi^=<_dlg{3A)cTd_5h zaNm;05$Pp1;y35umX3to;0T2PW%=S?8b2=IxR*JSyO4OQ+3^KVQA!8#i0e!$vyP+t zB`8qSJ{aj3#&-TDA-00X-BK6ETs}&*CDC6uv8EsRfSAiK16xX#s0DT}h>D zhs?y*AiyfF64{YJQj#v8lj21)(Fp#DX~*cf>lT3RBw^6yDwlHBQ85;STkWXwwTJODFIPo3sC_{q?NURrLd(iLdr_a!b%(ga|Qj{J>Xl&hWcxzxIakC&B=LO zlQUWD4Vi)fHYrM#DHP^7FJ==W&xK|B`uIKL(>Xq_EK>6^=(?;f0~BcDVIz|6FAFBu zNq#KlaU_8b_>%N&)O#SHQ=w_S@LKaKNpYrMDsS}EfCr}}D;1J=4|p`p#T99d@{;~0 zYaSsB5Z;!Mf!$5-fA0LnjN5+u$P9w`iF+!<-{eGV)YeVHrNiia{|1hbm!!CvxTpY#R|p(0;)rmv5_AALYd6aIIOOTGO~M*w zuUQkQ_q|fFh_PUS03sXyCKL6!FCfh4Du|v4Uq5$SMNevE;H;9ui>#_!4hB%bZNyjR zn&YH_Gr1?XB_zQg4WM)v@5L!hQL1^kAl&)}@}foFwUD99Hc!t)m`hP(4D-)~_FI(J zZa)FI33LZiOGPhaYKtT$K0nkkbz$)e1Yq!Rmb`JC>r1Ln!vxX1xQu5k^<%6F;Nv9M zenI!14F#~NJNJ)MFVu*cK!)S>q^eY&(#`;dJ-cqaj#%cCMLv!X#wT+@JB-8)gLMZ%xh!t z z_}=w0Lx8Xo_%d&MJsm^P8`U!&?awqt39< za6P3q*feE1Hgm4A7pXM`NmdYC2Dw zsWw4|OWz?QkV6v>1uAr~U_(r|J;;s+l1BJoIph0@YG2o|5ALZq!Z{X_m@!h@Gf|b! z@u>Y;ZV!rRAdC6;Wcm%)ZXwE??wcfgA;>3m$x-eD5$UL#(A|R&;2fW5LiM!|V~_L2 zxdoW5%g^h_)1=KRK68FULNV0f76=9OYuZCq^2YDKYd+&FPTsM(T$FX^0n?o7z_R~Y zhgsX2V3sj7wl(}-U#HFp?+tfm!CgW;1ru=leeofkJYXh!diK-B=1YkREYKrb7Y6*J z?sQLILrH)!NYc@yj5-RdkYX0Qyo%eC@5l?(P2Ds6e8*$U^i9($pn!wZ)fqSYR2G4h z`C;NkKqT<&jrpngHu@)yG4J~91Q0^)or0|Gsr`10I1Fzk!b6z;NPZx&J=A?fBb6d$ zy1~436`P+dsr;5uAvFpDkRGBPei$p?mvLgB$Gf$#77DgYQ?Evw20TbIaJv2VHEE@K5AS55qoat3Nf)(q37C?Gm3G z5)HFOcp%L%jS7O2M!UKr_aIY}o^_bu>nF`m?I$!~FG&vBBx8U8>s1+^DN+|F0*+Zd zc@?*WD6cSwHUsB6Y;8* z_~s%0;dtD)O|ah+_(#;AmxKU8IawMCIco^I5=(9q;(6l*sYUaT<39W_x3i2)OOkw0 zpoARp@YE5G=BtxO{a%e(k;QtNhps&rx>MEAi#V2b5BEOBD?2G2MSUNgXvcX+g7lw& z5&i+p8R&gB-z#+lj5iqNa7B&*_nOK+L4b}x_F4wAT4;H@%E9Q&rrs4rNACnD#X~Tr zq?_^A>p;CeAjsh|F63Hsd1)@W)t%|tE3!kndcl(?tg-Y1Y>uL9xNsOcpPas39?3E7 z)p6n2NlaG%JGX+8*(()y**KUIU(GDM@J&Q%vP^s5@SHsaI7AU4d!N%C@LLj(u6TBO z(cM`jM#g<`^-3~RH$zvgAr!D*WfzJqd*Vv_cr^Ff<2*q_Lq%+>3FV}A8@SWrQ1mLt zB>}Sme5Qg|pXtb@RFY-sb^*b3Fe{`r!rcKa4d2sFD`ht0S80yg+)NF2zW072CoJpg zO9-H3E6!4B$RL~}U}an`3KyzclP@lisQf&l&1!;rWAq6Mkl$SI6fgNK(&33iF$u^! zQTs@jjC#Gq_bwR>OghZ36G0mmmc;*ll5pIB7OU;OD$OoLr(j;*pxS_c_DZNun`j(L zge2QoY3$;Sn&3L85Wofjh!*@#d{RqZuu!(-XT4d(%F%L~I{fnNIDSSAgQ&P36%+_X zTsnF(IwHDC);E|X4`26lX$o$)$>r7uEM3}qRVxi`rWKy|)G0-Ao< zI|$nkdssceRHT@$4~db95o&#@d4%BQxD&+lDu6mz$JeHGcgUQPU|>(C!i=H zle5d668qNMsB4)hbxcO@I~9C`=IoCCeQf_I&itnlgQ2(S`S^j&!}e0e&trye7|yMz zWJ3VNlU&V4wfx)fQr{kxFeY3=vukL)iX|}*z$d=;(aay57?fM}qa2Z7yP3J6y&aI! zwkRtrq|=_BmnMAoEvfvM1jL-t#mkQ6TtS)_4?uwSm4rOXf`X|_t_n5Gv0MYr>aI?Y z*xDs|aDwUaqP)ZTRt(Z?AgPZ!*5ms9%bZU6H+mylc;VLC^O5 zlyTep1yYAO1`EA9jY+?J`gyitD=jKiPi*f@W2 zXWFOo?re;8=E3q*nHf=F;Py4VZgaZ0LQ*3rkf2)Ha<%MwEA#phW9BkO;paqL^HD-; z0{nQxcdSXfUNTc9OWuBDiHH4`XJRFxuXHc73pl|r4%`pSel`?HYgm-D>A%EKrF#Yu z^-6%A4g#=?myWj5QR@~4_&MZq&IpUVpf&RHPw!b=I5vSg_TCE$sIPHOKRZzFxW@EE zNW%A4&aC6rtd%>mN$VTd1eJ&NJLfi}gn>u+Hx6>0-0#}DMu16ieU}mFn>+nzhfNtL zbt`aH8Fb{@+83~LKYZFC2i-|qW~HWTk9QC6J-VJY*%yMCqCI7Ubi!E-6K2+6)zAWAX>W#hMcLROU6EElnCK}AEr0rezDX~7K=#g6 z@27_x>=PgW)@Dxb;${FhMf6j)kQZR7o;|8Q0SNOc^)rfKHHc4_=}zRZm<}S922|zIpRHv zM`A#z8)0mG^^M8nMlDXRXo3BfHsAzj-@!|t&&Ne{(lj-;;Z)V@yQU~bj0L1Kb-YDB z=XnZ7vM68k_Sb%r_Ho&a_PxN#Ku^|J^=TuY*k zDZ(UIzBe>RxEK>@X6fwU>}uxZ?COYckoL4ip^-us-~=)IJt&{$(v&pRKKb%k7dCLA zmHki-vL6h=oawwXhNsIP)~MrOx<+)OC4?~%dRSS8y3tfoURgAf7Yb<1uD^JgM; z!}J8@P^=UuEp?!Z^!lPzwb#5LO90X7RO=v~>CI$*^+%yMPo%hr{t-%Bl#Q(e_(V%@ zK@{40FJR+}@ZN)VeiASCTw=p3TfrU&aoILO=ve2qGjb z#l#LuSnokCFA|mmiBl`5P975ZKxm!Z^(mba0?gmJ-6)I`6r24K4_B3cV|=cq%k=VQ z)ng{N;|*{Lxl$-_*0|o=IbTTQV|WFt)cIRf{a$a6hvVB_HuS);2B~$|Do*6&X_vpA;>2)QUPKiBe1b#2KV(qon>JDJFLJ;kR{(&)%sKmPHo(;+Y zh*5HPjo0Gk-Q>?efcnTNkCoc1qt15o-8fARy=w0}#+ua6ozTAT#X8fLeE}SdrMuxT zX>7AE`O`vnF*M;ZI)-P^wB+qFnUAkACq>J}L4j}!()RtKjyUV-&AfW{n88@zJCd!Z zBLZz{`#TAZy_gT~X>$9gH>xwni(4*H^Y##^S<4F4U(bU8*BpnvW6O#XpU*7Wpszw_ z%uk<+?^6pF7D}XI7hO3%4h6Jb6w(OOl7}-7bKf@1_m$$YKF#2eFu0aq$rRn2%cET# zv>z&<2uNB)4sS3Cz~b?Di0h;7 za`+4p9WfLbalWf)FCG1Y^dOxcZbiB@Fkt0)`piQ% ziiV+r%T_0EEW|-v);}^Ozs;FGbkBY{X1A}0AtG=fh`X1WjkTAVqq7xK+8&8?*(0a4 z+4+x(8b*DYu?RB`i*U|&UtWHI00)NUIGD>drbJxW4U7t8qIxRNTKQFlR|MXi+(4NZ zC_#ahad8u;WUE99asJ>p69E@|>F2VTG-;j{Srds+pM=cz>K+T{uX&k2Poo^JY=l<^ z+ts#TLy6t+_8@y|^&q&=eQNx4xqPYoT;_h2yA}Zuz`(DPRMdQgVMt{3g$}wV!p-4> z6x#De!`QQrT^3kI;OZ6CGAVHo7ABn&H@YZ+Fm7{6U<}bD2OzI+A_(3Hrmt_lpt(dO z@}*8ZUchlb)A~#}SYP_Cb>E^JnBG=t1STM0>40!^gKbwzzHQn#xeIK;|LvY{@15Pi zw_xo8{M6Qm1l&-LE)Gb6U#eyJ5EHo~EuCGhtPv;&Vxq0&j|a*M=}b%nwj`z@VeGpl zM@)orasv;*Y|f&byMJ+WVAJCgD_F97t#r4au|lT1z*2@!3+Gt;hhbK zv(7G5M*6Jl7`46GM@+kx~#ix3lGbPH2*k>=W|CvkndtThsWc6UXZ?OfSxyPjhP z&csH4jkUKi5EH?^)_Oo;IXMehJ2<e37bOaLy;J`0W6x#Od=LErKfo-z@(RLBa!x5u8X9dIrg@pw%^M2uy0ydT|+pW2C zsb8|O;8$R7;NUk5wFtVqAJ94 z+xPz!(e{QQ%F$*osP9ejCqhAdzxnT8;+A~=fdYWJAe>N^(gMO?bz;jA-|Fgqdl<0P z(F%4Fs#{c5{RXPEq4_esKywuW=;)8KS9_57AN*j&`K1}J;Jm|e^K#i@pwDo`?-&M!AHy3=|Wan%&X)XE@{9CEYik|En9tPLS+FP4#Ea;H#Z z-)|Yv&D{b+f-pHN4}_B?(h9bnhjN2~H1eGke@kwNub=#7dizeYT-z+mzpb?D7;^>N zqncb`KmXS#nEl&zzNgb*T;Di(&vgX;(rs|TK$_mg)4PcJ_nCS(RsStqy>rU%WWBRz zo2`FN*E^T~3w-?#CG4+^{TI;v8f9;BHqkcssDmXK47vVPMPY)17^2yh=pXVsi1AOj zY!89`0>Ojl+;Rv0ISl{pE_bAcxhWLF0p^Nuv;xOS@5t*fSc30u{3r7JV_Wb~lhtpG z!M3(-H~+Th=SNKRjlp2Qz?3j17N54RmS>HCJ4U!BEO36@8i=g)!Ff% zwh}%6Jb!Z=<5qs?Ka)}TJIQkkJjln}S)gxc{@sMk|Iy$456kLrWy=48zqutYfgP*y zKY#Oo{J1A&wB4Wn+41=QrO)rE{y)jz+`6Cte^BP%BfdXj(Y<+G6My90UMfM^K#G^w zJB@*6$n2?`5WsYZK-TmE$IJsNRuOXQYwfpRa2^wT$>%Yd7!pDw#a{>o2+?WniPNOd z*7ZWYb7$pf)1Rv3XkZRV&;Nyl{)Mv7Z@SEOit8(|?TtOvpKU_f+l^M&?~wPDBGE_1 zB5`9WK2E&$#GASTnsUli;&o(+J}F(zjqGskxjdvUTg7vttL!=^fwht!d&pm^HeiYkKcoWpbm8xD>z~%9e_j~*5#t}~4p^1>g_(KV*}fn8_fAUg ze+3GVd4E#x{uR-J78lda|FQiXY-7wA!$0rnM1LXCy-i!Yjo1G)AJl^X7gHtwR15d- z)ckKA>{f~Azik8lwIt8Cd-y*k&A+)6|1(6tI<)C~R_ou9x%~Ha$G=%&K)U=3wrQ^) z`iPQ<4>yoay+F=sts$vUBmV9%HUwbQ4^DY1sG7DC?q1WEwmED#t#l89J}GpAKKqN` zojf8az){~{`}z*lt%DnO*YK)h*thLGypLGrOX>OJsdbJqkRHiWe1VwGL%3(e(8O)D>VV3;dz50RuCv!?Cu6f>U2rt#1vm9|2J=I;L+bd# zXB^D~eS@j;=7K6NN|K@*jZu?oyGECO_msC*j#oyxI(mZR0bx2w zG-iO@*Rh%I;J85n>z!kugKg~z%Glk7cyD`i9X%b;AeeBPNuu%T=m?@#zAr5n0x(}g z!!JRDU0A2uus=joVnqv&CyZLlCyI}ViG?&xyMj|l`;)R+ZX#IqV+Lfp531XR?6Zc5 zUTSAxtM96!>&IROuK3=VtZwvj_u6QGTxaPL5=&6poHDb(&SfQa9UmuPR-2~UFuETA=Yn1%_8I$>Iu&&wXp@?{Gw0k*262`BoZQd2)dosp zBhmRIX2i@Pcc?5KD^a|v=56~KcHITo_+b74;pp~tklUWFmC|XwzS*f<-70w#pDy~I z|NG+W;L<_4=kU*QJ8fu8Mj+E<7Y<3b(Z-K)`OE~7%-E7P-(ly8Gg`iuGtP7`Cd*Up=+&d|znLvF!MV$E~5wYg+CNBw-~+IYY9H zBjEC^w{@PT9K=g~Us${l(0}M&`Rr^xp~CG&c8?m9vT7j(L?$Qkk}~o1?FROl8xV)< z*+0l=tKz*4N&25Y)vJfuY@huZM=!BkhzJ_R8Z&?7oAVGrA|#VFKjVVyxfIx@0%5&+m8e(0L>E@|bRsNl`? z%~Wi8d6k#!1HOb6gKt=!=cuHN3r>3GN6b59=~X@;U__7GOCNU3AE&)eZp?ePUVk6dzDKYBY12K8 zI(ih!%qw5(e)P#cITz+FYtB3d0s5$PR>Wg(HE`oyj1S~aP91Q{A7YLUJbu*6OY*Qs z;bAC1?NirIfZLVG$9g6+`CVCX$O8V8CTBkbiSaLQY6T@<4Fxg84PR*pxnqClMd+RU z(%t>+YrX`WlV`Ry@_&zzsEYT;yteWUJhtGLY981Z98Oc70WM>fk8hGbN+fwgY`qsw zXYc9AIZ~r9vVKLm*D2wqEH}8Q!Q$DNAw6NS*#K+ucRr=QJk(UvQJog3;M zVRC6L<0G+|e6^b1Bm^io38^W|B%?L0dHjUNpYEmI)jO%w`^4_IIcR)%bePT>3am9L z8r6`{te3FI(HVwa^?!2vZt2CeK&C`fqP3eS&pKp2J!K5!boeGutH)Ac-Sge^VNby@ zA_5(vtrwF$jTi33M8KPMd3m*)`ZE4GV(Q2VTyX6LYNn^1hiSzpoDpXZyjx=2oXGH< z|9IVPp>~FQZNA|nxUxW0^TZ>>qQ6o2y>!$dFR;ql)YBxka=Gv+*ZL7`9q4sil^3S_ z0RQ8pLUL!>Z!H^e?rJ=Y`{;oNhvkF6k6>*r?SU5Dc`LC8U$xfNYeD4mwntQa(;kwl zYa(Tsz(pz?l+n)~YtPzLMOxtZ=`yx1_P!vd8ywyL+$pFj@nLcZxbgw-yJUn8`{&d9 zq(5!k;*_GaIB(iL#Dn?}qCY=KTT#Fmnf>O=#oB!~JO-ipM|95Y_94G&JZ1vR9y|gQ zN-rjI885u7&QuQd01`w_xr2+r(1q&SE{@e@Kp$?t%sOZ$Yl8ne#(5$5w%ZCR;RH)O zIH&ot$$g8^7ilWV9!xnSk5}-#@AxLkQFKkRy1f0s)*=V~LRGs*5975i611T5<4sy} z+a$cZ!-lCnuVJxlH_}XPWAp z%cV+{J%=G*2y$+qdg=#V8>@9b%ucT5{j}XMdE7mCS{G_>$E@+wLr#=+pL_50Yg9(vPeO5&o-9Tj!!J1Wd_nm}X0vglA+Joq75Ed-7j3WYYI9rJG}2^@Vx4}z z@|>5fdy#ffsIs=nFswnHQl!h`(Gk2B>U=rvUV)6&SjHdpd@CujGfQX>s(+e&85nql zjryb+fxvsxxXN6bJAYPU9|TZ$Ix0#TT=t$;`bVumfu##e3K9qfWS=56Ezea`Cu_fd0|B~f`g+}- zi=QXnpZ@7-QMzFUL%ZlI?M?fpumkRsI1bX_Bz>y^vL54Q*aTH(iC@z%S*G*CqppnWqxlW%rJM@zcT7*k0`Gn&|ZI-e^6k- z;$6GsmsuH2+9e9`7qP|Wqc#PPWtAU7_Fv9=D3&8~EUGb9!t%1U%Gvo6-dkV@ewu*y zGvQ>-XwmYk88i17tNF*`2BIW<6qlI*#^{6&o6`^887}X`Yc3=>o%8JVQr0f?f1C>X z4^KJ!mMGk_e%7j9q{$Iqy}LqOaqQPzjpEkzkN86X$;VPom5`8`Jx$gS`^0!Q_$@jtF3wQ%&Z%Tb1_WF!K9;bt%u1KC z#oiJcQZg&&ZKV9SX3}^Xt-TRCd#`(_XQ~8EGdbDJmUljdBb> z%`QvLWO`JJ=&E(PgSO-5!>j?NlxTHKli4F(osbTgg*U+_Lmv9wa`Aty$#yU26^&AS zG?TH9Cgf=EO07sD0~P+eAuw90b#Qd)5Y1K_LlK26djsMbA3qtljN_r7o zin4cO&7IWp8Sia-;lTi6l@zxzNtwoe`Pg39kA(8+ZJ(aY-1igZ%er!If_vs*&!yeb z%6764Gbv+FOa0T80<1>C!P~hY70d>*jY>g?3kTPgwUXl?NPr_xtOh>V$oBYy%`MtjIKPfxYcWKWVX=40^4` zB%gZgAe5rr4F(}*KEiMd2#{$g^*Qy+y~D3OrC!_72WJ8?5^s!EHuJKq?qtKXn#rKR zMNW>+&&%eS{LsrXRpu>si+S7OmnYe9r;bh<(%j~h9*EFeQq50{#TK2gs#Jj%?+NmD zG8o^b1Ymwd0Q@zjuS=aP9xdfDRD zcfV8oW7|2w6#rv%86;rrsp&4?+V7gbKP_!CIF&C3?R&1yG!JoFc3DU?WmwrAGrxLbl)-Tpt5W|T4j diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin b/vendor/github.com/google/go-tpm-tools/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin deleted file mode 100644 index c783e736ee45f6c804ab213284bd3bb4b8aa5656..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 38268 zcmeEubzBwQ_V=Od&@Bxj4TlD$JEXhw&~WGwq`Mmgkw%aZ5s;KFDFviNX(gpYKzR?S z_j#VfbMNoIpU>}p?)%3(h{K-w&YHE?ti5W_YybcNK!E=K-NpnxsNoE@pq7`Smi7cY zxr4ZW!r%e$SJxl{2mlxWY5))b`gt4`y8C%T)H&wE^L>DoR-G6h7Ln|I93Vap2H@?* z-Yu@u^P{50;@ByrG2VwLUsUfI*nQXci7JaHejNY=IKsUMW=EBX8%^dpej42~D1VsU z(Jd&-Pt2JUWJVKHPcR>SQW8rrQW9(ij%q`*xVo_{KoTGgWkVZa3vdOv13Um`00(GW z=DO_&@Pf8o0buA6PXOmnMgh40;PgrKiG)ksu2`}b6+;KHE5B{U4}T1RuluLM`|GtC zTIFQrYfS@{>T$yQAGee_3Nn|gY`!xrX?Ybsv( zfe6pjY~foe81A8e3W8w!Pu2P{S%}_yF zXbGhwdjZFbKck#3bnL(l?`!FwXq?@pvil*q>C23MSaOOzz48%9I^E`=8h1efDjisM z;eWAt=Sp(WO%__3qQexgTp`qfN(gmKtN;!Ekpz$k`vg= z*&akmjL9hg65!(G;^gJz0}M63 zNA){(w71wGh959L#7G(Vk+_`W$0|J%2B)qr=XWl7rwy|>s(Sw;ejndjfNk2dSjgJ~ zItWjv%8MuVy=R1E4XGWEu;o>;%%CzrLrvj6Nm1kpp@@ zVN`}-5mj&@xR{PD>|HgSNKyJ~MUkP8 z-)29ky-y;_qR2;Sja=HptKEAENPe|!{kbyMZjM2eVs1j&p@XP(=aV+`EWVy8n$LKd zpHAF&wL~-ioPdWbubk3$)w3m^%*hE+47Uj8;uWsRV#+k|%_YA~D;-f-mZ8&Cghzk_ zz!hqM)IbzaNmF1U5+M>~s)iy+9B_Qd2xef+aOadUHXZB%QC*#;LnHwa1^zt%`wD;$ z2X~2x1VVuB{w#Lr(}ap04iKGBsg5g3{On6>_3iSQO0H`8@4h^P_X0glh2!Vm*xPm* zq^>pKKaORcYN>b_tk+eC+s$6!KvcYyNwJH-Nym3O2nw;jdzXsEoQBwxwdsic8>7=3 zD`#ECaO(uyPzL~mF8yOw0;F~422&@^Foox+jtSCaB?defca+G5f)<-^v->RIzw58? zn+Xt*#gz;qwdYpVS$2C;5)kpRYf0h4%~ufxEut?3jZc5WHbN{E$eJ3+AzURq=-iFK z+u11Mf?8A9TRDAO^r2}v2_*091G219kKDEU<-=+bHoDw3GjJ`4@HhhW%$bT5(&yIP z+4PS^E69o@rG|#b`!Spr|2l?uRmpwoQHCVe3E0>4-Df&IZQGYH0OogOr|}aEqAgJ$ zvawqQcbKF3I^YwQyrR{&(&^N$3kCw(0Z++@OOV7;wtXl^VhFV}gg+h6Cbgk&>LkDH zmyqC>sAG~Wj+v)pEaFM==kkseLB2VLe+^v#3H036rU*6aH%IaBvlmEzH;R$gK*0!a ze~w~wGxT?n*OU-o9y};0i4y~ab~TQX@!_>JIPpQaR}EBrbR9D{8(Sx9cZd@w4hZY& zAPPQ;I@rb zO&eQROKMd!S9c$3B{Nrhu)DK^nFW|y9RhK`HYA)NJ}w?E5DzDpAk>g>@%?P_UNu2M zf&USnnL&&{d8YY$o)x7PsU^j!xj>wpPz&|1Em!wiU36Qe&YkKzT^nD{bsk8;8=+v% zDy+IQf3C*fa@^bsXk6B};PS&IR>4}vcq%}c65o5Y5c(o3oAt}ltE5S^#ie${(h3my zyxak@YL?|wwSfLGl?3YWksln3xtGE1+v~$4hZ=U~cQGUzm*~I$K>9Y(O;C=zL>Cq3 z{HlmTX{&1W@flI)RL9`NS~th)qp!DP5Vqp>V>Y@J&Lwg2F#PLelO5(hBSvi=aU*Wx zz%je5eha}Dx}-nwi8=SeRj**PDtYIa7eBBU zerv^KD93Yn$0E7oxsO<=Pej17dg)q@FN$pf;ZMsI45tE>lp+WR8I1)Q4iPSxpAZfa z>Q?}NvS;QOlEZl-MT6FOV+J!?6~06D(Iz0$e_TKSj|ikh2WUVYt~oTg5eH#FpAiK% z;uV>2&<(TpXG17$r7pSXuZ!C@sr-aa3-#VzTDww^;nn3-h*}`1Rn1e$QwmqKad&sV z%fVsc>cH;!TbJ1_AdVc)_O@3?Ih5_u7sv8=(Q+T&`t?aE znRjc`NTjYMa8jqAw9o`;@;G5K-lk9ml{1Geu(hxA7t zwRA!3Rb%aG5~TD)loE-Td0yX9N%vi}hjPQ|iXsL}zU%r=*jf`N`3LO>;ICrFL<>cP zZZ40sO0HJ2g{H*YvFQ6rovA+y>SrTwUQnM0;GSj)cbHZ$a@Q3`z5|n@-}+MFSJV+4 zp)Bx%1G9%90`fhMy+yG8%jd3zm0^a^om7b(rkF$-@q0mJ*3;i4^}vIeE#CpjDu*8T zo|fIdP!$*RSzuE^w`1^hQr}Lu^?iSv@v!H~BddF4dSF=Hqod3>#ueK33((#({dR)8AeTb-eqU z4kC=&|3B@u_@MzX7tdArd+oKLP425EC@APZ;nOh3IA?caMXEom9~f7@*pqdMI0 zlSZ>s1QxYN1R#3=CE+wJ7l;B-wv!)X)VQ?)(R&r7&GLGP*wV+3Sn|%5*C6NMTz zzkhCdm(yKD5*;8OZKxMw!_^!sJMh(|g+?VS+V4_IG%kUw=8jyIN8Q(f`;-c#{wu** z6y9D+!0Ogx>~W&;mNS-OH36fe^QI5p@E(85F)|FC?Pwd5 zfA&xHZ{L-w@ey2|tuc>LY7=l?vbjw#z+HsO|6bSDc-(Kh15pF@i*hw{gaxV@#DY+7 zqlU$23TS2>ZSdW=G9sWU+*-v&7mpT^mUbj&N7Dr`qROl5nTGn+?nMFI``>QM6Y92H zL3sc0LQuDbbbSs)_s22#t8o0Z!~Ru(mxjUtJwJtV{vBUzYUjW|c{lvZHc7PBVCToN z?^QUR-qU7AlTG}8@Agmp=ihoaUQ~%o(9p<6 zMiyat7Amd_I~rS+?0$a9{F~`c0z^pxJBEQQ;1cA(_(sgq3_b}nXnwIZvD6|WueGM6Z`Cj709NFrSwhjD^xSX^&hu!(s7 zAv@;6qcI1Mm3rGcn(#A}cgIUg?`A7my)-E4x%m4W)LqlUtM_=#>`0Gl?ggo8mvFKD zD2Vzd5zauOl^^^@Kl>DvsYy^Gn@-Qse`iHJ^_C&L=xX|Mn1PUpXtOMltJV@d?TZ=T zF9^uYg(sAWGF<@7Nz$lgEM5k41Q)`Rowp2md3yY&rvj-B3*OGBP4~kiQjZs^;HAHU zJL?PmZHYWklCzIWTJ%D6Vf_cnFaNRm_gT*r)PJ=7_8%yo+SmRA^@jh5{EygTE)eLa zEoS<|7GGsF)RNHX&eqD-!pt2^E$-oN197#5CO%ieAl9F((*MD#j;)g=#LJCZ^=H5f&Eu$5|J{V=Be1z(g&l4AOV3HVZ3}>= z)s~xkrxI~cGw>^NNOKQ$=*-Dj%z;34c~K>spScgx<+6e(A}_V`a`zYeg~#oD9_!JZ zALE=?=lJW~Wzrc9B24L6+va48txwb#p15wJlngXd-qYaqTOHqGXpA8L(KtYd1}T+E z>TpUI5+5Hd6g7gkQ`)knqGvSZyZkOmh@QGYT01)5iMP~g!0?s98x&)}jAl<8rD00M z+HOOk(X=IhkYg4bW`pJ?W%RH>ljWn&3E?QOkpnr4;YiD4x)_L4-JKae{4SMAhN?!c zd*aEgi+#ghYtJ;5PYf{-BfzziB&9VAj-*~&`nS*I5Po|ONvP)#{g(+(856uVWvzxVW!V9sS>_4K&qJ2HgiK{BA>29g%-8)%hp1|JDr9>G+ZV5T0wm)<2u*i zI>t<7g8g6F7Kc})-3;E2jXWqPA`O<&eQTT(^wRpd1Mhyzs_5+{-U4(FXLxOf`gbv9&dKwc`up*^X z!q;C=KYE=x*ppUdWImZ^flA%#f#da1_&~ZbHzRjYClJD2hB)d~WKOQ<|JNkP_~ceZ zpjD_^6*As@cCp{N@#EE63_xh1y>?QgTb!6LS{@oLWn+c$kXq2YvlWxWyQ^XYE!jYT zL>N6=ngYCdnRonZk8;Vv-okvq!DBzlQj*BgvGE6r-jN5A-pv6_4Y7ij%>F3K0a2tN9@Y+KZk)s*!Ydp)5KGd`3E~8G zHxAVI-7VQUc|cs(#vaJ>*Aq}WZth^$zjsg9p6R**$H~bp2oivLrt5+n=dUIx;7^X} zpK|$6dHU5U3?POE*uujVOf3O*l$^h_86YhTr+)%bYuH*lK`WC`OZ%^ja04dU<_Q?p zmcbRT2bRp26~}TZqu-m|Vlfgpd^OUT)gaj*nc-Eg5&(3T!MF%;>~-7-G=>{{WknhB z3Dfbdct&aQbD)LFiC?GsP#$MlbCl5|N*RcjTcfA#)>Ov@&15gi7nN4pPb;McY#-8i zNHZoG6>09jX{PWgAr8?0X8qaFTUr>$v6@)#4sMUma)5Gh(=n@ZKflst7-6XF!uCDC zfR^X$a7a&qkgoN(!jab{%fmu-x~xw+5y(wx`2{b<;X9a$z-pJ=JkKNuzomI!upP}t zhxrBPob$8V7njcaX<-Di3sqYz4hzUdtq~w&1h;&jK(Qgi7MUUZn2JmG(0jU<$&PazYGtzrY@t68L<(OArWE>O4W*(NzisP8!Gou6fP~O*K8ifu*?Yv8l6YxYlBT# zRPJ0Nd*k43#u{-g_ewvf&(6Dy-;qTtT#w;TPPX;*=ed`RWUX9HzujVNl2AMOM(lEB ziIWZ(MqdTgg4dx_JtC=}Ir;dqHlK4`-_YoxNE`af%37`7!+W){g=BTq zg^ePikXRZ(mmqA|+wjYtJpOxo5(%{@&Ohx58Ya1*;nU;?s+}-$1&RMIB%5qEMoa|OF`l0oC0tJwh{-d}E_;bAT* z{y&cD2Bq+~GzBcAxryi{UYVSRw{+S!@#92N%=W?l?>pTgtJ|vZS8ueWQd$DLl(T>SltlxSoVSVA##qLt2^zK-xPIC-KVYHjpvd;KLXLrJe z>RGV7oYf0&mI7HVIU!4nTAVlbCHL?>7_|{z`|#XeBBb0pmz^KieEALE;c%0B9>Wj`#$&)YnbH&;You-UGaa{N*Fdl8Xc8+EBY|g6fYGTbia4_<08YiMda)@JR<2~j zT1CcLc)SGM&>HEdL^Bx zqvyr%NHYj3sfX7SGZffY6MI(`apY@H@pGJ`f{>wyuZr#dzXv%qRC5J6gT#Kfp`jYj zpF%Z@D-F0VeY;(mWN3==vj%=$n)dVnTiLo=n6X=cU7_aTSDhOK7f$_)0<>Ii;pxWy z2a&7#ImE)v`7h&tfvoRYQ{OBu>N+}va8{kt0)1N!qz=^v3Ti|}kUU8Cml;AMgku4K z1VQ}2?*tD=#PUD$>I_wD3tO-o2T1aYCKaL(=q^Ygk1vlWoa=wS`l{OhM?azU{6D5$ z@#on^H8&4r=c-29XvPO?c=hjR!HlnKyJeQt5pQ%a!V@u)Bw~)UE{Iw4U<_l7JghOE z$R*VORsHJ;LlX#w@Zi_?B)D7QN6wQ+7!0Y{ienzOO@k7nuWXSuCrN(923J(jel`0P z|0%G`AnE>zK;$Hd_B^0G#`aX%g)^$Bt^%RJdU>UX~NWoQfbtjypiY zL(FFRm?{UCf{*Oat5p&+W~-uYhN$nfa?0INTtO&?yg+s^00U+FI$12kLI++i2>?)pa)beoeFME%pIk^T*Z zt6&1E(f?B{G5#(j5qlO~z=5J~nznh;7w$(LJ_{}^!P_*rH`0GDn(wOkWL~ugfx8IE zVlpX?h*>|HCbu13Q#rW`$FFQUT%#a>_);n`^?9z7=7&-$p;wBaPc%Ugv_h*UJC^jx zEHf|Q#J12|m*&dYU0OpC`XNVJcC(DM=h^H^y7m6v@LgDqXEg>4pB@&x1`<@bZDmvw z8gFl}7JG<#FSv|wjD&1!aDpR?uL-oUarFoYqZQIz#I8ph>@Uu_B7su%? z%JTA!Q!WK$z!xJyvwcicIe_ zt?xgyH%$33b-j(C`+eU`>p>d5^n9`0n@h+*&1W59F=w+ccd+w zni$g~;$Q9h=$t*k5>gOIZrM-U|HAn8WIFSfvEY+BaA51fES{*Ur!`aVI}CKnhzvv5 z4+n7W3LjCLJlE|mKGJ@WfuDMg-m^{Eg3VI)A+9X|Qd#h-M@d2UWrucRJ@Fl)?vDGa z$zl~{;@|jEBpDrOf94EVZ*swomB88=Th2C2`0q(2l%(%eD2miSJJyKBmYOPwQze6Q z(P8mN93h2gkIyHQv0WK&e^^0~<{2{xL%D5#FYRH46WPcESbWdSbbk0!KO5TfXUvcQ zcDD#j5z7-+Wz-#OAG=U&>{eL(t*y`oMF(&(9(CDkm!NcY5DljJ^;)63`7x~1+fJpXemg>Ei%map!5)VDp9w-0q+s!h z=U=dFC%MJqM2LYlTpw!2&=wfz8RqMS<;T)oOAhbD;&C7q8>3s_l|lF14+HZ8Gnd{5 zvZO%b``kxp4v4~S9>d~^mG5F0NcNVXG>?m^An{NNj|!SwkEEW~VX@Pd%_ak3@hp!< z??|vG|KKxeQ|!WIKy`SssQ3VKDRs_ap9p9BNDvm!?wn*DUUK55M)j10svMibxlX5- zi@l7lrgXfKMeX@RSiI;+cJ92$ZjPpU^*7^{pw3sjj_!Bed|b5Ro$>8PMBHHUvO}n5 z3`@va;R|=|cUUKIPJ8qn?LY9**mRMxE;H-T!{S}`6Cq=?^8T8IGUnyCGcNjZsJ*a{ z@NL$YXW9n8TX?|YgFoCGsXa!O9LdS(dKWRAttUP#yoQ6N3t^en=GQT?hQ&uu%IWQ; z)g8q>f0l}2XJ%b7`5@9MK_7%9x) zQ8qs(ccurx;s>y~t%w`Gd<)6Y#2?7m!*JWY6EK|*Y+P<_>$NWb5Ce<1)G?UB^Uh)? zsMJ2@p;CWte+v921@PAMSl?Au-mJ_qH2--^-b!9JSL*sTlr1lu=qyi{meO3#BA?A z_vA?}G8f3zs_Gkl(*9Yajl<-#1 zHzCR#SiInePR95{MUymc)>mH3xCm=vA4&o(6iShg23`P=N#J4eTt}(Ef}Cl*f)44= z7g3g0jF&@x4Bw`NG>lzGc`jWNX==^P5s~+uw6ZR15iplFKWXwJ-RCXKG&M*VMa*D} z(}KmnTt()=ZnM`3&)`l$$-P}~Uj#;3Hcq0b=3{0aUU!y<#pjY(Z0itrrPi|VpfV<`KB0Ov)esv+5wCIsP|kORSJ1I*5Z623>%a;jOQi8Op~mKU2V{*_Zjbo zJ^Aqb36i6*fk1tj21ubLGT6Tba0+bfTg(`4(WM>cbbzG~K4{M)3xyvyZ**nPJTW$Y zMCm}{l%nFx!fyZhQ$Jt}7H@DnK1tXmOjx+M>SJ7%V$XvlmpeKF#OEf1Y~cla{WtXU zjt>}nS$uz#vNS{ngID|6bFZhE_Ho^z10V`AcZZWYSo+Nr?;JG%s1^`9I)taC5aG-8 z+|WqEb{$2$&Z&qW1ER2a-~tWc*w6peM0uMp0lv*SSpZ##?oHD708&ZJ)M_9pEIth} z7fYPKFR^;e(rAHJXlPFj`{AU`wH#?SaVpPRiTd!xtUKH;nCmZ9NdLL)Jw4z|Bh&nQI2`M)kc~JNER8uu9J_k^B zf8v37U&x%?fkeA!X9t7_|8Q(x^i7m@o(o zpBVC`6_QEp)EyPU(%<)bu97{M6up*PXxQ;mnJ4o;VpRs1i&dyvUPp;f^@cyi?7Z)> zd22_zaqn*9C)1^^{BAV>&r)LZONV20&1||G{yIcAXunv8%~`Lm-$Io{i!pg!+8lyw zGVlha;-qy==LSDb^G7SYKc3<`lb4>;u5=5~EK|||kJuQFSblHeR8M!{D8K`eNyg;{H% zSpv(8C3Y?emcH-6pr*wLHXKzQs&PY;*Sm_bkZw^09aEtW{C(EV9v@iz8bHwKH5Q^y z&>BF^ySC}5Kxfy9Fo~wbPtU||i5~eoES|h}?#+Hb-sscXlz4oXA1vuf*efVBkQq%z zYc>aeHzHWP$OyyW%PlE^p;fv@hVEUHIYYg>{8k?_?;A@#5IxSfhsE1`mEr1pO>WgM z67?}<<11b&VOE=TZD$|b!#??}f;>rB{E{N4z7~;-oN!E{+e@}ZGNr{$_HvqA-`O5> z<{lZNzJBP8O8?+S(t@af&@dr&S>fh>AiM(U4?)+t|_8GkZEZ)B&u#B+({>1Yw zizvhyE3*S-valmyBZP2I3~c%4fZY-XaBsF&_3 z?VgBFhs(^Erc1xujMYE45JcoOg2mrW+Wof57*O!&{=*au)?3Dl_tzHtK?*Brl|8ZD z(n2@%OOR7zm2UGmBq79X#%Ge>x;KC)V}&cxXw@tH_y9Q#;)=;@lPdRLKN zItDC0x9B~*=!D3dO9?=ef1IQSeGZGiv1=Wg(`6vTq$AD^eHeFbe|z|S;E4SR72SpQ zS66Wb;se#UBPE@7yd_;U5Ab2>8|osF+J&w2M@c&qPkh_7VQlmhAIvTppQ9SWHBoT))pfWqH>kk#q@W> zk+I#x8r684p)uSUgZ|DiPA1f-CQ7R2m*EVbA*GiCxjYtHwqx0GEJk`6(@UJ7S|J2d>ZQ();c07GkX!uKrj zs_mYwY&OiFetL+C8Eg#>zVs44FRMdJBHwhDsI8zId3ud7^t>qgI*4$G^Xa05{i7S(An$70T zT^_18@DDgwLn1jVSy5zUBkdgK_lZBhXiCDk44ZopQI&0+35(|kPuaE`e2bCr<;6|B zN5j8Xlnn{XLEqEcwhQ;RE8&5~3pm;u&a+8-E|9$$I$C++J*)Qokyd-dnI|&;J%CT@ zOIZ9}75CTAt5{M(DuW5fxJyQbkpf=!E#a?ayxx(}I{SJfe!Kg{LHdpJIth?aFOy2b zoNY|4CI9?$BU}%A2a#Jf?+yENZ|%z_PaJPYasp|eZK!qRBO>v4$D?R!_w(UxQ&ima zVEGXdytCVoum3(@+`8HFL8y?hB+ar>i`3j&KfibY8{>`mQw+V=QSViCYS}UdTuCe3 z-Af9P4tB^FJq`(q*CvNe39$6V!-Adr*E zfq(b)g;zV5GVw>S&OzuZ*C*i7Ex0Txd$^sKYAy6RUa)xS2z#Yzvk8N{sevf&@DGe? z_2p`wGKr(1){ApQN37rQ*D}^^^uVc(Jo`}hUi{$~^On&8x^9p*owr6152JGH8}Wne zC7HzwvHAN!S~ zS%b|A58)MU)aT*#oR>x>A;+{|;U2%;4wx1ns=Se3n~iiAdbR1nxBsYGcIIizc;DiL zOt^HHe7@=P^3l1_jrh}o3RS0;M4FE^u{RS#5vRMJaY^{~?fP{Gyy)e*>h~3}{DW)0 z43W$rbaBq(s?WQg` z^JQ46BJ#)!4q<-}mcEVK*fBX%tNOa;*GoOGXCc;-k1~R8nP1YdrUr5M#@(=Qj?Eim zBC+AX)7k*{^NV6?rRAlVNPPTe3d*55S=kh2So)3|@3?g4yM}s;UOE#sC3%>vFKkhX ztAbM5^;=|j{UTxU&iT^l`;~%Pww35VUd(jRb1AQ*ZwYqlM#Aw-M6s!r!{S{#A;Er| z$(b3M>14fC?r{W^NaLHM^+t)}HC6-EuY+On-o%zTG?AsXFWe?dkG4{$87*D3(E=Xv zKG3B!SLFA&QLpe02`TF1ZjKmhQ?nNC6G@&YEPtpr=c3I}N)Pb_-q^a#G0~ zlO&ots{$Bc`46sWl6z0*FnR*cx**U~`kKfxiORlLh>nr18qPS%b7Oo(DR~R>C2(a9 zCF!rZvmbz_3alO->dD6Lv$ELNgu&gYhsPqwPoe7ET75>-fo~y4$A!X`F>SM-sG9_4 z+UcR*xe*V?rAz{CN%g=4o~v^*ii^x)XX=6VN4F>PyDkRa%8lNLuM#be&U;oL)PHhF zjU+IoUUYro`Mz9dqCXeg6pQ!=+Y)SllfZUGJM#AgZs)za!zH(}G^tbEFBcaHtT%vj zL*qKvxPi|gC&*}vH|Px&tmuxj*lai}|L&%s8kQ=q3AUC<4E$SCb;!kwhrX*RM$npGxjl4a}e9hP^!xP@S}OvA&m z0!#l9BlYL4Sn=5^#p!anqhOnL$r9&r!{VjZVG+Oksd=t9@NB$UPm52Y#%vnz<2K6a z+mnBmG_T&Sl_DP^@e{Q4y@A)vFU!$ddl6Mm_C{PW={S#=l*&P@)E**oVDm8?zzK`b zey-v6RDZir6yZ(|5@J;-6{=Zww0;xKk6V%T3_xcedup-@cdxD2t#r|1LHj6bbv87%(E zxF~iD2}V2DY2xF8?s6WI?XJ7h#hCOog>?~jg&VA}_@Wu_SKY1on!N8(PaE~vJBusN z@iu%b3G8^c>OiTMH|nKjx5wX1&Pu!z%udfs%Y%>{zbG$maI1cQkoT3wtv1F1mVV{E z)u?t^<%~}THErA)@^Y{28xTC_=X78En6j?RH@JYsH%!)j3G!GiPiU7psi+|1}> z!m75?7nZ%NxT!XG0E=%FMSi505JP>2S<%6IaY03I<0I1i8r?c&(NnB%j#(d7g>d#=g3BgP+$YR`*snl-j0koNhZ)B0%mVoCgeB zm-JX|r;ea?OWm+hUKSA)!<+Y zr)QZdvKogeV-yyjHWWgp(J{q zwb>`F1LG)i0+xPnj%9I!;0js3wS>AqF_In0h!6v0%!w!Q7FplhW!f9{)j=Kr?(
uuKlV$H|keI@mo%fG^}k=5A;X;qhD_=qU7Fk+(GwF zOBy7U-P;X?3u8BU1^{2ZM}|R>CY!sgq5ib1J8rBTK!(1RS-1ve09tC!P>7E zD*c2#|3>_?p!OOMlt%!X<}>pmRBE zBQo>}qjWhJ1QPH?8A~JEUvrv@?}q(c&P+OtY3WI6*bW~F9T zv)}M9U#Av!_P4d3F#CMvqk3fi{2t|_B+g}wSKpy;4pyPNTEp_QS9`2>4^vaYCJw){ zGij%^CszVkJXa%vp^tp#kBKS_i{H<8E$kac0B;k)HY1#{z3 zrvfbgfNH|5XFUx^Omx7HqF}mgaLHNkAy?CU!lb>Iyh&UtEdDUwaoQz5?Vf3Y3hV0< z^fa1JRn{NqB@7h@+& zJmb&c#4{s8j|XYRJlyc^D}lv}#l#37l~+ru-;(F0hv)Pt$1{8Ji3VB8eqVNkfJUPc z7O#m4_mRh_qf6wF^QFOI`{$T((mJok^2M^zy}_=dWHNy?PxB5s+y6#`}vj zI-{DKB$PK!Bj6 z_$w0DF@~PrYX4IJaDLj1ubYV_UI*+}=|58?4wtJ-QrqYQi}+DNd;$kh+M#a=MM}%A zS=^dOZiishUFcn5m&ZYa9=qDE)@Qofey`x80$tC?61t*~>$Qa7pxpkI=g(&xFC@78 zt48Jq^*z~a-a!z(pkEv`4LvMD{rre@K!od?C^1jBR!Twsm-qI3o^Vz((`X%KKtMM0 z69x&yU|OzwYA2PYvzkS62W)4$c1h?Di|GRw+QN0urBPBypKXfg2c!o+NU|w`@&wEC zZ(cpGIsSuZ=!@LYAMR^T&94_o@BlbnulfXi#&FC4>?=IuuZvWFzKDlnw)0pS>%LT^ z;Hb+BdQ3xjctk`VfFX2&5gC9ybbqzX!fz^u05^aQbmb^V==TkL03HB4R6bVFHUJQC zi3lSf+M?sHS;rspD0mq^)hoK!1z(V`U;sEXUQ>dw^Gz{HLc5Au6%z9`k=p8HM%f*X z(M)3bm{WiNy2`u&b+bJVp1jt08Ba9x$=dgxMMQf)@_Q9~wO@?ISDYX|_`Gi2lQ32m zbLQTe=>)y|Ka-Ehude=nra$Ea0-!-3B`ZJ+%DFhe8Ttd24hjKaptZqo^OQ&B*@no< zb1+dpA~FGh<{7IDfhU4=h*Na^p%oqH&3;mBe^~1lXTkZF83A}Sf$Y0H%YTRgD6Iy2 z!?Rw#zWittdn8TmcMBmMRBi>HVlIoL_uK!#2LwFMgXBS4`Se6}+ELT*P78*)D5bln zD@(b`G8*(^NHRK+FE|#XQ$yu2!eA zhOPj1wc?lRwRXEfrQinD5%9I9NL{z=p=Y7v6AlP?D~@oz+!Y)g^eamQ1bEbInpaX# zu0RdK&DB#1!&ppRm=G(T5^`2J zO0zE`6C33EJFQjvS+jx_&qFgRnt*^nlKfA8<5Llq2@hDkiKX9o*FKy%F636L!eUsk zaKpVNWng_UBXv+=RKlY;cxsCh@-L*K@wZapy6yqZKUPH3fUezjB?Ct2$YF(!9aiX` z3EKbPk^lgZ;3%$a72xXCbPWqPTSgEoH!FyVTFTbV{#x;IuMH{Gp#Cyv!`L6BIZL+0 zUo&VlA>QGiTs_&>#sCOgyVjm6Pk5wFF|*z``A&G$?AoUqumoYQTI$Ww=7x6OD{r=j zlSP?Qr&K9ipJuh@Yn=518aU?Jpd9qf%s}t)DY0W7`yc2{Wdd)gC9~pOu12z?nS%rL z(--QikNU-(ouMx~U$3`AZRHAay#9iQTE+Ql0iG*a{CCa$fA8*B5AVNs_n!{-zvXDJ z`u*SQJM@$6|Ki=RJ`Dfw_8rQ>FPpFvsWtx1m&pm`S((LY6gptqy(bU@u!mK3?-l>1 zil(TK%gH(oQbH?1*N|p){Exmj%wI}u%z%JUK~VWdXb@({7Xe3Bd}b1Go{ZIMYrc>hHHrhP@{e{+*Fv!Ri24#Sz} z^$c~5%QXm!I5bplJp3KcT{8S{-t`Y!jBd;wRHtLOO^SfL0g-`wuwm5iFzeFmx5WOq z_J8BAUwZvZyJ+XdCYRY{Y4&Qw>{%4;i?8*^yZ^GK!A!o9?oon-tOafV7gkR8upOsdfcuTGTP(S-XEp$Wy?v`ye_;) zKR9dKW-;nh2u&P`}?+T z?ts5?uoT*+C#0QfFo@)5Z|Pj{L+3%qYYcz`Q{TDJlRzvAqSs?*k4ut%RJ4Gi^oDn; zb`|s$mhiiQ06p(EyP}XI^EQ%0C(3YR-h=u>Mp^DYDFtL?`1bWAgp9+<`8Ox1jHx4` ziC%k*9al-rFAj9CmmXdChv6ZNFcNHt;E2Awn|zV`M6AN&PCOz8AelWSOAG81ZM?^^ zkP{={mUb&XAS!R@X)zI>t+05Z5)iN_xs)1baWO8%9!mDo&YuL;Ww$gHES^ra{*K-G zt*f`YDVp{jr6vtZ_Ky)vJ(~hjP!?3njZ9@00FveP!qYe(W9WY8R(Q~JSDOYjmoS6I zn)jj6rYH2*0pMnC=FZB=dbK7fh#UH!0Qz4QTO}RwGfonkR%$15e-YyI#fUQca120o zDc_IIv%|92d5gt+sRsRya|jigBj}5++u4*Fjvi@1K=bfyv||Ka*b7v6N#%x5xB42{ znm+EubWCmBzUU*9W}>JY@=ZZ!8sI^itQvlW9HI;5jzo;^TCoH9Z(Vcy`#*tSfBdVw z$Qqg_US&#umls`0;SZ&xc%YDw^nNngF~E2f$1a@xp4WXl3;@p8LNtSbglvA2r&=^M zXx<1lz*PRHZShE<&-4pDq;CTOcMe7xNJOI`49pNtZzQ7^ijR9JE3?m1tcMSz5D{jL zD8Q6nXh9EiBpXPO$+OwtQbX^`Xk!UtwRU#r(xz@dJ|MazoF+SejG%vWwJDpvOe9S+%OmOzKQU?@0R%e zJ`*V=tso%aZ0olA7klD^+%FNH?*P6F1hr`Xk4F5yT`0z8do_xM*+&|D8l-SzwmN8} zN1^5HmV|P4#e#{2qvc&{H?Wzjg$=uvn~8^qttGXUnWY6cAGaBsl^K|qjmMmak4@0r zikFQW#BBxw@o@8Sg3PI1pFh79(VY)?-@td&tj<{!`xY7Rm&`k`0b*A*IOk7ih zxvweF{tSILZ1pZnDx(( z{!i?1cnk2E@bR!g`Q?DFX9)e;*OJ`$xS>(PiHf?shN^kt}g@F?$wuu+fk;11Xqsv?}YYeF0I`DhQUj~SP+3=>|UNa zS8D3y-I2|N{VWUsnI}Y`OrGIKwr|H8+Ag1nS3E&4+#29)gW(pt$M}UL^ijXPwMu{} zehXYZW@mZ}Zt`A|vb$HXk@0XuC_10yeft@0S55H-W~+K#a=uo9vk8`egFy>dA7^*S z-!N(Q>Q3*ZVh7rIYIGXo5&TAKN<6eIAafeo!@<||t)9)aB@S7_j#HshAN$l!(!7kE z9xs3XF*E^2z5N|eX%B1TyL}U1PkPtg^E!rQfW2-APFIzPY zzfXT+`!|?`uIS)s>tyC|&E}P}`eV%Fg}z?3dCty-Wrr}g3@1gx^5s1x1|UKSS>*G3 zFUL^#i>7VQ;RzKk9kx(S?t~o|0UrNw$A>^bd8|goknH7-R(Cy$tAXNd-=@XNwtwe) zu<9m8hQg{$-F*EE(#BrxTv`6gtf`#ltHsg(81ohoCo5ZPD_iK=6@RM%|1eO0)l7$s zJZ?U0@gzGnpZAStCl3e<&Q~x18;`UA=~|O52$m%&E_OO6GyJm!a}EUH@$hG)G(X;n z0s(8`4Z~JrkKYu`y{ygbfb?vUdVEgCe3<|E;Vf_4x92_Lc;8JZEXV3h?xEnnKBJDL z{AV)#2VZ{`qKM(t2KF2~3rCux_%}4HWjBrnZVZ4w3r|W@;kT9EQa(mDN~^js?PQ{y zuTm3`B~0889d1y=sogvrE?ctN_NCti!iO_*d03HO+eNXXFmo92z~QS+a|qRnJG>R> z_0(I9MdmUOO7_19(SVxG?VpPe?Bq#p1T(U0{9kK@C2(eBTk1m#1qb0wHSMRH5mq@B>jbIV@(m1s# zORSLMd$(}Je@w}59e>6O!OTAvLWSozrXj!pn{jziHM@lE~ysD8fs(Gm4u#ODTfr?xTk1e;tv zR47xz?yeqS7|x`HzdEe3Ok;re2Lh^(IOW*Cu`f1dy?1MSY9IH2o@T83X6I=D_ML zR%1VoC->UDi@*+Lp8NKMi#yBGnH zNQ^Iy;MY+CqT0g*FaW_t`O1<-CuSs77K}#dyZU>A`=)2BzO2-456CGF1XzH8Djc(J z10nkU#~Y##Kdo3|$9tKEpG!>lgodN*oOPbPEbQi+gBsjan}*$$=@);d4m}j zU>luZRx8T?Y46J8p=#g$ky6aiCS+@pwTvxUBV?z=7AdB|3=@W!vC9%=j}WqEmpvq; z@Kh2)vZpNBvu|a6&yYN(XX$z0-}`*}eBSpDoHNdx`?{~|zQ6aie9wIt(-@_<3n&6l zD{~ehz#BK#Ck(rvKnrRWj{C(`HqFYK+XrK1#b8W#bMK^-g5#Qnht0B&*Qz99dOWNe z&-CuYZZS=*8^dSNBo|zbPvJ^9NEzy1U(PG=Vf$?N=C-05A*;WMt)OOzwSt!lg2^2# z8RJXu@y-sDtOYB1rVv1Euea1Qc0AxbE#&v;-Q_8~g@C^#zJ2aq7}HyZh9^2uz;uq4 zHz4P=746I3q<1fqd31DSw;2t}->o&~!%lVh&9Q~T5p85l4?Zl@?GaT7lcL)q2w{R5 zq0mUY8BT(a$WF64#(hyVr;KwWZ&*AX8ce)(KdKV~$e9QoD%4@%PlOxk76|h37R}3K zJ`gTk?p8mnhv~Vv2nF`!eyJDAS{8U?OS*R$kik+rN@Vrgb&}a;s@ z_t5aJK5bf(njvMHEfQUV+1Z1`2K+^=p;C47J}5bA_tI=d!%^Qsj_apgk3azON#`?* zDq)ib@`l`pb2ARJRb8g`iWuu7i!EUg6w=xc1#TikPpSEN`xQw!-8hs?rn#IQzWuFU zMD=fn8q~E41d8ire+w*37Ux2aH4Ht?K$9NXB9A!=iwEBvVr7rO7$Gdy(zFtAIL3%b zSq6$1BeN*&YD({Wj`F@CaUYfL34;L26D7jX7;$^|ZO+@eRD<;envSWv?o=>cI^Sr{ zaMMj63WUPnh*G8X+!%9|7=L86!G&pg<^=RHhM-?cdUjYGa`MsOT^1AgDOhyA_@aTrxXMsE`ezKdpo z$Njl%zZ7QvYQUglukU%MZB^ViBTZ*~Rv{h&AYUh)t58YJ8;I;bC9Jy(e4^y+ z*$)AfS6s;`5*83HB~T#NrZ&Z*l}AM`Za3Qv?UX(8v^*&vJ_(aJ)VHZ9#yb0MJG5_) z?0^?aX7;@g z{WWBF3j3pM%2pYNV#}tzrDmn_QIAcTZ)=%&j_B45O;VYSGf)!JA)BM>cfv{V@$eJL zq*d1}FF7rk{wUwoHBYk4Fs)1tjKk{^jV)I2Oa~MO9Q@I7#|t7QM+Jelyo4QZuh0dh zQ(c4t!OGcHQ8_8q%wJCGGUqVzH9`vKV3~gBZmjJ1C$!&;I!xOM&@3(`#N~r-zAS=27=&^QG>7SwinD6u(eEz9h;I zydXg!Cry~;DvNCf zoIf7#Obrng*v}HJ!9ns`O;)`lPmHtCnciTA z^}$Dz#>aNFZ%SRv8g7hK96U6`kyNvHd~2{puoni4!C4uZp{%VDgyaMQ4OR^ekcOrR zoE65{7-fYr`eBJ4*?ZpQpli#p-9bPqKgzyN%*-?x0+6gGCJpyL4G&Xgzz>Sf$c(kM z&6YP`CT-N}I`@i+(;5l{kfGVlvJK2eUy)?ku|`r^*2D*2?bl&X%_+`Ed-)*p)!Drl za*o+5WiUImguPt3Dzrs$)&!575WD=n#6$y+QhS%Cx2|qfkKW6Q^XwdcaC$>y@C95> z?V-z_LEiN=l@&FlMP(PP!sWa_xyCTP=|?ql)q#;L#_3A!M`sb!pm;{pCP2;2)>*xo zEsJ9rNs673QPqC;un4c7??LNqa0{7mm)bvrkX+d`G(ow9B@$t1VP;{4z*<|?t=7d$UfB@0a;KU3ww z7y=cSm!z)Hmz9wh^f?Lz&W?R~|2&yS#)8ckjvz+2DQ{!c^Dn?gKSIZtf`Gd5U;EP}g`9KLF zLBZolAtVZpI)M^}3mTz?;i5=z(^(^M6Ma$C2|o1k`gaoM+P=|F0eBFf( zYgmlg2LUGX^D6jB-2>tmc5GMXUg{gKYS52ZEqcjhtyIn@ES(Jn9CXXUE_gjU zEb94if2&=;k{8+42py2TQ|I|&#?}W&sPhQrrb~X^IPIxXO}#~G(CP?IupqPJQo2mz4r+C0u&qqhNWBN&;h}K))sWk*d|WFqS=kQ- zlDeFh?q0Job%}f|V*PSeWz>1Gh@&ZoL*nR25no55AygQKkGs>+@E(lGwRRm4v*Hv-v-H8noBMsy2b~>7ANB~p}{Y4{#@<)S^YD+9i4R9 z_f`eA!@UfsYUyv9lYWVLbyUlgK*rjfNG7)CNSvX`pCmMhWj;=1a?`rB;@G~-s!-~q zjXPD)Qt+~rWC)O8-en(~WjPD2inS?oT zw4K!F6qU>poK{vk)tmB!b}W5XNXbgt>(gO2QO{vLw<|^w`9L?AePgaREpKn}HYmz)I&=2*A=M&Bk1C zc0|CERr}%tN#Djo2P5YquSagV!%LVe59FZ0Y@d)GHq0nwuMqc*okYS z%6IZC1km3zLxmT2Z{z!Hk{gqUt0n2I@xIn#Vq=coS%5L|04=CJL0xFfg0TpFa+jae zD9MWib$p;RFO*;8hqj3=C{p*E$8hGYf|X z*C0ZaYlp(Z^u%E}6Y%f1FW7-!5Z^d4bFi=^oT4$`Z%9C01XwTn{sGDkC-A)mGzy6W z_vJ-wG=f+!-5|i1g5kb})$7eski))}bwIsfE#PP~3rkCT@EC0kUn}y!;oxwUAXIT+ zKUMIdAV-;5qyEWle@68bu!aoyn{7{QqZ>^1lZZLN3hTVv}d zJQ#Ch;`TPR{5SnYZuV=_OK_9b(A0WJa@d{?!B|`9hjsP zsgTcR%G@2YU89Lpn#9T%z({1OKWLW1&2##n>X$T|8LMHgkxD!FuG`K-Y&jqVOxbRt zi#6VW05C9VBO4^v5ZoepJ;!4W1E=UF;QSsqkl(KSY3SGlFphNu<6a+Xs)VHgMl_%} zz9ZH@g*Vpk?QEv1U>x7^j;I~@Kk5bt41~Zf7`O!l{~QIk!r*@d2RClH34|M;tRvw@ zBmV#j|MOV*4GjOmjeiae*Wi$ReeSD*H3$N3{oy!*@$e8P`nody5;{Q{{{~Bl0OTjI z6TIiY2cF+Mu%Qrwyclp3Y%8R>5y=1DP{lt0*-i8PjcWcHX8%Ps{0?W=$H=MIOH3 z-zNF?xaw7p189g~Xf1Qq;9Z_Ww+v%j>!hpB`Y3uZbl*ExPTCFdZ;67zoG|*2(;J3( zYn+8Sfsyw^G9f|0eEOgaiMGDlZ$e<4K!r9(@Ql**G$v#HW`atP! zw`ruAKyL4C@qBt!Vo@FbP*fNk`QPaUZRJ(eNc+`k>=Lld~KqPLwG&<%WA!RakWS; z8J*u#m!ZrQkR6v^XKv9l((`jCU!_M zc7sn~=4sT0AKwu*ohPO+_^xL*)Xha) z!F-IU;{MdjD85fuoB0HKKuZyDtXa{P~~b9K4^$* zQlncI0@$#pw?4(mRP^D6lqEx}#l$sE>SUKBZhKpr{_%?*S0xmvE+lU_mF-M38HA_r z!A~6pPLPVk@F-DSshjs5IoTx70>5~0d(**NiY}zJrP815w~p)0ycLl+zgk82;+w|P zIadllYA!g&tBv2Xm%73Xk_cP&Ys?A-JS^wj5qQUqGc2+Vo7%zb=caVZ&Q3(!CS4o~ zP&<~^?%duGa_sQ6xUhko8y=HnuPZH_wT1gudY8G(Q=GJpyyDh!!;7W>d|Z+@l}sVa1y*|*-Ks6{!O`{+1UQgH;!9#% z7o}8IWWV>L@xWAha3fOk)bpy5@c4pyiyA24q<=pbl6>a?ITdSQ_wHzT!CX?#2zFN^ zx@N?uTGr0fN`{4T*6>JTa6?|2&cc2tqQMRNJfKjPNPEI?`lAH4x^%(Eq?`8MdZF{N z3ls>MVim1n2vDHsQIZq4n^wQ%YGSG{%gJd<@81G#RU>n%+~;wfE9DW8Eu5o`-pWo7MC8fi|#Y< z)PLK-h571nVWOS((E~=G_@0%(CkKqVv~Q-K)VQ{_B>%eziAWy!pxpbxB*xpF#c}dC zZGd2bOL&m)Nq1AzWa?9CEcE$m=l$adDLt}}{uYxr@~mg6b`2i71JV{E^qv{qd>^ea zG1jG&i1KjE{ZxG@jcI%l=o}Py+XdMZs8lvJ+MJ12SLeXHi6oN{+t3c=y?;-P6Umg= z{c?7PeZJFO>AelZhb{ZR9;uQBAE2tWX=F@jpv3XWzg(r=Bmd@LXW%q4m1E_lHuJ>_ zg%Bw4x@@9Ia$q=7U#K==VY)tPcInRNGpxU5E4S&$V=mqnd_-EY_aUs$wC`BQZ}Icz z7PrduO-CCcACXMir*@`i#9Y4cn3p^~T)=zBgOa&%2=G`W@$F5h+YYxKi@AXghYIH) zsEZ8bk>UVlB!BDMMHpB}l1U0_^IA?yzC_KMnCQnnlOxn=8?D?Eku6u)C=OZKnV5!Y zENi!_DAxEoHawsFhjt_6yNKlZ)sQ?bu242uINU{I6n9;GNjRdAJ-r74*kiI&1PgZ{ z&x#g~RPJ>i*D2${4bY=%heVZL@u9GEP{1WBk*>naMvkY!OG{x$kW5MqAO9}+DfjRT z$4Iiz8JFHQr1U1`vAfu2B(9v^%U`TbH17z{tNeXo<7aYiL<;_;m{=s5u)FT?n}Adu z>YU;AV(KvUAyB&wB`r7r ztbxSa?|SQPn+Ps0!y>p;>oA{ZzJN!P<0*;78yVzsBb-^5orq;M55jX}o9+!EB?kM` zLd#!d#E4XRI6AGKd0fED4I)Fq_63rvZ1DzUgSb=9!ah#FGtZcNe#LL5ttidD`$etw zq`|)FJiDjy5CJGKCu*;j#b~;cVVPupuC-~5{!v4qv(drJ%f-3_5~{{k9PVAizIA&3 z{E}R_{P;(~j$5Q(%S*!kH;OvnXoc%Fo$ui;5ktJG&v}`#m#4@_Af!nWt29fEsbGfy z3Vq>)MY1bi&C)b!o?omQhFhKKI5K^Pnrn^i4Hsugpg;p$H!e;&JmCn*lsPx}Hp+OG z@Y2{a;dE;UoPWYdOUL`ia2dI0wYwtA)78R#$hruN_Fs0A$QU(!c^w?-uJ|kNpL~oK z^mY}ZQ+9!iHjTASP&BQ4Dk_(kHICwJ^lce0O5SL-!Ri4&ONm$BAlo;)Wf>QljD4!` z7KPT=amYJ=^^GUJ?#fumExY9ct^winCdcLQeY!N5yPh_8#svw+FhyBmQD%fk%RpnG z#QsfVY^9?6VPs#7#vY*YIMp=!L?DD=KiNPB=!QQrGq-#r7_ZXKe!^pvw0>DH6TBQx!dYHQD zQqJ`gd%T#iNa(~RU}~cA%7;!hx9KG)aAJP<^7(tZ+KTE1=cR?l{7spb>Z=wNQqLBDOlf7-#ME6}tG$(8w#Li*8A{O)iI`t0^0Yj}?hRc^1q8!I-xmf+ zyi#d$Yyfq~9X7X9s+hUe`qh0wg*#a*;%SntQz0JqyygXcIR)6cRz+_^P`Avm0y!|R7s!LLNL zj6Hb1;;v&E+8rZ%HI0Fn`PeQm0|*eOBf1>9@>KkTt?0+A2XDjy{=z-F3aiQYjq>AR z=U?rH0)gyo^~*C?;<%v^l0{dl9%mk{<%<|TvVG*#untWgyF{C}*0geJNWeD1L8C$i zXeLqgvJskZY6&20fU&tTjI5ZcqkCcYg>yWjC)=75yb2eT!y!QHb_r8Q&&(46d5^NL z-V!SuKN4@K{^I?)2fAbJb^7@X;F_ue8Q*V@zp__Q(H3{={ZS3~;+F%Y2FeRTBjjmTsEIH&8S`pL-4QZu}=$sHqc;B%=w zB(L;_2k4UcGX2b9sZ!*{PtCl&*<(T}{brn4#71LBv^2F3GNmkK@t+&-8~$#*1PuE zd-i)y?OSzs)%|d1LUoNffBo-=(PKO|Cm;|A1oQOs?+)6hld2A;#$+<$WD;(sb}nGH zzcFYK^q=>@f^b17ATkgt2>kbX#HW|PF9@^z#-hCovd3Pmzh|7-Ex7|Sc{Fq66#)XSzeM8Wn-&UZ93L>8oF33k|4pR%8QX2oTCy5Df)WXbW z%iZkjQ0F}ItZx9(gU#|~Ycath-9%+QdeNT`mI8@^B%aK81F{4;fm}eYAVZMN(^&Ga zu`S5`Y3u|teLCX?V*T4t5Y~TKD)U|y&9KF?-f8f0LE=@Rp)br<0t%>v?3o-X~c?XGYSanY5ZgCPJ9}#B75@tn~q&0lrZGv&)=HzyjzLn zq32OSlLe~-@E1---p96YEXU|-u!A+Hy(QX>53>vHx{)TUnw|^8UrQBzl6zY@+r-AY z&++uBhD+TsPHiAurR1_ zcBbwQ)?gBRG!||!H!BM(3kM4ehxT7X9#-(bhX3XrK~NO`Sr!To1QP^>0ebp)WauC$ zD9~8TH$`_M$XD@pwB=4tD;w6q;l+=VD@AO7Vp3nk1#B z95f6R2r6F{tPCc8nrUKmSUgzVbfpj&(KF^BX+hL9X)Y|1Zw*HK!K8mKQ^FE}@dExm zfbj>wfr5I3g#*Jpz5M5CfBH6`rX30t^^rscO9;PotE2j5S#$+!wakMz`zT+4n}I;= z;)u0nk52M-GtP&140G+}zCl{O4Oo3lc{X^3`{~5TFf5du*Q4NIb6#FjdLwdt1BTWM zrW+c&5iTpIfsjX{|K?;clMS;KnfoWM&i`owG0;yL1jn|U>2wp z76)|sx@=rI+(MJBb^)p#78;YAiY{G_ zSmMr{EtBelP&r|NnE2TE%n*v*%75L%$4W$=jR<3+JGe~S+Aa${ZkAoEC?KO(Qu8=* zI#DKwzKl#}LET13-ZnVTikc|2%`|%6Gz6i7xW`8}Z% zc~2v;Zb(#=OSFMjtT1|slBR$?$&b||LJ%Hu5C3cHf(V|j{W;{GoI2z#{^#mF+`rq! zaNFP@m@j|tVq`<)sffRnU;tk{I52?)1&s7(AH(B7tE;l$fU*7z5OI(-44o}3?aW>5 z?N~6u=zmTk;2@}&n%LUgnXr(6iT<2H#(5@hY3yY0Y;Wd5CT8#CVDDt;V)^tAJ}}Rp z>o7R1|MohWnuVp437L|ilZz*ryrGk|sf&Y+p|L5MioLzdUyg(Y%*o2m3T9_v<#}=> ztek%jIsOd6fdT&`Hq(J={&yr#XE|x=TGBO#qE}9Z% zkyci_V2jJaL`%|V@JbmbpOpQFLKWl4!X|z*ujD)ibsg-CPn@e-8S$cswX9M-{D!;v z+J{?)wMrQovkXW#{0vU(J=clr_sB;vUg%w*eHGtQi(Q; zo3N347i_S5m{4?%8#lo?{Et*f%oc8vkFAQI7b_g;G)wQ$r#%JMGfnx%Xz6n9owV}y zDie<`IdB37p!e7H$FkhUkBk$$t2~86Jj4ChREoE=yb&zpp8f5)f}j+iW=al>36De% z4+RSq#Ptjc_9?D_{*ym5x)&SI6)YGv$DY<%P%rl$YmCwdKmU(6;6lTqk|2Xrp8~GY zQ*t8$MtS;dVk>@{Se>&9*_7&te7qD^#bDh(ZzqLS2S0h$ zT*X}ZFgXhs7YANuW@9HCCfk43GLx~rEwh8Q<)5?64o>zauEs9T%umbWX^lTE-KTZ? zv}m8!s{Yer05d-Q2XinzpEQ7 zZ+wCaVEe)ZJx%7^QyardVcu*;0ft&WOXHyH8 zm9jUc$>oa4DYW_Lt71Zrj@F3?O%v2vjiKlH`f#&92EJHMNXxM{?deT}FS;(8TRjl+ z>3?VbV1E;`A2d=aLgnzmdgpgM##}1t##SVezGg4@?dPdeKSu0mwJv+BwCm2{($)W)bY(&P8elD_-N6Crr%df z^JfWufv5gB8)(r{{NW*cYZDz}8x@QpNwHS++CJj9Dy4x#j6`kADoY@&>kNTzgX$Hw zhWv;r)91)9w#t19x`V6 zo|oJ671H3S-Bfg~uQq_8P_0bxB%aL_A$=C6=1}_!jRV7{n%${2&4BONb1$!!NG}hs zIlO;|@UkI|%APxCE#WrGGriXmy(yoF3@+_@1h*12*LT*1i|K03o=e#9-r!8Px?e+q zbDA}zGyA{BEu?38n6MwH1Ml(-0}L?gDDVe|ou1-WD+YIONK~@XO}I;c*v^957A<*Q zA(hC>Mo!kTsyJ;_5C_t@QES}i%iCq0Lm&PZ8#HG$*odAp{_gKMv2NNXvq8TxvWt^pwZgrbG!nn68Y`lzo46&+W(V#Na z_k_oMidxtIL@mUbzQ1%}0n7gX(@~4-DFJ3>|C9dy6}6s*Y=4H}z`*~Js6`K^{X1$= z{QIb-E+HxN-ws=ah&HbWC6KJ-Pz$=k{o!3v#h}zomht=%4ibG)YMnb#kq2ZY40HSO z7*l61=yUJnWimwq;`v+D9yZ&jvib@LqWndobhUylSlix74IetTlPhLK`8pB*%_2k+3UTYLB-^uN;YVi_xn5_Vj>zk(K+ZmsO zZdg^sErn{jaAQP6d*f$XyS4P5bEt;qQ92KAE5iL-!^{;OHL)pRDJUkQkJKDN6G|MK zZYhX|RyBE0-~I_(Zcky$35@+8QRpdb!Tog&O!>dhLH|j|ue+_A{M}V$VF6+XW5 z#vpSD_)pOdr=n8~sUyhY!@F;aEOy^0(xV8!{{PYK{}4a_ZFJ*66nzAbO5TaVT(|U63Uj^269Vl;i#YOXtEdKp#+ucRRnzx2o`~lt0z8%X*qkLM|h$X ze^aL(B1%I<)=^ujjN9K;o|ZyR6#oO`-aR|TIU!=CqeGFSB>mlpBK~^9Q@#Y(W)o2yaMKXLbE(6=cPqPlZ)*P%#HvIXW+_l^ZgZ z^4chY;)M(GI{_(l@uKzWOm>c%+eX!5hQR#-ILD!^=GJXOakF(PHT2jw{&hKc>9t{B zECk~z8<^k5DTT%i#02S!d^~4DTYf)n4G&_=~6 zC9L{{!_eyaMJ->T(wiby#@~67H=<$G1nM7yMzk}p!RczaMN+9$%tNo%MUr3WLJMuA zu7&FG3ktPK;W??VQc=__cyGbL)8${0#7p*q&}N@UuAy^K8^Jg}D?0i@otvx0WpK@% z+`R1JaNYVkEIj#gxe{99(6py9-_H`y6(KS6qNrUfSQ8jO5dIZE_Wpg?pv;Gw}{vLAt8G-{t{zpt@0yF$=D%JlsRm0NG#NOSROzH20_oy}^46J<*0%buQZ3s-=e4x#^R!BavD%@d2)m*z1Zf0M14vErj%rTYI)NceX7W;AX)PuIv|N+3C2 zXKo^cpbz}!?}A4WEDx5;mC2O~llXsB@H{Qwr^WlUX8$gAz?_V%Y=4zH+W(X`Po<6m z_%&GepYcdEhW71j zUmbKPH1BTRg5A0$IoGeisY}=AaON{f8gFR{d4>)dSH{;RoOQlTPk5E#Jr9!9{PH#{ zu+F^7hU2t-L+IryM;@{({3XGg_g_62rr-$ozC=J}m13U2Ew%bF7&pOZQj+)Gc-X9J z;=^;&Ct$;j6)c=Gw%#OX2_FzhoJ>UNS__uJ%s3FxAzLl$OHF+93KPT$$Z;4MrkB~?T+o>UY|2ciMKczs=Xg1dvk*vcN)7@9#Orj+x zEoW3Cz@DuHcGA7Th)B!tzZN-JPFnRl?U-2$=@s0|Y&q?IBiLOip!QyHhQZKn^+Ehf zx8C94$C#Z)cd7bJPi1o^NGPP zeGMGKwdn{x(7_IEr?*MdO8B|c5|BmCKh3%Fr)z(XKShoQ=oMaH_iLp@;qnrZ8_py# znt!hTxhvC=aqF%H!z$llKy$to=OGtRzhKGIi3a_UP(<>4N|CrgWz)7+_+7Dqya;Kc zX$~@wzhDl|zx{AGn~32=^YX_!j0F3%PAI}lYrYiUay!BaFCgE)F#j=Zb%+tEs+7*& zpUF8KP0-|uK>_i|+|w!q1ET}Tzt|6Hma{P}#3n2G>=>A;0wzZ@nw{a7e*eLmR+}Cf z9?18WWJsbFnB;2oYT5=*T%1=THevF39z?RbFdiSMqM8AD&Aa3mM=5z)Vs&@=RG7I- zLhG+JhuMBmUc!*56pBuDYk2xFNFQKtBF% z3*B;-O*lpnAJu~ON9{DyGBp+TQlo&(bc$2a`D-ALXp9Lw!H@$F?rK&Yq6yu?{#^6N1h_UTO@{ka`t9 zBW#)1`iS8x=5@cet@RI1a*JL*f(FKJZvGVOi{lgu6C0>@%! zZJ~4Y!PphZ2mRoisJ}!Mo5)J*oeCe%)DjsN*v3THw5R|6hD$@=9LPt_N^6~@G+e|~ zl_sND8Jd^RdPUg9NhX=#JCXNmNwfg@nAp6?$t`3egfeH-QJO>LgBku)CEM+YyNX%# z&H!m5AYZvx$)Ze+?R=0@%4CkkbHGv(Y7XXQqe#EzLMr*D{SnCbA$62XxmL{oNGzpj zXd<|Km;6zZfpn(;uSGA4Eu!Zh$PeIm7uOup1rpIT6cfGbZ3ujIhPji<^IRkFd*MTcbdM42%G6K=#n_APUwg_ zM^}+Q=e;3`w9e{rWG4^gSF$RDyO`{0a5TT}O%c0O)?e(Rb9f?r6BpR;zu_mz0`fdR zdT3(L<@8h77@FMIuwb@@e-s56%NE054A+3*37~;I>qRnZUe-KzUbn>NeWZyQ&EuGl zm*~g_Hk)q@Z66ARzs3BjKboIfdG<_j`*Ochvuaz)iUyhN)xF~-x$mS*D>G1EF3h6v zt7-esr(SN%{i7(X;^>#k3D$cDtYX0ggY6t7ARl=)b-5ne%RUa5g_N>3{?G;ISQC=2 z7UCtos4l&_cn9Q%_c>tUPwmt*9_wMyR`-6XalpOiC`mWaiJOE?V~kM;@^u^V>=>Qa z8ewT{NeDSF8?6gW5!T)&5La{3(T(po$N>2q0^{NChxrW0f{gc|W8osXoA8d*1T zv9-s2;|AS8{-;*e8$@yVwRgsM%b^(H+;MDoNjmaGEsScN9<5Dm2!HaUDjUvLK!>|A zR23}S9uef%4!TBd8C*#lZ`Y(4XR!h5o1S&$5{5v}7_~StrC+^$`<}#xz%EJAo1V#f z^Vbk)AIR&xj7<=53>6S4to#|1A=mGf;P^^|8~;v!lrb#tWC&t?zVbB1SQ9y&Bqd zdsqm_qb`$!E`9v2^%V{{{GW@VC0C<92l6SfIp`u>gYnhVZjLD% z_Raym*u0C^ms_2T^6!bk`jJ2$dXwC0UYs{JA^1QJEvWSRPxSS~XQO%cgt<^w23sm{~tCz@N@S^mYXqQ`0 zw>>+~`Sg;~RNx3-Lq#aWew_ch`SWs}(WR)6bJyqr8-JY^1y?s)mop`wQ1qzbq5!CW z>RzRoxtI{Oos+NIU8lgF{u;J2&6Jgazgk8^o>K`To}%@i)+* zWf1#nd|RE(C9+y3B}BXq)(ku?)L?YbY8WzBB2cGE+>tP{$I>4jK`6iK*w%osr*-LK z{rLAMEC-_EJBsx_Zt^t}a?}e(VnvsqN+(}<+JW}>sg#8nI4@~WP>mJITYDibz=NY+ znC__vul4PXl#D^d_meQep{8@8TivJ1r-S>1WHk)0{FY0RXa+&=|fBja>OX%{WHITPBlw=+JOk_4B82K}4_YgbzSw^Qsea|4H z@1RUZUalCBUzKCgR>yOc7Kn~_u47ywlwa9nDkFdK!1#eB=i)8m7a+gYgTh-MxF4Yo zwO>ff6*w=a{h~)P;+3_E!`6O%DHS)6UmW9K=|W$xu7M4oamu}wy6Caj$k+PpO&vgj zt5DwB2jrnO9vw00@YW;iT#~xnU_XtQ7}CxcKUhpRRvGiavgiSM-h|_u4I2Nv_pg1E zP#9jkU3tB|G6a@gPpRmC*C)Xbu^wbpL7wO~nWxHVWrbOF-~6)ZL+9p9VA=OwTk}JS zTsDCEfyK4Mt}pgT%Rc@1^>)XSxNG;2j-@vmH=!8U{7q4l1CWnZJz9KrtunDuv_s3% zF1m@wKZ9{8GxllQNu{?yD-{LEzh~sg_*8fmIc?GM8mmQG+nQ)o%&7XHUYux*z=y}g z8_4Gre1jJHDmd~e3TpL>5mTkgqW632)PQ977(hL1iwW`l&Ny{_Ie!?wV9F+?ynl1( zBqED{ru1c^sK<(R+3hhT%DOTW#3(A;e^i!hxI7pRZe zMiIHQLnu%7DD=!o*{a$vEtA3KXtm5?V5$3gPD~+?N1{0vj=rMWBsQOSA(lG)|%OpA`8RZNhkLwPuXU6(1 zBeVnENJWx1PH)dXV|9@PJ|TuKU`|FufZ*d+;vBVeCRYl?ComrUL&LJ`DcI1uHK*SL_SuXZUMEdNmsS^tlnm5c`)DKOyXB>Fwz+s33_}^vXc?urR1rG>%7sbklBC zpMxZzJ~e7cZC2QcF?O|8>H1#t()BN2M6@8C2%blLGirrLDIiZfR-mSk51xINFc@N~ zi~GSE7DQ3*trIyqM+2Hd6o#m;=_%58^Q@n4@2N-aFnL$6U+bR9T}wY)a&~o-e(p<8 z1L`wQ#>NCXP)=>HNW2iRnB502d|r6n-t7PUXZIKsUik|k&+>wSo$}FRbbSTrP&suX=?Q4)qEMvngOcpP@p}WOf$q}HOnxGG}tU9_Q=SS zzn~2xRX0`kdtH?vcrTWX;0Trq1_Vi|2rHYVQ~b@E)&!Kt&_%EC%FMUvK%UEV z&azAACR)^+11p}7oNK!v(>^o{`9$l$D$K*Gh#kmt+gj=_F-o{C6ON2stY>?CSFU=m z-qn2T2G7L@@=UG+^1O;JpQ|eAlY%RPo=vkAO$xyI*A1@XY^Qxb5>>xFgvhUWw`?Rv z9Cip$pJ}C&iW)IaE4P2V+iZdAXX?gtuI7O7KYZI;d+aeB-HCC}2Q5R)Bi`eQOkGYQ zDZl;*ZJDI#tOc}3kmuEL^GEG(A4SaDOuRz)1;ohL^xDN2w}-ey{26H=@g19&6sV#ODBee6um(o(mKL)p@n`+>);OTPNN5nLZJACnySGOky?zF=tHX$H(kFST zC{Kal*1mK&2!86Y#=VPG0sp6|##zV)>o3%c7f>1E)=)=v%I#EH?m%85+**F#@T(4Q zasYx0w3lAJwsh?$S`j3~MiJ(y@EwSFEot6Kg*w-rYaQY;fHPjRWD@1C>1^Mr@kP(x zRjIoz`8R7@hQRFcD8fjJqKEG_-vB8d7Tde+8 z4z%C2c594a0j8H_2}@-iRo$Sse}WSE-|u2jq}&yi~Zzz8WYDi zNdE6RyfjISDfZFxLWdu@$|EZOegusD49xOG?VNQ`zuo3gNHMY zHGM2Wd)tNS3_O=-_WoQ;>fI>=y>)FU6hy!J9gNHzqQ;AjQu1ybV`)lO1lF{9i_>_` z1XJ3hezGHod^jd)7S-~(mMN~=#-gO$3SH=}N-oNC;@m1%q(%E2%|$N$Z^3jBQ&OsxuzWcavW<~F@zm0n++)hHa2j)_2R z)PZtFV!cy^;M0h3(>h~y210ns`(ljuns3V<+~h~MnfXfGM}{V?fPAup$BmC+YU(@Q zoevp$nr41s5e%0@!`~v!3sT#>&iR3S>bg?0(oDejUZclYTJ=cmC{m&g&CqGI$R6*! zk}pUQ>nAO^;ZQtrXFFj){p37=BPFXsf*;+8_xQK>X;+~~=o(Nzt?&hsxVRD8*}M4x zWrp(j4A%!Sua)&_TG{|NL&`vi^^jKF--kqZDn++B>x;wnByb^_IROI;$;a2&(3_!kM z!K10K~5!iRTr}A&T6s6a{XHp_g{P36 zdp4}+TU#FrRSbyx1#M8@Vc6P?Kll*^*jB$G9*$DQJ7qq?jK7OPS+}i}fv7LqU2iZS zSuu1Q-e;S&eT7k!-QX%SJl zGOrd#7dowEq917gXED92ahg&(pP2glKxZi(_l>f%#4Bqbw_730cTF!K?D>3U#<#I6 z-#Kq#_tJp`#{MC~BmYjZyQ+clzrOo)7=j}dDSb@J`I zv%7?cQ{o6=@`_-aqNpW?HqVr9l#7V3K>dL%lfq`6b;6J4qAGs)a8?8p{M7c-cI@#l z2nWBcQ9$%FN7+GGReNYIeT5NqcC7^>sd$Ln)3*VO#ogRaLrR_y{i3nheY+NNhR#SY z?FqlA&-*I~IWKIFkUdfoMxRNY9ESkynZ(Hx>mFy~f4Ar7fC&>mF?tsaN7Z)or3uxu z;%r-l2FTB6U`^Rb$9%nOS0k1~xV<(m5I?UaAE0Svpf>w9tJllqVy+0P26|FnB;^ZFn90_4F|;9%dRb$+G-(C>8O#>XVrD ztt3RhVhOsmJ~+H&p;v;#Vz_NzY^njpdUy1Bw4z%Z_ z{!*C_O-I%xT_wl2lZTD!~W$0P&!^H|$? z$Ji7;gFHos&qc^7$6frU?^4+ z8Q;K{RJS#B{-79#`Qm1p?wHZD0yurPtY^7xKWVAQu>G4m%^Bb@ze7!t7 zjW^}qHhP=f;c3hBD#7-#p@JqqHu3G{+3q|bmnQ^BYeDM`)D z;x?n&!>aAUOTPS-n5}_ntav&t#SL=^|06s*vP|pj5g#!5nm1#LP#al3x>cOJEOpgw z%tKu5*A`G;5gPY?{Wc=)%Mh~U?Du+XsaI2+_b(HVz7YOi%8&5+0OWP)ezSK(dF{1{ zeV`(~vl3MVZE%#!Uy^jENi?3INAd#s_j47wvwkXUm@yr04$N|R0pXK<`=&DTHpOMd zn!j7W1NkDvVt?h1D^+^AfZLSar6t1a>d}TMUml*}6C&&_B8YxY$5%ufs2n}+5Y>SN zcGsB<4O6GqM^{4zRzk^qZB^PDp#JE4Ibpc?Mw?FcdovF8k>jr?6R%uMzDO`o8ZN(G z8Hecq%pS%x1+Cds-O1+!A;iOm|4KqG8zX*hU!Z>XV9!Mjv44N&ViQl|`PQr&F=C#p zIS_D_Tb;q?3U*n8spDlL`XS=iI+asZxf6z-ERk2~HS}@v_ld@!^BwBo+BTtFM58K* z`}>=ew%vyauMvE_h%$LhlU=|e-YZmBl}*G6A8BxScOm$r@XwJ2IHtbaPPpmn3^&VX z-B*MIjJL)ur#kIs+a?hH;bJ@Sr(IvquUlCeT_o~MBOK30`TVKcHQ6OOeJtn>9^ia_ zeTfx6uFaYCj{UV6`pYwD|K=@t#WFT`^rTxi{kvyOK%Nqp30G9H?or|1^$Ut|m^*dI zi&iB#+<1q>m-tIjP49txg42snMrI9d%mGLz1fiJuc4}4M>{6Y>cYRT?$bq3)GEwL)$1` zzgV!{M^EkABE26E1oBdKFNi$MP2`xik@y((Ka;PLx_29TF(3vqYm_gCqUQkl+jg$3 zvy{z?mrnJHg^0{K=x7B2$I9sg7Pw7tIxy#wKz_~t>>mA*th2kzprG?j#9NXF_2Qig zetl_6@z>>#6(~Ud_4lGLH@5(ur+XMu#p7G%>)@K*Sae|tT+5Z z)67d_qvXt+2imi2@Ez&Ri)FOQ8n-OF*bobgk2@J^HL`_YEOKasCkB>)y!5%I{7V16 zDJs?G0Hv|+3RFjsp?@Ff>oW}GLrV4f5g=dXStD#>K-iV;D>03YKP*Y`L!RG#f-0T=1(AQ^N6gC>k^Hh}N}U`A zRS=aC>1>;FojPG}_aw|#tkvuQ?Xf}+l2mJwN>G7&cg3CWu}Le5cNDqMeRLIM%VQ99Jk>Uxn;BV1Hxrmo3!wjp4vb1VpSET7W zK%OTjt7uX?JUErBLEos2VW32)u*!d{!mYjvqmFDCvR}am?%gb*9BrC3ZQy~{$F3Q| zoD&Z?)$JV3@P05Bf`_n2XyJqMg&V#R+|Q(RfDGfc8iv zYxKnuN}$D2gvQ5IgRJRGQ(A|x9h{?Ph0OS)yc3&u1pPbJz(0u$d^|FNK+ou_8 z+4cNe(wr$A~)FLOfLe!^~#3NB< zK5{?F`%9naQ(mNX5GaZ3xmoJgCZLWroESsgzv~<+z?C>fQL8Lc`Xb=N)8sQx=Y<<2 z->+R5-q&>{nh&(Um)4J?x8$g=OWDDy%zZlJ)h1&G_b)2j$36Gl!yz+>{@ajiWmHUq z_zMk3r?3o#fi2?ltzy@6I_9>524-6J_rHMpKS*>9Rq|p48*8d|D`Z^GOl1e|KD%Xw zBe%I6Y_hgM)L%d9Uyer2yxk0yM0zFBXOU$%wdXTwLaqJ8B87< z{k9(;C!$4w{Q3OuY%diI9QPD@8_)64BC|SIa<}YTi5qoYHZ7`!86bZ_*wuW$(z-?H zHp=^prU~0DOCc$4#wSP9Nrrcf>UIUlKS(50Om9@1i5WYgI?B)neXFJXC{pw?NOGJq z@X{~Q2FT->G_}aqmI!)Ir|n%%AcL>o`)SdxBOamg>8TAUc*g_zXPD_R0%I#=r>{~= zw!NXZZf80D&MTuI)W#cV3j1Oq)+e_?)8M1M+_~e?SA2-VzuM@9CF&PgRXo5 z_Uu4?sjI@XAndS`0ryLr-*h40Mv_PEyZ5$N((MuszP5yG)|G`i zAn(B`sk3yuWpPxw*jn7+;a#O%>q!TV9A10H55r$S@8avhr*h*4>W5NkfFhAt`kP)jFCAwWV(ZR9@0y zDr=pRhF4Qfx_{EcN7z~<3@f8mBXUub3$;c(!2pQ-Ja)bm=6TlEH<7V6Fj8L4qlU_J zGsbAjyH5{~(DTS0v_SnNj^UpUPLd=K=YGy5DOrr*&2DbnC;wivd6Vw%)xc ze;0FDLd|2Dw#GLB?k~K*aZYGNmju z%i3gPp}9&1&e{fIcv^(WqmuY}%~!lZmSWu-OnP&@KtvHRjK zU^e&pEwVH`F@!(aM$G3ru*5ogLqt8&I?}07G`ot?grSC0LtakxqP-gxsJ}Bv=<}^$ z38f&0p&-^qGS<{d<4VX3%6I)O!J&)Y9EAN3U?YxLbmG3=BA9?9!lkeMq~gxa21r~B z#nKf zMGQ`vWkaM-4;ZCfnP^bR&O)itd%yY$olSozIPd{rLzxRz=+jC}zZoIUOl>bi%$RaNAaIi~9Bx5$V!uN}Ph{(^EG+J{G8tY=nSNe#)z0v&i9v z`+h}Qr4epn&oE4sS>vnbCiQF=kjK-CUCVT|TUd9~7B9QDgdeWer7F8*8S~iRydo!r zf%v}gdm38IlE!;dh$4S(icCr2!3*gRdFt*BaBxLC!zx4r^`D;)!XVEHb6m6|l&^+% zxN@JeOlyR@>Nz2h{0jeI=>gJ6@ffw(|F^X*P5ehkvg^v&et)t zi0vJgd=FGS5*;jShk@-to~P`9mLrnnD0Q`ot!*HMxT@mCYilJm#!Q-CO%81;6hKB(?_tK*n$7yOf;>2>^^m(@=fY3t&qjN%^fyS|84D{ zg;=d>dHa4_h?`p)b{q(mfa9Ghxh<<`;(Bfz``0a0$wyMR!>6D`4PU2%8 zzZX%1oI6NSbS4n%#~eJ2wYh+aB#K7H+<2D!CJMeZZRbn~Jh($w>d3}u0kp?nbzJA1 zy(UuucLdu<%UlH^D?Mi{z0KF>?Ae>=`|J?@*|8DokW2Erqq~!Bv!afOPa3(V0AoZ& zsP~ygq2iVGEl}Tmd~(=CF)rXy*yk6ERS(C{sfv=`#=_DR@gIyPO*s(xxewBO3yM=y z&)7);&KgJ0RGyw|Td2rQJ6?U?s`YmZb)dd~suXy#sd*wVWOW;pocX5ukbuJ9MAQpO z&mv4lpc>+N(U3WPuSlF(+ZM^)6KV8{U%l`G)J2z6$HMjSj#2I9;z0dye5+?$W*zV< zu?sH@rHT0Xf0-VpV5z~}JPyp{*@}Gu^6%;&DkIL%6U%MF9nGLQZBNQWDC9!R7oF}>a>B&C1QfK{A|D%RP<*2H|#yKuRJa>77l z>fBBbSrmbO7$9FGQ=1)xwJJ@0w~QA9 z9)0zEoXxbuKG1pV6HEUU^ddyQ)Z+QsSt< zb=>Dathk{mh?g+$;=+ZH4{_5B2c`|Jw&4;*4WCu1=u-_xEDdjxMPvXud*driN~3 zPJ+|Nyz$D>d;B(J^bupYKz{dwQ};yJTLba3M-BTq?5|5g%D61ysz;MY2M&jt79l|X zWMrlsq@yvr%2eo`{h4HE1CIV@!TXETZcZ`$U*VsUf&7(>looP$E*!LA_VtG)RPOn2 zK_ep0*JMO{ePTzR<`DV$9ZEZu)voT1K*@(wlfW_2^Q~5E)*r^r)JBL1TiF4+Kz&qH zk6`~#=6kR@f$vvVk!Q_rkZ8UiHeYN|3B-E1-`4|qba8U}iu0#G=~!bSF(#AXf{R$L z<@1t8Z&<|qVLDY`2jp>nf*EfAzXu!_+YfWvu$?Z)1Pr@J0r~+}SIVsf@x)-CcsvA^gKD8(i9< zMegLlx0mbzr*^$XngtfPNIh@bi;Y8spBwmOM7 zj7|I(?0{h)uLe(gftEmP&n!M)$6a}F_c?4y=7-*PfpS7=3Cl%0#Qhyji}V51N7YQX zX@O3L#C1%4D_5BnA=T+5hiFg!5;R7jzP40#4Kee=IL`p})Mlsb?*)SwAN8#CLhdln z($uGCD1rQ2^Ujwj#Bi6F1o06T1Z=55DK0-%( zlMD~!ZB|ax?NKEy_;P(|ZIMI7V<+7PvTA~V)ArgO#Kp!jL+}qjj9^aHW}XpYO$p3O<9crxM( zwp^;qd5N+tl*GjPEgnIqK;EC0ej;Yr+koU`*Qw)b!3w+BJ*bV4NXzK52lcmjm_EE7#K}sUOUw2bUS{k!2%F zohg0VC{=!QbIUqe2mtMg0_*C3_IY!&MlSF5BM#qK}A^micJ~DrXFo2j)k;ItIPlvcbCHd&^9wMJfyw<$TrJsh9B&gPN*IH9>53JE; z9}1K!7zWpoUH?D=+LMfXajU7C_736Ry2gvBL=t0N>~RE|w2&dpsYKl193p?t?kG{0 z{nnN(pt}XS8nRW?LGz$L`EiD9<;3oiq4y0Rs9%Bii-bPUF_lO8r3GKWQFqv(pYm7s z>qqki=X1MQ1BmtZ^k+xYk03(lBbJS}&!35H+kDd_O71qOUZ@lvK$)pb0`(hxo4@fV z>hD!lO^CfAvkAQtq>!+yRG2+C zAF_AjV%?O3h`(dbsZ+i175D4e4s+kn7?F76nD&UAa6N-toukU3 zNM3$+-Gq3aaCI_*=-4quLIMuf*Ch~rE@Kt#0pnRxRoiipLqS*Ovi0+aP4GRmqn@bWQp|13M7?ZTRoYT(Agc4WM(BVM-y$!K?iryV(dRXQn zodde{nA=MWM{C`VPqex>5h4`GK;BwS#{VWk+tOV$dMQq#25;V_@4A??q2r!Q0Pei& z2twZ$U%uO1$mhAJQ^+dr`isqrQt%~30SKaA7)>ddUS6itdGkeU_>{7T z)m(M=o%r85%kU55`#2XwP|4vTIN zG~i8kz-xh8ZsTl>5YK0NCm$>6bJb*u(X}FeW)cK}xw{zl{#Se70o7Etg?%X^kO+zh zC@l)oJ4o+cx^$HmAVBDZ(5r~_UZhD!MNyD0T~MkbRhoc`B2Bs!LEyhZ9S59wGjFZ; zzc*|Bf7VKJZ@Ap^oqhJ%XSchL77bat{ILq?1+t5W@pSd(uZYx6NvkW_GmfuXEqmcR zY@I_e#Smx3IomrLeK~ynQfYU8vz)vC#Be1lszSLpq`W`JzU}(zlLYFpmGp#P@{^~p z1zA+SC9U`nK)98!dL?j6`ne&4S({>?en~73y87(l`=8ZOr4{+I#xB~M)a$cmdg{pz zepZ8}pw;S7%M0#j9yY-I)>mFeLs3&bEh+^6ISnJziY zP>O3dH)*DPaE1VHB;d)o_c&im>YZkPCN`)z>lQYuS$i>J`Uw3K(#I!GLjfTfsY(jA zUdHB@N4}c?^vw{Q{~0rDlpezQq3>{^6jr7_MOl?o`{GxVcMmg3LYID2xX09y$JCVn z*1DzaRZEqpJdy0O6!es^_sSZHxdRZuMSkM(?m4x_OA}KDaT>WaSoFD~uiiCCFg~d) zKAP!y1`6E1thSTJBdxjq{#J)TMmCv7q(r7l!iBR2k1m~j+D>-tp_Mrn@mw!Q)zOsx z*ANp`0>XSRnM=M-DRPTeh|@Y(&#JP=01B*d*V8q7e$reb-?*WC)R^ZX5j6qH8yiNu2k&A$ z@oXYhAM)xJsQO80I1I=WRMUdB4>90$O5Q$~_68JiUaTSP#}{q6Io%XycKc=i8ks>jMRm+kN74vU3yzTGS-VRih|o=dLgZzMNeQN0j3HCd_tFK2q~VOU%W1P>6zUI z&coYwvIAdYM%Qg_7s4wi_0-qy`0g#aDa3x}Wo7YZh6{pJI9#(I0}J!|UfS-rZ3Wc9 zO$N-tZ3a*PHfA$~{r6AA%JVdC`u!DgTTxF{m$>PBEYE}ECfh(Id7?%OdR|wV;o>U3V7F(boM#HnoO0>3Lqi$! z41my$k}*k-nhe5WZtLA_16w|f7_+?v=9T>I>o>$);Qkj};MNitw1I#QSQ^O%u;1T^ z0syeFpg^}2&i;N1SXf|RadF6x?_c@-CIBuL3qXuHVfy}y#oAiMZ^%>W+*d*C8(R}C+4PjS;(`!2dqWJBeS*ao_nQ zRnMqZjmsb~FuAd!3jxF|QDvKI{Vs`vENm*qJEzuaP^}t%6Amne6D{ewywy;^Eo-EN zn^lcQFJCq2%Gt@1g-A=!vsf%6*U|}-ll|TM1|`?|Y<3B&?+JFmWKtuYFbpgMx3vWe z=)*7tc%>X2Z87B^F*Ow}P!4u5X-rv2bw|t(m~Q`Xm!tn(>zIns|GU<|Ex|vQ;{UcH zfa&-DuJ2&^)c;}Yn3e8-+jkJbcbUMaryl1yGkkSw&LvoDuR_9R9$y*)>;x2CFpLo5 z&M2=9Z+wHY&5XN#p8G4d{It z7QFO_0`dae27UMnlS`=+>R}o$$xb}$J+njf9NG3svNmA!M6F`M2(7>DE+1suvE(M+ zoI)N5gTlYE7J~-=3DE&if#1*m2^t^<*)j0_P4-*Welo$De7dqdmU{1g>`2_#Pzh!T zz2 zD|`E!06Z0JDD*g(Gi*;d?rUa-9Z^|kq~M2wNI8Kkh0X;mjd5uDL(-rb(40chr_WO<&HKX&}C4q)}rAU z3ubPf6O;uZXcQQl$iD?-3M#~gj*o@Y{V;t-?o6WDICql z&4$@WjEfii5F|WEz=m)+uAyG}G4uniY(A%&Y!9h78xTNwjf9g=PPCp8$l*h~{=52kXhA@W7cLHjoT%6Ge^B*hN_nG$T;^i2Ic8^&0Xo{}>5|c~Ts!ELz zz$l{fO6TU=4C6+Xrh%8xb0I~rP}gB+f*Vv8G_jv(aKIg-E~T8Jo5h!qcR1OU1J)-z zuMR(68}{BwozGw~nzwVpB%myPgjjcxN69oBqGLy+4+5d^zqUWqLV|yoN*Lk+0LHq+ zy#AGaWC>ai7>ntT>?6!@{G1)~R?Z)pgE(tW#8`1~+H3KO@5Wg{0Lz%H@Kr3Oa^cad zUTuaYFpY?mb*^{#vm2R&OpWIWLC?T#&$%&YT~9{|mNUkmPkM|ti#U~v>s)GLDEjIh zpOITw-yD&*F%^8$9p7zJF`&-@2DZv%WzNNB>4@gOz|09Q8k{bsF7{{_PD_-FDTkSb zCGgKhhMC(xX?EI;-xQ*oAC}uRGxxzPv99w}h6V)C%IXB2$X~s^4daUVCr)0wczl8F zOr)sYq`q;)DJphhD9|CWi_4AO{AgwJsfW+5`g3j?$<2^No-m92o4t+Kj@dAiH-^b^ zPldT*Z+}&=Jr*Scwu&K+v6-E@Fw7YNN10i1SU4NIxFF48LVOln0;atD?EK)4S?qkK zTs-W8d_r(`9zlMD5U;rz!qh?lh5}8H{k8Zf`1?w;n%#Kqu|7zbtKiljm8{(FK~*Rz zTk0s+)w=S9e8p1*k#AOxGj$aqmSWxKRy!W+<5c8;zOdvn>pWd5&8P1l`RYC4X3Trg zRB;96s-7`3vRX(qYX0)Wg{)c+}$y*GEz@uS~D1-&lUF~JS1^qNy;DV={xp`=J4( z_DX%M%p8fbt0UZbaQIFH&r~}x`q7@je5i>KDcxTnv~d0daC<=SHBzC7MKiTj}8y;!SHA(|c6sNwVME z0vAJk`W+J0Wun;~n`-{%n@@$e%NgGTHu{a34`23s;j|UTZDy=?EYiuB)@d8;42?7Y z1wb?cWrwtf+wMa=IKR`iIeFeNj0L9~2R45kuhb)Y`9KB&cok&UJ6W6ha6v6Anxa{4 zyC2*urC@b!k6RIw?3K5%1ou};vPGRzjAnSegx(So2bd|!vUy>UKxGXUi@f}d!G5JsB#R__?LTsiYcwEPXzLE;(aln5RT zFydqf!UErwn7AV)`Pz4wJ4Cb+YLdxMFP+h>3m*wyhXVL| zNs11a7L9sI9kI3<>?_P>UdL6ws1;KRsA4x}#$G$mmPf~W&ntSQVUvvZj#U`T0peYS zu{-}U*%0=wFvCMLSi#v_47pTC?z0dV11}sgYzo^og#hbP=Wh6$hZrq6i%YlU_V(?V zGdOLKzCM_nHq8@Vc+(9?fLHxSezu`H^Vb|U#xqe;;^HXHHH@)FJhQjly!!sKtCMM)24 zs-AM4+6ZnxL6>-3A93U<1F1+FL--g13TRUWe8#mrJzSTAigPb=HkSQx%q_jmq$16s z{lnPP9y&p;?c>zXg1>00bY02TTw8-3Ae%D+4YPu~B8)ME34#(sqg)V&kjaTH*iN$! z5#^^1;p@>CCI#*hQ$m2vs!X?Jp_plZMe~mF*j0FWg$cCjI_F&Bru&0%*?g^I@R2g~vTpptBBJCX*VpYr&;&t)>GFu0@ zxiN-J2W9U+aOBEn(jj^(s}!Z(dWr# za0=f$FM!mSR!WyV0}4>Gr-pusJZ7?>U>=TTH*L%2E?HvJN1|AdeoAV6^lh7XNOJJ* zSr(GhGGlcGhCK2I>2nnZ6NB-9oPBWi9jTUMU4r<99APRo#GX0o7y9IeAOr}=%T|-g z+kjIPnlTv?E?rp`S~1z0^kRcKds0!a3bI0h!sGB~S4Gda-I|r~8UJ8T9OY&bv@yV0 zR@L|lu9#hq+i+ssT1ZP)*GntHZprRw#vg#;{soK^w1Lh$weBd@Jt`?&9z~$O_0cv2 zczKP!mXf#@THdL^8$C7)E`wIPPv8$kXRI&O1(WqH0oB7n7d5Q1_1$ z3v26KpH;QM()G8LK-VzhP0{Opdi?fvaF5 zv?xiu6D;0f0|A6jgi1CrxBxz@{1FxX1}iQOJdxrqBkQS2)V-8Fwfa!NW}Tih>QM)Z zyygAv{+2r&`ueii=F{>wJ1x2FS6)Y~pHE~r9>$}-KfXh8Tu32FlHvdm%;YjhSioIu z(PCVO#%b-5<>W0g3CrTN>kjoZ(|N(!x5glVoE1N9r9LHh9=rLKay~B3stxIf_XR3< z-f5mSL{41Zh62ZnH@o=@cX(d9;hdNSr0q$)#0uZLkKuU~j$FGb!lo5U9vpm=ZDtmK zQjZ+##f%c!0Yq0}?j9i9fFFk`RHsQW2_--fe_d|MZ()=?hDNONO{eNVXUC04+^)I<^lP+F=HfM$qz1YrAMzg3Ah;(5iY>3>wg=Bq}Z9c9op zBhY)t{!)nO-o*6Vifdx0WM?)I%sel|rp5l}KL(e04emE~6F z4}e3sgInFAVSj+}5WIg3oBK4OMz9|d5ltk9!fR4;-k-K_QUb%=^vfL|%b0e$(;AiW z-kdj%$0J@c)O||gMo)I*=7yLt6fo#hS-3T!a_0k9KGAb|Z5+z&uF2*Ss?#gOF_sR2 zTGOe>PoJ~3njW3s^U8Z9%)xT@0G)m)QpQMoM;9~Mp!VHc4tJ7b4mia%3&tm9tA;B*B7@nJjRKYk^fAZIF&>URQ ze~#@RB{TnNf!JWGdN7wS_AQ=X9)S-jw#$~X2g*8NHoga7UAq{Yzlfsj4i;> ztts5h#u$x4T3RAdps(+sDm8aP!|$~J;H>*;K(g$XN0+dzO*{m^+RM8=`>{SbNrlp7 zTIjR%!tn4~N)5F&ey>jK&gkejQ1_NUR`x!G! z2mtdQN!+;+8`@3Q+Vlda>WMBYSuXU0e+Ko-kB9;0E*~g>^fu{y<0EJjn?q&u3b=I5 z%|~#`X>< zJGiZwn-vm`;4}sId$&16)&ARLg^jfxyDi$V;ppe|!g+`x0SMqg;gR|FQ~9$R6}-e; z0@e0FssyNryf|r-k*u^lUl?ezsx54eKD$FE7!*m}fwX-n7b_-ou8QdHig~sB5(lk6 zfkB!@0Q0B4BsP`ipkmczN4|fB(h6y5WedL1V*3y|_m9~vQE-n#Xv4$>bVpXrQ_73P z=jl+1;pYp9{UE^b0^2^Jlj(Ah#>f%P=k8+SuxnJRzR5p zd3=Y4an5JK*53H*cj9Z5Zh-cY#zlYj8|?i+sOM<*3nHr|PsU+UBPRZhW>r(w z{^*4#>!8eBxi|&C``+dF=7Y6Z=|*x{72)jKD^96XvlYigoCqigp};$b$FeqJ5u-%B z6gs#S8DhY&xt)R2GrALvukWXrU%Iy(3vt}sqE7ml_er?k=5yph%?UHD!ORvHcVkNn zcVjyTbA*@;0^xXw(b5-|wq(^V4`xNdjnA8gFih=^eSrYy-b$UPDOa20airI~d|y1g zuhP@prz)i4TJh{xq{)3bD6lrkZ)l%no^XPn?fS&Df3)}M#cXPIvi=7a1U#gdAPcXw z6+_r+#`2fQkhS3>}?|vS3UF&Gx&M z7KYIbV3>O#%sF6EXf(nOG)lqzE;l6F>icyZjNl#jDM-NSYKJ)hpU2@45paI{=0Mt69%_$}0AcHl z`0IYcfA;66aFu^G#a*eMB8swdx z`bx6sMFs{lWFtn8j0LRK8bfw6x{zA~j099$r0!WY{Y`H5hG|0NSXtp=Fer#L1FVBkv2bW`BU8d_~o0t`40=6@8U!S zbWmeN!ygS9jDur;O6|+ie=VE-F9@gqs&qO;4UAwx!fjzFxScuD+2#i!{*Dm)A;tcR zB7Y&q{(HUuogCX2WZygaZQ=DHB=~Li!Tx%Z!S)P|D)BvCAt1; z(jU+x{{PheD@H!F2>%_u}c=U6U-nId@*`f8s{KaL|oMyD^*Mchc^vRI(0E=Wk;=B2A8Sd0{tjI6axUA{v3 zIc~%%P>=hMtVywboAPj+M=Hm|VM^=0zvAKth03iJ>VTjWGw^X3GgeZAREX%wxpj*( z?@1yv9@heeE(xu&pKLBeVyt+ffX>siDIcD`_2W)rsz@YVkmcBN1q^9Lk{F6@)BMGA zQdKQoVVPd`sc#y6dII-2-<>*Ov3(Z|rnbmK;arCChA&grjEyt8y&ZxlcZ<1cI3^%K z+mrP4#QT8+_C*(TgO%MwNkpZlqjRt$#Aa=fsf~7?P{8P^O~)Eb3zA;7o|TN)_U3)P zHDd{_Ix&7EkYdFC>6WYiiIe?Or}!3DJP`Z=y}|S#oL`bEewXY6BI5vg|B(9m&l|qd z{F^voS8QH(J3(*YET6UD2+=Ns0AYBjv$`^x7r94LlbKbemWAzkl-{@#(Pb=^&*Jdt z)Iotdmv^qmc-XE4wmTlZ(-xY#u%x-8kT+6zy)g2G7sE@dV0lJHs#^Gk- z59e`am*a#B2YgREZy$G38a{O@29DclP7DR?C}-$#M@S7my^qT}GyFWR>_V(`$j!^M z79<=CnT0kk68ZKON@OwjXw9m~(#zR}4?CT>Kx2>V7q7|CC9+oHI%QAq#?XioeFN-t z0X%Kc{wE}=cDCg8)UdYoDxtezKQkoqu&-qy_CAX7&3fkK(I*DNG?ub)O9b{ zvERfZhe&WFs*O5SW+B$Aq7cWFm;qV(^1l8}nG!@A51W(v0Y3k^;_G0Z0+2_d?A+ie z1WXHo#+Z@c?Rpo`*~4z}<8K%}n&3Ny!NbEMB$IZ`No+#P`zBoTVdg?1?Ubsx9R!f^ zcz=8MUI+Um@nE6KYx35JXPl)^(aMZ?bjz1A*f`Xoz=yTSdu_f%LFUmlQo;nvQWEK} zLJc!%PVSYKEe%Q^f2mJKo?;_h7=+kuN1DF6BglTBBcS)p;@5NA zTEiQ^?7Xvk=W?8fW3f?#H7WT$=+@OqS%9yz$(^x^r_fx1Zp;UtzrGMoeEt0!M>fP= z?-cMcJ2x6-W5M#TAswa~cWSCm1#(`84-kr0L@g4oeeI0gOh*^y)Stkc4|MplThpd4 zfXOfZX{muQJ%51-V~78{=*e5H5pyHfxyMIv&lJ=SD2gl{19Q?E43FnoJlSxkNFhuo z9&OuVlY>{s#j+dMrYkkRKLdc#_*_D-58G*T;pYPONJ+c%e2Xdh70xg)^)o3C7eBG_$KjvM8CnI74{=JvgaAlLc<){N1QLBz=;*EjIVM<*T0y7UNMw)cegm zyvqy$Zu{c-GTDDsn+-*zOD+owz95hL!00s}aBSXEC82@iA((elb7Rjv^Zc0Ednsp| zgwGAaom6{N)a#JGy$-$5IcFax^4!#QyAKwUCzZErU?YPEMKxv#{AP_Gf>Yh-cw=`B zm*4a@bdjQg-%9ogdJh7a*X6HYJ#}L+C_phM?%72PXxoN{OXIQN!pnKDC8^$l&rp|Y zbtUs2Nt-Enxa>b9TwlJh@C09`bcNov#_&-!rwlxcfpArx@Kb3c{ro+M?cJPTXaxHS zN$j5(;bkVu)$>j`wG4Hx)e}#~(UQ#rfRS zBJ=qBckg})wt4;PAcnC2b!EZ)0b;Z>W~r6FY5^dOjh!`5`vtvXVq^{T~Lv!?~% zW`3&5h2(?A<#m#gv=!BFpa3?9Li2~T)powmAzz<3Qz#~C+)=Gy$@0#UZ6CYELi`0! zz?{-MxX$gpptvJWM%EV1L8kr@zxp|9hZre(GQ(ov)9FB%f*<`x>I?CETScnbdnJF4{qkwtSEqv&{ct+#q&|2Y5CmX+rY>0t}wiTH}u@X=FMQ6L*a%DQ(z3|20j-wTlw&?t&t&1tL&@)T^%ZC~i*z z>shC)q^U>O1DEkSS{;1!1SWSUYB>bQUk6aezD;cmEVC&a4JykoIyle1YiM9h)Og=p ze27RVAD)SPWA1%TaoIV|7TbsAU<>G6zvxm7@bQ@63gvD~_DU3^mIapH~T z)JkJ~A6#7GS^HdaPI!Ox(!aA~cq+R@Rw? z0Of{(HIK50$&G4SI>`Je#;k9ZrIDVx(D1@m?Mt%=g#{GYXqCNObBt`WkUo||Klqkk zN9p6DnDlGZ2}T4P#Yne0ME+@#NQgnm9`ke8)oXPF2Qw0`!Z0KP6`}pF!#aP6J@rwR z?3B;zy`(94zJ#P<)3{*v8!2^Hw+K1^v;*Af+|(-7-gKt-($-z)<=T0sjitsdFt;nb zZMqr0;&(ZuJ_9+z0<1H%_O)JEODX7L+!V#ug5I@K7&STt_+2F8l=7r6`KH?9Bmg)On2vf0{N9%qmGSY%mQPO;=c2czZDq5$IL?;W_O+ z>cwqfY?`O{E#!F2#V0HC0}m}UH5py53EsgvJcjO=AmEQk%OOm8?^@Q5c$9hHlseHf zd)D#e7rJ&S2w>Xj+DDb!a}3QP-?B%3T>j{Te%KFT&5&Q69JB;aS!!w z!$2Kd`gX!_$jziKjI&AOIMmmDUz$~6M^g=&AW%}doqG*s@D3lFuQT* z562DT+C7Aa7n#i+XZn#>dux$GG`D@!@&(xf1W=rPaAnnA(S|GZS@;!oPP*7rnVK)QVg8<1cgu0n;HEELO3}~wN)C|6I9^k)0 zcqU`J>p_NoCS@nzI(e~8Yw$UjSsYt2C~($%SboBrbfE_;G{Sc%+BJol*{q6Pa%h(8 zMj21wZ7&J2?duN+}5Gjl2-xo#P=aep4IeL}Q zid*Fb3MUFwrd_5YKa~wex@Q$5Yqs*LHlCHgu-`$P3o005s1R&IK>;Re**jZ;&1=`$ zm`o9BEIOjemvpWOx*0_#9vQ)Z?;Tv~5Hzh>t{{4}A*r#d|0RR>0p8dT6T<$pVZ!hE zl?S4PzqzFjxmT=T_f5425EIL)ofMvrHjU~MjFW}{cRC05F48Wit0xfWlL%;4_R~p| zA^}R{Yo^!f@@bj8pg@5pRZXxS?}PsM=U-3GxYYJ)>YcpQH!#H>#+WCYQNdPrE`Fn@ zVi6seMIX7q;SBxW3J5GZ?uE#~1la2ycA|J89gm`WCblx?2RJVh2L z@oKG>CxP-L-qdSQ<*l`~b9~8{qddZJA#fh2d&e;03p59B%t!-5JQFUq0zNVJ>g$FJ zky$@WsSWptKcPah^9MokrXlI5SEwy~>5LcK1L6%ne5~22zSB(eynTrWRo-v@WlT8Y z&>;NNQWPhey*%hfw}%PSdFMSZ7ws|o>n}q9QNpQeyaBf;+@8C7pKV6iQtS1gp(tBx zk+}1D8Wy+RpnwC>Hi|%*cD+w#i?6WZQ{YB{lFo|)y9lYq##KFtq=)$mp`*S*aFM>c z11ikQ!0uqC-F}MV-^s4}#o6&svho~h8A737^8vnOq0!1%u{PybUOf=NhAnCRsAM(G zkaJr$pF&*WuE;&{p_OBgr(@$aZTF19{M>dPsLzS5@GQ=T=(jVP6Ah4Lh42#hsc@d@ zB4f^uaiaBr3E*1v%CtITT7lZRlA{OB1x$?KCwu*3mj9D-PBTwyG~M)iViACpwZ2Em zNyCaCVhRDW^o4fPcI!pP-Gts)pT3?2L<&q?QP{haZC;iG(`WJu0?s87sG<&sUV&DM*tk~`cQ6CrO?e%$mEUf2bp(0iyiI;%)4jJQx zRMa(S92A&1YLl;DKzK)k@0G;z;!qRGATYN==rS1op~Jo8#S0ETZy((=HrS==j(Tl1 z1u2`Dysr6kBGDMlPDNcxR!-LVqNg9v4XZM*_1i*(gFghYp5<%U#lDJ4UIAzU#V zuNx09M3q()S_cbPF4Ej3n}6$t zFGsSUB1Psg(EL+(k$yge%0H8yK6^clH4^RZTW53!ZXo%YQ})j5xhyC^$br>nI6Fmg zo9khO9V}mxpt{~RG?XDD@mR!X$(ETUq>*{Q&NFf)1Y5WNIvoW4w+N@@Vg^#v`TqbR CP`HTz diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/load_random_external_key.go b/vendor/github.com/google/go-tpm-tools/internal/test/load_random_external_key.go deleted file mode 100644 index 4bc860cf0..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/test/load_random_external_key.go +++ /dev/null @@ -1,47 +0,0 @@ -// Package test provides helper methods for testing. It should never be -// included in non-test libraries/binaries. -package test - -import ( - "crypto/rand" - "crypto/rsa" - "io" - "testing" - - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// LoadRandomExternalKey loads a randomly generated external key into the -// TPM simulator and returns its' handle. If any errors occur, calls Fatal() -// on the passed testing.TB. -func LoadRandomExternalKey(tb testing.TB, rw io.ReadWriter) tpmutil.Handle { - tb.Helper() - pk, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - tb.Fatal(err) - } - public := tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: tpm2.AlgSHA1, - Attributes: tpm2.FlagSign | tpm2.FlagUserWithAuth, - RSAParameters: &tpm2.RSAParams{ - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgRSASSA, - Hash: tpm2.AlgSHA1, - }, - KeyBits: 2048, - ExponentRaw: uint32(pk.PublicKey.E), - ModulusRaw: pk.PublicKey.N.Bytes(), - }, - } - private := tpm2.Private{ - Type: tpm2.AlgRSA, - Sensitive: pk.Primes[0].Bytes(), - } - handle, _, err := tpm2.LoadExternal(rw, public, private, tpm2.HandleNull) - if err != nil { - tb.Error(err) - } - return handle -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/simulate_test.go b/vendor/github.com/google/go-tpm-tools/internal/test/simulate_test.go deleted file mode 100644 index afb8d718a..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/test/simulate_test.go +++ /dev/null @@ -1,31 +0,0 @@ -package test - -import ( - "crypto" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/server" -) - -func TestGetTPM(t *testing.T) { - tpm := GetSimulatorWithLog(t, SP800155EventLog) - defer tpm.Close() - ak, err := client.AttestationKeyECC(tpm) - if err != nil { - t.Fatalf("failed to create key: %v", err) - } - nonce := []byte("hello") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - _, err = server.VerifyAttestation(attestation, server.VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - }) - if err != nil { - t.Errorf("failed to verify attestation for SP800 155 event log: %v", err) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/tdx_test_files/tdxReportData.bin b/vendor/github.com/google/go-tpm-tools/internal/test/tdx_test_files/tdxReportData.bin deleted file mode 100644 index fd541d97e..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/test/tdx_test_files/tdxReportData.bin +++ /dev/null @@ -1 +0,0 @@ -lbÞÁ¸I£«I å2£YDÞ¤|®ñù€†9“Ù‰•Eët£í1;˜zF}¬êÖðÈzmvlföòŸŠË( \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/test_cert.go b/vendor/github.com/google/go-tpm-tools/internal/test/test_cert.go deleted file mode 100644 index 0f45a277a..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/test/test_cert.go +++ /dev/null @@ -1,47 +0,0 @@ -package test - -import ( - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "math/big" - "testing" - "time" -) - -// GetTestCert returns an x509 Certificate with the provided issuingURL and signed with the provided parent certificate and key. -// If parentCert and parentKey are nil, the certificate will be self-signed. -func GetTestCert(t *testing.T, issuingURL []string, parentCert *x509.Certificate, parentKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey) { - t.Helper() - - certKey, _ := rsa.GenerateKey(rand.Reader, 2048) - - template := &x509.Certificate{ - SerialNumber: big.NewInt(1), - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(10, 0, 0), - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - IsCA: true, - MaxPathLenZero: true, - IssuingCertificateURL: issuingURL, - } - - if parentCert == nil && parentKey == nil { - parentCert = template - parentKey = certKey - } - - certBytes, err := x509.CreateCertificate(rand.Reader, template, parentCert, certKey.Public(), parentKey) - if err != nil { - t.Fatalf("Unable to create test certificate: %v", err) - } - - cert, err := x509.ParseCertificate(certBytes) - if err != nil { - t.Fatalf("Unable to parse test certificate: %v", err) - } - - return cert, certKey -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/test_data.go b/vendor/github.com/google/go-tpm-tools/internal/test/test_data.go deleted file mode 100644 index 57492566d..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/test/test_data.go +++ /dev/null @@ -1,87 +0,0 @@ -package test - -import _ "embed" // Necessary to use go:embed - -// Raw binary TCG Event Logs -var ( - //go:embed eventlogs/arch-linux-workstation.bin - ArchLinuxWorkstationEventLog []byte - //go:embed eventlogs/debian-10.bin - Debian10EventLog []byte - //go:embed eventlogs/glinux-alex.bin - GlinuxAlexEventLog []byte - //go:embed eventlogs/rhel8-uefi.bin - Rhel8EventLog []byte - //go:embed eventlogs/ubuntu-1804-amd-sev.bin - Ubuntu1804AmdSevEventLog []byte - //go:embed eventlogs/ubuntu-2104-no-dbx.bin - Ubuntu2104NoDbxEventLog []byte - //go:embed eventlogs/ubuntu-2104-no-secure-boot.bin - Ubuntu2104NoSecureBootEventLog []byte - //go:embed eventlogs/ubuntu-2404-amd-sevsnp.bin - Ubuntu2404AmdSevSnpEventLog []byte - //go:embed eventlogs/cos-85-amd-sev.bin - Cos85AmdSevEventLog []byte - //go:embed eventlogs/cos-93-amd-sev.bin - Cos93AmdSevEventLog []byte - //go:embed eventlogs/cos-101-amd-sev.bin - Cos101AmdSevEventLog []byte - //go:embed eventlogs/gdc-host.bin - GdcHost []byte - //go:embed eventlogs/eventlogwithsp800155.bin - SP800155EventLog []byte - //go:embed eventlogs/confidential-gke-debug-251000_eventlog.bin - CGKE251000 []byte -) - -// Kernel command lines from event logs. -var ( - Ubuntu2404AmdSevSnpCmdline = "/vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1\x00" - Cos85AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16\"\x00" - Cos93AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44\"\x00" - Cos101AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashtree=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashstart=4077568 alg=sha256 root_hexdigest=48d436350a7e83bde985cd3f7e79fa443557743b42243803ce31104ca4719c5d salt=b323b014b6f463172fca758a1c5a6745a2c8e5872be0e175e2f4b40c8295b2ab\"\x00" -) - -// Attestation .pb files. -var ( - //go:embed attestations/gce-cos-85-no-nonce.pb - COS85NoNonce []byte - //go:embed attestations/gce-cos-85-nonce9009.pb - COS85Nonce9009 []byte -) - -// EK and AK Certificates. -var ( - //go:embed certificates/pca_tpm_ecc_enc_cert.pem - GCEEncryptECCCertPCA []byte - //go:embed certificates/pca_tpm_ecc_sign_cert.pem - GCESignECCCertPCA []byte - //go:embed certificates/pca_tpm_rsa_enc_cert.pem - GCEEncryptRSACertPCA []byte - //go:embed certificates/pca_tpm_rsa_sign_cert.pem - GCESignRSACertPCA []byte - - //go:embed certificates/uca_tpm_ecc_enc_cert.pem - GCEEncryptECCCertUCA []byte - //go:embed certificates/uca_tpm_ecc_sign_cert.pem - GCESignECCCertUCA []byte - //go:embed certificates/uca_tpm_rsa_enc_cert.pem - GCEEncryptRSACertUCA []byte - //go:embed certificates/uca_tpm_rsa_sign_cert.pem - GCESignRSACertUCA []byte -) - -// GCECertPEMs provides a variety of GCE test certificates, including AK/EK, -// RSA/ECC, and PCA/UCA. -var GCECertPEMs = [][]byte{ - GCEEncryptECCCertPCA, GCESignECCCertPCA, - GCEEncryptRSACertPCA, GCESignRSACertPCA, - GCEEncryptECCCertUCA, GCESignECCCertUCA, - GCEEncryptRSACertUCA, GCESignRSACertUCA, -} - -// TDX test files -var ( - //go:embed tdx_test_files/tdxReportData.bin - TdxReportData []byte // Use as tdx nonce -) diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/test_other.go b/vendor/github.com/google/go-tpm-tools/internal/test/test_other.go deleted file mode 100644 index 6d6c94f41..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/test/test_other.go +++ /dev/null @@ -1,23 +0,0 @@ -//go:build !windows -// +build !windows - -package test - -import ( - "flag" - "io" - - "github.com/google/go-tpm/legacy/tpm2" -) - -// As this package is only included in tests, this flag will not conflict with -// the --tpm-path flag in gotpm/cmd -var tpmPath = flag.String("tpm-path", "", "Path to Linux TPM character device (i.e. /dev/tpm0 or /dev/tpmrm0). Empty value (default) will run tests against the simulator.") - -func useRealTPM() bool { - return *tpmPath != "" -} - -func getRealTPM() (io.ReadWriteCloser, error) { - return tpm2.OpenTPM(*tpmPath) -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/test_tpm.go b/vendor/github.com/google/go-tpm-tools/internal/test/test_tpm.go deleted file mode 100644 index ec0956ca1..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/test/test_tpm.go +++ /dev/null @@ -1,227 +0,0 @@ -package test - -import ( - "encoding/binary" - "io" - "sync" - "testing" - - "github.com/google/go-attestation/attest" - "github.com/google/go-tpm-tools/simulator" - "github.com/google/go-tpm/legacy/tpm2" - gtpm2 "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpmutil" -) - -// Only open the TPM device once. Reopening the device causes issues on Linux. -var ( - tpm io.ReadWriteCloser - lock sync.Mutex -) - -// PCR registers that are OK to use in tests (can be reset without reboot) -var ( - DebugPCR = 16 - ApplicationPCR = 23 -) - -type noClose struct { - io.ReadWriter -} - -func (n noClose) Close() error { - return nil -} - -type simulatedTpm struct { - io.ReadWriteCloser - eventLog []byte -} - -func (s simulatedTpm) EventLog() ([]byte, error) { - return s.eventLog, nil -} - -// SkipOnUnsupportedAlg skips the test if the algorithm is not found in the TPM -// capability. -func SkipOnUnsupportedAlg(t testing.TB, rw io.ReadWriter, alg tpm2.Algorithm) { - moreData := true - for i := uint32(0); moreData; i++ { - var err error - var descs []interface{} - descs, moreData, err = tpm2.GetCapability(rw, tpm2.CapabilityAlgs, 1, i) - if err != nil { - t.Fatalf("Could not get TPM algorithm capability: %v", err) - } - for _, desc := range descs { - if desc.(tpm2.AlgorithmDescription).ID == alg { - return - } - } - if !moreData { - break - } - } - t.Skipf("Algorithm %v is not supported by the TPM", alg) -} - -// GetTPM is a cross-platform testing helper function that retrives the -// appropriate TPM device from the flags passed into "go test". -// -// If using a test TPM, this will also retrieve a test eventlog. In this case, -// GetTPM extends the test event log's events into the test TPM. -func GetTPM(tb testing.TB) io.ReadWriteCloser { - tb.Helper() - if !useRealTPM() { - return GetSimulatorWithLog(tb, Rhel8EventLog) - } - - lock.Lock() - defer lock.Unlock() - if tpm == nil { - var err error - if tpm, err = getRealTPM(); err != nil { - tb.Fatalf("Failed to open TPM: %v", err) - } - } - return noClose{tpm} -} - -// SkipForRealTPM causes a test or benchmark to be skipped if we are not using -// a test TPM. This lets us avoid clobbering important PCRs on a real machine. -func SkipForRealTPM(tb testing.TB) { - if useRealTPM() { - tb.Skip("Running against a real TPM, Skipping Test") - } -} - -// GetSimulatorWithLog returns a simulated TPM with PCRs that match the events -// of the passed in eventlog. This allows for testing attestation flows. -func GetSimulatorWithLog(tb testing.TB, eventLog []byte) io.ReadWriteCloser { - simulator, err := simulator.Get() - if err != nil { - tb.Fatalf("Simulator initialization failed: %v", err) - } - // Make sure that whatever happens, we close the simulator - tb.Cleanup(func() { - if !simulator.IsClosed() { - tb.Error("simulator was not properly closed") - if err := simulator.Close(); err != nil { - tb.Errorf("when closing simulator: %v", err) - } - } - }) - - // Extend event log events on simulator TPM. - simulateEventLogEvents(tb, simulator, eventLog) - return simulatedTpm{simulator, eventLog} -} - -// simulateEventLogEvents simulates the events in the test event log -// "server/test/ubuntu-2104-event-log" by parsing the log -// and manually extending the TPM. -func simulateEventLogEvents(tb testing.TB, rw io.ReadWriter, eventLog []byte) { - attestEventLog, err := attest.ParseEventLog(eventLog) - if err != nil { - tb.Fatalf("Failed to parse test event log: %v", err) - } - - // TODO: The Ubuntu 21.04 event log also includes SHA384, but this is not yet - // supported by go-attestation or go-tpm-tools. - hashAlgs := map[tpm2.Algorithm]attest.HashAlg{ - tpm2.AlgSHA1: attest.HashSHA1, - tpm2.AlgSHA256: attest.HashSHA256, - } - - for tpm2Alg, attestAlg := range hashAlgs { - events := attestEventLog.Events(attestAlg) - for _, event := range events { - // EV_NO_ACTION - if event.Type == 0x03 { - continue - } - extendOnePcr(tb, rw, event.Index, tpm2Alg, event.Digest) - } - } -} - -func extendOnePcr(tb testing.TB, rw io.ReadWriter, pcr int, hashAlg tpm2.Algorithm, hash []byte) { - err := tpm2.PCRExtend(rw, tpmutil.Handle(pcr), hashAlg, hash, "") - if err != nil { - tb.Fatalf("PCRExtend failed: %v", err) - } -} - -// CreateTpm2EventLog generates a sample event log that is based on gceConfidentialTechnology -func CreateTpm2EventLog(gceConfidentialTechnologyEnum byte) []byte { - pcr0 := uint32(0) - algorithms := []gtpm2.TPMIAlgHash{gtpm2.TPMAlgSHA1, gtpm2.TPMAlgSHA256, gtpm2.TPMAlgSHA384} - specEventInfo := []byte{ - 'S', 'p', 'e', 'c', ' ', 'I', 'D', ' ', 'E', 'v', 'e', 'n', 't', '0', '3', 0, - 0, 0, 0, 0, // platformClass - 0, // specVersionMinor, - 2, // specVersionMajor, - 0, // specErrata - 2, // uintnSize - byte(len(algorithms)), 0, 0, 0} // NumberOfAlgorithms - for _, alg := range algorithms { - var algInfo [4]byte - algo, _ := alg.Hash() - binary.LittleEndian.PutUint16(algInfo[0:2], uint16(alg)) - binary.LittleEndian.PutUint16(algInfo[2:4], uint16(algo.Size())) - specEventInfo = append(specEventInfo, algInfo[:]...) - } - vendorInfoSize := byte(0) - specEventInfo = append(specEventInfo, vendorInfoSize) - - specEventHeader := make([]byte, 32) - evNoAction := uint32(0x03) - binary.LittleEndian.PutUint32(specEventHeader[0:4], pcr0) - binary.LittleEndian.PutUint32(specEventHeader[4:8], evNoAction) - binary.LittleEndian.PutUint32(specEventHeader[28:32], uint32(len(specEventInfo))) - specEvent := append(specEventHeader, specEventInfo...) - - // After the Spec ID Event, all events must use all the specified digest algorithms. - extendHashes := func(buffer []byte, info []byte) []byte { - var numberOfDigests [4]byte - binary.LittleEndian.PutUint32(numberOfDigests[:], uint32(len(algorithms))) - buffer = append(buffer, numberOfDigests[:]...) - for _, alg := range algorithms { - algo, _ := alg.Hash() - digest := make([]byte, 2+algo.Size()) - binary.LittleEndian.PutUint16(digest[0:2], uint16(alg)) - h := algo.New() - h.Write(info) - copy(digest[2:], h.Sum(nil)) - buffer = append(buffer, digest...) - } - return buffer - } - writeTpm2Event := func(buffer []byte, pcr uint32, eventType uint32, info []byte) []byte { - header := make([]byte, 8) - binary.LittleEndian.PutUint32(header[0:4], pcr) - binary.LittleEndian.PutUint32(header[4:8], eventType) - buffer = append(buffer, header...) - - buffer = extendHashes(buffer, info) - - var eventSize [4]byte - binary.LittleEndian.PutUint32(eventSize[:], uint32(len(info))) - buffer = append(buffer, eventSize[:]...) - - return append(buffer, info...) - } - evSCRTMversion := uint32(0x08) - versionEventInfo := []byte{ - 'G', 0, 'C', 0, 'E', 0, ' ', 0, - 'V', 0, 'i', 0, 'r', 0, 't', 0, 'u', 0, 'a', 0, 'l', 0, ' ', 0, - 'F', 0, 'i', 0, 'r', 0, 'm', 0, 'w', 0, 'a', 0, 'r', 0, 'e', 0, ' ', 0, - 'v', 0, '1', 0, 0, 0} - withVersionEvent := writeTpm2Event(specEvent, pcr0, evSCRTMversion, versionEventInfo) - - nonHostEventInfo := []byte{ - 'G', 'C', 'E', ' ', 'N', 'o', 'n', 'H', 'o', 's', 't', 'I', 'n', 'f', 'o', 0, - gceConfidentialTechnologyEnum, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} - evNonHostInfo := uint32(0x11) - return writeTpm2Event(withVersionEvent, pcr0, evNonHostInfo, nonHostEventInfo) -} diff --git a/vendor/github.com/google/go-tpm-tools/internal/test/test_windows.go b/vendor/github.com/google/go-tpm-tools/internal/test/test_windows.go deleted file mode 100644 index 8f7899b52..000000000 --- a/vendor/github.com/google/go-tpm-tools/internal/test/test_windows.go +++ /dev/null @@ -1,18 +0,0 @@ -package test - -import ( - "flag" - "io" - - "github.com/google/go-tpm/legacy/tpm2" -) - -var useTBS = flag.Bool("use-tbs", false, "Run the tests against the Windows TBS. Value of false (default) will run tests against the simulator.") - -func useRealTPM() bool { - return *useTBS -} - -func getRealTPM() (io.ReadWriteCloser, error) { - return tpm2.OpenTPM() -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/.gcloudignore b/vendor/github.com/google/go-tpm-tools/launcher/.gcloudignore deleted file mode 100644 index 1170f78e3..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/.gcloudignore +++ /dev/null @@ -1,4 +0,0 @@ -# Ignores binary uploads for Cloud Build. -launcher -launcher.test -image/launcher diff --git a/vendor/github.com/google/go-tpm-tools/launcher/agent/agent.go b/vendor/github.com/google/go-tpm-tools/launcher/agent/agent.go deleted file mode 100644 index aa35483d4..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/agent/agent.go +++ /dev/null @@ -1,419 +0,0 @@ -// Package agent coordinates the communication between the TPM and the remote -// attestation service. It handles: -// - All TPM-related functionality (quotes, logs, certs, etc...) -// - Fetching the relevant principal ID tokens -// - Calling VerifyAttestation on the remote service -package agent - -import ( - "bytes" - "context" - "encoding/base64" - "fmt" - "io" - "net/http" - "os" - "sync" - "time" - - "github.com/cenkalti/backoff/v4" - "github.com/google/go-configfs-tsm/configfs/configfsi" - - "github.com/google/go-configfs-tsm/configfs/linuxtsm" - tg "github.com/google/go-tdx-guest/client" - tlabi "github.com/google/go-tdx-guest/client/linuxabi" - - "github.com/google/go-tpm-tools/cel" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/launcher/internal/signaturediscovery" - "github.com/google/go-tpm-tools/launcher/spec" - pb "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/models" - "github.com/google/go-tpm-tools/verifier/oci" - "github.com/google/go-tpm-tools/verifier/util" -) - -const ( - audienceSTS = "https://sts.googleapis.com" -) - -type principalIDTokenFetcher func(audience string) ([][]byte, error) - -// AttestationAgent is an agent that interacts with GCE's Attestation Service -// to Verify an attestation message. It is an interface instead of a concrete -// struct to make testing easier. -type AttestationAgent interface { - MeasureEvent(cel.Content) error - Attest(context.Context, AttestAgentOpts) ([]byte, error) - AttestWithClient(ctx context.Context, opts AttestAgentOpts, client verifier.Client) ([]byte, error) - Refresh(context.Context) error - Close() error -} - -type attestRoot interface { - // Extend measures the cel content into a measurement register and appends to the CEL. - Extend(cel.Content) error - // GetCEL fetches the CEL with events corresponding to the sequence of Extended measurements - // to this attestation root - GetCEL() *cel.CEL - // Attest fetches a technology-specific quote from the root of trust. - Attest(nonce []byte) (any, error) -} - -// AttestAgentOpts contains user generated options when calling the -// VerifyAttestation API -type AttestAgentOpts struct { - TokenOptions *models.TokenOptions -} - -type agent struct { - measuredRots []attestRoot - avRot attestRoot - fetchedAK *client.Key - client verifier.Client - principalFetcher principalIDTokenFetcher - sigsFetcher signaturediscovery.Fetcher - launchSpec spec.LaunchSpec - logger logging.Logger - sigsCache *sigsCache -} - -// CreateAttestationAgent returns an agent capable of performing remote -// attestation using the machine's (v)TPM to GCE's Attestation Service. -// - tpm is a handle to the TPM on the instance -// - akFetcher is a func to fetch an attestation key: see go-tpm-tools/client. -// - principalFetcher is a func to fetch GCE principal tokens for a given audience. -// - signaturesFetcher is a func to fetch container image signatures associated with the running workload. -// - logger will log any partial errors returned by VerifyAttestation. -func CreateAttestationAgent(tpm io.ReadWriteCloser, akFetcher util.TpmKeyFetcher, verifierClient verifier.Client, principalFetcher principalIDTokenFetcher, sigsFetcher signaturediscovery.Fetcher, launchSpec spec.LaunchSpec, logger logging.Logger) (AttestationAgent, error) { - // Fetched the AK and save it, so the agent doesn't need to create a new key everytime - ak, err := akFetcher(tpm) - if err != nil { - return nil, fmt.Errorf("failed to create an Attestation Agent: %w", err) - } - - attestAgent := &agent{ - client: verifierClient, - fetchedAK: ak, - principalFetcher: principalFetcher, - sigsFetcher: sigsFetcher, - launchSpec: launchSpec, - logger: logger, - sigsCache: &sigsCache{}, - } - - // Add TPM - logger.Info("Adding TPM PCRs for measurement.") - var tpmAR = &tpmAttestRoot{ - fetchedAK: ak, - tpm: tpm, - } - attestAgent.measuredRots = append(attestAgent.measuredRots, tpmAR) - - // check if is a TDX machine - qp, err := tg.GetQuoteProvider() - if err != nil { - return nil, err - } - // Use qp.IsSupported to check the TDX RTMR interface is enabled - if qp.IsSupported() == nil { - logger.Info("Adding TDX RTMRs for measurement.") - // try to create tsm client for tdx rtmr - tsm, err := linuxtsm.MakeClient() - if err != nil { - return nil, fmt.Errorf("failed to create TSM for TDX: %v", err) - } - var tdxAR = &tdxAttestRoot{ - qp: qp, - tsmClient: tsm, - } - attestAgent.measuredRots = append(attestAgent.measuredRots, tdxAR) - - logger.Info("Using TDX RTMR as attestation root.") - attestAgent.avRot = tdxAR - } else { - logger.Info("Using TPM PCR as attestation root.") - attestAgent.avRot = tpmAR - } - - return attestAgent, nil -} - -// Close cleans up the agent -func (a *agent) Close() error { - a.fetchedAK.Close() - return nil -} - -// MeasureEvent takes in a cel.Content and appends it to the CEL eventlog -// under the attestation agent. -// MeasureEvent measures to all Attest Roots. -func (a *agent) MeasureEvent(event cel.Content) error { - for _, attestRoot := range a.measuredRots { - if err := attestRoot.Extend(event); err != nil { - return err - } - } - return nil -} - -// Attest fetches the nonce and connection ID from the Attestation Service, -// creates an attestation message, and returns the resultant -// principalIDTokens and Metadata Server-generated ID tokens for the instance. -// When possible, Attest uses the technology-specific attestation root-of-trust -// (TDX RTMR), otherwise falls back to the vTPM. -func (a *agent) Attest(ctx context.Context, opts AttestAgentOpts) ([]byte, error) { - if a.client == nil { - return nil, fmt.Errorf("attest agent does not have initialized verifier client") - } - - return a.AttestWithClient(ctx, opts, a.client) -} - -// AttestWithClient fetches the nonce and connection ID from the Attestation Service via the provided client, -// creates an attestation message, and returns the resultant -// principalIDTokens and Metadata Server-generated ID tokens for the instance. -// When possible, Attest uses the technology-specific attestation root-of-trust -// (TDX RTMR), otherwise falls back to the vTPM. -func (a *agent) AttestWithClient(ctx context.Context, opts AttestAgentOpts, client verifier.Client) ([]byte, error) { - challenge, err := client.CreateChallenge(ctx) - if err != nil { - return nil, err - } - - tokenOpts := opts.TokenOptions - if tokenOpts == nil { - tokenOpts = &models.TokenOptions{TokenType: "OIDC"} - } - - // The customer is responsible for providing an audience if they provided nonces. - if tokenOpts.Audience == "" && len(tokenOpts.Nonces) == 0 { - tokenOpts.Audience = audienceSTS - } - - principalTokens, err := a.principalFetcher(challenge.Name) - if err != nil { - return nil, fmt.Errorf("failed to get principal tokens: %w", err) - } - - // attResult can be tdx or tpm or other attest root - attResult, err := a.avRot.Attest(challenge.Nonce) - if err != nil { - return nil, fmt.Errorf("failed to attest: %v", err) - } - - var cosCel bytes.Buffer - if err := a.avRot.GetCEL().EncodeCEL(&cosCel); err != nil { - return nil, err - } - - req := verifier.VerifyAttestationRequest{ - Challenge: challenge, - GcpCredentials: principalTokens, - TokenOptions: tokenOpts, - } - - switch v := attResult.(type) { - case *pb.Attestation: - a.logger.Info("attestation through TPM quote") - - v.CanonicalEventLog = cosCel.Bytes() - req.Attestation = v - case *verifier.TDCCELAttestation: - a.logger.Info("attestation through TDX quote") - - certChain, err := internal.GetCertificateChain(a.fetchedAK.Cert(), http.DefaultClient) - if err != nil { - return nil, fmt.Errorf("failed when fetching certificate chain: %w", err) - } - - v.CanonicalEventLog = cosCel.Bytes() - v.IntermediateCerts = certChain - v.AkCert = a.fetchedAK.CertDERBytes() - req.TDCCELAttestation = v - default: - return nil, fmt.Errorf("received an unsupported attestation type! %v", v) - } - - signatures := a.sigsCache.get() - if len(signatures) > 0 { - for _, sig := range signatures { - verifierSig, err := convertOCIToContainerSignature(sig) - if err != nil { - a.logger.Error(fmt.Sprintf("error converting container signatures: %v", err)) - continue - } - req.ContainerImageSignatures = append(req.ContainerImageSignatures, verifierSig) - } - a.logger.Info("Found container image signatures: %v\n", signatures) - } - - resp, err := client.VerifyAttestation(ctx, req) - if err != nil { - return nil, err - } - if len(resp.PartialErrs) > 0 { - a.logger.Error(fmt.Sprintf("Partial errors from VerifyAttestation: %v", resp.PartialErrs)) - } - return resp.ClaimsToken, nil -} - -func convertOCIToContainerSignature(ociSig oci.Signature) (*verifier.ContainerSignature, error) { - payload, err := ociSig.Payload() - if err != nil { - return nil, fmt.Errorf("failed to get payload from signature [%v]: %v", ociSig, err) - } - b64Sig, err := ociSig.Base64Encoded() - if err != nil { - return nil, fmt.Errorf("failed to get base64 signature from signature [%v]: %v", ociSig, err) - } - sigBytes, err := base64.StdEncoding.DecodeString(b64Sig) - if err != nil { - return nil, fmt.Errorf("failed to decode signature for signature [%v]: %v", ociSig, err) - } - return &verifier.ContainerSignature{ - Payload: payload, - Signature: sigBytes, - }, nil -} - -type tpmAttestRoot struct { - tpmMu sync.Mutex - fetchedAK *client.Key - tpm io.ReadWriteCloser - cosCel cel.CEL -} - -func (t *tpmAttestRoot) GetCEL() *cel.CEL { - return &t.cosCel -} - -func (t *tpmAttestRoot) Extend(c cel.Content) error { - return t.cosCel.AppendEventPCR(t.tpm, cel.CosEventPCR, c) -} - -func (t *tpmAttestRoot) Attest(nonce []byte) (any, error) { - t.tpmMu.Lock() - defer t.tpmMu.Unlock() - - return t.fetchedAK.Attest(client.AttestOpts{ - Nonce: nonce, - CertChainFetcher: http.DefaultClient, - }) -} - -type tdxAttestRoot struct { - tdxMu sync.Mutex - qp *tg.LinuxConfigFsQuoteProvider - tsmClient configfsi.Client - cosCel cel.CEL -} - -func (t *tdxAttestRoot) GetCEL() *cel.CEL { - return &t.cosCel -} - -func (t *tdxAttestRoot) Extend(c cel.Content) error { - return t.cosCel.AppendEventRTMR(t.tsmClient, cel.CosRTMR, c) -} - -func (t *tdxAttestRoot) Attest(nonce []byte) (any, error) { - t.tdxMu.Lock() - defer t.tdxMu.Unlock() - - var tdxNonce [tlabi.TdReportDataSize]byte - copy(tdxNonce[:], nonce) - - rawQuote, err := tg.GetRawQuote(t.qp, tdxNonce) - if err != nil { - return nil, err - } - - ccelData, err := os.ReadFile("/sys/firmware/acpi/tables/data/CCEL") - if err != nil { - return nil, err - } - ccelTable, err := os.ReadFile("/sys/firmware/acpi/tables/CCEL") - if err != nil { - return nil, err - } - - return &verifier.TDCCELAttestation{ - CcelAcpiTable: ccelTable, - CcelData: ccelData, - TdQuote: rawQuote, - }, nil -} - -// Refresh refreshes the internal state of the attestation agent. -// It will reset the container image signatures for now. -func (a *agent) Refresh(ctx context.Context) error { - signatures := fetchContainerImageSignatures(ctx, a.sigsFetcher, a.launchSpec.SignedImageRepos, defaultRetryPolicy, a.logger) - a.sigsCache.set(signatures) - a.logger.Info("Refreshed container image signature cache", "signatures", signatures) - return nil -} - -func fetchContainerImageSignatures(ctx context.Context, fetcher signaturediscovery.Fetcher, targetRepos []string, retry func() backoff.BackOff, logger logging.Logger) []oci.Signature { - signatures := make([][]oci.Signature, len(targetRepos)) - - var wg sync.WaitGroup - for i, repo := range targetRepos { - wg.Add(1) - go func(targetRepo string, index int) { - defer wg.Done() - - // backoff independently per repo - var sigs []oci.Signature - err := backoff.RetryNotify( - func() error { - s, err := fetcher.FetchImageSignatures(ctx, targetRepo) - sigs = s - return err - }, - retry(), - func(err error, _ time.Duration) { - logger.Error(fmt.Sprintf("Failed to fetch container image signatures from repo: %v", err.Error()), "repo", targetRepo) - }) - if err != nil { - logger.Error(fmt.Sprintf("Failed all attempts to refresh container signatures from repo: %v", err.Error()), "repo", targetRepo) - } else { - signatures[index] = sigs - } - - }(repo, i) - } - wg.Wait() - - var foundSigs []oci.Signature - for _, sigs := range signatures { - foundSigs = append(foundSigs, sigs...) - } - return foundSigs -} - -func defaultRetryPolicy() backoff.BackOff { - b := backoff.NewConstantBackOff(time.Millisecond * 300) - return backoff.WithMaxRetries(b, 3) -} - -type sigsCache struct { - mu sync.RWMutex - items []oci.Signature -} - -func (c *sigsCache) set(sigs []oci.Signature) { - c.mu.Lock() - defer c.mu.Unlock() - c.items = make([]oci.Signature, len(sigs)) - copy(c.items, sigs) -} - -func (c *sigsCache) get() []oci.Signature { - c.mu.RLock() - defer c.mu.RUnlock() - return c.items -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/agent/agent_test.go b/vendor/github.com/google/go-tpm-tools/launcher/agent/agent_test.go deleted file mode 100644 index 82e11d3cd..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/agent/agent_test.go +++ /dev/null @@ -1,640 +0,0 @@ -package agent - -import ( - "context" - "crypto/rand" - "crypto/rsa" - "encoding/base64" - "fmt" - "math" - "runtime" - "sync" - "testing" - "time" - - "github.com/cenkalti/backoff/v4" - "github.com/golang-jwt/jwt/v4" - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/cel" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/launcher/internal/signaturediscovery" - "github.com/google/go-tpm-tools/launcher/spec" - attestpb "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/fake" - "github.com/google/go-tpm-tools/verifier/oci" - "github.com/google/go-tpm-tools/verifier/oci/cosign" - "google.golang.org/protobuf/encoding/protojson" -) - -const ( - imageRef = "gcr.io/fakeRepo/fakeTestImage:latest" - imageDigest = "sha256:adb591795f9e9047f9117163b83c2ebcd5edc4503644d59a98cf911aef0367f8" - restartPolicy = spec.Always - imageID = "sha256:d5496fd75dd8262f0495ab5706fc464659eb7f481e384700e6174b6c44144cae" - arg = "-h" - envK = "foo" - envV = "foo" - env = envK + "=" + envV -) - -func TestAttestRacing(t *testing.T) { - ctx := context.Background() - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - fakeSigner, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatalf("failed to generate signing key %v", err) - } - - verifierClient := fake.NewClient(fakeSigner) - agent, err := CreateAttestationAgent(tpm, client.AttestationKeyECC, verifierClient, placeholderPrincipalFetcher, signaturediscovery.NewFakeClient(), spec.LaunchSpec{}, logging.SimpleLogger()) - if err != nil { - t.Fatal(err) - } - var wg sync.WaitGroup - for i := 0; i < 5; i++ { - wg.Add(1) - go func() { - defer wg.Done() - _, err := agent.Attest(ctx, AttestAgentOpts{}) - if err != nil { - t.Error(err) - } - }() - } - wg.Wait() - agent.Close() -} - -func TestAttest(t *testing.T) { - ctx := context.Background() - testCases := []struct { - name string - launchSpec spec.LaunchSpec - principalIDTokenFetcher func(string) ([][]byte, error) - containerSignaturesFetcher signaturediscovery.Fetcher - }{ - { - name: "Happy path with container signatures", - launchSpec: spec.LaunchSpec{ - SignedImageRepos: []string{signaturediscovery.FakeRepoWithSignatures}, - }, - principalIDTokenFetcher: placeholderPrincipalFetcher, - containerSignaturesFetcher: signaturediscovery.NewFakeClient(), - }, - } - - for _, tc := range testCases { - tc := tc - t.Run(tc.name, func(t *testing.T) { - t.Parallel() - - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - fakeSigner, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatalf("failed to generate signing key %v", err) - } - - verifierClient := fake.NewClient(fakeSigner) - - agent, err := CreateAttestationAgent(tpm, client.AttestationKeyECC, verifierClient, tc.principalIDTokenFetcher, tc.containerSignaturesFetcher, tc.launchSpec, logging.SimpleLogger()) - if err != nil { - t.Fatalf("failed to create an attestation agent %v", err) - } - err = measureFakeEvents(agent) - if err != nil { - t.Errorf("failed to measure events: %v", err) - } - if err := agent.Refresh(ctx); err != nil { - t.Fatalf("failed to fresh attestation agent: %v", err) - } - tokenBytes, err := agent.Attest(ctx, AttestAgentOpts{}) - if err != nil { - t.Fatalf("failed to attest to Attestation Service: %v", err) - } - agent.Close() - - claims := &fake.Claims{} - keyFunc := func(_ *jwt.Token) (interface{}, error) { return fakeSigner.Public(), nil } - token, err := jwt.ParseWithClaims(string(tokenBytes), claims, keyFunc) - if err != nil { - t.Errorf("failed to parse token %s", err) - } - - if err = claims.Valid(); err != nil { - t.Errorf("Invalid exp, iat, or nbf: %s", err) - } - - if !claims.VerifyAudience("https://sts.googleapis.com", true) { - t.Errorf("Invalid aud") - } - - if !claims.VerifyIssuer("fake-issuer-for-testing", true) { - t.Errorf("Invalid iss") - } - - if claims.Subject != "https://www.googleapis.com/compute/v1/projects/fakeProject/zones/fakeZone/instances/fakeInstance" { - t.Errorf("Invalid sub") - } - - got := claims.ContainerImageSignatures - want := []fake.ContainerImageSignatureClaims{ - { - Payload: "test data,ECDSA_P256_SHA256", - Signature: base64.StdEncoding.EncodeToString([]byte("test data")), - PubKey: "test data", - SigAlg: "ECDSA_P256_SHA256", - }, - { - Payload: "hello world,RSASSA_PKCS1V15_SHA256", - Signature: base64.StdEncoding.EncodeToString([]byte("hello world")), - PubKey: "hello world", - SigAlg: "RSASSA_PKCS1V15_SHA256", - }, - } - if !cmp.Equal(got, want) { - t.Errorf("ContainerImageSignatureClaims does not match expected value: got %v, want %v", got, want) - } - - ms := &attestpb.MachineState{} - err = protojson.Unmarshal([]byte(claims.MachineStateMarshaled), ms) - if err != nil { - t.Fatalf("failed to unmarshal claims as MachineState: %v", err) - } - validateContainerState(t, ms.GetCos()) - fmt.Printf("token.Claims: %v\n", token.Claims) - }) - } -} - -func placeholderPrincipalFetcher(_ string) ([][]byte, error) { - return [][]byte{}, nil -} - -func TestFetchContainerImageSignatures(t *testing.T) { - ctx := context.Background() - - testCases := []struct { - name string - targetRepos []string - wantBase64Sigs []string - wantSignatureClaims []fake.ContainerImageSignatureClaims - wantPartialErrLen int - }{ - { - name: "fetchContainerImageSignatures with repos that have signatures", - targetRepos: []string{signaturediscovery.FakeRepoWithSignatures}, - wantBase64Sigs: []string{ - "dGVzdCBkYXRh", // base64 encoded "test data". - "aGVsbG8gd29ybGQ=", // base64 encoded "hello world". - }, - wantSignatureClaims: []fake.ContainerImageSignatureClaims{ - { - Payload: "test data,ECDSA_P256_SHA256", - Signature: base64.StdEncoding.EncodeToString([]byte("test data")), - PubKey: "test data", - SigAlg: "ECDSA_P256_SHA256", - }, - { - Payload: "hello world,RSASSA_PKCS1V15_SHA256", - Signature: base64.StdEncoding.EncodeToString([]byte("hello world")), - PubKey: "hello world", - SigAlg: "RSASSA_PKCS1V15_SHA256", - }, - }, - wantPartialErrLen: 0, - }, - { - name: "fetchContainerImageSignatures with nil target repos", - targetRepos: nil, - wantBase64Sigs: nil, - wantSignatureClaims: nil, - wantPartialErrLen: 0, - }, - { - name: "fetchContainerImageSignatures with empty target repos", - targetRepos: []string{}, - wantBase64Sigs: nil, - wantSignatureClaims: nil, - wantPartialErrLen: 0, - }, - { - name: "fetchContainerImageSignatures with non exist repos", - targetRepos: []string{signaturediscovery.FakeNonExistRepo}, - wantBase64Sigs: nil, - wantSignatureClaims: nil, - wantPartialErrLen: 0, - }, - { - name: "fetchContainerImageSignatures with repos that don't have signatures", - targetRepos: []string{signaturediscovery.FakeRepoWithNoSignatures}, - wantBase64Sigs: nil, - wantSignatureClaims: nil, - wantPartialErrLen: 0, - }, - { - name: "fetchContainerImageSignatures with repos that have all invalid signatures", - targetRepos: []string{signaturediscovery.FakeRepoWithAllInvalidSignatures}, - wantBase64Sigs: []string{ - "aW52YWxpZCBzaWduYXR1cmU=", // base64 encoded "invalid signature". - "aW52YWxpZCBzaWduYXR1cmU=", // base64 encoded "invalid signature". - }, - wantSignatureClaims: nil, - wantPartialErrLen: 2, - }, - { - name: "fetchContainerImageSignatures with repos that have partial valid signatures", - targetRepos: []string{signaturediscovery.FakeRepoWithPartialValidSignatures}, - wantBase64Sigs: []string{ - "dGVzdCBkYXRh", // base64 encoded "test data". - "aW52YWxpZCBzaWduYXR1cmU=", // base64 encoded "invalid signature". - }, - wantSignatureClaims: []fake.ContainerImageSignatureClaims{ - { - Payload: "test data,ECDSA_P256_SHA256", - Signature: base64.StdEncoding.EncodeToString([]byte("test data")), - PubKey: "test data", - SigAlg: "ECDSA_P256_SHA256", - }, - }, - wantPartialErrLen: 1, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - ak, err := client.AttestationKeyECC(tpm) - if err != nil { - t.Fatalf("failed to create AK: %v", err) - } - - testRetryPolicy := func() backoff.BackOff { - b := backoff.NewExponentialBackOff() - b.MaxElapsedTime = time.Millisecond - return b - } - - sdClient := signaturediscovery.NewFakeClient() - gotSigs := fetchContainerImageSignatures(ctx, sdClient, tc.targetRepos, testRetryPolicy, logging.SimpleLogger()) - if len(gotSigs) != len(tc.wantBase64Sigs) { - t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures length %d, but want %d", tc.name, len(gotSigs), len(tc.wantBase64Sigs)) - } - gotBase64Sigs := convertOCISignatureToBase64(t, gotSigs) - if !cmp.Equal(gotBase64Sigs, tc.wantBase64Sigs) { - t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures %v, but want %v", tc.name, gotBase64Sigs, tc.wantBase64Sigs) - } - - fakeSigner, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Errorf("failed to generate signing key %v", err) - } - verifierClient := fake.NewClient(fakeSigner) - chal, err := verifierClient.CreateChallenge(ctx) - if err != nil { - t.Fatalf("failed to create challenge %v", err) - } - attestation, err := ak.Attest(client.AttestOpts{Nonce: chal.Nonce}) - if err != nil { - t.Fatalf("failed to attest %v", err) - } - - var containerSigs []*verifier.ContainerSignature - for _, gotSig := range gotSigs { - sig, err := convertOCIToContainerSignature(gotSig) - if err != nil { - t.Fatalf("failed to convert gotSigs: %v", err) - } - - containerSigs = append(containerSigs, sig) - } - req := verifier.VerifyAttestationRequest{ - Attestation: attestation, - ContainerImageSignatures: containerSigs, - } - got, err := verifierClient.VerifyAttestation(context.Background(), req) - if err != nil { - t.Fatalf("VerifyAttestation failed: %v", err) - } - claims := &fake.Claims{} - keyFunc := func(_ *jwt.Token) (interface{}, error) { return fakeSigner.Public(), nil } - _, err = jwt.ParseWithClaims(string(got.ClaimsToken), claims, keyFunc) - if err != nil { - t.Errorf("failed to parse token %s", err) - } - - gotSignatureClaims := claims.ContainerImageSignatures - if !cmp.Equal(gotSignatureClaims, tc.wantSignatureClaims) { - t.Errorf("ContainerImageSignatureClaims does not match expected value: got %v, want %v", gotSignatureClaims, tc.wantSignatureClaims) - } - if len(got.PartialErrs) != tc.wantPartialErrLen { - t.Errorf("VerifyAttestation did not return expected partial error length for test case %s, got partial errors length %d, but want %d", tc.name, len(got.ClaimsToken), tc.wantPartialErrLen) - } - }) - } -} - -// Represents the return value from FetchImageSignatures -type returnVal struct { - result []oci.Signature - err error -} - -// Implments signaturediscovery.Fetcher methods -type failingClient struct { - mu sync.Mutex - results map[string][]returnVal - numTimes map[string]int -} - -func NewFailingClient(mymap map[string][]returnVal) signaturediscovery.Fetcher { - numTimes := map[string]int{} - for k := range mymap { - numTimes[k] = 0 - } - return &failingClient{ - results: mymap, - numTimes: numTimes, - } -} - -// Return test data in a round robin fashion -func (f *failingClient) FetchImageSignatures(_ context.Context, targetRepository string) ([]oci.Signature, error) { - f.mu.Lock() - defer f.mu.Unlock() - - attempt := f.numTimes[targetRepository] - r := f.results[targetRepository][attempt] - f.numTimes[targetRepository] = intMin(attempt+1, len(f.results[targetRepository])-1) - return r.result, r.err -} - -func intMin(a, b int) int { - return int(math.Min(float64(a), float64(b))) -} - -func TestFetchContainerImageSignatures_RetriesOnFailure(t *testing.T) { - ctx := context.Background() - - testCases := []struct { - name string - resultmap map[string][]returnVal - }{ - { - name: "one repo, no failures", - resultmap: map[string][]returnVal{ - "repo1": { - returnVal{ - result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, - err: nil, - }, - }, - }, - }, - { - name: "one repo fails", - resultmap: map[string][]returnVal{ - "repo1": { - returnVal{ - result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, - err: fmt.Errorf("partial error"), - }, - }, - }, - }, - { - name: "one repo, failure then success", - resultmap: map[string][]returnVal{ - "repo1": { - returnVal{ - result: []oci.Signature{}, - err: fmt.Errorf("failure 1"), - }, - returnVal{ - result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, - err: nil, - }, - }, - }, - }, - { - name: "two repos, no failures", - resultmap: map[string][]returnVal{ - "repo1": { - returnVal{ - result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, - err: nil, - }, - }, - "repo2": { - returnVal{ - result: []oci.Signature{cosign.NewFakeSignature("test data again", oci.ECDSAP256SHA256)}, - err: nil, - }, - }, - }, - }, - { - name: "two repos, failure then success", - resultmap: map[string][]returnVal{ - "failrepo": { - returnVal{ - result: []oci.Signature{}, - err: fmt.Errorf("failure 1"), - }, - returnVal{ - result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, - err: nil, - }, - }, - "successRepo": { - returnVal{ - result: []oci.Signature{cosign.NewFakeSignature("test data again", oci.ECDSAP256SHA256)}, - err: nil, - }, - }, - }, - }, - { - name: "two repos, failures", - resultmap: map[string][]returnVal{ - "repo1": { - returnVal{ - result: []oci.Signature{}, - err: fmt.Errorf("failure 1"), - }, - }, - "repo2": { - returnVal{ - result: []oci.Signature{}, - err: fmt.Errorf("failure 2"), - }, - }, - }, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - sdClient := NewFailingClient(tc.resultmap) - retryPolicy := func() backoff.BackOff { - b := backoff.NewExponentialBackOff() - return backoff.WithMaxRetries(b, 2) - } - - repos := []string{} - wantSigs := []oci.Signature{} - for k, v := range tc.resultmap { - repos = append(repos, k) - for _, result := range v { - if result.err == nil { - wantSigs = append(wantSigs, result.result...) - } - } - } - - gotSigs := fetchContainerImageSignatures(ctx, sdClient, repos, retryPolicy, logging.SimpleLogger()) - - if len(gotSigs) != len(wantSigs) { - t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures length %d, but want %d", tc.name, len(gotSigs), len(wantSigs)) - } - if !cmp.Equal(convertOCISignatureToBase64(t, gotSigs), convertOCISignatureToBase64(t, wantSigs)) { - t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures %v, but want %v", tc.name, gotSigs, wantSigs) - } - }) - } -} - -func TestCacheConcurrentSetGet(t *testing.T) { - cache := &sigsCache{} - if sigs := cache.get(); len(sigs) != 0 { - t.Errorf("signature cache should be empty, but got: %v", sigs) - } - - var wg sync.WaitGroup - for i := 0; i < runtime.NumCPU(); i++ { - wg.Add(1) - go func(idx int) { - defer wg.Done() - if idx%2 == 1 { - sigs := generateRandSigs(t) - cache.set(sigs) - } else { - cache.get() - } - }(i) - } - wg.Wait() -} - -func generateRandSigs(t *testing.T) []oci.Signature { - t.Helper() - - b := make([]byte, 32) - _, err := rand.Read(b) - if err != nil { - t.Fatalf("Unable to generate random bytes: %v", err) - } - - randB64Str := base64.StdEncoding.EncodeToString(b) - return []oci.Signature{ - cosign.NewFakeSignature(randB64Str, oci.ECDSAP256SHA256), - } -} - -func convertOCISignatureToBase64(t *testing.T, sigs []oci.Signature) []string { - t.Helper() - - var base64Sigs []string - for _, sig := range sigs { - b64Sig, err := sig.Base64Encoded() - if err != nil { - t.Fatalf("oci.Signature did not return expected base64 signature: %v", err) - } - base64Sigs = append(base64Sigs, b64Sig) - } - - return base64Sigs -} - -func validateContainerState(t *testing.T, cos *attestpb.AttestedCosState) { - if cos == nil { - t.Errorf("failed to find COS state in MachineState") - } - ctr := cos.GetContainer() - if ctr == nil { - t.Errorf("failed to find ContainerState in CosState") - return - } - if ctr.ImageReference != imageRef { - t.Errorf("got image ref %v, want image ref %v", ctr.ImageReference, imageRef) - } - if ctr.ImageDigest != imageDigest { - t.Errorf("got image digest %v, want image digest %v", ctr.ImageDigest, imageDigest) - } - if ctr.RestartPolicy.String() != string(restartPolicy) { - t.Errorf("got restart policy %v, want restart policy %v", ctr.RestartPolicy.String(), restartPolicy) - } - if len(ctr.Args) != 1 { - t.Fatalf("got args %v, want length 1", ctr.Args) - } - if ctr.Args[0] != arg { - t.Errorf("got args %v, want [%v]", ctr.Args, arg) - } - if len(ctr.OverriddenArgs) != 1 { - t.Fatalf("got overridden args %v, want length 1", ctr.OverriddenArgs) - } - if ctr.OverriddenArgs[0] != arg { - t.Errorf("got overridden args %v, want [%v]", ctr.OverriddenArgs, arg) - } - - if len(ctr.EnvVars) != 1 { - t.Fatalf("got envs %v, want length 1", ctr.EnvVars) - } - if val := ctr.EnvVars[envK]; val != envV { - t.Errorf("got args %v, want map[%v]", ctr.EnvVars, env) - } - if len(ctr.OverriddenEnvVars) != 1 { - t.Fatalf("got overridden envs %v, want length 1", ctr.OverriddenEnvVars) - } - if val := ctr.EnvVars[envK]; val != envV { - t.Errorf("got overridden args %v, want map[%v]", ctr.OverriddenEnvVars, env) - } -} - -func measureFakeEvents(attestAgent AttestationAgent) error { - if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageRefType, EventContent: []byte(imageRef)}); err != nil { - return err - } - if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte(imageDigest)}); err != nil { - return err - } - if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.RestartPolicyType, EventContent: []byte(restartPolicy)}); err != nil { - return err - } - if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageIDType, EventContent: []byte(imageID)}); err != nil { - return err - } - - if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ArgType, EventContent: []byte(arg)}); err != nil { - return err - } - if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.EnvVarType, EventContent: []byte(env)}); err != nil { - return err - } - - if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideEnvType, EventContent: []byte(env)}); err != nil { - return err - } - if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideArgType, EventContent: []byte(arg)}); err != nil { - return err - } - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/cloudbuild.yaml b/vendor/github.com/google/go-tpm-tools/launcher/cloudbuild.yaml deleted file mode 100644 index cd7fd4c54..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/cloudbuild.yaml +++ /dev/null @@ -1,312 +0,0 @@ -substitutions: - '_BASE_IMAGE': '' # If left empty, will use the latest image in _BASE_IMAGE_FAMILY of _BASE_IMAGE_PROJECT - '_BASE_IMAGE_FAMILY': 'cos-tdx-113-lts' - '_BASE_IMAGE_PROJECT': 'confidential-vm-images' - '_OUTPUT_IMAGE_PREFIX': 'confidential-space' - '_OUTPUT_IMAGE_SUFFIX': '' - '_OUTPUT_IMAGE_FAMILY': '' - '_BUCKET_NAME': '${PROJECT_ID}_cloudbuild' - -steps: -# determine the base image -- name: 'gcr.io/cloud-builders/gcloud' - id: BaseImageIdent - env: - - 'BASE_IMAGE=$_BASE_IMAGE' - - 'BASE_IMAGE_FAMILY=$_BASE_IMAGE_FAMILY' - - 'BASE_IMAGE_PROJECT=$_BASE_IMAGE_PROJECT' - script: | - #!/usr/bin/env bash - - # if BASE_IMAGE is not specified in the substitutions, use the latest image of the image family - base_image=${BASE_IMAGE} - if [ -z ${base_image} ] - then - echo "getting the latest image from project:" ${BASE_IMAGE_PROJECT} "family: "${BASE_IMAGE_FAMILY} - base_image=$(gcloud compute images describe-from-family ${BASE_IMAGE_FAMILY} --project ${BASE_IMAGE_PROJECT} | grep name | cut -d ' ' -f 2) - fi - - echo "base image:" ${base_image} "project:" ${BASE_IMAGE_PROJECT} - echo ${base_image} > /workspace/base_image.txt - -- name: 'gcr.io/cloud-builders/gcloud' - id: DebugImageBuild - waitFor: ['BaseImageIdent'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'OUTPUT_IMAGE_FAMILY=${_OUTPUT_IMAGE_FAMILY}' - - 'BUCKET_NAME=$_BUCKET_NAME' - - 'SHORT_SHA=${SHORT_SHA}' - - 'BASE_IMAGE_PROJECT=$_BASE_IMAGE_PROJECT' - script: | - #!/usr/bin/env bash - set -exuo pipefail - - base_image=$(cat /workspace/base_image.txt) - echo "building the debug image: ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX} with the base image: ${base_image}" - gcloud builds submit --config=launcher/image/cloudbuild.yaml \ - --region us-west1 \ - --substitutions _SHORT_SHA=${SHORT_SHA},\ - _BASE_IMAGE=${base_image},\ - _BASE_IMAGE_PROJECT=${BASE_IMAGE_PROJECT},\ - _OUTPUT_IMAGE_FAMILY=${OUTPUT_IMAGE_FAMILY}-debug,\ - _OUTPUT_IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},\ - _IMAGE_ENV=debug,\ - _CS_LICENSE=projects/confidential-space-images/global/licenses/confidential-space-debug,\ - _BUCKET_NAME=${BUCKET_NAME} - exit - -- name: 'gcr.io/cloud-builders/gcloud' - id: HardenedImageBuild - waitFor: ['BaseImageIdent'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'OUTPUT_IMAGE_FAMILY=${_OUTPUT_IMAGE_FAMILY}' - - 'BUCKET_NAME=$_BUCKET_NAME' - - 'SHORT_SHA=${SHORT_SHA}' - - 'BASE_IMAGE_PROJECT=$_BASE_IMAGE_PROJECT' - script: | - #!/usr/bin/env bash - set -exuo pipefail - - base_image=$(cat /workspace/base_image.txt) - echo "building the hardened image: ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX} with the base image: ${base_image}" - gcloud builds submit --config=launcher/image/cloudbuild.yaml \ - --region us-west1 \ - --substitutions _SHORT_SHA=${SHORT_SHA},\ - _BASE_IMAGE=${base_image},\ - _BASE_IMAGE_PROJECT=${BASE_IMAGE_PROJECT},\ - _OUTPUT_IMAGE_FAMILY=${OUTPUT_IMAGE_FAMILY},\ - _OUTPUT_IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},\ - _IMAGE_ENV=hardened,\ - _CS_LICENSE=projects/confidential-space-images/global/licenses/confidential-space,\ - _BUCKET_NAME=${BUCKET_NAME} - exit - -- name: 'gcr.io/cloud-builders/gcloud' - id: ExperimentsTests - waitFor: ['DebugImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - - cd launcher/image/test - echo "running experiments client tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_experiments_client.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit - -- name: 'gcr.io/cloud-builders/gcloud' - id: HttpServerTests - waitFor: ['DebugImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - - cd launcher/image/test - echo "running http server tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_http_server.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit - -- name: 'gcr.io/cloud-builders/gcloud' - id: DebugImageTests - waitFor: ['DebugImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - - cd launcher/image/test - echo "running debug image tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_debug_cloudbuild.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit - -- name: 'gcr.io/cloud-builders/gcloud' - id: HardenedImageTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - - cd launcher/image/test - echo "running hardened image tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_hardened_cloudbuild.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: LaunchPolicyTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - - cd launcher/image/test - echo "running launch policy tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_launchpolicy_cloudbuild.yaml --region us-west1 \ - --substitutions _HARDENED_IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit - -- name: 'gcr.io/cloud-builders/gcloud' - id: HardenedNetworkIngressTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - echo "running hardened image ingress network tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_ingress_network.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: DebugNetworkIngressTests - waitFor: ['DebugImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - echo "running debug image ingress network tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_ingress_network.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: LogRedirectionTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - - cd launcher/image/test - echo "running log redirection tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_log_redirection.yaml --region us-west1 \ - --substitutions _HARDENED_IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: HardenedDiscoverContainerSignatureTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - echo "running hardened image container signature tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_discover_signatures.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID},_SIGNATURE_REPO=us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/hardened - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: DebugDiscoverContainerSignatureTests - waitFor: ['DebugImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - echo "running debug image container signature tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_discover_signatures.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID},_SIGNATURE_REPO=us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/debug - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: MemoryMonitoringTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - echo "running memory monitoring tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_memory_monitoring.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: HealthMonitoringTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=$_OUTPUT_IMAGE_PREFIX' - - 'OUTPUT_IMAGE_SUFFIX=$_OUTPUT_IMAGE_SUFFIX' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - echo "running health monitoring tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_health_monitoring.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: ODAWithSignedContainerTest - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - echo "running ODA and signed container tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_oda_with_signed_container.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: MountTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - dev_shm_size_kb=$(shuf -i 70000-256000 -n 1) - tmpfs_size_kb=$(shuf -i 256-256000 -n 1) - echo "running mount tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_mounts.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -- name: 'gcr.io/cloud-builders/gcloud' - id: PrivilegedTests - waitFor: ['HardenedImageBuild'] - env: - - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - - 'PROJECT_ID=$PROJECT_ID' - script: | - #!/usr/bin/env bash - cd launcher/image/test - echo "running privileged tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" - gcloud builds submit --config=test_privileged.yaml --region us-west1 \ - --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} - exit -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/container_runner.go b/vendor/github.com/google/go-tpm-tools/launcher/container_runner.go deleted file mode 100644 index 694c07395..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/container_runner.go +++ /dev/null @@ -1,823 +0,0 @@ -// Package launcher contains functionalities to start a measured workload -package launcher - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io" - "math/rand" - "os" - "os/exec" - "path" - "strconv" - "strings" - "time" - - "cloud.google.com/go/compute/metadata" - "github.com/cenkalti/backoff/v4" - "github.com/containerd/containerd" - "github.com/containerd/containerd/cio" - "github.com/containerd/containerd/containers" - "github.com/containerd/containerd/content" - "github.com/containerd/containerd/images" - "github.com/containerd/containerd/oci" - "github.com/containerd/containerd/remotes" - "github.com/golang-jwt/jwt/v4" - "github.com/google/go-tpm-tools/cel" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/launcher/agent" - "github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector" - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/launcher/internal/signaturediscovery" - "github.com/google/go-tpm-tools/launcher/launcherfile" - "github.com/google/go-tpm-tools/launcher/registryauth" - "github.com/google/go-tpm-tools/launcher/spec" - "github.com/google/go-tpm-tools/launcher/teeserver" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/fake" - "github.com/google/go-tpm-tools/verifier/ita" - "github.com/google/go-tpm-tools/verifier/util" - v1 "github.com/opencontainers/image-spec/specs-go/v1" - specs "github.com/opencontainers/runtime-spec/specs-go" - "golang.org/x/oauth2" -) - -// ContainerRunner contains information about the container settings -type ContainerRunner struct { - container containerd.Container - launchSpec spec.LaunchSpec - attestAgent agent.AttestationAgent - logger logging.Logger - serialConsole *os.File -} - -const tokenFileTmp = ".token.tmp" - -const teeServerSocket = "teeserver.sock" - -// Since we only allow one container on a VM, using a deterministic id is probably fine -const ( - containerID = "tee-container" - snapshotID = "tee-snapshot" -) - -const ( - nofile = 131072 // Max number of file descriptor -) - -const ( - // defaultRefreshMultiplier is a multiplier on the current token expiration - // time, at which the refresher goroutine will collect a new token. - // defaultRefreshMultiplier+defaultRefreshJitter should be <1. - defaultRefreshMultiplier = 0.8 - // defaultRefreshJitter is a random component applied additively to the - // refresh multiplier. The refresher will wait for some time in the range - // [defaultRefreshMultiplier-defaultRefreshJitter, defaultRefreshMultiplier+defaultRefreshJitter] - defaultRefreshJitter = 0.1 -) - -// Default OOM score for a CS container. -const defaultOOMScore = 1000 - -// NewRunner returns a runner. -func NewRunner(ctx context.Context, cdClient *containerd.Client, token oauth2.Token, launchSpec spec.LaunchSpec, mdsClient *metadata.Client, tpm io.ReadWriteCloser, logger logging.Logger, serialConsole *os.File) (*ContainerRunner, error) { - image, err := initImage(ctx, cdClient, launchSpec, token) - if err != nil { - return nil, err - } - - var mounts []specs.Mount - for _, lsMnt := range launchSpec.Mounts { - mounts = append(mounts, lsMnt.SpecsMount()) - } - mounts = appendTokenMounts(mounts) - var cgroupOpts []oci.SpecOpts - if launchSpec.CgroupNamespace { - mounts = appendCgroupRw(mounts) - cgroupOpts = []oci.SpecOpts{ - oci.WithNamespacedCgroup(), - oci.WithLinuxNamespace(specs.LinuxNamespace{Type: specs.CgroupNamespace}), - } - } - - envs, err := formatEnvVars(launchSpec.Envs) - if err != nil { - return nil, err - } - // Check if there is already a container - container, err := cdClient.LoadContainer(ctx, containerID) - if err == nil { - // container exists, delete it first - container.Delete(ctx, containerd.WithSnapshotCleanup) - } - - logger.Info("Preparing Container Runner", - "operator_input_image_ref", image.Name(), - "image_digest", image.Target().Digest, - "operator_override_env_vars", envs, - "operator_override_cmd", launchSpec.Cmd, - ) - - imageConfig, err := getImageConfig(ctx, image) - if err != nil { - return nil, err - } - - logger.Info(fmt.Sprintf("Exposed Ports: : %v\n", imageConfig.ExposedPorts)) - if err := openPorts(imageConfig.ExposedPorts); err != nil { - return nil, err - } - - logger.Info(fmt.Sprintf("Image Labels : %v\n", imageConfig.Labels)) - launchPolicy, err := spec.GetLaunchPolicy(imageConfig.Labels, logger) - if err != nil { - return nil, fmt.Errorf("failed to parse image Launch Policy: %v: contact the image author", err) - } - if err := launchPolicy.Verify(launchSpec); err != nil { - return nil, err - } - - if launchSpec.MonitoringEnabled == spec.All && !launchSpec.Experiments.EnableHealthMonitoring { - logger.Info("Health Monitoring experiment is not enabled - falling back to memory-only.") - if err := enableMonitoring(spec.MemoryOnly, logger); err != nil { - return nil, err - } - } else { - if err := enableMonitoring(launchSpec.MonitoringEnabled, logger); err != nil { - return nil, err - } - } - - logger.Info(fmt.Sprintf("Launch Policy : %+v\n", launchPolicy)) - - if imageConfigDescriptor, err := image.Config(ctx); err != nil { - logger.Error(err.Error()) - } else { - logger.Info("Retrieved image config", - "image_id", imageConfigDescriptor.Digest, - "image_annotations", imageConfigDescriptor.Annotations, - ) - } - - hostname, err := os.Hostname() - if err != nil { - return nil, &RetryableError{fmt.Errorf("cannot get hostname: [%w]", err)} - } - - rlimits := []specs.POSIXRlimit{{ - Type: "RLIMIT_NOFILE", - Hard: nofile, - Soft: nofile, - }} - - specOpts := []oci.SpecOpts{ - oci.WithImageConfigArgs(image, launchSpec.Cmd), - oci.WithEnv(envs), - oci.WithMounts(mounts), - // following 4 options are here to allow the container to have - // the host network (same effect as --net-host in ctr command) - oci.WithHostHostsFile, - oci.WithHostResolvconf, - oci.WithHostNamespace(specs.NetworkNamespace), - oci.WithEnv([]string{fmt.Sprintf("HOSTNAME=%s", hostname)}), - oci.WithAddedCapabilities(launchSpec.AddedCapabilities), - withRlimits(rlimits), - withOOMScoreAdj(defaultOOMScore), - } - if launchSpec.DevShmSize != 0 { - specOpts = append(specOpts, oci.WithDevShmSize(launchSpec.DevShmSize)) - } - specOpts = append(specOpts, cgroupOpts...) - - container, err = cdClient.NewContainer( - ctx, - containerID, - containerd.WithImage(image), - containerd.WithNewSnapshot(snapshotID, image), - containerd.WithNewSpec(specOpts...), - ) - if err != nil { - if container != nil { - container.Delete(ctx, containerd.WithSnapshotCleanup) - } - return nil, &RetryableError{fmt.Errorf("failed to create a container: [%w]", err)} - } - - containerSpec, err := container.Spec(ctx) - if err != nil { - return nil, &RetryableError{err} - } - - // Container process Args length should be strictly longer than the Cmd - // override length set by the operator, as we want the Entrypoint filed - // to be mandatory for the image. - // Roughly speaking, Args = Entrypoint + Cmd - if len(containerSpec.Process.Args) <= len(launchSpec.Cmd) { - return nil, - fmt.Errorf("length of Args [%d] is shorter or equal to the length of the given Cmd [%d], maybe the Entrypoint is set to empty in the image?", - len(containerSpec.Process.Args), len(launchSpec.Cmd)) - } - - principalFetcherWithImpersonate := func(audience string) ([][]byte, error) { - tokens, err := util.PrincipalFetcher(audience, mdsClient) - if err != nil { - return nil, err - } - - // Fetch impersonated ID tokens. - for _, sa := range launchSpec.ImpersonateServiceAccounts { - idToken, err := FetchImpersonatedToken(ctx, sa, audience) - if err != nil { - return nil, fmt.Errorf("failed to get impersonated token for %v: %w", sa, err) - } - - tokens = append(tokens, idToken) - } - return tokens, nil - } - - asAddr := launchSpec.AttestationServiceAddr - - var verifierClient verifier.Client - if launchSpec.FakeVerifierEnabled { - verifierClient = fake.NewClient(nil) - } else if launchSpec.ITAConfig.ITARegion == "" { - gcaClient, err := util.NewRESTClient(ctx, asAddr, launchSpec.ProjectID, launchSpec.Region) - if err != nil { - return nil, fmt.Errorf("failed to create REST verifier client: %v", err) - } - - verifierClient = gcaClient - } - - // Create a new signaturediscovery client to fetch signatures. - sdClient := getSignatureDiscoveryClient(cdClient, mdsClient, image.Target()) - - attestAgent, err := agent.CreateAttestationAgent(tpm, client.GceAttestationKeyECC, verifierClient, principalFetcherWithImpersonate, sdClient, launchSpec, logger) - if err != nil { - return nil, err - } - return &ContainerRunner{ - container, - launchSpec, - attestAgent, - logger, - serialConsole, - }, nil -} - -func enableMonitoring(enabled spec.MonitoringType, logger logging.Logger) error { - if enabled != spec.None { - logger.Info("Health Monitoring is enabled by the VM operator") - - if enabled == spec.All { - logger.Info("All health monitoring metrics enabled") - if err := nodeproblemdetector.EnableAllConfig(); err != nil { - logger.Error("Failed to enable full monitoring config: %v", err) - return err - } - } else if enabled == spec.MemoryOnly { - logger.Info("memory/bytes_used enabled") - } - - if err := nodeproblemdetector.StartService(logger); err != nil { - logger.Error(err.Error()) - return err - } - } else { - logger.Info("Health Monitoring is disabled") - } - - return nil -} - -func getSignatureDiscoveryClient(cdClient *containerd.Client, mdsClient *metadata.Client, imageDesc v1.Descriptor) signaturediscovery.Fetcher { - resolverFetcher := func(ctx context.Context) (remotes.Resolver, error) { - return registryauth.RefreshResolver(ctx, mdsClient) - } - imageFetcher := func(ctx context.Context, imageRef string, opts ...containerd.RemoteOpt) (containerd.Image, error) { - image, err := pullImageWithRetries( - func() (containerd.Image, error) { - return cdClient.Pull(ctx, imageRef, opts...) - }, - pullImageBackoffPolicy, - ) - if err != nil { - return nil, fmt.Errorf("cannot pull signature objects from the signature image [%s]: %w", imageRef, err) - } - return image, nil - } - return signaturediscovery.New(imageDesc, resolverFetcher, imageFetcher) -} - -// formatEnvVars formats the environment variables to the oci format -func formatEnvVars(envVars []spec.EnvVar) ([]string, error) { - var result []string - for _, envVar := range envVars { - ociFormat, err := cel.FormatEnvVar(envVar.Name, envVar.Value) - if err != nil { - return nil, fmt.Errorf("failed to format env var: %v", err) - } - result = append(result, ociFormat) - } - return result, nil -} - -// appendTokenMounts appends the default mount specs for the OIDC token -func appendTokenMounts(mounts []specs.Mount) []specs.Mount { - m := specs.Mount{} - m.Destination = launcherfile.ContainerRuntimeMountPath - m.Type = "bind" - m.Source = launcherfile.HostTmpPath - m.Options = []string{"rbind", "ro"} - - return append(mounts, m) -} - -func (r *ContainerRunner) measureCELEvents(ctx context.Context) error { - if err := r.measureContainerClaims(ctx); err != nil { - return fmt.Errorf("failed to measure container claims: %v", err) - } - if err := r.measureMemoryMonitor(); err != nil { - return fmt.Errorf("failed to measure memory monitoring state: %v", err) - } - - separator := cel.CosTlv{ - EventType: cel.LaunchSeparatorType, - EventContent: nil, // Success - } - return r.attestAgent.MeasureEvent(separator) -} - -// measureContainerClaims will measure various container claims into the COS -// eventlog in the AttestationAgent. -func (r *ContainerRunner) measureContainerClaims(ctx context.Context) error { - image, err := r.container.Image(ctx) - if err != nil { - return err - } - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageRefType, EventContent: []byte(image.Name())}); err != nil { - return err - } - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte(image.Target().Digest)}); err != nil { - return err - } - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.RestartPolicyType, EventContent: []byte(r.launchSpec.RestartPolicy)}); err != nil { - return err - } - if imageConfigDescriptor, err := image.Config(ctx); err == nil { // if NO error - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageIDType, EventContent: []byte(imageConfigDescriptor.Digest)}); err != nil { - return err - } - } - - containerSpec, err := r.container.Spec(ctx) - if err != nil { - return err - } - for _, arg := range containerSpec.Process.Args { - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ArgType, EventContent: []byte(arg)}); err != nil { - return err - } - } - for _, env := range containerSpec.Process.Env { - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.EnvVarType, EventContent: []byte(env)}); err != nil { - return err - } - } - - // Measure the input overridden Env Vars and Args separately, these should be subsets of the Env Vars and Args above. - envs, err := formatEnvVars(r.launchSpec.Envs) - if err != nil { - return err - } - for _, env := range envs { - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideEnvType, EventContent: []byte(env)}); err != nil { - return err - } - } - for _, arg := range r.launchSpec.Cmd { - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideArgType, EventContent: []byte(arg)}); err != nil { - return err - } - } - - return nil -} - -// measureMemoryMonitor will measure memory monitoring claims into the COS -// eventlog in the AttestationAgent. -func (r *ContainerRunner) measureMemoryMonitor() error { - var enabled uint8 - if r.launchSpec.MonitoringEnabled == spec.MemoryOnly { - enabled = 1 - } - if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.MemoryMonitorType, EventContent: []byte{enabled}}); err != nil { - return err - } - r.logger.Info("Successfully measured memory monitoring event") - return nil -} - -// Retrieves the default OIDC token from the attestation service, and returns how long -// to wait before attemping to refresh it. -// The token file will be written to a tmp file and then renamed. -func (r *ContainerRunner) refreshToken(ctx context.Context) (time.Duration, error) { - if err := r.attestAgent.Refresh(ctx); err != nil { - return 0, fmt.Errorf("failed to refresh attestation agent: %v", err) - } - - // request a default token - token, err := r.attestAgent.Attest(ctx, agent.AttestAgentOpts{}) - if err != nil { - return 0, fmt.Errorf("failed to retrieve attestation service token: %v", err) - } - - // Get token expiration. - claims := &jwt.RegisteredClaims{} - _, _, err = jwt.NewParser().ParseUnverified(string(token), claims) - if err != nil { - return 0, fmt.Errorf("failed to parse token: %w", err) - } - - now := time.Now() - if !now.Before(claims.ExpiresAt.Time) { - return 0, errors.New("token is expired") - } - - // Write to a temp file first. - tmpTokenPath := path.Join(launcherfile.HostTmpPath, tokenFileTmp) - if err = os.WriteFile(tmpTokenPath, token, 0644); err != nil { - return 0, fmt.Errorf("failed to write a tmp token file: %v", err) - } - - // Rename the temp file to the token file (to avoid race conditions). - if err = os.Rename(tmpTokenPath, path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename)); err != nil { - return 0, fmt.Errorf("failed to rename the token file: %v", err) - } - - // Print out the claims in the jwt payload - mapClaims := jwt.MapClaims{} - _, _, err = jwt.NewParser().ParseUnverified(string(token), mapClaims) - if err != nil { - return 0, fmt.Errorf("failed to parse token: %w", err) - } - - r.logger.Info("successfully refreshed attestation token", "token", mapClaims) - - return getNextRefreshFromExpiration(time.Until(claims.ExpiresAt.Time), rand.Float64()), nil -} - -// ctx must be a cancellable context. -func (r *ContainerRunner) fetchAndWriteToken(ctx context.Context) error { - return r.fetchAndWriteTokenWithRetry(ctx, defaultRetryPolicy) -} - -// ctx must be a cancellable context. -// retry specifies the refresher goroutine's retry policy. -func (r *ContainerRunner) fetchAndWriteTokenWithRetry(ctx context.Context, - retry func() *backoff.ExponentialBackOff) error { - if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { - return err - } - duration, err := r.refreshToken(ctx) - if err != nil { - return err - } - - // Set a timer to refresh the token before it expires. - timer := time.NewTimer(duration) - go func() { - for { - select { - case <-ctx.Done(): - timer.Stop() - r.logger.Info("token refreshing stopped") - return - case <-timer.C: - r.logger.Info("refreshing attestation verifier OIDC token") - var duration time.Duration - // Refresh token with default retry policy. - err := backoff.RetryNotify( - func() error { - duration, err = r.refreshToken(ctx) - return err - }, - retry(), - func(err error, t time.Duration) { - r.logger.Error(fmt.Sprintf("failed to refresh attestation service token at time %v: %v", t, err)) - }) - if err != nil { - r.logger.Error(fmt.Sprintf("failed all attempts to refresh attestation service token, stopping refresher: %v", err)) - return - } - - timer.Reset(duration) - } - } - }() - - return nil -} - -// getNextRefreshFromExpiration returns the Duration for the next run of the -// token refresher goroutine. It expects pre-validation that expiration is in -// the future (e.g., time.Now < expiration). -func getNextRefreshFromExpiration(expiration time.Duration, random float64) time.Duration { - diff := defaultRefreshJitter * float64(expiration) - center := defaultRefreshMultiplier * float64(expiration) - minRange := center - diff - return time.Duration(minRange + random*2*diff) -} - -/* -defaultRetryPolicy retries as follows: - -Given the following arguments, the retry sequence will be: - - RetryInterval = 60 sec - RandomizationFactor = 0.5 - Multiplier = 2 - MaxInterval = 3600 sec - MaxElapsedTime = 0 (never stops retrying) - - Request # RetryInterval (seconds) Randomized Interval (seconds) - RetryInterval*[1-RandFactor, 1+RandFactor] - 1 60 [30, 90] - 2 120 [60, 180] - 3 240 [120, 360] - 4 480 [240, 720] - 5 960 [480, 1440] - 6 1920 [960, 2880] - 7 3600 (MaxInterval) [1800, 5400] - 8 3600 (MaxInterval) [1800, 5400] - ... -*/ -func defaultRetryPolicy() *backoff.ExponentialBackOff { - expBack := backoff.NewExponentialBackOff() - expBack.InitialInterval = time.Minute - expBack.RandomizationFactor = 0.5 - expBack.Multiplier = 2 - expBack.MaxInterval = time.Hour - // Never stop retrying. - expBack.MaxElapsedTime = 0 - return expBack -} - -func pullImageBackoffPolicy() backoff.BackOff { - b := backoff.NewConstantBackOff(time.Millisecond * 500) - return backoff.WithMaxRetries(b, 3) -} - -// Run the container -// Container output will always be redirected to logger writer for now -func (r *ContainerRunner) Run(ctx context.Context) error { - // Note start time for workload setup. - start := time.Now() - - ctx, cancel := context.WithCancel(ctx) - defer cancel() - - if err := r.measureCELEvents(ctx); err != nil { - return fmt.Errorf("failed to measure CEL events: %v", err) - } - - // Only refresh token if agent has a default GCA client (not ITA use case). - if r.launchSpec.ITAConfig.ITARegion == "" { - if err := r.fetchAndWriteToken(ctx); err != nil { - return fmt.Errorf("failed to fetch and write OIDC token: %v", err) - } - } - - // create and start the TEE server - r.logger.Info("EnableOnDemandAttestation is enabled: initializing TEE server.") - - attestClients := teeserver.AttestClients{} - - if r.launchSpec.FakeVerifierEnabled { - fakeClient := fake.NewClient(nil) - attestClients.GCA = fakeClient - attestClients.ITA = fakeClient - } else if r.launchSpec.ITAConfig.ITARegion != "" { - itaClient, err := ita.NewClient(r.launchSpec.ITAConfig) - if err != nil { - return fmt.Errorf("failed to create ITA client: %v", err) - } - - attestClients.ITA = itaClient - } else { - gcaClient, err := util.NewRESTClient(ctx, r.launchSpec.AttestationServiceAddr, r.launchSpec.ProjectID, r.launchSpec.Region) - if err != nil { - return fmt.Errorf("failed to create REST verifier client: %v", err) - } - - attestClients.GCA = gcaClient - } - - teeServer, err := teeserver.New(ctx, path.Join(launcherfile.HostTmpPath, teeServerSocket), r.attestAgent, r.logger, r.launchSpec, attestClients) - if err != nil { - return fmt.Errorf("failed to create the TEE server: %v", err) - } - go teeServer.Serve() - defer teeServer.Shutdown(ctx) - - // Avoids breaking existing memory monitoring tests that depend on this log. - if r.launchSpec.MonitoringEnabled == spec.None { - r.logger.Info("MemoryMonitoring is disabled by the VM operator") - } - - var streamOpt cio.Opt - switch r.launchSpec.LogRedirect { - case spec.Nowhere: - streamOpt = cio.WithStreams(nil, nil, nil) - r.logger.Info("Container stdout/stderr will not be redirected.") - case spec.Everywhere: - w := io.MultiWriter(os.Stdout, r.serialConsole) - streamOpt = cio.WithStreams(nil, w, w) - r.logger.Info("Container stdout/stderr will be redirected to serial and Cloud Logging. This may result in performance issues due to slow serial console writes.") - case spec.CloudLogging: - streamOpt = cio.WithStreams(nil, os.Stdout, os.Stdout) - r.logger.Info("Container stdout/stderr will be redirected to Cloud Logging.") - case spec.Serial: - streamOpt = cio.WithStreams(nil, r.serialConsole, r.serialConsole) - r.logger.Info("Container stdout/stderr will be redirected to serial logging. This may result in performance issues due to slow serial console writes.") - default: - return fmt.Errorf("unknown logging redirect location: %v", r.launchSpec.LogRedirect) - } - - task, err := r.container.NewTask(ctx, cio.NewCreator(streamOpt)) - if err != nil { - return &RetryableError{err} - } - defer task.Delete(ctx) - - setupDuration := time.Since(start) - r.logger.Info("Workload setup completed", - "setup_sec", setupDuration.Seconds(), - ) - - exitStatusC, err := task.Wait(ctx) - if err != nil { - r.logger.Error(err.Error()) - } - // Start timer for workload execution. - start = time.Now() - r.logger.Info("workload task started") - - if err := task.Start(ctx); err != nil { - return &RetryableError{err} - } - status := <-exitStatusC - workloadDuration := time.Since(start) - - code, _, err := status.Result() - if err != nil { - return err - } - - if code != 0 { - r.logger.Error("workload task ended and returned non-zero", - "workload_execution_sec", workloadDuration.Seconds(), - ) - return &WorkloadError{code} - } - r.logger.Info("workload task ended and returned 0", - "workload_execution_sec", workloadDuration.Seconds(), - ) - return nil -} - -func pullImageWithRetries(f func() (containerd.Image, error), retry func() backoff.BackOff) (containerd.Image, error) { - var err error - var image containerd.Image - err = backoff.Retry(func() error { - image, err = f() - return err - }, retry()) - if err != nil { - return nil, fmt.Errorf("failed to pull image with retries, the last error is: %w", err) - } - return image, nil -} - -func initImage(ctx context.Context, cdClient *containerd.Client, launchSpec spec.LaunchSpec, token oauth2.Token) (containerd.Image, error) { - if token.Valid() { - remoteOpt := containerd.WithResolver(registryauth.Resolver(token.AccessToken)) - image, err := pullImageWithRetries( - func() (containerd.Image, error) { - return cdClient.Pull(ctx, launchSpec.ImageRef, containerd.WithPullUnpack, remoteOpt) - }, - pullImageBackoffPolicy, - ) - if err != nil { - return nil, fmt.Errorf("cannot pull the image: %w", err) - } - return image, nil - } - image, err := pullImageWithRetries( - func() (containerd.Image, error) { - return cdClient.Pull(ctx, launchSpec.ImageRef, containerd.WithPullUnpack) - }, - pullImageBackoffPolicy, - ) - if err != nil { - return nil, fmt.Errorf("cannot pull the image (no token, only works for a public image): %w", err) - } - return image, nil -} - -// openPorts writes firewall rules to accept all traffic into that port and protocol using iptables. -func openPorts(ports map[string]struct{}) error { - for k := range ports { - portAndProtocol := strings.Split(k, "/") - if len(portAndProtocol) != 2 { - return fmt.Errorf("failed to parse port and protocol: got %s, expected [port]/[protocol] 80/tcp", portAndProtocol) - } - - port := portAndProtocol[0] - _, err := strconv.ParseUint(port, 10, 16) - if err != nil { - return fmt.Errorf("received invalid port number: %v, %w", port, err) - } - - protocol := portAndProtocol[1] - if protocol != "tcp" && protocol != "udp" { - return fmt.Errorf("received unknown protocol: got %s, expected tcp or udp", protocol) - } - - // These 2 commands will write firewall rules to accept all INPUT packets for the given port/protocol - // for IPv4 and IPv6 traffic. - cmd := exec.Command("iptables", "-A", "INPUT", "-p", protocol, "--dport", port, "-j", "ACCEPT") - out, err := cmd.CombinedOutput() - if err != nil { - return fmt.Errorf("failed to open port on IPv4 %s %s: %v %s", port, protocol, err, out) - } - v6cmd := exec.Command("ip6tables", "-A", "INPUT", "-p", protocol, "--dport", port, "-j", "ACCEPT") - out, err = v6cmd.CombinedOutput() - if err != nil { - return fmt.Errorf("failed to open port on IPv6 %s %s: %v %s", port, protocol, err, out) - } - } - - return nil -} - -func getImageConfig(ctx context.Context, image containerd.Image) (v1.ImageConfig, error) { - ic, err := image.Config(ctx) - if err != nil { - return v1.ImageConfig{}, err - } - switch ic.MediaType { - case v1.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config: - p, err := content.ReadBlob(ctx, image.ContentStore(), ic) - if err != nil { - return v1.ImageConfig{}, err - } - var ociimage v1.Image - if err := json.Unmarshal(p, &ociimage); err != nil { - return v1.ImageConfig{}, err - } - return ociimage.Config, nil - } - return v1.ImageConfig{}, fmt.Errorf("unknown image config media type %s", ic.MediaType) -} - -// Close the container runner -func (r *ContainerRunner) Close(ctx context.Context) { - // close the agent - r.attestAgent.Close() - - // Exit gracefully: - // Delete container and close connection to attestation service. - r.container.Delete(ctx, containerd.WithSnapshotCleanup) -} - -// withRlimits sets the rlimit (like the max file descriptor) for the container process -func withRlimits(rlimits []specs.POSIXRlimit) oci.SpecOpts { - return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { - s.Process.Rlimits = rlimits - return nil - } -} - -// Set the container process's OOM score. -func withOOMScoreAdj(oomScore int) oci.SpecOpts { - return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { - s.Process.OOMScoreAdj = &oomScore - return nil - } -} - -// appendCgroupRw mount maps a cgroup as read-write. -func appendCgroupRw(mounts []specs.Mount) []specs.Mount { - m := specs.Mount{ - Destination: "/sys/fs/cgroup", - Type: "cgroup", - Source: "cgroup", - Options: []string{"rw", "nosuid", "noexec", "nodev"}, - } - - return append(mounts, m) -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/container_runner_test.go b/vendor/github.com/google/go-tpm-tools/launcher/container_runner_test.go deleted file mode 100644 index 90dd9ce60..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/container_runner_test.go +++ /dev/null @@ -1,735 +0,0 @@ -package launcher - -import ( - "bytes" - "context" - "crypto/rand" - "crypto/rsa" - "errors" - "fmt" - "os" - "path" - "strconv" - "sync" - "testing" - "time" - - "github.com/cenkalti/backoff/v4" - "github.com/containerd/containerd" - "github.com/containerd/containerd/defaults" - "github.com/containerd/containerd/namespaces" - "github.com/containerd/containerd/oci" - "github.com/golang-jwt/jwt/v4" - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/cel" - "github.com/google/go-tpm-tools/launcher/agent" - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/launcher/launcherfile" - "github.com/google/go-tpm-tools/launcher/spec" - "github.com/google/go-tpm-tools/verifier" - "github.com/opencontainers/go-digest" - v1 "github.com/opencontainers/image-spec/specs-go/v1" - specs "github.com/opencontainers/runtime-spec/specs-go" - "golang.org/x/oauth2" -) - -const ( - idTokenEndpoint = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:generateIdToken" -) - -// Fake attestation agent. -type fakeAttestationAgent struct { - measureEventFunc func(cel.Content) error - attestFunc func(context.Context, agent.AttestAgentOpts) ([]byte, error) - sigsCache []string - sigsFetcherFunc func(context.Context) []string - - // attMu sits on top of attempts field and protects attempts. - attMu sync.Mutex - attempts int -} - -func (f *fakeAttestationAgent) MeasureEvent(event cel.Content) error { - if f.measureEventFunc != nil { - return f.measureEventFunc(event) - } - - return fmt.Errorf("unimplemented") -} - -func (f *fakeAttestationAgent) Attest(ctx context.Context, _ agent.AttestAgentOpts) ([]byte, error) { - if f.attestFunc != nil { - return f.attestFunc(ctx, agent.AttestAgentOpts{}) - } - - return nil, fmt.Errorf("unimplemented") -} - -func (f *fakeAttestationAgent) AttestWithClient(_ context.Context, _ agent.AttestAgentOpts, _ verifier.Client) ([]byte, error) { - return nil, fmt.Errorf("unimplemented") -} - -// Refresh simulates the behavior of an actual agent. -func (f *fakeAttestationAgent) Refresh(ctx context.Context) error { - if f.sigsFetcherFunc != nil { - f.sigsCache = f.sigsFetcherFunc(ctx) - } - return nil -} - -func (f *fakeAttestationAgent) Close() error { - return nil -} - -type fakeClaims struct { - jwt.RegisteredClaims - Signatures []string -} - -func createJWT(t *testing.T, ttl time.Duration) []byte { - return createJWTWithID(t, "test token", ttl) -} - -func createJWTWithID(t *testing.T, id string, ttl time.Duration) []byte { - now := jwt.TimeFunc() - claims := &jwt.RegisteredClaims{ - ID: id, - IssuedAt: jwt.NewNumericDate(now), - NotBefore: jwt.NewNumericDate(now), - ExpiresAt: jwt.NewNumericDate(now.Add(ttl)), - } - - return createSignedToken(t, claims) -} - -func createJWTWithSignatures(t *testing.T, signatures []string) []byte { - now := jwt.TimeFunc() - ttl := 5 * time.Second - id := "signature token" - claims := &fakeClaims{ - RegisteredClaims: jwt.RegisteredClaims{ - ID: id, - IssuedAt: jwt.NewNumericDate(now), - NotBefore: jwt.NewNumericDate(now), - ExpiresAt: jwt.NewNumericDate(now.Add(ttl)), - }, - Signatures: signatures, - } - return createSignedToken(t, claims) -} - -func createSignedToken(t *testing.T, claims jwt.Claims) []byte { - t.Helper() - - privkey, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatalf("Error creating token key: %v", err) - } - - token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims) - signed, err := token.SignedString(privkey) - if err != nil { - t.Fatalf("Error creating signed string: %v", err) - } - - return []byte(signed) -} - -func extractJWTClaims(t *testing.T, token []byte) *jwt.RegisteredClaims { - claims := &jwt.RegisteredClaims{} - _, _, err := jwt.NewParser().ParseUnverified(string(token), claims) - if err != nil { - t.Fatalf("failed to parse JWT: %v", token) - } - return claims -} - -func TestRefreshToken(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - ttl := 5 * time.Second - expectedToken := createJWT(t, ttl) - - runner := ContainerRunner{ - attestAgent: &fakeAttestationAgent{ - attestFunc: func(context.Context, agent.AttestAgentOpts) ([]byte, error) { - return expectedToken, nil - }, - }, - logger: logging.SimpleLogger(), - } - - if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { - t.Fatalf("Error creating host token path directory: %v", err) - } - - refreshTime, err := runner.refreshToken(ctx) - if err != nil { - t.Fatalf("refreshToken returned with error: %v", err) - } - - filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) - data, err := os.ReadFile(filepath) - if err != nil { - t.Fatalf("Failed to read from %s: %v", filepath, err) - } - - if !bytes.Equal(data, expectedToken) { - t.Errorf("Initial token written to file does not match expected token: got %v, want %v", data, expectedToken) - } - - // Expect refreshTime to be no greater than expectedTTL. - if refreshTime >= time.Duration(float64(ttl)) { - t.Errorf("Refresh time cannot exceed ttl: got %v, expect no greater than %v", refreshTime, time.Duration(float64(ttl))) - } -} - -// TestRefreshTokenWithSignedContainerCacheEnabled checks `refreshToken` updates the default token when signatures get updated. -func TestRefreshTokenWithSignedContainerCacheEnabled(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - oldCache := []string{"old sigs cache"} - fakeAgent := &fakeAttestationAgent{ - sigsFetcherFunc: func(context.Context) []string { - return oldCache - }, - } - fakeAgent.attestFunc = func(context.Context, agent.AttestAgentOpts) ([]byte, error) { - return createJWTWithSignatures(t, fakeAgent.sigsCache), nil - } - - runner := ContainerRunner{ - attestAgent: fakeAgent, - logger: logging.SimpleLogger(), - } - - if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { - t.Fatalf("Error creating host token path directory: %v", err) - } - - _, err := runner.refreshToken(ctx) - if err != nil { - t.Fatalf("refreshToken returned with error: %v", err) - } - - // Simulate adding signatures. - newCache := []string{"old sigs cache", "new sigs cache"} - fakeAgent.sigsFetcherFunc = func(context.Context) []string { - return newCache - } - - // Refresh token again to get the updated token. - _, err = runner.refreshToken(ctx) - if err != nil { - t.Fatalf("refreshToken returned with error: %v", err) - } - - // Read the token to check if claims contain the updated signatures. - filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) - token, err := os.ReadFile(filepath) - if err != nil { - t.Fatalf("Failed to read from %s: %v", filepath, err) - } - - gotClaims := &fakeClaims{} - _, _, err = jwt.NewParser().ParseUnverified(string(token), gotClaims) - if err != nil { - t.Fatalf("failed to parse token: %v", err) - } - - if gotSignatures, wantSignatures := gotClaims.Signatures, newCache; !cmp.Equal(gotSignatures, wantSignatures) { - t.Errorf("Updated token written to file does not contain expected signatures: got %v, want %v", gotSignatures, wantSignatures) - } -} - -func TestRefreshTokenError(t *testing.T) { - if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { - t.Fatalf("Error creating host token path directory: %v", err) - } - - testcases := []struct { - name string - agent *fakeAttestationAgent - }{ - { - name: "Attest fails", - agent: &fakeAttestationAgent{ - attestFunc: func(context.Context, agent.AttestAgentOpts) ([]byte, error) { - return nil, errors.New("attest error") - }, - }, - }, - { - name: "Attest returns expired token", - agent: &fakeAttestationAgent{ - attestFunc: func(context.Context, agent.AttestAgentOpts) ([]byte, error) { - return createJWT(t, -5*time.Second), nil - }, - }, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - runner := ContainerRunner{ - attestAgent: tc.agent, - logger: logging.SimpleLogger(), - } - - if _, err := runner.refreshToken(context.Background()); err == nil { - t.Error("refreshToken succeeded, expected error.") - } - - }) - } -} - -func TestFetchAndWriteTokenSucceeds(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - expectedToken := createJWT(t, 5*time.Second) - - runner := ContainerRunner{ - attestAgent: &fakeAttestationAgent{ - attestFunc: func(context.Context, agent.AttestAgentOpts) ([]byte, error) { - return expectedToken, nil - }, - }, - logger: logging.SimpleLogger(), - } - - if err := runner.fetchAndWriteToken(ctx); err != nil { - t.Fatalf("fetchAndWriteToken failed: %v", err) - } - - filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) - data, err := os.ReadFile(filepath) - if err != nil { - t.Fatalf("Failed to read from %s: %v", filepath, err) - } - - if !bytes.Equal(data, expectedToken) { - t.Errorf("Token written to file does not match expected token: got %v, want %v", data, expectedToken) - } -} - -func TestTokenIsNotChangedIfRefreshFails(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - expectedToken := createJWT(t, 5*time.Second) - ttl := 5 * time.Second - - attestAgent := &fakeAttestationAgent{} - attestAgent.attestFunc = func(context.Context, agent.AttestAgentOpts) ([]byte, error) { - attestAgent.attMu.Lock() - defer func() { - attestAgent.attempts = attestAgent.attempts + 1 - attestAgent.attMu.Unlock() - }() - if attestAgent.attempts%2 == 0 { - return expectedToken, nil - } - return nil, errors.New("attest unsuccessful") - } - - runner := ContainerRunner{ - attestAgent: attestAgent, - logger: logging.SimpleLogger(), - } - - if err := runner.fetchAndWriteToken(ctx); err != nil { - t.Fatalf("fetchAndWriteToken failed: %v", err) - } - - filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) - data, err := os.ReadFile(filepath) - if err != nil { - t.Fatalf("Failed to read from %s: %v", filepath, err) - } - - if !bytes.Equal(data, expectedToken) { - t.Errorf("Initial token written to file does not match expected token: got %v, want %v", data, expectedToken) - } - - time.Sleep(ttl) - - data, err = os.ReadFile(filepath) - if err != nil { - t.Fatalf("Failed to read from %s: %v", filepath, err) - } - - if !bytes.Equal(data, expectedToken) { - t.Errorf("Expected token to remain the same after unsuccessful refresh attempt: got %v", data) - } -} - -// testRetryPolicy tries the operation at the following times: -// t=0s, .5s, 1.25s. It is canceled before the fourth try. -func testRetryPolicyThreeTimes() *backoff.ExponentialBackOff { - expBack := backoff.NewExponentialBackOff() - expBack.InitialInterval = 500 * time.Millisecond - expBack.RandomizationFactor = 0 - expBack.Multiplier = 1.5 - expBack.MaxInterval = 1 * time.Second - expBack.MaxElapsedTime = 2249 * time.Millisecond - return expBack -} - -func TestTokenRefreshRetryPolicyFail(t *testing.T) { - testRetryPolicyWithNTries(t, 4 /*numTries*/, false /*expectRefresh*/) -} - -func TestTokenRefreshRetryPolicy(t *testing.T) { - // Test retry policy tries 3 times. - for numTries := 1; numTries <= 3; numTries++ { - t.Run("RetryPolicyWith"+strconv.Itoa(numTries)+"Tries", - func(t *testing.T) { testRetryPolicyWithNTries(t, numTries /*numTries*/, true /*expectRefresh*/) }) - } -} - -func testRetryPolicyWithNTries(t *testing.T, numTries int, expectRefresh bool) { - strNum := strconv.Itoa(numTries) - t.Logf("testing with %d tries", numTries) - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - expectedInitialToken := createJWTWithID(t, "initial token"+strNum, 5*time.Second) - expectedRefreshToken := createJWTWithID(t, "refresh token"+strNum, 100*time.Second) - // Wait the initial token's 5s plus a second per retry (MaxInterval). - ttl := time.Duration(numTries)*time.Second + 5*time.Second - retry := -1 - attestFunc := func(context.Context, agent.AttestAgentOpts) ([]byte, error) { - retry++ - // Success on the initial fetch (subsequent calls use refresher goroutine). - if retry == 0 { - return expectedInitialToken, nil - } - if retry == numTries { - return expectedRefreshToken, nil - } - return nil, errors.New("attest unsuccessful") - } - runner := ContainerRunner{ - attestAgent: &fakeAttestationAgent{attestFunc: attestFunc}, - logger: logging.SimpleLogger(), - } - if err := runner.fetchAndWriteTokenWithRetry(ctx, testRetryPolicyThreeTimes); err != nil { - t.Fatalf("fetchAndWriteTokenWithRetry failed: %v", err) - } - filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) - data, err := os.ReadFile(filepath) - if err != nil { - t.Fatalf("failed to read from %s: %v", filepath, err) - } - - if !bytes.Equal(data, expectedInitialToken) { - gotClaims := extractJWTClaims(t, data) - wantClaims := extractJWTClaims(t, expectedInitialToken) - t.Errorf("initial token written to file does not match expected token: got ID %v, want ID %v", gotClaims.ID, wantClaims.ID) - } - time.Sleep(ttl) - - data, err = os.ReadFile(filepath) - if err != nil { - t.Fatalf("failed to read from %s: %v", filepath, err) - } - - // No refresh: the token should match initial token. - if !expectRefresh && !bytes.Equal(data, expectedInitialToken) { - gotClaims := extractJWTClaims(t, data) - wantClaims := extractJWTClaims(t, expectedInitialToken) - t.Errorf("token refresher should fail and received token should be the initial token: got ID %v, want ID %v", gotClaims.ID, wantClaims.ID) - } - - // Should Refresh: the token should match refreshed token. - if expectRefresh && !bytes.Equal(data, expectedRefreshToken) { - gotClaims := extractJWTClaims(t, data) - wantClaims := extractJWTClaims(t, expectedRefreshToken) - t.Errorf("refreshed token did not match expected token: got ID %v, want ID %v", gotClaims.ID, wantClaims.ID) - } -} - -func TestFetchAndWriteTokenWithTokenRefresh(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - expectedToken := createJWT(t, 5*time.Second) - expectedRefreshedToken := createJWT(t, 10*time.Second) - - ttl := 5 * time.Second - - attestAgent := &fakeAttestationAgent{} - attestAgent.attestFunc = func(context.Context, agent.AttestAgentOpts) ([]byte, error) { - attestAgent.attMu.Lock() - defer func() { - attestAgent.attempts = attestAgent.attempts + 1 - attestAgent.attMu.Unlock() - }() - if attestAgent.attempts%2 == 0 { - return expectedToken, nil - } - return expectedRefreshedToken, nil - } - runner := ContainerRunner{ - attestAgent: attestAgent, - logger: logging.SimpleLogger(), - } - - if err := runner.fetchAndWriteToken(ctx); err != nil { - t.Fatalf("fetchAndWriteToken failed: %v", err) - } - - filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) - data, err := os.ReadFile(filepath) - if err != nil { - t.Fatalf("Failed to read from %s: %v", filepath, err) - } - - if !bytes.Equal(data, expectedToken) { - t.Errorf("Initial token written to file does not match expected token: got %v, want %v", data, expectedToken) - } - - // Check that token has not been refreshed yet. - data, err = os.ReadFile(filepath) - if err != nil { - t.Fatalf("Failed to read from %s: %v", filepath, err) - } - - if !bytes.Equal(data, expectedToken) { - t.Errorf("Token unexpectedly refreshed: got %v, want %v", data, expectedRefreshedToken) - } - - time.Sleep(ttl) - - // Check that token has changed. - data, err = os.ReadFile(filepath) - if err != nil { - t.Fatalf("Failed to read from %s: %v", filepath, err) - } - - if !bytes.Equal(data, expectedRefreshedToken) { - t.Errorf("Refreshed token written to file does not match expected token: got %v, want %v", data, expectedRefreshedToken) - } -} - -func TestGetNextRefresh(t *testing.T) { - // 0 <= random < 1. - for _, randNum := range []float64{0, .1415926, .5, .75, .999999999} { - // expiration should always be >0. - // 0 or negative expiration means the token has already expired. - for _, expInt := range []int64{1, 10, 100, 1000, 10000, 1000000} { - expDuration := time.Duration(expInt) - next := getNextRefreshFromExpiration(expDuration, randNum) - if next >= expDuration { - t.Errorf("getNextRefreshFromExpiration(%v, %v) = %v next refresh. expected %v (next refresh) < %v (expiration)", - expDuration, randNum, next, next, expDuration) - } - } - } -} - -func TestInitImageDockerPublic(t *testing.T) { - // testing image fetching using a dummy token and a docker repo url - containerdClient, err := containerd.New(defaults.DefaultAddress) - if err != nil { - t.Skipf("test needs containerd daemon: %v", err) - } - - ctx := namespaces.WithNamespace(context.Background(), "test") - // This is a "valid" token (formatwise) - validToken := oauth2.Token{AccessToken: "000000", Expiry: time.Now().Add(time.Hour)} - if _, err := initImage(ctx, containerdClient, spec.LaunchSpec{ImageRef: "docker.io/library/hello-world:latest"}, validToken); err != nil { - t.Error(err) - } else { - if err := containerdClient.ImageService().Delete(ctx, "docker.io/library/hello-world:latest"); err != nil { - t.Error(err) - } - } - - invalidToken := oauth2.Token{} - if _, err := initImage(ctx, containerdClient, spec.LaunchSpec{ImageRef: "docker.io/library/hello-world:latest"}, invalidToken); err != nil { - t.Error(err) - } else { - if err := containerdClient.ImageService().Delete(ctx, "docker.io/library/hello-world:latest"); err != nil { - t.Error(err) - } - } -} - -func TestMeasureCELEvents(t *testing.T) { - ctx := context.Background() - fakeContainer := &fakeContainer{ - image: &fakeImage{ - name: "fake image name", - digest: "fake digest", - id: "fake id", - }, - args: []string{"fake args"}, - env: []string{"fake env"}, - } - - testCases := []struct { - name string - wantCELEvents []cel.CosType - launchSpec spec.LaunchSpec - }{ - { - name: "measure full container events and launch separator event", - wantCELEvents: []cel.CosType{ - cel.ImageRefType, - cel.ImageDigestType, - cel.RestartPolicyType, - cel.ImageIDType, - cel.ArgType, - cel.EnvVarType, - cel.OverrideEnvType, - cel.OverrideArgType, - cel.MemoryMonitorType, - cel.LaunchSeparatorType, - }, - launchSpec: spec.LaunchSpec{ - Envs: []spec.EnvVar{{Name: "hello", Value: "world"}}, - Cmd: []string{"hello world"}, - }, - }, - { - name: "measure partial container events, memory monitoring event, and launch separator event", - wantCELEvents: []cel.CosType{ - cel.ImageRefType, - cel.ImageDigestType, - cel.RestartPolicyType, - cel.ImageIDType, - cel.ArgType, - cel.EnvVarType, - cel.MemoryMonitorType, - cel.LaunchSeparatorType, - }, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - gotEvents := []cel.CosType{} - - fakeAgent := &fakeAttestationAgent{ - measureEventFunc: func(content cel.Content) error { - got, _ := content.GetTLV() - tlv := &cel.TLV{} - tlv.UnmarshalBinary(got.Value) - gotEvents = append(gotEvents, cel.CosType(tlv.Type)) - return nil - }, - } - - r := ContainerRunner{ - attestAgent: fakeAgent, - container: fakeContainer, - launchSpec: tc.launchSpec, - logger: logging.SimpleLogger(), - } - - if err := r.measureCELEvents(ctx); err != nil { - t.Errorf("failed to measureCELEvents: %v", err) - } - - if !cmp.Equal(gotEvents, tc.wantCELEvents) { - t.Errorf("failed to measure CEL events, got %v, but want %v", gotEvents, tc.wantCELEvents) - } - }) - } -} - -func TestPullImageWithRetries(t *testing.T) { - testCases := []struct { - name string - imagePuller func(int) (containerd.Image, error) - wantPass bool - }{ - { - name: "success with single attempt", - imagePuller: func(int) (containerd.Image, error) { return &fakeImage{}, nil }, - wantPass: true, - }, - { - name: "failure then success", - imagePuller: func(attempts int) (containerd.Image, error) { - if attempts%2 == 1 { - return nil, errors.New("fake error") - } - return &fakeImage{}, nil - }, - wantPass: true, - }, - { - name: "failure with attempts exceeded", - imagePuller: func(int) (containerd.Image, error) { - return nil, errors.New("fake error") - }, - wantPass: false, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - retryPolicy := func() backoff.BackOff { - b := backoff.NewExponentialBackOff() - return backoff.WithMaxRetries(b, 2) - } - - attempts := 0 - _, err := pullImageWithRetries( - func() (containerd.Image, error) { - attempts++ - return tc.imagePuller(attempts) - }, - retryPolicy) - if gotPass := (err == nil); gotPass != tc.wantPass { - t.Errorf("pullImageWithRetries failed, got %v, but want %v", gotPass, tc.wantPass) - } - }) - } -} - -// This ensures fakeContainer implements containerd.Container interface. -var _ containerd.Container = &fakeContainer{} - -// This ensures fakeImage implements containerd.Image interface. -var _ containerd.Image = &fakeImage{} - -type fakeContainer struct { - containerd.Container - image containerd.Image - args []string - env []string -} - -func (c *fakeContainer) Image(context.Context) (containerd.Image, error) { - return c.image, nil -} - -func (c *fakeContainer) Spec(context.Context) (*oci.Spec, error) { - return &oci.Spec{Process: &specs.Process{Args: c.args, Env: c.env}}, nil -} - -type fakeImage struct { - containerd.Image - name string - digest digest.Digest - id digest.Digest -} - -func (i *fakeImage) Name() string { - return i.name -} - -func (i *fakeImage) Target() v1.Descriptor { - return v1.Descriptor{Digest: i.digest} -} - -func (i *fakeImage) Config(_ context.Context) (v1.Descriptor, error) { - return v1.Descriptor{Digest: i.id}, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/errors.go b/vendor/github.com/google/go-tpm-tools/launcher/errors.go deleted file mode 100644 index 5650aa4e2..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/errors.go +++ /dev/null @@ -1,21 +0,0 @@ -package launcher - -import "fmt" - -// RetryableError means launcher should reboot the VM to retry. -type RetryableError struct { - Err error -} - -// WorkloadError represents the result of an workload/task that is non-zero. -type WorkloadError struct { - ReturnCode uint32 -} - -func (e *RetryableError) Error() string { - return fmt.Sprintf("failed with retryable error: %v", e.Err.Error()) -} - -func (e *WorkloadError) Error() string { - return "workload finished with a non-zero return code" -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/go.mod b/vendor/github.com/google/go-tpm-tools/launcher/go.mod deleted file mode 100644 index 9924e15da..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/go.mod +++ /dev/null @@ -1,100 +0,0 @@ -module github.com/google/go-tpm-tools/launcher - -go 1.23.0 - -toolchain go1.24.4 - -require ( - cloud.google.com/go/compute/metadata v0.8.0 - cloud.google.com/go/logging v1.13.0 - github.com/cenkalti/backoff/v4 v4.3.0 - github.com/containerd/containerd v1.7.23 - github.com/containerd/containerd/v2 v2.0.1 - github.com/coreos/go-systemd/v22 v22.5.0 - github.com/golang-jwt/jwt/v4 v4.5.1 - github.com/google/go-cmp v0.7.0 - github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc - github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 - github.com/google/go-tpm v0.9.6 - github.com/google/go-tpm-tools v0.4.4 - github.com/google/go-tpm-tools/verifier v0.4.4 - github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.1.0 - github.com/opencontainers/runtime-spec v1.2.0 - golang.org/x/oauth2 v0.30.0 - google.golang.org/api v0.247.0 - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c - google.golang.org/grpc v1.74.2 - google.golang.org/protobuf v1.36.7 -) - -require ( - cloud.google.com/go v0.120.0 // indirect - cloud.google.com/go/auth v0.16.4 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect - cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 // indirect - cloud.google.com/go/longrunning v0.6.7 // indirect - github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect - github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect - github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/Microsoft/hcsshim v0.12.9 // indirect - github.com/containerd/cgroups/v3 v3.0.3 // indirect - github.com/containerd/containerd/api v1.8.0 // indirect - github.com/containerd/continuity v0.4.4 // indirect - github.com/containerd/errdefs v1.0.0 // indirect - github.com/containerd/errdefs/pkg v0.3.0 // indirect - github.com/containerd/fifo v1.1.0 // indirect - github.com/containerd/log v0.1.0 // indirect - github.com/containerd/platforms v1.0.0-rc.0 // indirect - github.com/containerd/ttrpc v1.2.6 // indirect - github.com/containerd/typeurl/v2 v2.2.3 // indirect - github.com/distribution/reference v0.6.0 // indirect - github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect - github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-logr/logr v1.4.3 // indirect - github.com/go-logr/stdr v1.2.2 // indirect - github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/google/certificate-transparency-go v1.1.2 // indirect - github.com/google/go-attestation v0.5.1 // indirect - github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba // indirect - github.com/google/go-sev-guest v0.14.0 // indirect - github.com/google/go-tspi v0.3.0 // indirect - github.com/google/logger v1.1.1 // indirect - github.com/google/s2a-go v0.1.9 // indirect - github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect - github.com/googleapis/gax-go/v2 v2.15.0 // indirect - github.com/klauspost/compress v1.17.11 // indirect - github.com/moby/locker v1.0.1 // indirect - github.com/moby/sys/mountinfo v0.7.2 // indirect - github.com/moby/sys/sequential v0.6.0 // indirect - github.com/moby/sys/signal v0.7.1 // indirect - github.com/moby/sys/user v0.3.0 // indirect - github.com/moby/sys/userns v0.1.0 // indirect - github.com/opencontainers/selinux v1.11.1 // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/sirupsen/logrus v1.9.3 // indirect - go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect - go.opentelemetry.io/otel v1.36.0 // indirect - go.opentelemetry.io/otel/metric v1.36.0 // indirect - go.opentelemetry.io/otel/trace v1.36.0 // indirect - go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - golang.org/x/time v0.12.0 // indirect - google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect -) - -replace ( - github.com/google/go-tpm-tools v0.4.4 => ../ - github.com/google/go-tpm-tools/verifier v0.4.4 => ../verifier -) diff --git a/vendor/github.com/google/go-tpm-tools/launcher/go.sum b/vendor/github.com/google/go-tpm-tools/launcher/go.sum deleted file mode 100644 index f54a7123c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/go.sum +++ /dev/null @@ -1,1402 +0,0 @@ -bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= -bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA= -cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q= -cloud.google.com/go/auth v0.16.4 h1:fXOAIQmkApVvcIn7Pc2+5J8QTMVbUGLscnSVNl11su8= -cloud.google.com/go/auth v0.16.4/go.mod h1:j10ncYwjX/g3cdX7GpEzsdM+d+ZNsXAbb6qXA7p1Y5M= -cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= -cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute/metadata v0.8.0 h1:HxMRIbao8w17ZX6wBnjhcDkW6lTFpgcaobyVfZWqRLA= -cloud.google.com/go/compute/metadata v0.8.0/go.mod h1:sYOGTp851OV9bOFJ9CH7elVvyzopvWQFNNghtDQ/Biw= -cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 h1:5sgtvzlC80YG1mSB535USESeIQBbpKXMMFzwcIIDX2M= -cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8/go.mod h1:u2iGBWSZ9hlgQAwwpwoz2U9V4UBYRysd/vAW7Tg7WPI= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= -cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= -cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= -cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= -cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE= -cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY= -cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= -cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= -cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= -code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= -contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= -contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= -contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= -contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= -contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= -contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= -contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 h1:dIScnXFlF784X79oi7MzVT6GWqr/W1uUt0pB5CsDs9M= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2/go.mod h1:gCLVsLfv1egrcZu+GoJATN5ts75F2s62ih/457eWzOw= -github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= -github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= -github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= -github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= -github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= -github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg= -github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= -github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= -github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= -github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= -github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= -github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= -github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= -github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= -github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= -github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= -github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= -github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= -github.com/containerd/containerd/api v1.8.0 h1:hVTNJKR8fMc/2Tiw60ZRijntNMd1U+JVMyTRdsD2bS0= -github.com/containerd/containerd/api v1.8.0/go.mod h1:dFv4lt6S20wTu/hMcP4350RL87qPWLVa/OHOwmmdnYc= -github.com/containerd/containerd/v2 v2.0.1 h1:xqSar9cjkGhfQ2YvanCu7FMLk6+pNCFMCAroM2ALPp0= -github.com/containerd/containerd/v2 v2.0.1/go.mod h1:A9DyAg+lXTiSBOsBTqQtJL4O3AGaM1aa4UHmVh4uFhM= -github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII= -github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= -github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= -github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= -github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= -github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= -github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY= -github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= -github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= -github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/containerd/platforms v1.0.0-rc.0 h1:GuHWSKgVVO3POn6nRBB4sH63uPOLa87yuuhsGLWaXAA= -github.com/containerd/platforms v1.0.0-rc.0/go.mod h1:T1XAzzOdYs3it7l073MNXyxRwQofJfqwi/8cRjufIk4= -github.com/containerd/ttrpc v1.2.6 h1:zG+Kn5EZ6MUYCS1t2Hmt2J4tMVaLSFEJVOraDQwNPC4= -github.com/containerd/ttrpc v1.2.6/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= -github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= -github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= -github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= -github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= -github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= -github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= -github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= -github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= -github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= -github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= -github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= -github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= -github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= -github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= -github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= -github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= -github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= -github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= -github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= -github.com/google/go-attestation v0.5.1 h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms= -github.com/google/go-attestation v0.5.1/go.mod h1:KqGatdUhg5kPFkokyzSBDxwSCFyRgIgtRkMp6c3lOBQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc h1:SG12DWUUM5igxm+//YX5Yq4vhdoRnOG9HkCodkOn+YU= -github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba h1:05m5+kgZjxYUZrx3bZfkKHl6wkch+Khao6N21rFHInk= -github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= -github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= -github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= -github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= -github.com/google/go-sev-guest v0.14.0 h1:dCb4F3YrHTtrDX3cYIPTifEDz7XagZmXQioxRBW4wOo= -github.com/google/go-sev-guest v0.14.0/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= -github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= -github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= -github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= -github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= -github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= -github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= -github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= -github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= -github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= -github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= -github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= -github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= -github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= -github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= -github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= -github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= -github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= -github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= -github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= -github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= -github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= -github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= -github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= -github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= -github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= -github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= -github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= -github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= -github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= -github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= -github.com/moby/sys/signal v0.7.1 h1:PrQxdvxcGijdo6UXXo/lU/TvHUWyPhj7UOpSo8tuvk0= -github.com/moby/sys/signal v0.7.1/go.mod h1:Se1VGehYokAkrSQwL4tDzHvETwUZlnY7S5XtQ50mQp8= -github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= -github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= -github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= -github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= -github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= -github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= -github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= -github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= -github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= -github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= -github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= -github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= -github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= -github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= -github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= -github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= -github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= -github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= -github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= -github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= -github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= -github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= -github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= -github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= -github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= -github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= -github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= -github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= -go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= -go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= -go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= -go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= -go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= -go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= -go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= -go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= -go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= -go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= -go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= -go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= -go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= -golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.247.0 h1:tSd/e0QrUlLsrwMKmkbQhYVa109qIintOls2Wh6bngc= -google.golang.org/api v0.247.0/go.mod h1:r1qZOPmxXffXg6xS5uhx16Fa/UFY8QU/K4bfKrnvovM= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= -google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= -google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= -google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= -google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= -gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= -gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= -gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= -gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/cloudbuild.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/cloudbuild.yaml deleted file mode 100644 index 74673d973..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/cloudbuild.yaml +++ /dev/null @@ -1,57 +0,0 @@ -substitutions: - '_BASE_IMAGE': '' - '_OUTPUT_IMAGE_NAME': '' - '_OUTPUT_IMAGE_FAMILY': '' - '_BASE_IMAGE_PROJECT': '' - '_IMAGE_ENV': '' - '_BUCKET_NAME': '' - '_CS_LICENSE': '' - '_SHORT_SHA': '' - -steps: - - name: golang:1.23 - entrypoint: /bin/bash - args: - - -c - - | - cd launcher/launcher - CGO_ENABLED=0 go build -o ../image/launcher -ldflags="-X 'main.BuildCommit=${_SHORT_SHA}'" - - name: 'gcr.io/cloud-builders/gcloud' - id: DownloadExpBinary - entrypoint: 'gcloud' - args: ['storage', - 'cp', - 'gs://confidential-space-images_third-party/confidential_space_experiments', - './launcher/image/confidential_space_experiments'] - - name: 'gcr.io/cos-cloud/cos-customizer' - args: ['start-image-build', - '-build-context=launcher/image', - '-gcs-bucket=${_BUCKET_NAME}', - '-gcs-workdir=customizer-${BUILD_ID}', - '-image-name=${_BASE_IMAGE}', - '-image-project=${_BASE_IMAGE_PROJECT}'] - - name: 'gcr.io/cos-cloud/cos-customizer' - args: ['run-script', - '-script=preload.sh', - '-env=IMAGE_ENV=${_IMAGE_ENV}'] - - name: 'gcr.io/cos-cloud/cos-customizer' - args: ['seal-oem'] - - name: 'gcr.io/cos-cloud/cos-customizer' - args: ['run-script', - '-script=fixup_oem.sh'] - - name: 'gcr.io/cos-cloud/cos-customizer' - args: ['finish-image-build', - '-oem-size=500M', - '-disk-size-gb=11', - '-image-name=${_OUTPUT_IMAGE_NAME}', - '-image-family=${_OUTPUT_IMAGE_FAMILY}', - '-image-project=${PROJECT_ID}', - '-licenses=${_CS_LICENSE}', - '-licenses=projects/confidential-space-images/global/licenses/ek-certificate-license', - '-zone=us-central1-a', - '-project=${PROJECT_ID}'] - -timeout: '3000s' - -options: - dynamic_substitutions: true diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/container-runner.service b/vendor/github.com/google/go-tpm-tools/launcher/image/container-runner.service deleted file mode 100644 index 3f0d7a575..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/container-runner.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Confidential Space Launcher -Wants=network-online.target gcr-online.target containerd.service -After=network-online.target gcr-online.target containerd.service - -[Service] -ExecStart=/usr/share/oem/confidential_space/cs_container_launcher -ExecStopPost=/usr/share/oem/confidential_space/exit_script.sh -Restart=no -StandardOutput=journal -StandardError=journal - -[Install] -WantedBy=multi-user.target diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/debug.conf b/vendor/github.com/google/go-tpm-tools/launcher/image/debug.conf deleted file mode 100644 index 06c8f51b7..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/debug.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -# debug image machine won't shutdown -ExecStopPost= diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/entrypoint.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/entrypoint.sh deleted file mode 100644 index b089f0e41..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/entrypoint.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -main() { - # Copy service files. - cp /usr/share/oem/confidential_space/container-runner.service /etc/systemd/system/container-runner.service - # Override default fluent-bit config. - cp /usr/share/oem/confidential_space/fluent-bit-cs.conf /etc/fluent-bit/fluent-bit.conf - - # Override default system-stats-monitor.json for node-problem-detector. - cp /usr/share/oem/confidential_space/system-stats-monitor-cs.json /etc/node_problem_detector/system-stats-monitor.json - # Override default boot-disk-size-consistency-monitor.json for node-problem-detector. - cp /usr/share/oem/confidential_space/boot-disk-size-consistency-monitor-cs.json /etc/node_problem_detector/boot-disk-size-consistency-monitor.json - # Override default docker-monitor.json for node-problem-detector. - cp /usr/share/oem/confidential_space/docker-monitor-cs.json /etc/node_problem_detector/docker-monitor.json - # Override default kernel-monitor.json for node-problem-detector. - cp /usr/share/oem/confidential_space/kernel-monitor-cs.json /etc/node_problem_detector/kernel-monitor.json - systemctl daemon-reload - systemctl enable container-runner.service - systemctl start container-runner.service - systemctl start fluent-bit.service - -} - -main diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/exit_script.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/exit_script.sh deleted file mode 100755 index 8c9bb40c9..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/exit_script.sh +++ /dev/null @@ -1,13 +0,0 @@ -#! /bin/bash - -if [[ $EXIT_STATUS -eq 3 ]] -then - # reboot after 2 min - shutdown --reboot +2 -fi - -if [[ $EXIT_STATUS -eq 0 ]] || [[ $EXIT_STATUS -eq 1 ]] || [[ $EXIT_STATUS -eq 2 ]] -then - # poweroff after 2 min - shutdown --poweroff +2 -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/fixup_oem.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/fixup_oem.sh deleted file mode 100644 index c95d68341..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/fixup_oem.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash - -main() { - if [[ ! -d /mnt/disks/efi ]]; then - mkdir /mnt/disks/efi - fi - mount /dev/sda12 /mnt/disks/efi - sed -i -e 's|systemd.mask=usr-share-oem.mount||g' /mnt/disks/efi/efi/boot/grub.cfg - - # TODO: Remove this fix once the upstream customizer fixed the bug. - # Fix a string manipulation bug in the dm part of the kernel cmd. - if grep -q "dm-m2d" /mnt/disks/efi/efi/boot/grub.cfg; then - sed -i -e 's|dm-m2d|dm-mod|g' /mnt/disks/efi/efi/boot/grub.cfg - sed -i -e 's|,oemroot|;oemroot|g' /mnt/disks/efi/efi/boot/grub.cfg - fi - - # Print grub.cfg's kernel command line. - grep -i '^\s*linux' /mnt/disks/efi/efi/boot/grub.cfg | \ - sed -e 's|.*|[BEGIN_CS_GRUB_CMDLINE]&[END_CS_GRUB_CMDLINE]|g' - - # Convert grub.cfg's kernel command line into what GRUB passes to the kernel. - grep -i '^\s*linux' /mnt/disks/efi/efi/boot/grub.cfg | \ - sed -e "s|'ds=nocloud;s=/usr/share/oem/'|ds=nocloud;s=/usr/share/oem/|g" | \ - sed -e 's|\\"|"|g' | \ - sed -e 's|dm-mod.create="|"dm-mod.create=|g' | \ - sed -e 's|.*|[BEGIN_CS_CMDLINE]&[END_CS_CMDLINE]|g' - - umount /mnt/disks/efi - - # Now the oem partition is sealed, we mount it to print it's content - if [[ ! -d /mnt/disks/oem ]]; then - mkdir /mnt/disks/oem - fi - - # Since it's sealed, we mount it read-only to prevent changes - mount -o ro /dev/sda8 /mnt/disks/oem - - ls -l /mnt/disks/oem/ - ls -l /mnt/disks/oem/confidential_space - - umount /mnt/disks/oem -} - -main diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/fluent-bit-cs.conf b/vendor/github.com/google/go-tpm-tools/launcher/image/fluent-bit-cs.conf deleted file mode 100644 index f1bdd14ca..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/fluent-bit-cs.conf +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Forked from https://cos.googlesource.com/cos/overlays/board-overlays/+/refs/heads/master/project-lakitu/app-admin/fluent-bit/files/fluent-bit.conf - -[SERVICE] - # Flush - # ===== - # set an interval of seconds before to flush records to a destination - flush 1 - # Daemon - # ====== - # instruct Fluent Bit to run in foreground or background mode. - daemon Off - # Log_Level - # ========= - # Set the verbosity level of the service, values can be: - # - # - error - # - warning - # - info - # - debug - # - trace - # - # by default 'info' is set, that means it includes 'error' and 'warning'. - log_level info - # Storage - # ======= - # Fluent Bit can use memory and filesystem buffering based mechanisms - # - # - https://docs.fluentbit.io/manual/administration/buffering-and-storage - # - # storage metrics - # --------------- - # publish storage pipeline metrics in '/api/v1/storage'. The metrics are - # exported only if the 'http_server' option is enabled. - # - storage.metrics on - -# Collects CS launcher and workload logs. -[INPUT] - Name systemd - Tag confidential-space-launcher - Systemd_Filter _SYSTEMD_UNIT=container-runner.service - DB /var/log/google-fluentbit/container-runner.log.db - Read_From_Tail False - -[OUTPUT] - Name stackdriver - Match * - Resource gce_instance - severity_key severity diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/hardened.conf b/vendor/github.com/google/go-tpm-tools/launcher/image/hardened.conf deleted file mode 100644 index 60baec03c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/hardened.conf +++ /dev/null @@ -1,5 +0,0 @@ -[Service] -# hardened image should exit after workflow finished -ExecStopPost= -ExecStopPost=/bin/sleep 60 -ExecStopPost=/usr/bin/systemctl poweroff diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/boot-disk-size-consistency-monitor-cs.json b/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/boot-disk-size-consistency-monitor-cs.json deleted file mode 100644 index 8f741843b..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/boot-disk-size-consistency-monitor-cs.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "plugin": "custom", - "pluginConfig": { - "invoke_interval": "30m", - "timeout": "7s", - "max_output_length": 80, - "enable_message_change_based_condition_update": false - }, - "source": "boot-disk-size-consistency-monitor", - "metricsReporting": false, - "rules": [] - } \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/docker-monitor-cs.json b/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/docker-monitor-cs.json deleted file mode 100644 index c28fc9e0e..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/docker-monitor-cs.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "plugin": "journald", - "pluginConfig": { - "source": "dockerd" - }, - "logPath": "/var/log/journal", - "lookback": "5m", - "bufferSize": 10, - "source": "docker-monitor", - "metricsReporting": false, - "conditions": [] -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/kernel-monitor-cs.json b/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/kernel-monitor-cs.json deleted file mode 100644 index 8a2ee9d4d..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/kernel-monitor-cs.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "plugin": "kmsg", - "logPath": "/dev/kmsg", - "lookback": "5m", - "bufferSize": 10, - "source": "kernel-monitor", - "metricsReporting": false, - "conditions": [], - "rules": [] -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/system-stats-monitor-cs.json b/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/system-stats-monitor-cs.json deleted file mode 100644 index 30f8cccea..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/nodeproblemdetector/system-stats-monitor-cs.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "memory": { - "metricsConfigs": { - "memory/bytes_used": { - "displayName": "memory/bytes_used" - } - } - }, - "invokeInterval": "60s" -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/preload.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/preload.sh deleted file mode 100644 index 83cde3823..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/preload.sh +++ /dev/null @@ -1,145 +0,0 @@ -#!/bin/bash - -readonly OEM_PATH='/usr/share/oem' -readonly CS_PATH="${OEM_PATH}/confidential_space" -readonly EXPERIMENTS_BINARY="confidential_space_experiments" - -copy_launcher() { - cp launcher "${CS_PATH}/cs_container_launcher" -} - -copy_experiment_client() { - # DownloadExpBinary creates the file at EXPERIMENTS_BINARY. - cp $EXPERIMENTS_BINARY "${CS_PATH}/${EXPERIMENTS_BINARY}" - chmod +x "${CS_PATH}/${EXPERIMENTS_BINARY}" -} - -setup_launcher_systemd_unit() { - cp container-runner.service "${CS_PATH}/container-runner.service" - cp exit_script.sh "${CS_PATH}/exit_script.sh" -} - -append_cmdline() { - local arg="$1" - if [[ ! -d /mnt/disks/efi ]]; then - mkdir /mnt/disks/efi - fi - mount /dev/sda12 /mnt/disks/efi - sed -i -e "s|cros_efi|cros_efi ${arg}|g" /mnt/disks/efi/efi/boot/grub.cfg - umount /mnt/disks/efi -} - -set_default_boot_target() { - append_cmdline "systemd.unit=$1" -} - -disable_unit() { - append_cmdline "systemd.mask=$1" -} - -enable_unit() { - append_cmdline "systemd.wants=$1" -} - -configure_entrypoint() { - cp "$1" ${OEM_PATH}/user-data - touch ${OEM_PATH}/meta-data - append_cmdline "'ds=nocloud;s=${OEM_PATH}/'" -} - -configure_necessary_systemd_units() { - # Include basic services. - enable_unit "basic.target" - - # gcr-wait-online.service is WantedBy=gcr-online.target. - # The hostname gcr.io does not resolve until systemd-resolved is enabled. - enable_unit "systemd-resolved.service" - - # Dependencies of container-runner.service. - enable_unit "network-online.target" - enable_unit "gcr-online.target" - -} - -configure_cloud_logging() { - # Copy CS-specific fluent-bit config to OEM partition. - cp fluent-bit-cs.conf "${CS_PATH}" -} - -configure_node_problem_detector() { - # Copy CS-specific node-problem-detector configs to OEM partition. - cp nodeproblemdetector/system-stats-monitor-cs.json "${CS_PATH}" - cp nodeproblemdetector/boot-disk-size-consistency-monitor-cs.json "${CS_PATH}" - cp nodeproblemdetector/docker-monitor-cs.json "${CS_PATH}" - cp nodeproblemdetector/kernel-monitor-cs.json "${CS_PATH}" -} - -configure_systemd_units_for_debug() { - configure_cloud_logging - configure_node_problem_detector - - disable_unit "konlet-startup.service" -} -configure_systemd_units_for_hardened() { - configure_necessary_systemd_units - configure_cloud_logging - configure_node_problem_detector - # Make entrypoint (via cloud-init) the default unit. - set_default_boot_target "cloud-final.service" - - disable_unit "var-lib-docker.mount" - disable_unit "docker.service" - disable_unit "google-guest-agent.service" - disable_unit "google-osconfig-init.service" - disable_unit "google-osconfig-agent.service" - disable_unit "google-startup-scripts.service" - disable_unit "google-shutdown-scripts.service" - disable_unit "konlet-startup.service" - disable_unit "crash-reporter.service" - disable_unit "device_policy_manager.service" - disable_unit "docker-events-collector-fluent-bit.service" - disable_unit "sshd.service" - disable_unit "var-lib-toolbox.mount" -} - -main() { - mount -o remount,rw ${OEM_PATH} - mkdir ${CS_PATH} - - # Install container launcher entrypoint. - configure_entrypoint "entrypoint.sh" - # Install experiment client. - copy_experiment_client - # Install container launcher. - copy_launcher - setup_launcher_systemd_unit - # Minimum required COS version for 'e': cos-dev-105-17222-0-0. - # Minimum required COS version for 'm': cos-dev-113-18203-0-0. - append_cmdline "cos.protected_stateful_partition=m" - # Increase wait timeout of the protected stateful partition. - append_cmdline "systemd.default_timeout_start_sec=900s" - - if [[ "${IMAGE_ENV}" == "debug" ]]; then - configure_systemd_units_for_debug - append_cmdline "confidential-space.hardened=false" - elif [[ "${IMAGE_ENV}" == "hardened" ]]; then - configure_systemd_units_for_hardened - append_cmdline "confidential-space.hardened=true" - else - echo "Unknown image env: ${IMAGE_ENV}." \ - "Only 'debug' and 'hardened' are supported." - exit 1 - fi - - # Make sure cache is flushed for the OEM partition. - sync ${OEM_PATH} - - # Remount as read-only to avoid unexpected changes - mount -o remount,ro ${OEM_PATH} - - # Verify the content before the OEM sealing step. - ls -lh ${CS_PATH} - ls -lh ${OEM_PATH} -} - -main diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/README.md b/vendor/github.com/google/go-tpm-tools/launcher/image/test/README.md deleted file mode 100644 index 8fb8eacfb..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/README.md +++ /dev/null @@ -1,66 +0,0 @@ -This directory contains the image integration tests. - -# Tests -Integration tests run on [Cloud Build](https://cloud.google.com/build). -Run the test with `gcloud builds submit --config=test_{image_type}_cloudbuild.yaml` - -# Development -When writing a test, determine whether it should target the hardened image, -debug image, or both. Add it to the corresponding test `test_{image_type}_cloudbuild.yaml` -file. - -If there need to be multiple scripts, please suffix the script with the test name in each script. - -For example, testing `new_feature` might use three scripts: -`test_newfeature_initresource.sh`, `test_newfeature_validate.sh`, and `test_newfeature_cleanupresource.sh`. - -## Common Steps -Hardened and debug tests will include common steps that do test setup and cleanup activities. -They look like: - -```yaml -- name: 'gcr.io/cloud-builders/gcloud' - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh'] -``` - -* `create_vm.sh` creates a VM with the given image project, image name, and metadata. It then caches the VM name in the Cloud Build workspace. -* `cleanup.sh` deletes the VM created in create_vm.sh. -* `check_failure.sh` checks for a failure message in the status.txt file from a previous test step. This runs last due to Cloud Build exiting on previous step failures. - -## Data -`data/` contains data that will be loaded as Metadata or onto the VM directly. - -## Utils -Scripts in `util/` contain functions that can be sourced from other test scripts. - -* `read_serial.sh` contains a helper to pull the entire serial log for a VM. - -## Sharing Data Between Steps -`/workspace` is used in Cloud Build as a scratch space for specific builds. Some conventions for Confidential Space tests: - -* `/workspace/status.txt` contains the success/failure message from test steps. -`check_failure.sh` looks for a failed message in the step to determine whether -the cloud build is successful. -* `workspace/next_start.txt` is used when reading the serial logs. - -## Test Failures -Due to the sequential/only-proceed-with-success nature of Cloud Build, tests -with non-zero exit codes will cause subsequent steps to fail. This is -problematic when cleanup of a VM or other resources do not occur. - -To avoid this issue, test assertions with non-zero exit codes should shell OR (`||`) the result -and place a "Test failed" message in `/workspace/status.txt`. - -For example, `echo $SERIAL_OUTPUT | grep 'Expected output'` will fail and cancel -the rest of the Cloud Build on not finding the string "Expected output" in the -serial log. -The test writer should modify this line to do: - -```bash -echo $SERIAL_OUTPUT | grep 'Expected output' || echo 'TEST FAILED' > /workspace/status.txt -# Optionally, for debugging: -echo $SERIAL_OUTPUT > /workspace/status.txt -``` diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/check_failure.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/check_failure.sh deleted file mode 100644 index 5f4397827..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/check_failure.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail - -echo "Checking the status.txt file for test results:" -if [ -f /workspace/status.txt ]; then - cat /workspace/status.txt - if grep -qi 'failed' /workspace/status.txt; then - echo "The test failed for build $BUILD_ID." - exit 1 - else - echo "No test failure found." - exit - fi -else - echo "No status.txt file found." -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/cleanup.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/cleanup.sh deleted file mode 100644 index 06667691a..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/cleanup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# cleanup.sh -set -euo pipefail - -if [ $CLEANUP != "true" ]; then - echo "NOT cleaning up." - exit 0 -fi -echo "Cleaning up." - -echo 'Deleting VM' $1 'in zone' $2 -gcloud compute instances delete $1 --zone $2 -q diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/create_vm.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/create_vm.sh deleted file mode 100755 index 1dcadce80..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/create_vm.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -set -euxo pipefail - -print_usage() { - echo "usage: test_launcher.sh [-i imageName] [-p projectName] [-m metadata]" - echo " -i : which image name to use for the VM" - echo " -p : which image project to use for the VM" - echo " -m : metadata variables on VM creation; passed directly into gcloud" - echo " -f : read a metadata value from a file; specified in format key=filePath" - echo " -n : instance name" - echo " -z : instance zone" - exit 1 -} - -create_vm() { - if [ -z "$IMAGE_NAME" ]; then - echo "Empty image name supplied." - exit 1 - fi - - # use the fake verifier for all tests - FAKE_VERIFIER='test-fake-verifier=true' - - APPEND_METADATA='' - if ! [ -z "$METADATA" ]; then - if [[ "${METADATA}" == *"^~^"* ]]; then - APPEND_METADATA="--metadata ${METADATA}~${FAKE_VERIFIER}" - else - APPEND_METADATA="--metadata ${METADATA},${FAKE_VERIFIER}" - fi - else - APPEND_METADATA="--metadata ${FAKE_VERIFIER}" - fi - - APPEND_METADATA_FILE='' - if ! [ -z "$METADATA_FILE" ]; then - APPEND_METADATA_FILE="--metadata-from-file ${METADATA_FILE}" - fi - - echo 'Creating VM' ${VM_NAME} 'with image' $IMAGE_NAME - - # check the active account - gcloud auth list - - # Max disk for n2d-standard-2 (8GB memory) at 1% memory overhead. - MIN_DISK_SIZE=11 - MAX_DISK_SIZE_GB=80 - ADDTL_DISK_RANGE=$(($MAX_DISK_SIZE_GB - $MIN_DISK_SIZE + 1)) - DISK_SIZE_GB=$(($MIN_DISK_SIZE + ($RANDOM % $ADDTL_DISK_RANGE))) - - gcloud compute instances create $VM_NAME --confidential-compute --maintenance-policy=TERMINATE \ - --machine-type=n2d-standard-2 --boot-disk-size=$DISK_SIZE_GB --scopes=cloud-platform --zone $ZONE \ - --image=$IMAGE_NAME --image-project=$PROJECT_NAME --shielded-secure-boot $APPEND_METADATA \ - $APPEND_METADATA_FILE -} - -IMAGE_NAME='' -METADATA_FILE='' -METADATA='' -PROJECT_NAME='' -VM_NAME='' -ZONE='' - -# In getopts, a ':' following a letter means that that flag takes an argument. -# For example, i: means -i takes an additional argument. -while getopts 'i:f:m:p:n:z:' flag; do - case "${flag}" in - i) IMAGE_NAME=${OPTARG} ;; - f) METADATA_FILE=${OPTARG} ;; - m) METADATA=${OPTARG} ;; - p) PROJECT_NAME=${OPTARG} ;; - n) VM_NAME=${OPTARG} ;; - z) ZONE=${OPTARG} ;; - *) print_usage ;; - esac -done - -create_vm diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/data/cloud-init-config.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/data/cloud-init-config.yaml deleted file mode 100644 index e661ad40c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/data/cloud-init-config.yaml +++ /dev/null @@ -1,6 +0,0 @@ -#cloud-config - -# will print the string to serial console if cloud-init executed -# this config in user-data -bootcmd: - - echo "user-data in metadata executed" > /dev/ttyS0 diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/data/echo_startupscript.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/data/echo_startupscript.sh deleted file mode 100644 index 5da1a7036..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/data/echo_startupscript.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -echo "Executing startup script" -sudo chmod 666 /dev/ttyS0 -sudo echo "Executing startup script: logging to serial" > /dev/ttyS0 diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_cloud_init_userdata_disabled.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_cloud_init_userdata_disabled.sh deleted file mode 100644 index 980200e87..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_cloud_init_userdata_disabled.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -echo 'Running cloud-init userdata test' - -echo 'Reading from serial port' -SERIAL_OUTPUT=$(read_serial $1 $2) - -# check whether ./data/cloud-init-config.yaml is executed, will print "user-data in metadata executed" -# in serial console if it was executed -if echo $SERIAL_OUTPUT | grep -q 'user-data in metadata executed' -then - echo 'TEST FAILED: user-data executed on the VM' - echo 'TEST FAILED.' > /workspace/status.txt -else - echo 'user-data not executed on the VM' -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_custom_token.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_custom_token.sh deleted file mode 100644 index 3d68391aa..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_custom_token.sh +++ /dev/null @@ -1,21 +0,0 @@ - #!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# This test requires the workload to run and print -# corresponding messages to the serial console. -SERIAL_OUTPUT=$(read_serial $2 $3) -print_serial=false - -if echo $SERIAL_OUTPUT | grep -q "Token valid: $1" -then - echo "- test custom token" -else - echo "FAILED: Could not find 'Token valid: $1' in the serial console" - echo "TEST FAILED. Token was expected to pass validation." > /workspace/status.txt - print_serial=true -fi - -if $print_serial; then - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_experiment_value.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_experiment_value.sh deleted file mode 100644 index 424a127c1..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_experiment_value.sh +++ /dev/null @@ -1,21 +0,0 @@ - #!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# This test requires the workload to run and print -# corresponding messages to the serial console. -SERIAL_OUTPUT=$(read_serial $2 $3) -print_serial=false - -if echo $SERIAL_OUTPUT | grep -q "EnableTestFeatureForImage:$1" -then - echo "- test experiment verified $1" -else - echo "FAILED: experiment status expected to be $1" - echo "TEST FAILED. Test experiment status expected to be $1" > /workspace/status.txt - print_serial=true -fi - -if $print_serial; then - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload.sh deleted file mode 100644 index 9a0b20bd4..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload.sh +++ /dev/null @@ -1,111 +0,0 @@ - #!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# This test requires the workload to run and printing -# corresponding messages to the serial console. -SERIAL_OUTPUT=$(read_serial $1 $2) -print_serial=false - -if echo $SERIAL_OUTPUT | grep -q 'Workload running' -then - echo "- workload running verified" -else - echo "FAILED: workload not running" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'Workload args: \[/main newCmd\]' -then - echo "- arguments verified" -else - echo "FAILED: arguments not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'env_bar=val_bar' -then - echo "- env_bar env var verified" -else - echo "FAILED: env_bar env not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'ALLOWED_OVERRIDE=overridden' -then - echo "- ALLOWED_OVERRIDE env var verified" -else - echo "FAILED: ALLOWED_OVERRIDE env not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'aud: \[https://sts.googleapis.com\]' -then - echo "- token aud verified" -else - echo "FAILED: token aud not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'iss: fake-issuer-for-testing' -then - echo "- token iss verified" -else - echo "FAILED: token iss not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'secboot: true' -then - echo "- token secboot verified" -else - echo "FAILED: token secboot not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'oemid: fake-oem-id' -then - echo "- token oemid verified" -else - echo "FAILED: token oemid not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'hwmodel: fake-hw-model' -then - echo "- token hwmodel verified" -else - echo "FAILED: token hwmodel not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'swname: fake-sw-name' -then - echo "- token swname verified" -else - echo "FAILED: token swname not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if echo $SERIAL_OUTPUT | grep -q 'Token looks okay' -then - echo "- OIDC token accessible" -else - echo "FAILED: OIDC token not accessible" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if $print_serial; then - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload_cloudlogging.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload_cloudlogging.sh deleted file mode 100644 index a8f7aa31c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload_cloudlogging.sh +++ /dev/null @@ -1,114 +0,0 @@ - #!/bin/bash -set -euo pipefail -source util/read_cloud_logging.sh - -# Allow VM some time to boot and write to cloud logging. -sleep 120 - -# This test requires the workload to run and print -# corresponding messages to cloud logging. -CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) -print_logs=false - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'Workload running' -then - echo "- workload running verified" -else - echo "FAILED: workload not running" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'Workload args: \[/main newCmd\]' -then - echo "- arguments verified" -else - echo "FAILED: arguments not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'env_bar=val_bar' -then - echo "- env_bar env var verified" -else - echo "FAILED: env_bar env not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'ALLOWED_OVERRIDE=overridden' -then - echo "- ALLOWED_OVERRIDE env var verified" -else - echo "FAILED: ALLOWED_OVERRIDE env not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'aud: \[https://sts.googleapis.com\]' -then - echo "- token aud verified" -else - echo "FAILED: token aud not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'iss: fake-issuer-for-testing' -then - echo "- token iss verified" -else - echo "FAILED: token iss not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'secboot: true' -then - echo "- token secboot verified" -else - echo "FAILED: token secboot not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'oemid: fake-oem-id' -then - echo "- token oemid verified" -else - echo "FAILED: token oemid not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'hwmodel: fake-hw-model' -then - echo "- token hwmodel verified" -else - echo "FAILED: token hwmodel not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'swname: fake-sw-name' -then - echo "- token swname verified" -else - echo "FAILED: token swname not verified" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'Token looks okay' -then - echo "- OIDC token accessible" -else - echo "FAILED: OIDC token not accessible" - echo 'TEST FAILED.' > /workspace/status.txt - print_logs=true -fi - -if $print_logs; then - echo $CLOUD_LOGGING_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload_discover_signatures.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload_discover_signatures.sh deleted file mode 100644 index 17578130b..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launcher_workload_discover_signatures.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -set -euxo pipefail -source util/read_serial.sh - -# This test requires the workload to run and printing -# corresponding messages to the serial console. -SERIAL_OUTPUT=$(read_serial $1 $2) -print_serial=false - -# Check how many times "Found container image signatures" is being logged. -counts=$(echo $SERIAL_OUTPUT | grep -o "$3" | wc -l) -if [ $counts -eq $4 ]; then - echo "- container image signatures pattern [$3] found with expected counts: $4" -else - echo "FAILED: container image signatures want $4 counts, but got $counts" - echo 'TEST FAILED.' > /workspace/status.txt - print_serial=true -fi - -if $print_serial; then - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_cmd.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_cmd.sh deleted file mode 100644 index e4ffd1dbc..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_cmd.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -SERIAL_OUTPUT=$(read_serial $1 $2) -if echo $SERIAL_OUTPUT | grep -q 'CMD is not allowed to be overridden on this image' -then - echo "- CMD launch policy verified" -else - echo "FAILED: CMD launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_cmd_cloudlogging.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_cmd_cloudlogging.sh deleted file mode 100644 index 544e41f6e..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_cmd_cloudlogging.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_cloud_logging.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'CMD is not allowed to be overridden on this image' -then - echo "- CMD launch policy verified" -else - echo "FAILED: CMD launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $CLOUD_LOGGING_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_env.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_env.sh deleted file mode 100644 index 66f20d676..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_env.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -SERIAL_OUTPUT=$(read_serial $1 $2) -if echo $SERIAL_OUTPUT | grep -q --fixed-strings 'env var {OUT a} is not allowed to be overridden on this image; allowed envs to be overridden: [ALLOWED_OVERRIDE]' -then - echo "- Env launch policy verified" -else - echo "FAILED: Env launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_env_cloudlogging.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_env_cloudlogging.sh deleted file mode 100644 index 0898f4193..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_env_cloudlogging.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_cloud_logging.sh - -# Allow VM some time to boot and write to cloud logging. -sleep 120 - -CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) -if echo $CLOUD_LOGGING_OUTPUT | grep -q --fixed-strings 'env var {OUT a} is not allowed to be overridden on this image; allowed envs to be overridden: [ALLOWED_OVERRIDE]' -then - echo "- Env launch policy verified" -else - echo "FAILED: Env launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $CLOUD_LOGGING_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_health_monitoring.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_health_monitoring.sh deleted file mode 100644 index 046b350cc..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_health_monitoring.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -SERIAL_OUTPUT=$(read_serial $1 $2) -if echo $SERIAL_OUTPUT | grep -q "$3" -then - echo "- Health monitoring launch policy verified" -else - echo "FAILED: Health monitoring launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_debug.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_debug.sh deleted file mode 100644 index df540bd9f..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_debug.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -SERIAL_OUTPUT=$(read_serial $1 $2) -if echo $SERIAL_OUTPUT | grep -q 'logging redirection not allowed by image' -then - echo "- Log launch policy verified" -else - echo "FAILED: Log launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_debug_cloudlogging.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_debug_cloudlogging.sh deleted file mode 100644 index 2c0740c65..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_debug_cloudlogging.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_cloud_logging.sh - -# Allow VM some time to boot and write to cloud logging. -sleep 120 - -CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'logging redirection not allowed by image' -then - echo "- Log launch policy verified" -else - echo "FAILED: Log launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $CLOUD_LOGGING_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_never.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_never.sh deleted file mode 100644 index df540bd9f..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_never.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -SERIAL_OUTPUT=$(read_serial $1 $2) -if echo $SERIAL_OUTPUT | grep -q 'logging redirection not allowed by image' -then - echo "- Log launch policy verified" -else - echo "FAILED: Log launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_never_cloudlogging.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_never_cloudlogging.sh deleted file mode 100644 index 2c0740c65..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_log_never_cloudlogging.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_cloud_logging.sh - -# Allow VM some time to boot and write to cloud logging. -sleep 120 - -CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) -if echo $CLOUD_LOGGING_OUTPUT | grep -q 'logging redirection not allowed by image' -then - echo "- Log launch policy verified" -else - echo "FAILED: Log launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $CLOUD_LOGGING_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_memory_monitoring.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_memory_monitoring.sh deleted file mode 100644 index ff45d602c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_launchpolicy_memory_monitoring.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -SERIAL_OUTPUT=$(read_serial $1 $2) -if echo $SERIAL_OUTPUT | grep -q "$3" -then - echo "- Memory monitoring launch policy verified" -else - echo "FAILED: Memory monitoring launch policy verification" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_log_redirect.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_log_redirect.sh deleted file mode 100644 index 3b3ac4b75..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_log_redirect.sh +++ /dev/null @@ -1,30 +0,0 @@ - #!/bin/bash -set -euxo pipefail -source util/read_serial.sh -source util/read_cloud_logging.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -output="" -if [[ "$1" == "serial" ]]; then - echo "Reading from serial console for VM $3 in zone $4" - output=$(read_serial $3 $4) -elif [[ "$1" == "cloud_logging" ]]; then - echo "Reading from cloud logging for VM $3" - output=$(read_cloud_logging $3) -else - echo "Usage: test_log_redirect.sh " - return 1 -fi - -if [[ $output != *"Token looks okay"* ]] && [[ "$2" == "true" ]]; then - echo "FAILED: did not find workload logs in $1, but expected to:" - echo $output - echo 'TEST FAILED.' > /workspace/status.txt -elif [[ $output == *"Token looks okay"* ]] && [[ "$2" == "false" ]]; then - echo "FAILED: found workload logs in $1, but did not expect to:" - echo $output - echo 'TEST FAILED.' > /workspace/status.txt -fi - diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_mds_var_change.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_mds_var_change.sh deleted file mode 100644 index 2985f51ca..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_mds_var_change.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -SERIAL_OUTPUT=$(read_serial $1 $2) -# Check MDS variables haven't been changed to use the wrong workload image. -if echo $SERIAL_OUTPUT | grep -v 'Hello from Cloud Run!' -then - echo "- verified changed MDS vars have no effect" -else - echo "FAILED: MDS variables changed" - echo 'TEST FAILED' > /workspace/status.txt -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_memory_monitoring.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_memory_monitoring.sh deleted file mode 100644 index c06013dcd..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_memory_monitoring.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -set -euxo pipefail -source util/read_serial.sh - -# Allow VM some time to boot and write to serial console. -sleep 120 - -SERIAL_OUTPUT=$(read_serial $1 $2) -if echo $SERIAL_OUTPUT | grep -q "$3" -then - echo "- '$3' found in the VM serial output" -else - echo "FAILED: '$3' not found in the VM serial output" - echo 'TEST FAILED.' > /workspace/status.txt - echo $SERIAL_OUTPUT -fi - diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_multiwriterpd_disabled.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_multiwriterpd_disabled.sh deleted file mode 100644 index 025775aa5..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_multiwriterpd_disabled.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -set -euo pipefail - -echo 'Running multi-writer PD test' - -# grep -z reads the whole input, and -v inverts matches. -from_src_image=$(gcloud beta compute disks create --image-family confidential-space --image-project confidential-space-images --multi-writer test-multi-writer-img --zone us-west1-a 2>&1 || true) -if echo "$from_src_image" | grep -vz 'Cannot create a multi-writer disk from a source image'; then - echo "$from_src_image" - echo 'Multi-writer PD creation from image source enabled.' - echo 'TEST FAILED.' > /workspace/status.txt -fi - -DISK_NAME="source-boot-disk-$BUILD_ID" -echo "Creating PD $DISK_NAME" -gcloud compute disks create --image-family confidential-space --image-project confidential-space-images $DISK_NAME --zone us-west1-a - -from_src_disk=$(gcloud beta compute disks create test-multi-writer-disk --source-disk=$DISK_NAME --multi-writer --zone us-west1-a 2>&1 || true) -# Cleanup disk before seeing test result. -gcloud compute disks delete $DISK_NAME -q --zone us-west1-a -if echo "$from_src_disk" | grep -vz 'Cannot create a multi-writer disk from a source disk'; then - echo "$from_src_disk" - echo 'Multi-writer PD creation from boot disk source enabled.' - echo 'TEST FAILED.' > /workspace/status.txt -fi diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_os_config_os_policy.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_os_config_os_policy.sh deleted file mode 100644 index 655147d16..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_os_config_os_policy.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -set -euo pipefail - -if $1 == 'debug' -then - echo 'Running OS Config OS Policy enabled test' -else - echo 'Running OS Config OS Policy disabled test' -fi - -cat <> shutdown-ospolicy.yaml -osPolicies: - - id: shutdown-policy - mode: ENFORCEMENT - resourceGroups: - - resources: - id: shutdown-vm - exec: - validate: - interpreter: SHELL - script: if true; then sudo shutdown now; else exit 101; fi - enforce: - interpreter: SHELL - script: exit 100 -instanceFilter: - inclusionLabels: - - labels: - shutdown-label: $2 -rollout: - disruptionBudget: - percent: 100 - minWaitDuration: 1s -EOT - -gcloud compute instances add-labels $2 --labels=shutdown-label=$2 --zone=$3 || true -GCLOUD_OUTPUT=$(gcloud compute os-config os-policy-assignments create shutdown-policy --location=$3 --file=shutdown-ospolicy.yaml | tail -1 || true) - -if echo $GCLOUD_OUTPUT | grep -q 'Created OS policy assignment [shutdown-policy]' -then - GCLOUD_OUTPUT=$(gcloud compute instances describe $2 --zone=$3 --format="value(status)" || true) -else - echo 'TEST FAILED: OS policy assignment could not be created' - echo 'TEST FAILED.' > /workspace/status.txt - exit 1 -fi - -if $1 == 'debug' -then - if echo $GCLOUD_OUTPUT | grep -q 'TERMINATED' - then - echo 'Success: OS policy assignment stops the VM' - else - echo 'TEST FAILED: VM did not terminate' - echo 'TEST FAILED.' > /workspace/status.txt - fi -else - if echo $GCLOUD_OUTPUT | grep -q 'TERMINATED' - then - echo 'TEST FAILED: VM incorrectly terminated' - echo 'TEST FAILED.' > /workspace/status.txt - else - echo 'Success: OS policy assignment does not affect VM' - fi -fi - -gcloud compute os-config os-policy-assignments delete shutdown-policy --location=$3 --quiet || true diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_ssh_manual.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_ssh_manual.sh deleted file mode 100755 index 452b6a456..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_ssh_manual.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash -set -euxo pipefail - -print_usage() { - echo "usage: test_ssh_manual.sh [-i imageName] [-p imageProject]" - echo " -i : which image name to use for the VM" - echo " -p : which image project to use for the VM" - exit 1 -} - -run_ssh_test() { - BUILD_ID=$(date +%s) - HOME_DIR=$(echo ~) - VM_NAME="cs-ssh-test-$BUILD_ID" - WORKLOAD_IMAGE='us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' - ZONE="us-central1-a" - - ACCOUNT_NAME=$(gcloud config list account --format "value(core.account)" | tr @. _) - PROJECT_NAME=$(gcloud config get-value project) - - # Create a new VM - source create_vm.sh -n $VM_NAME -i $IMAGE_NAME -p $IMAGE_PROJECT -m tee-image-reference=$WORKLOAD_IMAGE,tee-container-log-redirect=true,enable-osconfig=TRUE -z $ZONE - - # Add an SSH public key to an OS Login profile - gcloud compute os-login ssh-keys add --key-file=$HOME_DIR/.ssh/google_compute_engine.pub || true - - echo "Sleeping so settings have time to propagate." - sleep 30 - - # SSH into VM with script - if [[ $IMAGE_NAME == *"debug"* ]]; then - if ssh -i ~/.ssh/google_compute_engine -o StrictHostKeyChecking=no $ACCOUNT_NAME@nic0.$VM_NAME.$ZONE.c.$PROJECT_NAME.internal.gcpnode.com "echo 'SSHABLE'; exit" ; then - echo "Success: SSH to host was successful" - sed -i '$ d' ~/.ssh/known_hosts - else - echo "TEST FAILED: SSH to host was ussuccessful" - fi - else - if ssh -i ~/.ssh/google_compute_engine -o StrictHostKeyChecking=no $ACCOUNT_NAME@nic0.$VM_NAME.$ZONE.c.$PROJECT_NAME.internal.gcpnode.com "echo 'SSHABLE'; exit" ; then - echo "TEST FAILED: SSH to host was successful" - sed -i '$ d' ~/.ssh/known_hosts - else - echo "Success: SSH to host was ussuccessful" - fi - fi - - - # Clean up - CLEANUP=true - source cleanup.sh $VM_NAME $ZONE -} - -IMAGE_NAME='' -IMAGE_PROJECT='' - -# In getopts, a ':' following a letter means that that flag takes an argument. -# For example, i: means -i takes an additional argument. -while getopts 'i:p:' flag; do - case "${flag}" in - i) IMAGE_NAME=${OPTARG} ;; - p) IMAGE_PROJECT=${OPTARG} ;; - *) print_usage ;; - esac -done - -if [ -z "$IMAGE_NAME" ]; then - echo "Empty image name supplied." - exit 1 -fi - -if [ -z "$IMAGE_PROJECT" ]; then - echo "Empty image project supplied." - exit 1 -fi - -run_ssh_test diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_startupscript_disabled.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_startupscript_disabled.sh deleted file mode 100644 index fcdf27d79..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/scripts/test_startupscript_disabled.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -euo pipefail -source util/read_serial.sh - -echo 'Running startup script test' - -echo 'Reading from serial port:' -SERIAL_OUTPUT=$(read_serial $1 $2) -echo $SERIAL_OUTPUT - -# Without the or logic, this step will fail and cleanup does not run. -# Instead, we put the test assertion output in /workspace/status.txt. -echo $SERIAL_OUTPUT | grep -v 'Executing startup script' || echo 'TEST FAILED' > /workspace/status.txt diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_debug_cloudbuild.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_debug_cloudbuild.yaml deleted file mode 100644 index 471784f57..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_debug_cloudbuild.yaml +++ /dev/null @@ -1,79 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-debug-test' - '_ZONE': 'us-central1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest,tee-cmd=["newCmd"],tee-env-ALLOWED_OVERRIDE=overridden' -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVM - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: BasicWorkloadTest - entrypoint: 'bash' - args: ['scripts/test_launcher_workload.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: BasicWorkloadTestCloudLogging - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_launcher_workload_cloudlogging.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: ChangeMDSVariables - entrypoint: 'bash' - args: ['util/change_metadata_vars.sh', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - '-m', 'tee-image-reference=gcr.io/cloudrun/hello:latest', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: ChangeMDSVariablesTest - entrypoint: 'bash' - args: ['scripts/test_mds_var_change.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckDebugVMAliveAfterLauncherExits - script: | - #!/usr/bin/env bash - set -euo pipefail - - # Waiting for 2.5 mins, after the workload is finished. - # If using a debug image, the VM should still be accessible after - # the workload exit normally. - # Check the script: launcher/image/exit_script.sh for detail logic. - sleep 150 - - result=$(gcloud compute instances list --filter="name=(${_VM_NAME_PREFIX}-${BUILD_ID})" --zones=${_ZONE} --format="value(STATUS)") - - if [[ "${result}" == "RUNNING" ]]; then - echo "verified debug VM is still running after 2.5 mins" - else - echo "FAILED: expect debug VM to be still running" - echo "TEST FAILED. Expect debug VM to be still running" > /workspace/status.txt - fi - automapSubstitutions: true -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_debug_unstable_cloudbuild.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_debug_unstable_cloudbuild.yaml deleted file mode 100644 index fd0bf9a4c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_debug_unstable_cloudbuild.yaml +++ /dev/null @@ -1,40 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-debug-test' - '_ZONE': 'us-central1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVM - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-cmd=["newCmd"],tee-env-ALLOWED_OVERRIDE=overridden,enable-osconfig=TRUE', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: OsConfigOsPolicyEnabledTest - entrypoint: 'bash' - args: ['scripts/test_os_config_os_policy.sh', 'debug', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_discover_signatures.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_discover_signatures.yaml deleted file mode 100644 index 54ee516cd..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_discover_signatures.yaml +++ /dev/null @@ -1,69 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'discover-signatures' - '_ZONE': 'us-west1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' - '_SIGNATURE_REPO': 'us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/hardened' - -steps: -- name: 'gcr.io/projectsigstore/cosign:v2.2.0' - id: SignContainer - entrypoint: 'sh' - env: - - 'BUILD_ID=$BUILD_ID' - args: - - -c - - | - # Unpadded base64 encoding on the CloudKMS public key - pub=$(cosign public-key --key gcpkms://projects/confidential-space-images-dev/locations/global/keyRings/cosign-test/cryptoKeys/ecdsa/cryptoKeyVersions/1 | openssl base64) - pub=$(echo $pub | tr -d '[:space:]' | sed 's/[=]*$//') - # Use cosign sign - export COSIGN_REPOSITORY=${_SIGNATURE_REPO} - cosign sign --key gcpkms://projects/confidential-space-images-dev/locations/global/keyRings/cosign-test/cryptoKeys/ecdsa/cryptoKeyVersions/1 ${_WORKLOAD_IMAGE} -a dev.cosignproject.cosign/sigalg=ECDSA_P256_SHA256 -a dev.cosignproject.cosign/pub=$pub -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVM - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-signed-image-repos=${_SIGNATURE_REPO},tee-env-ALLOWED_OVERRIDE=overridden,tee-cmd=["newCmd"]', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: BasicDiscoverSignaturesTest - entrypoint: 'bash' - args: ['scripts/test_launcher_workload_discover_signatures.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}', 'Found container image signatures', '1'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: DeleteContainerSignatures - env: - - 'BUILD_ID=$BUILD_ID' - entrypoint: 'bash' - args: - - -c - - | - echo "Deleting container signatures..." - digest=$(gcloud artifacts docker images describe ${_WORKLOAD_IMAGE} --format 'value(image_summary.digest)') - tag=${digest/":"/"-"}.sig - # Delete container signature by its tag - gcloud artifacts docker images delete -q ${_SIGNATURE_REPO}:${tag} -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_experiments_client.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_experiments_client.yaml deleted file mode 100644 index 5515099d7..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_experiments_client.yaml +++ /dev/null @@ -1,40 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-experiments-test' - '_ZONE': 'asia-east1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVM - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: TestExperimentTrue - entrypoint: 'bash' - args: ['scripts/test_experiment_value.sh', "true", '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_hardened_cloudbuild.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_hardened_cloudbuild.yaml deleted file mode 100644 index d7cf7b719..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_hardened_cloudbuild.yaml +++ /dev/null @@ -1,77 +0,0 @@ -substitutions: - # Expects hardened image (not debug) and should have startup-script service - # disabled. google-startup-scripts.service is only enabled with multi-user.target. - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - # Add user-data in the metadata to test if it is disabled. - '_METADATA_FILE': 'startup-script=data/echo_startupscript.sh,user-data=data/cloud-init-config.yaml' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-hardened-test' - '_ZONE': 'us-west1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVM - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-f', '${_METADATA_FILE}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-cmd=["newCmd"],tee-env-ALLOWED_OVERRIDE=overridden', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: BasicWorkloadTest - entrypoint: 'bash' - args: ['scripts/test_launcher_workload.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: BasicWorkloadTestCloudLogging - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_launcher_workload_cloudlogging.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: ChangeMDSVariables - entrypoint: 'bash' - args: ['util/change_metadata_vars.sh', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - '-m', 'tee-image-reference=gcr.io/cloudrun/hello:latest', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: ChangeMDSVariablesTest - entrypoint: 'bash' - args: ['scripts/test_mds_var_change.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: MultiWriterPDTest - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['scripts/test_multiwriterpd_disabled.sh'] -- name: 'gcr.io/cloud-builders/gcloud' - id: StartupScriptDisabledTest - entrypoint: 'bash' - args: ['scripts/test_startupscript_disabled.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CloudInitUserDataDisabledTest - entrypoint: 'bash' - args: ['scripts/test_cloud_init_userdata_disabled.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_hardened_unstable_cloudbuild.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_hardened_unstable_cloudbuild.yaml deleted file mode 100644 index 25d1293ec..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_hardened_unstable_cloudbuild.yaml +++ /dev/null @@ -1,40 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-hardened-test' - '_ZONE': 'asia-south2-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVM - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-cmd=["newCmd"],tee-env-ALLOWED_OVERRIDE=overridden,enable-osconfig=TRUE', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: OsConfigOsPolicyDisabledTest - entrypoint: 'bash' - args: ['scripts/test_os_config_os_policy.sh', 'hardened', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_health_monitoring.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_health_monitoring.yaml deleted file mode 100644 index 5e69b3dc9..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_health_monitoring.yaml +++ /dev/null @@ -1,97 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'health-monitoring' - '_ZONE': 'us-west1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoring:latest' - -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMAllMonitoringEnabled - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-enable=all', - '-n', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckAllMonitoringEnabled - entrypoint: 'bash' - # Search a regex pattern that ensures all monitoring is enabled and measured into COS event logs. - args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '${_ZONE}', 'Health Monitoring is enabled by the VM operator.*All health monitoring metrics enabled'] - waitFor: ['CreateVMAllMonitoringEnabled'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpVMAllMonitoringEnabled - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CheckAllMonitoringEnabled'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMMemoryOnlyMonitoringEnabled - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-enable=memoryonly', - '-n', '${_VM_NAME_PREFIX}-mem-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckMemoryOnlyMonitoringEnabled - entrypoint: 'bash' - # Search a regex pattern that ensures all monitoring is enabled and measured into COS event logs. - args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-mem-${BUILD_ID}', '${_ZONE}', 'memory/bytes_used enabled'] - waitFor: ['CreateVMMemoryOnlyMonitoringEnabled'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpVMMemoryOnlyMonitoringEnabled - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-mem-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CheckMemoryOnlyMonitoringEnabled'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMMonitoringDisabled - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-enable=none', - '-n', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckMonitoringDisabled - entrypoint: 'bash' - # Search a regex pattern that ensures monitoring is disabled and measured into COS event logs. - args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '${_ZONE}', 'Health Monitoring is disabled'] - waitFor: ['CreateVMMonitoringDisabled'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpVMMonitoringDisabled - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CheckMonitoringDisabled'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_http_server.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_http_server.yaml deleted file mode 100644 index e2e2e2168..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_http_server.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Test that the TEE server can accept requests for and serve custom tokens. -# This is a happy path test. -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-http-server-test' - '_ZONE': 'asia-east1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath:latest' -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVM - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: TestCustomToken - entrypoint: 'bash' - args: ['scripts/test_custom_token.sh', "true", '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_ingress_network.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_ingress_network.yaml deleted file mode 100644 index fec168834..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_ingress_network.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# This test needs to be run in a private Cloud Build pool, so the Cloud Build instance -# can be in the same network as the test VM. -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_ZONE': 'asia-east1-a' - '_WORKLOAD_IMAGE': 'docker.io/library/nginx:latest' - -steps: - - name: 'gcr.io/cloud-builders/gcloud' - id: CreateServerWorkload - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE}', - '-n', 'ingress-network-test-${BUILD_ID}', - '-z', '${_ZONE}', - ] - - - name: 'gcr.io/cloud-builders/gcloud' - id: CheckReachability - waitFor: ['CreateServerWorkload'] - entrypoint: 'bash' - args: - - -c - - | - echo "sleeping 200s, waiting for workload server to setup..." - sleep 200 - internalIP=$(gcloud -q compute instances describe ingress-network-test-${BUILD_ID} --zone=${_ZONE} --format='get(networkInterfaces[0].networkIP)') - echo "workload internal IP: "${internalIP} - - # try to connect to the nginx server - response=$(curl -v ${internalIP}:80) - echo "got response [${response}]" - - # check nginx default response - if [[ "${response}" == *"Welcome to nginx!"* ]]; - then - echo "workload reachable through the internal network" - else - echo "FAILED: workload not reachable through the internal network" - echo 'TEST FAILED' > /workspace/status.txt - fi - - - name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - waitFor: ['CheckReachability'] - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', 'ingress-network-test-${BUILD_ID}', '${_ZONE}'] - - # Must come after cleanup. - - name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - waitFor: ['CleanUp'] - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_launchpolicy_cloudbuild.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_launchpolicy_cloudbuild.yaml deleted file mode 100644 index 1b042c87a..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_launchpolicy_cloudbuild.yaml +++ /dev/null @@ -1,286 +0,0 @@ -substitutions: - '_HARDENED_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - # Add user-data in the metadata to test if it is disabled. - '_METADATA_FILE': 'startup-script=data/echo_startupscript.sh,user-data=data/cloud-init-config.yaml' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-launchpolicy-test' - '_ZONE': 'us-east4-a' - '_WORKLOAD_IMAGE_LOG_NEVER': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicylognever:latest' - '_WORKLOAD_IMAGE_LOG_DEBUG': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicylogdebug:latest' - '_WORKLOAD_IMAGE_ENV': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' - '_WORKLOAD_IMAGE_CMD': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicycmd:latest' - '_WORKLOAD_IMAGE_MEMORY_MONITOR_NEVER': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoringnever:latest' - '_WORKLOAD_IMAGE_MEMORY_MONITOR_DEBUG': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoringdebug:latest' - '_WORKLOAD_IMAGE_HEALTH_MONITOR_NEVER': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringnone:latest' - '_WORKLOAD_IMAGE_HEALTH_MONITOR_DEBUG': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringdebug:latest' - '_WORKLOAD_IMAGE_HEALTH_MONITOR_MEMORY': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringmemory:latest' - '_MEMORY_MONITOR_VM_NAME_PREFIX': 'memory-monitor' - '_HEALTH_MONITOR_VM_NAME_PREFIX': 'health-monitor' -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMLogOverride - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-f', '${_METADATA_FILE}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_LOG_NEVER},tee-container-log-redirect=true', - '-n', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogOverrideTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_log_never.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CreateVMLogOverride'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogOverrideTestCloudLogging - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_launchpolicy_log_never_cloudlogging.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}'] - waitFor: ['CreateVMLogOverride'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpLogOverride - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '${_ZONE}'] - waitFor: ['LogOverrideTest', 'LogOverrideTestCloudLogging'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMLogOverrideDebug - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-f', '${_METADATA_FILE}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_LOG_DEBUG},tee-container-log-redirect=true', - '-n', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogOverrideDebugTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_log_debug.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CreateVMLogOverrideDebug'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogOverrideDebugTestCloudLogging - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_launchpolicy_log_debug_cloudlogging.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}'] - waitFor: ['CreateVMLogOverrideDebug'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpLogOverrideDebug - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '${_ZONE}'] - waitFor: ['LogOverrideDebugTest', 'LogOverrideDebugTestCloudLogging'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMEnvOverride - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-f', '${_METADATA_FILE}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_ENV},tee-env-OUT=a', - '-n', '${_VM_NAME_PREFIX}-env-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: EnvOverrideTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_env.sh', '${_VM_NAME_PREFIX}-env-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CreateVMEnvOverride'] -- name: 'gcr.io/cloud-builders/gcloud' - id: EnvOverrideTestCloudLogging - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_launchpolicy_env_cloudlogging.sh', '${_VM_NAME_PREFIX}-env-${BUILD_ID}'] - waitFor: ['CreateVMEnvOverride'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpEnvOverride - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-env-${BUILD_ID}', '${_ZONE}'] - waitFor: ['EnvOverrideTest', 'EnvOverrideTestCloudLogging'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMCmdOverride - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-f', '${_METADATA_FILE}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_CMD},tee-cmd=["newCmd"]', - '-n', '${_VM_NAME_PREFIX}-cmd-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: CmdOverrideTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_cmd.sh', '${_VM_NAME_PREFIX}-cmd-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CreateVMCmdOverride'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CmdOverrideTestCloudLogging - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_launchpolicy_cmd_cloudlogging.sh', '${_VM_NAME_PREFIX}-cmd-${BUILD_ID}'] - waitFor: ['CreateVMCmdOverride'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpCmdOverride - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-cmd-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CmdOverrideTest', 'CmdOverrideTestCloudLogging'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMMemoryMonitorDebugOnly - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_MEMORY_MONITOR_DEBUG},tee-monitoring-memory-enable=true', - '-n', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: MemoryMonitorDebugOnlyTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_memory_monitoring.sh', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '${_ZONE}', 'memory monitoring only allowed on debug environment by image'] - waitFor: ['CreateVMMemoryMonitorDebugOnly'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpMemoryMonitorDebugOnly - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '${_ZONE}'] - waitFor: ['MemoryMonitorDebugOnlyTest'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMMemoryMonitorNever - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_MEMORY_MONITOR_NEVER},tee-monitoring-memory-enable=true', - '-n', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: MemoryMonitorNeverTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_memory_monitoring.sh', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '${_ZONE}', 'memory monitoring not allowed by image'] - waitFor: ['CreateVMMemoryMonitorNever'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpMemoryMonitorNever - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '${_ZONE}'] - waitFor: ['MemoryMonitorNeverTest'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMHealthMonitorDebugOnly - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_HEALTH_MONITOR_DEBUG},tee-monitoring-enable=all', - '-n', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: HealthMonitorDebugOnlyTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_health_monitoring.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '${_ZONE}', "'none' monitoring allowed on hardened environment.*'all' monitoring allowed on debug environment"] - waitFor: ['CreateVMHealthMonitorDebugOnly'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpHealthMonitorDebugOnly - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '${_ZONE}'] - waitFor: ['HealthMonitorDebugOnlyTest'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMHealthMonitorNever - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_HEALTH_MONITOR_NEVER},tee-monitoring-enable=all', - '-n', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: HealthMonitorNeverTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_health_monitoring.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '${_ZONE}', "'none' monitoring allowed on hardened environment.*'none' monitoring allowed on debug environment"] - waitFor: ['CreateVMHealthMonitorNever'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpHealthMonitorNever - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '${_ZONE}'] - waitFor: ['HealthMonitorNeverTest'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMHealthMonitorMemory - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_HEALTH_MONITOR_MEMORY},tee-monitoring-enable=memoryonly', - '-n', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-mem-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: HealthMonitorMemoryTest - entrypoint: 'bash' - args: ['scripts/test_launchpolicy_health_monitoring.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-mem-${BUILD_ID}', '${_ZONE}', "'memoryOnly' monitoring allowed on hardened environment.*'memoryOnly' monitoring allowed on debug environment"] - waitFor: ['CreateVMHealthMonitorMemory'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpHealthMonitorMemory - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-mem-${BUILD_ID}', '${_ZONE}'] - waitFor: ['HealthMonitorMemoryTest'] - -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_log_redirection.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_log_redirection.yaml deleted file mode 100644 index 9fea6ba5f..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_log_redirection.yaml +++ /dev/null @@ -1,143 +0,0 @@ -substitutions: - '_HARDENED_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-logredirect-test' - '_ZONE': 'us-west1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic_test:latest' - -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMRedirectAll - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-all', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogAllCheckSerialTest - entrypoint: 'bash' - args: ['scripts/test_log_redirect.sh', 'serial', 'true', '${_VM_NAME_PREFIX}-${BUILD_ID}-all', '${_ZONE}'] - waitFor: ['CreateVMRedirectAll'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogAllCheckCloudLoggingTest - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_log_redirect.sh', 'cloud_logging', 'true', '${_VM_NAME_PREFIX}-${BUILD_ID}-all', '${_ZONE}'] - waitFor: ['CreateVMRedirectAll'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpLogAllTest - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-all', '${_ZONE}'] - waitFor: ['LogAllCheckSerialTest', 'LogAllCheckCloudLoggingTest'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMRedirectSerial - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=serial', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-serial', - '-z', '${_ZONE}', - ] - waitFor: ['-'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogSerialCheckSerialTest - entrypoint: 'bash' - args: ['scripts/test_log_redirect.sh', 'serial', 'true', '${_VM_NAME_PREFIX}-${BUILD_ID}-serial', '${_ZONE}'] - waitFor: ['CreateVMRedirectSerial'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogSerialCheckCloudLoggingTest - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_log_redirect.sh', 'cloud_logging', 'false', '${_VM_NAME_PREFIX}-${BUILD_ID}-serial', '${_ZONE}'] - waitFor: ['CreateVMRedirectSerial'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpLogSerialTest - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-serial', '${_ZONE}'] - waitFor: ['LogSerialCheckCloudLoggingTest', 'LogSerialCheckCloudLoggingTest'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMRedirectCloudLogging - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=cloud_logging', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-clog', - '-z', '${_ZONE}', - ] - waitFor: ['-'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogCloudLoggingCheckSerialTest - entrypoint: 'bash' - args: ['scripts/test_log_redirect.sh', 'serial', 'false', '${_VM_NAME_PREFIX}-${BUILD_ID}-clog', '${_ZONE}'] - waitFor: ['CreateVMRedirectCloudLogging'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogCloudLoggingCheckCloudLoggingTest - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_log_redirect.sh', 'cloud_logging', 'true', '${_VM_NAME_PREFIX}-${BUILD_ID}-clog', '${_ZONE}'] - waitFor: ['CreateVMRedirectCloudLogging'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpLogCloudLoggingTest - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-clog', '${_ZONE}'] - waitFor: ['LogCloudLoggingCheckSerialTest', 'LogCloudLoggingCheckCloudLoggingTest'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMRedirectNone - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=false', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-none', - '-z', '${_ZONE}', - ] - waitFor: ['-'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogNoneCheckSerialTest - entrypoint: 'bash' - args: ['scripts/test_log_redirect.sh', 'serial', 'false', '${_VM_NAME_PREFIX}-${BUILD_ID}-none', '${_ZONE}'] - waitFor: ['CreateVMRedirectNone'] -- name: 'gcr.io/cloud-builders/gcloud' - id: LogNoneCheckCloudLoggingTest - entrypoint: 'bash' - env: - - 'PROJECT_ID=$PROJECT_ID' - args: ['scripts/test_log_redirect.sh', 'cloud_logging', 'false', '${_VM_NAME_PREFIX}-${BUILD_ID}-none', '${_ZONE}'] - waitFor: ['CreateVMRedirectNone'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpLogNoneTest - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-none', '${_ZONE}'] - waitFor: ['LogNoneCheckSerialTest', 'LogNoneCheckCloudLoggingTest'] - -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_memory_monitoring.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_memory_monitoring.yaml deleted file mode 100644 index ee496606b..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_memory_monitoring.yaml +++ /dev/null @@ -1,71 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'memory-monitoring' - '_ZONE': 'us-west1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoring:latest' - -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMMemoryMemonitorEnabled - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-memory-enable=true', - '-n', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckMemoryMonitoringEnabled - entrypoint: 'bash' - # Search a regex pattern that ensures memory monitoring is enabled and measured into COS event logs. - args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '${_ZONE}', 'node-problem-detector.service successfully started.*Successfully measured memory monitoring event'] - waitFor: ['CreateVMMemoryMemonitorEnabled'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpVMMemoryMonitorEnabled - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CheckMemoryMonitoringEnabled'] - -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMMemoryMemonitorDisabled - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-memory-enable=false', - '-n', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', - '-z', '${_ZONE}', - ] - waitFor: ['-'] # The '-' indicates that this step begins immediately. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckMemoryMonitoringDisabled - entrypoint: 'bash' - # Search a regex pattern that ensures memory monitoring is disabled and measured into COS event logs. - args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '${_ZONE}', 'Successfully measured memory monitoring event.*MemoryMonitoring is disabled by the VM operator'] - waitFor: ['CreateVMMemoryMemonitorDisabled'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpVMMemoryMonitorDisabled - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '${_ZONE}'] - waitFor: ['CheckMemoryMonitoringDisabled'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_mounts.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_mounts.yaml deleted file mode 100644 index 2fa6ef1c7..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_mounts.yaml +++ /dev/null @@ -1,150 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-mounts-test' - '_ZONE': 'us-west1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/mounts_workload:latest' - '_DEV_SHM_SIZE_KB': '128000' - '_TMPFS_SIZE_KB': '222' -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMWithDefaultDevShmSize - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', '^~^tee-image-reference=${_WORKLOAD_IMAGE}~tee-container-log-redirect=true', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-default', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMWithMountsAllowed - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - - '_DEV_SHM_SIZE_KB=$_DEV_SHM_SIZE_KB' - - '_TMPFS_SIZE_KB=$_TMPFS_SIZE_KB' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', '^~^tee-image-reference=${_WORKLOAD_IMAGE}~tee-container-log-redirect=true~tee-mount=type=tmpfs,source=tmpfs,destination=/tmp/sized,size=${_TMPFS_SIZE_KB}000~tee-dev-shm-size-kb=${_DEV_SHM_SIZE_KB}', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-allowed', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMWithMountsDenied - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', '^~^tee-image-reference=${_WORKLOAD_IMAGE}~tee-container-log-redirect=true~tee-mount=type=tmpfs,source=tmpfs,destination=/disallowed', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-denied', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckDevShmExists - env: - - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - - 'BUILD_ID=$BUILD_ID' - - '_ZONE=$_ZONE' - script: | - #!/bin/bash - set -euo pipefail - source util/read_serial.sh - - sleep 45 - SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-default ${_ZONE}) - if echo $SERIAL_OUTPUT | grep -q "shm.*/dev/shm" - then - echo "- Verified /dev/shm mounted by defaul" - else - echo "FAILED: /dev/shm mount failed" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT - fi -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckMountsAllowed - env: - - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - - 'BUILD_ID=$BUILD_ID' - - '_ZONE=$_ZONE' - - '_DEV_SHM_SIZE_KB=$_DEV_SHM_SIZE_KB' - - '_TMPFS_SIZE_KB=$_TMPFS_SIZE_KB' - script: | - #!/bin/bash - set -euo pipefail - source util/read_serial.sh - - sleep 45 - SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-allowed ${_ZONE}) - if echo $SERIAL_OUTPUT | grep -q "tmpfs.*220.*/tmp/sized" - then - echo "- Mount verified for sized tmpfs" - else - echo "FAILED: Mount verification for sized tmpfs" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT - fi - if echo $SERIAL_OUTPUT | grep -q "shm.*${_DEV_SHM_SIZE_KB}.*/dev/shm" - then - echo "- Mount verified for /dev/shm size" - else - echo "FAILED: Mount verification for /dev/shm size" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT - fi - -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckMountsDenied - env: - - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - - 'BUILD_ID=$BUILD_ID' - - '_ZONE=$_ZONE' - script: | - #!/bin/bash - set -euo pipefail - source util/read_serial.sh - - sleep 45 - SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-denied ${_ZONE}) - if echo $SERIAL_OUTPUT | grep -q "policy only allows mounts in the following paths" - then - echo "- Mount launch policy verified for disallowed mounts" - else - echo "FAILED: Mount launch policy verification for disallowed mounts" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT - fi - - waitFor: ['CreateVMWithMountsDenied'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpVMWithDefault - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-default', '${_ZONE}'] - waitFor: ['CheckDevShmExists'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpVMWithMountsAllowed - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-allowed', '${_ZONE}'] - waitFor: ['CheckMountsAllowed'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUpVMWithMountsDenied - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-denied', '${_ZONE}'] - waitFor: ['CheckMountsDenied'] - -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_oda_with_signed_container.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_oda_with_signed_container.yaml deleted file mode 100644 index 05c93828b..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_oda_with_signed_container.yaml +++ /dev/null @@ -1,51 +0,0 @@ -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'oda-signedcontainer' - '_ZONE': 'us-west1-a' - # If the workload image changes, the commit author should change the cosign signature as well to not break tests. - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath@sha256:836d4ad39fa0fec5b386c4051a175036bd13d74a75d57933d30f6b804e509c8c' - '_SIGNATURE_REPO': 'us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/oda' - '_EXPECTED_SIG': 'MEUCIFoV6g8jU+EDQZJsySY5KcHYh/yRepxDFSUjhcJZ5du8AiEAooEHwjKsPIxO24NYE565E56DLU9H9vNX+jTP1nYwfNE=' - -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVM - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-signed-image-repos=${_SIGNATURE_REPO},tee-env-ALLOWED_OVERRIDE=overridden,tee-cmd=["newCmd"]', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: TestCustomToken - entrypoint: 'bash' - args: ['scripts/test_custom_token.sh', "true", '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -- name: 'gcr.io/cloud-builders/gcloud' - id: BasicDiscoverSignaturesTest - entrypoint: 'bash' - # Check how many times container image signatures is being logged. - # Since signature logging will occur on refresh the default token, and on attest agent calling the `Attest` method, so the expected number should be 3. - # This also checks the fetched signatures are the same. - args: ['scripts/test_launcher_workload_discover_signatures.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}', '${_EXPECTED_SIG}', '3'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanUp - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] - -options: - pool: - name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_privileged.yaml b/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_privileged.yaml deleted file mode 100644 index 746009be5..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/test_privileged.yaml +++ /dev/null @@ -1,146 +0,0 @@ - -substitutions: - '_IMAGE_NAME': '' - '_IMAGE_PROJECT': '' - '_CLEANUP': 'true' - '_VM_NAME_PREFIX': 'cs-priv' - '_ZONE': 'asia-east1-a' - '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/privileged:latest' - '_BASIC_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' - -steps: -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMWithPrivileges - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - # Caps from https://github.com/containerd/containerd/blob/v2.0.3/pkg/cap/cap_linux.go#L118. - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', '^~^tee-image-reference=${_WORKLOAD_IMAGE}~tee-container-log-redirect=true~tee-cgroup-ns=true~tee-added-capabilities=["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE","CAP_SYS_RAWIO","CAP_SYS_CHROOT","CAP_SYS_PTRACE","CAP_SYS_PACCT","CAP_SYS_ADMIN","CAP_SYS_BOOT","CAP_SYS_NICE","CAP_SYS_RESOURCE","CAP_SYS_TIME","CAP_SYS_TTY_CONFIG","CAP_MKNOD","CAP_LEASE","CAP_AUDIT_WRITE","CAP_AUDIT_CONTROL","CAP_SETFCAP","CAP_MAC_OVERRIDE","CAP_MAC_ADMIN","CAP_SYSLOG","CAP_WAKE_ALARM","CAP_BLOCK_SUSPEND","CAP_AUDIT_READ","CAP_PERFMON","CAP_BPF","CAP_CHECKPOINT_RESTORE"]', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-privileged', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMWithCgroupsDenied - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', '^~^tee-image-reference=${_BASIC_IMAGE}~tee-container-log-redirect=true~tee-cgroup-ns=true', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-cgroupsdenied', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: CreateVMWithCapsDenied - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['create_vm.sh','-i', '${_IMAGE_NAME}', - '-p', '${_IMAGE_PROJECT}', - '-m', '^~^tee-image-reference=${_BASIC_IMAGE}~tee-container-log-redirect=true~tee-added-capabilities=["CAP_SYS_ADMIN"]', - '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-capsdenied', - '-z', '${_ZONE}', - ] -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckPrivilegesExist - env: - - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - - 'BUILD_ID=$BUILD_ID' - - '_ZONE=$_ZONE' - script: | - #!/bin/bash - set -euo pipefail - source util/read_serial.sh - - sleep 45 - SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-privileged ${_ZONE}) - if echo $SERIAL_OUTPUT | grep -q "=ep" - then - echo "- Verified added all caps" - else - echo "FAILED: caps not added" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT - fi - if echo $SERIAL_OUTPUT | grep -q "testgroup" - then - echo "- Verified added cgroup" - else - echo "FAILED: cgroup not added" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT - fi -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckCgroupDenied - env: - - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - - 'BUILD_ID=$BUILD_ID' - - '_ZONE=$_ZONE' - script: | - #!/bin/bash - set -euo pipefail - source util/read_serial.sh - - sleep 45 - SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-cgroupsdenied ${_ZONE}) - if echo $SERIAL_OUTPUT | grep -q "cgroups usage is not allowed" - then - echo "- cgroup not added" - else - echo "FAILED: cgroup added even though policy denied" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT - fi -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckCapsDenied - env: - - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - - 'BUILD_ID=$BUILD_ID' - - '_ZONE=$_ZONE' - script: | - #!/bin/bash - set -euo pipefail - source util/read_serial.sh - - sleep 45 - SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-capsdenied ${_ZONE}) - if echo $SERIAL_OUTPUT | grep -q "additional capabilities are not allowed" - then - echo "- caps not added" - else - echo "FAILED: caps added even though policy denied" - echo 'TEST FAILED' > /workspace/status.txt - echo $SERIAL_OUTPUT - fi - -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanupPrivileged - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-privileged', '${_ZONE}'] - waitFor: ['CheckPrivilegesExist'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanupCgroupDenied - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-cgroupsdenied', '${_ZONE}'] - waitFor: ['CheckCgroupDenied'] -- name: 'gcr.io/cloud-builders/gcloud' - id: CleanupCapsDenied - entrypoint: 'bash' - env: - - 'CLEANUP=$_CLEANUP' - args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-capsdenied', '${_ZONE}'] - waitFor: ['CheckCapsDenied'] - -# Must come after cleanup. -- name: 'gcr.io/cloud-builders/gcloud' - id: CheckFailure - entrypoint: 'bash' - env: - - 'BUILD_ID=$BUILD_ID' - args: ['check_failure.sh'] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/change_metadata_vars.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/change_metadata_vars.sh deleted file mode 100755 index 048015a0d..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/change_metadata_vars.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -set -euxo pipefail - -print_usage() { - echo "usage: change_metadata_vars.sh -n instanceName -z instanceZone [-m metadata] [-f metadataFromFile]" - echo " -m : metadata variables on VM creation; passed directly into gcloud" - echo " -f : read a metadata value from a file; specified in format key=filePath" - echo " -n : instance name" - echo " -z : instance zone" - exit 1 -} - -update_metadata() { - if [ -z "${VM_NAME}" ]; then - echo "Empty VM name supplied." - exit 1 - fi - - if [ -z "${ZONE}" ]; then - echo "Empty zone supplied." - exit 1 - fi - APPEND_ZONE="--zone ${ZONE}" - - if [ -z "${METADATA}${METADATA_FILE}" ]; then - echo "Empty metadata supplied." - exit 1 - fi - - APPEND_METADATA='' - if ! [ -z "${METADATA}" ]; then - APPEND_METADATA="--metadata ${METADATA}" - fi - - APPEND_METADATA_FILE='' - if ! [ -z "${METADATA_FILE}" ]; then - APPEND_METADATA_FILE="--metadata-from-file ${METADATA_FILE}" - fi - - echo "Updating VM ${VM_NAME} in ${ZONE} with metadata: ${METADATA_FILE} ${METADATA}" - - # check the active account - gcloud auth list - - gcloud compute instances add-metadata $VM_NAME \ - $APPEND_ZONE $APPEND_METADATA $APPEND_METADATA_FILE -} - -METADATA_FILE='' -METADATA='' -VM_NAME='' -ZONE='' - -# In getopts, a ':' following a letter means that that flag takes an argument. -# For example, i: means -i takes an additional argument. -while getopts 'f:m:n:z:' flag; do - case "${flag}" in - f) METADATA_FILE=${OPTARG} ;; - m) METADATA=${OPTARG} ;; - n) VM_NAME=${OPTARG} ;; - z) ZONE=${OPTARG} ;; - *) print_usage ;; - esac -done - -update_metadata diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/read_cloud_logging.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/read_cloud_logging.sh deleted file mode 100644 index d4a6defb0..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/read_cloud_logging.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -# read_cloud_logging reads the cloud logging of a test VM. It reads the logs for 1 day. -# It assumes the PROJECT_ID environment variable is set. -# Use var=$(read_cloud_logging ) to capture the output of this command into a variable. -read_cloud_logging() { - gcloud logging read "resource.type=\"gce_instance\" jsonPayload._HOSTNAME=\"$1\" -log_name=\"projects/$PROJECT_ID/logs/confidential-space-launcher\"" \ ---format="value(jsonPayload.MESSAGE)" --order asc -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/read_serial.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/read_serial.sh deleted file mode 100755 index 8718eb0ad..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/test/util/read_serial.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -# read_serial attempts to read the serial output until the workload is finished -# Use var=$(read_serial ) to capture the output of this command into a variable. -read_serial() { - local base_cmd='gcloud compute instances get-serial-port-output $1 --zone $2 2>/workspace/next_start.txt' - local serial_out=$(eval ${base_cmd}) - local last='' - - # timeout after 10 min - timeout="10 minute" - endtime=$(date -ud "$timeout" +%s) - - echo "Reading serial console..." - while [ -s /workspace/next_start.txt ]; do - if [[ $(date -u +%s) -ge $endtime ]]; then - echo "timed out reading serial console, or the workload is running more than ${timeout}" - break - fi - - # VM may already exit - if grep -qi 'Could not fetch serial port output' /workspace/next_start.txt; then - serial_out="$serial_out $1 VM stopped" - break - fi - - next=$(cat /workspace/next_start.txt | sed -n 2p | cut -d ' ' -f2) - local next_cmd="${base_cmd} ${next}" - - # sleeping 5s for the next serial console read - sleep 5 - - local tmp=$(eval ${next_cmd}) - serial_out="$serial_out $tmp" - - # break the loop if the workload is finished - if echo ${serial_out} | grep -qi "TEE container launcher exiting"; then - break - fi - - last=$next - done - - echo $serial_out -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoring/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoring/Dockerfile deleted file mode 100644 index 796b01103..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoring/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoring:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -LABEL "tee.launch_policy.hardened_monitoring"="ALL" -LABEL "tee.launch_policy.debug_monitoring"="ALL" - -ENTRYPOINT ["/main"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringdebug/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringdebug/Dockerfile deleted file mode 100644 index 0f0d1cba1..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringdebug/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringdebug:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -LABEL "tee.launch_policy.hardened_monitoring"="NONE" -LABEL "tee.launch_policy.debug_monitoring"="ALL" - -ENTRYPOINT ["/main"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringmemoryonly/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringmemoryonly/Dockerfile deleted file mode 100644 index b1650d021..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringmemoryonly/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringmemory:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -LABEL "tee.launch_policy.hardened_monitoring"="MEMORYONLY" -LABEL "tee.launch_policy.debug_monitoring"="MEMORYONLY" - -ENTRYPOINT ["/main"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringnone/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringnone/Dockerfile deleted file mode 100644 index 9cac3e3ec..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/allmonitoringnone/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringnone:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -LABEL "tee.launch_policy.hardened_monitoring"="NONE" -LABEL "tee.launch_policy.debug_monitoring"="NONE" - -ENTRYPOINT ["/main"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/basic/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/basic/Dockerfile deleted file mode 100644 index 3c6ac5765..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/basic/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main . -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic_test:latest -FROM alpine - -COPY main / - -ENV env_bar="val_bar" - -LABEL "tee.launch_policy.allow_env_override"="ALLOWED_OVERRIDE" -LABEL "tee.launch_policy.allow_cmd_override"="true" -LABEL "tee.launch_policy.log_redirect"="always" - -ENTRYPOINT ["/main"] - -# Can be overridden because of the launch policy. -CMD ["arg_foo"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/basic/main.go b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/basic/main.go deleted file mode 100644 index 024f71cb8..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/basic/main.go +++ /dev/null @@ -1,46 +0,0 @@ -// package main is a binary that will print out the MDS vars and check the token. -package main - -import ( - "fmt" - "os" - - "github.com/golang-jwt/jwt/v4" -) - -const tokendir = "/run/container_launcher/attestation_verifier_claims_token" - -func main() { - fmt.Println("Workload running") - fmt.Println("Workload args:", os.Args) - fmt.Println("Workload env vars:") - for _, e := range os.Environ() { - fmt.Println(e) - } - - filedata, err := os.ReadFile(tokendir) - if err != nil { - fmt.Println(err) - return - } - - token, _, err := new(jwt.Parser).ParseUnverified(string(filedata), jwt.MapClaims{}) - if err != nil { - fmt.Println(err) - return - } - - claims, ok := token.Claims.(jwt.MapClaims) - if !ok { - fmt.Println(err) - return - } - fmt.Println("aud: ", claims["aud"]) - fmt.Println("iss: ", claims["iss"]) - fmt.Println("secboot: ", claims["secboot"]) - fmt.Println("oemid: ", claims["oemid"]) - fmt.Println("hwmodel: ", claims["hwmodel"]) - fmt.Println("swname: ", claims["swname"]) - - fmt.Println("Token looks okay") -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath/Dockerfile deleted file mode 100644 index e46705244..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath/Dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -# If updated the workload source code or this Dockerfile, need to rebuild the image and regenerate the signature -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main . -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath:latest -# # Record the image digest generated by this command -# -# Updating the container signature -# -# # Install cosign -# go install github.com/sigstore/cosign/v2/cmd/cosign@latest -# -# Designate the sig repo -# export COSIGN_REPOSITORY=us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/oda -# -# # Since we don't verify the signature in the test, you can just generate your own key -# cosign generate-key-pair -# cosign public-key --key cosign.key > pub.pem -# PUB=$(cat pub.pem | openssl base64) -# PUB=$(echo $PUB | tr -d '[:space:]' | sed 's/[=]*$//') -# # Sign the container, is from the gcloud builds submit command above -# cosign sign --key cosign.key us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath@sha256: -a dev.cosignproject.cosign/sigalg=ECDSA_P256_SHA256 -a dev.cosignproject.cosign/pub=$PUB -# -# Once finished, refering to pr#415 to on how to update the signature and image - -FROM alpine - -COPY main / - -ENV env_bar="val_bar" - -LABEL "tee.launch_policy.allow_env_override"="ALLOWED_OVERRIDE" -LABEL "tee.launch_policy.allow_cmd_override"="true" -LABEL "tee.launch_policy.log_redirect"="always" - -ENTRYPOINT ["/main"] - -# Can be overridden because of the launch policy. -CMD ["arg_foo"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath/main.go b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath/main.go deleted file mode 100644 index 9b78bb2fa..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/customtoken/happypath/main.go +++ /dev/null @@ -1,139 +0,0 @@ -// package main is a binary that will print out the validation status of a custom attestation token. -package main - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "io" - "net" - "net/http" - "strings" - "time" - - "github.com/golang-jwt/jwt/v4" - "github.com/google/go-tpm-tools/verifier/fake" -) - -const ( - socketPath = "/run/container_launcher/teeserver.sock" -) - -func getCustomTokenBytes(body string) ([]byte, error) { - httpClient := http.Client{ - Transport: &http.Transport{ - // Set the DialContext field to a function that creates - // a new network connection to a Unix domain socket - DialContext: func(_ context.Context, _, _ string) (net.Conn, error) { - return net.Dial("unix", socketPath) - }, - }, - } - - // Get the token from the IPC endpoint - url := "http://localhost/v1/token" - - resp, err := httpClient.Post(url, "application/json", strings.NewReader(body)) - if err != nil { - return nil, fmt.Errorf("failed to get raw custom token response: %w", err) - } - tokenbytes, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read custom token body: %w", err) - } - resp.Body.Close() - - return tokenbytes, nil -} - -func decodeAndValidateToken(tokenBytes []byte, keyFunc func(t *jwt.Token) (any, error)) (*jwt.Token, error) { - var err error - - unverifiedClaims := &jwt.RegisteredClaims{} - _, _, err = jwt.NewParser().ParseUnverified(string(tokenBytes), unverifiedClaims) - if err != nil { - return nil, fmt.Errorf("failed to parse claims: %v", err) - } - now := time.Now() - // Add one second for buffer. - nbf := unverifiedClaims.NotBefore.Time.Add(time.Second) - diff := nbf.Sub(now) - ten := 10 * time.Second - // Sleep until nbf is valid or max 10 seconds. - if diff > 0 { - if diff < ten { - time.Sleep(diff) - } else { - time.Sleep(ten) - } - } - - token, err := jwt.NewParser().Parse(string(tokenBytes), keyFunc) - - fmt.Printf("Token valid: %v", token.Valid) - if token.Valid { - return token, nil - } - if ve, ok := err.(*jwt.ValidationError); ok { - if ve.Errors&jwt.ValidationErrorMalformed != 0 { - return nil, fmt.Errorf("token format invalid. Please contact the Confidential Space team for assistance") - } - if ve.Errors&(jwt.ValidationErrorNotValidYet) != 0 { - // If device time is not synchronized with the Attestation Service you may need to account for that here. - return nil, errors.New("token is not active yet") - } - if ve.Errors&(jwt.ValidationErrorExpired) != 0 { - return nil, fmt.Errorf("token is expired") - } - return nil, fmt.Errorf("unknown validation error: %v", err) - } - - return nil, fmt.Errorf("couldn't handle this token or couldn't read a validation error: %v", err) -} - -func getTestRSAPublicKey(token *jwt.Token) (any, error) { - // Verify the signing method - if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok { - return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) - } - - return fake.TestPublicKey(), nil -} - -func main() { - // Format token request - body := `{ - "audience": "", - "nonces": ["thisIsAcustomNonce", "thisIsAMuchLongerCustomNonceWithPaddingFor74Bytes0000000000000000000000000"], - "token_type": "OIDC" - }` - - // The following code could be run in a Confidential Space workload container to generate a - // custom attestation intended to be sent to a remote party for verification. - tokenbytes, err := getCustomTokenBytes(body) - if err != nil { - fmt.Println(err) - return - } - - // Method to return a public key used for testing - keyFunc := getTestRSAPublicKey - - // The following code could be run by a remote party (not necessarily in a - // Confidential Space workload) in order to verify properties of the original - // Confidential Space workload that generated the attestation. - token, err := decodeAndValidateToken(tokenbytes, keyFunc) - if err != nil { - fmt.Println(err) - return - } - - claimsString, err := json.MarshalIndent(token.Claims, "", " ") - if err != nil { - fmt.Println(err) - return - } - - fmt.Println(string(claimsString)) -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicycmd/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicycmd/Dockerfile deleted file mode 100644 index 4dda35340..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicycmd/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicycmd:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -ENV env_bar="val_bar" - -LABEL "tee.launch_policy.log_redirect"="always" - -ENTRYPOINT ["/main"] - -CMD ["arg_foo"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicylogdebug/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicylogdebug/Dockerfile deleted file mode 100644 index c01e0fe69..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicylogdebug/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicylogdebug:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -ENV env_bar="val_bar" - -LABEL "tee.launch_policy.log_redirect"="never" - -ENTRYPOINT ["/main"] - -CMD ["arg_foo"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicylognever/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicylognever/Dockerfile deleted file mode 100644 index 0058083e6..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/launchpolicylognever/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicylognever:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -ENV env_bar="val_bar" - -LABEL "tee.launch_policy.log_redirect"="never" - -ENTRYPOINT ["/main"] - -CMD ["arg_foo"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoring/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoring/Dockerfile deleted file mode 100644 index 7f8fca0ed..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoring/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoring:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -ENV env_bar="val_bar" - -LABEL "tee.launch_policy.monitoring_memory_allow"="always" - -ENTRYPOINT ["/main"] - -CMD ["arg_foo"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoringdebug/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoringdebug/Dockerfile deleted file mode 100644 index 8df0840f5..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoringdebug/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoringdebug:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -ENV env_bar="val_bar" - -LABEL "tee.launch_policy.monitoring_memory_allow"="debugonly" - -ENTRYPOINT ["/main"] - -CMD ["arg_foo"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoringnever/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoringnever/Dockerfile deleted file mode 100644 index 22f7a84dd..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/memorymonitoringnever/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# From current directory: -# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoringnever:latest --project confidential-space-images-dev -FROM alpine - -COPY main / - -ENV env_bar="val_bar" - -LABEL "tee.launch_policy.monitoring_memory_allow"="never" - -ENTRYPOINT ["/main"] - -CMD ["arg_foo"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/mounts/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/mounts/Dockerfile deleted file mode 100644 index 3192d02bf..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/mounts/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# From current directory: -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/mounts_workload:latest -FROM alpine - -COPY print_mounts.sh / - -LABEL "tee.launch_policy.log_redirect"="always" -LABEL "tee.launch_policy.allow_mount_destinations"="/run/tmp:/var/tmp:/tmp" - -ENTRYPOINT ["/print_mounts.sh"] - diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/mounts/print_mounts.sh b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/mounts/print_mounts.sh deleted file mode 100755 index d1315bb85..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/mounts/print_mounts.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -df -h -df - -ls -lathr / -ls -lathr /tmp diff --git a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/privileged/Dockerfile b/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/privileged/Dockerfile deleted file mode 100644 index 3c74a6243..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/image/testworkloads/privileged/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -# From current directory: -# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/privileged:latest --project confidential-space-images-dev -FROM alpine - -RUN apk update -RUN apk add libcap - -LABEL "tee.launch_policy.log_redirect"="always" -LABEL "tee.launch_policy.allow_capabilities"="true" -LABEL "tee.launch_policy.allow_cgroups"="true" - -# Get capabilities for PID 1. -# Run the 'ls' command on /sys/fs/cgroup and attempt to create a new cgroup. -ENTRYPOINT ["sh", "-c", "getpcaps 1 && ls -la /sys/fs/cgroup && cd /sys/fs/cgroup && mkdir -p cpu/testgroup && mkdir -p memory/testgroup && ls cpu"] diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/experiments/experiments.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/experiments/experiments.go deleted file mode 100644 index b9a7445ff..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/experiments/experiments.go +++ /dev/null @@ -1,44 +0,0 @@ -// Package experiments contains functionalities to retrieve synced experiments -package experiments - -import ( - "encoding/json" - "fmt" - "os" -) - -// Experiments contains the experiments flags this version of the launcher expects to receive. -// Failure to unmarshal the experiment JSON data will result in an empty object being returned -// to treat experiment flags as their default value. The error should still be checked. -type Experiments struct { - EnableTestFeatureForImage bool - EnableHealthMonitoring bool - EnableItaVerifier bool - EnableVerifyCS bool -} - -// New takes a filepath, opens the file, and calls ReadJsonInput with the contents -// of the file. -// If the file cannot be opened, the experiments map is set to an empty map. -func New(fpath string) (Experiments, error) { - f, err := os.ReadFile(fpath) - if err != nil { - // Return default values on failure. - return Experiments{}, err - } - - r, err := readJSONInput(f) - - return r, err -} - -// ReadJSONInput takes a reader and unmarshals the contents into the experiments map. -// If the unmarsahlling fails, the experiments map is set to an empty map. -func readJSONInput(b []byte) (Experiments, error) { - var experiments Experiments - if err := json.Unmarshal(b, &experiments); err != nil { - // Return default values on failure. - return Experiments{}, fmt.Errorf("failed to unmarshal json: %w", err) - } - return experiments, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/experiments/experiments_test.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/experiments/experiments_test.go deleted file mode 100644 index c7d7e819c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/experiments/experiments_test.go +++ /dev/null @@ -1,60 +0,0 @@ -package experiments - -import ( - "testing" - - "github.com/google/go-cmp/cmp" -) - -func TestExperiments(t *testing.T) { - tests := []struct { - input string - expectedExps Experiments - }{ - { - input: "{\"EnableTestFeatureForImage\":true,\"EnableItaVerifier\":true}", - expectedExps: Experiments{ - EnableTestFeatureForImage: true, - EnableItaVerifier: true, - }, - }, - { - input: "{\"EnableTestFeatureForImage\":true,\"EnableSignedContainerImage\":true,\"EnableItaVerifier\":true,\"FloatFeature\":-5.6,\"OtherTestFeatureForImage\":false,\"EnableVerifyCS\":true}", - expectedExps: Experiments{ - EnableTestFeatureForImage: true, - EnableItaVerifier: true, - EnableVerifyCS: true, - }, - }, - } - - for i, test := range tests { - e, err := readJSONInput([]byte(test.input)) - - if err != nil { - t.Fatalf("testcase %d: failed to create experiments object: %v", i, err) - } - - if !cmp.Equal(e, test.expectedExps) { - t.Errorf("testcase %d: unexpected experiments returned: got %v, want %v", i, e, test.expectedExps) - } - } -} - -func TestExperimentsBadJson(t *testing.T) { - tests := []struct { - input string - }{ - {input: "{\"EnableTestFeatureForImage\":true,\"EnableSignedContainerImage\":true"}, - {input: "{}"}, - {input: ""}, - } - - for i, test := range tests { - e, _ := readJSONInput([]byte(test.input)) - - if e.EnableTestFeatureForImage { - t.Errorf("testcase %d: expected EnableTestFeatureForImage to be false, got true", i) - } - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config.go deleted file mode 100644 index 4312b7226..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config.go +++ /dev/null @@ -1,123 +0,0 @@ -// Package nodeproblemdetector provides configurations for node-problem-detector.service. -package nodeproblemdetector - -import ( - "encoding/json" - "fmt" - "os" - "time" - - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/launcher/internal/systemctl" -) - -var systemStatsFilePath = "/etc/node_problem_detector/system-stats-monitor.json" - -var defaultInvokeIntervalString = (60 * time.Second).String() - -type metricConfig struct { - DisplayName string `json:"displayName"` -} - -type statsConfig struct { - MetricsConfigs map[string]metricConfig `json:"metricsConfigs"` -} - -type diskConfig struct { - IncludeAllAttachedBlk bool `json:"includeAllAttachedBlk"` - IncludeRootBlk bool `json:"includeRootBlk"` - LsblkTimeout string `json:"lsblkTimeout"` - MetricsConfigs *statsConfig `json:"metricsConfigs"` -} - -// SystemStatsConfig contains configurations for `System Stats Monitor`, -// a problem daemon in node-problem-detector that collects pre-defined health-related metrics from different system components. -// View the comprehensive configuration details on https://github.com/kubernetes/node-problem-detector/tree/master/pkg/systemstatsmonitor#detailed-configuration-options -type SystemStatsConfig struct { - CPU *statsConfig `json:"cpu,omitempty"` - Disk *diskConfig `json:"disk,omitempty"` - Host *statsConfig `json:"host,omitempty"` - Memory *statsConfig `json:"memory,omitempty"` - InvokeInterval string `json:"invokeInterval,omitempty"` -} - -// NewSystemStatsConfig returns a new SystemStatsConfig struct with default configurations. -func NewSystemStatsConfig() SystemStatsConfig { - return SystemStatsConfig{ - Memory: &statsConfig{MetricsConfigs: map[string]metricConfig{}}, - InvokeInterval: defaultInvokeIntervalString, - } -} - -var allConfig = &SystemStatsConfig{ - CPU: &statsConfig{map[string]metricConfig{ - "cpu/usage_time": {"cpu/usage_time"}, - "cpu/load_1m": {"cpu/load_1m"}, - }}, - Disk: &diskConfig{ - true, true, "5s", - &statsConfig{map[string]metricConfig{ - "disk/avg_queue_len": {"disk/avg_queue_len"}, - "disk/bytes_used": {"disk/bytes_used"}, - "disk/percent_used": {"disk/percent_used"}, - "disk/io_time": {"disk/io_time"}, - "disk/merged_operation_count": {"disk/merged_operation_count"}, - "disk/operation_bytes_count": {"disk/operation_bytes_count"}, - "disk/operation_count": {"disk/operation_count"}, - "disk/operation_time": {"disk/operation_time"}, - "disk/weighted_io": {"disk/weighted_io"}, - }}, - }, - Host: &statsConfig{map[string]metricConfig{ - "host/uptime": {"host/uptime"}, - }}, - Memory: &statsConfig{map[string]metricConfig{ - "memory/anonymous_used": {"memory/anonymous_used"}, - "memory/bytes_used": {"memory/bytes_used"}, - "memory/dirty_used": {"memory/dirty_used"}, - "memory/page_cache_used": {"memory/page_cache_used"}, - "memory/percent_used": {"memory/percent_used"}, - }}, - InvokeInterval: defaultInvokeIntervalString, -} - -// EnableAllConfig overwrites system stats config with health monitoring config. -func EnableAllConfig() error { - return allConfig.WriteFile(systemStatsFilePath) -} - -// EnableMemoryBytesUsed enables "memory/bytes_used" for memory monitoring. -func (ssc *SystemStatsConfig) EnableMemoryBytesUsed() { - ssc.Memory.MetricsConfigs["memory/bytes_used"] = metricConfig{DisplayName: "memory/bytes_used"} -} - -// WithInvokeInterval overrides the default invokeInterval. -func (ssc *SystemStatsConfig) WithInvokeInterval(interval time.Duration) { - ssc.InvokeInterval = interval.String() -} - -// WriteFile writes systemStatsConfig data to the named file, creating it if necessary. -func (ssc *SystemStatsConfig) WriteFile(path string) error { - bytes, err := json.Marshal(ssc) - if err != nil { - return fmt.Errorf("failed to marshal struct [%v]: %w", ssc, err) - } - return os.WriteFile(path, bytes, 0644) -} - -// StartService starts Node Problem Detector. -func StartService(logger logging.Logger) error { - s, err := systemctl.New() - if err != nil { - return fmt.Errorf("failed to create systemctl client: %v", err) - } - defer s.Close() - - logger.Info("Starting node-problem-detector.service") - if err := s.Start("node-problem-detector.service"); err != nil { - return fmt.Errorf("failed to start node-problem-detector.service") - } - - logger.Info("node-problem-detector.service successfully started") - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config_test.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config_test.go deleted file mode 100644 index 71473178e..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config_test.go +++ /dev/null @@ -1,92 +0,0 @@ -package nodeproblemdetector - -import ( - "bytes" - "encoding/json" - "io" - "os" - "path" - "testing" - "time" - - "github.com/google/go-cmp/cmp" -) - -func TestEnableHealthMonitoringConfig(t *testing.T) { - tmpDir := t.TempDir() - systemStatsFilePath = path.Join(tmpDir, "system-stats-monitor.json") - - wantBytes, err := json.Marshal(allConfig) - if err != nil { - t.Fatalf("Error marshaling expected config: %v", err) - } - - EnableAllConfig() - - file, err := os.OpenFile(systemStatsFilePath, os.O_RDONLY, 0) - if err != nil { - t.Fatalf("failed to open file %s: %v", systemStatsFilePath, err) - } - - gotBytes, err := io.ReadAll(file) - if err != nil { - t.Fatalf("failed to read from file %s: %v", systemStatsFilePath, err) - } - - if !bytes.Equal(gotBytes, wantBytes) { - t.Errorf("WriteFile() did not write expected contents, got %s, want %s", gotBytes, wantBytes) - } -} - -func TestEnableMemoryBytesUsed(t *testing.T) { - got := NewSystemStatsConfig() - got.EnableMemoryBytesUsed() - - want := SystemStatsConfig{ - Memory: &statsConfig{ - MetricsConfigs: map[string]metricConfig{ - "memory/bytes_used": {DisplayName: "memory/bytes_used"}, - }, - }, - InvokeInterval: defaultInvokeIntervalString, - } - if !cmp.Equal(got, want) { - t.Errorf("EnableMemoryBytesUsed() failed, got: %v, want: %v", got, want) - } -} - -func TestWithInvokeInterval(t *testing.T) { - got := SystemStatsConfig{} - got.WithInvokeInterval(2 * time.Second) - - want := SystemStatsConfig{InvokeInterval: (2 * time.Second).String()} - if !cmp.Equal(got, want) { - t.Errorf("WithInvokeInterval() failed, got: %v, want: %v", got, want) - } -} - -func TestWriteFile(t *testing.T) { - tmpDir := t.TempDir() - tmpConfigFile := path.Join(tmpDir, "system-stats-monitor.json") - - config := NewSystemStatsConfig() - config.EnableMemoryBytesUsed() - if err := config.WriteFile(tmpConfigFile); err != nil { - t.Fatalf("WriteFile() failed: %v", err) - } - - file, err := os.OpenFile(tmpConfigFile, os.O_RDONLY, 0) - if err != nil { - t.Fatalf("failed to open file %s: %v", tmpConfigFile, err) - } - - gotBytes, err := io.ReadAll(file) - if err != nil { - t.Fatalf("failed to read from file %s: %v", tmpConfigFile, err) - } - - wantBytes := []byte(`{"memory":{"metricsConfigs":{"memory/bytes_used":{"displayName":"memory/bytes_used"}}},"invokeInterval":"1m0s"}`) - if !bytes.Equal(gotBytes, wantBytes) { - t.Errorf("WriteFile() did not write expected contents, got %s, want %s", gotBytes, wantBytes) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/mount.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/mount.go deleted file mode 100644 index 6c87c4285..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/mount.go +++ /dev/null @@ -1,30 +0,0 @@ -// Package launchermount defines mount types for the launcher workload. -package launchermount - -import "github.com/opencontainers/runtime-spec/specs-go" - -// Key-value constants for mount configurations. -// Keys are used to specify the specific mount configuration. -// For example, TypeKey is used to specify the type of mount. -// Consts not suffixed with Key are constant values for given mount configs. -const ( - TypeKey = "type" - SourceKey = "source" - DestinationKey = "destination" - SizeKey = "size" - TypeTmpfs = "tmpfs" -) - -var ( - // AllMountKeys are all possible mount configuration key names. - AllMountKeys = []string{TypeKey, SourceKey, DestinationKey, SizeKey} -) - -// Mount is the interface to implement for a new container launcher mount type. -type Mount interface { - // SpecsMount converts the Mount type to an OCI spec Mount. - SpecsMount() specs.Mount - // The absolute path mount point for this mount in the container. - // Stored as Destination in specs.Mount. - Mountpoint() string -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/tmpfs.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/tmpfs.go deleted file mode 100644 index 26dc54ae0..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/tmpfs.go +++ /dev/null @@ -1,80 +0,0 @@ -package launchermount - -import ( - "errors" - "fmt" - "path/filepath" - "strconv" - - "github.com/opencontainers/runtime-spec/specs-go" -) - -var errTmpfsMustHaveDest = errors.New("mount type \"tmpfs\" must have destination specified") - -// TmpfsMount creates a launcher mount type backed by tmpfs, with an optional -// size. If size is not specified, it is 50% of memory. -// Example input: `type=tmpfs,source=tmpfs,destination=/tmpmount` -// `type=tmpfs,source=tmpfs,destination=/sizedtmpmount,size=123345` -type TmpfsMount struct { - // If the path is relative, it will be interpreted as relative to "/". - Destination string - // Size in bytes. No support for k, m, g suffixes. - Size uint64 -} - -// CreateTmpfsMount takes a map of tmpfs options, with keys defined in the spec package. -// Typically, this is called when creating a LaunchSpec and should not be used -// in other settings. -func CreateTmpfsMount(mountMap map[string]string) (TmpfsMount, error) { - if val := mountMap[TypeKey]; val != TypeTmpfs { - return TmpfsMount{}, fmt.Errorf("received wrong mount type %v, expected %v", val, TypeTmpfs) - } - delete(mountMap, TypeKey) - - if val := mountMap[SourceKey]; val != TypeTmpfs { - return TmpfsMount{}, fmt.Errorf("received wrong mount source %v, expected %v", val, TypeTmpfs) - } - delete(mountMap, SourceKey) - - dst := mountMap[DestinationKey] - if dst == "" { - return TmpfsMount{}, errTmpfsMustHaveDest - } - if !filepath.IsAbs(dst) { - dst = filepath.Join("/", dst) - } - delete(mountMap, DestinationKey) - mnt := TmpfsMount{Destination: dst} - - szStr, ok := mountMap[SizeKey] - if ok { - sz, err := strconv.ParseUint(szStr, 10, 64) - if err != nil { - return TmpfsMount{}, fmt.Errorf("failed to convert size option \"%v\" to uint64: %v", szStr, err) - } - mnt.Size = sz - delete(mountMap, SizeKey) - } - - if len(mountMap) != 0 { - return TmpfsMount{}, fmt.Errorf("received unknown mount options for tmpfs mount: %+v", mountMap) - } - return mnt, nil -} - -// SpecsMount returns the OCI runtime spec Mount for the given TmpfsMount. -func (tm TmpfsMount) SpecsMount() specs.Mount { - specsMnt := specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: tm.Destination, - Options: []string{"nosuid", "noexec", "nodev"}} - if tm.Size != 0 { - specsMnt.Options = append(specsMnt.Options, fmt.Sprintf("size=%s", strconv.FormatUint(tm.Size, 10))) - } - return specsMnt -} - -// Mountpoint gives the place in the container where the tmpfs is mounted. -func (tm TmpfsMount) Mountpoint() string { - return tm.Destination -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/tmpfs_test.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/tmpfs_test.go deleted file mode 100644 index b1f60638c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/launchermount/tmpfs_test.go +++ /dev/null @@ -1,226 +0,0 @@ -package launchermount - -import ( - "regexp" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/opencontainers/runtime-spec/specs-go" -) - -func TestCreateTmpfsMountAndSpecsMount(t *testing.T) { - var testCases = []struct { - testName string - mountMap map[string]string - expectedTmpfs TmpfsMount - expectedSpecsMount specs.Mount - }{ - { - "Basic Tmpfs Mount", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "/d", - }, - TmpfsMount{Destination: "/d"}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/d", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - }, - { - "Tmpfs Mount with Size", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "/my dest", - "size": "21342314", - }, - TmpfsMount{Destination: "/my dest", Size: 21342314}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/my dest", - Options: []string{"nosuid", "noexec", "nodev", "size=21342314"}, - }, - }, - { - "Tmpfs Mount with Relative Dst", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "my dest", - "size": "21342314", - }, - TmpfsMount{Destination: "/my dest", Size: 21342314}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/my dest", - Options: []string{"nosuid", "noexec", "nodev", "size=21342314"}, - }, - }, - { - "Tmpfs Mount with Relative Dst More Complex Filepath", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "grandparent dir/parentDir/my dest", - }, - TmpfsMount{Destination: "/grandparent dir/parentDir/my dest"}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/grandparent dir/parentDir/my dest", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - }, - { - "Tmpfs Mount with Dst Internal Rel Parent", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "grandparent dir/parentDir/../../my dest", - }, - TmpfsMount{Destination: "/my dest"}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/my dest", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - }, - { - "Tmpfs Mount with Relative Dst Internal Cwd", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "grandparent dir/parentDir/.././my dest", - }, - TmpfsMount{Destination: "/grandparent dir/my dest"}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/grandparent dir/my dest", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - }, - { - "Tmpfs Mount with Malformed Relative Dst", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "grandparent dir/parentDir/.../.../my dest", - }, - TmpfsMount{Destination: "/grandparent dir/parentDir/.../.../my dest"}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/grandparent dir/parentDir/.../.../my dest", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - }, - { - "Tmpfs Mount with Parent Relative Dst", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "../my dest", - }, - TmpfsMount{Destination: "/my dest"}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/my dest", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - }, - { - "Tmpfs Mount with Grandparent Relative Dst", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "../../my dest", - }, - TmpfsMount{Destination: "/my dest"}, - specs.Mount{Type: TypeTmpfs, - Source: TypeTmpfs, - Destination: "/my dest", - Options: []string{"nosuid", "noexec", "nodev"}, - }, - }, - } - for _, testcase := range testCases { - t.Run(testcase.testName, func(t *testing.T) { - mnt, err := CreateTmpfsMount(testcase.mountMap) - if err != nil { - t.Errorf("got non-nil error %v, want nil error", err) - } - if diff := cmp.Diff(mnt, testcase.expectedTmpfs); diff != "" { - t.Errorf("got %v, want %v:\ndiff: %v", mnt, testcase.expectedTmpfs, diff) - } - spMnt := mnt.SpecsMount() - if diff := cmp.Diff(spMnt, testcase.expectedSpecsMount); diff != "" { - t.Errorf("got %v, want %v:\ndiff: %v", spMnt, testcase.expectedSpecsMount, diff) - } - }) - } -} - -func TestCreateTmpfsMountFail(t *testing.T) { - var testCases = []struct { - testName string - mountMap map[string]string - wantErr string - }{ - { - "Bad Mount Type", - map[string]string{ - "type": "tfs", - }, - "received wrong mount type", - }, - { - "Bad Mount Src", - map[string]string{ - "type": "tmpfs", - "source": "tfffffs", - }, - "received wrong mount source", - }, - { - "No Dest", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - }, - errTmpfsMustHaveDest.Error(), - }, - { - "Bad Size", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "dst", - "size": "notanum", - }, - "failed to convert size option", - }, - { - "Unknown Opts", - map[string]string{ - "type": "tmpfs", - "source": "tmpfs", - "destination": "dst", - "size": "111", - "rw": "true", - }, - "received unknown mount options for tmpfs mount", - }, - } - for _, testcase := range testCases { - t.Run(testcase.testName, func(t *testing.T) { - if _, err := CreateTmpfsMount(testcase.mountMap); err == nil { - t.Errorf("got nil error, want non-nil error \"%v\"", testcase.wantErr) - } else { - if match, _ := regexp.MatchString(testcase.wantErr, err.Error()); !match { - t.Errorf("got error \"%v\", but expected \"%v\"", err, testcase.wantErr) - } - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/logging/logging.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/logging/logging.go deleted file mode 100644 index f78f754b4..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/logging/logging.go +++ /dev/null @@ -1,257 +0,0 @@ -// Package logging implements a logger to be used in the client. -// Logs to both Cloud Logging and the serial console. -package logging - -import ( - "context" - "fmt" - "log/slog" - "os" - - "cloud.google.com/go/compute/metadata" - clogging "cloud.google.com/go/logging" - mrpb "google.golang.org/genproto/googleapis/api/monitoredres" -) - -const ( - logName = "confidential-space-launcher" - serialConsoleFile = "/dev/console" - - payloadMessageKey = "MESSAGE" - payloadInstanceNameKey = "_HOSTNAME" -) - -// Logger defines the interface for the CS image logger. -type Logger interface { - Log(severity clogging.Severity, msg string, args ...any) - - Info(msg string, args ...any) - Warn(msg string, args ...any) - Error(msg string, args ...any) - - SerialConsoleFile() *os.File - Close() -} - -type cLogger interface { - Log(clogging.Entry) - Flush() error -} - -type logger struct { - cloudLogger cLogger - serialLogger *slog.Logger - resource *mrpb.MonitoredResource - - instanceName string - cloudClient *clogging.Client - serialConsoleFile *os.File -} - -type payload map[string]any - -// NewLogger returns a Logger with Cloud and Serial Console logging configured. -func NewLogger(ctx context.Context) (Logger, error) { - // Retrieve monitored resource information. - mdsClient := metadata.NewClient(nil) - - projectID, err := mdsClient.ProjectIDWithContext(ctx) - if err != nil { - return nil, err - } - - instanceID, err := mdsClient.InstanceIDWithContext(ctx) - if err != nil { - return nil, err - } - - instanceName, err := mdsClient.InstanceNameWithContext(ctx) - if err != nil { - return nil, err - } - - zone, err := mdsClient.ZoneWithContext(ctx) - if err != nil { - return nil, err - } - - // Configure Cloud Logging client/logger. - cloggingClient, err := clogging.NewClient(ctx, projectID) - if err != nil { - return nil, err - } - - // Configure Serial Console logger. - serialConsole, err := os.OpenFile(serialConsoleFile, os.O_WRONLY, 0) - if err != nil { - return nil, fmt.Errorf("failed to open serial console for writing: %v", err) - } - - slg := slog.New(slog.NewTextHandler(serialConsole, nil)) - slg.Info("Serial Console logger initialized") - - // This is necessary for DEBUG logs to propagate properly. - slog.SetDefault(slg) - - return &logger{ - cloudLogger: cloggingClient.Logger(logName), - serialLogger: slg, - resource: &mrpb.MonitoredResource{ - Type: "gce_instance", - Labels: map[string]string{ - "project_id": projectID, - "instance_id": instanceID, - "zone": zone, - }, - }, - instanceName: instanceName, - cloudClient: cloggingClient, - serialConsoleFile: serialConsole, - }, err -} - -func (l *logger) SerialConsoleFile() *os.File { - return l.serialConsoleFile -} - -func (l *logger) Close() { - if l.cloudClient != nil { - l.cloudClient.Close() - } - - if l.serialConsoleFile != nil { - l.serialConsoleFile.Close() - } -} - -// Given a list of args, recursively converts it to a payload. -// Assumes alternating keys and values (mirroring slog's behavior). -func addArgs(pl payload, args []any) { - // Base case - if args is empty. - if len(args) == 0 { - return - } - - // Base case - if args has one element. - if len(args) == 1 { - // If the arg is a valid key, add with empty value. - key, ok := args[0].(string) - if ok { - pl[key] = "" - } - return - } - - key, ok := args[0].(string) - if ok { - // If key is a valid string, add pair to payload. Otherwise, the pair is skipped. - pl[key] = args[1] - } - - // Recurse with remaining args. - addArgs(pl, args[2:]) -} - -func (l *logger) writeLog(severity clogging.Severity, msg string, args ...any) { - // Write cloud log. - logEntry := clogging.Entry{ - Severity: severity, - Resource: l.resource, - } - - pl := payload{} - addArgs(pl, args) - - if len(msg) > 0 { - pl[payloadMessageKey] = msg - } - - if len(l.instanceName) > 0 { - // Needed for backwards compatibility with Cloudbuild tests. - pl[payloadInstanceNameKey] = l.instanceName - } - - logEntry.Payload = pl - - l.cloudLogger.Log(logEntry) - if err := l.cloudLogger.Flush(); err != nil { - l.serialLogger.Error(fmt.Sprintf("cloud.Logger.Flush returned error: %v", err)) - } - - // Write to serial console. - switch severity { - case clogging.Info, clogging.Notice, clogging.Debug: - l.serialLogger.Info(msg, args...) - case clogging.Warning: - l.serialLogger.Warn(msg, args...) - case clogging.Error, clogging.Critical, clogging.Alert, clogging.Emergency: - l.serialLogger.Error(msg, args...) - default: - slog.Debug(msg, args...) - } -} - -// Log logs msg and args with the provided severity. -func (l *logger) Log(severity clogging.Severity, msg string, args ...any) { - l.writeLog(severity, msg, args...) -} - -// Info logs msg and args at 'Info' severity. -func (l *logger) Info(msg string, args ...any) { - l.writeLog(clogging.Info, msg, args...) -} - -// Warn logs msg and args at 'Warn' severity. -func (l *logger) Warn(msg string, args ...any) { - l.writeLog(clogging.Warning, msg, args...) -} - -// Error logs msg and args at 'Error' severity. -func (l *logger) Error(msg string, args ...any) { - l.writeLog(clogging.Error, msg, args...) -} - -// SimpleLogger returns a lightweight implementation that wraps a slog.Default() logger. -// Suitable for testing. -func SimpleLogger() Logger { - return &slogger{slog.Default()} -} - -type slogger struct { - slg *slog.Logger -} - -// Log logs msg and args with the provided severity. -func (l *slogger) Log(severity clogging.Severity, msg string, args ...any) { - level := slog.LevelDebug - switch severity { - case clogging.Info, clogging.Notice: - level = slog.LevelInfo - case clogging.Warning: - level = slog.LevelWarn - case clogging.Error, clogging.Critical, clogging.Alert, clogging.Emergency: - level = slog.LevelError - } - l.slg.Log(context.Background(), level, msg, args...) -} - -// Info logs msg and args at 'Info' severity. -func (l *slogger) Info(msg string, args ...any) { - l.slg.Info(msg, args...) -} - -// Warn logs msg and args at 'Warn' severity. -func (l *slogger) Warn(msg string, args ...any) { - l.slg.Warn(msg, args...) -} - -// Error logs msg and args at 'Error' severity. -func (l *slogger) Error(msg string, args ...any) { - l.slg.Error(msg, args...) -} - -func (l *slogger) SerialConsoleFile() *os.File { - return nil -} - -func (l *slogger) Close() {} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/logging/logging_test.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/logging/logging_test.go deleted file mode 100644 index 2a26b249d..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/logging/logging_test.go +++ /dev/null @@ -1,284 +0,0 @@ -package logging - -import ( - "bytes" - "errors" - "fmt" - "log/slog" - "reflect" - "strings" - "testing" - - clogging "cloud.google.com/go/logging" - "github.com/google/go-cmp/cmp" - mrpb "google.golang.org/genproto/googleapis/api/monitoredres" -) - -func toArgs(pl payload) []any { - args := []any{} - for k, v := range pl { - args = append(args, k) - args = append(args, v) - } - - return args -} - -func TestAddArgs(t *testing.T) { - testcases := []struct { - name string - args []any - expected payload - }{ - { - name: "regular payload", - args: []any{"key1", 1, "key2", "two", "key3", false}, - expected: payload{ - "key1": 1, - "key2": "two", - "key3": false, - }, - }, - { - name: "missing value at end", - args: []any{"key1", 1, "key2", "two", "key3"}, - expected: payload{ - "key1": 1, - "key2": "two", - "key3": "", - }, - }, - { - name: "empty args", - args: []any{}, - expected: payload{}, - }, - { - name: "incompatible key omitted", - args: []any{"key1", 1, 2, "two", "key3", false}, - expected: payload{ - "key1": 1, - "key3": false, - }, - }, - { - name: "single arg, valid key", - args: []any{"key1"}, - expected: payload{ - "key1": "", - }, - }, - { - name: "single arg, not valid key", - args: []any{true}, - expected: payload{}, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - pl := payload{} - addArgs(pl, tc.args) - - if !reflect.DeepEqual(pl, tc.expected) { - t.Errorf("addArgs did not produce expected payload: got %v, want %v", pl, tc.expected) - } - }) - } -} - -// testCLogger implements the cLogger interface. -type testCLogger struct { - log clogging.Entry -} - -func (c *testCLogger) Log(entry clogging.Entry) { - // Cloud Logging sends multiple messages - append everything together for simplicity. - c.log = entry -} - -func (c *testCLogger) Flush() error { return nil } - -// testSLogWriter implements the io.Writer interface. -type testSLogWriter struct { - log []byte -} - -func (s *testSLogWriter) Write(p []byte) (n int, err error) { - s.log = p - - return 0, nil -} - -func (s *testSLogWriter) checkLogContains(msg string, pl payload) error { - if len(s.log) == 0 { - return errors.New("serial log is empty") - } - - if !bytes.Contains(s.log, []byte(msg)) { - return fmt.Errorf("log did not contain expected message: got %s, want \"%s\"", s.log, msg) - } - - if len(pl) > 0 { - strLogs := string(s.log) - - // Check that each payload value is present in the format key=value. - for k, v := range pl { - format := "%v=%v" - if vStr, ok := v.(string); ok && strings.Contains(vStr, " ") { - format = "%v=\"%v\"" - } - - expectedStr := fmt.Sprintf(format, k, v) - if !strings.Contains(strLogs, expectedStr) { - return fmt.Errorf("logs expected to contain \"%s\", got \"%s\"", expectedStr, strLogs) - } - } - } - - return nil -} - -func (s *testSLogWriter) checkLogLevel(level slog.Level) error { - expected := "level=" + level.String() - - if !strings.Contains(string(s.log), expected) { - return fmt.Errorf("log did not contain expected level %v: %v", expected, string(s.log)) - } - - return nil -} - -func TestWriteLog(t *testing.T) { - testResource := &mrpb.MonitoredResource{ - Type: "gce_instance", - Labels: map[string]string{ - "instance_id": "1234", - "project_id": "not-a-real-project", - "zone": "us-central1-c", - }, - } - - // Redirect loggers to buffers. - cloudLogger := &testCLogger{} - serialLogs := &testSLogWriter{} - - testLogger := &logger{ - cloudLogger: cloudLogger, - serialLogger: slog.New(slog.NewTextHandler(serialLogs, nil)), - resource: testResource, - - instanceName: "test-instance", - } - - testMsg := "test message" - testPayload := payload{ - "key1": "value1", - "key2": 2, - "key3": false, - } - - testLogger.writeLog(clogging.Info, testMsg, toArgs(testPayload)...) - - if err := serialLogs.checkLogContains(testMsg, testPayload); err != nil { - t.Errorf("Error validating Serial Log contents: %v", err) - } - - if err := serialLogs.checkLogLevel(slog.LevelInfo); err != nil { - t.Errorf("Error validating Serial Log level: %v", err) - } - - // Add message and hostnames values to expected payload. - testPayload[payloadMessageKey] = testMsg - testPayload[payloadInstanceNameKey] = testLogger.instanceName - - if !cmp.Equal(cloudLogger.log.Payload, testPayload) { - t.Errorf("Did not get expected payload in cloud logs: got %v, want %v", cloudLogger.log.Payload, testPayload) - } - - if cloudLogger.log.Severity != clogging.Info { - t.Errorf("Did not get expected severity in cloud logs: got %v, want %v", cloudLogger.log.Severity, clogging.Info) - } - - // Compare monitored resource. - if cloudLogger.log.Resource.Type != testResource.Type { - t.Errorf("Did not get expected monitored resource tyoe: got %v, want %v", cloudLogger.log.Resource.Type, testResource.Type) - } - - if !cmp.Equal(cloudLogger.log.Resource.Labels, testResource.Labels) { - t.Errorf("Did not get expected monitored resource labels in cloud logs: got %v, want %v", cloudLogger.log.Resource.Labels, testResource.Labels) - } -} - -func TestLogFunctions(t *testing.T) { - testcases := []struct { - name string - cloudSeverity clogging.Severity - serialLevel slog.Level - logFunc func(lgr *logger, msg string) - }{ - { - name: "logger.Info", - cloudSeverity: clogging.Info, - serialLevel: slog.LevelInfo, - logFunc: func(lgr *logger, msg string) { - lgr.Info(msg) - }, - }, - { - name: "logger.Warn", - cloudSeverity: clogging.Warning, - serialLevel: slog.LevelWarn, - logFunc: func(lgr *logger, msg string) { - lgr.Warn(msg) - }, - }, - { - name: "logger.Error", - cloudSeverity: clogging.Error, - serialLevel: slog.LevelError, - logFunc: func(lgr *logger, msg string) { - lgr.Error(msg) - }, - }, - } - - msg := "test message" - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - - // Redirect loggers to buffers. - cloudLogs := &testCLogger{} - serialLogs := &testSLogWriter{} - - testLogger := &logger{ - cloudLogger: cloudLogs, - serialLogger: slog.New(slog.NewTextHandler(serialLogs, nil)), - instanceName: "test-instance", - } - - tc.logFunc(testLogger, msg) - - expectedPayload := payload{ - payloadMessageKey: msg, - payloadInstanceNameKey: testLogger.instanceName, - } - - if cloudLogs.log.Severity != tc.cloudSeverity { - t.Errorf("Cloud logs did not contain expected severity: got %v, want %v", cloudLogs.log.Severity, tc.cloudSeverity) - } - - if !cmp.Equal(cloudLogs.log.Payload, expectedPayload) { - t.Errorf("Cloud logs did not contain expected payload: got %v, want %v", cloudLogs.log.Payload, expectedPayload) - } - - if err := serialLogs.checkLogContains(msg, payload{}); err != nil { - t.Errorf("Error validating Serial Log contents: %v", err) - } - - if err := serialLogs.checkLogLevel(tc.serialLevel); err != nil { - t.Errorf("Error validating Serial Log level: %v", err) - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/rest_network_test.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/rest_network_test.go deleted file mode 100644 index a024bc7b0..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/rest_network_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package internal_test - -import ( - "bytes" - "context" - "encoding/base64" - "reflect" - "testing" - - "github.com/containerd/containerd/namespaces" - "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/util" - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" -) - -func TestNewRESTClient(t *testing.T) { - ctx := namespaces.WithNamespace(context.Background(), namespaces.Default) - - mockOauth2Server, err := util.NewMockOauth2Server() - if err != nil { - t.Error(err) - } - defer mockOauth2Server.Stop() - - // Endpoint is Google's OAuth 2.0 default endpoint. Change to mock server. - google.Endpoint = oauth2.Endpoint{ - AuthURL: mockOauth2Server.Server.URL + "/o/oauth2/auth", - TokenURL: mockOauth2Server.Server.URL + "/token", - AuthStyle: oauth2.AuthStyleInParams, - } - - mockAttestationServer, err := util.NewMockAttestationServer() - if err != nil { - t.Error(err) - } - defer mockAttestationServer.Stop() - - restClient, err := util.NewRESTClient(ctx, mockAttestationServer.Server.URL, "test-project", "us-central") - if err != nil { - t.Errorf("Failed to create rest client %s", err) - } - gotChallenge, err := restClient.CreateChallenge(ctx) - if err != nil { - t.Errorf("Failed to call CreateChallenge %s", err) - } - gotTokenResponse, err := restClient.VerifyAttestation(ctx, verifier.VerifyAttestationRequest{ - Challenge: gotChallenge, - Attestation: &attest.Attestation{}, - }) - if err != nil { - t.Errorf("Failed to call VerifyAttestation %s", err) - } - - wantNonce, _ := base64.StdEncoding.DecodeString(util.FakeTpmNonce) - wantChallenge := &verifier.Challenge{ - Name: "projects/test-project/locations/us-central-1/challenges/" + util.FakeChallengeUUID, - Nonce: []byte(wantNonce), - ConnID: ""} - wantToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0IiwiaWF0IjoxNzA5NzUyNTI1LCJleHAiOjE5MTk3NTI1MjV9.EBLA2zX3c-Fu0l--J9Gey6LIXMO1TFRCoe3bzuPGc1k" - if !reflect.DeepEqual(gotChallenge, wantChallenge) { - t.Error("Challenge Mismatch") - } - if !bytes.Equal(gotTokenResponse.ClaimsToken, []byte(wantToken)) { - t.Error("Token Mismatch") - } - -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/client.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/client.go deleted file mode 100644 index 13f29a3d7..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/client.go +++ /dev/null @@ -1,110 +0,0 @@ -// Package signaturediscovery contains functionalities to discover container image signatures. -package signaturediscovery - -import ( - "context" - "fmt" - - "github.com/containerd/containerd" - "github.com/containerd/containerd/content" - "github.com/containerd/containerd/images" - "github.com/containerd/containerd/remotes" - "github.com/google/go-tpm-tools/verifier/oci" - "github.com/google/go-tpm-tools/verifier/oci/cosign" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -const signatureTagSuffix = "sig" - -type ( - remoteResolverFetcher func(context.Context) (remotes.Resolver, error) - imageFetcher func(context.Context, string, ...containerd.RemoteOpt) (containerd.Image, error) -) - -// Fetcher discovers and fetches OCI signatures from the target repository. -type Fetcher interface { - FetchImageSignatures(ctx context.Context, targetRepository string) ([]oci.Signature, error) -} - -// Client is a wrapper of containerd.Client to interact with signed image manifest. -type Client struct { - OriginalImageDesc v1.Descriptor - refreshResolver remoteResolverFetcher - imageFetcher imageFetcher -} - -// New creates a new client that implements Fetcher interface. -func New(originalImageDesc v1.Descriptor, resolverFetcher remoteResolverFetcher, imageFetcher imageFetcher) Fetcher { - return &Client{ - OriginalImageDesc: originalImageDesc, - refreshResolver: resolverFetcher, - imageFetcher: imageFetcher, - } -} - -// FetchSignedImageManifest fetches a signed image manifest using a tag-based discovery mechanism. -func (c *Client) FetchSignedImageManifest(ctx context.Context, targetRepository string) (v1.Manifest, error) { - image, err := c.pullSignatureImage(ctx, targetRepository) - if err != nil { - return v1.Manifest{}, err - } - return getManifest(ctx, image) -} - -// FetchImageSignatures returns a list of valid image signatures associated with the target OCI image. -func (c *Client) FetchImageSignatures(ctx context.Context, targetRepository string) ([]oci.Signature, error) { - image, err := c.pullSignatureImage(ctx, targetRepository) - if err != nil { - return nil, err - } - manifest, err := getManifest(ctx, image) - if err != nil { - return nil, err - } - signatures := make([]oci.Signature, 0, len(manifest.Layers)) - for _, layer := range manifest.Layers { - blob, err := content.ReadBlob(ctx, image.ContentStore(), layer) - if err != nil { - return nil, err - } - sig := &cosign.Sig{ - Layer: layer, - Blob: blob, - SourceRepo: targetRepository, - } - signatures = append(signatures, sig) - } - return signatures, nil -} - -func (c *Client) pullSignatureImage(ctx context.Context, signatureRepository string) (containerd.Image, error) { - signatureImageRef := fmt.Sprint(signatureRepository, ":", formatSigTag(c.OriginalImageDesc)) - - // Pull signature image from a public repository. - if c.refreshResolver == nil { - return c.imageFetcher(ctx, signatureImageRef) - } - - // Refresh resolver before pulling container image. - resolver, err := c.refreshResolver(ctx) - if err == nil { - return c.imageFetcher(ctx, signatureImageRef, containerd.WithResolver(resolver)) - } - return nil, fmt.Errorf("failed to refresh remote resolver before pulling container image: %v", err) -} - -// formatSigTag turns image digests into tags with signatureTagSuffix: -// sha256:9ecc53c2 -> sha256-9ecc53c2.sig -func formatSigTag(imageDesc v1.Descriptor) string { - digest := imageDesc.Digest - return fmt.Sprint(digest.Algorithm(), "-", digest.Encoded(), ".", signatureTagSuffix) -} - -func getManifest(ctx context.Context, image containerd.Image) (v1.Manifest, error) { - cs := image.ContentStore() - manifest, err := images.Manifest(ctx, cs, image.Target(), image.Platform()) - if err != nil { - return v1.Manifest{}, err - } - return manifest, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/client_test.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/client_test.go deleted file mode 100644 index abc9cd08e..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/client_test.go +++ /dev/null @@ -1,168 +0,0 @@ -package signaturediscovery - -import ( - "context" - "fmt" - "testing" - - "github.com/containerd/containerd" - "github.com/containerd/containerd/defaults" - "github.com/containerd/containerd/namespaces" - "github.com/containerd/containerd/remotes" - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/launcher/registryauth" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -func TestFormatSigTag(t *testing.T) { - testCases := []struct { - name string - imageDesc v1.Descriptor - wantSigTag string - wantPass bool - }{ - { - name: "formatSigTag success", - imageDesc: v1.Descriptor{Digest: "sha256:9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f"}, - wantSigTag: "sha256-9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f.sig", - wantPass: true, - }, - { - name: "formatSigTag failed with wrong image digest", - imageDesc: v1.Descriptor{Digest: "sha256:9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f"}, - wantSigTag: "sha256-18740b995b4eac1b5706392a96ff8c4f30cefac18772058a71449692f1581f0f.sig", - wantPass: false, - }, - { - name: "formatSigTag failed with wrong tag format", - imageDesc: v1.Descriptor{Digest: "sha256:9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f"}, - wantSigTag: "sha256@9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f.sig", - wantPass: false, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - if got := formatSigTag(tc.imageDesc) == tc.wantSigTag; got != tc.wantPass { - t.Errorf("formatSigTag() failed for test case %v: got %v, wantPass %v", tc.name, got, tc.wantPass) - } - }) - } -} - -func TestFetchSignedImageManifestDockerPublic(t *testing.T) { - ctx := namespaces.WithNamespace(context.Background(), "test") - - targetRepository := "gcr.io/distroless/static" - originalImageDesc := v1.Descriptor{Digest: "sha256:9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f"} - client := createTestClient(t, originalImageDesc) - // testing image manifest fetching using a public docker repo url - if _, err := client.FetchSignedImageManifest(ctx, targetRepository); err != nil { - t.Errorf("failed to fetch signed image manifest from targetRepository [%s]: %v", targetRepository, err) - } -} - -func TestFetchImageSignaturesDockerPublic(t *testing.T) { - ctx := namespaces.WithNamespace(context.Background(), "test") - originalImageDesc := v1.Descriptor{Digest: "sha256:905a0f3b3d6d0fb37bfa448b9e78f833b73f0b19fc97fed821a09cf49e255df1"} - targetRepository := "us-docker.pkg.dev/vegas-codelab-5/cosign-test/base" - - client := createTestClient(t, originalImageDesc) - signatures, err := client.FetchImageSignatures(ctx, targetRepository) - if err != nil { - t.Errorf("failed to fetch image signatures from targetRepository [%s]: %v", targetRepository, err) - } - if len(signatures) == 0 { - t.Errorf("no image signatures found for the original image %v", originalImageDesc) - } - var gotBase64Sigs []string - for _, sig := range signatures { - if _, err := sig.Payload(); err != nil { - t.Errorf("Payload() failed: %v", err) - } - base64Sig, err := sig.Base64Encoded() - if err != nil { - t.Errorf("Base64Encoded() failed: %v", err) - } - gotBase64Sigs = append(gotBase64Sigs, base64Sig) - } - - // Check signatures from the OCI image manifest at https://pantheon.corp.google.com/artifacts/docker/vegas-codelab-5/us/cosign-test/base/sha256:1febaa6ac3a5c095435d5276755fb8efcb7f029fefe85cd9bf3ec7de91685b9f;tab=manifest?project=vegas-codelab-5. - wantBase64Sigs := []string{"MEUCIQDgoiwMiVl1SAI1iePhH6Oeqztms3IwNtN+w0P92HTqQgIgKjJNcHEy0Ep4g4MH1Vd0gAHvbwH9ahD+jlnMP/rXSGE="} - if !cmp.Equal(gotBase64Sigs, wantBase64Sigs) { - t.Errorf("signatures did not return expected base64 signatures, got %v, want %v", gotBase64Sigs, wantBase64Sigs) - } -} - -func TestPullSignatureImage(t *testing.T) { - imageFetcher := func(_ context.Context, _ string, opts ...containerd.RemoteOpt) (containerd.Image, error) { - if len(opts) >= 0 { - return &fakeImage{}, nil - } - return nil, fmt.Errorf("unable to fetch image") - } - - testCases := []struct { - name string - resolverFetcher remoteResolverFetcher - wantErr bool - }{ - { - name: "valid resolver", - resolverFetcher: func(_ context.Context) (remotes.Resolver, error) { - return registryauth.Resolver("valid access"), nil - }, - wantErr: false, - }, - { - name: "invalid resolver", - resolverFetcher: func(_ context.Context) (remotes.Resolver, error) { - return nil, fmt.Errorf("invalid resolver") - }, - wantErr: true, - }, - { - name: "nil resolver", - resolverFetcher: nil, - wantErr: false, - }, - } - - for _, tc := range testCases { - c := &Client{ - OriginalImageDesc: v1.Descriptor{Digest: "sha256:905a0f3b3d6d0fb37bfa448b9e78f833b73f0b19fc97fed821a09cf49e255df1"}, - refreshResolver: tc.resolverFetcher, - imageFetcher: imageFetcher, - } - _, err := c.pullSignatureImage(context.Background(), "fake image repo") - if gotErr := err != nil; gotErr != tc.wantErr { - t.Errorf("failed to refresh resolver when pulling container image, gotErr: %v, but wantErr: %v", gotErr, tc.wantErr) - } - } -} - -type fakeImage struct { - containerd.Image -} - -func createTestClient(t *testing.T, originalImageDesc v1.Descriptor) *Client { - t.Helper() - - containerdClient, err := containerd.New(defaults.DefaultAddress) - if err != nil { - t.Skipf("test needs containerd daemon: %v", err) - } - t.Cleanup(func() { containerdClient.Close() }) - - resolverFetcher := func(_ context.Context) (remotes.Resolver, error) { - return registryauth.Resolver("valid token"), nil - } - imageFetcher := func(ctx context.Context, imageRef string, opts ...containerd.RemoteOpt) (containerd.Image, error) { - return containerdClient.Pull(ctx, imageRef, opts...) - } - return &Client{ - OriginalImageDesc: originalImageDesc, - refreshResolver: resolverFetcher, - imageFetcher: imageFetcher, - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/fakeclient.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/fakeclient.go deleted file mode 100644 index f2deffe66..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/signaturediscovery/fakeclient.go +++ /dev/null @@ -1,54 +0,0 @@ -package signaturediscovery - -import ( - "context" - "fmt" - - "github.com/google/go-tpm-tools/verifier/oci" - "github.com/google/go-tpm-tools/verifier/oci/cosign" -) - -const ( - // FakeRepoWithSignatures represents an OCI registry with container image signatures for testing. - FakeRepoWithSignatures = "repo with signatures" - // FakeRepoWithNoSignatures represents an OCI registry with no container image signatures for testing. - FakeRepoWithNoSignatures = "repo with no signatures" - // FakeNonExistRepo represents a non-exist OCI registry for testing. - FakeNonExistRepo = "nonexist repo" - // FakeRepoWithAllInvalidSignatures represents an OCI registry with all invalid container image signatures for testing. - FakeRepoWithAllInvalidSignatures = "repo with all invalid signatures" - // FakeRepoWithPartialValidSignatures represents an OCI registry with parital valid container image signatures for testing. - FakeRepoWithPartialValidSignatures = "repo with parital valid signatures" -) - -type fakeClient struct{} - -// NewFakeClient constructs a new fake signature discovery client. -func NewFakeClient() Fetcher { - return &fakeClient{} -} - -// FetchImageSignatures returns hardcoded signatures based on the given target repository. -func (f *fakeClient) FetchImageSignatures(_ context.Context, targetRepository string) ([]oci.Signature, error) { - switch targetRepository { - case FakeRepoWithSignatures: - return []oci.Signature{ - cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256), - cosign.NewFakeSignature("hello world", oci.RSASSAPKCS1V152048SHA256), - }, nil - case FakeRepoWithNoSignatures, FakeNonExistRepo: - return nil, fmt.Errorf("cannot fetch the signature object from target repository [%s]", targetRepository) - case FakeRepoWithAllInvalidSignatures: - return []oci.Signature{ - cosign.NewFakeSignature("invalid signature", "unsupported"), - cosign.NewFakeSignature("invalid signature", "unsupported"), - }, nil - case FakeRepoWithPartialValidSignatures: - return []oci.Signature{ - cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256), - cosign.NewFakeSignature("invalid signature", "unsupported"), - }, nil - default: - return []oci.Signature{}, nil - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/systemctl/systemctl.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/systemctl/systemctl.go deleted file mode 100644 index 8805b3364..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/systemctl/systemctl.go +++ /dev/null @@ -1,77 +0,0 @@ -// Package systemctl implements a subset of systemctl operations. -package systemctl - -import ( - "context" - "fmt" - "log" - - "github.com/coreos/go-systemd/v22/dbus" -) - -// Systemd is an interface to connect to host systemd with selected functions. -type Systemd interface { - Start(string) error - Stop(string) error - IsActive(context.Context, string) (string, error) - Close() -} - -// Systemctl is a wrap around of dbus.Conn and implements the Systemd interface. -type Systemctl struct { - dbus *dbus.Conn -} - -var _ Systemd = (*Systemctl)(nil) - -// New connects to systemd over dbus. -func New() (*Systemctl, error) { - conn, err := dbus.NewWithContext(context.Background()) - if err != nil { - return nil, err - } - return &Systemctl{dbus: conn}, nil -} - -// Start is the equivalent of `systemctl start $unit`. -func (s *Systemctl) Start(unit string) error { - return runSystemdCmd(s.dbus.StartUnitContext, "start", unit) -} - -// Stop is the equivalent of `systemctl stop $unit`. -func (s *Systemctl) Stop(unit string) error { - return runSystemdCmd(s.dbus.StopUnitContext, "stop", unit) -} - -// IsActive is the equivalent of `systemctl is-active $unit`. -// The status can be "active", "activating", "deactivating", "inactive" or "failed". -func (s *Systemctl) IsActive(ctx context.Context, unit string) (string, error) { - status, err := s.dbus.ListUnitsByNamesContext(ctx, []string{unit}) - if err != nil { - return "", err - } - if len(status) != 1 { - return "", fmt.Errorf("want 1 unit from ListUnitsByNames, got %d", len(status)) - } - return status[0].ActiveState, nil -} - -// Close disconnects from dbus. -func (s *Systemctl) Close() { s.dbus.Close() } - -func runSystemdCmd(cmdFunc func(context.Context, string, string, chan<- string) (int, error), cmd string, unit string) error { - progress := make(chan string, 1) - - // Run systemd command in "replace" mode to start the unit and its dependencies, - // possibly replacing already queued jobs that conflict with this. - if _, err := cmdFunc(context.Background(), unit, "replace", progress); err != nil { - return fmt.Errorf("failed to run systemctl [%s] for unit [%s]: %v", cmd, unit, err) - } - - if result := <-progress; result != "done" { - return fmt.Errorf("systemctl [%s] result was [%s], want done", cmd, result) - } - - log.Printf("Finished up systemctl [%s] for unit [%s]", cmd, unit) - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/internal/systemctl/systemctl_test.go b/vendor/github.com/google/go-tpm-tools/launcher/internal/systemctl/systemctl_test.go deleted file mode 100644 index 4e60d653a..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/internal/systemctl/systemctl_test.go +++ /dev/null @@ -1,91 +0,0 @@ -package systemctl - -import ( - "context" - "errors" - "testing" -) - -func TestRunSystmedCmd(t *testing.T) { - doneUnitFunc := func(_ context.Context, _, _ string, progress chan<- string) (int, error) { - progress <- "done" - return 1, nil - } - failedCallUnitFunc := func(context.Context, string, string, chan<- string) (int, error) { - return 1, errors.New("something went wrong") - } - failedUnitFunc := func(_ context.Context, _, _ string, progress chan<- string) (int, error) { - progress <- "failed" - return 1, nil - } - - testCases := []struct { - name string - sytemdCmdFunc func(ctx context.Context, unit string, flag string, progress chan<- string) (int, error) - wantErr bool - }{ - { - name: "success", - sytemdCmdFunc: doneUnitFunc, - wantErr: false, - }, - { - name: "failed call", - sytemdCmdFunc: failedCallUnitFunc, - wantErr: true, - }, - { - name: "failed unit run", - sytemdCmdFunc: failedUnitFunc, - wantErr: true, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - if err := runSystemdCmd(tc.sytemdCmdFunc, "test", "test_unit"); (err != nil) != tc.wantErr { - t.Errorf("runSystemdCmd() did not return expected error, got error: %v, but wantErr %v", err, tc.wantErr) - } - }) - } -} - -// TestGetStatus reads the `-.mount` which should exist on all systemd -// systems and ensures that one of its properties is valid. -func TestGetStatus(t *testing.T) { - systemctl, err := New() - if err != nil { - t.Skipf("Failed to create systemctl client: %v", err) - } - - t.Cleanup(systemctl.Close) - - testCases := []struct { - name string - unit string - want string - }{ - { - name: "success", - unit: "-.mount", //`-.mount` which should exist on all systemd systems, - want: "active", - }, - { - name: "success with an inactive unit", - unit: "node-problem-detector.service", - want: "inactive", - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - got, err := systemctl.IsActive(context.Background(), tc.unit) - if err != nil { - t.Fatalf("failed to read status for unit [%s]: %v", tc.unit, got) - } - if got != tc.want { - t.Errorf("GetStatus returned unexpected status for unit [%s], got %s, but want %s", tc.unit, got, tc.want) - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/launcher/main.go b/vendor/github.com/google/go-tpm-tools/launcher/launcher/main.go deleted file mode 100644 index d5b88bfa0..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/launcher/main.go +++ /dev/null @@ -1,352 +0,0 @@ -// package main is a program that will start a container with attestation. -package main - -import ( - "bytes" - "context" - "errors" - "fmt" - "log" - "os" - "os/exec" - "regexp" - "strings" - "time" - - "cloud.google.com/go/compute/metadata" - "github.com/containerd/containerd" - "github.com/containerd/containerd/defaults" - "github.com/containerd/containerd/namespaces" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/launcher" - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/launcher/launcherfile" - "github.com/google/go-tpm-tools/launcher/registryauth" - "github.com/google/go-tpm-tools/launcher/spec" - "github.com/google/go-tpm/legacy/tpm2" -) - -const ( - successRC = 0 // workload successful (no reboot) - failRC = 1 // workload or launcher internal failed (no reboot) - // panic() returns 2 - rebootRC = 3 // reboot - holdRC = 4 // hold -) - -var expectedTPMDAParams = launcher.TPMDAParams{ - MaxTries: 0x20, // 32 tries - RecoveryTime: 0x1C20, // 120 mins - LockoutRecovery: 0x15180, // 24 hrs -} - -var rcMessage = map[int]string{ - successRC: "workload finished successfully, shutting down the VM", - failRC: "workload or launcher error, shutting down the VM", - rebootRC: "rebooting VM", - holdRC: "VM remains running", -} - -// BuildCommit shows the commit when building the binary, set by -ldflags when building -var BuildCommit = "dev" - -var logger logging.Logger -var mdsClient *metadata.Client - -var welcomeMessage = "TEE container launcher initiating" -var exitMessage = "TEE container launcher exiting" - -var start time.Time - -func main() { - uptime, err := getUptime() - if err != nil { - logger.Error(fmt.Sprintf("error reading VM uptime: %v", err)) - } - // Note the current time to later calculate launch time. - start = time.Now() - - var exitCode int // by default exit code is 0 - ctx := context.Background() - - defer func() { - os.Exit(exitCode) - }() - - logger, err = logging.NewLogger(ctx) - if err != nil { - log.Default().Printf("failed to initialize logging: %v", err) - exitCode = failRC - log.Default().Printf("%s, exit code: %d (%s)\n", exitMessage, exitCode, rcMessage[exitCode]) - return - } - defer logger.Close() - - logger.Info("Boot completed", "duration_sec", uptime) - logger.Info(welcomeMessage, "build_commit", BuildCommit) - - if err := verifyFsAndMount(); err != nil { - logger.Error(fmt.Sprintf("failed to verify filesystem and mounts: %v\n", err)) - exitCode = rebootRC - logger.Error(exitMessage, "exit_code", exitCode, "exit_msg", rcMessage[exitCode]) - return - } - - if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { - logger.Error(fmt.Sprintf("failed to create %s: %v", launcherfile.HostTmpPath, err)) - } - - // Get RestartPolicy and IsHardened from spec - mdsClient = metadata.NewClient(nil) - launchSpec, err := spec.GetLaunchSpec(ctx, logger, mdsClient) - if err != nil { - logger.Error(fmt.Sprintf("failed to get launchspec, make sure you're running inside a GCE VM: %v", err)) - // if cannot get launchSpec, exit directly - exitCode = failRC - logger.Error(exitMessage, "exit_code", exitCode, "exit_msg", rcMessage[exitCode]) - return - } - - defer func() { - // Catch panic to attempt to output to Cloud Logging. - if r := recover(); r != nil { - logger.Error(fmt.Sprintf("Panic: %v", r)) - exitCode = 2 - } - msg, ok := rcMessage[exitCode] - if ok { - logger.Info(exitMessage, "exit_code", exitCode, "exit_msg", msg) - } else { - logger.Info(exitMessage, "exit_code", exitCode) - } - }() - if err = startLauncher(launchSpec, logger.SerialConsoleFile()); err != nil { - logger.Error(err.Error()) - } - - workloadDuration := time.Since(start) - logger.Info("Workload completed", - "workload", launchSpec.ImageRef, - "workload_execution_sec", workloadDuration.Seconds(), - ) - - exitCode = getExitCode(launchSpec.Hardened, launchSpec.RestartPolicy, err) -} - -func getExitCode(isHardened bool, restartPolicy spec.RestartPolicy, err error) int { - exitCode := 0 - - // if in a debug image, will always hold - if !isHardened { - return holdRC - } - - if err != nil { - switch err.(type) { - default: - // non-retryable error - exitCode = failRC - case *launcher.RetryableError, *launcher.WorkloadError: - if restartPolicy == spec.Always || restartPolicy == spec.OnFailure { - exitCode = rebootRC - } else { - exitCode = failRC - } - } - } else { - // if no error - if restartPolicy == spec.Always { - exitCode = rebootRC - } else { - exitCode = successRC - } - } - - return exitCode -} - -func getUptime() (string, error) { - file, err := os.ReadFile("/proc/uptime") - if err != nil { - return "", fmt.Errorf("error opening /proc/uptime: %v", err) - } - - // proc/uptime contains two values separated by a space. We only need the first. - split := bytes.Split(file, []byte(" ")) - if len(split) != 2 { - return "", fmt.Errorf("unexpected /proc/uptime contents: %s", file) - } - - return string(split[0]), nil -} - -func startLauncher(launchSpec spec.LaunchSpec, serialConsole *os.File) error { - logger.Info(fmt.Sprintf("Launch Spec: %+v", launchSpec.LogFriendly())) - containerdClient, err := containerd.New(defaults.DefaultAddress) - if err != nil { - return &launcher.RetryableError{Err: err} - } - defer containerdClient.Close() - - tpm, err := tpm2.OpenTPM("/dev/tpmrm0") - if err != nil { - return &launcher.RetryableError{Err: err} - } - defer tpm.Close() - - // check DA info, don't crash if failed - daInfo, err := launcher.GetTPMDAInfo(tpm) - if err != nil { - logger.Error(fmt.Sprintf("Failed to get DA Info: %v", err)) - } else { - if !daInfo.StartupClearOrderly { - logger.Warn(fmt.Sprintf("Failed orderly startup. Avoid using instance reset. Instead, use instance stop/start. DA lockout counter incremented: LockoutCounter: %d / MaxAuthFail: %d", daInfo.LockoutCounter, daInfo.MaxTries)) - } - - if err := launcher.SetTPMDAParams(tpm, expectedTPMDAParams); err != nil { - logger.Error(fmt.Sprintf("Failed to set DA params: %v", err)) - } - - daInfo, err := launcher.GetTPMDAInfo(tpm) - if err != nil { - logger.Error(fmt.Sprintf("Failed to get DA Info: %v", err)) - } else { - logger.Info(fmt.Sprintf("Updated TPM DA params: %+v", daInfo)) - } - } - - // check AK (EK signing) cert - gceAk, err := client.GceAttestationKeyECC(tpm) - if err != nil { - return err - } - if gceAk.Cert() == nil { - return errors.New("failed to find AKCert on this VM: try creating a new VM or contacting support") - } - gceAk.Close() - - token, err := registryauth.RetrieveAuthToken(context.Background(), mdsClient) - if err != nil { - logger.Info(fmt.Sprintf("failed to retrieve auth token: %v, using empty auth for image pulling\n", err)) - } - - logger.Info("Launch started", "duration_sec", time.Since(start).Seconds()) - - ctx := namespaces.WithNamespace(context.Background(), namespaces.Default) - r, err := launcher.NewRunner(ctx, containerdClient, token, launchSpec, mdsClient, tpm, logger, serialConsole) - if err != nil { - return err - } - defer r.Close(ctx) - - return r.Run(ctx) -} - -// verifyFsAndMount checks the partitions/mounts are as expected, based on the command output reported by OS. -// These checks are not a security guarantee. -func verifyFsAndMount() error { - dmLsOutput, err := exec.Command("dmsetup", "ls").Output() - if err != nil { - return fmt.Errorf("failed to call `dmsetup ls`: %v %s", err, string(dmLsOutput)) - } - - dmDevs := strings.Split(string(dmLsOutput), "\n") - devNameToDevNo := make(map[string]string) - for _, dmDev := range dmDevs { - if dmDev == "" { - continue - } - devFields := strings.Fields(dmDev) - if len(devFields) != 2 { - continue - } - devMajorMinor := strings.ReplaceAll(strings.ReplaceAll(devFields[1], "(", ""), ")", "") - devNameToDevNo[devFields[0]] = devMajorMinor - } - var cryptNo, zeroNo string - var ok bool - if _, ok = devNameToDevNo["protected_stateful_partition"]; !ok { - return fmt.Errorf("failed to find /dev/mapper/protected_stateful_partition: %s", string(dmLsOutput)) - } - if cryptNo, ok = devNameToDevNo["protected_stateful_partition_crypt"]; !ok { - return fmt.Errorf("failed to find /dev/mapper/protected_stateful_partition_crypt: %s", string(dmLsOutput)) - } - if zeroNo, ok = devNameToDevNo["protected_stateful_partition_zero"]; !ok { - return fmt.Errorf("failed to find /dev/mapper/protected_stateful_partition_zero: %s", string(dmLsOutput)) - } - - dmTableCloneOutput, err := exec.Command("dmsetup", "table", "/dev/mapper/protected_stateful_partition").Output() - if err != nil { - return fmt.Errorf("failed to check /dev/mapper/protected_stateful_partition status: %v %s", err, string(dmTableCloneOutput)) - } - cloneTable := strings.Fields(string(dmTableCloneOutput)) - // https://docs.kernel.org/admin-guide/device-mapper/dm-clone.html - if len(cloneTable) < 7 { - return fmt.Errorf("clone table does not match expected format: %s", string(dmTableCloneOutput)) - } - if cloneTable[2] != "clone" { - return fmt.Errorf("protected_stateful_partition is not a dm-clone device: %s", string(dmTableCloneOutput)) - } - if cloneTable[4] != cryptNo { - return fmt.Errorf("protected_stateful_partition does not have protected_stateful_partition_crypt as a destination device: %s", string(dmTableCloneOutput)) - } - if cloneTable[5] != zeroNo { - return fmt.Errorf("protected_stateful_partition protected_stateful_partition_zero as a source device: %s", string(dmTableCloneOutput)) - } - - // Check protected_stateful_partition_crypt is encrypted and is on integrity protection. - dmTableCryptOutput, err := exec.Command("dmsetup", "table", "/dev/mapper/protected_stateful_partition_crypt").Output() - if err != nil { - return fmt.Errorf("failed to check /dev/mapper/protected_stateful_partition_crypt status: %v %s", err, string(dmTableCryptOutput)) - } - matched := regexp.MustCompile(`integrity:28:aead`).FindString(string(dmTableCryptOutput)) - if len(matched) == 0 { - return fmt.Errorf("stateful partition is not integrity protected: \n%s", dmTableCryptOutput) - } - matched = regexp.MustCompile(`capi:gcm\(aes\)-random`).FindString(string(dmTableCryptOutput)) - if len(matched) == 0 { - return fmt.Errorf("stateful partition is not using the aes-gcm-random cipher: \n%s", dmTableCryptOutput) - } - - // Make sure /var/lib/containerd is on protected_stateful_partition. - findmountOutput, err := exec.Command("findmnt", "/dev/mapper/protected_stateful_partition").Output() - if err != nil { - return fmt.Errorf("failed to findmnt /dev/mapper/protected_stateful_partition: %v %s", err, string(findmountOutput)) - } - matched = regexp.MustCompile(`/var/lib/containerd\s+/dev/mapper/protected_stateful_partition\[/var/lib/containerd\]\s+ext4\s+rw,nosuid,nodev,relatime,commit=30`).FindString(string(findmountOutput)) - if len(matched) == 0 { - return fmt.Errorf("/var/lib/containerd was not mounted on the protected_stateful_partition: \n%s", findmountOutput) - } - matched = regexp.MustCompile(`/var/lib/google\s+/dev/mapper/protected_stateful_partition\[/var/lib/google\]\s+ext4\s+rw,nosuid,nodev,relatime,commit=30`).FindString(string(findmountOutput)) - if len(matched) == 0 { - return fmt.Errorf("/var/lib/google was not mounted on the protected_stateful_partition: \n%s", findmountOutput) - } - - // Check /tmp is on tmpfs. - findmntOutput, err := exec.Command("findmnt", "tmpfs").Output() - if err != nil { - return fmt.Errorf("failed to findmnt tmpfs: %v %s", err, string(findmntOutput)) - } - matched = regexp.MustCompile(`/tmp\s+tmpfs\s+tmpfs`).FindString(string(findmntOutput)) - if len(matched) == 0 { - return fmt.Errorf("/tmp was not mounted on the tmpfs: \n%s", findmntOutput) - } - - // Check verity status on vroot and oemroot. - cryptSetupOutput, err := exec.Command("cryptsetup", "status", "vroot").Output() - if err != nil { - return fmt.Errorf("failed to check vroot status: %v %s", err, string(cryptSetupOutput)) - } - if !strings.Contains(string(cryptSetupOutput), "/dev/mapper/vroot is active and is in use.") { - return fmt.Errorf("/dev/mapper/vroot was not mounted correctly: \n%s", cryptSetupOutput) - } - cryptSetupOutput, err = exec.Command("cryptsetup", "status", "oemroot").Output() - if err != nil { - return fmt.Errorf("failed to check oemroot status: %v %s", err, string(cryptSetupOutput)) - } - if !strings.Contains(string(cryptSetupOutput), "/dev/mapper/oemroot is active and is in use.") { - return fmt.Errorf("/dev/mapper/oemroot was not mounted correctly: \n%s", cryptSetupOutput) - } - - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/launcher/main_test.go b/vendor/github.com/google/go-tpm-tools/launcher/launcher/main_test.go deleted file mode 100644 index 8e28022c4..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/launcher/main_test.go +++ /dev/null @@ -1,132 +0,0 @@ -package main - -import ( - "errors" - "testing" - - "github.com/google/go-tpm-tools/launcher" - "github.com/google/go-tpm-tools/launcher/spec" -) - -func TestGetExitCode(t *testing.T) { - testcases := []struct { - name string - isHardened bool - restartPolicy spec.RestartPolicy - err error - expectedReturnCode int - }{ - // no error, debug image - { - "debug, always restart, nil error", - false, spec.Always, nil, holdRC, - }, - { - "debug, never restart, nil error", - false, spec.Never, nil, holdRC, - }, - { - "debug, onfailure restart, nil error", - false, spec.OnFailure, nil, holdRC, - }, - // no error, hardened image - { - "hardened, always restart, nil error", - true, spec.Always, nil, rebootRC, - }, - { - "hardened, never restart, nil error", - true, spec.Never, nil, successRC, - }, - { - "hardened, onfailure restart, nil error", - true, spec.OnFailure, nil, successRC, - }, - // retryable error, debug image - { - "debug, always restart, retryable error", - false, spec.Always, &launcher.RetryableError{}, holdRC, - }, - { - "debug, never restart, retryable error", - false, spec.Never, &launcher.RetryableError{}, holdRC, - }, - { - "debug, onfailure restart, retryable error", - false, spec.OnFailure, &launcher.RetryableError{}, holdRC, - }, - // workload error, debug image (same as retryable error) - { - "debug, always restart, workload error", - false, spec.Always, &launcher.WorkloadError{}, holdRC, - }, - { - "debug, never restart, workload error", - false, spec.Never, &launcher.WorkloadError{}, holdRC, - }, - { - "debug, onfailure restart, workload error", - false, spec.OnFailure, &launcher.WorkloadError{}, holdRC, - }, - // retryable error, hardened image - { - "hardened, always restart, retryable error", - true, spec.Always, &launcher.RetryableError{}, rebootRC, - }, - { - "hardened, never restart, retryable error", - true, spec.Never, &launcher.RetryableError{}, failRC, - }, - { - "hardened, onfailure restart, retryable error", - true, spec.OnFailure, &launcher.RetryableError{}, rebootRC, - }, - // workload error, hardened image (same as retryable error) - { - "hardened, always restart, workload error", - true, spec.Always, &launcher.WorkloadError{}, rebootRC, - }, - { - "hardened, never restart, workload error", - true, spec.Never, &launcher.WorkloadError{}, failRC, - }, - { - "hardened, onfailure restart, workload error", - true, spec.OnFailure, &launcher.WorkloadError{}, rebootRC, - }, - // non-retryable error, debug image - { - "debug, always restart, non-retryable error", - false, spec.Always, errors.New(""), holdRC, - }, - { - "debug, never restart, non-retryable error", - false, spec.Never, errors.New(""), holdRC, - }, - { - "debug, onfailure restart, non-retryable error", - false, spec.OnFailure, errors.New(""), holdRC, - }, - // non-retryable error, hardened image - { - "hardened, always restart, non-retryable error", - true, spec.Always, errors.New(""), failRC, - }, - { - "hardened, never restart, non-retryable error", - true, spec.Never, errors.New(""), failRC, - }, - { - "hardened, onfailure restart, non-retryable error", - true, spec.OnFailure, errors.New(""), failRC, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - if rc := getExitCode(tc.isHardened, tc.restartPolicy, tc.err); rc != tc.expectedReturnCode { - t.Errorf("got %d, wanted %d", rc, tc.expectedReturnCode) - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/launcherfile/launcherfile.go b/vendor/github.com/google/go-tpm-tools/launcher/launcherfile/launcherfile.go deleted file mode 100644 index 0e9fee600..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/launcherfile/launcherfile.go +++ /dev/null @@ -1,12 +0,0 @@ -// Package launcherfile contains functions and constants for interacting with -// launcher files. -package launcherfile - -const ( - // HostTmpPath defined the directory in the host that will store attestation tokens - HostTmpPath = "/tmp/container_launcher/" - // ContainerRuntimeMountPath defined the directory in the container stores attestation tokens - ContainerRuntimeMountPath = "/run/container_launcher/" - // AttestationVerifierTokenFilename defines the name of the file the attestation token is stored in. - AttestationVerifierTokenFilename = "attestation_verifier_claims_token" -) diff --git a/vendor/github.com/google/go-tpm-tools/launcher/registryauth/auth.go b/vendor/github.com/google/go-tpm-tools/launcher/registryauth/auth.go deleted file mode 100644 index 6c5bea921..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/registryauth/auth.go +++ /dev/null @@ -1,65 +0,0 @@ -// Package registryauth contains functionalities to authenticate docker repo. -package registryauth - -import ( - "context" - "encoding/json" - "fmt" - "strings" - - "cloud.google.com/go/compute/metadata" - "github.com/containerd/containerd/remotes" - "github.com/containerd/containerd/remotes/docker" - "golang.org/x/oauth2" -) - -// RetrieveAuthToken takes in a metadata server client, and uses it to read the -// default service account token from a GCE VM and returns the token. -func RetrieveAuthToken(ctx context.Context, client *metadata.Client) (oauth2.Token, error) { - data, err := client.GetWithContext(ctx, "instance/service-accounts/default/token") - if err != nil { - return oauth2.Token{}, err - } - - var token oauth2.Token - if err := json.Unmarshal([]byte(data), &token); err != nil { - return oauth2.Token{}, err - } - - return token, nil -} - -// Resolver returns a custom resolver that can use the token to authenticate with -// the repo. -func Resolver(token string) remotes.Resolver { - options := docker.ResolverOptions{} - - credentials := func(host string) (string, string, error) { - // append the token if is talking to Artifact Registry or GCR Registry - if strings.HasSuffix(host, "docker.pkg.dev") || strings.HasSuffix(host, "gcr.io") { - return "_token", token, nil - } - return "", "", nil - } - authOpts := []docker.AuthorizerOpt{docker.WithAuthCreds(credentials)} - //nolint:staticcheck - options.Authorizer = docker.NewDockerAuthorizer(authOpts...) - - return docker.NewResolver(options) -} - -// RefreshResolver takes in a metadata server client, uses it to refresh the default service -// account token, and returns a custom resolver that can use the token to authenticate with -// the repo. -func RefreshResolver(ctx context.Context, client *metadata.Client) (remotes.Resolver, error) { - token, err := RetrieveAuthToken(ctx, client) - if err != nil { - return nil, fmt.Errorf("failed to retrieve auth token from metadata server: %v", err) - } - - if token.Valid() { - return Resolver(token.AccessToken), nil - } - - return nil, fmt.Errorf("invalid token from metadata server: %v", token) -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_policy.go b/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_policy.go deleted file mode 100644 index 13a1854f2..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_policy.go +++ /dev/null @@ -1,340 +0,0 @@ -package spec - -import ( - "errors" - "fmt" - "path/filepath" - "strconv" - "strings" - - "github.com/google/go-tpm-tools/launcher/internal/logging" -) - -// LaunchPolicy contains policies on starting the container. -// The policy comes from the labels of the image. -type LaunchPolicy struct { - AllowedEnvOverride []string - AllowedCmdOverride bool - AllowedLogRedirect policy - AllowedMountDestinations []string - HardenedImageMonitoring MonitoringType - DebugImageMonitoring MonitoringType - PrivilegedCaps bool - AllowCgroups bool -} - -type policy int - -const ( - debugOnly policy = iota - always - never -) - -// MonitoringType represents the possible health monitoring presets for the client. -type MonitoringType int - -const ( - // None indicates no monitoring enabled. - None MonitoringType = iota - // MemoryOnly indicates only memory_bytes_used enabled. - MemoryOnly - // All indicates all supported metrics enabled. - All -) - -func (mt MonitoringType) String() string { - switch mt { - case None: - return "none" - case MemoryOnly: - return "memoryOnly" - case All: - return "all" - } - - return "" -} - -func toMonitoringType(s string) (MonitoringType, error) { - switch strings.ToLower(s) { - case "none": - return None, nil - case "memoryonly": - return MemoryOnly, nil - case "all": - return All, nil - } - - return None, fmt.Errorf("invalid monitoring type %v", s) -} - -// String returns LaunchPolicy details. -func (p policy) String() string { - switch p { - case debugOnly: - return "debugonly" - case always: - return "always" - case never: - return "never" - default: - return "unspecified launch policy" - } -} - -func toPolicy(policy, s string) (policy, error) { - s = strings.ToLower(s) - s = strings.TrimSpace(s) - - if s == "always" { - return always, nil - } - if s == "never" { - return never, nil - } - if s == "debugonly" { - return debugOnly, nil - } - return 0, fmt.Errorf("not a valid %s %s (must be one of [always, never, debugonly])", policy, s) -} - -const ( - envOverride = "tee.launch_policy.allow_env_override" - cmdOverride = "tee.launch_policy.allow_cmd_override" - logRedirect = "tee.launch_policy.log_redirect" - memoryMonitoring = "tee.launch_policy.monitoring_memory_allow" - hardenedMonitoring = "tee.launch_policy.hardened_monitoring" - debugMonitoring = "tee.launch_policy.debug_monitoring" - // Values look like a PATH list, with ':' as a separator. - // Empty paths will be ignored and relative paths will be interpreted as - // relative to "/". - // Paths will be cleaned using filepath.Clean. - mountDestinations = "tee.launch_policy.allow_mount_destinations" - privilegedCaps = "tee.launch_policy.allow_capabilities" - allowCgroups = "tee.launch_policy.allow_cgroups" -) - -func configureMonitoringPolicy(imageLabels map[string]string, launchPolicy *LaunchPolicy, logger logging.Logger) error { - // Old policy. - memVal, memOk := imageLabels[memoryMonitoring] - // New policies. - hardenedVal, hardenedOk := imageLabels[hardenedMonitoring] - debugVal, debugOk := imageLabels[debugMonitoring] - - var err error - - // Return an error if old/new policies are both defined - if memOk && (hardenedOk || debugOk) { - return fmt.Errorf("use either %s or %s/%s in image labels,- not both", memoryMonitoring, hardenedMonitoring, debugMonitoring) - } else if memOk { - policy, err := toPolicy(memoryMonitoring, memVal) - if err != nil { - return fmt.Errorf("invalid image LABEL '%s'", memoryMonitoring) - } - - logger.Info(fmt.Sprintf("%s will be deprecated, use %s and %s instead", memoryMonitoring, hardenedMonitoring, debugMonitoring)) - - switch policy { - case always: - logger.Info(fmt.Sprintf("%s=always will be treated as %s=memory_only and %s=memory_only", memoryMonitoring, hardenedMonitoring, debugMonitoring)) - launchPolicy.HardenedImageMonitoring = MemoryOnly - launchPolicy.DebugImageMonitoring = MemoryOnly - case never: - logger.Info(fmt.Sprintf("%s=never will be treated as %s=none and %s=none", memoryMonitoring, hardenedMonitoring, debugMonitoring)) - logger.Info("memory monitoring not allowed by image") - launchPolicy.HardenedImageMonitoring = None - launchPolicy.DebugImageMonitoring = None - case debugOnly: - logger.Info(fmt.Sprintf("%s=debug_only will be treated as %s=none and %s=memory", memoryMonitoring, hardenedMonitoring, debugMonitoring)) - logger.Info("memory monitoring only allowed on debug environment by image") - launchPolicy.HardenedImageMonitoring = None - launchPolicy.DebugImageMonitoring = MemoryOnly - } - return nil - } - - if hardenedOk { - launchPolicy.HardenedImageMonitoring, err = toMonitoringType(hardenedVal) - if err != nil { - return fmt.Errorf("invalid monitoring type for hardened image: %v", err) - } - logger.Info(fmt.Sprintf("'%s' monitoring allowed on hardened environment", launchPolicy.HardenedImageMonitoring)) - } else { - launchPolicy.HardenedImageMonitoring = None - } - - if debugOk { - launchPolicy.DebugImageMonitoring, err = toMonitoringType(debugVal) - if err != nil { - return fmt.Errorf("invalid monitoring type for debug image: %v", err) - } - logger.Info(fmt.Sprintf("'%s' monitoring allowed on debug environment", launchPolicy.DebugImageMonitoring)) - } else { - launchPolicy.DebugImageMonitoring = MemoryOnly - } - - return nil -} - -// GetLaunchPolicy takes in a map[string] string which should come from image labels, -// and will try to parse it into a LaunchPolicy. Extra fields will be ignored. -func GetLaunchPolicy(imageLabels map[string]string, logger logging.Logger) (LaunchPolicy, error) { - var err error - launchPolicy := LaunchPolicy{} - if v, ok := imageLabels[envOverride]; ok { - envs := strings.Split(v, ",") - for _, env := range envs { - // strip out empty env name - if env != "" { - launchPolicy.AllowedEnvOverride = append(launchPolicy.AllowedEnvOverride, env) - } - } - } - - if v, ok := imageLabels[cmdOverride]; ok { - if launchPolicy.AllowedCmdOverride, err = strconv.ParseBool(v); err != nil { - return LaunchPolicy{}, fmt.Errorf("invalid image LABEL '%s' (not a boolean)", cmdOverride) - } - } - - // default is debug only for logRedirect - if v, ok := imageLabels[logRedirect]; ok { - launchPolicy.AllowedLogRedirect, err = toPolicy(logRedirect, v) - if err != nil { - return LaunchPolicy{}, fmt.Errorf("invalid image LABEL '%s'", logRedirect) - } - } - - if err := configureMonitoringPolicy(imageLabels, &launchPolicy, logger); err != nil { - return LaunchPolicy{}, err - } - - if v, ok := imageLabels[mountDestinations]; ok { - paths := filepath.SplitList(v) - for _, path := range paths { - // Strip out empty path name. - if path != "" { - path = filepath.Clean(path) - launchPolicy.AllowedMountDestinations = append(launchPolicy.AllowedMountDestinations, path) - } - } - } - - if v, ok := imageLabels[privilegedCaps]; ok { - if launchPolicy.PrivilegedCaps, err = strconv.ParseBool(v); err != nil { - return LaunchPolicy{}, fmt.Errorf("invalid image LABEL '%s' (not a boolean)", privilegedCaps) - } - } - - if v, ok := imageLabels[allowCgroups]; ok { - if launchPolicy.AllowCgroups, err = strconv.ParseBool(v); err != nil { - return LaunchPolicy{}, fmt.Errorf("invalid image LABEL '%s' (not a boolean)", allowCgroups) - } - } - - return launchPolicy, nil -} - -func verifyMonitoringConfig(policy MonitoringType, spec MonitoringType) error { - switch policy { - case All: - // If policy is 'All', spec can be anything. - return nil - case MemoryOnly: - // If policy is 'MemoryOnly', spec must be 'None' or 'MemoryOnly'. - if spec == All { - return fmt.Errorf("spec configured for all monitoring, policy only allows memory") - } - case None: - // If policy is 'None', spec must also be 'None'. - if spec != None { - return fmt.Errorf("spec configured for %v but policy is none", spec) - } - } - - return nil -} - -// Verify will use the LaunchPolicy to verify the given LaunchSpec. If the verification passed, will return nil. -// If there are multiple violations, the function will return the first error. -func (p LaunchPolicy) Verify(ls LaunchSpec) error { - for _, e := range ls.Envs { - if !contains(p.AllowedEnvOverride, e.Name) { - return fmt.Errorf("env var %s is not allowed to be overridden on this image; allowed envs to be overridden: %v", e, p.AllowedEnvOverride) - } - } - if !p.AllowedCmdOverride && len(ls.Cmd) > 0 { - return fmt.Errorf("CMD is not allowed to be overridden on this image") - } - - if p.AllowedLogRedirect == never && ls.LogRedirect.enabled() { - return fmt.Errorf("logging redirection not allowed by image") - } - - if p.AllowedLogRedirect == debugOnly && ls.LogRedirect.enabled() && ls.Hardened { - return fmt.Errorf("logging redirection only allowed on debug environment by image") - } - - monitoringPolicy := p.DebugImageMonitoring - if ls.Hardened { - monitoringPolicy = p.HardenedImageMonitoring - } - - if err := verifyMonitoringConfig(monitoringPolicy, ls.MonitoringEnabled); err != nil { - return fmt.Errorf("error verifying monitoring config: %v", err) - } - - var err error - for _, mnt := range ls.Mounts { - err = errors.Join(err, p.verifyMountDestination(mnt.Mountpoint())) - } - if err != nil { - return fmt.Errorf("destination mount points are not allowed: %v", err) - } - - if len(ls.AddedCapabilities) != 0 && !p.PrivilegedCaps { - return errors.New("additional capabilities are not allowed") - } - - if ls.CgroupNamespace && !p.AllowCgroups { - return errors.New("cgroups usage is not allowed") - } - - return nil -} - -// verifyMountDestination assumes AllowedMountDestinations contains -// `filepath.Clean`ed paths. -func (p LaunchPolicy) verifyMountDestination(dstPath string) error { - if !filepath.IsAbs(dstPath) { - return fmt.Errorf("received a non-absolute destination path: %v", dstPath) - } - dstPath = filepath.Clean(dstPath) - for _, allowDst := range p.AllowedMountDestinations { - if !filepath.IsAbs(allowDst) { - return fmt.Errorf("received a non-absolute allowed destination path: %v", allowDst) - } - rel, err := filepath.Rel(allowDst, dstPath) - if err != nil { - return err - } - - // If dest is not the parent dir relative to the allowed mountpoint - // or dest is not relative from the allowed's parent directory, then - // dest must be a child (or the exact same directory). - if rel != ".." && !strings.HasPrefix(rel, "../") { - return nil - } - } - return fmt.Errorf("destination mount point \"%v\" is invalid: policy only allows mounts in the following paths: %v", dstPath, p.AllowedMountDestinations) -} - -func contains(strs []string, target string) bool { - for _, s := range strs { - if s == target { - return true - } - } - return false -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_policy_test.go b/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_policy_test.go deleted file mode 100644 index 4d96701d1..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_policy_test.go +++ /dev/null @@ -1,949 +0,0 @@ -package spec - -import ( - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/launcher/internal/launchermount" - "github.com/google/go-tpm-tools/launcher/internal/logging" -) - -func TestLaunchPolicy(t *testing.T) { - testCases := []struct { - testName string - imageLabels map[string]string - expectedPolicy LaunchPolicy - }{ - { - "single ENV override, CMD override", - map[string]string{ - envOverride: "foo", - cmdOverride: "true", - }, - LaunchPolicy{ - AllowedEnvOverride: []string{"foo"}, - AllowedCmdOverride: true, - }, - }, - { - "multiple ENV override, no CMD override", - map[string]string{ - envOverride: "foo,bar", - }, - LaunchPolicy{ - AllowedEnvOverride: []string{"foo", "bar"}, - AllowedCmdOverride: false, - }, - }, - { - "no ENV override, no CMD override", - nil, - LaunchPolicy{ - AllowedEnvOverride: nil, - AllowedCmdOverride: false, - }, - }, - { - "empty string in ENV override", - map[string]string{ - envOverride: ",,,foo", - cmdOverride: "false", - }, - LaunchPolicy{ - AllowedEnvOverride: []string{"foo"}, - AllowedCmdOverride: false, - }, - }, - } - - for _, testcase := range testCases { - t.Run(testcase.testName, func(t *testing.T) { - // Add default values for policy fields. Not relevant to tested behavior. - testcase.expectedPolicy.HardenedImageMonitoring = None - testcase.expectedPolicy.DebugImageMonitoring = MemoryOnly - - got, err := GetLaunchPolicy(testcase.imageLabels, logging.SimpleLogger()) - if err != nil { - t.Fatal(err) - } - - if !cmp.Equal(got, testcase.expectedPolicy) { - t.Errorf("Launchspec got %+v, want %+v", got, testcase.expectedPolicy) - } - }) - } -} - -func TestVerify(t *testing.T) { - testCases := []struct { - testName string - policy LaunchPolicy - spec LaunchSpec - expectErr bool - }{ - { - "allows everything", - LaunchPolicy{ - AllowedEnvOverride: []string{"foo"}, - AllowedCmdOverride: true, - AllowedLogRedirect: always, - HardenedImageMonitoring: MemoryOnly, - DebugImageMonitoring: MemoryOnly, - }, - LaunchSpec{ - Envs: []EnvVar{{Name: "foo", Value: "foo"}}, - Cmd: []string{"foo"}, - LogRedirect: Everywhere, - MonitoringEnabled: MemoryOnly, - }, - false, - }, - { - "default case", - LaunchPolicy{}, - LaunchSpec{}, - false, - }, - { - "env override violation", - LaunchPolicy{ - AllowedEnvOverride: []string{"foo"}, - }, - LaunchSpec{ - Envs: []EnvVar{{Name: "bar", Value: ""}}, - }, - true, - }, - { - "cmd violation", - LaunchPolicy{ - AllowedCmdOverride: false, - }, - LaunchSpec{ - Cmd: []string{"foo"}, - }, - true, - }, - { - "log redirect (never, everywhere, hardened): err", - LaunchPolicy{ - AllowedLogRedirect: never, - }, - LaunchSpec{ - LogRedirect: Everywhere, - Hardened: true, - }, - true, - }, - { - "log redirect (never, cloudlogging, hardened): err", - LaunchPolicy{ - AllowedLogRedirect: never, - }, - LaunchSpec{ - LogRedirect: CloudLogging, - Hardened: true, - }, - true, - }, - { - "log redirect (never, serial, hardened): err", - LaunchPolicy{ - AllowedLogRedirect: never, - }, - LaunchSpec{ - LogRedirect: Serial, - Hardened: true, - }, - true, - }, - { - "log redirect (never, nowhere, hardened): noerr", - LaunchPolicy{ - AllowedLogRedirect: never, - }, - LaunchSpec{ - LogRedirect: Nowhere, - Hardened: true, - }, - false, - }, - { - "log redirect (never, everywhere, debug): err", - LaunchPolicy{ - AllowedLogRedirect: never, - }, - LaunchSpec{ - LogRedirect: Everywhere, - Hardened: false, - }, - true, - }, - { - "log redirect (never, cloudlogging, debug): err", - LaunchPolicy{ - AllowedLogRedirect: never, - }, - LaunchSpec{ - LogRedirect: CloudLogging, - Hardened: false, - }, - true, - }, - { - "log redirect (never, serial, debug): err", - LaunchPolicy{ - AllowedLogRedirect: never, - }, - LaunchSpec{ - LogRedirect: Serial, - Hardened: false, - }, - true, - }, - { - "log redirect (never, nowhere, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: never, - }, - LaunchSpec{ - LogRedirect: Nowhere, - Hardened: false, - }, - false, - }, - { - "log redirect (debugOnly, everywhere, hardened): err", - LaunchPolicy{ - AllowedLogRedirect: debugOnly, - }, - LaunchSpec{ - LogRedirect: Everywhere, - Hardened: true, - }, - true, - }, - { - "log redirect (debugOnly, cloudlogging, hardened): err", - LaunchPolicy{ - AllowedLogRedirect: debugOnly, - }, - LaunchSpec{ - LogRedirect: CloudLogging, - Hardened: true, - }, - true, - }, - { - "log redirect (debugOnly, serial, hardened): err", - LaunchPolicy{ - AllowedLogRedirect: debugOnly, - }, - LaunchSpec{ - LogRedirect: Serial, - Hardened: true, - }, - true, - }, - { - "log redirect (debugOnly, nowhere, hardened): noerr", - LaunchPolicy{ - AllowedLogRedirect: debugOnly, - }, - LaunchSpec{ - LogRedirect: Nowhere, - Hardened: true, - }, - false, - }, - { - "log redirect (debugOnly, everywhere, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: debugOnly, - }, - LaunchSpec{ - LogRedirect: Everywhere, - Hardened: false, - }, - false, - }, - { - "log redirect (debugOnly, cloudlogging, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: debugOnly, - }, - LaunchSpec{ - LogRedirect: CloudLogging, - Hardened: false, - }, - false, - }, - { - "log redirect (debugOnly, serial, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: debugOnly, - }, - LaunchSpec{ - LogRedirect: Serial, - Hardened: false, - }, - false, - }, - { - "log redirect (debugOnly, nowhere, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: debugOnly, - }, - LaunchSpec{ - LogRedirect: Nowhere, - Hardened: false, - }, - false, - }, - { - "log redirect (always, everywhere, hardened): noerr", - LaunchPolicy{ - AllowedLogRedirect: always, - }, - LaunchSpec{ - LogRedirect: Everywhere, - Hardened: true, - }, - false, - }, - { - "log redirect (always, cloudlogging, hardened): noerr", - LaunchPolicy{ - AllowedLogRedirect: always, - }, - LaunchSpec{ - LogRedirect: CloudLogging, - Hardened: true, - }, - false, - }, - { - "log redirect (always, serial, hardened): noerr", - LaunchPolicy{ - AllowedLogRedirect: always, - }, - LaunchSpec{ - LogRedirect: Serial, - Hardened: true, - }, - false, - }, - { - "log redirect (always, nowhere, hardened): noerr", - LaunchPolicy{ - AllowedLogRedirect: always, - }, - LaunchSpec{ - LogRedirect: Nowhere, - Hardened: true, - }, - false, - }, - { - "log redirect (always, everywhere, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: always, - }, - LaunchSpec{ - LogRedirect: Everywhere, - Hardened: false, - }, - false, - }, - { - "log redirect (always, cloudlogging, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: always, - }, - LaunchSpec{ - LogRedirect: CloudLogging, - Hardened: false, - }, - false, - }, - { - "log redirect (always, serial, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: always, - }, - LaunchSpec{ - LogRedirect: Serial, - Hardened: false, - }, - false, - }, - { - "log redirect (always, nowhere, debug): noerr", - LaunchPolicy{ - AllowedLogRedirect: always, - }, - LaunchSpec{ - LogRedirect: Nowhere, - Hardened: false, - }, - false, - }, - { - "allowed mount dest", - LaunchPolicy{ - AllowedMountDestinations: []string{"/a"}, - }, - LaunchSpec{ - Mounts: []launchermount.Mount{ - launchermount.TmpfsMount{Destination: "/a/b"}, - }, - }, - false, - }, - { - "allowed mount dest same dir", - LaunchPolicy{ - AllowedMountDestinations: []string{"/a"}, - }, - LaunchSpec{ - Mounts: []launchermount.Mount{ - launchermount.TmpfsMount{Destination: "/a"}, - }, - }, - false, - }, - { - "allowed mount dest multiple", - LaunchPolicy{ - AllowedMountDestinations: []string{"/a", "/b", "/c/d"}, - }, - LaunchSpec{ - Mounts: []launchermount.Mount{ - launchermount.TmpfsMount{Destination: "/a"}, - launchermount.TmpfsMount{Destination: "/b"}, - launchermount.TmpfsMount{Destination: "/c/d"}, - launchermount.TmpfsMount{Destination: "/a/b"}, - launchermount.TmpfsMount{Destination: "/a/b/c"}, - launchermount.TmpfsMount{Destination: "/c/d/e"}, - launchermount.TmpfsMount{Destination: "/c/d/f"}, - launchermount.TmpfsMount{Destination: "/c/d/e/f/g/../b"}, - launchermount.TmpfsMount{Destination: "/c/d/e/f/./../b"}, - launchermount.TmpfsMount{Destination: "/c/d/e/f/./../../b"}, - }, - }, - false, - }, - { - "mount dest relative", - LaunchPolicy{ - AllowedMountDestinations: []string{"/b"}, - }, - LaunchSpec{ - Mounts: []launchermount.Mount{ - launchermount.TmpfsMount{Destination: "/a/../b"}, - }, - }, - false, - }, - { - "mount dest not abs", - LaunchPolicy{ - AllowedMountDestinations: []string{"/as"}, - }, - LaunchSpec{ - Mounts: []launchermount.Mount{ - launchermount.TmpfsMount{Destination: "asd"}, - }, - }, - true, - }, - { - "allowed mount dest not abs", - LaunchPolicy{ - AllowedMountDestinations: []string{"as"}, - }, - LaunchSpec{ - Mounts: []launchermount.Mount{ - launchermount.TmpfsMount{Destination: "/asd"}, - }, - }, - true, - }, - { - "mount dest prefix but not subdir", - LaunchPolicy{ - AllowedMountDestinations: []string{"/a"}, - }, - LaunchSpec{ - Mounts: []launchermount.Mount{ - launchermount.TmpfsMount{Destination: "/abcd"}, - }, - }, - true, - }, - { - "mount dest parent of allowed", - LaunchPolicy{ - AllowedMountDestinations: []string{"/a/b"}, - }, - LaunchSpec{ - Mounts: []launchermount.Mount{ - launchermount.TmpfsMount{Destination: "/a"}, - }, - }, - true, - }, - { - "caps allowed unused", - LaunchPolicy{ - PrivilegedCaps: true, - }, - LaunchSpec{}, - false, - }, - { - "caps allowed and used", - LaunchPolicy{ - PrivilegedCaps: true, - }, - LaunchSpec{ - AddedCapabilities: []string{"new", "no", "cap"}, - }, - false, - }, - { - "caps not allowed but used", - LaunchPolicy{ - PrivilegedCaps: false, - }, - LaunchSpec{ - AddedCapabilities: []string{"new", "no", "cap"}, - }, - true, - }, - { - "caps allowed unset but used", - LaunchPolicy{}, - LaunchSpec{ - AddedCapabilities: []string{"new", "no", "cap"}, - }, - true, - }, - { - "caps allowed unused", - LaunchPolicy{ - AllowCgroups: true, - }, - LaunchSpec{}, - false, - }, - { - "cgroups allowed and used", - LaunchPolicy{ - AllowCgroups: true, - }, - LaunchSpec{ - CgroupNamespace: true, - }, - false, - }, { - "cgroups not allowed but used", - LaunchPolicy{ - AllowCgroups: false, - }, - LaunchSpec{ - CgroupNamespace: true, - }, - true, - }, - { - "caps allowed unset but used", - LaunchPolicy{}, - LaunchSpec{ - CgroupNamespace: true, - }, - true, - }, - } - for _, testCase := range testCases { - t.Run(testCase.testName, func(t *testing.T) { - err := testCase.policy.Verify(testCase.spec) - if testCase.expectErr { - if err == nil { - t.Errorf("expected error, but got nil") - } - } else { - if err != nil { - t.Errorf("expected no error, but got %v", err) - } - } - }) - } -} - -func TestVerifyMonitoringSettings(t *testing.T) { - testCases := []struct { - testName string - monitoring MonitoringType - spec LaunchSpec - }{ - { - "none policy, disabled by spec", - None, - LaunchSpec{ - MonitoringEnabled: None, - LogRedirect: Nowhere, - }, - }, - { - "memory-only policy, all disabled by spec", - MemoryOnly, - LaunchSpec{ - MonitoringEnabled: None, - LogRedirect: Nowhere, - }, - }, - { - "memory-only policy, memory enabled by spec", - MemoryOnly, - LaunchSpec{ - MonitoringEnabled: MemoryOnly, - LogRedirect: Nowhere, - }, - }, - { - "all enabled by policy, all enabled by spec", - All, - LaunchSpec{ - MonitoringEnabled: All, - LogRedirect: Nowhere, - }, - }, - { - "all enabled by policy, disabled by spec", - All, - LaunchSpec{ - MonitoringEnabled: None, - LogRedirect: Nowhere, - }, - }, - { - "all enabled by policy, memory enabled by spec", - All, - LaunchSpec{ - MonitoringEnabled: MemoryOnly, - LogRedirect: Nowhere, - }, - }, - } - - for _, testCase := range testCases { - // Debug. - t.Run("[Debug] "+testCase.testName, func(t *testing.T) { - policy := LaunchPolicy{ - DebugImageMonitoring: testCase.monitoring, - } - if err := policy.Verify(testCase.spec); err != nil { - t.Errorf("expected no error, but got %v", err) - } - }) - - // Hardened. - t.Run("[Hardened] "+testCase.testName, func(t *testing.T) { - policy := LaunchPolicy{ - HardenedImageMonitoring: testCase.monitoring, - } - - // Copy the spec and set Hardened=true. - spec := testCase.spec - spec.Hardened = true - if err := policy.Verify(spec); err != nil { - t.Errorf("expected no error, but got %v", err) - } - }) - } -} - -func TestVerifyMonitoringSettingsErrors(t *testing.T) { - testCases := []struct { - testName string - monitoring MonitoringType - spec LaunchSpec - }{ - { - "[Hardened] disabled policy, all enabled by spec", - None, - LaunchSpec{ - MonitoringEnabled: All, - Hardened: true, - LogRedirect: Nowhere, - }, - }, - { - "[Hardened] disabled policy, memory enabled by spec", - None, - LaunchSpec{ - MonitoringEnabled: MemoryOnly, - Hardened: true, - LogRedirect: Nowhere, - }, - }, - { - "[Hardened] memory-only policy, all enabled by spec", - MemoryOnly, - LaunchSpec{ - MonitoringEnabled: All, - Hardened: true, - LogRedirect: Nowhere, - }, - }, - } - - for _, testCase := range testCases { - t.Run(testCase.testName, func(t *testing.T) { - // Debug. - t.Run("[Debug] "+testCase.testName, func(t *testing.T) { - policy := LaunchPolicy{ - DebugImageMonitoring: testCase.monitoring, - } - if err := policy.Verify(testCase.spec); err == nil { - t.Errorf("expected error, but got nil") - } - }) - - // Hardened. - t.Run("[Hardened] "+testCase.testName, func(t *testing.T) { - policy := LaunchPolicy{ - HardenedImageMonitoring: testCase.monitoring, - } - - // Copy the spec and set Hardened=true. - spec := testCase.spec - spec.Hardened = true - if err := policy.Verify(spec); err == nil { - t.Errorf("expected error, but got nil") - } - }) - }) - } -} - -func TestIsHardened(t *testing.T) { - testCases := []struct { - testName string - kernelCmd string - expectHardened bool - }{ - { - "empty kernel cmd", - "", - false, - }, - { - "no confidential-space.hardened arg", - "BOOT_IMAGE=/syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi cos.protected_stateful_partition=e systemd.mask=update-engine.service ds=nocloud;s=/usr/share/oem/ cros_debug root=/dev/dm-0 \"dm=2 vroot none ro 1,0 4077568 verity payload=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashtree=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashstart=4077568 alg=sha256 root_hexdigest=6d5887660805db1b366319bd1c2161600d11b9e53f059b0e44b760a7277e1b0a salt=f4a41993832655a00d48f5769351370bebafd7de906df068bc1b1929b175ee43,oemroot none ro 1, 0 1024000 verity payload=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashtree=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashstart=1024000 alg=sha256 root_hexdigest=50c406c129054649a432fa144eeff56aa8b707d4c86f3ab44edde589356e8b23 salt=2a3461269a26ad6247f4b64cacd84f64e5a3311cd4b2f742bab6442291bf4977\"", - false, - }, - { - "has kernel arg confidential-space.hardened=true", - "BOOT_IMAGE=/syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi confidential-space.hardened=true cos.protected_stateful_partition=e systemd.mask=update-engine.service ds=nocloud;s=/usr/share/oem/ cros_debug root=/dev/dm-0 \"dm=2 vroot none ro 1,0 4077568 verity payload=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashtree=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashstart=4077568 alg=sha256 root_hexdigest=6d5887660805db1b366319bd1c2161600d11b9e53f059b0e44b760a7277e1b0a salt=f4a41993832655a00d48f5769351370bebafd7de906df068bc1b1929b175ee43,oemroot none ro 1, 0 1024000 verity payload=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashtree=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashstart=1024000 alg=sha256 root_hexdigest=50c406c129054649a432fa144eeff56aa8b707d4c86f3ab44edde589356e8b23 salt=2a3461269a26ad6247f4b64cacd84f64e5a3311cd4b2f742bab6442291bf4977\"", - true, - }, - { - "has kernel arg confidential-space.hardened=false", - "BOOT_IMAGE=/syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi confidential-space.hardened=false cos.protected_stateful_partition=e systemd.mask=update-engine.service ds=nocloud;s=/usr/share/oem/ cros_debug root=/dev/dm-0 \"dm=2 vroot none ro 1,0 4077568 verity payload=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashtree=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashstart=4077568 alg=sha256 root_hexdigest=6d5887660805db1b366319bd1c2161600d11b9e53f059b0e44b760a7277e1b0a salt=f4a41993832655a00d48f5769351370bebafd7de906df068bc1b1929b175ee43,oemroot none ro 1, 0 1024000 verity payload=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashtree=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashstart=1024000 alg=sha256 root_hexdigest=50c406c129054649a432fa144eeff56aa8b707d4c86f3ab44edde589356e8b23 salt=2a3461269a26ad6247f4b64cacd84f64e5a3311cd4b2f742bab6442291bf4977\"", - false, - }, - } - - for _, testCase := range testCases { - t.Run(testCase.testName, func(t *testing.T) { - hardened := isHardened(testCase.kernelCmd) - if testCase.expectHardened != hardened { - t.Errorf("expected %t, but got %t", testCase.expectHardened, hardened) - } - }) - } -} - -func TestGetMonitoringPolicy(t *testing.T) { - testcases := []struct { - name string - labels map[string]string - expectedPolicy *LaunchPolicy - }{ - { - name: "memory_monitoring_allow=always", - labels: map[string]string{ - memoryMonitoring: "always", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: MemoryOnly, - DebugImageMonitoring: MemoryOnly, - }, - }, - { - name: "memory_monitoring_allow=never", - labels: map[string]string{ - memoryMonitoring: "never", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: None, - DebugImageMonitoring: None, - }, - }, - { - name: "memory_monitoring_allow=debugonly", - labels: map[string]string{ - memoryMonitoring: "debugonly", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: None, - DebugImageMonitoring: MemoryOnly, - }, - }, - { - name: "HardenedImageMonitoring=none", - labels: map[string]string{ - hardenedMonitoring: "none", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: None, - DebugImageMonitoring: MemoryOnly, - }, - }, - { - name: "HardenedImageMonitoring=memoryonly", - labels: map[string]string{ - hardenedMonitoring: "memoryonly", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: MemoryOnly, - DebugImageMonitoring: MemoryOnly, - }, - }, - { - name: "HardenedImageMonitoring=all", - labels: map[string]string{ - hardenedMonitoring: "all", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: All, - DebugImageMonitoring: MemoryOnly, - }, - }, - { - name: "DebugImageMonitoring=none", - labels: map[string]string{ - debugMonitoring: "none", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: None, - DebugImageMonitoring: None, - }, - }, - { - name: "DebugImageMonitoring=memoryonly", - labels: map[string]string{ - debugMonitoring: "memoryonly", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: None, - DebugImageMonitoring: MemoryOnly, - }, - }, - { - name: "DebugImageMonitoring=all", - labels: map[string]string{ - debugMonitoring: "all", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: None, - DebugImageMonitoring: All, - }, - }, - // Set both fields to non-default values. - { - name: "HardenedImageMonitoring=all, DebugImageMonitoring=none", - labels: map[string]string{ - hardenedMonitoring: "all", - debugMonitoring: "none", - }, - expectedPolicy: &LaunchPolicy{ - HardenedImageMonitoring: All, - DebugImageMonitoring: None, - }, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - policy := &LaunchPolicy{} - if err := configureMonitoringPolicy(tc.labels, policy, logging.SimpleLogger()); err != nil { - t.Errorf("getMonitoringPolicy returned error: %v", err) - return - } - - if !cmp.Equal(policy, tc.expectedPolicy) { - t.Errorf("getMonitoringPolicy did not return expected policy: got %v, want %v", policy, tc.expectedPolicy) - } - }) - } -} - -func TestGetMonitoringPolicyErrors(t *testing.T) { - testcases := []struct { - name string - labels map[string]string - }{ - { - name: "memory_monitoring_allow and hardened_monitoring specified", - labels: map[string]string{ - memoryMonitoring: "always", - hardenedMonitoring: "all", - }, - }, - { - name: "memory_monitoring_allow and debug_monitoring specified", - labels: map[string]string{ - memoryMonitoring: "always", - debugMonitoring: "all", - }, - }, - { - name: "memory_monitoring_allow, hardened_monitoring, and debug_monitoring specified", - labels: map[string]string{ - memoryMonitoring: "always", - hardenedMonitoring: "all", - debugMonitoring: "memoryOnly", - }, - }, - { - name: "invalid value for memory_monitoring_allow", - labels: map[string]string{ - memoryMonitoring: "this is not valid", - }, - }, - { - name: "invalid value for hardened_monitoring", - labels: map[string]string{ - hardenedMonitoring: "this is not valid", - }, - }, - { - name: "invalid value for debug_monitoring", - labels: map[string]string{ - debugMonitoring: "this is not valid", - }, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - policy := &LaunchPolicy{} - if err := configureMonitoringPolicy(tc.labels, policy, logging.SimpleLogger()); err == nil { - t.Errorf("Expected getMonitoringPolicy to return error, returned successfully with policy %v", policy) - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_spec.go b/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_spec.go deleted file mode 100644 index b61655123..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_spec.go +++ /dev/null @@ -1,496 +0,0 @@ -// Package spec contains definition of some basic container launch specs needed to -// launch a container, provided by the operator. -package spec - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "os" - "os/exec" - "path" - "strconv" - "strings" - - "cloud.google.com/go/compute/metadata" - - "github.com/containerd/containerd/v2/pkg/cap" - "github.com/google/go-tpm-tools/cel" - "github.com/google/go-tpm-tools/launcher/internal/experiments" - "github.com/google/go-tpm-tools/launcher/internal/launchermount" - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/launcher/launcherfile" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/util" -) - -// MaxInt64 is the maximum value of a signed int64. -const MaxInt64 = 9223372036854775807 - -// RestartPolicy is the enum for the container restart policy. -type RestartPolicy string - -func (p RestartPolicy) isValid() error { - switch p { - case Always, OnFailure, Never: - return nil - } - return fmt.Errorf("invalid restart policy: %s", p) -} - -// Restart Policy enum values. -const ( - Always RestartPolicy = "Always" - OnFailure RestartPolicy = "OnFailure" - Never RestartPolicy = "Never" - // experimentDataFile defines where the experiment sync output data is expected to be. - experimentDataFile = "experiment_data" - // binaryPath contains the path to the experiments binary. - binaryPath = "/usr/share/oem/confidential_space/confidential_space_experiments" -) - -// LogRedirectLocation specifies the workload logging redirect location. -type LogRedirectLocation string - -func (l LogRedirectLocation) isValid() error { - switch l { - case Everywhere, CloudLogging, Serial, Nowhere: - return nil - } - return fmt.Errorf("invalid logging redirect location %s, expect one of %s", l, - []LogRedirectLocation{Everywhere, CloudLogging, Serial, Nowhere}) -} - -func (l LogRedirectLocation) enabled() bool { - return l != Nowhere -} - -// LogRedirectLocation acceptable values. -const ( - Everywhere LogRedirectLocation = "true" - CloudLogging LogRedirectLocation = "cloud_logging" - Serial LogRedirectLocation = "serial" - Nowhere LogRedirectLocation = "false" -) - -// Metadata variable names. -const ( - fakeVerifierKey = "test-fake-verifier" - imageRefKey = "tee-image-reference" - signedImageRepos = "tee-signed-image-repos" - restartPolicyKey = "tee-restart-policy" - cmdKey = "tee-cmd" - envKeyPrefix = "tee-env-" - impersonateServiceAccounts = "tee-impersonate-service-accounts" - attestationServiceAddrKey = "tee-attestation-service-endpoint" - logRedirectKey = "tee-container-log-redirect" - memoryMonitoringEnable = "tee-monitoring-memory-enable" - monitoringEnable = "tee-monitoring-enable" - devShmSizeKey = "tee-dev-shm-size-kb" - mountKey = "tee-mount" - itaRegion = "ita-region" - itaKey = "ita-api-key" - addedCaps = "tee-added-capabilities" - cgroupNS = "tee-cgroup-ns" -) - -const ( - instanceAttributesQuery = "instance/attributes/?recursive=true" -) - -var errImageRefNotSpecified = fmt.Errorf("%s is not specified in the custom metadata", imageRefKey) - -// EnvVar represent a single environment variable key/value pair. -type EnvVar struct { - Name string - Value string -} - -// LaunchSpec contains specification set by the operator who wants to -// launch a container. -type LaunchSpec struct { - Experiments experiments.Experiments - FakeVerifierEnabled bool - - // MDS-based values. - ImageRef string - SignedImageRepos []string - RestartPolicy RestartPolicy - Cmd []string - Envs []EnvVar - AttestationServiceAddr string - ImpersonateServiceAccounts []string - ProjectID string - Region string - Hardened bool - MonitoringEnabled MonitoringType - LogRedirect LogRedirectLocation - Mounts []launchermount.Mount - ITAConfig verifier.ITAConfig - // DevShmSize is specified in kiB. - DevShmSize int64 - AddedCapabilities []string - CgroupNamespace bool -} - -// UnmarshalJSON unmarshals an instance attributes list in JSON format from the metadata -// server set by an operator to a LaunchSpec. -// This method expects experiments to be set on the LaunchSpec before being called. -func (s *LaunchSpec) UnmarshalJSON(b []byte) error { - var unmarshaledMap map[string]string - if err := json.Unmarshal(b, &unmarshaledMap); err != nil { - return err - } - - if val, ok := unmarshaledMap[fakeVerifierKey]; ok && val != "" { - var err error - if s.FakeVerifierEnabled, err = strconv.ParseBool(val); err != nil { - return fmt.Errorf("invalid value for %v (not a boolean): %w", fakeVerifierKey, err) - } - } - - s.ImageRef = unmarshaledMap[imageRefKey] - if s.ImageRef == "" { - return errImageRefNotSpecified - } - - s.RestartPolicy = RestartPolicy(unmarshaledMap[restartPolicyKey]) - // Set the default restart policy to "Never" for now. - if s.RestartPolicy == "" { - s.RestartPolicy = Never - } - if err := s.RestartPolicy.isValid(); err != nil { - return err - } - - if val, ok := unmarshaledMap[impersonateServiceAccounts]; ok && val != "" { - impersonateAccounts := strings.Split(val, ",") - s.ImpersonateServiceAccounts = append(s.ImpersonateServiceAccounts, impersonateAccounts...) - } - - if val, ok := unmarshaledMap[signedImageRepos]; ok && val != "" { - imageRepos := strings.Split(val, ",") - s.SignedImageRepos = append(s.SignedImageRepos, imageRepos...) - } - - memVal, memOk := unmarshaledMap[memoryMonitoringEnable] - monVal, monOk := unmarshaledMap[monitoringEnable] - - if memOk && monOk { - return fmt.Errorf("both %v and %v are specified, only one is permitted", memoryMonitoringEnable, monitoringEnable) - } else if memOk { - // If value is empty, treat as the default. - if memVal == "" { - s.MonitoringEnabled = None - } else { - boolValue, err := strconv.ParseBool(memVal) - if err != nil { - return fmt.Errorf("invalid value for %v (not a boolean): %v", memoryMonitoringEnable, err) - } - - if boolValue { - s.MonitoringEnabled = MemoryOnly - } else { - s.MonitoringEnabled = None - } - } - } else if monOk { - // If value is empty, treat as the default. - if monVal == "" { - s.MonitoringEnabled = None - } else { - var err error - s.MonitoringEnabled, err = toMonitoringType(monVal) - if err != nil { - return err - } - } - } - - // Populate cmd override. - if val, ok := unmarshaledMap[cmdKey]; ok && val != "" { - if err := json.Unmarshal([]byte(val), &s.Cmd); err != nil { - return err - } - } - - // Populate all env vars. - for k, v := range unmarshaledMap { - if strings.HasPrefix(k, envKeyPrefix) { - s.Envs = append(s.Envs, EnvVar{strings.TrimPrefix(k, envKeyPrefix), v}) - } - } - - s.LogRedirect = LogRedirectLocation(unmarshaledMap[logRedirectKey]) - // Default log redirect location is Nowhere ("false"). - if s.LogRedirect == "" { - s.LogRedirect = Nowhere - } - if err := s.LogRedirect.isValid(); err != nil { - return err - } - - s.AttestationServiceAddr = unmarshaledMap[attestationServiceAddrKey] - - // Populate /dev/shm size override. - if val, ok := unmarshaledMap[devShmSizeKey]; ok && val != "" { - size, err := strconv.ParseUint(val, 10, 64) - if err != nil { - return fmt.Errorf("failed to convert %v into uint64, got: %v", devShmSizeKey, val) - } - s.DevShmSize = int64(size) - } - - // Populate mount override. - // https://cloud.google.com/compute/docs/disks/set-persistent-device-name-in-linux-vm - // https://cloud.google.com/compute/docs/disks/add-local-ssd - if val, ok := unmarshaledMap[mountKey]; ok && val != "" { - mounts := strings.Split(val, ";") - for _, mount := range mounts { - specMnt, err := processMount(mount) - if err != nil { - return err - } - s.Mounts = append(s.Mounts, specMnt) - } - } - - if s.Experiments.EnableItaVerifier { - itaRegionVal, itaRegionOK := unmarshaledMap[itaRegion] - itaKeyVal, itaKeyOK := unmarshaledMap[itaKey] - - // If key and region are both not in the map, do not set up ITA config. - if itaRegionOK != itaKeyOK { - return fmt.Errorf("ITA fields %s and %s must both be provided and non-empty", itaRegion, itaKey) - } - - s.ITAConfig = verifier.ITAConfig{ - ITARegion: itaRegionVal, - ITAKey: itaKeyVal, - } - } - - // Populate capabilities override. - if val, ok := unmarshaledMap[addedCaps]; ok && val != "" { - if err := json.Unmarshal([]byte(val), &s.AddedCapabilities); err != nil { - return err - } - } - - // Populate cgroup ns. - cgroupSetting, ok := unmarshaledMap[cgroupNS] - if ok { - cgroupOn, err := strconv.ParseBool(cgroupSetting) - if err != nil { - return fmt.Errorf("invalid value for %v (not a boolean): %v", cgroupNS, err) - } - if cgroupOn { - s.CgroupNamespace = true - } - } - - return nil -} - -// LogFriendly creates a copy of the spec that is safe to log by censoring -func (s *LaunchSpec) LogFriendly() LaunchSpec { - safeSpec := *s - safeSpec.ITAConfig.ITAKey = strings.Repeat("*", len(s.ITAConfig.ITAKey)) - - return safeSpec -} - -// GetLaunchSpec takes in a metadata server client, reads and parse operator's -// input to the GCE instance custom metadata and return a LaunchSpec. -// ImageRef (tee-image-reference) is required, will return an error if -// ImageRef is not presented in the metadata. -func GetLaunchSpec(ctx context.Context, logger logging.Logger, client *metadata.Client) (LaunchSpec, error) { - data, err := client.GetWithContext(ctx, instanceAttributesQuery) - if err != nil { - return LaunchSpec{}, err - } - - spec := &LaunchSpec{} - spec.Experiments = fetchExperiments(logger) - if err := spec.UnmarshalJSON([]byte(data)); err != nil { - return LaunchSpec{}, err - } - - var errs []error - for _, mnt := range spec.Mounts { - if err := validateMount(mnt); err != nil { - errs = append(errs, err) - } - } - if len(errs) != 0 { - return LaunchSpec{}, fmt.Errorf("failed to validate mounts: %v", errors.Join(errs...)) - } - - if err := validateMemorySizeKb(uint64(spec.DevShmSize)); err != nil { - return LaunchSpec{}, fmt.Errorf("failed to validate /dev/shm size: %v", err) - } - - if err := validateAddedCapsAllowed(spec.AddedCapabilities); err != nil { - return LaunchSpec{}, fmt.Errorf("failed to validate added capabilities: %v", err) - } - - spec.ProjectID, err = client.ProjectIDWithContext(ctx) - if err != nil { - return LaunchSpec{}, fmt.Errorf("failed to retrieve projectID from MDS: %v", err) - } - - spec.Region, err = util.GetRegion(client) - if err != nil { - return LaunchSpec{}, err - } - - kernelCmd, err := readCmdline() - if err != nil { - return LaunchSpec{}, err - } - spec.Hardened = isHardened(kernelCmd) - - return *spec, nil -} - -func isHardened(kernelCmd string) bool { - for _, arg := range strings.Fields(kernelCmd) { - if arg == "confidential-space.hardened=true" { - return true - } - } - return false -} - -func fetchExperiments(logger logging.Logger) experiments.Experiments { - experimentsFile := path.Join(launcherfile.HostTmpPath, experimentDataFile) - - args := fmt.Sprintf("-output=%s", experimentsFile) - err := exec.Command(binaryPath, args).Run() - if err != nil { - logger.Error(fmt.Sprintf("failure during experiment sync: %v\n", err)) - } - e, err := experiments.New(experimentsFile) - if err != nil { - logger.Error(fmt.Sprintf("failed to read experiment file: %v\n", err)) - // do not fail if experiment retrieval fails - } - return e -} - -func processMount(singleMount string) (launchermount.Mount, error) { - mntConfig := make(map[string]string) - var mntType string - mountOpts := strings.Split(singleMount, ",") - for _, mountOpt := range mountOpts { - name, val, err := cel.ParseEnvVar(mountOpt) - if err != nil { - return nil, fmt.Errorf("failed to parse mount option: %w", err) - } - switch name { - case launchermount.TypeKey: - mntType = val - case launchermount.SourceKey: - case launchermount.DestinationKey: - case launchermount.SizeKey: - default: - return nil, fmt.Errorf("found unknown mount option: %v, expect keys of %v", mountOpt, launchermount.AllMountKeys) - } - mntConfig[name] = val - } - - switch mntType { - case launchermount.TypeTmpfs: - return launchermount.CreateTmpfsMount(mntConfig) - default: - return nil, fmt.Errorf("found unknown or unspecified mount type: %v, expect one of types [%v]", mountOpts, launchermount.TypeTmpfs) - } -} - -func validateMount(mnt launchermount.Mount) error { - switch v := mnt.(type) { - case launchermount.TmpfsMount: - return validateMemorySizeKb(v.Size / 1024) - default: - return fmt.Errorf("got unknown mount type: %T", v) - } -} - -// Ensures that system free memory is larger than the specified memory size. -func validateMemorySizeKb(memSize uint64) error { - freeMem, err := getLinuxFreeMem() - if err != nil { - return fmt.Errorf("failed to get free memory: %v", err) - } - if memSize > freeMem { - return fmt.Errorf("got a /dev/shm size (%v) larger than free memory (%v) kB", memSize, freeMem) - } - if memSize > MaxInt64 { - return fmt.Errorf("got a size greater than max int64: %v", memSize) - } - return nil -} - -func getLinuxFreeMem() (uint64, error) { - meminfo, err := os.ReadFile("/proc/meminfo") - if err != nil { - return 0, fmt.Errorf("failed to read /proc/meminfo: %w", err) - } - for _, memtype := range strings.Split(string(meminfo), "\n") { - if !strings.Contains(memtype, "MemFree") { - continue - } - split := strings.Fields(memtype) - if len(split) != 3 { - return 0, fmt.Errorf("found invalid MemInfo entry: got: %v, expected format: MemFree: kB", memtype) - } - if split[2] != "kB" { - return 0, fmt.Errorf("found invalid MemInfo entry: got: %v, expected format: MemFree: kB", memtype) - } - freeMem, err := strconv.ParseUint(split[1], 10, 64) - if err != nil { - return 0, fmt.Errorf("failed to convert MemFree to uint64: %v", memtype) - } - return freeMem, nil - } - return 0, fmt.Errorf("failed to find MemFree in /proc/meminfo: %v", string(meminfo)) -} - -func readCmdline() (string, error) { - kernelCmd, err := os.ReadFile("/proc/cmdline") - if err != nil { - return "", err - } - return string(kernelCmd), nil -} - -func validateAddedCapsAllowed(addedCaps []string) error { - caps, err := getCurrCaps() - if err != nil { - return fmt.Errorf("failed to fetch current capabilities: %v", err) - } - var notInCurr []string - for _, addedCap := range addedCaps { - if _, ok := caps[addedCap]; !ok { - notInCurr = append(notInCurr, addedCap) - } - } - if len(notInCurr) != 0 { - return fmt.Errorf("received added capabilities (%v) not allowed by current capabilities", notInCurr) - - } - return nil -} - -func getCurrCaps() (map[string]bool, error) { - caps, err := cap.Current() - if err != nil { - return nil, err - } - capsMap := make(map[string]bool, len(caps)) - for _, cap := range caps { - capsMap[cap] = true - } - return capsMap, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_spec_test.go b/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_spec_test.go deleted file mode 100644 index e4b4151ef..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/spec/launch_spec_test.go +++ /dev/null @@ -1,301 +0,0 @@ -package spec - -import ( - "regexp" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/launcher/internal/experiments" - "github.com/google/go-tpm-tools/launcher/internal/launchermount" - "github.com/google/go-tpm-tools/verifier" -) - -func TestLaunchSpecUnmarshalJSONHappyCases(t *testing.T) { - var testCases = []struct { - testName string - mdsJSON string - }{ - { - "HappyCase", - `{ - "tee-cmd":"[\"--foo\",\"--bar\",\"--baz\"]", - "tee-env-foo":"bar", - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-signed-image-repos":"docker.io/library/hello-world,gcr.io/cloudrun/hello", - "tee-restart-policy":"Always", - "tee-impersonate-service-accounts":"sv1@developer.gserviceaccount.com,sv2@developer.gserviceaccount.com", - "tee-container-log-redirect":"true", - "tee-monitoring-memory-enable":"true", - "tee-dev-shm-size-kb":"234234", - "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount;type=tmpfs,source=tmpfs,destination=/sized,size=222", - "ita-region":"US", - "ita-api-key":"test-api-key" - }`, - }, - { - "HappyCaseWithExtraUnknownFields", - `{ - "tee-cmd":"[\"--foo\",\"--bar\",\"--baz\"]", - "tee-env-foo":"bar", - "tee-unknown":"unknown", - "unknown":"unknown", - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-signed-image-repos":"docker.io/library/hello-world,gcr.io/cloudrun/hello", - "tee-restart-policy":"Always", - "tee-impersonate-service-accounts":"sv1@developer.gserviceaccount.com,sv2@developer.gserviceaccount.com", - "tee-container-log-redirect":"true", - "tee-monitoring-memory-enable":"TRUE", - "tee-dev-shm-size-kb":"234234", - "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount;type=tmpfs,source=tmpfs,destination=/sized,size=222", - "ita-region":"US", - "ita-api-key":"test-api-key" - }`, - }, - } - - want := &LaunchSpec{ - ImageRef: "docker.io/library/hello-world:latest", - SignedImageRepos: []string{"docker.io/library/hello-world", "gcr.io/cloudrun/hello"}, - RestartPolicy: Always, - Cmd: []string{"--foo", "--bar", "--baz"}, - Envs: []EnvVar{{"foo", "bar"}}, - ImpersonateServiceAccounts: []string{"sv1@developer.gserviceaccount.com", "sv2@developer.gserviceaccount.com"}, - LogRedirect: Everywhere, - MonitoringEnabled: MemoryOnly, - DevShmSize: 234234, - Mounts: []launchermount.Mount{launchermount.TmpfsMount{Destination: "/tmpmount", Size: 0}, - launchermount.TmpfsMount{Destination: "/sized", Size: 222}}, - ITAConfig: verifier.ITAConfig{ - ITARegion: "US", - ITAKey: "test-api-key", - }, - Experiments: experiments.Experiments{ - EnableItaVerifier: true, - }, - } - - for _, testcase := range testCases { - t.Run(testcase.testName, func(t *testing.T) { - spec := &LaunchSpec{} - spec.Experiments = experiments.Experiments{ - EnableItaVerifier: true, - } - if err := spec.UnmarshalJSON([]byte(testcase.mdsJSON)); err != nil { - t.Fatal(err) - } - if !cmp.Equal(spec, want) { - t.Errorf("LaunchSpec UnmarshalJSON got %+v, want %+v", spec, want) - } - }) - } -} - -func TestLaunchSpecUnmarshalJSONBadInput(t *testing.T) { - var testCases = []struct { - testName string - mdsJSON string - }{ - // not likely to happen for MDS - { - "BadJSON", - `{ - BadJSONFormat - }`, - }, - // when there is no MDS values - { - "EmptyJSON", - `{}`, - }, - // not likely to happen, since MDS will always use string as the value - { - "JSONWithPrimitives", - `{ - "tee-env-bool":true, - "tee-image-reference":"docker.io/library/hello-world:latest" - }`, - }, - { - "WrongRestartPolicy", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-restart-policy":"noway", - }`, - }, - { - "WrongLogRedirectLocation", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-container-log-redirect":"badideas", - }`, - }, - { - "Memory and Health Monitoring both specified", - `{ - "tee-monitoring-memory-enable":"false", - "tee-monitoring-health-enable":"false", - }`, - }, - } - - for _, testcase := range testCases { - t.Run(testcase.testName, func(t *testing.T) { - spec := &LaunchSpec{} - if err := spec.UnmarshalJSON([]byte(testcase.mdsJSON)); err == nil { - t.Fatal("expected JSON parsing err") - } - }) - } -} - -func TestLaunchSpecUnmarshalJSONWithDefaultValue(t *testing.T) { - mdsJSON := `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-impersonate-service-accounts":"", - "tee-signed-image-repos":"", - "tee-container-log-redirect":"", - "tee-restart-policy":"", - "tee-monitoring-memory-enable":"", - "tee-mount":"" - }` - - spec := &LaunchSpec{} - if err := spec.UnmarshalJSON([]byte(mdsJSON)); err != nil { - t.Fatal(err) - } - - want := &LaunchSpec{ - ImageRef: "docker.io/library/hello-world:latest", - RestartPolicy: Never, - LogRedirect: Nowhere, - MonitoringEnabled: None, - } - - if !cmp.Equal(spec, want) { - t.Errorf("LaunchSpec UnmarshalJSON got %+v, want %+v", spec, want) - } -} - -func TestLaunchSpecUnmarshalJSONWithoutImageReference(t *testing.T) { - mdsJSON := `{ - "tee-cmd":"[\"--foo\",\"--bar\",\"--baz\"]", - "tee-env-foo":"bar", - "tee-restart-policy":"Never" - }` - - spec := &LaunchSpec{} - if err := spec.UnmarshalJSON([]byte(mdsJSON)); err == nil || err != errImageRefNotSpecified { - t.Errorf("got %v error, but expected %v error", err, errImageRefNotSpecified) - } -} - -func TestLaunchSpecUnmarshalJSONWithTmpfsMounts(t *testing.T) { - var testCases = []struct { - testName string - mdsJSON string - wantDst string - wantSz uint64 - }{ - { - "Empty Mounts", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"" - }`, - "", - 0, - }, - { - "Tmpfs", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount" - }`, - "/tmpmount", - 0, - }, - { - "Tmpfs Sized", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount,size=78987" - }`, - "/tmpmount", - 78987, - }, - } - for _, testcase := range testCases { - t.Run(testcase.testName, func(t *testing.T) { - spec := &LaunchSpec{} - if err := spec.UnmarshalJSON([]byte(testcase.mdsJSON)); err != nil { - t.Errorf("got %v error, but expected nil error", err) - } - }) - } -} - -func TestLaunchSpecUnmarshalJSONWithBadMounts(t *testing.T) { - var testCases = []struct { - testName string - mdsJSON string - errMatch string - }{ - { - "Unknown Type", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"type=hallo" - }`, - "found unknown or unspecified mount type", - }, - { - "Not k=v", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"type=tmpfs,source" - }`, - "failed to parse mount option", - }, - { - "Unknown Option", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount,size=123,foo=bar" - }`, - "found unknown mount option", - }, - { - "Tmpfs Bad Source", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"type=tmpfs,source=src,destination=/tmpmount" - }`, - "received wrong mount source", - }, - { - "Tmpfs No Destination", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"type=tmpfs,source=tmpfs" - }`, - "mount type \"tmpfs\" must have destination specified", - }, - { - "Tmpfs Size Not Int", - `{ - "tee-image-reference":"docker.io/library/hello-world:latest", - "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount,size=foo" - }`, - "failed to convert size option", - }, - } - for _, testcase := range testCases { - t.Run(testcase.testName, func(t *testing.T) { - spec := &LaunchSpec{} - err := spec.UnmarshalJSON([]byte(testcase.mdsJSON)) - if match, _ := regexp.MatchString(testcase.errMatch, err.Error()); !match { - t.Errorf("got %v error, but expected %v error", err, testcase.errMatch) - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/teeserver/tee_server.go b/vendor/github.com/google/go-tpm-tools/launcher/teeserver/tee_server.go deleted file mode 100644 index 19a0ab37c..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/teeserver/tee_server.go +++ /dev/null @@ -1,238 +0,0 @@ -// Package teeserver implements a server to be run in the launcher. -// Used for communicate between the host/launcher and the container. -package teeserver - -import ( - "context" - "encoding/json" - "fmt" - "net" - "net/http" - - "github.com/google/go-tpm-tools/launcher/agent" - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/launcher/spec" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/models" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" -) - -const ( - gcaEndpoint = "/v1/token" - itaEndpoint = "/v1/intel/token" -) - -var clientErrorCodes = map[codes.Code]struct{}{ - codes.InvalidArgument: {}, - codes.FailedPrecondition: {}, - codes.PermissionDenied: {}, - codes.Unauthenticated: {}, - codes.NotFound: {}, - codes.Aborted: {}, - codes.OutOfRange: {}, - codes.Canceled: {}, -} - -// AttestClients contains clients for supported verifier services that can be used to -// get attestation tokens. -type AttestClients struct { - GCA verifier.Client - ITA verifier.Client -} - -type attestHandler struct { - ctx context.Context - attestAgent agent.AttestationAgent - // defaultTokenFile string - logger logging.Logger - launchSpec spec.LaunchSpec - clients AttestClients -} - -// TeeServer is a server that can be called from a container through a unix -// socket file. -type TeeServer struct { - server *http.Server - netListener net.Listener -} - -// New takes in a socket and start to listen to it, and create a server -func New(ctx context.Context, unixSock string, a agent.AttestationAgent, logger logging.Logger, launchSpec spec.LaunchSpec, clients AttestClients) (*TeeServer, error) { - var err error - nl, err := net.Listen("unix", unixSock) - if err != nil { - return nil, fmt.Errorf("cannot listen to the socket [%s]: %v", unixSock, err) - } - - teeServer := TeeServer{ - netListener: nl, - server: &http.Server{ - Handler: (&attestHandler{ - ctx: ctx, - attestAgent: a, - logger: logger, - launchSpec: launchSpec, - clients: clients, - }).Handler(), - }, - } - return &teeServer, nil -} - -// Handler creates a multiplexer for the server. -func (a *attestHandler) Handler() http.Handler { - mux := http.NewServeMux() - // to test default token: curl --unix-socket http://localhost/v1/token - // to test custom token: - // curl -d '{"audience":"", "nonces":[""]}' -H "Content-Type: application/json" -X POST - // --unix-socket /tmp/container_launcher/teeserver.sock http://localhost/v1/token - - mux.HandleFunc(gcaEndpoint, a.getToken) - mux.HandleFunc(itaEndpoint, a.getITAToken) - return mux -} - -func (a *attestHandler) logAndWriteError(errStr string, status int, w http.ResponseWriter) { - a.logger.Error(errStr) - w.WriteHeader(status) - w.Write([]byte(errStr)) -} - -// getDefaultToken handles the request to get the default OIDC token. -// For now this function will just read the content of the file and return. -// Later, this function can use attestation agent to get a token directly. -func (a *attestHandler) getToken(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/html") - - a.logger.Info(fmt.Sprintf("%s called", gcaEndpoint)) - - // If the handler does not have an GCA client, return error. - if a.clients.GCA == nil { - errStr := "no GCA verifier client present, please try rebooting your VM" - a.logAndWriteError(errStr, http.StatusInternalServerError, w) - return - } - - a.attest(w, r, a.clients.GCA) -} - -// getITAToken retrieves a attestation token signed by ITA. -func (a *attestHandler) getITAToken(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "text/html") - - a.logger.Info(fmt.Sprintf("%s called", itaEndpoint)) - - // If the handler does not have an ITA client, return error. - if a.clients.ITA == nil { - errStr := "no ITA verifier client present - ensure ITA Region and Key are defined in metadata" - a.logAndWriteError(errStr, http.StatusInternalServerError, w) - return - } - - a.attest(w, r, a.clients.ITA) -} - -func (a *attestHandler) attest(w http.ResponseWriter, r *http.Request, client verifier.Client) { - switch r.Method { - case http.MethodGet: - if err := a.attestAgent.Refresh(a.ctx); err != nil { - a.logAndWriteHTTPError(w, http.StatusInternalServerError, fmt.Errorf("failed to refresh attestation agent: %w", err)) - return - } - - token, err := a.attestAgent.AttestWithClient(a.ctx, agent.AttestAgentOpts{}, client) - if err != nil { - a.handleAttestError(w, err, "failed to retrieve attestation service token") - return - } - - w.WriteHeader(http.StatusOK) - w.Write(token) - return - - case http.MethodPost: - var tokenOptions models.TokenOptions - decoder := json.NewDecoder(r.Body) - decoder.DisallowUnknownFields() - - err := decoder.Decode(&tokenOptions) - if err != nil { - err = fmt.Errorf("failed to parse POST body as TokenOptions: %v", err) - a.logAndWriteHTTPError(w, http.StatusBadRequest, err) - return - } - - if tokenOptions.Audience == "" { - err := fmt.Errorf("use GET request for the default identity token") - a.logAndWriteHTTPError(w, http.StatusBadRequest, err) - return - } - - if tokenOptions.TokenType == "" { - err := fmt.Errorf("token_type is a required parameter") - a.logAndWriteHTTPError(w, http.StatusBadRequest, err) - return - } - - // Do not check that TokenTypeOptions matches TokenType in the launcher. - opts := agent.AttestAgentOpts{ - TokenOptions: &tokenOptions, - } - tok, err := a.attestAgent.AttestWithClient(a.ctx, opts, client) - if err != nil { - a.handleAttestError(w, err, "failed to retrieve custom attestation service token") - return - } - - w.WriteHeader(http.StatusOK) - w.Write(tok) - return - default: - // TODO: add an url pointing to the REST API document - err := fmt.Errorf("TEE server received an invalid HTTP method: %s", r.Method) - a.logAndWriteHTTPError(w, http.StatusBadRequest, err) - } -} - -func (a *attestHandler) logAndWriteHTTPError(w http.ResponseWriter, statusCode int, err error) { - a.logger.Error(err.Error()) - w.WriteHeader(statusCode) - w.Write([]byte(err.Error())) -} - -// Serve starts the server, will block until the server shutdown. -func (s *TeeServer) Serve() error { - return s.server.Serve(s.netListener) -} - -// Shutdown will terminate the server and the underlying listener. -func (s *TeeServer) Shutdown(ctx context.Context) error { - err := s.server.Shutdown(ctx) - err2 := s.netListener.Close() - - if err != nil { - return err - } - if err2 != nil { - return err2 - } - return nil -} - -func (a *attestHandler) handleAttestError(w http.ResponseWriter, err error, message string) { - st, ok := status.FromError(err) - if ok { - if _, exists := clientErrorCodes[st.Code()]; exists { - // User errors, like invalid arguments. Map user errors to 400 Bad Request. - a.logAndWriteHTTPError(w, http.StatusBadRequest, fmt.Errorf("%s: %w", message, err)) - return - } - // Server-side or transient errors. Map user errors 500 Internal Server Error. - a.logAndWriteHTTPError(w, http.StatusInternalServerError, fmt.Errorf("%s: %w", message, err)) - return - } - // If it's not a gRPC error, it's likely an internal error within the launcher. - // Map user errors 500 Internal Server Error - a.logAndWriteHTTPError(w, http.StatusInternalServerError, fmt.Errorf("%s: %w", message, err)) -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/teeserver/tee_server_test.go b/vendor/github.com/google/go-tpm-tools/launcher/teeserver/tee_server_test.go deleted file mode 100644 index 6d6eaedc8..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/teeserver/tee_server_test.go +++ /dev/null @@ -1,509 +0,0 @@ -package teeserver - -import ( - "context" - "errors" - "fmt" - "io" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/cel" - "github.com/google/go-tpm-tools/launcher/agent" - "github.com/google/go-tpm-tools/launcher/internal/logging" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/models" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" -) - -// Implements verifier.Client interface so it can be used to initialize test attestHandlers -type fakeVerifierClient struct{} - -func (f *fakeVerifierClient) CreateChallenge(_ context.Context) (*verifier.Challenge, error) { - return nil, fmt.Errorf("unimplemented") -} - -func (f *fakeVerifierClient) VerifyAttestation(_ context.Context, _ verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { - return nil, fmt.Errorf("unimplemented") -} - -func (f *fakeVerifierClient) VerifyConfidentialSpace(_ context.Context, _ verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { - return nil, fmt.Errorf("unimplemented") -} - -type fakeAttestationAgent struct { - measureEventFunc func(cel.Content) error - attestFunc func(context.Context, agent.AttestAgentOpts) ([]byte, error) - attestWithClientFunc func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) -} - -func (f fakeAttestationAgent) Attest(c context.Context, a agent.AttestAgentOpts) ([]byte, error) { - return f.attestFunc(c, a) -} - -func (f fakeAttestationAgent) AttestWithClient(c context.Context, a agent.AttestAgentOpts, v verifier.Client) ([]byte, error) { - return f.attestWithClientFunc(c, a, v) -} - -func (f fakeAttestationAgent) MeasureEvent(c cel.Content) error { - return f.measureEventFunc(c) -} - -func (f fakeAttestationAgent) Refresh(_ context.Context) error { - return nil -} - -func (f fakeAttestationAgent) Close() error { - return nil -} - -func TestGetDefaultToken(t *testing.T) { - testTokenContent := "test token" - - ah := attestHandler{ - logger: logging.SimpleLogger(), - clients: AttestClients{ - GCA: &fakeVerifierClient{}, - }, - attestAgent: fakeAttestationAgent{ - attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { - return []byte(testTokenContent), nil - }, - }} - - req := httptest.NewRequest(http.MethodGet, "/v1/token", nil) - w := httptest.NewRecorder() - - ah.getToken(w, req) - data, err := io.ReadAll(w.Result().Body) - if err != nil { - t.Error(err) - } - - if w.Code != http.StatusOK { - t.Errorf("got return code: %d, want: %d", w.Code, http.StatusOK) - } - if diff := cmp.Diff(testTokenContent, string(data)); diff != "" { - t.Errorf("getToken() response body mismatch (-want +got):\n%s", diff) - } -} - -func TestGetDefaultTokenServerError(t *testing.T) { - ah := attestHandler{ - logger: logging.SimpleLogger(), - clients: AttestClients{ - GCA: &fakeVerifierClient{}, - }, - attestAgent: fakeAttestationAgent{ - attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { - return nil, errors.New("internal server error from agent") - }, - }} - - req := httptest.NewRequest(http.MethodGet, "/v1/token", nil) - w := httptest.NewRecorder() - - ah.getToken(w, req) - data, err := io.ReadAll(w.Result().Body) - if err != nil { - t.Error(err) - } - - if w.Code != http.StatusInternalServerError { - t.Errorf("got return code: %d, want: %d", w.Code, http.StatusInternalServerError) - } - expectedError := "failed to retrieve attestation service token: internal server error from agent" - if diff := cmp.Diff(expectedError, string(data)); diff != "" { - t.Errorf("getToken() response body mismatch (-want +got):\n%s", diff) - } -} - -func TestCustomToken(t *testing.T) { - tests := []struct { - testName string - body string - attestWithClientFunc func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) - want int - }{ - { - testName: "TestNoAudiencePostRequest", - body: `{ - "audience": "", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC" - }`, - attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { - t.Errorf("This method should not be called") - return nil, nil - }, - want: http.StatusBadRequest, - }, - { - testName: "TestRequestFailurePassedToCaller", - body: `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC" - }`, - attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { - return nil, errors.New("Error") - }, - want: http.StatusInternalServerError, - }, - { - testName: "TestTokenTypeRequired", - body: `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "" - }`, - attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { - t.Errorf("This method should not be called") - return nil, nil - }, - want: http.StatusBadRequest, - }, - { - testName: "TestRequestSuccessPassedToCaller", - body: `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC" - }`, - attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { - return []byte{}, nil - }, - want: http.StatusOK, - }, - { - testName: "TestPrincipalTagOptionsSuccess", - body: `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC", - "aws_principal_tag_options" : { - "allowed_principal_tags": { - "container_image_signatures" : { - "key_ids": ["test1", "test2"] - } - } - } - }`, - attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { - return []byte{}, nil - }, - want: http.StatusOK, - }, - } - - verifiers := []struct { - name string - url string - tokenMethod func(ah *attestHandler, w http.ResponseWriter, r *http.Request) - }{ - { - name: "GCA Handler", - url: "/v1/token", - tokenMethod: (*attestHandler).getToken, - }, - { - name: "ITA Handler", - url: "/v1/intel/token", - tokenMethod: (*attestHandler).getITAToken, - }, - } - - for _, vf := range verifiers { - t.Run(vf.name, func(t *testing.T) { - for _, test := range tests { - ah := attestHandler{ - logger: logging.SimpleLogger(), - clients: AttestClients{ - GCA: &fakeVerifierClient{}, - ITA: &fakeVerifierClient{}, - }, - attestAgent: fakeAttestationAgent{ - attestWithClientFunc: test.attestWithClientFunc, - }} - - b := strings.NewReader(test.body) - - req := httptest.NewRequest(http.MethodPost, vf.url, b) - w := httptest.NewRecorder() - - vf.tokenMethod(&ah, w, req) - - _, err := io.ReadAll(w.Result().Body) - if err != nil { - t.Error(err) - } - - if w.Code != test.want { - t.Errorf("testcase '%v': got return code: %d, want: %d", test.testName, w.Code, test.want) - } - } - }) - } -} - -func TestHandleAttestError(t *testing.T) { - body := `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC" - }` - - errorCases := []struct { - name string - err error - wantStatusCode int - }{ - { - name: "FailedPrecondition error", - err: status.New(codes.FailedPrecondition, "bad state").Err(), - wantStatusCode: http.StatusBadRequest, - }, - { - name: "PermissionDenied error", - err: status.New(codes.PermissionDenied, "denied").Err(), - wantStatusCode: http.StatusBadRequest, - }, - { - name: "Internal error", - err: status.New(codes.Internal, "internal server error").Err(), - wantStatusCode: http.StatusInternalServerError, - }, - { - name: "Unavailable error", - err: status.New(codes.Unavailable, "service unavailable").Err(), - wantStatusCode: http.StatusInternalServerError, - }, - { - name: "non-gRPC error", - err: errors.New("a generic error"), - wantStatusCode: http.StatusInternalServerError, - }, - } - - verifiers := []struct { - name string - url string - tokenMethod func(ah *attestHandler, w http.ResponseWriter, r *http.Request) - }{ - { - name: "GCA Handler", - url: "/v1/token", - tokenMethod: (*attestHandler).getToken, - }, - { - name: "ITA Handler", - url: "/v1/intel/token", - tokenMethod: (*attestHandler).getITAToken, - }, - } - - for _, vf := range verifiers { - t.Run(vf.name, func(t *testing.T) { - for _, tc := range errorCases { - t.Run(tc.name, func(t *testing.T) { - ah := attestHandler{ - logger: logging.SimpleLogger(), - clients: AttestClients{ - GCA: &fakeVerifierClient{}, - ITA: &fakeVerifierClient{}, - }, - attestAgent: fakeAttestationAgent{ - attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { - return nil, tc.err - }, - }, - } - - req := httptest.NewRequest(http.MethodPost, vf.url, strings.NewReader(body)) - w := httptest.NewRecorder() - - vf.tokenMethod(&ah, w, req) - - if w.Code != tc.wantStatusCode { - t.Errorf("got status code %d, want %d", w.Code, tc.wantStatusCode) - } - - _, err := io.ReadAll(w.Result().Body) - if err != nil { - t.Errorf("failed to read response body: %v", err) - } - }) - } - }) - } -} - -func TestHandleAttestError_NilClient(t *testing.T) { - verifiers := []struct { - name string - url string - handler func(ah *attestHandler, w http.ResponseWriter, r *http.Request) - }{ - {name: "GCA Handler", url: "/v1/token", handler: (*attestHandler).getToken}, - {name: "ITA Handler", url: "/v1/intel/token", handler: (*attestHandler).getITAToken}, - } - - for _, vf := range verifiers { - t.Run(vf.name, func(t *testing.T) { - ah := attestHandler{ - logger: logging.SimpleLogger(), - clients: AttestClients{}, // No clients defined - } - - req := httptest.NewRequest(http.MethodPost, vf.url, strings.NewReader("")) - w := httptest.NewRecorder() - vf.handler(&ah, w, req) - - const wantStatusCode = http.StatusInternalServerError - if w.Code != wantStatusCode { - t.Errorf("got status code %d, want %d", w.Code, wantStatusCode) - } - }) - } -} - -func TestCustomTokenDataParsedSuccessfully(t *testing.T) { - tests := []struct { - testName string - body string - attestFunc func(context.Context, agent.AttestAgentOpts) ([]byte, error) - wantCode int - wantOpts agent.AttestAgentOpts - }{ - { - testName: "TestKeyIdsReadSuccessfullyEvenWithInvalidTokenTypeMatch", - body: `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC", - "aws_principal_tag_options" : { - "allowed_principal_tags": { - "container_image_signatures" : { - "key_ids": ["test1", "test2"] - } - } - } - }`, - wantCode: http.StatusOK, - wantOpts: agent.AttestAgentOpts{ - TokenOptions: &models.TokenOptions{ - Audience: "audience", - Nonces: []string{"thisIsAcustomNonce"}, - TokenType: "OIDC", - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ - AllowedPrincipalTags: &models.AllowedPrincipalTags{ - ContainerImageSignatures: &models.ContainerImageSignatures{ - KeyIDs: []string{"test1", "test2"}, - }, - }, - }, - }, - }, - }, - { - testName: "PartialAwsPrincipalTagOptionsOK", - body: `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC", - "aws_principal_tag_options" : { - } - }`, - wantCode: http.StatusOK, - wantOpts: agent.AttestAgentOpts{ - TokenOptions: &models.TokenOptions{ - Audience: "audience", - Nonces: []string{"thisIsAcustomNonce"}, - TokenType: "OIDC", - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{}, - }, - }, - }, - { - testName: "MorePartialAwsPrincipalTagOptionsOK", - body: `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC", - "aws_principal_tag_options" : { - "allowed_principal_tags": { - } - } - }`, - wantCode: http.StatusOK, - wantOpts: agent.AttestAgentOpts{ - TokenOptions: &models.TokenOptions{ - Audience: "audience", - Nonces: []string{"thisIsAcustomNonce"}, - TokenType: "OIDC", - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ - AllowedPrincipalTags: &models.AllowedPrincipalTags{}, - }, - }, - }, - }, - { - testName: "InvalidJSONNotOkay", - body: `{ - "audience": "audience", - "nonces": ["thisIsAcustomNonce"], - "token_type": "OIDC", - "aws_principal_tag_options" : { - "allowed_principal_tag": { - } - } - }`, - wantCode: http.StatusBadRequest, - wantOpts: agent.AttestAgentOpts{ - TokenOptions: &models.TokenOptions{ - Audience: "audience", - Nonces: []string{"thisIsAcustomNonce"}, - TokenType: "OIDC", - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ - AllowedPrincipalTags: &models.AllowedPrincipalTags{}, - }, - }, - }, - }, - } - - for i, test := range tests { - ah := attestHandler{ - logger: logging.SimpleLogger(), - clients: AttestClients{ - GCA: &fakeVerifierClient{}, - }, - attestAgent: fakeAttestationAgent{ - attestWithClientFunc: func(_ context.Context, gotOpts agent.AttestAgentOpts, _ verifier.Client) ([]byte, error) { - diff := cmp.Diff(test.wantOpts, gotOpts) - if diff != "" { - t.Errorf("%v: got unexpected agent.AttestAgentOpts. diff:\n%v", test.testName, diff) - } - return []byte{}, nil - }, - }} - - b := strings.NewReader(test.body) - - req := httptest.NewRequest(http.MethodPost, "/v1/token", b) - w := httptest.NewRecorder() - ah.getToken(w, req) - _, err := io.ReadAll(w.Result().Body) - if err != nil { - t.Error(err) - } - - if w.Code != test.wantCode { - t.Errorf("testcase %d, '%v': got return code: %d, want: %d", i, test.testName, w.Code, test.wantCode) - } - } -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/util.go b/vendor/github.com/google/go-tpm-tools/launcher/util.go deleted file mode 100644 index ced264a64..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/util.go +++ /dev/null @@ -1,107 +0,0 @@ -package launcher - -import ( - "context" - "fmt" - "io" - - "github.com/google/go-tpm/legacy/tpm2" - "google.golang.org/api/impersonate" - "google.golang.org/api/option" -) - -// TPMDAParams holds TPM Dictionary Attack parameters. -type TPMDAParams struct { - LockoutCounter uint32 - MaxTries uint32 // aka "MaxAuthFail" in TPM Properties - RecoveryTime uint32 // aka "LockoutInterval" in TPM Properties - LockoutRecovery uint32 // aka "LockoutRecovery" in TPM Properties - StartupClearOrderly bool -} - -// FetchImpersonatedToken return an access token for the impersonated service account. -func FetchImpersonatedToken(ctx context.Context, serviceAccount string, audience string, opts ...option.ClientOption) ([]byte, error) { - config := impersonate.IDTokenConfig{ - Audience: audience, - TargetPrincipal: serviceAccount, - IncludeEmail: true, - } - - tokenSource, err := impersonate.IDTokenSource(ctx, config, opts...) - if err != nil { - return nil, fmt.Errorf("error creating token source: %v", err) - } - - token, err := tokenSource.Token() - if err != nil { - return nil, fmt.Errorf("error retrieving token: %v", err) - } - - return []byte(token.AccessToken), nil -} - -// SetTPMDAParams takes in a TPM and updates its Dictionary Attack parameters -// Only MaxAuthFail, LockoutInterval and LockoutRecovery of TPMDAParams are -// used in this function. -func SetTPMDAParams(tpm io.ReadWriter, daParams TPMDAParams) error { - // empty auth - auth := tpm2.AuthCommand{ - Session: tpm2.HandlePasswordSession, - Attributes: tpm2.AttrContinueSession, - Auth: []byte(""), - } - return tpm2.DictionaryAttackParameters(tpm, auth, daParams.MaxTries, daParams.RecoveryTime, daParams.LockoutRecovery) -} - -// GetTPMDAInfo takes in a TPM and read its Dictionary Attack parameters -func GetTPMDAInfo(tpm io.ReadWriter) (*TPMDAParams, error) { - var tpmDAParams TPMDAParams - - lockoutCounter, err := getCapabilityProperty(tpm, tpm2.LockoutCounter) // 526 - if err != nil { - return nil, err - } - tpmDAParams.LockoutCounter = lockoutCounter.Value - - maxAuthFail, err := getCapabilityProperty(tpm, tpm2.MaxAuthFail) // 527 - if err != nil { - return nil, err - } - tpmDAParams.MaxTries = maxAuthFail.Value - - lockoutInterval, err := getCapabilityProperty(tpm, tpm2.LockoutInterval) // 528 - if err != nil { - return nil, err - } - tpmDAParams.RecoveryTime = lockoutInterval.Value - - lockoutRecovery, err := getCapabilityProperty(tpm, tpm2.LockoutRecovery) // 529 - if err != nil { - return nil, err - } - tpmDAParams.LockoutRecovery = lockoutRecovery.Value - - startUpClear, err := getCapabilityProperty(tpm, tpm2.TPMAStartupClear) - if err != nil { - return nil, err - } - // get the 31st bit (TPM-Rev-2.0-Part-2-Structures-01.38.pdf, Page 73) - tpmDAParams.StartupClearOrderly = (startUpClear.Value&(1<<31)>>31 == 1) - - return &tpmDAParams, nil -} - -func getCapabilityProperty(tpm io.ReadWriter, property tpm2.TPMProp) (*tpm2.TaggedProperty, error) { - vals, _, err := tpm2.GetCapability(tpm, tpm2.CapabilityTPMProperties, 1, uint32(property)) - if err != nil { - return nil, err - } - val, ok := vals[0].(tpm2.TaggedProperty) - if !ok { - return nil, fmt.Errorf("failed to cast returned value to tpm2.TaggedProperty: %v", val) - } - if val.Tag != property { - return nil, fmt.Errorf("failed to get expected property from the TPM, want: %v, got: %v", property, val) - } - return &val, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/launcher/util_test.go b/vendor/github.com/google/go-tpm-tools/launcher/util_test.go deleted file mode 100644 index 90f648fc2..000000000 --- a/vendor/github.com/google/go-tpm-tools/launcher/util_test.go +++ /dev/null @@ -1,115 +0,0 @@ -package launcher - -import ( - "bytes" - - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "google.golang.org/api/option" -) - -var expectedEmail = "test2@google.com" -var expectedToken = []byte("test_token") -var expectedURL = fmt.Sprintf(idTokenEndpoint, expectedEmail) - -var testClient = &http.Client{ - Transport: &testRoundTripper{ - roundTripFunc: func(req *http.Request) *http.Response { - if req.URL.String() != expectedURL { - return &http.Response{ - StatusCode: http.StatusNotFound, - } - } - resp := idTokenResp{ - Token: string(expectedToken), - } - respBody, err := json.Marshal(resp) - if err != nil { - return &http.Response{ - StatusCode: http.StatusInternalServerError, - } - } - return &http.Response{ - StatusCode: http.StatusOK, - Header: make(http.Header), - Body: io.NopCloser(bytes.NewBuffer(respBody)), - } - }, - }, -} - -func TestTPMDAOps(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - daInfo, err := GetTPMDAInfo(rwc) - if err != nil { - t.Fatal(err) - } - - // default simualator TPM params - expectedDaInfo := TPMDAParams{0, 3, 1000, 1000, true} - if !cmp.Equal(*daInfo, expectedDaInfo) { - t.Errorf("expected default DA parameters, got %+v, want %+v", daInfo, expectedDaInfo) - } - - err = SetTPMDAParams(rwc, TPMDAParams{MaxTries: 123, RecoveryTime: 456, LockoutRecovery: 789}) - if err != nil { - t.Fatal(err) - } - - daInfo, err = GetTPMDAInfo(rwc) - if err != nil { - t.Fatal(err) - } - expectedDaInfo = TPMDAParams{0 /*LockoutCounter*/, 123 /*MaxTries*/, 456 /*RecoveryTime*/, 789 /*LockoutRecovery*/, true} - if !cmp.Equal(*daInfo, expectedDaInfo) { - t.Errorf("expected default DA parameters, got %+v, want %+v", daInfo, expectedDaInfo) - } -} - -func TestFetchImpersonatedToken(t *testing.T) { - token, err := FetchImpersonatedToken(context.Background(), expectedEmail, "test_aud", option.WithHTTPClient(testClient)) - if err != nil { - t.Fatalf("fetchImpersonatedToken returned error: %v", err) - } - - if !bytes.Equal(token, expectedToken) { - t.Errorf("fetchImpersonatedToken did not return expected token: got %v, want %v", token, expectedToken) - } -} - -func TestFetchImpersonatedTokenNilAud(t *testing.T) { - _, err := FetchImpersonatedToken(context.Background(), expectedEmail, "", option.WithHTTPClient(testClient)) - if err == nil || !strings.Contains(err.Error(), "audience") { - t.Fatalf("got %v error, want audience error", err) - } -} - -func TestFetchImpersonatedTokenBadEmail(t *testing.T) { - _, err := FetchImpersonatedToken(context.Background(), "", "test_aud", option.WithHTTPClient(testClient)) - if err == nil || strings.Contains(err.Error(), "audience") { - t.Fatalf("got %v error, want creating token source error", err) - } -} - -type testRoundTripper struct { - roundTripFunc func(*http.Request) *http.Response -} - -func (t *testRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - return t.roundTripFunc(req), nil -} - -type idTokenResp struct { - Token string `json:"token"` -} diff --git a/vendor/github.com/google/go-tpm-tools/proto/attest.proto b/vendor/github.com/google/go-tpm-tools/proto/attest.proto deleted file mode 100644 index 1f711d082..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/attest.proto +++ /dev/null @@ -1,332 +0,0 @@ -syntax = "proto3"; - -package attest; - -import "proto/sevsnp.proto"; -import "proto/tdx.proto"; -import "tpm.proto"; - -option go_package = "github.com/google/go-tpm-tools/proto/attest"; - -// Information uniquely identifying a GCE instance. Can be used to create an -// instance URL, which can then be used with GCE APIs. Formatted like: -// https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} -message GCEInstanceInfo { - string zone = 1; - string project_id = 2; - uint64 project_number = 3; - string instance_name = 4; - uint64 instance_id = 5; -} - -message Attestation { - // Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC - bytes ak_pub = 1; - // Quotes over all supported PCR banks - repeated tpm.Quote quotes = 2; - // TCG Event Log, encoded in the raw binary format. - // Can be SHA-1 or crypto-agile. - bytes event_log = 3; - // Optional information about a GCE instance, unused outside of GCE - GCEInstanceInfo instance_info = 4; - // A COS event log using the TCG Canonical Event Log format - bytes canonical_event_log = 5; - // Attestation Key (AK) Certificate, encoded as ASN.1 DER. - // Optional. - bytes ak_cert = 6; - // Intermediate Certificates for verifying the AK Certificate, encoded as - // ASN.1 DER. Optional. - repeated bytes intermediate_certs = 7; - // Trusted execution environment attestation is a secondary platform - // attestation that the machine is running within a particular confidential - // environment. - oneof tee_attestation { - sevsnp.Attestation sev_snp_attestation = 8; - tdx.QuoteV4 tdx_attestation = 9; - } -} - -// For VMs running SEV-SNP with an SVSM-based e-vTPM, this contains a TPM quote -// and all the information needed to verify it. -message SevSnpSvsmAttestation { - Attestation attestation = 1; - sevsnp.Attestation sev_snp_attestation = 2; - // vTPM service manifest is retrieved from configfs-tsm-report via manifest blob - // See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report - // The manifest format is defined by the SVSM spec at https://www.amd.com/en/developer/sev.html - bytes vtpm_service_manifest = 3; - string vtpm_service_manifest_version = 4; - // This contains a launch endorsement for guest firmware that includes SVSM. - bytes launch_endorsement = 5; -} - -// Type of hardware technology used to protect this instance -enum GCEConfidentialTechnology { - NONE = 0; - AMD_SEV = 1; - AMD_SEV_ES = 2; - INTEL_TDX = 3; - AMD_SEV_SNP = 4; -} - -// The platform/firmware state for this instance -message PlatformState { - oneof firmware { - // Raw S-CRTM version identifier (EV_S_CRTM_VERSION) - bytes scrtm_version_id = 1; - // Virtual GCE firmware version (parsed from S-CRTM version id) - uint32 gce_version = 2; - } - // Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances - GCEConfidentialTechnology technology = 3; - // Only set for GCE instances - GCEInstanceInfo instance_info = 4; -} - -message GrubFile { - // The digest of the file (pulled from the raw event digest). - bytes digest = 1; - // The event data. This is not measured, so it is untrusted. - bytes untrusted_filename = 2; -} - -message GrubState { - // All GRUB-read and measured files, including grub.cfg. - repeated GrubFile files = 1; - // A list of executed GRUB commands and command lines passed to the kernel - // and kernel modules. - repeated string commands = 2; -} - -// The state of the Linux kernel. -// At the moment, parsing LinuxKernelState relies on parsing the GrubState. -// To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState. -message LinuxKernelState { - // The kernel command line. - string command_line = 1; -} - -// A parsed event from the TCG event log -message Event { - // The Platform Control Register (PCR) this event was extended into. - uint32 pcr_index = 1; - // The type of this event. Note that this value is not verified, so it should - // only be used as a hint during event parsing. - uint32 untrusted_type = 2; - // The raw data associated to this event. The meaning of this data is - // specific to the type of the event. - bytes data = 3; - // The event digest actually extended into the TPM. This is often the hash of - // the data field, but in some cases it may have a type-specific calculation. - bytes digest = 4; - // This is true if hash(data) == digest. - bool digest_verified = 5; -} - -// Common, publicly-listed certificates by different vendors. -enum WellKnownCertificate { - UNKNOWN = 0; - - // Microsoft certs: - // https://go.microsoft.com/fwlink/p/?linkid=321192 - MS_WINDOWS_PROD_PCA_2011 = 1; - // https://go.microsoft.com/fwlink/p/?linkid=321194 - MS_THIRD_PARTY_UEFI_CA_2011 = 2; - // https://go.microsoft.com/fwlink/p/?linkid=321185 - MS_THIRD_PARTY_KEK_CA_2011 = 3; - - // GCE certs: - GCE_DEFAULT_PK = 4; -} - -message Certificate { - // The representation of the certificate. If the certificate matches a - // well-known certificate above, representation should contain the value in - // the enum. Otherwise, it will contain the raw DER. - oneof representation { - // DER representation of the certificate. - bytes der = 1; - WellKnownCertificate well_known = 2; - } -} - -// A Secure Boot database containing lists of hashes and certificates, -// as defined by section 32.4.1 Signature Database in the UEFI spec. -message Database { - repeated Certificate certs = 1; - repeated bytes hashes = 2; -} - -// The Secure Boot state for this instance. -message SecureBootState { - // Whether Secure Boot is enabled. - bool enabled = 1; - // The Secure Boot signature (allowed) database. - Database db = 2; - // The Secure Boot revoked signature (forbidden) database. - Database dbx = 3; - // Authority events post-separator. Pre-separator authorities - // are currently not supported. - Database authority = 4; - // The Secure Boot Platform key, used to sign key exchange keys. - Database pk = 5; - // The Secure Boot Key Exchange Keys, used to sign db and dbx updates. - Database kek = 6; -} - -// The container's restart policy. -// See the following Kubernetes documentation for more details: -// https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy -// Note that these enum variants do not conform to the standard Protocol Buffers -// Style Guide so that RestartPolicy_name, RestartPolicy_value, and -// RestartPolicy.String() match the values used by Kubernetes and others. -enum RestartPolicy { - Always = 0; - OnFailure = 1; - Never = 2; -} - -message ContainerState { - string image_reference = 1; - // Digest of the registry's image manifest, which contains a list of the - // layers comprising the image. - string image_digest = 2; - RestartPolicy restart_policy = 3; - // Digest of the local image configuration object, containing config items - // such as local layer digests. - string image_id = 4; - repeated string args = 5; - map env_vars = 6; - // Record operator input Env Vars and Args, should be subsets of the above - // Env Vars and Args. - repeated string overridden_args = 7; - map overridden_env_vars = 8; -} - -message SemanticVersion { - uint32 major = 1; - uint32 minor = 2; - uint32 patch = 3; -} - -message HealthMonitoringState { - // Whether memory monitoring is enabled. - optional bool memory_enabled = 1; -} - -// Confidential Computing mode for GPU device. Reference for these CC mode values: https://developer.nvidia.com/blog/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai/#hardware_security_for_nvidia_h100_gpus -enum GPUDeviceCCMode { - UNSET = 0; - // The NVIDIA H100 hardware, firmware, and software have fully activated all the confidential computing features. - ON = 1; - // None of the confidential computing-specific features are active. - OFF = 2; - // The GPU is in a partial CC mode that will match the workflows of CC mode ON, but with security protections disabled. - DEVTOOLS = 3; -} - -message GpuDeviceState { - // Whether Confidential Computing mode is enabled for GPU. - GPUDeviceCCMode cc_mode = 1; -} - - -message AttestedCosState { - ContainerState container = 1; - SemanticVersion cos_version = 2; - SemanticVersion launcher_version = 3; - HealthMonitoringState health_monitoring = 4; - GpuDeviceState gpu_device_state = 5; -} - -message EfiApp { - // The PE/COFF digest of the EFI application (pulled from the raw event digest). - bytes digest = 1; -} - -// The verified state of EFI Applications. Policy usage on this machine state -// should check the entire set of EFI App digests matches, not a subset. -message EfiState { - // UEFI's OS Loader code is required to measure attempts to load and execute - // UEFI applications. - // UEFI applications are typically bootloaders such as shim and GRUB. - // These run and are measured using the UEFI LoadImage() service. - repeated EfiApp apps = 1; -} - -// The verified state of a booted machine, obtained from an Attestation -message MachineState { - PlatformState platform = 1; - - SecureBootState secure_boot = 2; - - // The complete parsed TCG Event Log, including those events used to - // create the PlatformState. - repeated Event raw_events = 3; - // The hash algorithm used when verifying the Attestation. This indicates: - // - which PCR bank was used for for quote validation and event log replay - // - the hash algorithm used to calculate event digests - tpm.HashAlgo hash = 4; - - GrubState grub = 5; - - LinuxKernelState linux_kernel = 6; - - AttestedCosState cos = 7; - - EfiState efi = 8; - - // Attestation/Quote representations from TEEs whose signatures are already - // verified. - oneof tee_attestation { - sevsnp.Attestation sev_snp_attestation = 9; - tdx.QuoteV4 tdx_attestation = 10; - } -} - -// A policy dictating which values of PlatformState to allow -message PlatformPolicy { - // If PlatformState.firmware contains a scrtm_version_id, it must appear - // in this list. For use with a GCE VM, minimum_gce_firmware_version is - // often a better alternative. - repeated bytes allowed_scrtm_version_ids = 1; - // If PlatformState.firmware contains a minimum_gce_firmware_version, it must - // be greater than or equal to this value. Currently, the max version is 1. - uint32 minimum_gce_firmware_version = 2; - // The PlatformState's technology must be at least as secure as - // the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). - GCEConfidentialTechnology minimum_technology = 3; -} - -// A policy about what parts of a RIM to compare against machine state as -// reflected in a quote or (verified) event log. Reference measurements for -// a component are expected to be addressable by the machine state's reported -// digest, or otherwise presented as cached collateral with the attestation -// itself. The method of delivery is vendor-specific. -message RIMPolicy { - // If true, the signed measurement must be available (by means that can be - // vendor-specific), and the target measurement must be among the listed - // signed measurements. If false, then only error if there is a problem - // verifying the signed measurements when they are available. - bool require_signed = 1; - // x.509 certificates in ASN.1 DER format. - repeated bytes root_certs = 2; -} - -// Represent minimal decisions about attestation fields until necessary to -// add for policy reasons. -message SevSnpPolicy { - // The policy for checking the signed reference values for the UEFI at launch. - RIMPolicy uefi = 1; -} - -// A policy dictating which type of MachineStates to allow -message Policy { - PlatformPolicy platform = 1; - - // SecureBootPolicy secure_boot = 2; - - // When the attestation is on SEV-SNP, this is the policy. Unset means no - // constraints. - SevSnpPolicy sev_snp = 3; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go b/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go deleted file mode 100644 index 0cd6a21d6..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/attest/attest.pb.go +++ /dev/null @@ -1,2727 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 -// source: attest.proto - -package attest - -import ( - sevsnp "github.com/google/go-sev-guest/proto/sevsnp" - tdx "github.com/google/go-tdx-guest/proto/tdx" - tpm "github.com/google/go-tpm-tools/proto/tpm" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Type of hardware technology used to protect this instance -type GCEConfidentialTechnology int32 - -const ( - GCEConfidentialTechnology_NONE GCEConfidentialTechnology = 0 - GCEConfidentialTechnology_AMD_SEV GCEConfidentialTechnology = 1 - GCEConfidentialTechnology_AMD_SEV_ES GCEConfidentialTechnology = 2 - GCEConfidentialTechnology_INTEL_TDX GCEConfidentialTechnology = 3 - GCEConfidentialTechnology_AMD_SEV_SNP GCEConfidentialTechnology = 4 -) - -// Enum value maps for GCEConfidentialTechnology. -var ( - GCEConfidentialTechnology_name = map[int32]string{ - 0: "NONE", - 1: "AMD_SEV", - 2: "AMD_SEV_ES", - 3: "INTEL_TDX", - 4: "AMD_SEV_SNP", - } - GCEConfidentialTechnology_value = map[string]int32{ - "NONE": 0, - "AMD_SEV": 1, - "AMD_SEV_ES": 2, - "INTEL_TDX": 3, - "AMD_SEV_SNP": 4, - } -) - -func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology { - p := new(GCEConfidentialTechnology) - *p = x - return p -} - -func (x GCEConfidentialTechnology) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor { - return file_attest_proto_enumTypes[0].Descriptor() -} - -func (GCEConfidentialTechnology) Type() protoreflect.EnumType { - return &file_attest_proto_enumTypes[0] -} - -func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use GCEConfidentialTechnology.Descriptor instead. -func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{0} -} - -// Common, publicly-listed certificates by different vendors. -type WellKnownCertificate int32 - -const ( - WellKnownCertificate_UNKNOWN WellKnownCertificate = 0 - // Microsoft certs: - // https://go.microsoft.com/fwlink/p/?linkid=321192 - WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 WellKnownCertificate = 1 - // https://go.microsoft.com/fwlink/p/?linkid=321194 - WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 WellKnownCertificate = 2 - // https://go.microsoft.com/fwlink/p/?linkid=321185 - WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011 WellKnownCertificate = 3 - // GCE certs: - WellKnownCertificate_GCE_DEFAULT_PK WellKnownCertificate = 4 -) - -// Enum value maps for WellKnownCertificate. -var ( - WellKnownCertificate_name = map[int32]string{ - 0: "UNKNOWN", - 1: "MS_WINDOWS_PROD_PCA_2011", - 2: "MS_THIRD_PARTY_UEFI_CA_2011", - 3: "MS_THIRD_PARTY_KEK_CA_2011", - 4: "GCE_DEFAULT_PK", - } - WellKnownCertificate_value = map[string]int32{ - "UNKNOWN": 0, - "MS_WINDOWS_PROD_PCA_2011": 1, - "MS_THIRD_PARTY_UEFI_CA_2011": 2, - "MS_THIRD_PARTY_KEK_CA_2011": 3, - "GCE_DEFAULT_PK": 4, - } -) - -func (x WellKnownCertificate) Enum() *WellKnownCertificate { - p := new(WellKnownCertificate) - *p = x - return p -} - -func (x WellKnownCertificate) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (WellKnownCertificate) Descriptor() protoreflect.EnumDescriptor { - return file_attest_proto_enumTypes[1].Descriptor() -} - -func (WellKnownCertificate) Type() protoreflect.EnumType { - return &file_attest_proto_enumTypes[1] -} - -func (x WellKnownCertificate) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use WellKnownCertificate.Descriptor instead. -func (WellKnownCertificate) EnumDescriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{1} -} - -// The container's restart policy. -// See the following Kubernetes documentation for more details: -// https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy -// Note that these enum variants do not conform to the standard Protocol Buffers -// Style Guide so that RestartPolicy_name, RestartPolicy_value, and -// RestartPolicy.String() match the values used by Kubernetes and others. -type RestartPolicy int32 - -const ( - RestartPolicy_Always RestartPolicy = 0 - RestartPolicy_OnFailure RestartPolicy = 1 - RestartPolicy_Never RestartPolicy = 2 -) - -// Enum value maps for RestartPolicy. -var ( - RestartPolicy_name = map[int32]string{ - 0: "Always", - 1: "OnFailure", - 2: "Never", - } - RestartPolicy_value = map[string]int32{ - "Always": 0, - "OnFailure": 1, - "Never": 2, - } -) - -func (x RestartPolicy) Enum() *RestartPolicy { - p := new(RestartPolicy) - *p = x - return p -} - -func (x RestartPolicy) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (RestartPolicy) Descriptor() protoreflect.EnumDescriptor { - return file_attest_proto_enumTypes[2].Descriptor() -} - -func (RestartPolicy) Type() protoreflect.EnumType { - return &file_attest_proto_enumTypes[2] -} - -func (x RestartPolicy) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use RestartPolicy.Descriptor instead. -func (RestartPolicy) EnumDescriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{2} -} - -// Confidential Computing mode for GPU device. Reference for these CC mode values: https://developer.nvidia.com/blog/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai/#hardware_security_for_nvidia_h100_gpus -type GPUDeviceCCMode int32 - -const ( - GPUDeviceCCMode_UNSET GPUDeviceCCMode = 0 - // The NVIDIA H100 hardware, firmware, and software have fully activated all the confidential computing features. - GPUDeviceCCMode_ON GPUDeviceCCMode = 1 - // None of the confidential computing-specific features are active. - GPUDeviceCCMode_OFF GPUDeviceCCMode = 2 - // The GPU is in a partial CC mode that will match the workflows of CC mode ON, but with security protections disabled. - GPUDeviceCCMode_DEVTOOLS GPUDeviceCCMode = 3 -) - -// Enum value maps for GPUDeviceCCMode. -var ( - GPUDeviceCCMode_name = map[int32]string{ - 0: "UNSET", - 1: "ON", - 2: "OFF", - 3: "DEVTOOLS", - } - GPUDeviceCCMode_value = map[string]int32{ - "UNSET": 0, - "ON": 1, - "OFF": 2, - "DEVTOOLS": 3, - } -) - -func (x GPUDeviceCCMode) Enum() *GPUDeviceCCMode { - p := new(GPUDeviceCCMode) - *p = x - return p -} - -func (x GPUDeviceCCMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (GPUDeviceCCMode) Descriptor() protoreflect.EnumDescriptor { - return file_attest_proto_enumTypes[3].Descriptor() -} - -func (GPUDeviceCCMode) Type() protoreflect.EnumType { - return &file_attest_proto_enumTypes[3] -} - -func (x GPUDeviceCCMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use GPUDeviceCCMode.Descriptor instead. -func (GPUDeviceCCMode) EnumDescriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{3} -} - -// Information uniquely identifying a GCE instance. Can be used to create an -// instance URL, which can then be used with GCE APIs. Formatted like: -// -// https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} -type GCEInstanceInfo struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` - ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` - ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` - InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` - InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` -} - -func (x *GCEInstanceInfo) Reset() { - *x = GCEInstanceInfo{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GCEInstanceInfo) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GCEInstanceInfo) ProtoMessage() {} - -func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead. -func (*GCEInstanceInfo) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{0} -} - -func (x *GCEInstanceInfo) GetZone() string { - if x != nil { - return x.Zone - } - return "" -} - -func (x *GCEInstanceInfo) GetProjectId() string { - if x != nil { - return x.ProjectId - } - return "" -} - -func (x *GCEInstanceInfo) GetProjectNumber() uint64 { - if x != nil { - return x.ProjectNumber - } - return 0 -} - -func (x *GCEInstanceInfo) GetInstanceName() string { - if x != nil { - return x.InstanceName - } - return "" -} - -func (x *GCEInstanceInfo) GetInstanceId() uint64 { - if x != nil { - return x.InstanceId - } - return 0 -} - -type Attestation struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC - AkPub []byte `protobuf:"bytes,1,opt,name=ak_pub,json=akPub,proto3" json:"ak_pub,omitempty"` - // Quotes over all supported PCR banks - Quotes []*tpm.Quote `protobuf:"bytes,2,rep,name=quotes,proto3" json:"quotes,omitempty"` - // TCG Event Log, encoded in the raw binary format. - // Can be SHA-1 or crypto-agile. - EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"` - // Optional information about a GCE instance, unused outside of GCE - InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` - // A COS event log using the TCG Canonical Event Log format - CanonicalEventLog []byte `protobuf:"bytes,5,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"` - // Attestation Key (AK) Certificate, encoded as ASN.1 DER. - // Optional. - AkCert []byte `protobuf:"bytes,6,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"` - // Intermediate Certificates for verifying the AK Certificate, encoded as - // ASN.1 DER. Optional. - IntermediateCerts [][]byte `protobuf:"bytes,7,rep,name=intermediate_certs,json=intermediateCerts,proto3" json:"intermediate_certs,omitempty"` - // Trusted execution environment attestation is a secondary platform - // attestation that the machine is running within a particular confidential - // environment. - // - // Types that are assignable to TeeAttestation: - // - // *Attestation_SevSnpAttestation - // *Attestation_TdxAttestation - TeeAttestation isAttestation_TeeAttestation `protobuf_oneof:"tee_attestation"` -} - -func (x *Attestation) Reset() { - *x = Attestation{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Attestation) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Attestation) ProtoMessage() {} - -func (x *Attestation) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Attestation.ProtoReflect.Descriptor instead. -func (*Attestation) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{1} -} - -func (x *Attestation) GetAkPub() []byte { - if x != nil { - return x.AkPub - } - return nil -} - -func (x *Attestation) GetQuotes() []*tpm.Quote { - if x != nil { - return x.Quotes - } - return nil -} - -func (x *Attestation) GetEventLog() []byte { - if x != nil { - return x.EventLog - } - return nil -} - -func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo { - if x != nil { - return x.InstanceInfo - } - return nil -} - -func (x *Attestation) GetCanonicalEventLog() []byte { - if x != nil { - return x.CanonicalEventLog - } - return nil -} - -func (x *Attestation) GetAkCert() []byte { - if x != nil { - return x.AkCert - } - return nil -} - -func (x *Attestation) GetIntermediateCerts() [][]byte { - if x != nil { - return x.IntermediateCerts - } - return nil -} - -func (m *Attestation) GetTeeAttestation() isAttestation_TeeAttestation { - if m != nil { - return m.TeeAttestation - } - return nil -} - -func (x *Attestation) GetSevSnpAttestation() *sevsnp.Attestation { - if x, ok := x.GetTeeAttestation().(*Attestation_SevSnpAttestation); ok { - return x.SevSnpAttestation - } - return nil -} - -func (x *Attestation) GetTdxAttestation() *tdx.QuoteV4 { - if x, ok := x.GetTeeAttestation().(*Attestation_TdxAttestation); ok { - return x.TdxAttestation - } - return nil -} - -type isAttestation_TeeAttestation interface { - isAttestation_TeeAttestation() -} - -type Attestation_SevSnpAttestation struct { - SevSnpAttestation *sevsnp.Attestation `protobuf:"bytes,8,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3,oneof"` -} - -type Attestation_TdxAttestation struct { - TdxAttestation *tdx.QuoteV4 `protobuf:"bytes,9,opt,name=tdx_attestation,json=tdxAttestation,proto3,oneof"` -} - -func (*Attestation_SevSnpAttestation) isAttestation_TeeAttestation() {} - -func (*Attestation_TdxAttestation) isAttestation_TeeAttestation() {} - -// For VMs running SEV-SNP with an SVSM-based e-vTPM, this contains a TPM quote -// and all the information needed to verify it. -type SevSnpSvsmAttestation struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Attestation *Attestation `protobuf:"bytes,1,opt,name=attestation,proto3" json:"attestation,omitempty"` - SevSnpAttestation *sevsnp.Attestation `protobuf:"bytes,2,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3" json:"sev_snp_attestation,omitempty"` - // vTPM service manifest is retrieved from configfs-tsm-report via manifest blob - // See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report - // The manifest format is defined by the SVSM spec at https://www.amd.com/en/developer/sev.html - VtpmServiceManifest []byte `protobuf:"bytes,3,opt,name=vtpm_service_manifest,json=vtpmServiceManifest,proto3" json:"vtpm_service_manifest,omitempty"` - VtpmServiceManifestVersion string `protobuf:"bytes,4,opt,name=vtpm_service_manifest_version,json=vtpmServiceManifestVersion,proto3" json:"vtpm_service_manifest_version,omitempty"` - // This contains a launch endorsement for guest firmware that includes SVSM. - LaunchEndorsement []byte `protobuf:"bytes,5,opt,name=launch_endorsement,json=launchEndorsement,proto3" json:"launch_endorsement,omitempty"` -} - -func (x *SevSnpSvsmAttestation) Reset() { - *x = SevSnpSvsmAttestation{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SevSnpSvsmAttestation) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SevSnpSvsmAttestation) ProtoMessage() {} - -func (x *SevSnpSvsmAttestation) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SevSnpSvsmAttestation.ProtoReflect.Descriptor instead. -func (*SevSnpSvsmAttestation) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{2} -} - -func (x *SevSnpSvsmAttestation) GetAttestation() *Attestation { - if x != nil { - return x.Attestation - } - return nil -} - -func (x *SevSnpSvsmAttestation) GetSevSnpAttestation() *sevsnp.Attestation { - if x != nil { - return x.SevSnpAttestation - } - return nil -} - -func (x *SevSnpSvsmAttestation) GetVtpmServiceManifest() []byte { - if x != nil { - return x.VtpmServiceManifest - } - return nil -} - -func (x *SevSnpSvsmAttestation) GetVtpmServiceManifestVersion() string { - if x != nil { - return x.VtpmServiceManifestVersion - } - return "" -} - -func (x *SevSnpSvsmAttestation) GetLaunchEndorsement() []byte { - if x != nil { - return x.LaunchEndorsement - } - return nil -} - -// The platform/firmware state for this instance -type PlatformState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Firmware: - // - // *PlatformState_ScrtmVersionId - // *PlatformState_GceVersion - Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"` - // Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances - Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=attest.GCEConfidentialTechnology" json:"technology,omitempty"` - // Only set for GCE instances - InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` -} - -func (x *PlatformState) Reset() { - *x = PlatformState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PlatformState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PlatformState) ProtoMessage() {} - -func (x *PlatformState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PlatformState.ProtoReflect.Descriptor instead. -func (*PlatformState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{3} -} - -func (m *PlatformState) GetFirmware() isPlatformState_Firmware { - if m != nil { - return m.Firmware - } - return nil -} - -func (x *PlatformState) GetScrtmVersionId() []byte { - if x, ok := x.GetFirmware().(*PlatformState_ScrtmVersionId); ok { - return x.ScrtmVersionId - } - return nil -} - -func (x *PlatformState) GetGceVersion() uint32 { - if x, ok := x.GetFirmware().(*PlatformState_GceVersion); ok { - return x.GceVersion - } - return 0 -} - -func (x *PlatformState) GetTechnology() GCEConfidentialTechnology { - if x != nil { - return x.Technology - } - return GCEConfidentialTechnology_NONE -} - -func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo { - if x != nil { - return x.InstanceInfo - } - return nil -} - -type isPlatformState_Firmware interface { - isPlatformState_Firmware() -} - -type PlatformState_ScrtmVersionId struct { - // Raw S-CRTM version identifier (EV_S_CRTM_VERSION) - ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"` -} - -type PlatformState_GceVersion struct { - // Virtual GCE firmware version (parsed from S-CRTM version id) - GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"` -} - -func (*PlatformState_ScrtmVersionId) isPlatformState_Firmware() {} - -func (*PlatformState_GceVersion) isPlatformState_Firmware() {} - -type GrubFile struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The digest of the file (pulled from the raw event digest). - Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` - // The event data. This is not measured, so it is untrusted. - UntrustedFilename []byte `protobuf:"bytes,2,opt,name=untrusted_filename,json=untrustedFilename,proto3" json:"untrusted_filename,omitempty"` -} - -func (x *GrubFile) Reset() { - *x = GrubFile{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GrubFile) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GrubFile) ProtoMessage() {} - -func (x *GrubFile) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GrubFile.ProtoReflect.Descriptor instead. -func (*GrubFile) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{4} -} - -func (x *GrubFile) GetDigest() []byte { - if x != nil { - return x.Digest - } - return nil -} - -func (x *GrubFile) GetUntrustedFilename() []byte { - if x != nil { - return x.UntrustedFilename - } - return nil -} - -type GrubState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // All GRUB-read and measured files, including grub.cfg. - Files []*GrubFile `protobuf:"bytes,1,rep,name=files,proto3" json:"files,omitempty"` - // A list of executed GRUB commands and command lines passed to the kernel - // and kernel modules. - Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"` -} - -func (x *GrubState) Reset() { - *x = GrubState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GrubState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GrubState) ProtoMessage() {} - -func (x *GrubState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GrubState.ProtoReflect.Descriptor instead. -func (*GrubState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{5} -} - -func (x *GrubState) GetFiles() []*GrubFile { - if x != nil { - return x.Files - } - return nil -} - -func (x *GrubState) GetCommands() []string { - if x != nil { - return x.Commands - } - return nil -} - -// The state of the Linux kernel. -// At the moment, parsing LinuxKernelState relies on parsing the GrubState. -// To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState. -type LinuxKernelState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The kernel command line. - CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"` -} - -func (x *LinuxKernelState) Reset() { - *x = LinuxKernelState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LinuxKernelState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LinuxKernelState) ProtoMessage() {} - -func (x *LinuxKernelState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LinuxKernelState.ProtoReflect.Descriptor instead. -func (*LinuxKernelState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{6} -} - -func (x *LinuxKernelState) GetCommandLine() string { - if x != nil { - return x.CommandLine - } - return "" -} - -// A parsed event from the TCG event log -type Event struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The Platform Control Register (PCR) this event was extended into. - PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"` - // The type of this event. Note that this value is not verified, so it should - // only be used as a hint during event parsing. - UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"` - // The raw data associated to this event. The meaning of this data is - // specific to the type of the event. - Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` - // The event digest actually extended into the TPM. This is often the hash of - // the data field, but in some cases it may have a type-specific calculation. - Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"` - // This is true if hash(data) == digest. - DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"` -} - -func (x *Event) Reset() { - *x = Event{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Event) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Event) ProtoMessage() {} - -func (x *Event) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Event.ProtoReflect.Descriptor instead. -func (*Event) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{7} -} - -func (x *Event) GetPcrIndex() uint32 { - if x != nil { - return x.PcrIndex - } - return 0 -} - -func (x *Event) GetUntrustedType() uint32 { - if x != nil { - return x.UntrustedType - } - return 0 -} - -func (x *Event) GetData() []byte { - if x != nil { - return x.Data - } - return nil -} - -func (x *Event) GetDigest() []byte { - if x != nil { - return x.Digest - } - return nil -} - -func (x *Event) GetDigestVerified() bool { - if x != nil { - return x.DigestVerified - } - return false -} - -type Certificate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The representation of the certificate. If the certificate matches a - // well-known certificate above, representation should contain the value in - // the enum. Otherwise, it will contain the raw DER. - // - // Types that are assignable to Representation: - // - // *Certificate_Der - // *Certificate_WellKnown - Representation isCertificate_Representation `protobuf_oneof:"representation"` -} - -func (x *Certificate) Reset() { - *x = Certificate{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Certificate) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Certificate) ProtoMessage() {} - -func (x *Certificate) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Certificate.ProtoReflect.Descriptor instead. -func (*Certificate) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{8} -} - -func (m *Certificate) GetRepresentation() isCertificate_Representation { - if m != nil { - return m.Representation - } - return nil -} - -func (x *Certificate) GetDer() []byte { - if x, ok := x.GetRepresentation().(*Certificate_Der); ok { - return x.Der - } - return nil -} - -func (x *Certificate) GetWellKnown() WellKnownCertificate { - if x, ok := x.GetRepresentation().(*Certificate_WellKnown); ok { - return x.WellKnown - } - return WellKnownCertificate_UNKNOWN -} - -type isCertificate_Representation interface { - isCertificate_Representation() -} - -type Certificate_Der struct { - // DER representation of the certificate. - Der []byte `protobuf:"bytes,1,opt,name=der,proto3,oneof"` -} - -type Certificate_WellKnown struct { - WellKnown WellKnownCertificate `protobuf:"varint,2,opt,name=well_known,json=wellKnown,proto3,enum=attest.WellKnownCertificate,oneof"` -} - -func (*Certificate_Der) isCertificate_Representation() {} - -func (*Certificate_WellKnown) isCertificate_Representation() {} - -// A Secure Boot database containing lists of hashes and certificates, -// as defined by section 32.4.1 Signature Database in the UEFI spec. -type Database struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` - Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` -} - -func (x *Database) Reset() { - *x = Database{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Database) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Database) ProtoMessage() {} - -func (x *Database) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Database.ProtoReflect.Descriptor instead. -func (*Database) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{9} -} - -func (x *Database) GetCerts() []*Certificate { - if x != nil { - return x.Certs - } - return nil -} - -func (x *Database) GetHashes() [][]byte { - if x != nil { - return x.Hashes - } - return nil -} - -// The Secure Boot state for this instance. -type SecureBootState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Whether Secure Boot is enabled. - Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` - // The Secure Boot signature (allowed) database. - Db *Database `protobuf:"bytes,2,opt,name=db,proto3" json:"db,omitempty"` - // The Secure Boot revoked signature (forbidden) database. - Dbx *Database `protobuf:"bytes,3,opt,name=dbx,proto3" json:"dbx,omitempty"` - // Authority events post-separator. Pre-separator authorities - // are currently not supported. - Authority *Database `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` - // The Secure Boot Platform key, used to sign key exchange keys. - Pk *Database `protobuf:"bytes,5,opt,name=pk,proto3" json:"pk,omitempty"` - // The Secure Boot Key Exchange Keys, used to sign db and dbx updates. - Kek *Database `protobuf:"bytes,6,opt,name=kek,proto3" json:"kek,omitempty"` -} - -func (x *SecureBootState) Reset() { - *x = SecureBootState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SecureBootState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SecureBootState) ProtoMessage() {} - -func (x *SecureBootState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SecureBootState.ProtoReflect.Descriptor instead. -func (*SecureBootState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{10} -} - -func (x *SecureBootState) GetEnabled() bool { - if x != nil { - return x.Enabled - } - return false -} - -func (x *SecureBootState) GetDb() *Database { - if x != nil { - return x.Db - } - return nil -} - -func (x *SecureBootState) GetDbx() *Database { - if x != nil { - return x.Dbx - } - return nil -} - -func (x *SecureBootState) GetAuthority() *Database { - if x != nil { - return x.Authority - } - return nil -} - -func (x *SecureBootState) GetPk() *Database { - if x != nil { - return x.Pk - } - return nil -} - -func (x *SecureBootState) GetKek() *Database { - if x != nil { - return x.Kek - } - return nil -} - -type ContainerState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - ImageReference string `protobuf:"bytes,1,opt,name=image_reference,json=imageReference,proto3" json:"image_reference,omitempty"` - // Digest of the registry's image manifest, which contains a list of the - // layers comprising the image. - ImageDigest string `protobuf:"bytes,2,opt,name=image_digest,json=imageDigest,proto3" json:"image_digest,omitempty"` - RestartPolicy RestartPolicy `protobuf:"varint,3,opt,name=restart_policy,json=restartPolicy,proto3,enum=attest.RestartPolicy" json:"restart_policy,omitempty"` - // Digest of the local image configuration object, containing config items - // such as local layer digests. - ImageId string `protobuf:"bytes,4,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"` - Args []string `protobuf:"bytes,5,rep,name=args,proto3" json:"args,omitempty"` - EnvVars map[string]string `protobuf:"bytes,6,rep,name=env_vars,json=envVars,proto3" json:"env_vars,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Record operator input Env Vars and Args, should be subsets of the above - // Env Vars and Args. - OverriddenArgs []string `protobuf:"bytes,7,rep,name=overridden_args,json=overriddenArgs,proto3" json:"overridden_args,omitempty"` - OverriddenEnvVars map[string]string `protobuf:"bytes,8,rep,name=overridden_env_vars,json=overriddenEnvVars,proto3" json:"overridden_env_vars,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *ContainerState) Reset() { - *x = ContainerState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ContainerState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ContainerState) ProtoMessage() {} - -func (x *ContainerState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ContainerState.ProtoReflect.Descriptor instead. -func (*ContainerState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{11} -} - -func (x *ContainerState) GetImageReference() string { - if x != nil { - return x.ImageReference - } - return "" -} - -func (x *ContainerState) GetImageDigest() string { - if x != nil { - return x.ImageDigest - } - return "" -} - -func (x *ContainerState) GetRestartPolicy() RestartPolicy { - if x != nil { - return x.RestartPolicy - } - return RestartPolicy_Always -} - -func (x *ContainerState) GetImageId() string { - if x != nil { - return x.ImageId - } - return "" -} - -func (x *ContainerState) GetArgs() []string { - if x != nil { - return x.Args - } - return nil -} - -func (x *ContainerState) GetEnvVars() map[string]string { - if x != nil { - return x.EnvVars - } - return nil -} - -func (x *ContainerState) GetOverriddenArgs() []string { - if x != nil { - return x.OverriddenArgs - } - return nil -} - -func (x *ContainerState) GetOverriddenEnvVars() map[string]string { - if x != nil { - return x.OverriddenEnvVars - } - return nil -} - -type SemanticVersion struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Major uint32 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"` - Minor uint32 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"` - Patch uint32 `protobuf:"varint,3,opt,name=patch,proto3" json:"patch,omitempty"` -} - -func (x *SemanticVersion) Reset() { - *x = SemanticVersion{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SemanticVersion) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SemanticVersion) ProtoMessage() {} - -func (x *SemanticVersion) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SemanticVersion.ProtoReflect.Descriptor instead. -func (*SemanticVersion) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{12} -} - -func (x *SemanticVersion) GetMajor() uint32 { - if x != nil { - return x.Major - } - return 0 -} - -func (x *SemanticVersion) GetMinor() uint32 { - if x != nil { - return x.Minor - } - return 0 -} - -func (x *SemanticVersion) GetPatch() uint32 { - if x != nil { - return x.Patch - } - return 0 -} - -type HealthMonitoringState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Whether memory monitoring is enabled. - MemoryEnabled *bool `protobuf:"varint,1,opt,name=memory_enabled,json=memoryEnabled,proto3,oneof" json:"memory_enabled,omitempty"` -} - -func (x *HealthMonitoringState) Reset() { - *x = HealthMonitoringState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HealthMonitoringState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HealthMonitoringState) ProtoMessage() {} - -func (x *HealthMonitoringState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HealthMonitoringState.ProtoReflect.Descriptor instead. -func (*HealthMonitoringState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{13} -} - -func (x *HealthMonitoringState) GetMemoryEnabled() bool { - if x != nil && x.MemoryEnabled != nil { - return *x.MemoryEnabled - } - return false -} - -type GpuDeviceState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Whether Confidential Computing mode is enabled for GPU. - CcMode GPUDeviceCCMode `protobuf:"varint,1,opt,name=cc_mode,json=ccMode,proto3,enum=attest.GPUDeviceCCMode" json:"cc_mode,omitempty"` -} - -func (x *GpuDeviceState) Reset() { - *x = GpuDeviceState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GpuDeviceState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GpuDeviceState) ProtoMessage() {} - -func (x *GpuDeviceState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GpuDeviceState.ProtoReflect.Descriptor instead. -func (*GpuDeviceState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{14} -} - -func (x *GpuDeviceState) GetCcMode() GPUDeviceCCMode { - if x != nil { - return x.CcMode - } - return GPUDeviceCCMode_UNSET -} - -type AttestedCosState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Container *ContainerState `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"` - CosVersion *SemanticVersion `protobuf:"bytes,2,opt,name=cos_version,json=cosVersion,proto3" json:"cos_version,omitempty"` - LauncherVersion *SemanticVersion `protobuf:"bytes,3,opt,name=launcher_version,json=launcherVersion,proto3" json:"launcher_version,omitempty"` - HealthMonitoring *HealthMonitoringState `protobuf:"bytes,4,opt,name=health_monitoring,json=healthMonitoring,proto3" json:"health_monitoring,omitempty"` - GpuDeviceState *GpuDeviceState `protobuf:"bytes,5,opt,name=gpu_device_state,json=gpuDeviceState,proto3" json:"gpu_device_state,omitempty"` -} - -func (x *AttestedCosState) Reset() { - *x = AttestedCosState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AttestedCosState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AttestedCosState) ProtoMessage() {} - -func (x *AttestedCosState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AttestedCosState.ProtoReflect.Descriptor instead. -func (*AttestedCosState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{15} -} - -func (x *AttestedCosState) GetContainer() *ContainerState { - if x != nil { - return x.Container - } - return nil -} - -func (x *AttestedCosState) GetCosVersion() *SemanticVersion { - if x != nil { - return x.CosVersion - } - return nil -} - -func (x *AttestedCosState) GetLauncherVersion() *SemanticVersion { - if x != nil { - return x.LauncherVersion - } - return nil -} - -func (x *AttestedCosState) GetHealthMonitoring() *HealthMonitoringState { - if x != nil { - return x.HealthMonitoring - } - return nil -} - -func (x *AttestedCosState) GetGpuDeviceState() *GpuDeviceState { - if x != nil { - return x.GpuDeviceState - } - return nil -} - -type EfiApp struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The PE/COFF digest of the EFI application (pulled from the raw event digest). - Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` -} - -func (x *EfiApp) Reset() { - *x = EfiApp{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EfiApp) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EfiApp) ProtoMessage() {} - -func (x *EfiApp) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EfiApp.ProtoReflect.Descriptor instead. -func (*EfiApp) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{16} -} - -func (x *EfiApp) GetDigest() []byte { - if x != nil { - return x.Digest - } - return nil -} - -// The verified state of EFI Applications. Policy usage on this machine state -// should check the entire set of EFI App digests matches, not a subset. -type EfiState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // UEFI's OS Loader code is required to measure attempts to load and execute - // UEFI applications. - // UEFI applications are typically bootloaders such as shim and GRUB. - // These run and are measured using the UEFI LoadImage() service. - Apps []*EfiApp `protobuf:"bytes,1,rep,name=apps,proto3" json:"apps,omitempty"` -} - -func (x *EfiState) Reset() { - *x = EfiState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *EfiState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*EfiState) ProtoMessage() {} - -func (x *EfiState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use EfiState.ProtoReflect.Descriptor instead. -func (*EfiState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{17} -} - -func (x *EfiState) GetApps() []*EfiApp { - if x != nil { - return x.Apps - } - return nil -} - -// The verified state of a booted machine, obtained from an Attestation -type MachineState struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` - SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` - // The complete parsed TCG Event Log, including those events used to - // create the PlatformState. - RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"` - // The hash algorithm used when verifying the Attestation. This indicates: - // - which PCR bank was used for for quote validation and event log replay - // - the hash algorithm used to calculate event digests - Hash tpm.HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` - Grub *GrubState `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"` - LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"` - Cos *AttestedCosState `protobuf:"bytes,7,opt,name=cos,proto3" json:"cos,omitempty"` - Efi *EfiState `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"` - // Attestation/Quote representations from TEEs whose signatures are already - // verified. - // - // Types that are assignable to TeeAttestation: - // - // *MachineState_SevSnpAttestation - // *MachineState_TdxAttestation - TeeAttestation isMachineState_TeeAttestation `protobuf_oneof:"tee_attestation"` -} - -func (x *MachineState) Reset() { - *x = MachineState{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MachineState) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MachineState) ProtoMessage() {} - -func (x *MachineState) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MachineState.ProtoReflect.Descriptor instead. -func (*MachineState) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{18} -} - -func (x *MachineState) GetPlatform() *PlatformState { - if x != nil { - return x.Platform - } - return nil -} - -func (x *MachineState) GetSecureBoot() *SecureBootState { - if x != nil { - return x.SecureBoot - } - return nil -} - -func (x *MachineState) GetRawEvents() []*Event { - if x != nil { - return x.RawEvents - } - return nil -} - -func (x *MachineState) GetHash() tpm.HashAlgo { - if x != nil { - return x.Hash - } - return tpm.HashAlgo(0) -} - -func (x *MachineState) GetGrub() *GrubState { - if x != nil { - return x.Grub - } - return nil -} - -func (x *MachineState) GetLinuxKernel() *LinuxKernelState { - if x != nil { - return x.LinuxKernel - } - return nil -} - -func (x *MachineState) GetCos() *AttestedCosState { - if x != nil { - return x.Cos - } - return nil -} - -func (x *MachineState) GetEfi() *EfiState { - if x != nil { - return x.Efi - } - return nil -} - -func (m *MachineState) GetTeeAttestation() isMachineState_TeeAttestation { - if m != nil { - return m.TeeAttestation - } - return nil -} - -func (x *MachineState) GetSevSnpAttestation() *sevsnp.Attestation { - if x, ok := x.GetTeeAttestation().(*MachineState_SevSnpAttestation); ok { - return x.SevSnpAttestation - } - return nil -} - -func (x *MachineState) GetTdxAttestation() *tdx.QuoteV4 { - if x, ok := x.GetTeeAttestation().(*MachineState_TdxAttestation); ok { - return x.TdxAttestation - } - return nil -} - -type isMachineState_TeeAttestation interface { - isMachineState_TeeAttestation() -} - -type MachineState_SevSnpAttestation struct { - SevSnpAttestation *sevsnp.Attestation `protobuf:"bytes,9,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3,oneof"` -} - -type MachineState_TdxAttestation struct { - TdxAttestation *tdx.QuoteV4 `protobuf:"bytes,10,opt,name=tdx_attestation,json=tdxAttestation,proto3,oneof"` -} - -func (*MachineState_SevSnpAttestation) isMachineState_TeeAttestation() {} - -func (*MachineState_TdxAttestation) isMachineState_TeeAttestation() {} - -// A policy dictating which values of PlatformState to allow -type PlatformPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // If PlatformState.firmware contains a scrtm_version_id, it must appear - // in this list. For use with a GCE VM, minimum_gce_firmware_version is - // often a better alternative. - AllowedScrtmVersionIds [][]byte `protobuf:"bytes,1,rep,name=allowed_scrtm_version_ids,json=allowedScrtmVersionIds,proto3" json:"allowed_scrtm_version_ids,omitempty"` - // If PlatformState.firmware contains a minimum_gce_firmware_version, it must - // be greater than or equal to this value. Currently, the max version is 1. - MinimumGceFirmwareVersion uint32 `protobuf:"varint,2,opt,name=minimum_gce_firmware_version,json=minimumGceFirmwareVersion,proto3" json:"minimum_gce_firmware_version,omitempty"` - // The PlatformState's technology must be at least as secure as - // the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). - MinimumTechnology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=minimum_technology,json=minimumTechnology,proto3,enum=attest.GCEConfidentialTechnology" json:"minimum_technology,omitempty"` -} - -func (x *PlatformPolicy) Reset() { - *x = PlatformPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PlatformPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PlatformPolicy) ProtoMessage() {} - -func (x *PlatformPolicy) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead. -func (*PlatformPolicy) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{19} -} - -func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte { - if x != nil { - return x.AllowedScrtmVersionIds - } - return nil -} - -func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32 { - if x != nil { - return x.MinimumGceFirmwareVersion - } - return 0 -} - -func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology { - if x != nil { - return x.MinimumTechnology - } - return GCEConfidentialTechnology_NONE -} - -// A policy about what parts of a RIM to compare against machine state as -// reflected in a quote or (verified) event log. Reference measurements for -// a component are expected to be addressable by the machine state's reported -// digest, or otherwise presented as cached collateral with the attestation -// itself. The method of delivery is vendor-specific. -type RIMPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // If true, the signed measurement must be available (by means that can be - // vendor-specific), and the target measurement must be among the listed - // signed measurements. If false, then only error if there is a problem - // verifying the signed measurements when they are available. - RequireSigned bool `protobuf:"varint,1,opt,name=require_signed,json=requireSigned,proto3" json:"require_signed,omitempty"` - // x.509 certificates in ASN.1 DER format. - RootCerts [][]byte `protobuf:"bytes,2,rep,name=root_certs,json=rootCerts,proto3" json:"root_certs,omitempty"` -} - -func (x *RIMPolicy) Reset() { - *x = RIMPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RIMPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RIMPolicy) ProtoMessage() {} - -func (x *RIMPolicy) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RIMPolicy.ProtoReflect.Descriptor instead. -func (*RIMPolicy) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{20} -} - -func (x *RIMPolicy) GetRequireSigned() bool { - if x != nil { - return x.RequireSigned - } - return false -} - -func (x *RIMPolicy) GetRootCerts() [][]byte { - if x != nil { - return x.RootCerts - } - return nil -} - -// Represent minimal decisions about attestation fields until necessary to -// add for policy reasons. -type SevSnpPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The policy for checking the signed reference values for the UEFI at launch. - Uefi *RIMPolicy `protobuf:"bytes,1,opt,name=uefi,proto3" json:"uefi,omitempty"` -} - -func (x *SevSnpPolicy) Reset() { - *x = SevSnpPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SevSnpPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SevSnpPolicy) ProtoMessage() {} - -func (x *SevSnpPolicy) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SevSnpPolicy.ProtoReflect.Descriptor instead. -func (*SevSnpPolicy) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{21} -} - -func (x *SevSnpPolicy) GetUefi() *RIMPolicy { - if x != nil { - return x.Uefi - } - return nil -} - -// A policy dictating which type of MachineStates to allow -type Policy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Platform *PlatformPolicy `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` - // When the attestation is on SEV-SNP, this is the policy. Unset means no - // constraints. - SevSnp *SevSnpPolicy `protobuf:"bytes,3,opt,name=sev_snp,json=sevSnp,proto3" json:"sev_snp,omitempty"` -} - -func (x *Policy) Reset() { - *x = Policy{} - if protoimpl.UnsafeEnabled { - mi := &file_attest_proto_msgTypes[22] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Policy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Policy) ProtoMessage() {} - -func (x *Policy) ProtoReflect() protoreflect.Message { - mi := &file_attest_proto_msgTypes[22] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Policy.ProtoReflect.Descriptor instead. -func (*Policy) Descriptor() ([]byte, []int) { - return file_attest_proto_rawDescGZIP(), []int{22} -} - -func (x *Policy) GetPlatform() *PlatformPolicy { - if x != nil { - return x.Platform - } - return nil -} - -func (x *Policy) GetSevSnp() *SevSnpPolicy { - if x != nil { - return x.SevSnp - } - return nil -} - -var File_attest_proto protoreflect.FileDescriptor - -var file_attest_proto_rawDesc = []byte{ - 0x0a, 0x0c, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, - 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x65, - 0x76, 0x73, 0x6e, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x74, 0x64, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x70, 0x6d, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb1, 0x01, 0x0a, 0x0f, 0x47, 0x43, 0x45, 0x49, 0x6e, - 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x7a, 0x6f, - 0x6e, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x12, 0x1d, - 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x25, 0x0a, - 0x0e, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4e, 0x75, - 0x6d, 0x62, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, - 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, - 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, - 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x22, 0xae, 0x03, 0x0a, 0x0b, 0x41, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x61, 0x6b, - 0x5f, 0x70, 0x75, 0x62, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x61, 0x6b, 0x50, 0x75, - 0x62, 0x12, 0x22, 0x0a, 0x06, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x0a, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x52, 0x06, 0x71, - 0x75, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x6c, - 0x6f, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, - 0x6f, 0x67, 0x12, 0x3c, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, - 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, - 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, - 0x12, 0x2e, 0x0a, 0x13, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x5f, 0x65, 0x76, - 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, - 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, - 0x12, 0x17, 0x0a, 0x07, 0x61, 0x6b, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x06, 0x61, 0x6b, 0x43, 0x65, 0x72, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, - 0x07, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x11, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, - 0x61, 0x74, 0x65, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x13, 0x73, 0x65, 0x76, 0x5f, - 0x73, 0x6e, 0x70, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x65, 0x76, 0x73, 0x6e, 0x70, 0x2e, 0x41, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x11, 0x73, 0x65, - 0x76, 0x53, 0x6e, 0x70, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x37, 0x0a, 0x0f, 0x74, 0x64, 0x78, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x74, 0x64, 0x78, 0x2e, 0x51, - 0x75, 0x6f, 0x74, 0x65, 0x56, 0x34, 0x48, 0x00, 0x52, 0x0e, 0x74, 0x64, 0x78, 0x41, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x11, 0x0a, 0x0f, 0x74, 0x65, 0x65, 0x5f, - 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb9, 0x02, 0x0a, 0x15, - 0x53, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x53, 0x76, 0x73, 0x6d, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, 0x13, - 0x73, 0x65, 0x76, 0x5f, 0x73, 0x6e, 0x70, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x65, 0x76, 0x73, - 0x6e, 0x70, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, - 0x73, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x76, 0x74, 0x70, 0x6d, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x5f, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, - 0x52, 0x13, 0x76, 0x74, 0x70, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x6e, - 0x69, 0x66, 0x65, 0x73, 0x74, 0x12, 0x41, 0x0a, 0x1d, 0x76, 0x74, 0x70, 0x6d, 0x5f, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x5f, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x76, 0x74, - 0x70, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, - 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2d, 0x0a, 0x12, 0x6c, 0x61, 0x75, 0x6e, - 0x63, 0x68, 0x5f, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x45, 0x6e, 0x64, 0x6f, - 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x22, 0xeb, 0x01, 0x0a, 0x0d, 0x50, 0x6c, 0x61, 0x74, - 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x10, 0x73, 0x63, 0x72, - 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0e, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x63, 0x65, 0x5f, 0x76, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x0a, 0x67, 0x63, - 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0a, 0x74, 0x65, 0x63, 0x68, - 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, - 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x3c, 0x0a, 0x0d, 0x69, - 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x49, - 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, - 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x0a, 0x0a, 0x08, 0x66, 0x69, 0x72, - 0x6d, 0x77, 0x61, 0x72, 0x65, 0x22, 0x51, 0x0a, 0x08, 0x47, 0x72, 0x75, 0x62, 0x46, 0x69, 0x6c, - 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x75, 0x6e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, - 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x4f, 0x0a, 0x09, 0x47, 0x72, 0x75, 0x62, - 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x72, - 0x75, 0x62, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1a, 0x0a, - 0x08, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x08, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x22, 0x35, 0x0a, 0x10, 0x4c, 0x69, 0x6e, - 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, - 0x0c, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x4c, 0x69, 0x6e, 0x65, - 0x22, 0xa0, 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x63, - 0x72, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, - 0x63, 0x72, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x25, 0x0a, 0x0e, 0x75, 0x6e, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x0d, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, - 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, - 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, - 0x67, 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, - 0x69, 0x65, 0x64, 0x22, 0x72, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x12, 0x12, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, - 0x00, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x3d, 0x0a, 0x0a, 0x77, 0x65, 0x6c, 0x6c, 0x5f, 0x6b, - 0x6e, 0x6f, 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x61, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x09, 0x77, 0x65, 0x6c, 0x6c, - 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x72, 0x65, 0x73, 0x65, - 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4d, 0x0a, 0x08, 0x44, 0x61, 0x74, 0x61, 0x62, - 0x61, 0x73, 0x65, 0x12, 0x29, 0x0a, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x12, 0x16, - 0x0a, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x06, - 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x22, 0xe7, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x75, 0x72, - 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, - 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x02, 0x64, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, - 0x73, 0x65, 0x52, 0x02, 0x64, 0x62, 0x12, 0x22, 0x0a, 0x03, 0x64, 0x62, 0x78, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, - 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x03, 0x64, 0x62, 0x78, 0x12, 0x2e, 0x0a, 0x09, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, - 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, - 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x20, 0x0a, 0x02, 0x70, 0x6b, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, - 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x02, 0x70, 0x6b, 0x12, 0x22, 0x0a, 0x03, - 0x6b, 0x65, 0x6b, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x03, 0x6b, 0x65, 0x6b, - 0x22, 0x93, 0x04, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, - 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x66, - 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x6d, - 0x61, 0x67, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, - 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, - 0x3c, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x2e, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, - 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x19, 0x0a, - 0x08, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, - 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x61, 0x72, 0x67, 0x73, 0x12, 0x3e, 0x0a, 0x08, - 0x65, 0x6e, 0x76, 0x5f, 0x76, 0x61, 0x72, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, - 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, - 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x07, 0x65, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x12, 0x27, 0x0a, 0x0f, - 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x5f, 0x61, 0x72, 0x67, 0x73, 0x18, - 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, - 0x6e, 0x41, 0x72, 0x67, 0x73, 0x12, 0x5d, 0x0a, 0x13, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, - 0x64, 0x65, 0x6e, 0x5f, 0x65, 0x6e, 0x76, 0x5f, 0x76, 0x61, 0x72, 0x73, 0x18, 0x08, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, - 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x76, 0x65, 0x72, 0x72, - 0x69, 0x64, 0x64, 0x65, 0x6e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x11, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x45, 0x6e, 0x76, - 0x56, 0x61, 0x72, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, - 0x1a, 0x44, 0x0a, 0x16, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x45, 0x6e, - 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x53, 0x0a, 0x0f, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, - 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x6a, - 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x12, - 0x14, 0x0a, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, - 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x22, 0x56, 0x0a, 0x15, 0x48, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x53, - 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x0e, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x65, - 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0d, - 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x88, 0x01, 0x01, - 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x65, 0x6e, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x22, 0x42, 0x0a, 0x0e, 0x47, 0x70, 0x75, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, - 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x07, 0x63, 0x63, 0x5f, 0x6d, 0x6f, 0x64, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, - 0x47, 0x50, 0x55, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x43, 0x4d, 0x6f, 0x64, 0x65, 0x52, - 0x06, 0x63, 0x63, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xd4, 0x02, 0x0a, 0x10, 0x41, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x09, - 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x12, 0x38, 0x0a, 0x0b, 0x63, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x52, 0x0a, 0x63, 0x6f, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x42, 0x0a, 0x10, - 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, - 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, - 0x0f, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x12, 0x4a, 0x0a, 0x11, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x6d, 0x6f, 0x6e, 0x69, 0x74, - 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x61, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4d, 0x6f, 0x6e, 0x69, 0x74, - 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x68, 0x65, 0x61, 0x6c, - 0x74, 0x68, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x40, 0x0a, 0x10, - 0x67, 0x70, 0x75, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, - 0x47, 0x70, 0x75, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, - 0x67, 0x70, 0x75, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x22, 0x20, - 0x0a, 0x06, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, - 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, - 0x22, 0x2e, 0x0a, 0x08, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x22, 0x0a, 0x04, - 0x61, 0x70, 0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x61, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, - 0x22, 0x93, 0x04, 0x0a, 0x0c, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x74, - 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, - 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, - 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, - 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x2c, - 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x76, 0x65, 0x6e, - 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x21, 0x0a, 0x04, - 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, - 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, - 0x25, 0x0a, 0x04, 0x67, 0x72, 0x75, 0x62, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, - 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x72, 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, - 0x52, 0x04, 0x67, 0x72, 0x75, 0x62, 0x12, 0x3b, 0x0a, 0x0c, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, - 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, - 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, - 0x6e, 0x65, 0x6c, 0x12, 0x2a, 0x0a, 0x03, 0x63, 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x63, 0x6f, 0x73, 0x12, - 0x22, 0x0a, 0x03, 0x65, 0x66, 0x69, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, - 0x65, 0x66, 0x69, 0x12, 0x45, 0x0a, 0x13, 0x73, 0x65, 0x76, 0x5f, 0x73, 0x6e, 0x70, 0x5f, 0x61, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x13, 0x2e, 0x73, 0x65, 0x76, 0x73, 0x6e, 0x70, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x11, 0x73, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x41, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x37, 0x0a, 0x0f, 0x74, 0x64, - 0x78, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x74, 0x64, 0x78, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x56, - 0x34, 0x48, 0x00, 0x52, 0x0e, 0x74, 0x64, 0x78, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x42, 0x11, 0x0a, 0x0f, 0x74, 0x65, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xde, 0x01, 0x0a, 0x0e, 0x50, 0x6c, 0x61, 0x74, 0x66, - 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x39, 0x0a, 0x19, 0x61, 0x6c, 0x6c, - 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x16, 0x61, 0x6c, - 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x53, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x49, 0x64, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, - 0x67, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x19, 0x6d, 0x69, 0x6e, 0x69, - 0x6d, 0x75, 0x6d, 0x47, 0x63, 0x65, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x56, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, - 0x5f, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, - 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x54, 0x65, 0x63, - 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x22, 0x51, 0x0a, 0x09, 0x52, 0x49, 0x4d, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x5f, - 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x72, 0x65, - 0x71, 0x75, 0x69, 0x72, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x72, - 0x6f, 0x6f, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, - 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x73, 0x22, 0x35, 0x0a, 0x0c, 0x53, 0x65, - 0x76, 0x53, 0x6e, 0x70, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, 0x04, 0x75, 0x65, - 0x66, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x2e, 0x52, 0x49, 0x4d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x04, 0x75, 0x65, 0x66, - 0x69, 0x22, 0x6b, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x32, 0x0a, 0x08, 0x70, - 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, - 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, - 0x2d, 0x0a, 0x07, 0x73, 0x65, 0x76, 0x5f, 0x73, 0x6e, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x14, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x76, 0x53, 0x6e, 0x70, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x06, 0x73, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x2a, 0x62, - 0x0a, 0x19, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, - 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, - 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, - 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, - 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x5f, 0x54, 0x44, 0x58, 0x10, - 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x53, 0x4e, 0x50, - 0x10, 0x04, 0x2a, 0x96, 0x01, 0x0a, 0x14, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, - 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, - 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, - 0x32, 0x30, 0x31, 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, - 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, - 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x4d, 0x53, 0x5f, 0x54, 0x48, - 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x4b, 0x45, 0x4b, 0x5f, 0x43, 0x41, - 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x03, 0x12, 0x12, 0x0a, 0x0e, 0x47, 0x43, 0x45, 0x5f, 0x44, - 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x5f, 0x50, 0x4b, 0x10, 0x04, 0x2a, 0x35, 0x0a, 0x0d, 0x52, - 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0a, 0x0a, 0x06, - 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x6e, 0x46, 0x61, - 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, 0x76, 0x65, 0x72, - 0x10, 0x02, 0x2a, 0x3b, 0x0a, 0x0f, 0x47, 0x50, 0x55, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, - 0x43, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, - 0x12, 0x06, 0x0a, 0x02, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x46, 0x46, 0x10, - 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x56, 0x54, 0x4f, 0x4f, 0x4c, 0x53, 0x10, 0x03, 0x42, - 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, - 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_attest_proto_rawDescOnce sync.Once - file_attest_proto_rawDescData = file_attest_proto_rawDesc -) - -func file_attest_proto_rawDescGZIP() []byte { - file_attest_proto_rawDescOnce.Do(func() { - file_attest_proto_rawDescData = protoimpl.X.CompressGZIP(file_attest_proto_rawDescData) - }) - return file_attest_proto_rawDescData -} - -var file_attest_proto_enumTypes = make([]protoimpl.EnumInfo, 4) -var file_attest_proto_msgTypes = make([]protoimpl.MessageInfo, 25) -var file_attest_proto_goTypes = []interface{}{ - (GCEConfidentialTechnology)(0), // 0: attest.GCEConfidentialTechnology - (WellKnownCertificate)(0), // 1: attest.WellKnownCertificate - (RestartPolicy)(0), // 2: attest.RestartPolicy - (GPUDeviceCCMode)(0), // 3: attest.GPUDeviceCCMode - (*GCEInstanceInfo)(nil), // 4: attest.GCEInstanceInfo - (*Attestation)(nil), // 5: attest.Attestation - (*SevSnpSvsmAttestation)(nil), // 6: attest.SevSnpSvsmAttestation - (*PlatformState)(nil), // 7: attest.PlatformState - (*GrubFile)(nil), // 8: attest.GrubFile - (*GrubState)(nil), // 9: attest.GrubState - (*LinuxKernelState)(nil), // 10: attest.LinuxKernelState - (*Event)(nil), // 11: attest.Event - (*Certificate)(nil), // 12: attest.Certificate - (*Database)(nil), // 13: attest.Database - (*SecureBootState)(nil), // 14: attest.SecureBootState - (*ContainerState)(nil), // 15: attest.ContainerState - (*SemanticVersion)(nil), // 16: attest.SemanticVersion - (*HealthMonitoringState)(nil), // 17: attest.HealthMonitoringState - (*GpuDeviceState)(nil), // 18: attest.GpuDeviceState - (*AttestedCosState)(nil), // 19: attest.AttestedCosState - (*EfiApp)(nil), // 20: attest.EfiApp - (*EfiState)(nil), // 21: attest.EfiState - (*MachineState)(nil), // 22: attest.MachineState - (*PlatformPolicy)(nil), // 23: attest.PlatformPolicy - (*RIMPolicy)(nil), // 24: attest.RIMPolicy - (*SevSnpPolicy)(nil), // 25: attest.SevSnpPolicy - (*Policy)(nil), // 26: attest.Policy - nil, // 27: attest.ContainerState.EnvVarsEntry - nil, // 28: attest.ContainerState.OverriddenEnvVarsEntry - (*tpm.Quote)(nil), // 29: tpm.Quote - (*sevsnp.Attestation)(nil), // 30: sevsnp.Attestation - (*tdx.QuoteV4)(nil), // 31: tdx.QuoteV4 - (tpm.HashAlgo)(0), // 32: tpm.HashAlgo -} -var file_attest_proto_depIdxs = []int32{ - 29, // 0: attest.Attestation.quotes:type_name -> tpm.Quote - 4, // 1: attest.Attestation.instance_info:type_name -> attest.GCEInstanceInfo - 30, // 2: attest.Attestation.sev_snp_attestation:type_name -> sevsnp.Attestation - 31, // 3: attest.Attestation.tdx_attestation:type_name -> tdx.QuoteV4 - 5, // 4: attest.SevSnpSvsmAttestation.attestation:type_name -> attest.Attestation - 30, // 5: attest.SevSnpSvsmAttestation.sev_snp_attestation:type_name -> sevsnp.Attestation - 0, // 6: attest.PlatformState.technology:type_name -> attest.GCEConfidentialTechnology - 4, // 7: attest.PlatformState.instance_info:type_name -> attest.GCEInstanceInfo - 8, // 8: attest.GrubState.files:type_name -> attest.GrubFile - 1, // 9: attest.Certificate.well_known:type_name -> attest.WellKnownCertificate - 12, // 10: attest.Database.certs:type_name -> attest.Certificate - 13, // 11: attest.SecureBootState.db:type_name -> attest.Database - 13, // 12: attest.SecureBootState.dbx:type_name -> attest.Database - 13, // 13: attest.SecureBootState.authority:type_name -> attest.Database - 13, // 14: attest.SecureBootState.pk:type_name -> attest.Database - 13, // 15: attest.SecureBootState.kek:type_name -> attest.Database - 2, // 16: attest.ContainerState.restart_policy:type_name -> attest.RestartPolicy - 27, // 17: attest.ContainerState.env_vars:type_name -> attest.ContainerState.EnvVarsEntry - 28, // 18: attest.ContainerState.overridden_env_vars:type_name -> attest.ContainerState.OverriddenEnvVarsEntry - 3, // 19: attest.GpuDeviceState.cc_mode:type_name -> attest.GPUDeviceCCMode - 15, // 20: attest.AttestedCosState.container:type_name -> attest.ContainerState - 16, // 21: attest.AttestedCosState.cos_version:type_name -> attest.SemanticVersion - 16, // 22: attest.AttestedCosState.launcher_version:type_name -> attest.SemanticVersion - 17, // 23: attest.AttestedCosState.health_monitoring:type_name -> attest.HealthMonitoringState - 18, // 24: attest.AttestedCosState.gpu_device_state:type_name -> attest.GpuDeviceState - 20, // 25: attest.EfiState.apps:type_name -> attest.EfiApp - 7, // 26: attest.MachineState.platform:type_name -> attest.PlatformState - 14, // 27: attest.MachineState.secure_boot:type_name -> attest.SecureBootState - 11, // 28: attest.MachineState.raw_events:type_name -> attest.Event - 32, // 29: attest.MachineState.hash:type_name -> tpm.HashAlgo - 9, // 30: attest.MachineState.grub:type_name -> attest.GrubState - 10, // 31: attest.MachineState.linux_kernel:type_name -> attest.LinuxKernelState - 19, // 32: attest.MachineState.cos:type_name -> attest.AttestedCosState - 21, // 33: attest.MachineState.efi:type_name -> attest.EfiState - 30, // 34: attest.MachineState.sev_snp_attestation:type_name -> sevsnp.Attestation - 31, // 35: attest.MachineState.tdx_attestation:type_name -> tdx.QuoteV4 - 0, // 36: attest.PlatformPolicy.minimum_technology:type_name -> attest.GCEConfidentialTechnology - 24, // 37: attest.SevSnpPolicy.uefi:type_name -> attest.RIMPolicy - 23, // 38: attest.Policy.platform:type_name -> attest.PlatformPolicy - 25, // 39: attest.Policy.sev_snp:type_name -> attest.SevSnpPolicy - 40, // [40:40] is the sub-list for method output_type - 40, // [40:40] is the sub-list for method input_type - 40, // [40:40] is the sub-list for extension type_name - 40, // [40:40] is the sub-list for extension extendee - 0, // [0:40] is the sub-list for field type_name -} - -func init() { file_attest_proto_init() } -func file_attest_proto_init() { - if File_attest_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_attest_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GCEInstanceInfo); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Attestation); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SevSnpSvsmAttestation); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PlatformState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GrubFile); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GrubState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LinuxKernelState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Event); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Certificate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Database); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SecureBootState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ContainerState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SemanticVersion); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HealthMonitoringState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GpuDeviceState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AttestedCosState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EfiApp); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EfiState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MachineState); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PlatformPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RIMPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SevSnpPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_attest_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Policy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_attest_proto_msgTypes[1].OneofWrappers = []interface{}{ - (*Attestation_SevSnpAttestation)(nil), - (*Attestation_TdxAttestation)(nil), - } - file_attest_proto_msgTypes[3].OneofWrappers = []interface{}{ - (*PlatformState_ScrtmVersionId)(nil), - (*PlatformState_GceVersion)(nil), - } - file_attest_proto_msgTypes[8].OneofWrappers = []interface{}{ - (*Certificate_Der)(nil), - (*Certificate_WellKnown)(nil), - } - file_attest_proto_msgTypes[13].OneofWrappers = []interface{}{} - file_attest_proto_msgTypes[18].OneofWrappers = []interface{}{ - (*MachineState_SevSnpAttestation)(nil), - (*MachineState_TdxAttestation)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_attest_proto_rawDesc, - NumEnums: 4, - NumMessages: 25, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_attest_proto_goTypes, - DependencyIndexes: file_attest_proto_depIdxs, - EnumInfos: file_attest_proto_enumTypes, - MessageInfos: file_attest_proto_msgTypes, - }.Build() - File_attest_proto = out.File - file_attest_proto_rawDesc = nil - file_attest_proto_goTypes = nil - file_attest_proto_depIdxs = nil -} diff --git a/vendor/github.com/google/go-tpm-tools/proto/doc.go b/vendor/github.com/google/go-tpm-tools/proto/doc.go deleted file mode 100644 index 01fe4bd4a..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/doc.go +++ /dev/null @@ -1,31 +0,0 @@ -// Package proto contains protocol buffers that are exchanged between the client -// and server. -// -// # Generating Protocol Buffer Code -// -// Anytime the Protocol Buffer definitions change, the generated Go code must be -// regenerated. This can be done with "go generate". Just run: -// -// go generate ./... -// -// Upstream documentation: -// https://developers.google.com/protocol-buffers/docs/reference/go-generated -// -// # Code Generation Dependencies -// -// To generate the Go code, your system must have "protoc" installed. See: -// https://github.com/protocolbuffers/protobuf#protocol-compiler-installation -// -// The "protoc-gen-go" tool must also be installed. To install it, run: -// -// go install google.golang.org/protobuf/cmd/protoc-gen-go -// -// If you see a 'protoc-gen-go: program not found or is not executable' error -// for the 'go generate' command, run the following: -// -// echo 'export PATH=$PATH:$GOPATH/bin' >> $HOME/.bashrc -// source $HOME/.bashrc -package proto - -//go:generate ./gen_attest.sh -//go:generate protoc --go_out=. --go_opt=module=github.com/google/go-tpm-tools/proto tpm.proto diff --git a/vendor/github.com/google/go-tpm-tools/proto/gen_attest.sh b/vendor/github.com/google/go-tpm-tools/proto/gen_attest.sh deleted file mode 100755 index 23f3b22a2..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/gen_attest.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -protoc -I. -I`go list -m -f "{{.Dir}}" github.com/google/go-sev-guest` -I`go list -m -f "{{.Dir}}" github.com/google/go-tdx-guest` --go_out=. --go_opt=module=github.com/google/go-tpm-tools/proto --experimental_allow_proto3_optional attest.proto diff --git a/vendor/github.com/google/go-tpm-tools/proto/tpm.proto b/vendor/github.com/google/go-tpm-tools/proto/tpm.proto deleted file mode 100644 index 725f0a30b..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/tpm.proto +++ /dev/null @@ -1,64 +0,0 @@ -syntax = "proto3"; - -package tpm; -option go_package = "github.com/google/go-tpm-tools/proto/tpm"; - -// Enum values come from TCG Algorithm Registry - v1.27 - Table 3 -enum ObjectType { - OBJECT_INVALID = 0x0000; - RSA = 0x0001; - ECC = 0x0023; -} - -enum HashAlgo { - HASH_INVALID = 0x0000; - SHA1 = 0x0004; - SHA256 = 0x000B; - SHA384 = 0x000C; - SHA512 = 0x000D; -} - -// SealedBytes stores the result of a TPM2_Seal. The private portion (priv) has -// already been encrypted and is no longer sensitive. The hash algorithm is -// assumed to be SHA256. -message SealedBytes { - bytes priv = 1; - bytes pub = 2; - repeated uint32 pcrs = 3; - HashAlgo hash = 4; - ObjectType srk = 5; - PCRs certified_pcrs = 6; - bytes creation_data = 7; - bytes ticket = 8; -} - -message ImportBlob { - bytes duplicate = 1; - bytes encrypted_seed = 2; - bytes public_area = 3; - PCRs pcrs = 4; -} - -message Quote { - // TPM2 quote, encoded as a TPMS_ATTEST - bytes quote = 1; - // TPM2 signature, encoded as a TPMT_SIGNATURE - bytes raw_sig = 2; - // PCR values of the bank being quoted - PCRs pcrs = 3; -} - -message PCRs { - HashAlgo hash = 1; - map pcrs = 2; -} - -// Contains information corresponding an object certified with TPM2_Certify. -message CertifiedBlob { - // Public area of certified object, encoded as a TPMT_PUBLIC - bytes pub_area = 1; - // TPM2 certification, encoded as a TPMS_ATTEST - bytes certify_info = 2; - // TPM2 signature, encoded as a TPMT_Signature - bytes raw_sig = 3; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go b/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go deleted file mode 100644 index 681c1d384..000000000 --- a/vendor/github.com/google/go-tpm-tools/proto/tpm/tpm.pb.go +++ /dev/null @@ -1,682 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 -// source: tpm.proto - -package tpm - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Enum values come from TCG Algorithm Registry - v1.27 - Table 3 -type ObjectType int32 - -const ( - ObjectType_OBJECT_INVALID ObjectType = 0 - ObjectType_RSA ObjectType = 1 - ObjectType_ECC ObjectType = 35 -) - -// Enum value maps for ObjectType. -var ( - ObjectType_name = map[int32]string{ - 0: "OBJECT_INVALID", - 1: "RSA", - 35: "ECC", - } - ObjectType_value = map[string]int32{ - "OBJECT_INVALID": 0, - "RSA": 1, - "ECC": 35, - } -) - -func (x ObjectType) Enum() *ObjectType { - p := new(ObjectType) - *p = x - return p -} - -func (x ObjectType) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ObjectType) Descriptor() protoreflect.EnumDescriptor { - return file_tpm_proto_enumTypes[0].Descriptor() -} - -func (ObjectType) Type() protoreflect.EnumType { - return &file_tpm_proto_enumTypes[0] -} - -func (x ObjectType) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ObjectType.Descriptor instead. -func (ObjectType) EnumDescriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{0} -} - -type HashAlgo int32 - -const ( - HashAlgo_HASH_INVALID HashAlgo = 0 - HashAlgo_SHA1 HashAlgo = 4 - HashAlgo_SHA256 HashAlgo = 11 - HashAlgo_SHA384 HashAlgo = 12 - HashAlgo_SHA512 HashAlgo = 13 -) - -// Enum value maps for HashAlgo. -var ( - HashAlgo_name = map[int32]string{ - 0: "HASH_INVALID", - 4: "SHA1", - 11: "SHA256", - 12: "SHA384", - 13: "SHA512", - } - HashAlgo_value = map[string]int32{ - "HASH_INVALID": 0, - "SHA1": 4, - "SHA256": 11, - "SHA384": 12, - "SHA512": 13, - } -) - -func (x HashAlgo) Enum() *HashAlgo { - p := new(HashAlgo) - *p = x - return p -} - -func (x HashAlgo) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (HashAlgo) Descriptor() protoreflect.EnumDescriptor { - return file_tpm_proto_enumTypes[1].Descriptor() -} - -func (HashAlgo) Type() protoreflect.EnumType { - return &file_tpm_proto_enumTypes[1] -} - -func (x HashAlgo) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use HashAlgo.Descriptor instead. -func (HashAlgo) EnumDescriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{1} -} - -// SealedBytes stores the result of a TPM2_Seal. The private portion (priv) has -// already been encrypted and is no longer sensitive. The hash algorithm is -// assumed to be SHA256. -type SealedBytes struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Priv []byte `protobuf:"bytes,1,opt,name=priv,proto3" json:"priv,omitempty"` - Pub []byte `protobuf:"bytes,2,opt,name=pub,proto3" json:"pub,omitempty"` - Pcrs []uint32 `protobuf:"varint,3,rep,packed,name=pcrs,proto3" json:"pcrs,omitempty"` - Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` - Srk ObjectType `protobuf:"varint,5,opt,name=srk,proto3,enum=tpm.ObjectType" json:"srk,omitempty"` - CertifiedPcrs *PCRs `protobuf:"bytes,6,opt,name=certified_pcrs,json=certifiedPcrs,proto3" json:"certified_pcrs,omitempty"` - CreationData []byte `protobuf:"bytes,7,opt,name=creation_data,json=creationData,proto3" json:"creation_data,omitempty"` - Ticket []byte `protobuf:"bytes,8,opt,name=ticket,proto3" json:"ticket,omitempty"` -} - -func (x *SealedBytes) Reset() { - *x = SealedBytes{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SealedBytes) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SealedBytes) ProtoMessage() {} - -func (x *SealedBytes) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SealedBytes.ProtoReflect.Descriptor instead. -func (*SealedBytes) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{0} -} - -func (x *SealedBytes) GetPriv() []byte { - if x != nil { - return x.Priv - } - return nil -} - -func (x *SealedBytes) GetPub() []byte { - if x != nil { - return x.Pub - } - return nil -} - -func (x *SealedBytes) GetPcrs() []uint32 { - if x != nil { - return x.Pcrs - } - return nil -} - -func (x *SealedBytes) GetHash() HashAlgo { - if x != nil { - return x.Hash - } - return HashAlgo_HASH_INVALID -} - -func (x *SealedBytes) GetSrk() ObjectType { - if x != nil { - return x.Srk - } - return ObjectType_OBJECT_INVALID -} - -func (x *SealedBytes) GetCertifiedPcrs() *PCRs { - if x != nil { - return x.CertifiedPcrs - } - return nil -} - -func (x *SealedBytes) GetCreationData() []byte { - if x != nil { - return x.CreationData - } - return nil -} - -func (x *SealedBytes) GetTicket() []byte { - if x != nil { - return x.Ticket - } - return nil -} - -type ImportBlob struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Duplicate []byte `protobuf:"bytes,1,opt,name=duplicate,proto3" json:"duplicate,omitempty"` - EncryptedSeed []byte `protobuf:"bytes,2,opt,name=encrypted_seed,json=encryptedSeed,proto3" json:"encrypted_seed,omitempty"` - PublicArea []byte `protobuf:"bytes,3,opt,name=public_area,json=publicArea,proto3" json:"public_area,omitempty"` - Pcrs *PCRs `protobuf:"bytes,4,opt,name=pcrs,proto3" json:"pcrs,omitempty"` -} - -func (x *ImportBlob) Reset() { - *x = ImportBlob{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ImportBlob) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ImportBlob) ProtoMessage() {} - -func (x *ImportBlob) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ImportBlob.ProtoReflect.Descriptor instead. -func (*ImportBlob) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{1} -} - -func (x *ImportBlob) GetDuplicate() []byte { - if x != nil { - return x.Duplicate - } - return nil -} - -func (x *ImportBlob) GetEncryptedSeed() []byte { - if x != nil { - return x.EncryptedSeed - } - return nil -} - -func (x *ImportBlob) GetPublicArea() []byte { - if x != nil { - return x.PublicArea - } - return nil -} - -func (x *ImportBlob) GetPcrs() *PCRs { - if x != nil { - return x.Pcrs - } - return nil -} - -type Quote struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // TPM2 quote, encoded as a TPMS_ATTEST - Quote []byte `protobuf:"bytes,1,opt,name=quote,proto3" json:"quote,omitempty"` - // TPM2 signature, encoded as a TPMT_SIGNATURE - RawSig []byte `protobuf:"bytes,2,opt,name=raw_sig,json=rawSig,proto3" json:"raw_sig,omitempty"` - // PCR values of the bank being quoted - Pcrs *PCRs `protobuf:"bytes,3,opt,name=pcrs,proto3" json:"pcrs,omitempty"` -} - -func (x *Quote) Reset() { - *x = Quote{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Quote) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Quote) ProtoMessage() {} - -func (x *Quote) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Quote.ProtoReflect.Descriptor instead. -func (*Quote) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{2} -} - -func (x *Quote) GetQuote() []byte { - if x != nil { - return x.Quote - } - return nil -} - -func (x *Quote) GetRawSig() []byte { - if x != nil { - return x.RawSig - } - return nil -} - -func (x *Quote) GetPcrs() *PCRs { - if x != nil { - return x.Pcrs - } - return nil -} - -type PCRs struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Hash HashAlgo `protobuf:"varint,1,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` - Pcrs map[uint32][]byte `protobuf:"bytes,2,rep,name=pcrs,proto3" json:"pcrs,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *PCRs) Reset() { - *x = PCRs{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PCRs) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PCRs) ProtoMessage() {} - -func (x *PCRs) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PCRs.ProtoReflect.Descriptor instead. -func (*PCRs) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{3} -} - -func (x *PCRs) GetHash() HashAlgo { - if x != nil { - return x.Hash - } - return HashAlgo_HASH_INVALID -} - -func (x *PCRs) GetPcrs() map[uint32][]byte { - if x != nil { - return x.Pcrs - } - return nil -} - -// Contains information corresponding an object certified with TPM2_Certify. -type CertifiedBlob struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Public area of certified object, encoded as a TPMT_PUBLIC - PubArea []byte `protobuf:"bytes,1,opt,name=pub_area,json=pubArea,proto3" json:"pub_area,omitempty"` - // TPM2 certification, encoded as a TPMS_ATTEST - CertifyInfo []byte `protobuf:"bytes,2,opt,name=certify_info,json=certifyInfo,proto3" json:"certify_info,omitempty"` - // TPM2 signature, encoded as a TPMT_Signature - RawSig []byte `protobuf:"bytes,3,opt,name=raw_sig,json=rawSig,proto3" json:"raw_sig,omitempty"` -} - -func (x *CertifiedBlob) Reset() { - *x = CertifiedBlob{} - if protoimpl.UnsafeEnabled { - mi := &file_tpm_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CertifiedBlob) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CertifiedBlob) ProtoMessage() {} - -func (x *CertifiedBlob) ProtoReflect() protoreflect.Message { - mi := &file_tpm_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CertifiedBlob.ProtoReflect.Descriptor instead. -func (*CertifiedBlob) Descriptor() ([]byte, []int) { - return file_tpm_proto_rawDescGZIP(), []int{4} -} - -func (x *CertifiedBlob) GetPubArea() []byte { - if x != nil { - return x.PubArea - } - return nil -} - -func (x *CertifiedBlob) GetCertifyInfo() []byte { - if x != nil { - return x.CertifyInfo - } - return nil -} - -func (x *CertifiedBlob) GetRawSig() []byte { - if x != nil { - return x.RawSig - } - return nil -} - -var File_tpm_proto protoreflect.FileDescriptor - -var file_tpm_proto_rawDesc = []byte{ - 0x0a, 0x09, 0x74, 0x70, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x74, 0x70, 0x6d, - 0x22, 0xfc, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x61, 0x6c, 0x65, 0x64, 0x42, 0x79, 0x74, 0x65, 0x73, - 0x12, 0x12, 0x0a, 0x04, 0x70, 0x72, 0x69, 0x76, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, - 0x70, 0x72, 0x69, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x75, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x03, 0x70, 0x75, 0x62, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, - 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, - 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x21, 0x0a, - 0x03, 0x73, 0x72, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x74, 0x70, 0x6d, - 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x03, 0x73, 0x72, 0x6b, - 0x12, 0x30, 0x0a, 0x0e, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x70, 0x63, - 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, - 0x43, 0x52, 0x73, 0x52, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x50, 0x63, - 0x72, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, - 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x69, 0x63, 0x6b, 0x65, - 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x74, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x22, - 0x91, 0x01, 0x0a, 0x0a, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x1c, - 0x0a, 0x09, 0x64, 0x75, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x09, 0x64, 0x75, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x25, 0x0a, 0x0e, - 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x65, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x53, - 0x65, 0x65, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x61, 0x72, - 0x65, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x41, 0x72, 0x65, 0x61, 0x12, 0x1d, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x52, 0x04, 0x70, - 0x63, 0x72, 0x73, 0x22, 0x55, 0x0a, 0x05, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, - 0x71, 0x75, 0x6f, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x71, 0x75, 0x6f, - 0x74, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x61, 0x77, 0x5f, 0x73, 0x69, 0x67, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x61, 0x77, 0x53, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x04, 0x70, - 0x63, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, - 0x50, 0x43, 0x52, 0x73, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x22, 0x8b, 0x01, 0x0a, 0x04, 0x50, - 0x43, 0x52, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, - 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x27, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x2e, - 0x50, 0x63, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x1a, - 0x37, 0x0a, 0x09, 0x50, 0x63, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x66, 0x0a, 0x0d, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x65, 0x64, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x75, 0x62, - 0x5f, 0x61, 0x72, 0x65, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x70, 0x75, 0x62, - 0x41, 0x72, 0x65, 0x61, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x79, 0x5f, - 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x63, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x61, 0x77, 0x5f, 0x73, - 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x61, 0x77, 0x53, 0x69, 0x67, - 0x2a, 0x32, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, - 0x0a, 0x0e, 0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, - 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x52, 0x53, 0x41, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x45, - 0x43, 0x43, 0x10, 0x23, 0x2a, 0x4a, 0x0a, 0x08, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, - 0x12, 0x10, 0x0a, 0x0c, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, - 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x48, 0x41, 0x31, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, - 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, - 0x38, 0x34, 0x10, 0x0c, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x0d, - 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, - 0x6c, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, 0x70, 0x6d, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_tpm_proto_rawDescOnce sync.Once - file_tpm_proto_rawDescData = file_tpm_proto_rawDesc -) - -func file_tpm_proto_rawDescGZIP() []byte { - file_tpm_proto_rawDescOnce.Do(func() { - file_tpm_proto_rawDescData = protoimpl.X.CompressGZIP(file_tpm_proto_rawDescData) - }) - return file_tpm_proto_rawDescData -} - -var file_tpm_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_tpm_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_tpm_proto_goTypes = []interface{}{ - (ObjectType)(0), // 0: tpm.ObjectType - (HashAlgo)(0), // 1: tpm.HashAlgo - (*SealedBytes)(nil), // 2: tpm.SealedBytes - (*ImportBlob)(nil), // 3: tpm.ImportBlob - (*Quote)(nil), // 4: tpm.Quote - (*PCRs)(nil), // 5: tpm.PCRs - (*CertifiedBlob)(nil), // 6: tpm.CertifiedBlob - nil, // 7: tpm.PCRs.PcrsEntry -} -var file_tpm_proto_depIdxs = []int32{ - 1, // 0: tpm.SealedBytes.hash:type_name -> tpm.HashAlgo - 0, // 1: tpm.SealedBytes.srk:type_name -> tpm.ObjectType - 5, // 2: tpm.SealedBytes.certified_pcrs:type_name -> tpm.PCRs - 5, // 3: tpm.ImportBlob.pcrs:type_name -> tpm.PCRs - 5, // 4: tpm.Quote.pcrs:type_name -> tpm.PCRs - 1, // 5: tpm.PCRs.hash:type_name -> tpm.HashAlgo - 7, // 6: tpm.PCRs.pcrs:type_name -> tpm.PCRs.PcrsEntry - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name -} - -func init() { file_tpm_proto_init() } -func file_tpm_proto_init() { - if File_tpm_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_tpm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SealedBytes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tpm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ImportBlob); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tpm_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Quote); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tpm_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PCRs); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_tpm_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CertifiedBlob); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_tpm_proto_rawDesc, - NumEnums: 2, - NumMessages: 6, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_tpm_proto_goTypes, - DependencyIndexes: file_tpm_proto_depIdxs, - EnumInfos: file_tpm_proto_enumTypes, - MessageInfos: file_tpm_proto_msgTypes, - }.Build() - File_tpm_proto = out.File - file_tpm_proto_rawDesc = nil - file_tpm_proto_goTypes = nil - file_tpm_proto_depIdxs = nil -} diff --git a/vendor/github.com/google/go-tpm-tools/run_cloudbuild.sh b/vendor/github.com/google/go-tpm-tools/run_cloudbuild.sh deleted file mode 100755 index 74e2023b5..000000000 --- a/vendor/github.com/google/go-tpm-tools/run_cloudbuild.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Run the script: ./run_cloudbuild.sh -set -euxo pipefail - -# Append a timestamp, as there is a check in finish-image-build that checks if -# the image already exists. -IMAGE_SUFFIX="$USER-test-image-`date +%s`" - -DIR=$(dirname -- "${BASH_SOURCE[0]}") -echo "Running Cloud Build on directory $DIR" - -# If you get the error: -# googleapi: Error 403: Required 'compute.images.get' permission for 'foo', forbidden -# -# Ensure you grant Cloud Build access to Compute Images: -# https://pantheon.corp.google.com/compute/images?referrer=search&tab=exports&project=$PROJECT_ID -gcloud beta builds submit --config=${DIR}/cloudbuild.yaml \ - --substitutions=_OUTPUT_IMAGE_SUFFIX="${IMAGE_SUFFIX}" - -echo "Image creation successful." -echo "Create a VM using the debug image confidential-space-debug-${IMAGE_SUFFIX}" -echo "gcloud compute instances create confidential-space-test --image=confidential-space-debug-${IMAGE_SUFFIX} --metadata ..." -echo "Or use the hardened image confidential-space-hardened-${IMAGE_SUFFIX}" diff --git a/vendor/github.com/google/go-tpm-tools/server/ca-certs/gcp_ek_ak_ca_intermediate_v3.crt b/vendor/github.com/google/go-tpm-tools/server/ca-certs/gcp_ek_ak_ca_intermediate_v3.crt deleted file mode 100644 index 64b8484a01f2d1140cd9e4363540985c8b85e316..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1830 zcmchX`#02S9LMK7w~V{SEx9GDRAU}r%n*{wWkM@86;XXNGYoUl7(|HK$cEImiK51m zl|^kN*>t0=blD`gilUvyB~os=&FsvcZBKte&o9sUyq@=Y&ig#){eFOGfdvrZRK*xH zghms?BKvFx?al@43FnG4E+#N`1-k(aJYhw;clwkD1gYUrAlX(85bzi}7EeUex7ZSa zj&e{Ts;);kY!+X@VdH&E>;Clx8JUg0tg=5~?~o`TxK-xoWuSLU zmTZN8V6`*9F_70TiLbr@`-mbAKdlEI&gF9>Sg;_TJIp*4z8jNNQs#x6N%%zUC;sb+Jp!63*;8 z!(dk9s^+AI(LldEm8`C~y7-=x!uU$MWka74!`({zs;4ixT4+qmHPr4H9x|n5Gmgl* zbE|3@1@p&-s?&1yd}NsAPoE`lAN4n6Qy=I`#Z--fwC3{d&Y75Q|NOZ@*vqA%VqBc- zHG%Pu-1%lEpH}oVSTm728|Y){_|cU-T|Q4pqoaN}ITb_GOp42)1(GUaIE2MdLR3bq zV|*mFw>WVb$0~jG&R#VOG4HJo@R;s-+|u5xd;MNMN=|9L*VB6O#A>&a_xF~) zD|OiQM(q*0h_yB85XYeuKD1=*5#QX`^+&@RR{HGQ{GzRr zfZq${;@gQOO_yGuZf+|hEF!GZG5$8~Z6v|h`na#UjDB z420z905eG}dzJ&!5iqD!s-sP`kS{>Om^NYmRvn3AN85z*xny7m?`1hL?3@^T?O6z* zAP9p=4n=H21wxQ2QaU!n9suzmP8=hSPT%(pJqS1o6P&LbtN8B}jfGGrstSqz9;Qp0 zblH#TMNrAP8k=`_W++!Rfov(a5WS%h?vL3n=>iLO2lkGLA;JR({ckC)4e z7f!1)4mL?9Co9O$Hm<13EZls@vOTj#&=qY1)!|<}6dkE~*#DsqktW=<*xg!p`O=-5 zV$Y`i%Qqa3`D^V9$!Drb<<#dS_j+$cd~cn>j^mA!hjS}O+)%NF~>O8l4{2X<1 zgq<=lw|wAiteIyH)`0m*I(eszzUF9MC)sr$r$2Ty*^(j+e04r4TUC9=e=z^8b5+&+ z#k{j^aRX{xZjJ%U%7@i-Vj|6G)0GIlD;6F$u1*m%7qrw8pgn_K6@zs>Z?cbj$j00U zCYxuqIx{b=^uAv9(lzlqYMZ_H$=0Oo#oj|9vHC?%&VRhxvBenQ|B{ijckb6@!8ya0 zXM3D`c8yJOEwF@ys=|1^8J$-()y09y^xq23UMVO@05W%+QQ5HD!$W86jU`4mBysWb zs--&3R))pMZ0UGvcIQxiEhXq~WKsC!)R>lPA!22x-7a@E88O_!xFL%6L$=4>6_om! sRXj9kyC1@d&gye%r0Cq@Vt9E6Da1c7-Y@GZIV{s2t#8lIiP!1)2a+1uZ~y=R diff --git a/vendor/github.com/google/go-tpm-tools/server/ca-certs/gcp_ek_ak_ca_root.crt b/vendor/github.com/google/go-tpm-tools/server/ca-certs/gcp_ek_ak_ca_root.crt deleted file mode 100644 index 24539420736b5e6981e1afbd21cbe1f90ced6cda..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1541 zcmXqLVq-LDVt%=RnTe5!NrYip?2@04H9j|(9$s$iU*xQPU-XUvFB_*;n@8JsUPeZ4 zRtAGQLv903Hs(+kHesgFU_)U8K@f*Sn9DgaCo?U-C@(Y7P|QFCB*-qz>ziMiSCW{S zrx2EzS`JgpCCufXpP!zSs^H_}Y$$3V3{uQ3%mWp4&dD!LftkT9%62AkJ%KWMFP!VPIflU~Cd4!Ea;;6)-h5H!_YIa2GZ)DIo_MBP#=Q6B9p!K@$@f zQxg*-!(7#`0V_^S^Y-ej(bn)?x@Gqg$#%>J;`fC0v@_|m``nAzHrMvHYKas?z5M1 zrHjbTc>g5i(8Y5nw=y>VuDIM<<<6+EB-v|K%CkJZazCwIdGjv`B;QlCw|(Edr|oLX zj#{M)dUIOZ96s2VHY(KczlzfOx76=+cva$(?QLx@Q$OT?PD)V}uZU}Qd#5P(C3E#> z{}bJeTpvRY2c}G9GiKubcWY0Q%J<)el8Q%GtzOt5Ww9=t_pH*8odZ>ujYpl9+aRcO+Jx5ErbAc`F_D(wudQWAw$My>)Z8 zmhHFIedu=7A+yB#)DaVJquis8FaNAdskc>$6FiiYwd{)huiduio?H|^`sLU!#?LqF zsunD53i#0&wEm*9tLoMR-?=Z>yzu#F&BV;ez__^7pxA&9nDAx!85#exumCe4n}Gm` zugbz{z|O{+-pIfCW?;j-ssFji zT^|E^khC(3gn?KCb_J-p8JI8`8K!=`xaUDR$1HBY*a+zl`aM~alP3F|niu}ee5-=O zgxANueP5{lO-N+wF^T^#-wAx_4>CA#Pv?XBfdjR1fq7Rb_lJBZ37wwH_P%WKg*-NMX7!KLo}}b1u|NJk z@PP2C6W@#~u9a*N`>E2q^h;B;`j(?1aXKr~pCs)CudWDYbCz>u+`jcTx2(vYnhC7|%&||Cu5HpczwB4^H@oNj`3EA)O>FkJ z{y06G>rknM@nyH;?B7dNy?c%r@g?#wsce3Jc%e|4lZxM}zGFe%|6gxhDpLE6Wzta9IG4j_W3{?t?{-?@hWcS621p54G znKvtP`Pr^6ZrhBH*S0QAyZz~PZ0-EL_DRM+O}M(xGTCdNyZCXVqXx5&=UnAZlV5RP zzQpz&dHnwO_PBQo9X9)RUT|;dJzkWt`*PzM!~5S)&NF-Pc(r%!rfJisTx*{o6Lng6 uMMQl6+bsu$^Ad#=mY1!y(An}!*XySq`;@1>n`YR`FI~MOAnR{ca3cUV#dh@o diff --git a/vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt b/vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_intermediate_2.crt deleted file mode 100644 index ef9699dfe1ac4854b039a9fd03f5a42fedace712..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1560 zcmXqLViPfFV*ay$nTe5!NkAhpue`I)FKz$5<3B$#3$HQYW#iOp^Jx3d%gD&h%3#pA z&yd@IlZ`o)g-w_#G}utsKoG>?5ax1D%*jm4FUreIG!!!s0SU4T^ZMqO=9MI7<|%|_ zrk2ALa|v^~=jW&Aq$>FMI2-aA@PHI^3$r@s!x#u`L}_{=;ZB?Y`5C)FNF2T_XcS3ta;fT?4ZaLjx;Q3o9ctT?2C~0|NzbD?=Rx zL#u#t0|R4^Vz)?t6DtENLkj~1abBP%10y3NAYot;CBbiGh$3LnxRcgij4%j;c+nr5 z7mBO4;Ak8Y;F#nK@m&+65^{_&vNA9?G4eAQ zG%<29H8C!7J-luv)2FG&F5wA8rHNQPg87>@*BI~fd;Ms=ZJ5CQ%=J;8!TL>=pKH}0ykuZoes{~?Umt}# zuI>w|4qLyAIliKlpOcNt-kL(afXKV`^9y6_b2>pk#iO- zjEI}3V7O;@ga71P^)pLP)GgsDf4XvQqVBcn`3|9ii_{y;GYW;gxWCWO5YxW(`u2fd zQyaNu4f%2FqC_V-u4%s%dYg%vk%4h>6C*D$L^uujfUzLU&&c?ng$0=U*$f0gd{q`s z19mpn^hQ<=Mgt*`h%iV6hXEUqVq#=4kOhhHv52vV2%jz76|spcaIpqo>dtBNcFXb# zPBxGSNh`BR7>G59q<(qwY}L2FQI|UAtOySM&d|s4eW`&j8;3R6^SlxH{CC^Yomn z@j`|=1-DN6EmO(ZyiP@B?ty1>(`^1+Ran=0N?BEq?LgUvOBPp_3yA4YDr|Andbp%x zcl{;ljm(~pIX3Z~U}rX8CACbRW$~^<`jcf_`16bB)8T;M!(mu4#lkekvCiJ#fQ4;$?r?@CP?K73 z-=-h$etEvU7@Z|YBZyD$9l#(b*TK8N! u=}S*;wpdiktfsg;rZ?h2ula5VuABVo;xqGvloaH~r)I~O8OA4r zWa2aOi%a5*^7Bh{i!;;nQj2sAbd3xQEp!b`bPdcx3=OPIEv$^pbPdd{3=9;!tqgS( z46Opn4GfGuirpgpO{@&83@r>4#CeSj4Gj!|gb@%&N$?wi*a!iG#+|hGVuV2$#Ebse zyol^OBST$716@O-5Can{BO@zALuB6>TjeE{CAvqs`6QPnLwwi7sDvD2jI0dIO^o~u z22G4yOihf84DXHaDvHXTWBal{_-yy#9Vrps@|RxMuB*PBvGA;R$f93ojJJG9ko5cS z_Py6#)V0xX)st(9|16JPm#mb(@b9|eJ3pbmDi`Z)QSqhM`M2CX6gPjvBu+lxYYBOk zKl%zTbnY=?W!5|U`QIm#nzg4KyeA(!G-vg5C*_6-C6DtJ*Sz}L=6-B*@`T&vs|ppH z<|*aQD^!_rC#mOw)*ddAtimw8ESH8`-78gJv?_)gwd@MJ(Ixv~$Fpx=Ty7eB^&H`= zIP`9r?Yy!^?zRsVCnS8?SM}DP{yokAY}5HbgLfzF?cEEM(!#C8LY|yi8?~?aN^`?c zPnnvAQ|#+!&P!kS;7+x=@RiR@%!~|-i<=mEfg!?azz2*4S$;;w|12!P)X!!h0OG5% za2l|)v8Fe&axfYQfkcEsDmV<-fD{uWgMlnajE_Z(MI@c$NV(wOtL-h9b!4-Br#C0G zs5ThLgQS&NBn-qFL{h&zdA91?->6F+b5;b0erM?8_`cM@myJW4jggg=osp5n(ZJro z7REPVYBS6zDJihh*DuJ<)Jq5E5q(I?&&(@HO)ttUsnmxi7*H;VH`GfmDlu>Z*(c9p zZD46&zQA;WG3jRHASW4MCTDH}dh^cr4Y&SpQP5lTckTauYd!X=KJ&iRCM~|}TkKtv zEBu}*h3;2541zRlo$kH1H`J`;2$V^QHnn;Ce3D%EnQ0Eq8dHi6^X?B#u#u9lG!Pdy zzPpVr!_(;6_4M7(&CRB13cgX8$~m>ReesKfaz{DtFmjyOb?ok*xVb?G_MSVm<=>7k zhf^Eotlx7!P4dG8`R3W@gO}(ut$O;R^IS>E-6{P=IiJ;z2xg_MalUx>p1Lzvhtw-c z$74UHv&YXcoVZu)YoP0tj^vc5HJtCenT(fiH#J}NNGD;*>bP~QLs?&5TsQrW*$KwO z-{*jU2Cm@V&ky?*Lsvus+)y8h>Tkv&Uq98X`BdOt1Nd7p=6ANQx*b+;NW9y>6J z{ms|7mMGb6_1o*&G-p4v{Jx}rq0ue(MJM$iC2Xy4c@wdC_k!44`reCzd`VN+>oZ{BsaD%rQ2KQ!Lrn9z{tzwj;q^u$za diff --git a/vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_root_1.cer b/vendor/github.com/google/go-tpm-tools/server/ca-certs/tpm_ek_root_1.cer deleted file mode 100644 index ccbc6ba7bca8ce8da7cfeeab7b8def0b0fbbdb6a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1667 zcmdUv`9IWo9LMK&4;f*1$&{;T%;&2yM5dJ^!mv3;qh-ZlTq9;om=5E9Xd)IJt0?V5 zhg-SJk&3olxuQrLi3t&DYOLAE?&Gohc|p?In8jR-k~9F-WmbSyh0;<3WGyv1u7CKg;Q{5aU$4$%m}*OOpjVS_8y$1Dl^r z_#V%3JgCjBcM>GFZnC1;k2N+72OeI0>3=(~pSeD;8Od8DQW{=pPZuh=yN=KbGTD05 zRKgcElDNqLU;34g5ym~Td9Wuv+P0L`j7p~y?qzI~DH`o{{+g;(84v54X&OHp>{^R7 zx;0A$l$W)=&4`7vGS`ZHl;@O}hl=vl&@tN@>+XaMYe;BoiFBB^40hG$Txm*8yXRH$ z)+|$5zlC@44QuyL!)557HIk55;=x5^z5mTGdCn&^GQc|!#TIRDE2d< ziafF+GuCv!cqd`Oru1l2@VB=5LAo=#NdsYQA<1dC9-J1CRbDdp>FS6f`7ye=e$yI1 zZfAiAq=$VU-#6cq-&&ria7VQx_P=Fnls;pDqw~&ktu^gls*wDa{!tsUkS*r>|a7GnAe-YG5!oGBX5DJVi9;V}4B4u}TWjZ4#1gu~ZSsEzYa0ZJ0Bi;@9S7<5nq zS{e=%B?KpNpaF6t0Zj?OqEt~TjOE{_ZmfKz_oe+(;^wgmJ0rb%4QNTq+9-9Pdg{Lo z|NbW%iwTG6o~i3k(=fI7saaZY9m!Y}UCV`!mkB!CbGbuq=sYW%Eob}sC;Sp8LTit3 z6?<}jZP|LB>iM|kCa0i2MvG`y&}d*39a1_#=VcvuvFmg~MLcB?YN*RGI>_q`IQNv+ zhQXYNH{zekUT?EzfV}oLo}qIrXro> zYe>87=eq4Kx*i)2S=(RfzSy$l*j+fmAWB z9ru$S6tYJ0TvJ0cQ+lL>%M(KEd+IGg!+rtGP+;Yx8OqK*$M zYt$P*>nM;f;T 0 { - t.Fatalf("pem.Decode found unexpected trailing data in certificate file: %s", certPEM) - } - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - t.Fatalf("x509.ParseCertificate failed: %v", err) - } - return cert -} diff --git a/vendor/github.com/google/go-tpm-tools/server/ecc_utils.go b/vendor/github.com/google/go-tpm-tools/server/ecc_utils.go deleted file mode 100644 index 349dfd73e..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/ecc_utils.go +++ /dev/null @@ -1,47 +0,0 @@ -package server - -import ( - "crypto/elliptic" - "fmt" - "math/big" - - "github.com/google/go-tpm/legacy/tpm2" -) - -// ECC coordinates need to maintain a specific size based on the curve, so we pad the front with zeros. -// This is particularly an issue for NIST-P521 coordinates, as they are frequently missing their first byte. -func eccIntToBytes(curve elliptic.Curve, i *big.Int) []byte { - bytes := i.Bytes() - curveBytes := (curve.Params().BitSize + 7) / 8 - return append(make([]byte, curveBytes-len(bytes)), bytes...) -} - -func curveIDToGoCurve(curve tpm2.EllipticCurve) (elliptic.Curve, error) { - switch curve { - case tpm2.CurveNISTP224: - return elliptic.P224(), nil - case tpm2.CurveNISTP256: - return elliptic.P256(), nil - case tpm2.CurveNISTP384: - return elliptic.P384(), nil - case tpm2.CurveNISTP521: - return elliptic.P521(), nil - default: - return nil, fmt.Errorf("unsupported TPM2 curve: %v", curve) - } -} - -func goCurveToCurveID(curve elliptic.Curve) (tpm2.EllipticCurve, error) { - switch curve.Params().Name { - case elliptic.P224().Params().Name: - return tpm2.CurveNISTP224, nil - case elliptic.P256().Params().Name: - return tpm2.CurveNISTP256, nil - case elliptic.P384().Params().Name: - return tpm2.CurveNISTP384, nil - case elliptic.P521().Params().Name: - return tpm2.CurveNISTP521, nil - default: - return 0, fmt.Errorf("unsupported Go curve: %v", curve.Params().Name) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/server/eventlog.go b/vendor/github.com/google/go-tpm-tools/server/eventlog.go deleted file mode 100644 index 09bb8d057..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/eventlog.go +++ /dev/null @@ -1,677 +0,0 @@ -package server - -import ( - "bytes" - "crypto" - "crypto/x509" - "encoding/hex" - "errors" - "fmt" - "hash" - - "github.com/google/go-attestation/attest" - "github.com/google/go-eventlog/register" - "github.com/google/go-tpm-tools/cel" - pb "github.com/google/go-tpm-tools/proto/attest" - tpmpb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" -) - -var ( - newGrubKernelCmdlinePrefix = []byte("kernel_cmdline: ") - oldGrubKernelCmdlinePrefix = []byte("grub_kernel_cmdline ") - // See https://www.gnu.org/software/grub/manual/grub/grub.html#Measured-Boot. - validPrefixes = [][]byte{[]byte("grub_cmd: "), - newGrubKernelCmdlinePrefix, - []byte("module_cmdline: "), - // Older style prefixes: - // https://src.fedoraproject.org/rpms/grub2/blob/c789522f7cfa19a10cd716a1db24dab5499c6e5c/f/0224-Rework-TPM-measurements.patch - oldGrubKernelCmdlinePrefix, - []byte("grub_cmd ")} -) - -// parsePCClientEventLog parses a raw event log and replays the parsed event -// log against the given PCR values. It returns the corresponding MachineState -// containing the events verified by particular PCR indexes/digests. It returns -// an error if the replay for any PCR index does not match the provided value. -// -// The returned MachineState may be a partial MachineState where fields can be -// the zero value. In this case, an error of type MachineStateError will be -// returned. Callers can inspect individual parsing errors by examining -// `MachineStateError.Errors`. -// -// It is the caller's responsibility to ensure that the passed PCR values can be -// trusted. Users can establish trust in PCR values by either calling -// client.ReadPCRs() themselves or by verifying the values via a PCR quote. -func parsePCClientEventLog(rawEventLog []byte, pcrs *tpmpb.PCRs, opts VerifyOpts) (*pb.MachineState, error) { - var errors []error - events, err := parseReplayHelper(rawEventLog, pcrs) - if err != nil { - return nil, createGroupedError("", []error{err}) - } - // error is already checked in convertToAttestPcrs - cryptoHash, _ := tpm2.Algorithm(pcrs.GetHash()).Hash() - - rawEvents := convertToPbEvents(cryptoHash, events) - platform, err := getPlatformState(cryptoHash, rawEvents) - if err != nil { - errors = append(errors, err) - } - sbState, err := getSecureBootState(events) - if err != nil { - errors = append(errors, err) - } - efiState, err := getEfiState(cryptoHash, rawEvents, opts) - if err != nil { - errors = append(errors, err) - } - - var grub *pb.GrubState - var kernel *pb.LinuxKernelState - if opts.Loader == GRUB { - grub, err = getGrubState(cryptoHash, rawEvents) - if err != nil { - errors = append(errors, err) - } - kernel, err = getLinuxKernelStateFromGRUB(grub) - if err != nil { - errors = append(errors, err) - } - } - - return &pb.MachineState{ - Platform: platform, - SecureBoot: sbState, - Efi: efiState, - RawEvents: rawEvents, - Hash: pcrs.GetHash(), - Grub: grub, - LinuxKernel: kernel, - }, createGroupedError("failed to fully parse MachineState:", errors) -} - -// ParseCosCELPCR takes an encoded COS CEL and PCR bank, replays the CEL against the PCRs, -// and returns the AttestedCosState -func ParseCosCELPCR(cosEventLog []byte, p register.PCRBank) (*pb.AttestedCosState, error) { - return getCosStateFromCEL(cosEventLog, p, cel.PCRTypeValue) -} - -// ParseCosCELRTMR takes in a raw COS CEL and a RTMR bank, validates and returns it's -// COS states as parts of the MachineState. -func ParseCosCELRTMR(cosEventLog []byte, r register.RTMRBank) (*pb.AttestedCosState, error) { - return getCosStateFromCEL(cosEventLog, r, cel.CCMRTypeValue) -} - -func getCosStateFromCEL(rawCanonicalEventLog []byte, register register.MRBank, trustingRegisterType uint8) (*pb.AttestedCosState, error) { - decodedCEL, err := cel.DecodeToCEL(bytes.NewBuffer(rawCanonicalEventLog)) - if err != nil { - return nil, err - } - // Validate the COS event log first. - if err := decodedCEL.Replay(register); err != nil { - return nil, err - } - - cosState, err := getVerifiedCosState(decodedCEL, trustingRegisterType) - if err != nil { - return nil, err - } - - return cosState, err -} - -func contains(set [][]byte, value []byte) bool { - for _, setItem := range set { - if bytes.Equal(value, setItem) { - return true - } - } - return false -} - -// getVerifiedCosState takes in CEL and a register type (can be PCR or CCELMR), and returns the state -// in the CEL. It will only include events using the correct registerType. -func getVerifiedCosState(coscel cel.CEL, registerType uint8) (*pb.AttestedCosState, error) { - cosState := &pb.AttestedCosState{} - cosState.Container = &pb.ContainerState{} - cosState.HealthMonitoring = &pb.HealthMonitoringState{} - cosState.GpuDeviceState = &pb.GpuDeviceState{} - cosState.Container.Args = make([]string, 0) - cosState.Container.EnvVars = make(map[string]string) - cosState.Container.OverriddenEnvVars = make(map[string]string) - - seenSeparator := false - for _, record := range coscel.Records { - if record.IndexType != registerType { - return nil, fmt.Errorf("expect registerType: %d, but get %d in a CEL record", registerType, record.IndexType) - } - - switch record.IndexType { - case cel.PCRTypeValue: - if record.Index != cel.CosEventPCR { - return nil, fmt.Errorf("found unexpected PCR %d in COS CEL log", record.Index) - } - case cel.CCMRTypeValue: - if record.Index != cel.CosCCELMRIndex { - return nil, fmt.Errorf("found unexpected CCELMR %d in COS CEL log", record.Index) - } - default: - return nil, fmt.Errorf("unknown COS CEL log index type %d", record.IndexType) - } - - // The Content.Type is not verified at this point, so we have to fail - // if we see any events that we do not understand. This ensures that - // we either verify the digest of event event in this PCR, or we fail - // to replay the event log. - // TODO: See if we can fix this to have the Content Type be verified. - cosTlv, err := record.Content.ParseToCosTlv() - if err != nil { - return nil, err - } - - // verify digests for the cos cel content - if err := cel.VerifyDigests(cosTlv, record.Digests); err != nil { - return nil, err - } - - // TODO: Add support for post-separator container data - if seenSeparator { - return nil, fmt.Errorf("found COS Event Type %v after LaunchSeparator event", cosTlv.EventType) - } - - switch cosTlv.EventType { - case cel.ImageRefType: - if cosState.Container.GetImageReference() != "" { - return nil, fmt.Errorf("found more than one ImageRef event") - } - cosState.Container.ImageReference = string(cosTlv.EventContent) - - case cel.ImageDigestType: - if cosState.Container.GetImageDigest() != "" { - return nil, fmt.Errorf("found more than one ImageDigest event") - } - cosState.Container.ImageDigest = string(cosTlv.EventContent) - - case cel.RestartPolicyType: - restartPolicy, ok := pb.RestartPolicy_value[string(cosTlv.EventContent)] - if !ok { - return nil, fmt.Errorf("unknown restart policy in COS eventlog: %s", string(cosTlv.EventContent)) - } - cosState.Container.RestartPolicy = pb.RestartPolicy(restartPolicy) - - case cel.ImageIDType: - if cosState.Container.GetImageId() != "" { - return nil, fmt.Errorf("found more than one ImageId event") - } - cosState.Container.ImageId = string(cosTlv.EventContent) - - case cel.EnvVarType: - envName, envVal, err := cel.ParseEnvVar(string(cosTlv.EventContent)) - if err != nil { - return nil, err - } - cosState.Container.EnvVars[envName] = envVal - - case cel.ArgType: - cosState.Container.Args = append(cosState.Container.Args, string(cosTlv.EventContent)) - - case cel.OverrideArgType: - cosState.Container.OverriddenArgs = append(cosState.Container.OverriddenArgs, string(cosTlv.EventContent)) - - case cel.OverrideEnvType: - envName, envVal, err := cel.ParseEnvVar(string(cosTlv.EventContent)) - if err != nil { - return nil, err - } - cosState.Container.OverriddenEnvVars[envName] = envVal - case cel.LaunchSeparatorType: - seenSeparator = true - case cel.MemoryMonitorType: - enabled := false - if len(cosTlv.EventContent) == 1 && cosTlv.EventContent[0] == uint8(1) { - enabled = true - } - cosState.HealthMonitoring.MemoryEnabled = &enabled - case cel.GpuCCModeType: - ccMode, ok := pb.GPUDeviceCCMode_value[string(cosTlv.EventContent)] - if !ok { - return nil, fmt.Errorf("unknown GPU device CC mode in COS eventlog: %s", string(cosTlv.EventContent)) - } - cosState.GpuDeviceState.CcMode = pb.GPUDeviceCCMode(ccMode) - - default: - return nil, fmt.Errorf("found unknown COS Event Type %v", cosTlv.EventType) - } - - } - return cosState, nil -} - -type separatorInfo struct { - separatorData [][]byte - separatorDigests [][]byte -} - -// getSeparatorInfo is used to return the valid event data and their corresponding -// digests. This is useful for events like separators, where the data is known -// ahead of time. -func getSeparatorInfo(hash crypto.Hash) *separatorInfo { - hasher := hash.New() - // From the PC Client Firmware Profile spec, on the separator event: - // The event field MUST contain the hex value 00000000h or FFFFFFFFh. - sepData := [][]byte{{0, 0, 0, 0}, {0xff, 0xff, 0xff, 0xff}} - sepDigests := make([][]byte, 0, len(sepData)) - for _, value := range sepData { - hasher.Write(value) - sepDigests = append(sepDigests, hasher.Sum(nil)) - } - return &separatorInfo{separatorData: sepData, separatorDigests: sepDigests} -} - -// checkIfValidSeparator returns true if both the separator event's type and -// digest match the expected event data. -// If the event type is Separator, but the data is invalid, it returns false -// and an error. -// checkIfValidSeparator returns false and a nil error on other event types. -func checkIfValidSeparator(event *pb.Event, sepInfo *separatorInfo) (bool, error) { - evtType := event.GetUntrustedType() - index := event.GetPcrIndex() - if (evtType != Separator) && !contains(sepInfo.separatorDigests, event.GetDigest()) { - return false, nil - } - // To make sure we have a valid event, we check any event (e.g., separator) - // that claims to be of the event type or "looks like" the event to prevent - // certain vulnerabilities in event parsing. For more info see: - // https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md - if evtType != Separator { - return false, fmt.Errorf("PCR%d event contains separator data but non-separator type %d", index, evtType) - } - if !event.GetDigestVerified() { - return false, fmt.Errorf("unverified separator digest for PCR%d", index) - } - if !contains(sepInfo.separatorData, event.GetData()) { - return false, fmt.Errorf("invalid separator data for PCR%d", index) - } - return true, nil -} - -func getPlatformState(hash crypto.Hash, events []*pb.Event) (*pb.PlatformState, error) { - // We pre-compute the separator and EFI Action event hash. - // We check if these events have been modified, since the event type is - // untrusted. - sepInfo := getSeparatorInfo(hash) - var versionString []byte - var nonHostInfo []byte - for _, event := range events { - index := event.GetPcrIndex() - if index != 0 { - continue - } - evtType := event.GetUntrustedType() - - isSeparator, err := checkIfValidSeparator(event, sepInfo) - if err != nil { - return nil, err - } - if isSeparator { - // Don't trust any PCR0 events after the separator - break - } - - if evtType == SCRTMVersion { - if !event.GetDigestVerified() { - return nil, fmt.Errorf("invalid SCRTM version event for PCR%d", index) - } - versionString = event.GetData() - } - - if evtType == NonhostInfo { - if !event.GetDigestVerified() { - return nil, fmt.Errorf("invalid Non-Host info event for PCR%d", index) - } - nonHostInfo = event.GetData() - } - } - - state := &pb.PlatformState{} - if gceVersion, err := ConvertSCRTMVersionToGCEFirmwareVersion(versionString); err == nil { - state.Firmware = &pb.PlatformState_GceVersion{GceVersion: gceVersion} - } else { - state.Firmware = &pb.PlatformState_ScrtmVersionId{ScrtmVersionId: versionString} - } - - if tech, err := ParseGCENonHostInfo(nonHostInfo); err == nil { - state.Technology = tech - } - - return state, nil -} - -// Separate helper function so we can use attest.ParseSecurebootState without -// needing to reparse the entire event log. -func parseReplayHelper(rawEventLog []byte, pcrs *tpmpb.PCRs) ([]attest.Event, error) { - // Similar to ParseCosCanonicalEventLogPCR, just return an empty array of events for an empty log - if len(rawEventLog) == 0 { - return nil, nil - } - - attestPcrs, err := convertToAttestPcrs(pcrs) - if err != nil { - return nil, fmt.Errorf("received bad PCR proto: %v", err) - } - eventLog, err := attest.ParseEventLog(rawEventLog) - if err != nil { - return nil, fmt.Errorf("failed to parse event log: %v", err) - } - events, err := eventLog.Verify(attestPcrs) - if err != nil { - return nil, fmt.Errorf("failed to replay event log: %v", err) - } - return events, nil -} - -func convertToAttestPcrs(pcrProto *tpmpb.PCRs) ([]attest.PCR, error) { - hash := tpm2.Algorithm(pcrProto.GetHash()) - cryptoHash, err := hash.Hash() - if err != nil { - return nil, err - } - - attestPcrs := make([]attest.PCR, 0, len(pcrProto.GetPcrs())) - for index, digest := range pcrProto.GetPcrs() { - attestPcrs = append(attestPcrs, attest.PCR{ - Index: int(index), - Digest: digest, - DigestAlg: cryptoHash, - }) - } - return attestPcrs, nil -} - -func convertToPbEvents(hash crypto.Hash, events []attest.Event) []*pb.Event { - pbEvents := make([]*pb.Event, len(events)) - for i, event := range events { - hasher := hash.New() - hasher.Write(event.Data) - digest := hasher.Sum(nil) - - pbEvents[i] = &pb.Event{ - PcrIndex: uint32(event.Index), - UntrustedType: uint32(event.Type), - Data: event.Data, - Digest: event.Digest, - DigestVerified: bytes.Equal(digest, event.Digest), - } - } - return pbEvents -} - -func convertToPbDatabase(certs []x509.Certificate, hashes [][]byte) *pb.Database { - protoCerts := make([]*pb.Certificate, 0, len(certs)) - for _, cert := range certs { - wkEnum, err := matchWellKnown(cert) - var pbCert pb.Certificate - if err == nil { - pbCert.Representation = &pb.Certificate_WellKnown{WellKnown: wkEnum} - } else { - pbCert.Representation = &pb.Certificate_Der{Der: cert.Raw} - } - protoCerts = append(protoCerts, &pbCert) - } - return &pb.Database{ - Certs: protoCerts, - Hashes: hashes, - } -} - -func matchWellKnown(cert x509.Certificate) (pb.WellKnownCertificate, error) { - if bytes.Equal(WindowsProductionPCA2011Cert, cert.Raw) { - return pb.WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011, nil - } - if bytes.Equal(MicrosoftUEFICA2011Cert, cert.Raw) { - return pb.WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011, nil - } - if bytes.Equal(MicrosoftKEKCA2011Cert, cert.Raw) { - return pb.WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011, nil - } - if bytes.Equal(GceDefaultPKCert, cert.Raw) { - return pb.WellKnownCertificate_GCE_DEFAULT_PK, nil - } - return pb.WellKnownCertificate_UNKNOWN, errors.New("failed to find matching well known certificate") -} - -func getSecureBootState(attestEvents []attest.Event) (*pb.SecureBootState, error) { - attestSbState, err := attest.ParseSecurebootState(attestEvents) - if err != nil { - return nil, fmt.Errorf("failed to parse SecureBootState: %v", err) - } - if len(attestSbState.PreSeparatorAuthority) != 0 { - return nil, fmt.Errorf("event log contained %v pre-separator authorities, which are not expected or supported", len(attestSbState.PreSeparatorAuthority)) - } - return &pb.SecureBootState{ - Enabled: attestSbState.Enabled, - Db: convertToPbDatabase(attestSbState.PermittedKeys, attestSbState.PermittedHashes), - Dbx: convertToPbDatabase(attestSbState.ForbiddenKeys, attestSbState.ForbiddenHashes), - Authority: convertToPbDatabase(attestSbState.PostSeparatorAuthority, nil), - Pk: convertToPbDatabase(attestSbState.PlatformKeys, attestSbState.PlatformKeyHashes), - Kek: convertToPbDatabase(attestSbState.ExchangeKeys, attestSbState.ExchangeKeyHashes), - }, nil -} - -func getGrubState(hash crypto.Hash, events []*pb.Event) (*pb.GrubState, error) { - var files []*pb.GrubFile - var commands []string - for idx, event := range events { - hasher := hash.New() - index := event.GetPcrIndex() - if index != 8 && index != 9 { - continue - } - - // Skip parsing EV_EVENT_TAG event since it likely comes from Linux. - if event.GetUntrustedType() == EventTag { - continue - } - - if event.GetUntrustedType() != IPL { - return nil, fmt.Errorf("invalid event type for PCR%d, expected EV_IPL", index) - } - - if index == 9 { - files = append(files, &pb.GrubFile{Digest: event.GetDigest(), - UntrustedFilename: event.GetData()}) - } else if index == 8 { - suffixAt := -1 - rawData := event.GetData() - for _, prefix := range validPrefixes { - if bytes.HasPrefix(rawData, prefix) { - suffixAt = len(prefix) - break - } - } - if suffixAt == -1 { - return nil, fmt.Errorf("invalid prefix seen for PCR%d event: %s", index, rawData) - } - - // Check the slice is not empty after the suffix, which ensures rawData[len(rawData)-1] is not part - // of the suffix. - if len(rawData[suffixAt:]) > 0 && rawData[len(rawData)-1] == '\x00' { - if err := verifyNullTerminatedDataDigest(hasher, rawData[suffixAt:], event.Digest); err != nil { - return nil, fmt.Errorf("invalid GRUB event (null-terminated) #%d: %v", idx, err) - } - } else { - if err := verifyDataDigest(hasher, rawData[suffixAt:], event.Digest); err != nil { - return nil, fmt.Errorf("invalid GRUB event #%d: %v", idx, err) - } - } - hasher.Reset() - commands = append(commands, string(rawData)) - } - } - if len(files) == 0 && len(commands) == 0 { - return nil, errors.New("no GRUB measurements found") - } - return &pb.GrubState{Files: files, Commands: commands}, nil -} - -// verifyNullTerminatedRawData checks the digest of the data. -// Returns nil if digest match the hash of the data or the data without the last bytes (\x00). -// The caller needs to make sure len(data) is at least 1, and data is ended with '\x00', -// otherwise this function will return an error. -func verifyNullTerminatedDataDigest(hasher hash.Hash, data []byte, digest []byte) error { - if len(data) == 0 || data[len(data)-1] != '\x00' { - return errors.New("given data is not null-terminated") - } - if err := verifyDataDigest(hasher, data, digest); err != nil { - if err := verifyDataDigest(hasher, data[:len(data)-1], digest); err != nil { - return err - } - } - return nil -} - -// verifyDataDigest checks the digest of the data. -func verifyDataDigest(hasher hash.Hash, data []byte, digest []byte) error { - hasher.Reset() - hasher.Write(data) - defer hasher.Reset() - if !bytes.Equal(digest, hasher.Sum(nil)) { - return fmt.Errorf("invalid digest: %s", hex.EncodeToString(digest)) - } - return nil -} - -func getEfiState(hash crypto.Hash, events []*pb.Event, opts VerifyOpts) (*pb.EfiState, error) { - // We pre-compute various event digests, and check if those event type have - // been modified. We only trust events that come before the - // ExitBootServices() request. - separatorInfo := getSeparatorInfo(hash) - - hasher := hash.New() - hasher.Write([]byte(CallingEFIApplication)) - callingEFIAppDigest := hasher.Sum(nil) - - hasher.Reset() - hasher.Write([]byte(ExitBootServicesInvocation)) - exitBootSvcDigest := hasher.Sum(nil) - - var efiAppStates []*pb.EfiApp - var seenSeparator4 bool - var seenSeparator5 bool - var seenCallingEfiApp bool - var seenExitBootServices bool - for _, event := range events { - index := event.GetPcrIndex() - // getEfiState should only ever process PCRs 4 and 5. - if index != 4 && index != 5 { - continue - } - evtType := event.GetUntrustedType() - - switch index { - case 4: - // Process Calling EFI Application event. - if bytes.Equal(callingEFIAppDigest, event.GetDigest()) { - if evtType != EFIAction { - return nil, fmt.Errorf("PCR%d contains CallingEFIApp event but non EFIAction type: %d", - index, evtType) - } - if !event.GetDigestVerified() { - return nil, fmt.Errorf("unverified CallingEFIApp digest for PCR%d", index) - } - // We don't support calling more than one boot device. - if seenCallingEfiApp { - return nil, fmt.Errorf("found duplicate CallingEFIApp event in PCR%d", index) - } - if seenSeparator4 { - return nil, fmt.Errorf("found CallingEFIApp event in PCR%d after separator event", index) - } - seenCallingEfiApp = true - } - - if evtType == EFIBootServicesApplication { - if !opts.AllowEFIAppBeforeCallingEvent && !seenCallingEfiApp { - return nil, fmt.Errorf("found EFIBootServicesApplication in PCR%d before CallingEFIApp event", index) - } - efiAppStates = append(efiAppStates, &pb.EfiApp{Digest: event.GetDigest()}) - } - - isSeparator, err := checkIfValidSeparator(event, separatorInfo) - if err != nil { - return nil, err - } - if !isSeparator { - continue - } - if seenSeparator4 { - return nil, errors.New("found duplicate Separator event in PCR4") - } - seenSeparator4 = true - case 5: - // Process ExitBootServices event. - if bytes.Equal(exitBootSvcDigest, event.GetDigest()) { - if evtType != EFIAction { - return nil, fmt.Errorf("PCR%d contains ExitBootServices event but non EFIAction type: %d", - index, evtType) - } - if !event.GetDigestVerified() { - return nil, fmt.Errorf("unverified ExitBootServices digest for PCR%d", index) - } - // Don't process any PCR4 or PCR5 events after Boot Manager has - // requested ExitBootServices(). - seenExitBootServices = true - break - } - - isSeparator, err := checkIfValidSeparator(event, separatorInfo) - if err != nil { - return nil, err - } - if !isSeparator { - continue - } - if seenSeparator5 { - return nil, errors.New("found duplicate Separator event in PCR5") - } - seenSeparator5 = true - } - } - // Only write EFI digests if we see an ExitBootServices invocation. - // Otherwise, software further down the bootchain could extend bad - // PCR4 measurements. - if seenExitBootServices { - return &pb.EfiState{Apps: efiAppStates}, nil - } - return nil, nil -} - -func getLinuxKernelStateFromGRUB(grub *pb.GrubState) (*pb.LinuxKernelState, error) { - var cmdline string - seen := false - - for _, command := range grub.GetCommands() { - // GRUB config is always in UTF-8: https://www.gnu.org/software/grub/manual/grub/html_node/Internationalisation.html. - cmdBytes := []byte(command) - suffixAt := getGrubKernelCmdlineSuffix(cmdBytes) - if suffixAt == -1 { - continue - } - - if seen { - return nil, fmt.Errorf("more than one kernel commandline in GRUB commands") - } - seen = true - cmdline = command[suffixAt:] - } - - return &pb.LinuxKernelState{CommandLine: cmdline}, nil -} - -func getGrubKernelCmdlineSuffix(grubCmd []byte) int { - for _, prefix := range [][]byte{oldGrubKernelCmdlinePrefix, newGrubKernelCmdlinePrefix} { - if bytes.HasPrefix(grubCmd, prefix) { - return len(prefix) - } - } - return -1 -} diff --git a/vendor/github.com/google/go-tpm-tools/server/eventlog_test.go b/vendor/github.com/google/go-tpm-tools/server/eventlog_test.go deleted file mode 100644 index c99d05fb8..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/eventlog_test.go +++ /dev/null @@ -1,1369 +0,0 @@ -package server - -import ( - "bytes" - "crypto" - "crypto/rand" - "encoding/hex" - "fmt" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-configfs-tsm/configfs/fakertmr" - configfstsmrtmr "github.com/google/go-configfs-tsm/rtmr" - "github.com/google/go-eventlog/proto/state" - "github.com/google/go-eventlog/register" - "github.com/google/go-tpm-tools/cel" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - attestpb "github.com/google/go-tpm-tools/proto/attest" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" - "google.golang.org/protobuf/testing/protocmp" -) - -type eventLog struct { - RawLog []byte - Banks []*pb.PCRs - ExpectedEFIAppDigests map[pb.HashAlgo][]string -} - -// The Arch Linux event log has two known failures due to our parser's strict checks. -var archLinuxKnownParsingFailures = []string{ - "SecureBoot data len is 0, expected 1", -} - -// Agile Event Log from a RHEL 8 GCE instance with Secure Boot enabled -var Rhel8GCE = eventLog{ - RawLog: test.Rhel8EventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), - 1: decodeHex("5cc549378bafaa92e965c7e9c287925cfff33abd"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("7fbe2df30156ca4934109f48d850ab327110f8fa"), - 5: decodeHex("3258daa13f4cccf245c170481c76e2a4602e5a7b"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("d7a632f8990b2171e987041b0a3c69fc1b2a4f27"), - 8: decodeHex("15aab2077008f8325e7c61ee39fedd7118aad5d7"), - 9: decodeHex("25de9455ef4e8180b76bbb9bb54a82f9a73abb0a"), - 14: decodeHex("1f5149668c40524e01be9cbc3ad527645943f148"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), - 1: decodeHex("454220afaa80c83c3839f6cccd8b3c88bf4f562316a9dda1121c578c9e005a53"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("758a3d35f1b0ff5b135dacd07db0c8132c0ac665d944090d4bf96e66447a245c"), - 5: decodeHex("53d0ee36163219201e686167bbb71ec505b3ba2917b9d9183ed84aad26cfeb89"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("5fd54361d580eb7592adb8deb236ff35444ceeac7148f24b3de63c041f12b3da"), - 8: decodeHex("25c3874041ebd4e9a21b6ed71b624a7bfa99907a8dcea7f129a4c64cbaf5829a"), - 9: decodeHex("d43b2f61eb18b4791812ff5f20ab20e4ef621ba683370bedf5dbdf518b3a8078"), - 14: decodeHex("d8f57ebcc1a23cc46832696e1a657f720e1be8f5b405bb7204682114e363b455"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "95f400d9003b4e8c0cb4734efcf547e36fc4100c", - "4f60d11ad6ac9a76837834f1371bc9521d018779", - "075f3bc8c7363c35a87ce56c604fa9201a97f79d", - }, - pb.HashAlgo_SHA256: { - "40d6cae02973789080cf4c3a9ad11b5a0a4d8bba4438ab96e276cc784454dee7", - "e8a268c431da72caaae407f729f602b9dbf5d1d43492d4a51cc2b688a08586e3", - "e4c0382f98feaebfd43923a85fd6da9a20e1a48524a4d5928c31850ca1a96a6e", - }, - pb.HashAlgo_SHA384: { - "66de9a210659294720af06838309fc1f4d0de82c646a62c1dd9f068cd331d2e05fd666377dbc11e84a796ce00108ab19", - "c1d031b07446588fa50f4eec3d8520d99ed01f21350b9c581e13f4c5a8c712cb5e3cbecc41ccab74465543439f7eb1e6", - "d844e63b32a73aadde4f78dda7cb7df73d75114f3a5964401847eb716142a06607ea95efee20f51283e85afca8da3afd", - }, - }, -} - -// Agile Event Log from a Ubuntu 18.04 GCE instance with Secure Boot and -// Confidential Computing enabled. -var UbuntuAmdSevGCE = eventLog{ - RawLog: test.Ubuntu1804AmdSevEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), - 1: decodeHex("35f38e5ce90728b02a0f66d836eef53d287e69bf"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("41c68947aeee8a59110c7989a9b7a55df547f003"), - 5: decodeHex("baee22b5cce9029300f909add54d75d5d7475cfd"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("6530ed2dcba68801c78ca08753f239118bead7c8"), - 8: decodeHex("4e5533d878287970f3ef8d374fb140d93bcb2c37"), - 9: decodeHex("1b79f2140a84462cb13d1a0c1904daefd24d7938"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), - 1: decodeHex("add81cbc06b154716ac7bd5999c84cbc520184d57c58102657d270274508d9ce"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("b4b94e840fc9352e20bdb5b456b4c242af0fb146755b6935d8eda000ea368a31"), - 5: decodeHex("0b75168095fd6464ff1f9943b762ec009a3ae84c5e76cf67361e16b9db30d28e"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("61af3f499f1a86be54458fd30d193fa913a7e23ca3103fa3d0abaefd3cd4f9b8"), - 8: decodeHex("c324da9d0c54252c37af697cdd58b066f2bb0f4a69752d27623bc738d02e9486"), - 9: decodeHex("2d334f1eeb9a16dabaccaa746ff1c0dce2e9aeb3f3a4a314e5e1e61b01e940d0"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "21e79438580ec89df674dfe12653d77d132c3936", - "9a4c7c895a5d40c3906121ff59c6fe267a4c32e0", - }, - pb.HashAlgo_SHA256: { - "2ea4cb6a1f1eb1d3dce82d54fde26ded243ba3e18de7c6d211902a594fe56788", - "835f940e97bac2f7c171819b1fcc4bebe72a1c4ea7d7245088ef32d253085bb3", - }, - pb.HashAlgo_SHA384: { - "9b2baf7073fd9b7df3091b69ae7e48453450ae7b5311b37de11b79da75f175b8b2ed69f7d39406501653b35cbe90a030", - "b0a19b24395a4690eea97916483dc291a38c6023df20aa296d85064194cebe9097f6b5e8490fd57a4e6b01167a8c9c7c", - }, - }, -} - -// Agile Event Log from a Ubuntu 21.04 GCE instance without a DBX and with Secure Boot disabled -var Ubuntu2104NoDbxGCE = eventLog{ - RawLog: test.Ubuntu2104NoDbxEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), - 1: decodeHex("36c6b7436c37243c5f6744b73ced4df1287cd16a"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("8d9868b66afcf4039eaf8ef5228556d9f313659f"), - 5: decodeHex("b0eaa45a496e0d933f63e97fd2362192dd48e369"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("777795cbdeca679f7749d8d09fc12941dcc9912a"), - 8: decodeHex("5dfae5320ea06ddd1c62d296844a9b4b32b49972"), - 9: decodeHex("f53869ab9015b5ad736e5f00e44fdfee2fdfde27"), - 14: decodeHex("cd3734d2bdfcfba9e443ac02c03c812ffcceb255"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), - 1: decodeHex("f7dab5fda6b082e0ec1a12c43dd996ee409111422cda752a784620313039db19"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("295aeaeacad1d507930bab18418f905eeda633ea67b2ab94c5e5fd3a4d47ac58"), - 5: decodeHex("e4f1359accfe48b19af7d38e98a3f373116b55b7f7a6f58f826f409a91d9fd28"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("ca37324eeffabd318d30a20f15bf27ce25dc33e2c9856279ff6c2ced58b02efa"), - 8: decodeHex("2f2559cae74bb441d75afea5edb78d9a645db9f4bf8dea84bab0861ce6032e18"), - 9: decodeHex("9f27883322aaaf043662c27542d9685790c687ea554e4e2ae30f0e099a2e4889"), - 14: decodeHex("8351c65483c5419079e8c96758dd2130bee075d71fea226f68ec4eb5bfc71983"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "92e6ec17937f600b9ec7f23adf4ea5553b4e2364", - "4f9604e61091095594c206c8a404afe187a92586", - }, - pb.HashAlgo_SHA256: { - "d99c93fcb042dbe52707bbde371c75fcf081dd5b0c88a195d44cc57536f6f521", - "b0a836fec2faf4a9bea0e1a5f1945bc86ddc03ac98ce0ae172ed9b1e536d7595", - }, - pb.HashAlgo_SHA384: { - "d8811e9c08119168b156255c6d695614d1593422bc5044186d29c1aaaa86fff0a633f324ac1ac1122e547479ce50a75a", - "bbcdda8a6d872385b10802434eb8de1ac7b92dbaddf18bc1d7ea24fcc71b45291db5cc7b930a29c93405d6aecdb70683", - }, - }, -} - -// Agile Event Log from a Ubuntu 21.04 GCE instance with Secure Boot disabled -var Ubuntu2104NoSecureBootGCE = eventLog{ - RawLog: test.Ubuntu2104NoSecureBootEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), - 1: decodeHex("f5310dfcfcec5571cbf730064d526906c9cea2f0"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("e53d909941dcbc699b273fc4c0d817a41c6ab975"), - 5: decodeHex("9e2af4bac1432830594b1ae90c68c52a20a9700e"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("ede7204673f41ac2592b0d3b4cd429b43f39dc61"), - 8: decodeHex("bda59abe1c7d18e0b85edfcb4381f10d4dcc88f7"), - 9: decodeHex("39fd49224476f4d7eea26a53e264c9c33e47649c"), - 14: decodeHex("cd3734d2bdfcfba9e443ac02c03c812ffcceb255"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), - 1: decodeHex("45ed8540f34db53220ef197e5fb8a3835b2095454349e445f397f13d91c509a5"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("ebc7ae25d0347868250995c9a8fff16bf79e048453262d0ef2756e213c76181c"), - 5: decodeHex("47715f9f2c10769da6ee23be5633fd88e247caf162f4eeb0b6f8482ccfeadfb5"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("0d8847bc5eca06452df10e2f214363845c7ac11d47525a5474e225e72ce25dfe"), - 8: decodeHex("b9a324947de94ec2fd4b04483ecfcb37dfdd520a7c0ecf73c77bf2595549c84f"), - 9: decodeHex("adb87be3efd96cc3a2f66b8aa7564f9727563ef494a95d571a3f38ff4afb25dd"), - 14: decodeHex("8351c65483c5419079e8c96758dd2130bee075d71fea226f68ec4eb5bfc71983"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "22df40d6e32d4721f1b2406b2b4a3bb0ca10ead5", - "4f9604e61091095594c206c8a404afe187a92586", - }, - pb.HashAlgo_SHA256: { - "6265b732b005b3f330bcd1843374e5ec6ec5aef27cdb97a23daeb8580abbf526", - "b0a836fec2faf4a9bea0e1a5f1945bc86ddc03ac98ce0ae172ed9b1e536d7595", - }, - pb.HashAlgo_SHA384: { - "4f491210da8f59f09cd16523b44db22e83d8b611c3b14656d3b078dd451347ab195177fc78cf8d5578376f1f5f9bb821", - "bbcdda8a6d872385b10802434eb8de1ac7b92dbaddf18bc1d7ea24fcc71b45291db5cc7b930a29c93405d6aecdb70683", - }, - }, -} - -// Agile Event Log from a Ubuntu 24.04 GCE AMD_SEVSNP instance with Secure Boot disabled -var Ubuntu2404AmdSevSnp = eventLog{ - RawLog: test.Ubuntu2404AmdSevSnpEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("8124f09f069c7d2d9acf5ce4eab928a7103a0bb2"), - 1: decodeHex("f00d6bbdea9ba55996f237a7f95f2b328a44e3f2"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("175f4319fd7ac683bf49f2e7b837630e4fa8603f"), - 5: decodeHex("f65b39c7aec83294f796c1ea4acc987f80914efe"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("7067b17aa6b3de0d22d17a59dce1e17e649cb56a"), - 8: decodeHex("5f4a1177c33521b0e48d855cf770520f8ab744de"), - 9: decodeHex("c6ee69063ab752df6c4ab99a80b12f3e5c432535"), - 14: decodeHex("a482a15e112717d6a915b989a0ea6140a507e3e6"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("50597a27846e91d025eef597abbc89f72bff9af849094db97b0684d8bc4c515e"), - 1: decodeHex("57344e1cc8c6619413df33013a7cd67915459f967395af41db21c1fa7ca9c307"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("abe8b3fa6aecb36c2fd93c6f6edde661c21b353d007410a2739d69bfa7e1b9be"), - 5: decodeHex("0b0e1903aeb1bff649b82dba2cdcf5c4ffb75027e54f151ab00b3b989f16a300"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("33ad69850fb2c7f30b4f8b4bc10ed93fc954dc07fa726e84f50f3d192dc1c140"), - 8: decodeHex("6932a3f71dc55ad3c1a6ac2196eeac26a1b7164b6bbfa106625d94088ec3ecc3"), - 9: decodeHex("ce08798b283c7a0ddc5e9ad1d602304b945b741fc60c20e254eafa0f4782512b"), - 14: decodeHex("306f9d8b94f17d93dc6e7cf8f5c79d652eb4c6c4d13de2dddc24af416e13ecaf"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "7eac7a5171a01cf975bb6ac1b0eb6eb79a391d5e", - "ec49599026c979912d8f18cfd4b260516a4d4ac1", - }, - pb.HashAlgo_SHA256: { - "724de6844dd0fe618ba5776c7bca0728be38a6544e24e44ef259b987b7abce80", - "5e8cb75acdf8e09e5fc14cc2d6ce0c2288af208976d97309851c661e91ec1e03", - }, - pb.HashAlgo_SHA384: { - "4637fb5cd30847e5f09ae24f8a50ce1611c4d21afd0ecb69c8ec40bc82dc11bc48abda1f8044fe340bfb70b29606eb47", - "c051991523ea083f466f13c2a2d11d77254f6110bc8ae3714f345cef8f33cde26082b49dda0f56ef324a62a10b556d1e", - }, - }, -} - -// Agile Event Log from Alex's gLinux laptop with secure boot disabled -var GlinuxNoSecureBootLaptop = eventLog{ - RawLog: test.GlinuxAlexEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("29d236609a5f9cc6912af44ba5f57b13a17c8a84"), - 1: decodeHex("db16852a369b2503d6cc6c0007501c837dbe1170"), - 2: decodeHex("0c8ef58d40b8cd1fe15f6b45fc1b385dd251eec0"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("c56cddf3dcf59a473a239efd17b130391e24b0df"), - 5: decodeHex("23606963a2813421f5b6e76e32a337ff8940e413"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("9221b8fc57b60cb7de507dc016f88d4600cde9c5"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0e5ea849d7647a1ac1becc096fee4df98f00f8015f934afadaab0b8aa20b38a5"), - 1: decodeHex("9750400838980c9419764b9cf19c975c0e159c18ebe21cb897c6e834a8d8d433"), - 2: decodeHex("970096d49105b0404999173e49c3f6b8597b9c4c5ff6a9e364b55ce01037578e"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("ddb124ca9013f1e42f98537f7f381e47c5e6caa988cf2b4088f452c5a8dd912d"), - 5: decodeHex("fb58603615cfec59c0428e71913d30d45f38e4280380cc814135a7659c246b13"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("9d1be46302bc4f5055c90a0376d9142e397ca8744f387c9824170f1bc855fde5"), - }, - }}, -} - -// Agile Event Log from an Arch Linux worksation with systemd-boot and Secure Boot Disabled -var ArchLinuxWorkstation = eventLog{ - RawLog: test.ArchLinuxWorkstationEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("a0487b0d95387d4a30560edf5f041307bf4a1dcc"), - 1: decodeHex("56b71c334a5b67d3b7b3343e3241dff5a1ad87bf"), - 2: decodeHex("01098a68e44e4fbd0af3b9a836b1b79e78c4f6f5"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("4c8b6f359b5e5cb9d09e825009a98e1281165b01"), - 5: decodeHex("0dfa5ca60508ac5214515b20ed3e66289514fcb6"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("029c700c2fa2bc83cbf3ce4ee501ad4d984ec5ae"), - 8: decodeHex("aa99fc93faa0777f42da6e1ae77a0653b5005619"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("758b773d94feabf52ef5a4c00a7ad2c80d8d6e6d9d58756150be9bc973da9087"), - 1: decodeHex("bfda688a5d320123fddb3fc70b746bc17647e2e7f2f96e130d429542bf4622d5"), - 2: decodeHex("65dee4a48cde677aa89fa83c5c35e883fda658f743853e3ebad504ca6702f7c5"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("925d453d3dfef4ac0c72c957402163d45fa95d05e6d53f047263a3a60b598325"), - 5: decodeHex("202522f005ef625588bb7c9e21335ba96a63c5086306138885b3bb2c381730ca"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("3b4a4db44b7a872524055364e62e897ae678e0d47ab0809f65c3a4ed77f66ab9"), - 8: decodeHex("47591b43af431963eaeb5238a5c42eda1eb0014c27f7de7ae483066a2d2a2e61"), - }, - }}, -} - -// Legacy Event Log from a Debian 10 GCE instance with Secure Boot enabled -var Debian10GCE = eventLog{ - RawLog: test.Debian10EventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), - 1: decodeHex("b1676439cac1531683990fefe2218a43239d6fe8"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("1eb30816474a3f144e99b24e4ad480b2e51fd9e1"), - 5: decodeHex("019079179dbc0eb5992c500dcf8a095910ac590d"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("9e6c57e850f371c2a7fe02bca552149363952318"), - }, - }}, - // We shouldn't use these digests, as this Debian firmware does not measure - // ExitBootService events, which means an attacker could extend additional - // events after UEFI hands off the event log. - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "47263679db883d7ad9adbc93d6a1fbf8095f0133", - "3fae23b18d72350207661af3875f2c492e97621c", - "89b08941b47dcfbd4c8b3f2bc0fad984cd836b21", - }, - }, -} - -// Agile Event Log from a Ubuntu 21.04 GCE instance with Secure Boot disabled -var COS85AmdSev = eventLog{ - RawLog: test.Cos85AmdSevEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), - 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("6168c9ce88a8658920f2cf2f9012d3c6bbfab79b"), - 5: decodeHex("fb6b3a15b220a74b0c4f73416919476702e930e2"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("42e669233f0e826df5093abfd6998c020df2de88"), - 8: decodeHex("72778b0ba3c491db25eb7c8368cb1fb51f0ce458"), - 9: decodeHex("08bd04f0dbadf591510340d94a0019c0ddcb779f"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), - 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("d690bdac2aa8b73a1d718cb91990df07d0747b07ea57b3b2d0f0d511f0d90491"), - 5: decodeHex("e9e0b32564b6f8215b1bd43954d9f910682d39c3b18abd4737ac3b797cf269e0"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("3365d7fa2b024c852913c06e04ffbfa6ea5289f743bbf1a76f7ffdf21ed84793"), - 8: decodeHex("9e9b6511ae6ad443aae4c7bf998ffffbcd271c874f1efab9d692f129eb6e6c18"), - 9: decodeHex("f4f2d92d6d54f6c41f2706fd98091317642e0680a7902c72893d41e3464a93b7"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "bfeec15d9359fe0aa8b5fb6451d1f73e5144c6d3", - "860848ad3f129051f1e252749011cf7f7df837ee", - "91cd5aa9c3e407237e8aeb122d4ab94494034a90", - }, - pb.HashAlgo_SHA256: { - "dba8d69ffb244496ac8ab2950695d3da539d6ac5ec660fc6b4bdde245284cf23", - "f7bad83f87940312e4642530a9a6242e88529dc37a497d7d4e7c1c070566d542", - "6f6afb3caed004e727200a0c310731bd8ab4cd391b2d95cedf67d08e1e8e5e7e", - }, - pb.HashAlgo_SHA384: { - "778bd7d6385d8ca0da5e504e3e554b67d98d9a712d957cb4cbb4d9b2e66ca96e31ddc18680af02b03a3a8a1b08da6aca", - "d014c8c69b17ceb0f46be22b928f52684e717f40288246a61dadba00b1368c883cdde4e98762cc6788d94d0bcbd3f7ca", - "ff8ff1db8fc98d02d944a90c58103b1b2ad3ba893ba4f302a006a572951491622341bb9387de20dd072cb8b6b3583cd0", - }, - }, -} - -var COS93AmdSev = eventLog{ - RawLog: test.Cos93AmdSevEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), - 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("1e4b998edfb4d62fb88337a66b3af8be26159498"), - 5: decodeHex("3421f02e05d71fe4bd002cbe22e68c230397821d"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("42e669233f0e826df5093abfd6998c020df2de88"), - 8: decodeHex("ec84952e0c5c96cd4404122131b8f86d5ac7df7d"), - 9: decodeHex("7a406f847075a86a55aa184cfe3fcef7eaff40a7"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), - 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("871e8343044ae4c87b402dcb94b5e49715b1b8dc1b19c43ba0801422fabb39d4"), - 5: decodeHex("74be59dc8066011eade913db9a3db7978f93852c04816cba9427dd59b87042cc"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("3365d7fa2b024c852913c06e04ffbfa6ea5289f743bbf1a76f7ffdf21ed84793"), - 8: decodeHex("ba18b7028111f1f193967cad3c23b5050f73061c0f119182ac0f42efd6a9159e"), - 9: decodeHex("0b1e4f9ca7bc8535c4c33f0025969d7abea008aa51dcd7f7c2d1068470e4bce4"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "d582c2803fd716f09e50c82967079ff593e1bc6b", - "e3de6a97421ba8f329d4ba55e39df80013415a23", - "03221584436f78e488cdaec3c691b7a18ff2f621", - }, - pb.HashAlgo_SHA256: { - "27cce48e55b3bfb6eb6206a4cc2b53a497846496a6264495006ab28dffa5623e", - "e3e226fb8c8e3b3fdb56c706a0fbfda080f34068aef5a1889c1bfa95f04c2e72", - "dc0aca594caee03705bcfa817e7f666692d89b713815f4793b7abbc2a0e00b6c", - }, - pb.HashAlgo_SHA384: { - "da419d9c92eb55b6e14f5665d81644fa163b908b1b1e317740f7a605f1734994dd90f4ea3373400c59fd7683751e30ef", - "794e6206fe520d3b0bcbfd3e14b0dc8e41f6a8c3b131faef69442a11625fde690a1b77c46dcddcb443a8d3c1e3ea669c", - "64b218ab263625b49da1172a9ab37cedbcd20d668beac1c3baac4cae640a1a7f77a07c05682b4147ec649c51243f6bbf", - }, - }, -} - -var COS101AmdSev = eventLog{ - RawLog: test.Cos101AmdSevEventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), - 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), - 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 4: decodeHex("1ebe08ea6c45e0dfbd2aad903d2e0d3ab69fd7ad"), - 5: decodeHex("1c7ca47e5c09a78a747b0e0f051cc8cad6431400"), - 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), - 7: decodeHex("6847f752ad1795c279f289e1eecf0040cd53c1d4"), - 8: decodeHex("a243d82bd1fa01ae487b7ba77dd73ebb7a17800a"), - 9: decodeHex("fbbb8a8f120369810e7e161504556f0080afadac"), - 14: decodeHex("1ba610b2d80967338649a8f88f45810448814bfc"), - }, - }, { - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), - 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("6d9f1a1d461cf77517e8d4c488c53f338a71c5a8e2b81ab7011c14f72cbc9a80"), - 5: decodeHex("d1a1ab23a5c3d98fbacff3891bad42d8e9257d61e1f683f42c6c9fa949bf96c5"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("2bc6edaa921f953cec0ffb28dad4f87114886603d6a782036502d28e69d97a48"), - 8: decodeHex("ebb7c847c4ade99849bcffca236d32331224a530087a7ae4cb9f7db4c2e571b5"), - 9: decodeHex("b5ad662e5eb9165825ee39ad66e851a67a193e0b87b27858f25ac58afa72ac57"), - 14: decodeHex("d0d95459205afae879514db7b85630f5d6b8272ed8c731bf92933dbc9fe99969"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA1: { - "dc41c297c4ed857e9b6354cad8b448995c3052ea", - "06ae09413b5107bb26aa68602ba4fe787d22f82e", - "f894ac3a351baa3a5ce4dd8d6f497eb616723461", - "f894ac3a351baa3a5ce4dd8d6f497eb616723461", - }, - pb.HashAlgo_SHA256: { - "c7ac5d44444affd8d4a7c5d3dea0ce20a71e05812fc18777a428d092f78ae3ff", - "c5d3b47de11a9a2a4a15ef5cb7202d7800a10609c0dcecc46e3e963d476b76ce", - "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", - "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", - }, - pb.HashAlgo_SHA384: { - "72bf185794a865eb14fcdf93a2daa8ed281c932e2a7009d8489c38056389b3f3776d755ec703c95fb9c396f79dbd52c7", - "5b38df39c7beec3bfd9c4cbd40c217bcbee190d1fa099a64c5f063d20efc3def26e48cbbd86d730c8eb4696a29759490", - "968f2f6cb5bae537adfca30942803ddcda773bae368c042258e8818788265cd0e119936c9fcdb782785154a6705c5143", - "968f2f6cb5bae537adfca30942803ddcda773bae368c042258e8818788265cd0e119936c9fcdb782785154a6705c5143", - }, - }, -} - -var GdcHost = eventLog{ - RawLog: test.GdcHost, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("dab77c454bd12c27ff6b6ce1f9adca90b7a330c1cef0b5cd01cb89fb3bd0dffa"), - 1: decodeHex("e9c706539943b2d9770715914f9b3946fab0265327bace4c479913acb9014051"), - 2: decodeHex("7fde57284c6a0eabdc9b829db4e2ab0bb565c4189410de2474dd116bc18bafcc"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("ded8b5d91a09c328b9859d8c9db5a346f1065224616b0ba66d6c83dba2b465e8"), - 5: decodeHex("163ee251955b844012f1493aa962b2a18acbec194ea4856cdc45cd54c8540058"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("2c9252609eda09899d96abe16b947d0e736c43271997c1fa5189e9bcd37ba516"), - 8: decodeHex("8edecd4daa5194ea70a2a9f2c71c7c816bd3b1e0a1ca6f4abea7306250191eba"), - 9: decodeHex("731d336f9f3255e80b429de54fb77b2ad5e485829eb386d661c668245f30f44b"), - 14: decodeHex("306f9d8b94f17d93dc6e7cf8f5c79d652eb4c6c4d13de2dddc24af416e13ecaf"), - }, - }}, - ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ - pb.HashAlgo_SHA256: { - "c7ac5d44444affd8d4a7c5d3dea0ce20a71e05812fc18777a428d092f78ae3ff", - "c5d3b47de11a9a2a4a15ef5cb7202d7800a10609c0dcecc46e3e963d476b76ce", - "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", - "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", - }, - }, -} - -var SP800155EventLog = eventLog{ - RawLog: test.SP800155EventLog, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("d0c70a9310cd0b55767084333022ce53f42befbb69c059ee6c0a32766f160783"), - 1: decodeHex("f28e7dc5d058b98ba6f635c1de061a507426983b7ec370d3ba7ce90bdfd1a7c1"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("18314f0c33adea45e461155e190199716256ca532cd89e9aa3b7d2f6407fa4c8"), - 5: decodeHex("7da8fcc5689af6d0f2a089b19bbe146702372ccfdc3d5758bf6b49ba50c7366e"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("8c5dc451764d0db9c1e17da03564bcae3a09fa3d7f8e467d9c381dc8698377d6"), - 8: decodeHex("98effecabbbdc67dd7627d0c50f24bbce548ca6e6fcca30ad284afde91a042a4"), - 9: decodeHex("06f41037a0f42d7308ff2d955ef6c0a5d2fe0a70f7c81ce288d3a158f4978b2f"), - 14: decodeHex("6eb05e8a8a6272a8e4b925a67c650daa13c12b1a80cc797d40fd345e29660161"), - }, - }}, -} - -var CGKE251000 = eventLog{ - RawLog: test.CGKE251000, - Banks: []*pb.PCRs{{ - Hash: pb.HashAlgo_SHA256, - Pcrs: map[uint32][]byte{ - 0: decodeHex("d0c70a9310cd0b55767084333022ce53f42befbb69c059ee6c0a32766f160783"), - 1: decodeHex("f28e7dc5d058b98ba6f635c1de061a507426983b7ec370d3ba7ce90bdfd1a7c1"), - 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 4: decodeHex("18314f0c33adea45e461155e190199716256ca532cd89e9aa3b7d2f6407fa4c8"), - 5: decodeHex("7da8fcc5689af6d0f2a089b19bbe146702372ccfdc3d5758bf6b49ba50c7366e"), - 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), - 7: decodeHex("8c5dc451764d0db9c1e17da03564bcae3a09fa3d7f8e467d9c381dc8698377d6"), - 8: decodeHex("98effecabbbdc67dd7627d0c50f24bbce548ca6e6fcca30ad284afde91a042a4"), - 9: decodeHex("4df4604236d15333b1a07acdb3c4655f3da5c0843b62e7a9df2f62844a9d92f1"), - 14: decodeHex("6eb05e8a8a6272a8e4b925a67c650daa13c12b1a80cc797d40fd345e29660161"), - }, - }}, -} - -func TestParseEventLogs(t *testing.T) { - sbatErrorStr := "asn1: structure error: tags don't match (16 vs {class:0 tag:24 length:10 isCompound:true})" - logs := []struct { - eventLog - name string - opts VerifyOpts - // This field handles known issues with event log parsing or bad event - // logs. - // Set to nil when the event log has no known issues. - errorSubstrs []string - }{ - {Debian10GCE, "Debian10GCE", VerifyOpts{Loader: UnsupportedLoader}, nil}, - {Rhel8GCE, "Rhel8GCE", VerifyOpts{Loader: GRUB}, nil}, - {UbuntuAmdSevGCE, "UbuntuAmdSevGCE", VerifyOpts{Loader: GRUB}, nil}, - // TODO: remove once the fix is pulled in - // https://github.com/google/go-attestation/pull/222 - {Ubuntu2104NoDbxGCE, "Ubuntu2104NoDbxGCE", VerifyOpts{Loader: GRUB}, []string{sbatErrorStr}}, - {Ubuntu2104NoSecureBootGCE, "Ubuntu2104NoSecureBootGCE", VerifyOpts{Loader: GRUB}, []string{sbatErrorStr}}, - // This event log has a SecureBoot variable length of 0. - {ArchLinuxWorkstation, "ArchLinuxWorkstation", VerifyOpts{Loader: UnsupportedLoader, AllowEFIAppBeforeCallingEvent: true}, archLinuxKnownParsingFailures}, - {COS85AmdSev, "COS85AmdSev", VerifyOpts{Loader: GRUB}, nil}, - {COS93AmdSev, "COS93AmdSev", VerifyOpts{Loader: GRUB}, nil}, - {COS101AmdSev, "COS101AmdSev", VerifyOpts{Loader: GRUB}, nil}, - {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp", VerifyOpts{Loader: GRUB}, nil}, - {GdcHost, "GdcHost", VerifyOpts{Loader: GRUB, AllowEFIAppBeforeCallingEvent: true}, []string{"invalid SCRTM version event for PCR0"}}, - {SP800155EventLog, "SP800155EventLog", VerifyOpts{Loader: GRUB}, nil}, - {CGKE251000, "CGKE251000", VerifyOpts{Loader: GRUB}, nil}, - } - - for _, log := range logs { - rawLog := log.RawLog - for _, bank := range log.Banks { - hashName := pb.HashAlgo_name[int32(bank.Hash)] - subtestName := fmt.Sprintf("%s-%s", log.name, hashName) - t.Run(subtestName, func(t *testing.T) { - if _, err := parsePCClientEventLog(rawLog, bank, log.opts); err != nil { - gErr, ok := err.(*GroupedError) - if !ok { - t.Errorf("ParseMachineState should return a GroupedError") - } - if len(log.errorSubstrs) == 0 { - t.Errorf("expected no errors in GroupedError, received (%v)", err) - } - if !gErr.containsKnownSubstrings(log.errorSubstrs) { - t.Errorf("failed to parse and replay log: %v", err) - } - } - }) - } - } -} - -func TestParseMachineStateReplayFail(t *testing.T) { - badPcrs := pb.PCRs{Hash: pb.HashAlgo_SHA1} - pcrMap := make(map[uint32][]byte) - pcrMap[0] = []byte{0, 0, 0, 0} - badPcrs.Pcrs = pcrMap - - _, err := parsePCClientEventLog(Debian10GCE.RawLog, &badPcrs, VerifyOpts{Loader: UnsupportedLoader}) - if err == nil { - t.Errorf("ParseMachineState should fail to replay the event log") - } - _, ok := err.(*GroupedError) - if !ok { - t.Errorf("ParseMachineState should return a GroupedError") - } -} - -func TestSystemParseEventLog(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - evtLog, err := client.GetEventLog(rwc) - if err != nil { - t.Fatalf("failed to retrieve Event Log: %v", err) - } - - sel := client.FullPcrSel(tpm2.AlgSHA1) - pcrs, err := client.ReadPCRs(rwc, sel) - if err != nil { - t.Fatalf("failed to read PCRs: %v", err) - } - - if _, err = parsePCClientEventLog(evtLog, pcrs, VerifyOpts{Loader: UnsupportedLoader}); err != nil { - t.Errorf("failed to parse MachineState: %v", err) - } -} - -func TestEmptyEventlog(t *testing.T) { - emptyLog := []byte{} - emptyState := &attestpb.MachineState{ - Hash: pb.HashAlgo_SHA1, - Platform: &attestpb.PlatformState{Firmware: &attestpb.PlatformState_ScrtmVersionId{}}, - SecureBoot: &attestpb.SecureBootState{}, - } - - // SHA-1 PCR data consisting of all zero digests (i.e. the reset state) - zeroDigest := make([]byte, crypto.SHA1.Size()) - zeroPCRs := &pb.PCRs{Hash: pb.HashAlgo_SHA1, Pcrs: make(map[uint32][]byte)} - for i := uint32(0); i < 24; i++ { - zeroPCRs.Pcrs[i] = zeroDigest - } - - // For our "Real" PCR data, use the simulated TPM (which has extended events) - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - realPCRs, err := client.ReadPCRs(rwc, client.FullPcrSel(tpm2.AlgSHA1)) - if err != nil { - t.Fatalf("failed to read PCRs: %v", err) - } - - cases := []struct { - name string - pcrs *pb.PCRs - }{ - {"Empty", &pb.PCRs{Hash: pb.HashAlgo_SHA1}}, - {"AllZero", zeroPCRs}, - {"Real", realPCRs}, - } - for _, c := range cases { - t.Run(c.name, func(t *testing.T) { - state, err := parsePCClientEventLog(emptyLog, c.pcrs, VerifyOpts{Loader: UnsupportedLoader}) - if err != nil { - t.Errorf("parsing empty eventlog: %v", err) - } - if diff := cmp.Diff(state, emptyState, protocmp.Transform(), protocmp.IgnoreEmptyMessages()); diff != "" { - t.Errorf("unexpected non-empty MachineState:\n%v", diff) - } - }) - } -} - -func TestParseSecureBootState(t *testing.T) { - for _, bank := range UbuntuAmdSevGCE.Banks { - msState, err := parsePCClientEventLog(UbuntuAmdSevGCE.RawLog, bank, VerifyOpts{Loader: UnsupportedLoader}) - if err != nil { - t.Errorf("failed to parse and replay log: %v", err) - } - containsWinProdPCA := false - contains3PUEFI := false - if len(msState.GetSecureBoot().GetDb().GetHashes()) != 0 { - t.Error("found hashes in db") - } - for _, cert := range msState.GetSecureBoot().GetDb().GetCerts() { - switch c := cert.GetRepresentation().(type) { - case *attestpb.Certificate_WellKnown: - if c.WellKnown == attestpb.WellKnownCertificate_UNKNOWN { - t.Error(("found WellKnownCertificate_UNKNOWN in db")) - } - if c.WellKnown == attestpb.WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 { - contains3PUEFI = true - } else if c.WellKnown == attestpb.WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 { - containsWinProdPCA = true - } - } - } - if !contains3PUEFI || !containsWinProdPCA { - t.Error("expected to see both WinProdPCA and ThirdPartyUEFI certs") - } - - if len(msState.GetSecureBoot().GetPk().GetHashes()) != 0 { - t.Error("found hashes in pk") - } - pkCerts := msState.GetSecureBoot().GetPk().GetCerts() - if len(pkCerts) != 1 { - t.Errorf("expected to see exactly one cert in pk, but found %d", len(pkCerts)) - } else { - switch c := pkCerts[0].GetRepresentation().(type) { - case *attestpb.Certificate_WellKnown: - if c.WellKnown != attestpb.WellKnownCertificate_GCE_DEFAULT_PK { - t.Error("expected to see WellKnownCertificate_GCE_DEFAULT_PK in pk got a different well known cert") - } - default: - t.Error("expected to see WellKnownCertificate_GCE_DEFAULT_PK in pk") - } - } - - if len(msState.GetSecureBoot().GetKek().GetHashes()) != 0 { - t.Error("found hashes in kek") - } - kekCerts := msState.GetSecureBoot().GetKek().GetCerts() - if len(kekCerts) != 1 { - t.Errorf("expected to see exactly one cert in kek, but found %d", len(kekCerts)) - } else { - switch c := kekCerts[0].GetRepresentation().(type) { - case *attestpb.Certificate_WellKnown: - if c.WellKnown != attestpb.WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011 { - t.Error("expected to see WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011 in kek got a different well known cert") - } - default: - t.Error("expected to see WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011 in kek") - } - } - } -} - -func convertToPCRBank(t *testing.T, pcrs *pb.PCRs) register.PCRBank { - pcrBank := register.PCRBank{TCGHashAlgo: state.HashAlgo(pcrs.Hash)} - digestAlg, err := pcrBank.TCGHashAlgo.CryptoHash() - if err != nil { - t.Fatal(err) - } - for ind, dgst := range pcrs.GetPcrs() { - pcrBank.PCRs = append(pcrBank.PCRs, register.PCR{ - Index: int(ind), - Digest: dgst, - DigestAlg: digestAlg}, - ) - } - return pcrBank -} - -func getRTMRBank(t *testing.T, fakeRTMR *fakertmr.RtmrSubsystem) register.RTMRBank { - rtmrBank := register.RTMRBank{} - // RTMR 0 to 3 - for i := 0; i < 4; i++ { - digest, err := configfstsmrtmr.GetDigest(fakeRTMR, i) - if err != nil { - t.Fatal(err) - } - rtmrBank.RTMRs = append(rtmrBank.RTMRs, register.RTMR{Index: i, Digest: digest.Digest}) - } - return rtmrBank -} - -func TestParsingRTMREventlog(t *testing.T) { - coscel := &cel.CEL{} - emptyCosState := attestpb.ContainerState{} - emptyHealthMonitoringState := attestpb.HealthMonitoringState{} - emptyGpuDeviceState := attestpb.GpuDeviceState{} - - var buf bytes.Buffer - // First, encode an empty CEL and try to parse it. - if err := coscel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - - fakeRTMR := fakertmr.CreateRtmrSubsystem(t.TempDir()) - rtmrBank := getRTMRBank(t, fakeRTMR) - - acosState, err := ParseCosCELRTMR(buf.Bytes(), rtmrBank) - if err != nil { - t.Errorf("expecting no error from ParseCosCELRTMR(), but get %v", err) - } - if diff := cmp.Diff(acosState.Container, &emptyCosState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected container state difference:\n%v", diff) - } - if diff := cmp.Diff(acosState.HealthMonitoring, &emptyHealthMonitoringState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected health monitoring difference:\n%v", diff) - } - if acosState.HealthMonitoring.MemoryEnabled != nil { - t.Errorf("unexpected MemoryEnabled state, want nil, but got %v", *acosState.HealthMonitoring.MemoryEnabled) - } - if diff := cmp.Diff(acosState.GpuDeviceState, &emptyGpuDeviceState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected GPU device state difference:\n%v", diff) - } - - // add events - testCELEvents := []struct { - cosNestedEventType cel.CosType - register int - eventPayload []byte - }{ - {cel.ImageRefType, cel.CosRTMR, []byte("docker.io/bazel/experimental/test:latest")}, - {cel.ImageDigestType, cel.CosRTMR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, - {cel.RestartPolicyType, cel.CosRTMR, []byte(attestpb.RestartPolicy_Always.String())}, - {cel.ImageIDType, cel.CosRTMR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, - {cel.EnvVarType, cel.CosRTMR, []byte("foo=bar")}, - {cel.EnvVarType, cel.CosRTMR, []byte("bar=baz")}, - {cel.EnvVarType, cel.CosRTMR, []byte("baz=foo=bar")}, - {cel.EnvVarType, cel.CosRTMR, []byte("empty=")}, - {cel.ArgType, cel.CosRTMR, []byte("--x")}, - {cel.ArgType, cel.CosRTMR, []byte("--y")}, - {cel.ArgType, cel.CosRTMR, []byte("")}, - {cel.MemoryMonitorType, cel.CosRTMR, []byte{1}}, - {cel.GpuCCModeType, cel.CosRTMR, []byte(attestpb.GPUDeviceCCMode_ON.String())}, - } - - expectedEnvVars := make(map[string]string) - expectedEnvVars["foo"] = "bar" - expectedEnvVars["bar"] = "baz" - expectedEnvVars["baz"] = "foo=bar" - expectedEnvVars["empty"] = "" - - wantContainerState := attestpb.ContainerState{ - ImageReference: string(testCELEvents[0].eventPayload), - ImageDigest: string(testCELEvents[1].eventPayload), - RestartPolicy: attestpb.RestartPolicy_Always, - ImageId: string(testCELEvents[3].eventPayload), - EnvVars: expectedEnvVars, - Args: []string{string(testCELEvents[8].eventPayload), string(testCELEvents[9].eventPayload), string(testCELEvents[10].eventPayload)}, - } - enabled := true - wantHealthMonitoringState := attestpb.HealthMonitoringState{ - MemoryEnabled: &enabled, - } - wantGpuDeviceState := attestpb.GpuDeviceState{ - CcMode: attestpb.GPUDeviceCCMode_ON, - } - - for _, testEvent := range testCELEvents { - cosEvent := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload} - if err := coscel.AppendEventRTMR(fakeRTMR, testEvent.register, cosEvent); err != nil { - t.Fatal(err) - } - } - buf = bytes.Buffer{} - if err := coscel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - - rtmrBank = getRTMRBank(t, fakeRTMR) - - if acosState, err := ParseCosCELRTMR(buf.Bytes(), rtmrBank); err != nil { - t.Errorf("expecting no error from ParseCosCELRTMR(), but get %v", err) - } else { - if diff := cmp.Diff(acosState.Container, &wantContainerState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected container state difference:\n%v", diff) - } - if diff := cmp.Diff(acosState.HealthMonitoring, &wantHealthMonitoringState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected health monitoring state difference:\n%v", diff) - } - if diff := cmp.Diff(acosState.GpuDeviceState, &wantGpuDeviceState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected GPU device state difference:\n%v", diff) - } - } - - // Faking PCR with RTMR should fail - imposterPcrBank := map[uint32][]byte{} - imposterPcrBank[1] = rtmrBank.RTMRs[0].Digest - imposterPcrBank[2] = rtmrBank.RTMRs[1].Digest - imposterPcrBank[3] = rtmrBank.RTMRs[2].Digest - imposterPcrBank[4] = rtmrBank.RTMRs[3].Digest - imposterPcrs := &pb.PCRs{Hash: pb.HashAlgo_SHA384, Pcrs: imposterPcrBank} - hackedPCRBank := convertToPCRBank(t, imposterPcrs) - if _, err = ParseCosCELPCR(buf.Bytes(), hackedPCRBank); err == nil { - t.Errorf("expecting error from ParseCosCELPCR() when using RTMR CEL Log, but get nil") - } -} - -func TestParsingCELEventLog(t *testing.T) { - test.SkipForRealTPM(t) - tpm := test.GetTPM(t) - defer client.CheckedClose(t, tpm) - - coscel := &cel.CEL{} - emptyCosState := attestpb.ContainerState{} - emptyHealthMonitoringState := attestpb.HealthMonitoringState{} - emptyGpuDeviceState := attestpb.GpuDeviceState{} - - var buf bytes.Buffer - // First, encode an empty CEL and try to parse it. - if err := coscel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - banks, err := client.ReadAllPCRs(tpm) - if err != nil { - t.Fatal(err) - } - - implementedHashes := []crypto.Hash{} - // get all implmented hash algo in the TPM - for _, h := range banks { - hsh, err := tpm2.Algorithm(h.Hash).Hash() - if err != nil { - t.Fatal(err) - } - implementedHashes = append(implementedHashes, crypto.Hash(hsh)) - } - - for _, bank := range banks { - pcrBank := convertToPCRBank(t, bank) - // pcrs can have any value here, since the coscel has no records, the replay should always success. - acosState, err := ParseCosCELPCR(buf.Bytes(), pcrBank) - if err != nil { - t.Errorf("expecting no error from ParseCosCELPCR(), but get %v", err) - } - if diff := cmp.Diff(acosState.Container, &emptyCosState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected container state difference:\n%v", diff) - } - if diff := cmp.Diff(acosState.HealthMonitoring, &emptyHealthMonitoringState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected health monitoring difference:\n%v", diff) - } - if acosState.HealthMonitoring.MemoryEnabled != nil { - t.Errorf("unexpected MemoryEnabled state, want nil, but got %v", *acosState.HealthMonitoring.MemoryEnabled) - } - if diff := cmp.Diff(acosState.GpuDeviceState, &emptyGpuDeviceState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected GPU device state difference:\n%v", diff) - } - } - - // Secondly, append some real COS events to the CEL. This time we should get content in the CosState. - testCELEvents := []struct { - cosNestedEventType cel.CosType - pcr int - eventPayload []byte - }{ - {cel.ImageRefType, cel.CosEventPCR, []byte("docker.io/bazel/experimental/test:latest")}, - {cel.ImageDigestType, cel.CosEventPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, - {cel.RestartPolicyType, cel.CosEventPCR, []byte(attestpb.RestartPolicy_Always.String())}, - {cel.ImageIDType, cel.CosEventPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, - {cel.EnvVarType, cel.CosEventPCR, []byte("foo=bar")}, - {cel.EnvVarType, cel.CosEventPCR, []byte("bar=baz")}, - {cel.EnvVarType, cel.CosEventPCR, []byte("baz=foo=bar")}, - {cel.EnvVarType, cel.CosEventPCR, []byte("empty=")}, - {cel.ArgType, cel.CosEventPCR, []byte("--x")}, - {cel.ArgType, cel.CosEventPCR, []byte("--y")}, - {cel.ArgType, cel.CosEventPCR, []byte("")}, - {cel.MemoryMonitorType, cel.CosEventPCR, []byte{1}}, - {cel.GpuCCModeType, cel.CosEventPCR, []byte(attestpb.GPUDeviceCCMode_OFF.String())}, - } - - expectedEnvVars := make(map[string]string) - expectedEnvVars["foo"] = "bar" - expectedEnvVars["bar"] = "baz" - expectedEnvVars["baz"] = "foo=bar" - expectedEnvVars["empty"] = "" - - wantContainerState := attestpb.ContainerState{ - ImageReference: string(testCELEvents[0].eventPayload), - ImageDigest: string(testCELEvents[1].eventPayload), - RestartPolicy: attestpb.RestartPolicy_Always, - ImageId: string(testCELEvents[3].eventPayload), - EnvVars: expectedEnvVars, - Args: []string{string(testCELEvents[8].eventPayload), string(testCELEvents[9].eventPayload), string(testCELEvents[10].eventPayload)}, - } - enabled := true - wantHealthMonitoringState := attestpb.HealthMonitoringState{ - MemoryEnabled: &enabled, - } - wantGpuDeviceState := attestpb.GpuDeviceState{ - CcMode: attestpb.GPUDeviceCCMode_OFF, - } - for _, testEvent := range testCELEvents { - cosEvent := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload} - - if err := coscel.AppendEventPCR(tpm, testEvent.pcr, cosEvent); err != nil { - t.Fatal(err) - } - } - buf = bytes.Buffer{} - if err := coscel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - banks, err = client.ReadAllPCRs(tpm) - if err != nil { - t.Fatal(err) - } - for _, bank := range banks { - pcrBank := convertToPCRBank(t, bank) - - if acosState, err := ParseCosCELPCR(buf.Bytes(), pcrBank); err != nil { - t.Errorf("expecting no error from ParseCosCELPCR(), but get %v", err) - } else { - if diff := cmp.Diff(acosState.Container, &wantContainerState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected container state difference:\n%v", diff) - } - if diff := cmp.Diff(acosState.HealthMonitoring, &wantHealthMonitoringState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected health monitoring state difference:\n%v", diff) - } - if diff := cmp.Diff(acosState.GpuDeviceState, &wantGpuDeviceState, protocmp.Transform()); diff != "" { - t.Errorf("unexpected GPU device state difference:\n%v", diff) - } - } - } - - // Thirdly, append a random non-COS event, encode and try to parse it. - // Because there is no COS TLV event, attestation should fail as we do not - // understand the content type. - event, err := generateNonCosCelEvent(implementedHashes) - if err != nil { - t.Fatal(err) - } - coscel.Records = append(coscel.Records, event) - buf = bytes.Buffer{} - if err := coscel.EncodeCEL(&buf); err != nil { - t.Fatal(err) - } - // extend digests to the PCR - for _, hash := range implementedHashes { - algo, err := tpm2.HashToAlgorithm(hash) - if err != nil { - t.Fatal(err) - } - if err := tpm2.PCRExtend(tpm, tpmutil.Handle(cel.CosEventPCR), algo, event.Digests[hash], ""); err != nil { - t.Fatal(err) - } - } - banks, err = client.ReadAllPCRs(tpm) - if err != nil { - t.Fatal(err) - } - for _, bank := range banks { - pcrBank := convertToPCRBank(t, bank) - _, err := ParseCosCELPCR(buf.Bytes(), pcrBank) - if err == nil { - t.Errorf("expected error when parsing event log with unknown content type") - } - } -} - -func generateNonCosCelEvent(hashAlgoList []crypto.Hash) (cel.Record, error) { - randRecord := cel.Record{} - randRecord.RecNum = 0 - randRecord.Index = cel.CosEventPCR - contentValue := make([]byte, 10) - rand.Read(contentValue) - randRecord.Content = cel.TLV{Type: 250, Value: contentValue} - contentBytes, err := randRecord.Content.MarshalBinary() - if err != nil { - return cel.Record{}, err - } - - digestMap := make(map[crypto.Hash][]byte) - for _, hash := range hashAlgoList { - h := hash.New() - h.Write(contentBytes) - digestMap[hash] = h.Sum(nil) - } - randRecord.Digests = digestMap - - return randRecord, nil -} - -func TestParseLinuxKernelState(t *testing.T) { - logs := []struct { - eventLog - name string - expectedCmdline string - }{ - {COS85AmdSev, "COS85AmdSev", test.Cos85AmdSevCmdline}, - {COS93AmdSev, "COS93AmdSev", test.Cos93AmdSevCmdline}, - {COS101AmdSev, "COS101AmdSev", test.Cos101AmdSevCmdline}, - {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp", test.Ubuntu2404AmdSevSnpCmdline}, - } - for _, log := range logs { - for _, bank := range log.Banks { - hashName := pb.HashAlgo_name[int32(bank.Hash)] - subtestName := fmt.Sprintf("%s-%s", log.name, hashName) - t.Run(subtestName, func(t *testing.T) { - msState, err := parsePCClientEventLog(log.RawLog, bank, VerifyOpts{Loader: GRUB}) - if err != nil { - t.Errorf("failed to parse and replay log: %v", err) - } - - if msState.LinuxKernel == nil || len(msState.LinuxKernel.CommandLine) == 0 { - t.Errorf("expected %s to have a LinuxKernelState", log.name) - } - - if msState.LinuxKernel.CommandLine != log.expectedCmdline { - t.Errorf("kernel command line for log %s:\n'%s'\n did not match expected cmdline:\n'%s'", - log.name, - msState.LinuxKernel.CommandLine, - log.expectedCmdline) - } - }) - } - } -} - -func TestNullTerminatedDataDigest(t *testing.T) { - rawdata := []byte("123456") - rawdataNullTerminated := []byte("123456\x00") - rawdataModifyLastByte := []byte("123456\xff") - hash := crypto.SHA256 - hasher := hash.New() - hasher.Write(rawdata) - rawDigest := hasher.Sum(nil) - hasher.Reset() - hasher.Write(rawdataNullTerminated) - nullTerminatedDigest := hasher.Sum(nil) - hasher.Reset() - - if err := verifyDataDigest(hasher, rawdata, rawDigest); err != nil { - t.Error(err) - } - if err := verifyDataDigest(hasher, rawdata, nullTerminatedDigest); err == nil { - t.Errorf("non null-terminated data should not match the null-terminated digest") - } - - // "rawdata + '\x00'" can be verified with digest("rawdata") as well as digest("rawdata + '\x00'") - if err := verifyNullTerminatedDataDigest(hasher, rawdataNullTerminated, nullTerminatedDigest); err != nil { - t.Error(err) - } - if err := verifyNullTerminatedDataDigest(hasher, rawdataNullTerminated, rawDigest); err != nil { - t.Error(err) - } - - if err := verifyNullTerminatedDataDigest(hasher, rawdata, nullTerminatedDigest); err == nil { - t.Errorf("non null-terminated data should always fail") - } - if err := verifyNullTerminatedDataDigest(hasher, rawdataModifyLastByte, nullTerminatedDigest); err == nil { - t.Errorf("manipulated null terminated data should fail") - } - if err := verifyNullTerminatedDataDigest(hasher, []byte{}, []byte{}); err == nil { - t.Errorf("len() == 0 should always fail") - } -} - -func TestParseGrubState(t *testing.T) { - logs := []struct { - eventLog - name string - }{ - {COS85AmdSev, "COS85AmdSev"}, - {COS93AmdSev, "COS93AmdSev"}, - {COS101AmdSev, "COS101AmdSev"}, - {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp"}, - } - for _, log := range logs { - for _, bank := range log.Banks { - hashName := pb.HashAlgo_name[int32(bank.Hash)] - subtestName := fmt.Sprintf("%s-%s", log.name, hashName) - t.Run(subtestName, func(t *testing.T) { - msState, err := parsePCClientEventLog(log.RawLog, bank, VerifyOpts{Loader: GRUB}) - if err != nil { - t.Errorf("failed to parse and replay log: %v", err) - } - - if len(msState.Grub.GetCommands()) == 0 { - t.Errorf("expected COS85 to run GRUB commands!") - } - if strings.HasPrefix(subtestName, "COS") && len(msState.Grub.GetFiles()) != 2 { - t.Errorf("expected COS85 to read two files (grub.cfg and kernel)!") - } - - // check the absence of EV_EVENT_TAG in the GRUB files. - for _, f := range msState.Grub.GetFiles() { - if bytes.Equal(f.GetUntrustedFilename(), decodeHex(EventTagLoadedImageHex)) { - t.Error("EV_EVENT_TAG should not be in the GRUB files") - } - } - }) - } - } -} - -func TestParseGrubStateFail(t *testing.T) { - // No GRUB measurements for this event log. - eventlog := GlinuxNoSecureBootLaptop - for _, bank := range eventlog.Banks { - hashName := pb.HashAlgo_name[int32(bank.Hash)] - subtestName := fmt.Sprintf("GlinuxNoSecureBootLaptop-%s", hashName) - t.Run(subtestName, func(t *testing.T) { - _, err := parsePCClientEventLog(eventlog.RawLog, bank, VerifyOpts{Loader: GRUB}) - if err == nil { - t.Error("expected error when parsing GRUB state") - } - gErr, ok := err.(*GroupedError) - if !ok { - t.Errorf("ParseMachineState should return a GroupedError") - } - if !gErr.containsSubstring("no GRUB measurements found") { - t.Errorf("expected GroupedError (%s) to contain no GRUB measurements error", err) - } - }) - } -} - -func TestParseEfiState(t *testing.T) { - logs := []struct { - eventLog - name string - }{ - {Rhel8GCE, "Rhel8GCE"}, - {UbuntuAmdSevGCE, "UbuntuAmdSevGCE"}, - {Ubuntu2104NoSecureBootGCE, "Ubuntu2104NoSecureBootGCE"}, - {COS85AmdSev, "COS85AmdSev"}, - {COS93AmdSev, "COS93AmdSev"}, - {COS101AmdSev, "COS101AmdSev"}, - } - for _, log := range logs { - for _, bank := range log.Banks { - hashName := pb.HashAlgo_name[int32(bank.Hash)] - subtestName := fmt.Sprintf("%s-%s", log.name, hashName) - t.Run(subtestName, func(t *testing.T) { - msState, err := parsePCClientEventLog(log.RawLog, bank, VerifyOpts{Loader: UnsupportedLoader}) - if err != nil { - t.Errorf("parsePCClientEventLog(%v, %v) got err = %v, want nil", log.name, bank.GetHash().String(), err) - } - - if msState.GetEfi() == nil { - t.Error("msState.GetEfi() returned nil, want EFI state") - } - efiApps := msState.GetEfi().GetApps() - if len(efiApps) == 0 { - t.Error("msState.GetEfi().GetApps() returned empty, want non-zero length") - } - expectedDigestStrs := log.ExpectedEFIAppDigests[bank.Hash] - if len(expectedDigestStrs) == 0 { - t.Fatalf("%v log used to test EFIState, but it has no expected EFI App digests", log.name) - } - expectedDigests := make([][]byte, 0, len(expectedDigestStrs)) - for _, digestStr := range log.ExpectedEFIAppDigests[bank.Hash] { - expectedDigests = append(expectedDigests, decodeHex(digestStr)) - } - gotDigests := make([][]byte, 0, len(efiApps)) - for _, app := range efiApps { - gotDigests = append(gotDigests, app.GetDigest()) - } - if !cmp.Equal(gotDigests, expectedDigests) { - t.Errorf("msState.GetEfi().GetApps() digests got %v, want %v", gotDigests, expectedDigests) - } - }) - } - } -} - -func TestGetGrubStateWithModifiedNullTerminator(t *testing.T) { - // Choose an eventlog with GRUB. - eventlog := UbuntuAmdSevGCE - // Just use the SHA256 bank. - events, err := parseReplayHelper(eventlog.RawLog, eventlog.Banks[1]) - if err != nil { - t.Fatal(err) - } - cryptoHash, _ := tpm2.Algorithm(eventlog.Banks[1].Hash).Hash() - - // Make sure the original events can parse successfully. - pbEvents := convertToPbEvents(cryptoHash, events) - if _, err := getGrubState(cryptoHash, pbEvents); err != nil { - t.Fatal(err) - } - - // Change the null terminator. - for _, e := range events { - if e.Index == 8 { - if e.Data[len(e.Data)-1] == '\x00' { - e.Data[len(e.Data)-1] = '\xff' - } - } - } - - // Parse again, make sure it will fail. - pbEvents = convertToPbEvents(cryptoHash, events) - if _, err := getGrubState(cryptoHash, pbEvents); err == nil { - t.Error("Expected getGrubState to fail after modifying the null terminator") - } -} - -func TestParseEventLogCallingEFIAppError(t *testing.T) { - tests := []struct { - eventLog - name string - }{ - {ArchLinuxWorkstation, "ArchLinuxWorkstation"}, - {GdcHost, "GdcHost"}, - } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - for _, bank := range test.Banks { - if _, err := parsePCClientEventLog(test.RawLog, bank, VerifyOpts{AllowEFIAppBeforeCallingEvent: false}); err == nil || !strings.Contains(err.Error(), "before CallingEFIApp event") { - t.Errorf("parsePCClientEventLog(%s): expected Calling EFI App error, received %v", test.name, err) - } - } - }) - } -} - -func decodeHex(hexStr string) []byte { - bytes, err := hex.DecodeString(hexStr) - if err != nil { - panic(err) - } - return bytes -} diff --git a/vendor/github.com/google/go-tpm-tools/server/example_test.go b/vendor/github.com/google/go-tpm-tools/server/example_test.go deleted file mode 100644 index 12624c0b9..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/example_test.go +++ /dev/null @@ -1,47 +0,0 @@ -package server - -import ( - "crypto" - "fmt" - "log" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/simulator" -) - -func ExampleVerifyAttestation() { - // On client machine, generate the TPM quote. - // TODO: use real TPM. - simulator, err := simulator.Get() - if err != nil { - log.Fatalf("failed to initialize simulator: %v", err) - } - defer simulator.Close() - - ak, err := client.AttestationKeyRSA(simulator) - if err != nil { - log.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - nonce := []byte("super secret nonce") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - log.Fatalf("failed to attest: %v", err) - } - - // TODO: send Attestation proto to verifier - - // verify the attesation proto - opts := VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - AllowSHA1: true, - } - state, err := VerifyAttestation(attestation, opts) - if err != nil { - log.Fatalf("failed to verify: %v", err) - } - - fmt.Println(state) -} diff --git a/vendor/github.com/google/go-tpm-tools/server/grouped_error.go b/vendor/github.com/google/go-tpm-tools/server/grouped_error.go deleted file mode 100644 index 26a4f5a06..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/grouped_error.go +++ /dev/null @@ -1,77 +0,0 @@ -package server - -import "strings" - -var fatalError = "fatal: invalid GroupedError" - -// GroupedError collects related errors and exposes them as a single error. -// Users can inspect the `Errors` field for details on the suberrors. -type GroupedError struct { - // The prefix string returned by `Error()`, followed by the grouped errors. - Prefix string - Errors []error -} - -func (gErr *GroupedError) Error() string { - if len(gErr.Errors) == 0 { - return fatalError - } - var sb strings.Builder - for _, err := range gErr.Errors { - sb.WriteString("\n") - sb.WriteString(err.Error()) - } - return gErr.Prefix + sb.String() -} - -func createGroupedError(prefix string, errors []error) error { - if len(errors) == 0 { - return nil - } - return &GroupedError{Prefix: prefix, Errors: errors} -} - -func (gErr *GroupedError) containsSubstring(substr string) bool { - for _, err := range gErr.Errors { - if strings.Contains(err.Error(), substr) { - return true - } - } - return false -} - -// containsKnownSubstrings is used to match a set of known errors. -// Each substring must only match error in the GroupedError. -// In other words, there must not be overlap in the substring matches. -func (gErr *GroupedError) containsKnownSubstrings(substrs []string) bool { - if len(gErr.Errors) != len(substrs) { - return false - } - matchedGErr := make(map[string]bool) - for _, err := range gErr.Errors { - matchedGErr[err.Error()] = false - for _, substr := range substrs { - if strings.Contains(err.Error(), substr) { - if matchedGErr[err.Error()] { - // Duplicated match for the error. - return false - } - matchedGErr[err.Error()] = true - } - } - } - - for _, matched := range matchedGErr { - if !matched { - return false - } - } - return true -} - -func (gErr *GroupedError) containsOnlySubstring(substr string) bool { - if len(gErr.Errors) != 1 { - return false - } - return gErr.containsSubstring(substr) -} diff --git a/vendor/github.com/google/go-tpm-tools/server/grouped_error_test.go b/vendor/github.com/google/go-tpm-tools/server/grouped_error_test.go deleted file mode 100644 index f2600c9b0..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/grouped_error_test.go +++ /dev/null @@ -1,126 +0,0 @@ -package server - -import ( - "errors" - "fmt" - "testing" -) - -func TestGroupedError(t *testing.T) { - var gErr GroupedError - gErr.Errors = append(gErr.Errors, errors.New("error1")) - gErr.Errors = append(gErr.Errors, errors.New("error2")) - gErr.Errors = append(gErr.Errors, fmt.Errorf("fmted error")) - gErr.Errors = append(gErr.Errors, fmt.Errorf("wrapped: %w", errors.New("error3"))) - gErr.Prefix = "failed action:" - - expected := `failed action: -error1 -error2 -fmted error -wrapped: error3` - - if gErr.Error() != expected { - t.Errorf("error string output (%s) did not match expected (%s)", - gErr.Error(), expected) - } -} - -func TestEmptyGroupedError(t *testing.T) { - outErr := GroupedError{Prefix: "foo:", Errors: []error{}} - if outErr.Error() != fatalError { - t.Errorf("error string output (%s) did not match fatal error (%s)", - outErr.Error(), fatalError) - } -} - -func TestCreateGroupedErrorFail(t *testing.T) { - outErr := createGroupedError("foo:", []error{}) - if outErr != nil { - t.Errorf("expected nil error!") - } -} - -func TestContainsOnlySubstring(t *testing.T) { - wholeString := "err error errorz" - err := errors.New(wholeString) - outErr := GroupedError{Prefix: "foo:", Errors: []error{err}} - if !outErr.containsOnlySubstring("error") { - t.Errorf("expected a match for substring") - } - if !outErr.containsOnlySubstring("err") { - t.Errorf("expected a match for substring") - } - if !outErr.containsOnlySubstring("") { - t.Errorf("expected a match for substring") - } - if !outErr.containsOnlySubstring(wholeString) { - t.Errorf("expected a match for substring") - } -} - -func TestContainsOnlySubstringsFalse(t *testing.T) { - wholeString := "err error errorz" - err := errors.New(wholeString) - outErr := GroupedError{Prefix: "foo:", Errors: []error{err}} - - tests := []struct { - name string - substring string - }{ - {"AdditionalCharacterStart", "." + wholeString}, - {"AdditionalCharacterEnd", wholeString + "."}, - {"RemovedCharacter", wholeString[:5] + wholeString[6:]}, - {"ReplacedCharacter", wholeString[:5] + "." + wholeString[6:]}, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - if outErr.containsOnlySubstring(test.substring) { - t.Errorf("expected failed matching for substring") - } - - }) - } -} - -func TestContainsKnownSubstrings(t *testing.T) { - err := errors.New("err error errorz") - err2 := errors.New("new newww newzz") - err3 := errors.New("iss issue issues") - outErr := GroupedError{Prefix: "foo:", Errors: []error{err, err2, err3}} - if !outErr.containsKnownSubstrings([]string{"error", " newzz", " issue "}) { - t.Errorf("expected a match for known substrings") - } -} - -func TestContainsKnownSubstringsFalse(t *testing.T) { - err := errors.New("err error errorz") - err2 := errors.New("new newww newzz") - err3 := errors.New("iss issue issues") - outErr := GroupedError{Prefix: "foo:", Errors: []error{err, err2, err3}} - - tests := []struct { - name string - substrings []string - }{ - {"NoSubstrings", []string{}}, - {"OneEmptySubstring", []string{""}}, - // Should fail, since there is overlap between substrings. - {"AllEmptySubstrings", []string{"", "", ""}}, - {"FewerSubstrings", []string{"err"}}, - {"FewerSubstrings2", []string{"error", " issue "}}, - {"MoreSubstrings", []string{"error", " newzz", " issue ", " issues"}}, - {"MoreSubstrings5", []string{"error", " newzz", " issue ", " issues", "err"}}, - {"OverlappingSubstrings", []string{"error", " err", " issue "}}, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - if outErr.containsKnownSubstrings(test.substrings) { - t.Errorf("expected failed matching for known substrings") - } - - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/server/import.go b/vendor/github.com/google/go-tpm-tools/server/import.go deleted file mode 100644 index 1e56d18c1..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/import.go +++ /dev/null @@ -1,250 +0,0 @@ -// Package server contains functions to be ran on a server (no TPM needed), as oppose to a client (with TPM). -package server - -import ( - "crypto" - "crypto/aes" - "crypto/cipher" - "crypto/elliptic" - "crypto/hmac" - "crypto/rand" - "crypto/rsa" - "fmt" - "hash" - "io" - - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - pb "github.com/google/go-tpm-tools/proto/tpm" -) - -// CreateImportBlob uses the provided public EK to encrypt the sensitive data. -// The returned ImportBlob can then be decrypted and imported using the -// client Key.Import() method. A non-nil pcrs parameter adds a requirement -// that the TPM must have specific PCR values for Import() to succeed. -func CreateImportBlob(ekPub crypto.PublicKey, sensitive []byte, pcrs *pb.PCRs) (*pb.ImportBlob, error) { - ek, err := CreateEKPublicAreaFromKey(ekPub) - if err != nil { - return nil, err - } - private := createPrivate(sensitive) - public := createPublic(private) - - return createImportBlobHelper(ek, public, private, pcrs) -} - -// CreateSigningKeyImportBlob uses the provided public EK to encrypt the signing -// key into import blob format. The returned import blob can be used to import -// the signing key into the TPM associated with the provided EK without exposing -// the private area to the TPM's OS using the client Key.ImportSigningKey() -// method. A non-nil pcrs parameter adds a requirement that the TPM must have -// specific PCR values to use the signing key. -func CreateSigningKeyImportBlob(ekPub crypto.PublicKey, signingKey crypto.PrivateKey, pcrs *pb.PCRs) (*pb.ImportBlob, error) { - ek, err := CreateEKPublicAreaFromKey(ekPub) - if err != nil { - return nil, err - } - public, private, err := createPublicPrivateSign(signingKey) - if err != nil { - return nil, err - } - - return createImportBlobHelper(ek, public, private, pcrs) -} - -func createImportBlobHelper(ek, public tpm2.Public, private tpm2.Private, pcrs *pb.PCRs) (*pb.ImportBlob, error) { - setPublicAuth(&public, pcrs) - - var seed, encryptedSeed []byte - var err error - switch ek.Type { - case tpm2.AlgRSA: - seed, encryptedSeed, err = createRSASeed(ek) - if err != nil { - return nil, err - } - case tpm2.AlgECC: - seed, encryptedSeed, err = createECCSeed(ek) - if err != nil { - return nil, err - } - default: - return nil, fmt.Errorf("unsupported EK type: %v", ek.Type) - } - duplicate, err := createDuplicate(private, seed, public, ek) - if err != nil { - return nil, err - } - pubEncoded, err := public.Encode() - if err != nil { - return nil, err - } - - return &pb.ImportBlob{ - Duplicate: duplicate, - EncryptedSeed: encryptedSeed, - PublicArea: pubEncoded, - Pcrs: pcrs, - }, nil -} - -func setPublicAuth(public *tpm2.Public, pcrs *pb.PCRs) { - if len(pcrs.GetPcrs()) == 0 { - // Allow password authorization so we can use a nil AuthPolicy. - public.AuthPolicy = nil - public.Attributes |= tpm2.FlagUserWithAuth - } else { - public.AuthPolicy = internal.PCRSessionAuth(pcrs, client.SessionHashAlg) - public.Attributes |= tpm2.FlagAdminWithPolicy - } -} - -func createRSASeed(ek tpm2.Public) (seed, encryptedSeed []byte, err error) { - seedSize := ek.RSAParameters.Symmetric.KeyBits / 8 - seed = make([]byte, seedSize) - if _, err := io.ReadFull(rand.Reader, seed); err != nil { - panic(err) - } - - ekPub, err := ek.Key() - if err != nil { - return nil, nil, err - } - encryptedSeed, err = rsa.EncryptOAEP( - getHash(ek.NameAlg), - rand.Reader, - ekPub.(*rsa.PublicKey), - seed, - []byte("DUPLICATE\x00")) - if err != nil { - return nil, nil, err - } - encryptedSeed, err = tpmutil.Pack(encryptedSeed) - return seed, encryptedSeed, err -} - -func createECCSeed(ek tpm2.Public) (seed, encryptedSeed []byte, err error) { - curve, err := curveIDToGoCurve(ek.ECCParameters.CurveID) - if err != nil { - return nil, nil, err - } - //nolint:staticcheck - // crypto/ecdh does not support P-224, while GCP vTPM supports P224. We should keep the deprecated library till P224 is supported by crypto/ecdh. - priv, x, y, err := elliptic.GenerateKey(curve, rand.Reader) - if err != nil { - return nil, nil, err - } - ekPoint := ek.ECCParameters.Point - //nolint:staticcheck - // crypto/ecdh does not support P-224, while GCP vTPM supports P224. We should keep the deprecated library till P224 is supported by crypto/ecdh. - z, _ := curve.ScalarMult(ekPoint.X(), ekPoint.Y(), priv) - xBytes := eccIntToBytes(curve, x) - - seed, err = tpm2.KDFe( - ek.NameAlg, - eccIntToBytes(curve, z), - "DUPLICATE", - xBytes, - eccIntToBytes(curve, ekPoint.X()), - getHash(ek.NameAlg).Size()*8) - if err != nil { - return nil, nil, err - } - encryptedSeed, err = tpmutil.Pack(tpmutil.U16Bytes(xBytes), tpmutil.U16Bytes(eccIntToBytes(curve, y))) - return seed, encryptedSeed, err -} - -func createDuplicate(private tpm2.Private, seed []byte, public, ek tpm2.Public) ([]byte, error) { - nameEncoded, err := getEncodedName(public) - if err != nil { - return nil, err - } - secret, err := private.Encode() - if err != nil { - return nil, err - } - packedSecret, err := tpmutil.Pack(tpmutil.U16Bytes(secret)) - if err != nil { - return nil, err - } - encryptedSecret, err := encryptSecret(packedSecret, seed, nameEncoded, ek) - if err != nil { - return nil, err - } - macSum, err := createHMAC(encryptedSecret, nameEncoded, seed, ek.NameAlg) - if err != nil { - return nil, err - } - return tpmutil.Pack(tpm2.IDObject{ - IntegrityHMAC: macSum, - EncIdentity: encryptedSecret, - }) -} - -func getEncodedName(public tpm2.Public) ([]byte, error) { - name, err := public.Name() - if err != nil { - return nil, err - } - return name.Digest.Encode() -} - -func encryptSecret(secret, seed, nameEncoded []byte, ek tpm2.Public) ([]byte, error) { - var symSize int - switch ek.Type { - case tpm2.AlgRSA: - symSize = int(ek.RSAParameters.Symmetric.KeyBits) - case tpm2.AlgECC: - symSize = int(ek.ECCParameters.Symmetric.KeyBits) - default: - return nil, fmt.Errorf("unsupported EK type: %v", ek.Type) - } - - symmetricKey, err := tpm2.KDFa( - ek.NameAlg, - seed, - "STORAGE", - nameEncoded, - /*contextV=*/ nil, - symSize) - if err != nil { - return nil, err - } - c, err := aes.NewCipher(symmetricKey) - if err != nil { - return nil, err - } - encSecret := make([]byte, len(secret)) - // The TPM spec requires an all-zero IV. - iv := make([]byte, len(symmetricKey)) - cipher.NewCFBEncrypter(c, iv).XORKeyStream(encSecret, secret) - return encSecret, nil -} - -func createHMAC(encryptedSecret, nameEncoded, seed []byte, hashAlg tpm2.Algorithm) ([]byte, error) { - macKey, err := tpm2.KDFa( - hashAlg, - seed, - "INTEGRITY", - /*contextU=*/ nil, - /*contextV=*/ nil, - getHash(hashAlg).Size()*8) - if err != nil { - return nil, err - } - mac := hmac.New(func() hash.Hash { return getHash(hashAlg) }, macKey) - mac.Write(encryptedSecret) - mac.Write(nameEncoded) - return mac.Sum(nil), nil -} - -func getHash(hashAlg tpm2.Algorithm) hash.Hash { - create, err := hashAlg.Hash() - if err != nil { - panic(err) - } - return create.New() -} diff --git a/vendor/github.com/google/go-tpm-tools/server/import_certify.go b/vendor/github.com/google/go-tpm-tools/server/import_certify.go deleted file mode 100644 index b04d85a64..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/import_certify.go +++ /dev/null @@ -1,188 +0,0 @@ -package server - -import ( - "bytes" - "crypto/hmac" - "crypto/rand" - "crypto/sha256" - "crypto/subtle" - "errors" - "fmt" - - tpb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/tpm2" -) - -// This file aims to implement the verifier side of https://trustedcomputinggroup.org/wp-content/uploads/EK-Based-Key-Attestation-with-TPM-Firmware-Version-V1-RC1_9July2025.pdf#page=8 -// For reference: https://github.com/TrustedComputingGroup/tpm-fw-attestation-reference-code - -var ( - errCertifiedWrongName = errors.New("incorrect name") - errWrongHashAlg = errors.New("wrong hash algorithm") - errInvalidHMAC = errors.New("invalid HMAC") - errInvalidAttestation = errors.New("attestation statement was invalid") -) - -// CreateRestrictedHMACBlob generates a new HMAC key and wraps it to the given EK. -func CreateRestrictedHMACBlob(tPublic *tpm2.TPMTPublic) (*tpb.ImportBlob, []byte, error) { - encap, err := tpm2.ImportEncapsulationKey(tPublic) - if err != nil { - return nil, nil, err - } - - hmacKey := make([]byte, 32) - pub, sensitive := generateRestrictedHMACKey(hmacKey) - name, err := tpm2.ObjectName(pub) - if err != nil { - return nil, nil, err - } - - duplicate, inSymSeed, err := tpm2.CreateDuplicate(rand.Reader, encap, name.Buffer, tpm2.Marshal(sensitive)) - if err != nil { - return nil, nil, err - } - - return &tpb.ImportBlob{ - PublicArea: tpm2.Marshal(pub), - Duplicate: duplicate, - EncryptedSeed: inSymSeed, - }, hmacKey, nil -} - -// VerifyCertifiedAKBlob verifies the blob against a secret HMAC. -func VerifyCertifiedAKBlob(req *tpb.CertifiedBlob, secret []byte) error { - akPub, err := tpm2.Unmarshal[tpm2.TPMTPublic](req.GetPubArea()) - if err != nil { - return err - } - - akName, err := tpm2.ObjectName(akPub) - if err != nil { - return err - } - - signature, err := tpm2.Unmarshal[tpm2.TPMTSignature](req.GetRawSig()) - if err != nil { - return err - } - - hmac, err := signature.Signature.HMAC() - if err != nil { - return err - } - - if err := verifyHMAC(secret, req.GetCertifyInfo(), hmac); err != nil { - return err - } - - attest, err := tpm2.Unmarshal[tpm2.TPMSAttest](req.GetCertifyInfo()) - if err != nil { - return err - } - - if err := verifyAttestCertify(attest); err != nil { - return err - } - - certify, err := attest.Attested.Certify() - if err != nil { - return err - } - - if err := verifyCertifyInfo(akName, certify); err != nil { - return err - } - - return nil -} - -// generateRestrictedHMACKey writes a new hmac to the input parameter and produces the pub/priv tpm2 structures -func generateRestrictedHMACKey(hmacKey []byte) (*tpm2.TPMTPublic, *tpm2.TPMTSensitive) { - // Generate the random obfuscation value and key - obfuscate := make([]byte, 32) - rand.Read(obfuscate) - rand.Read(hmacKey[:]) - - // Unique for a KEYEDHASH object is H_nameAlg(obfuscate | key) - // See Part 1, "Public Area Creation" - h := sha256.New() - h.Write(obfuscate) - h.Write(hmacKey[:]) - - pub := &tpm2.TPMTPublic{ - Type: tpm2.TPMAlgKeyedHash, - NameAlg: tpm2.TPMAlgSHA256, - ObjectAttributes: tpm2.TPMAObject{ - UserWithAuth: true, - NoDA: true, - Restricted: true, - SignEncrypt: true, - }, - Parameters: tpm2.NewTPMUPublicParms(tpm2.TPMAlgKeyedHash, &tpm2.TPMSKeyedHashParms{ - Scheme: tpm2.TPMTKeyedHashScheme{ - Scheme: tpm2.TPMAlgHMAC, - Details: tpm2.NewTPMUSchemeKeyedHash(tpm2.TPMAlgHMAC, &tpm2.TPMSSchemeHMAC{ - HashAlg: tpm2.TPMAlgSHA256, - }), - }, - }), - Unique: tpm2.NewTPMUPublicID(tpm2.TPMAlgKeyedHash, &tpm2.TPM2BDigest{ - Buffer: h.Sum(nil), - }), - } - - priv := &tpm2.TPMTSensitive{ - SensitiveType: tpm2.TPMAlgKeyedHash, - SeedValue: tpm2.TPM2BDigest{ - Buffer: obfuscate, - }, - Sensitive: tpm2.NewTPMUSensitiveComposite(tpm2.TPMAlgKeyedHash, &tpm2.TPM2BSensitiveData{ - Buffer: hmacKey[:], - }), - } - - return pub, priv -} - -// verifyHMAC checks the MAC on the given message. -func verifyHMAC(hmacKey []byte, message []byte, ha *tpm2.TPMTHA) error { - if ha.HashAlg != tpm2.TPMAlgSHA256 { - return fmt.Errorf("%w %v (expected SHA256)", errWrongHashAlg, ha.HashAlg) - } - digest := sha256.Sum256(message) - h := hmac.New(sha256.New, hmacKey[:]) - h.Write(digest[:]) - if subtle.ConstantTimeCompare(ha.Digest, h.Sum(nil)) != 1 { - return errInvalidHMAC - } - return nil -} - -// verifyAttestCertify checks that the attestation structure has valid data -func verifyAttestCertify(attest *tpm2.TPMSAttest) error { - if attest.Type != tpm2.TPMSTAttestCertify { - return fmt.Errorf("expected attest type TPMSTAttestCertify, got %v", attest.Type) - } - if attest.Magic != tpm2.TPMGeneratedValue { - return fmt.Errorf("%w: unexpected prefix %0x", errInvalidAttestation, attest.Magic) - } - - return nil -} - -// verifyCertifyInfo checks the certifyInfo against the given name. -func verifyCertifyInfo(name *tpm2.TPM2BName, certifyInfo *tpm2.TPMSCertifyInfo) error { - // Check that the certified Name is the same as we expected. - if !bytes.Equal(name.Buffer, certifyInfo.Name.Buffer) { - return fmt.Errorf("%w: expected Name %x, certified Name was %x", errCertifiedWrongName, name.Buffer, certifyInfo.Name.Buffer) - } - - // We can't really check the QualifiedName here, since we don't have any - // information about the object's parent. As a paranoid consistency check, - // just make sure that QualifiedName doesn't match Name for some reason. - if bytes.Equal(certifyInfo.QualifiedName.Buffer, certifyInfo.Name.Buffer) { - return fmt.Errorf("%w: QualifiedName unexpectedly matched Name", errCertifiedWrongName) - } - - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/server/import_test.go b/vendor/github.com/google/go-tpm-tools/server/import_test.go deleted file mode 100644 index c41baf6af..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/import_test.go +++ /dev/null @@ -1,249 +0,0 @@ -package server - -import ( - "bytes" - "crypto" - "crypto/rand" - "crypto/rsa" - "errors" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - pb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" -) - -func TestImport(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - keys := []struct { - name string - template tpm2.Public - }{ - {"RSA", client.DefaultEKTemplateRSA()}, - {"ECC", client.DefaultEKTemplateECC()}, - {"SRK-RSA", client.SRKTemplateRSA()}, - {"SRK-ECC", client.SRKTemplateECC()}, - {"ECC-P224", getECCTemplate(tpm2.CurveNISTP224)}, - {"ECC-P256", getECCTemplate(tpm2.CurveNISTP256)}, - {"ECC-P384", getECCTemplate(tpm2.CurveNISTP384)}, - {"ECC-P521", getECCTemplate(tpm2.CurveNISTP521)}, - } - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - ek, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - pub := ek.PublicKey() - secret := []byte("super secret code") - blob, err := CreateImportBlob(pub, secret, nil) - if err != nil { - t.Fatalf("creating import blob failed: %v", err) - } - - output, err := ek.Import(blob) - if err != nil { - t.Fatalf("import failed: %v", err) - } - if !bytes.Equal(output, secret) { - t.Errorf("got %X, expected %X", output, secret) - } - }) - } -} - -func isExpectedError(err error, expected []error) bool { - for _, candidate := range expected { - if errors.Is(err, candidate) { - return true - } - } - return false -} - -func TestBadImport(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - valueErr := tpm2.ParameterError{ - Code: tpm2.RCValue, - Parameter: tpm2.RC4, - } - // RSA keys lengths are not consistent, so we could also get RCSize - rsaWrongKeyErrs := []error{valueErr, tpm2.ParameterError{ - Code: tpm2.RCSize, - Parameter: tpm2.RC4, - }} - integrityErr := tpm2.ParameterError{ - Code: tpm2.RCIntegrity, - Parameter: tpm2.RC3, - } - pointErr := tpm2.ParameterError{ - Code: tpm2.RCECCPoint, - Parameter: tpm2.RC4, - } - - keys := []struct { - name string - template tpm2.Public - wrongKeyErrs []error - corruptedErrs []error - }{ - {"RSA", client.DefaultEKTemplateRSA(), rsaWrongKeyErrs, []error{valueErr}}, - {"ECC", client.DefaultEKTemplateECC(), []error{integrityErr}, []error{pointErr}}, - {"SRK-RSA", client.SRKTemplateRSA(), rsaWrongKeyErrs, []error{valueErr}}, - {"SRK-ECC", client.SRKTemplateECC(), []error{integrityErr}, []error{pointErr}}, - } - - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - ek, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - pub := ek.PublicKey() - - // Create a second, different key - template2 := k.template - template2.Attributes ^= tpm2.FlagNoDA - ek2, err := client.NewKey(rwc, tpm2.HandleEndorsement, template2) - if err != nil { - t.Fatal(err) - } - defer ek2.Close() - - secret := []byte("super secret code") - blob, err := CreateImportBlob(pub, secret, nil) - if err != nil { - t.Fatalf("creating import blob failed: %v", err) - } - - // Try to import this blob under the wrong key - if _, err = ek2.Import(blob); !isExpectedError(err, k.wrongKeyErrs) { - t.Errorf("got error: %v, expected: %v", err, k.wrongKeyErrs) - } - - // Try to import a corrupted blob - blob.EncryptedSeed[10] ^= 0xFF - if _, err = ek.Import(blob); !isExpectedError(err, k.corruptedErrs) { - t.Errorf("got error: %v, expected: %v", err, k.corruptedErrs) - } - }) - } -} - -func TestImportPCRs(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - pcr0, err := tpm2.ReadPCR(rwc, 0, tpm2.AlgSHA256) - if err != nil { - t.Fatal(err) - } - badPCR := append([]byte(nil), pcr0...) - // badPCR increments first value so it doesn't match. - badPCR[0]++ - subtests := []struct { - name string - pcrs *pb.PCRs - expectSuccess bool - }{ - {"No-PCR-nil", nil, true}, - {"No-PCR-empty", &pb.PCRs{Hash: pb.HashAlgo_SHA256}, true}, - {"Good-PCR", &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: pcr0}}, true}, - {"Bad-PCR", &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: badPCR}}, false}, - } - for _, subtest := range subtests { - t.Run(subtest.name, func(t *testing.T) { - secret := []byte("super secret code") - blob, err := CreateImportBlob(ek.PublicKey(), secret, subtest.pcrs) - if err != nil { - t.Fatalf("creating import blob failed: %v", err) - } - output, err := ek.Import(blob) - if subtest.expectSuccess { - if err != nil { - t.Fatalf("import failed: %v", err) - } - if !bytes.Equal(output, secret) { - t.Errorf("got %X, expected %X", output, secret) - } - } else if err == nil { - t.Error("expected Import to fail but it did not") - } - }) - } -} - -func TestSigningKeyImport(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - signingKey, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatal(err) - } - pcr0, err := tpm2.ReadPCR(rwc, 0, tpm2.AlgSHA256) - if err != nil { - t.Fatal(err) - } - badPCR := append(make([]byte, 0), pcr0...) - // badPCR increments first value so it doesn't match. - badPCR[0]++ - subtests := []struct { - name string - pcrs *pb.PCRs - expectSuccess bool - }{ - {"No-PCR-nil", nil, true}, - {"No-PCR-empty", &pb.PCRs{Hash: pb.HashAlgo_SHA256}, true}, - {"Good-PCR", &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: pcr0}}, true}, - {"Bad-PCR", &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: badPCR}}, false}, - } - for _, subtest := range subtests { - t.Run(subtest.name, func(t *testing.T) { - blob, err := CreateSigningKeyImportBlob(ek.PublicKey(), signingKey, subtest.pcrs) - if err != nil { - t.Fatalf("creating import blob failed: %v", err) - } - - importedKey, err := ek.ImportSigningKey(blob) - if err != nil { - t.Fatalf("import failed: %v", err) - } - defer importedKey.Close() - signer, err := importedKey.GetSigner() - if err != nil { - t.Fatalf("could not create signer: %v", err) - } - var digest [32]byte - - sig, err := signer.Sign(nil, digest[:], crypto.SHA256) - if subtest.expectSuccess { - if err != nil { - t.Fatalf("import failed: %v", err) - } - if err = rsa.VerifyPKCS1v15(&signingKey.PublicKey, crypto.SHA256, digest[:], sig); err != nil { - t.Error(err) - } - return - } else if err == nil { - t.Error("expected Import to fail but it did not") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/server/instance_info.go b/vendor/github.com/google/go-tpm-tools/server/instance_info.go deleted file mode 100644 index 1d0777011..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/instance_info.go +++ /dev/null @@ -1,19 +0,0 @@ -package server - -import ( - "fmt" - "net/url" - - pb "github.com/google/go-tpm-tools/proto/attest" -) - -// GCEInstanceURL returns a Google API URL to the specified instance. This URL -// can then be used with GCE instance APIs. -func GCEInstanceURL(i *pb.GCEInstanceInfo) string { - return fmt.Sprintf( - "https://www.googleapis.com/compute/v1/projects/%s/zones/%s/instances/%s", - url.PathEscape(i.GetProjectId()), - url.PathEscape(i.GetZone()), - url.PathEscape(i.GetInstanceName()), // Can use either the name or id here - ) -} diff --git a/vendor/github.com/google/go-tpm-tools/server/key_conversion.go b/vendor/github.com/google/go-tpm-tools/server/key_conversion.go deleted file mode 100644 index c4aca4fca..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/key_conversion.go +++ /dev/null @@ -1,108 +0,0 @@ -package server - -import ( - "crypto" - "crypto/ecdsa" - "crypto/rand" - "crypto/rsa" - "fmt" - "io" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/legacy/tpm2" -) - -var defaultNameAlg = client.DefaultEKTemplateRSA().NameAlg - -// CreateEKPublicAreaFromKey creates a public area from a go interface PublicKey. -// Supports RSA and ECC keys. -func CreateEKPublicAreaFromKey(k crypto.PublicKey) (tpm2.Public, error) { - switch key := k.(type) { - case *rsa.PublicKey: - return createEKPublicRSA(key) - case *ecdsa.PublicKey: - return createEKPublicECC(key) - default: - return tpm2.Public{}, fmt.Errorf("unsupported public key type: %T", k) - } -} - -func createEKPublicRSA(rsaKey *rsa.PublicKey) (tpm2.Public, error) { - public := client.DefaultEKTemplateRSA() - if rsaKey.N.BitLen() != int(public.RSAParameters.KeyBits) { - return tpm2.Public{}, fmt.Errorf("unexpected RSA modulus size: %d bits", rsaKey.N.BitLen()) - } - if rsaKey.E != int(public.RSAParameters.Exponent()) { - return tpm2.Public{}, fmt.Errorf("unexpected RSA exponent: %d", rsaKey.E) - } - public.RSAParameters.ModulusRaw = rsaKey.N.Bytes() - return public, nil -} - -func createEKPublicECC(eccKey *ecdsa.PublicKey) (public tpm2.Public, err error) { - public = client.DefaultEKTemplateECC() - public.ECCParameters.Point = tpm2.ECPoint{ - XRaw: eccIntToBytes(eccKey.Curve, eccKey.X), - YRaw: eccIntToBytes(eccKey.Curve, eccKey.Y), - } - public.ECCParameters.CurveID, err = goCurveToCurveID(eccKey.Curve) - return public, err -} - -func createPublic(private tpm2.Private) tpm2.Public { - publicHash := getHash(defaultNameAlg) - publicHash.Write(private.SeedValue) - publicHash.Write(private.Sensitive) - return tpm2.Public{ - Type: tpm2.AlgKeyedHash, - NameAlg: defaultNameAlg, - KeyedHashParameters: &tpm2.KeyedHashParams{ - Alg: tpm2.AlgNull, - Unique: publicHash.Sum(nil), - }, - } -} - -func createPrivate(sensitive []byte) tpm2.Private { - private := tpm2.Private{ - Type: tpm2.AlgKeyedHash, - AuthValue: nil, - SeedValue: make([]byte, getHash(defaultNameAlg).Size()), - Sensitive: sensitive, - } - if _, err := io.ReadFull(rand.Reader, private.SeedValue); err != nil { - panic(err) - } - return private -} - -func createPublicPrivateSign(signingKey crypto.PrivateKey) (tpm2.Public, tpm2.Private, error) { - rsaPriv, ok := signingKey.(*rsa.PrivateKey) - if !ok { - return tpm2.Public{}, tpm2.Private{}, fmt.Errorf("unsupported signing key type: %T", signingKey) - } - - rsaPub := rsaPriv.PublicKey - public := tpm2.Public{ - Type: tpm2.AlgRSA, - NameAlg: defaultNameAlg, - Attributes: tpm2.FlagSign, - RSAParameters: &tpm2.RSAParams{ - KeyBits: uint16(rsaPub.N.BitLen()), - ExponentRaw: uint32(rsaPub.E), - ModulusRaw: rsaPub.N.Bytes(), - Sign: &tpm2.SigScheme{ - Alg: tpm2.AlgRSASSA, - Hash: tpm2.AlgSHA256, - }, - }, - } - private := tpm2.Private{ - Type: tpm2.AlgRSA, - AuthValue: nil, - SeedValue: nil, // Only Storage Keys need a seed value. See part 3 TPM2_CREATE b.3. - Sensitive: rsaPriv.Primes[0].Bytes(), - } - - return public, private, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/server/key_conversion_test.go b/vendor/github.com/google/go-tpm-tools/server/key_conversion_test.go deleted file mode 100644 index c991981f5..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/key_conversion_test.go +++ /dev/null @@ -1,103 +0,0 @@ -package server - -import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/rsa" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal/test" - "github.com/google/go-tpm/legacy/tpm2" -) - -func getECCTemplate(curve tpm2.EllipticCurve) tpm2.Public { - public := client.DefaultEKTemplateECC() - public.ECCParameters.CurveID = curve - public.ECCParameters.Point.XRaw = nil - public.ECCParameters.Point.YRaw = nil - return public -} - -func TestCreateEKPublicAreaFromKeyGeneratedKey(t *testing.T) { - keys := []struct { - name string - template tpm2.Public - generateKey func() (crypto.PublicKey, error) - }{ - {"RSA", client.DefaultEKTemplateRSA(), func() (crypto.PublicKey, error) { - priv, err := rsa.GenerateKey(rand.Reader, 2048) - return priv.Public(), err - }}, - {"ECC", client.DefaultEKTemplateECC(), func() (crypto.PublicKey, error) { - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - return priv.Public(), err - }}, - {"ECC-P224", getECCTemplate(tpm2.CurveNISTP224), func() (crypto.PublicKey, error) { - priv, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) - return priv.Public(), err - }}, - {"ECC-P256", getECCTemplate(tpm2.CurveNISTP256), func() (crypto.PublicKey, error) { - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - return priv.Public(), err - }}, - {"ECC-P384", getECCTemplate(tpm2.CurveNISTP384), func() (crypto.PublicKey, error) { - priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - return priv.Public(), err - }}, - {"ECC-P521", getECCTemplate(tpm2.CurveNISTP521), func() (crypto.PublicKey, error) { - priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) - return priv.Public(), err - }}, - } - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - key, err := k.generateKey() - if err != nil { - t.Fatal(err) - } - newArea, err := CreateEKPublicAreaFromKey(key) - if err != nil { - t.Fatalf("failed to create public area from public key: %v", err) - } - if !newArea.MatchesTemplate(k.template) { - t.Errorf("public areas did not match. got: %+v want: %+v", newArea, k.template) - } - }) - } -} - -func TestCreateEKPublicAreaFromKeyTPMKey(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - keys := []struct { - name string - template tpm2.Public - }{ - {"RSA", client.DefaultEKTemplateRSA()}, - {"ECC", client.DefaultEKTemplateECC()}, - {"ECC-P224", getECCTemplate(tpm2.CurveNISTP224)}, - {"ECC-P256", getECCTemplate(tpm2.CurveNISTP256)}, - {"ECC-P384", getECCTemplate(tpm2.CurveNISTP384)}, - {"ECC-P521", getECCTemplate(tpm2.CurveNISTP521)}, - } - for _, k := range keys { - t.Run(k.name, func(t *testing.T) { - ek, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - newArea, err := CreateEKPublicAreaFromKey(ek.PublicKey()) - if err != nil { - t.Fatalf("failed to create public area from public key: %v", err) - } - if matches, err := ek.Name().MatchesPublic(newArea); err != nil || !matches { - t.Error("public areas did not match or match check failed.") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy.go b/vendor/github.com/google/go-tpm-tools/server/policy.go deleted file mode 100644 index 9428e138b..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/policy.go +++ /dev/null @@ -1,79 +0,0 @@ -package server - -import ( - "bytes" - "errors" - "fmt" - "time" - - "github.com/google/go-sev-guest/verify/trust" - pb "github.com/google/go-tpm-tools/proto/attest" -) - -// EvaluatePolicy succeeds if the provided MachineState complies with the -// provided policy. If the state does not pass the policy, the returned error -// will describe in what way the state failed. See the Policy documentation for -// more information about the specifics of different policies. -func EvaluatePolicy(state *pb.MachineState, policy *pb.Policy) error { - if err := evaluatePlatformPolicy(state.GetPlatform(), policy.GetPlatform()); err != nil { - return err - } - return nil -} - -// PolicyOptions provides extra options for evaluating policy. -type PolicyOptions struct { - // Getter allows the policy evaluator to download reference materials if needed. - Getter trust.HTTPSGetter - // Now is the time to evaluate time-based constraints against. - Now time.Time -} - -// DefaultPolicyOptions returns a useful default for PolicyOptions. -func DefaultPolicyOptions() *PolicyOptions { - return &PolicyOptions{ - Getter: trust.DefaultHTTPSGetter(), - Now: time.Now(), - } -} - -func evaluatePlatformPolicy(state *pb.PlatformState, policy *pb.PlatformPolicy) error { - allowedVersions := policy.GetAllowedScrtmVersionIds() - if len(allowedVersions) > 0 { - if err := hasAllowedVersion(state, allowedVersions); err != nil { - return err - } - } - - minGceVersion := policy.GetMinimumGceFirmwareVersion() - gceVersion := state.GetGceVersion() - if minGceVersion > gceVersion { - return fmt.Errorf("expected GCE Version %d or later, got %d", minGceVersion, gceVersion) - } - minTech := policy.GetMinimumTechnology() - tech := state.GetTechnology() - if minTech > tech { - return fmt.Errorf("expected a GCE Confidential Technology of %d or later, got %d", minTech, tech) - } - return nil -} - -func hasAllowedVersion(state *pb.PlatformState, allowedVersions [][]byte) error { - firmware := state.GetFirmware() - - // We want the version check to work even for a GCE VM. - var version []byte - if scrtm, ok := firmware.(*pb.PlatformState_ScrtmVersionId); ok { - version = scrtm.ScrtmVersionId - } else if gce, ok := firmware.(*pb.PlatformState_GceVersion); ok { - version = ConvertGCEFirmwareVersionToSCRTMVersion(gce.GceVersion) - } else { - return errors.New("missing SCRTM version in PlatformState") - } - for _, allowed := range allowedVersions { - if bytes.Equal(version, allowed) { - return nil - } - } - return fmt.Errorf("provided SCRTM version (%x) not allowed", version) -} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_constants.go b/vendor/github.com/google/go-tpm-tools/server/policy_constants.go deleted file mode 100644 index fb3ca6e1a..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/policy_constants.go +++ /dev/null @@ -1,190 +0,0 @@ -package server - -import ( - "bytes" - "crypto/x509" - _ "embed" // Necessary to use go:embed - "errors" - "fmt" - "strconv" - - pb "github.com/google/go-tpm-tools/proto/attest" -) - -// Expected TCG Event Log Event Types. -// -// Taken from TCG PC Client Platform Firmware Profile Specification, -// Table 14 Events. -const ( - NoAction uint32 = 0x00000003 - Separator uint32 = 0x00000004 - EventTag uint32 = 0x00000006 - SCRTMVersion uint32 = 0x00000008 - IPL uint32 = 0x0000000D - NonhostInfo uint32 = 0x00000011 - EFIBootServicesApplication uint32 = 0x80000003 - EFIAction uint32 = 0x80000007 -) - -// EventTagLoadedImageHex used with type "EV_EVENT_TAG". -// This corresponds to a TLV struct of type LOAD_OPTIONS_EVENT_TAG_ID (0x8F3B22ED, reversed endian), length 0x1a (26), value `LOADED_IMAGE::LoadOptions\n`. -const EventTagLoadedImageHex = "ed223b8f1a0000004c4f414445445f494d4147453a3a4c6f61644f7074696f6e7300" - -// Constant events used with type "EV_EFI_ACTION". -// Taken from TCG PC Client Platform Firmware Profile Specification, -// Table 17 EV_EFI_ACTION Strings. -const ( - // Measured when Boot Manager attempts to execute code from a Boot Option. - CallingEFIApplication string = "Calling EFI Application from Boot Option" - ExitBootServicesInvocation string = "Exit Boot Services Invocation" -) - -var ( - // GCENonHostInfoSignature identifies the GCE Non-Host info event, which - // indicates if memory encryption is enabled. This event is 32-bytes consisting - // of the below signature (16 bytes), followed by a byte indicating whether - // it is confidential, followed by 15 reserved bytes. - GCENonHostInfoSignature = []byte("GCE NonHostInfo\x00") - // GceVirtualFirmwarePrefix is the little-endian UCS-2 encoded string - // "GCE Virtual Firmware v" without a null terminator. All GCE firmware - // versions are UCS-2 encoded, start with this prefix, contain the firmware - // version encoded as an integer, and end with a null terminator. - GceVirtualFirmwarePrefix = []byte{0x47, 0x00, 0x43, 0x00, - 0x45, 0x00, 0x20, 0x00, 0x56, 0x00, 0x69, 0x00, 0x72, 0x00, - 0x74, 0x00, 0x75, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, - 0x46, 0x00, 0x69, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x77, 0x00, - 0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x20, 0x00, 0x76, 0x00} -) - -// Standard Secure Boot certificates (DER encoded) -var ( - //go:embed secure-boot/GcePk.crt - GceDefaultPKCert []byte - //go:embed secure-boot/MicCorKEKCA2011_2011-06-24.crt - MicrosoftKEKCA2011Cert []byte - //go:embed secure-boot/MicWinProPCA2011_2011-10-19.crt - WindowsProductionPCA2011Cert []byte - //go:embed secure-boot/MicCorUEFCA2011_2011-06-27.crt - MicrosoftUEFICA2011Cert []byte -) - -// Revoked Signing certificates (DER encoded) -var ( - //go:embed secure-boot/canonical-boothole.crt - RevokedCanonicalBootholeCert []byte - //go:embed secure-boot/debian-boothole.crt - RevokedDebianBootholeCert []byte - //go:embed secure-boot/cisco-boothole.crt - RevokedCiscoCert []byte -) - -// Known GCE EK CA certs. -var ( - //go:embed ca-certs/tpm_ek_root_1.cer - gceEKRootCA []byte - //go:embed ca-certs/tpm_ek_intermediate_2.crt - gceEKIntermediateCA2 []byte - //go:embed ca-certs/tpm_ek_intermediate_3.crt - gceEKIntermediateCA3 []byte - //go:embed ca-certs/gcp_ek_ak_ca_root.crt - gcpCASEKRootCA []byte - //go:embed ca-certs/gcp_ek_ak_ca_intermediate_v3.crt - gcpCASEKIntermediateCA3 []byte -) - -// Certificates corresponding to the known CA certs for GCE. -var ( - GceEKRoots []*x509.Certificate - GceEKIntermediates []*x509.Certificate -) - -func init() { - var err error - GceEKRoots, err = parseCerts([][]byte{gceEKRootCA}) - if err != nil { - panic(fmt.Sprintf("failed to create the root cert pool: %v", err)) - } - GceEKIntermediates, err = parseCerts([][]byte{gceEKIntermediateCA2}) - if err != nil { - panic(fmt.Sprintf("failed to create the intermediate cert pool: %v", err)) - } -} - -func parseCerts(rawCerts [][]byte) ([]*x509.Certificate, error) { - certs := make([]*x509.Certificate, len(rawCerts)) - for i, certBytes := range rawCerts { - cert, err := x509.ParseCertificate(certBytes) - if err != nil { - return nil, fmt.Errorf("failed to parse cert: %w", err) - } - certs[i] = cert - } - return certs, nil -} - -// ConvertSCRTMVersionToGCEFirmwareVersion attempts to parse the Firmware -// Version of a GCE VM from the bytes of the version string of the SCRTM. This -// data should come from a valid and verified EV_S_CRTM_VERSION event. -func ConvertSCRTMVersionToGCEFirmwareVersion(version []byte) (uint32, error) { - prefixLen := len(GceVirtualFirmwarePrefix) - if (len(version) <= prefixLen) || (len(version)%2 != 0) { - return 0, fmt.Errorf("length of GCE version (%d) is invalid", len(version)) - } - if !bytes.Equal(version[:prefixLen], GceVirtualFirmwarePrefix) { - return 0, errors.New("prefix for GCE version is missing") - } - asciiVersion := []byte{} - for i, b := range version[prefixLen:] { - // Skip the UCS-2 null bytes and the null terminator - if b == '\x00' { - continue - } - // All odd bytes in our UCS-2 string should be Null - if i%2 != 0 { - return 0, errors.New("invalid UCS-2 in the version string") - } - asciiVersion = append(asciiVersion, b) - } - - versionNum, err := strconv.ParseUint(string(asciiVersion), 10, 32) - if err != nil { - return 0, fmt.Errorf("when parsing GCE firmware version: %w", err) - } - return uint32(versionNum), nil -} - -// ConvertGCEFirmwareVersionToSCRTMVersion creates the corresponding SCRTM -// version string from a numerical GCE firmware version. The returned string -// is UCS2 encoded with a null terminator. A version of 0 corresponds to an -// empty string (representing old GCE VMs that just used an empty string). -func ConvertGCEFirmwareVersionToSCRTMVersion(version uint32) []byte { - if version == 0 { - return []byte{} - } - versionString := GceVirtualFirmwarePrefix - for _, b := range []byte(strconv.Itoa(int(version))) { - // Convert ACSII to little-endian UCS-2 - versionString = append(versionString, b, 0) - } - // Add the null terminator - return append(versionString, 0, 0) -} - -// ParseGCENonHostInfo attempts to parse the Confidential VM -// technology used by a GCE VM from the GCE Non-Host info event. This data -// should come from a valid and verified EV_NONHOST_INFO event. -func ParseGCENonHostInfo(nonHostInfo []byte) (pb.GCEConfidentialTechnology, error) { - prefixLen := len(GCENonHostInfoSignature) - if len(nonHostInfo) < (prefixLen + 1) { - return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("length of GCE Non-Host info (%d) is too short", len(nonHostInfo)) - } - - if !bytes.Equal(nonHostInfo[:prefixLen], GCENonHostInfoSignature) { - return pb.GCEConfidentialTechnology_NONE, errors.New("prefix for GCE Non-Host info is missing") - } - tech := nonHostInfo[prefixLen] - if tech > byte(pb.GCEConfidentialTechnology_AMD_SEV_SNP) { - return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("unknown GCE Confidential Technology: %d", tech) - } - return pb.GCEConfidentialTechnology(tech), nil -} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go b/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go deleted file mode 100644 index 37dca1883..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/policy_constants_test.go +++ /dev/null @@ -1,56 +0,0 @@ -package server - -import ( - "testing" - - pb "github.com/google/go-tpm-tools/proto/attest" -) - -func getGceMemoryEncryptionNonhostEvent(memoryEncrypted bool) []byte { - event := make([]byte, 32) - copy(event[:], []byte(GCENonHostInfoSignature)) - // event[15] is a null byte. - if memoryEncrypted { - event[16] = 0x01 - } - // Last 15 bytes are reserved. - return event -} - -func TestParseGCENonHostInfo(t *testing.T) { - nonconfidentialEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ false) - - // Empty events should return NONCONFIDENTIAL. - confTech, err := ParseGCENonHostInfo([]byte{}) - if err == nil { - t.Error("expected error on incorrect size!") - } - if confTech != pb.GCEConfidentialTechnology_NONE { - t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_NONE, confTech) - } - - confTech, err = ParseGCENonHostInfo(nonconfidentialEvent) - if err != nil { - t.Errorf("failed to parse GCE confidential tech: %v", err) - } - if confTech != pb.GCEConfidentialTechnology_NONE { - t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_NONE, confTech) - } - - sevEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ true) - confTech, err = ParseGCENonHostInfo(sevEvent) - if err != nil { - t.Errorf("failed to parse GCE confidential tech: %v", err) - } - if confTech != pb.GCEConfidentialTechnology_AMD_SEV { - t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_AMD_SEV, confTech) - } -} - -func TestParseGCENonHostInfoUnknownType(t *testing.T) { - nonconfidentialEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ false) - nonconfidentialEvent[16] = 0x99 - if _, err := ParseGCENonHostInfo(nonconfidentialEvent); err == nil { - t.Errorf("expected error parsing GCE confidential nonhost event") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/server/policy_test.go b/vendor/github.com/google/go-tpm-tools/server/policy_test.go deleted file mode 100644 index 8c11a0683..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/policy_test.go +++ /dev/null @@ -1,154 +0,0 @@ -package server - -import ( - "testing" - - pb "github.com/google/go-tpm-tools/proto/attest" -) - -var defaultGcePolicy = pb.Policy{ - Platform: &pb.PlatformPolicy{ - MinimumGceFirmwareVersion: 1, - MinimumTechnology: pb.GCEConfidentialTechnology_NONE, - }, -} - -func TestNilPolicyAlwaysPasses(t *testing.T) { - subtests := []struct { - name string - state *pb.MachineState - }{ - {"NilState", nil}, - {"PlatformState", &pb.MachineState{ - Platform: &pb.PlatformState{ - Firmware: &pb.PlatformState_GceVersion{GceVersion: 1}, - Technology: pb.GCEConfidentialTechnology_AMD_SEV, - }, - }}, - } - for _, subtest := range subtests { - t.Run(subtest.name, func(t *testing.T) { - if err := EvaluatePolicy(subtest.state, nil); err != nil { - t.Errorf("nil policy should always succeed: %v", err) - } - }) - } -} - -func TestGCEFirmwareVersionSimple(t *testing.T) { - zero := ConvertGCEFirmwareVersionToSCRTMVersion(0) - if len(zero) != 0 { - t.Errorf("expected empty SCRTM version, got %x", zero) - } - ver, err := ConvertSCRTMVersionToGCEFirmwareVersion( - ConvertGCEFirmwareVersionToSCRTMVersion(23), - ) - if ver != 23 { - t.Errorf("convert functions aren't inverses, got %d: %v", ver, err) - } -} - -func TestEvaluatePolicy(t *testing.T) { - tests := []struct { - name string - log eventLog - policy *pb.Policy - }{ - {"Debian10-SHA1", Debian10GCE, &defaultGcePolicy}, - {"RHEL8-CryptoAgile", Rhel8GCE, &defaultGcePolicy}, - {"Ubuntu1804AmdSev-CryptoAgile", UbuntuAmdSevGCE, &defaultGcePolicy}, - // TODO: add the tests below back once go-attestation has releases: - // https://github.com/google/go-attestation/pull/222/ - // {"Ubuntu2104NoDbx-CryptoAgile", Ubuntu2104NoDbxGCE, &defaultGcePolicy}, - // {"Ubuntu2104NoSecureBoot-CryptoAgile", Ubuntu2104NoSecureBootGCE, &defaultGcePolicy}, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - machineState, err := parsePCClientEventLog(test.log.RawLog, test.log.Banks[0], VerifyOpts{Loader: UnsupportedLoader}) - if err != nil { - t.Fatalf("failed to get machine state: %v", err) - } - if err := EvaluatePolicy(machineState, test.policy); err != nil { - t.Errorf("failed to apply policy: %v", err) - } - }) - } -} - -func TestEvaluatePolicySCRTM(t *testing.T) { - archLinuxWorkstationSCRTMPolicy := pb.Policy{ - Platform: &pb.PlatformPolicy{ - AllowedScrtmVersionIds: [][]byte{{0x1e, 0xfb, 0x6b, 0x54, 0x0c, 0x1d, 0x55, 0x40, 0xa4, 0xad, - 0x4e, 0xf4, 0xbf, 0x17, 0xb8, 0x3a}}, - }, - } - machineState, err := parsePCClientEventLog(ArchLinuxWorkstation.RawLog, ArchLinuxWorkstation.Banks[0], VerifyOpts{Loader: UnsupportedLoader, AllowEFIAppBeforeCallingEvent: true}) - if err != nil { - gErr := err.(*GroupedError) - if !gErr.containsKnownSubstrings(archLinuxKnownParsingFailures) { - t.Fatalf("failed to get machine state: %v", err) - } - } - if err := EvaluatePolicy(machineState, &archLinuxWorkstationSCRTMPolicy); err != nil { - t.Errorf("failed to apply policy: %v", err) - } -} - -func TestEvaluatePolicyFailure(t *testing.T) { - badGcePolicyVersion := pb.Policy{ - Platform: &pb.PlatformPolicy{ - MinimumGceFirmwareVersion: 2, - MinimumTechnology: pb.GCEConfidentialTechnology_NONE, - }, - } - badGcePolicySEVES := pb.Policy{ - Platform: &pb.PlatformPolicy{ - MinimumGceFirmwareVersion: 0, - MinimumTechnology: pb.GCEConfidentialTechnology_AMD_SEV_ES, - }, - } - badGcePolicySEV := pb.Policy{ - Platform: &pb.PlatformPolicy{ - MinimumGceFirmwareVersion: 0, - MinimumTechnology: pb.GCEConfidentialTechnology_AMD_SEV_ES, - }, - } - badPhysicalPolicy := pb.Policy{ - Platform: &pb.PlatformPolicy{ - AllowedScrtmVersionIds: [][]byte{{0x00}}, - }, - } - tests := []struct { - name string - log eventLog - policy *pb.Policy - opts VerifyOpts - // This field handles known issues with event log parsing or bad event - // logs. - // Set to nil when the event log has no known issues. - errorSubstrs []string - }{ - {"Debian10-SHA1", Debian10GCE, &badGcePolicyVersion, VerifyOpts{Loader: UnsupportedLoader}, nil}, - {"Debian10-SHA1", Debian10GCE, &badGcePolicySEV, VerifyOpts{Loader: UnsupportedLoader}, nil}, - {"Ubuntu1804AmdSev-CryptoAgile", UbuntuAmdSevGCE, &badGcePolicySEVES, - VerifyOpts{Loader: UnsupportedLoader}, nil}, - {"ArchLinuxWorkstation-CryptoAgile", ArchLinuxWorkstation, - &badPhysicalPolicy, VerifyOpts{Loader: UnsupportedLoader, AllowEFIAppBeforeCallingEvent: true}, archLinuxKnownParsingFailures}, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - machineState, err := parsePCClientEventLog(test.log.RawLog, test.log.Banks[0], test.opts) - if err != nil { - gErr := err.(*GroupedError) - if len(test.errorSubstrs) == 0 || !gErr.containsKnownSubstrings(test.errorSubstrs) { - t.Fatalf("failed to get machine state: %v", err) - } - } - if err := EvaluatePolicy(machineState, test.policy); err == nil { - t.Errorf("expected policy failure; got success") - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt b/vendor/github.com/google/go-tpm-tools/server/secure-boot/GcePk.crt deleted file mode 100644 index a46640a555f2de3b5db50d32dae97e3460eff614..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 762 zcmXqLV)|y##CUH3GZP~d6DPw}FOe7N&9Scxc-c6$+C196^D;7WvoaV681fnLurY_S zF!QkHrIr_D8_0?C8d?}w7#SKFni?9KMuEAOMg~wW79CBDO321CvNA9?G4eA2t>NBUV>dC*bNIBo+kpISc*~fl~O7EC*a86%A`$VU6nTq_AYj2g#-)|_c5ODB)gYxfv z)?tsiuDidQYq0)G>`Lb3&P9JLA5L4?e%O{-ZPVpNId4u(zkcqP#H&qHZ8o#8v!7$? zI)BS5P@uzJb%VFvnY%x4-447uQEZm%LiW8Kk3I@*`M8;3()P#c&(`*2-BGufy>rDc z=b+f$_xHlIZV5*wa8_PkSrgv-H*i9t`P};2C)@L;eh8ZFJnxQ&jqKSymh*)czi{Vu z+hKNR(&niv&Urm{Q;zUvVrFDuTpVl=Xdnv=X<0rNF&2>-0WHiz^x5^VeKoXXBT6g}m|4&gaHI@kBCscnipyjAds-l80_rEg})eqc6K zHv4hfpgG;jN?tojQ9MCs*H^ut8hNME3L-Sx()%-8av0PjRObYUu)ZwVk&qYC>b0ID zx8GHIS+vO?HD4K<#)rFA^eP_+Up%p<=4QQxyP$KUWVUfY_~YVv%j(ZSUCajjoU+}I~iMpQxhX2!;u$TyY{aQSKFX=_|@~@;Z-h7vFyCJyq=b5 zJ=?(lCinH5`kjxXl8tHv#r^pnb1%0Lo!ocq>w}h!vu5i&|GItRHO_~R4zR3PV<2R91&S9_(-|4 zw_y7cS>HG7p3eCtcIf)S(^p;`(SJJgok}H`B=nQM3VkEpIuxws!gliCC zV&ReFVhCm^Wk_OhW^gp%2I=Hy0U6U~zz^aGGcx{XVKra|QU>xM0c92m1F;4X*R&w# zhjkHx`>*-UQx4^@wo=MkVGsjSAkPwN5Nr^*z<+^nn|DS@Nr9EVesWQcUM?&x>m}#s z>K9~Zf<*NTitQ<3X)E3>+FDvQfnk;IlCr2*mD_ikX9ZRZqL6?=D`>xf9< zxfXsxa&bKCwcE!oWS;ZzHroC=_L9NZ17COSs$gHN{crYdldzUIO{dm5sus-2e)(?# z|Mh9|PoGbb-=xLU>-}FtQ=t0$^_ry@%XYG!sC>&mVbYvK|L*74oX7zgh@9nG?To0`c7HO3KZNRe1+$`~ySEjVd zjf}U~n9k=+;kkT1N2zk{#t(a#7r7;@Ji>lRvFYRAPcJHs687I%vs6jM`_#c3-mh!z z!%a6m^Do`9A%R&bc-_QG*=w^Md87gG}>Bg0aT9G~N^oLSyHOAfTxvz78VGlrx*5UXc@ zJE@j?Q}KQtu47)Vi3^U3=}x=+ReQm2U(eZ&4HIm3hWvfD=i=NWOC-AL9lK&8n=_1d z_qd;YSGY&fe^yt`e;51Sexprl9_vcCzB}n7=OtP9q-mCHMY%7}hP~hTFNkO^jv05GgVcV&l|i zV`O1$G8biJVFk+>C?mv}Sj1RFejLo+USA&U^;y+i)^DL&HNQeZgMlnCMr8Rw(!y)^ zJ9F-BDwxxA)!#7hs?v-u=_>}3a5F@hSa{^P7=jr}8Il;B85|9`K|1+aSb!Oz&43@o z5oTok&%$cJ45SR?K?2Gw5(Z)oBCcsc&JXJ%1ovO_o2MMgVQr<9wZb3jRSyFfRa;I52$! z6E`qT#{<)hfi4gknCbzQ8YHlB0KUE;q>3&%(?GnJZl9qB1|>ijLOt&-U~UZJ4t)3%5Ajph!hU}{4&C1 znHYD|s@Sznw;Gxq+4{H0eq!GFSt?fgW59%;n?qZiG-MR^Zdw;8a`eEO=~ESDCfw%# zQ$BBM@x+c(d-n$IWDVfGA3kqE;#=OQxvDoE_{AMgoLlU5$anoLAz6-){=LWd?9{gP z)Rs5;lckvHKl?QI|H^}7P`p3e|O3K zJ97OESKmr}(H9ZR*1wn5vqAak@s=BJUmY}VS{vpqq5CmoD*M^8kH{0YRa-%tSY$V?b_=s>rUTrh+NQeajH+!L?x*b*&bVWK9^-r zHq16L-S}%;@Cu#AH%nLxPt4u1>xHyS+7tH>zP_;f&GW@(Y-+oZVK+f}tA1R6Kx^-@ z-lllRgN1MfA-&c}SF>PgInqRZZ2P+zbh(mdgZ#grWnDhht= h@@Z?I^6kMoCf9eVhqf)Q%M>eRpEUdHvOST_5de>mHUaBvrw&v?L?HD6^ze z!N|bSz(7u%*U-?=z|hjr!o<+TC`z2y$PB_Y1#t};TWI1`Jp&zxQ&ka84bRL=$uBQf z2q?-=DNP3XNFl)45#&rmgC<5L{yk8AUeRmzWhZyaSqGceJiYuzeP_GO zznv$QIrCSzO+1)4&BpQa>BaW3Oj*8fGUZh@V$A;kbr$8C@<4LS`TK{29vzBSf2Uqy z&>gMCnXS|roFJxiAVW5I*Bj5za}#@7GdPP~Vrv(LXy2{;E_&WHHb+J~=G>k+%H8>S zTh(rw2_N>qroL{ck+tI_orlNImcLjP;`cpmjt1Nyo%}2yW7-V(K^$R5#{Vp=2FyUpKprHZ z%pzeR)*y2ATiEIT7mH$&GA`OqnGk*b+$@PB24Nrt@+|%az6Rb4JQujPxn`7<6jrfX!Z2UKJb#l`{j zA}cF9BO{BSfscU~jBmiyW(T#Ryu2Kn6~N4Z&+HQ9ga*v5%uT=m6!}wA7`U|ZP~N8Z zmUeq=g81{a?FEF3|EFLizEK78Zu;`nWUQnsi*c*pB~ z$qyde8m4Y&eEMn4S+OPaZC7lZeaPv;gqHXa+5erdcFDR=$lp-x=Q!VCe*DvgTAKtX z7I!IXd^mTn*fQR3bxgvW`^*9>E_1&8@@-n{w)()1Ge@>ec3(c~3GG&F?i{ z{8lQ-ntpk5c$}uR<%xH?56?bvEsnl$>0H%nG07&khzoIZ8#kw~&oTY9=c&EQBhy7( zrEK3M!e(Bn(7DJe{rW-&EB)G3mq&^vrrU323H zMVl`&2aoQYFqyBzb#mLwjS4gO%{YB@>XO)`YYUP&6!w-1l-JsRcHKFD`ux-34f)0^ NSsC%f_kI=F#?@mywa1mBFB~#gN;8lZ`o)g-w{r-N{hI zKnTR);NkWx&Pi3sPgC$s%rg`)-~)-W^RT<*m!{_=78{Bih=N48c=((X^YZgDlM{0k zd`eRE3{4D-KoZP6+NcshbBaq+ixiwwi%K%nfa*(96&y=TGV+TuODYZI#CZ*k3``7- z3=NGf4J@L>c}+lEAOLd>>WOhBPB%e4#m&PVoSIx(l&avApI>6AZJ-HpsS=t?krXKe zXQt<6=A|1nF)ASk9V06Pa}y&!15licsfm%1;bi>mq<-!VDNSqkoqUw^*!$9axvr~; zQrfW=U$&pyIctaW4(I9RtNrVF3f#E=)aM?{ebo@hcxii@T>CxV+zXD=S1eu6lkES! z=1|a?1%@kkcgD_?bIT7c-dUFU=K8@uir0>@Klk6ObnnTEXx-aWO(dsZ)9_aGIkj81 za+!F2)X(&1F%_=10=XN+Bh>_thCi@BdcO7WW5lt!wJ{tbfVKx|}Ef z@XOxC=k_goeAZ@bgwDJ}%rXf|=9d2*nGR|$Ne%pOY_iHp^yk!yKe}IUb+y(s&HZhz zlf87s{hCnj20fb%$q&z3cyzuHVdHMv^Y;pShBUw3P0_nk1f`jn85tNCH!d(}oNK@X z3|3iTM#ldvOa=@F@*tini-ds~8;3Rq&kwTYoY)J2c*DpJQV$!y7n%N-9^2NBWaRKbCoYcz*Wm-YJhcFU9JLNwbP_ zpLW?|m*}K)L@UPcsO;iL4}vzm{?e^|$HFr9cgMo8)Oc-wwf}4t0z$8QVvQajb6u}G zd%^#{_wJmFUv`^Mnv_{qXJS2xHQjH6>f1eW@%>w_opSj90a&Pu=70 zNAD3aethh!#I~E??{40*(C~6pOl+;)ey%4^UTlf1wcgURSbD3%;+=La`8|pZhb;kr CZGF-J diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt b/vendor/github.com/google/go-tpm-tools/server/secure-boot/cisco-boothole.crt deleted file mode 100644 index 8524be328412c2b211ec99bdb33af1697864b790..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1164 zcmXqLV(BnwVlG&~%*4pV#K|jT8MAy+Rlp$wUN%mxHjlRNyo`+8tPBQ@h5`nBY|No7 z+`{Z3`8k=niFt;620S1UE@4*Z%;MyHLs1T>U=KHv2WlkDQXY24ypqJC)M7(v z14*zYJVGdz1eYcOt!QFYLUuSKD+6;ABR>OBoQtW6k&$7CZ`%dMMcR_{CvYt*pJ5my z6@K8gaIf9u#80Vp7oT+~o#j~CE#W^`|A)6+#>DqNfrq}=r+<-jTi*HCiT~k}bKY5+ z=?*8--}JwHaPQBDM{8X_Tv`#nyPJD)S8?d$@XLP=9qE4+@TI@-s62XJG-xKAV9MFkoecL3|DaHXy~s$Y4;%#-Yu|$jZvj$jDM;P+;Hy z;~OxwnPild6jIpY z9*}FG12=)OO#x~GP-${mF_Ix5z4^(-1qSjUHz~777>G59Jdi%VYS-~wf*dco@&`y0!j`)2+xA_FiO=V@ zJ^k*ggy5UDuLak>a;s0__r6q`x$Csk`R$o(A=f1S^)#(nqx3HEUf;dx36g$~{GamA zKbtWB1n1#z@-Zr$C(hS1mTbHs5wH&ELqD6P?QAe*BPjN^8r>eUBET@a;-V_^YV% z!|}m&7xQyP@g^##%uev%{FeGTEc#UQsXvWh_}qW|>b#=;?Xq}JsNAK$#rjh^OV?Z% a{rYx-$R5$?TRkZ}YR9*I**bsLj_Uv$xu*93 diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate-2014-08-11.bin deleted file mode 100644 index e79929f7ed1fb13d39a4f87eeceeb0f9376e22ec..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4011 zcmd6pc|4TcAIE2x8DlWEl1#QT8lG9~b)!K_B1^O}n2E8Corx@SMVnhB6^f7$vZPS5 zwh`e9ZC6Cr8WgUC-!t8NyIsF~fA^2y>%Lz1c|EUZ=6lZPe9w8#`JDH2o(sWIcyTGn zZx;>={)0`5UhKHOz1RKyw&QuU!#cZJR{@^L2N)De#sOHAFeBCs%7PTFJ{1DP#6qP1=C?>JRVh??H+6W(g{Y8;nyZm445H0ii`n- zQE)p13J#pYL9hakws#J2XZyGXa(u{QfT*BQ2rp#KVtR9YnB+CUYC#DaFJ-}Y z_2&d|4h9nF9DiSqzjGiPY(WIp3+mzcwSQVqFgGzL(2WQbfJ_F~$Y9A-GI&ua6e@+f z7Ywxk%GVHxPWnfNC<34bL&V_WMwWCk0BHO&;B~(b*q-gf`Y9z5zJX!f=Q^W zyR(lQOAr7&sN%Pi2`&em2gO0aax{zwg+iXpJ+&E0kv)BH)#O-R3B`TMoEbko+99l(5I>H_l)BR7{IA94>5Yn`dAYBOX+7!#Z(;ehQexTK=TG%T2o{=hw=}eVvMFrjw){n!B$YS5!Wd{ARJtI3y`4 z(=JrHnOh`&;mXAb%L}3LCfn?Cnx9>~qI|5)%A4sT%2`vv`Jc^nMgEO3YDa*t9y`iP|KC&!qlSaQC(aC1wlq7ge)K( zCF$~+-jeZMcC(vA$G&HF1!0eG9(Mw41Of%b4q!WAmSLJ<9J|FmFwj?DQ!^waM8o?x zuWPt+yfuA2*&N>hO;>*}P0%x-`$1FFjRcl<59~khzdk6$X1jEKdp-TuD0QuII;2sBU35D>i#ne+TPM}qGQY&3T z)4iHTCKHC%`?;PPJ)Ii=G&1VaiW$%je-U7T@4 zWh~J#sO2V$y{=o1iBeMqws^>OOTctCd07&+O7)Ry{bnJf%0pofA`DKwXF@wZYUK~` zBb?>idJ7ccCrw<$v;6C+GfDUe@zm7)A|-_CxiVkAfu7^@oJ-FqH|18=>?j+}Ukstj ze?UpprPmZX6)I%d^;RV7HvrLel6ziZ3B`3W9ZSn*IVM(D0>3=u_9 zOKZM1qwM5Js?YX23$ZKVJ(AI`l3zO&FHwFpK@H>9k*)-iaTp|H+b?89JEPl=egPtU z*<=CH3I7Of3;;cWTj6-h?|k_Nm;_sQwm*|#G8$j z7QSm@-F2>E3^y+Fjdkwu#V{fEDXHIRXbIBL91!~oK`AH#{8mH0A>p55Y30`jk}!nG z8Z^WP5(II9&>==3P{FN_LkQBu0=TanKmu?O2Y&#b$w6y+Uxb5rP1nv#N_Hy@^c6jF zf&GFO3J5#E2H2HhnPCxY{wt6`aQ!#%zR=FspTi7t{R$<}x}a}C(}G?VkPje%H=yzBOPvg3i6$Xcr6iSIA@#ahG)x^SPyTh-v2Uj8= za^K-jC#Kae_HrV;aABQwCa-9_lJ#(dj=Otgk;xy0a<-IZgeU+bDKUwETKP0Wb{o1-0BK~vA zraDG(AGJK|Xgg~qdeu-tcy=8xZl`XECib3W9A_b3FNWS(iL&{M&xG7>9)88a~I?g@cz!trgwVHrD_j8kE5v05EL#?D(kS8reuKWVy z!~WuX_B*vZC^0pc$UJBxxXo(8BQp?v{$D`HzdVV5dzSy^U=E%o5j-fwp}wy!BIfCi ztt!Fs1A!>jfuyI6{xZpz^L2s!?$9uG@fwfj_{Y^hUk=qM?c@ix9_Q1_pPG8k89Ivk z?V8n$qf13j3?(r($ayu_9ZPsHB^p00t5Nd#s-)66+UvDwfR(!e)0>c2Z*z&PZKegW%^e*d&qdtxd#&&x4#xcx}fs^~?lHS{yFPp*im9^vOYU6OnOX&Z zCfD`T!eqc>(**VOF3tW@Pl$|%cF)WEmq%IW5VxNpMYHy-MA#~ZjdiOgYU&p6glnAL zVmZep+9nFyHlbs$=?3pg+1vktsh;zb!IsP)m1aEbJ+r1c+dmVZ6b4^Zm2RxtVU=iD zkY_ZfeTKgNB<#y48v=ko)hVAs_P{9?)r|EYhfal>N8NbFCf8tL3kf-ER<>KpXIsDZ zE;T%v%djv~NMxm>m+PlBzt8%VHs6(q^Ixz0VgPPJ>)3ZhNZHfi?BN0*xzk6$wJ#UBBpLYhW$brR&FyW*5>t)%L2RQOosjo7_i? zOkGkYHnZ!0_VMJq%mHQLoI4LgZ^h4@gwqC>>l^Y?OtIO_4EqKL@9$fuKNhXHC8o!H zcZ?E9ns{d;a&WocVLoXU|7_+SdfB{_idaVP=7Aj!j~vkzh&Z(%_iN|;mg{X28Zzg_ z*TQo0*Su6I3h7Hfz!7c{eqU;JL9wP~PvYoueV3|KguI8}i8|$L@tNVbSwb5!^us(= z4p%o{^=kLWtZ!`8 zzkFgt&pV%7MmT@tr@pF1aaPd&skf3b+l`m&PtOmDvb(5;@!!daxKmz~b_l;-r?Rg1 O=B8~OXZ>?N?)VSM+ZQ_k diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2020-10-12.bin deleted file mode 100644 index aa7b71627b0132d1fde03861cd54e87b9872d111..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15281 zcmd6t1yodR*Y_E^yOc(eh8aQ{N$KteVQ3h-M7l#d1nCf@l?LgQQb0nH20=QP?~#Bm^cgq=cLNy&f)If5(6P)Ta1|cJp@WRc}-y{p+D(Q>P_;nNdYYTr}0>Xh?2o8eafU(d~bWqVrkae^m zBw(WJ1ttl$o`t)uowJPx%o#!m#=ky@L4u(PwQ_}EZt!4Fl!Hb zX_%V}%+12X4t@n2nC1FB3JJr1d7fTLR*7C(lAZ?)fq-c#@OZ#rUN9d-kPpl!Xb4|I z;7i`Wmf+xs{}mU(V6NXTGXLYEo}IH5%-fw_NA|t~y%N-yUe?Fb*238adc6RLfEfRL zeef>;B?Lr(1V4_A90CF%Euu_`GU-h)+`QlT4?tex4Jky&O8X zthcd1E8wzH!@ubS-oMv8xbyOY-RAZo*9X5_w==sPK7xj4-0aKC-K$kc3@(HZ-%Z^VD;zcSX=e$8kpH?NDjEqM508-0T?jiLzaX!G5SZ@T;w@B4FnJK^gA3`g zeDUHD8{$c$d7a9Kqm40UV6AI_4pkYf2$s*kpDz<3W$WSLBFxS0?d{Fw^mlY~S;CyS zT^#ISF7DixZjRh=f8g;B4`XS`>mW9}{)ZEMmy?H&3w|1Gj*ba`W;8Sm5C~NptOC%-((zIds$qsY^U>Bcw1 zF;B!8Lg3?V;n%^vM=2%IPQfYsIUDjFlg)!TPVkZLJ@k_kr?#s3Fq_$EYHcsKb*V;^ zNKFe_UF|DjHj%d<-ze5ieZ=3Y4;U#nqvdIONtH3SME`PhUzM=%%so?tu=>j8IP0x` zjd49D{-M8C;*2TU6AzA#;l=q@%p3+|=R3_QlY5-CscfI5;aa!_*TOfywGi6^`)$-O z2}A+BEO2nr|BAkdfQ7DO7lnl9pV<9FBI&hl?cA*B)h*mSeCbsz+#H}DE{+zKPmOTDM6l(ZuIL`#hQXUVSEQi%)WpjKwX-b;GT3PKvEvp1m zFUcRFt7lm~(+C_2S4*Ie82`z=l6Mu-wYNPseynBxKp025WtHjjC))SvKGF)J)mzc= zE=|QWD!bJiPk)g2%yy4VZ}o9+JlVe;i?SPk82haPpR=6{ILpO@d z&}Kdiys;aXSK?{fF_{FPbe%M}`d}2X|IGftryI5#^151*$>piT_RmCu*>t*%PpNb- z*l^>Ou2@(JAD+$nm%R0AK^yYjBS=hs+VgV>7T`$maJpOeBcDdP5W$A2?i?jr`Y}eS z)XRMDOUxUGuDYXn5x0sXM@ldC1E%e4$dUqr4+BXy@M2>`Bg1yq#$QQqRB?u-Jho>y z^q2Xe`8;@tle%qLa|wy)Tb5Y2dF={sLs8UQ=nd?fpDO)}yF(&X1?#x+`bi^Um+@Tf zLXDp`dzaV8n8OZIr4CqQ6Yook1XJ0}eU~#YGsqK;skl=Uj*Pxlbzj<1 z3h$ej_hIxfgnYd`-16ly@0_bFVI)<0-94wY^XQ%)|BFpE&-z+(6h^J;Bww1DY)Lw@ z2yK@ai+KD5{A;sy)$qjp$hfv&PxbC3PgrLzBm~q4-)3F#A{iW<`Tv1B{O*e>LIg9jS80YQ`NID<)a4f(mvo{s!wP z4i9;X?PYAEI*{vU*G}$A#c_mnkx|&q{9dDjq2^A)`yIJ^iL=P`Y}U=WmnANy9P{_* zQsPD?6Qj5%VtKwJtHiY46I_}X{Rxf5*!jRn0m>C93aG`8Xv_9OC2symBjKrq!eY`W zRPeU1=@#k!CG7D*r?HP8xGk<9>N>1Qb(kkI{o^cGBA@p(?(0h!9X?srVgSchu-Z@3 zl>jZ8PVTA&e)mVXbWGgIa@BUW!bJ^f3pWk7IW_y=yqdB`$w?KaUcI#0UR;mG#5h0EI{8l{w4trvx7* za0n_rJilZ9&hPLq{*TxBtFsCFBdyCxK}f;G*ZCL|7e~R}5lRoUhG*S>S{qyp8JMSy zqlG(!0!((zVdLUUTR6j6JaKxFCFBp6e4Rxa|La0&d6M1L{UE4c9L_YdG%# zrI+;du!XtVdHDXyzV2>*<#fnjOK{--jhFwePk%iW4la%s)Y8)pN-qVk z9w6*s*595o0zCZ#qSvysafbJI@NM%ycQwOi*$)zMYOO*lJBC*utSL?A(Z;;9xXErJ zc-%DJlGQBTES=$9p%#eiav$d+&}qQwbC4-$vdNk@auLtzjbuhyNe!;0+L?ck=4d{o zye-<~3GIEDj(dxj-R^An1;fk$#wWE`jEn1KMw}ng_-?12i=u}H#aEGX0Z!J(Yr1g|Tbx1(vDx54#Zh23{Kd`-K8-(@@7uLHSUo_rPx;7@- zpwE%pgFe<$Eqg_C3w#g7f5kOt^nY&ba`GLrK|^zYb0imuRi! z%9x;h^cE>PPDuOZG=?n|f%rVx$5bM!-+4SZ9~_(mD7t^O7EITz#oyIE3JN;*U%d`C z3ObnMceft#O$vmEN=HruZ(W?Vw3O-Ppw8Dl4Akn+nE9h1u#jgf48_BKQDyiQ$4&ix zBJaoXFaMU;tCF7J^sv>PP@u-$YJ?izdCX^M35fq+JwQTC0XiLP6Sm^J{>$JBrq5lE zRxj++^LPCA8Gp4(0C;NmOGS&tYwkWVMf7bxM*PZfvR!C zca%_x;DyMiqW7rrH1blR*kSTE>xJJ+6~BBM8+(f?&28t98!#KT~53`o5~Ks{;xOHZEu*Lo5K*AtiDdV+;V zEoA&G*-yO(@Ls`^e~&|ONHDZvj&@FP6~X@%8SrrknzWreycwkdQ~lb2B&51_ZXTX+ z1^G2mxGwGCV-GMryt)?z^T9_P0(=6ze1?<+JYXTAUkC0&gm}S*;CufviTjtyzh*Ev zxEPYo9u{s;cL){u#_wHD{BJkW@_Ycl#edq>%_QmW-}e^a8hO*&B4=s63tIlgiKS@fk8!AkMCl0B=9#E{Ky!uImw z#h2A8*)Nl2dTp^dMKSI=YkE@`J$(tE)qjL2$XnO>uoued$ctK8))T&VC>0^`WYI=xu*8$)Sr zW+M1J7dIv~MTzh|1`OFXXH7WeqV1)4M%3HyT2ZN zcQ$2wC;CD0k=)LSbOrU(TqGBX0{*XKKA-#R{;tl0;cx2EukjWQ!F4lzT~wq0$`rqw zYfLaY{P1C5&-)neF&-X`5Z+RU7zs3db*OCm+0oQYbzp7g=PpGw> zo23O8yx4`y!{0*zPz3#77T~C*mpj)#My{`gS-QLY+x}ms8hqY5_?`%J8yiOUUX#`m zdruy$36BOEdQ>Gae0uVi3}KOh*pa|OV1d8ygbX5Q|IfahVs7sgW1_hRRuh{q;+?ERwn( zn}|eup+-?gEm+Tm?O(C}0(Y5d+S52*2V#fRG7~4_$JFg(}ca+vq zN?>*9jz&;ixxpTGtMIVlj@5iC{8nr8O9qZ_lFPF)0^@FGe79fU9U_=Ng&ye|y$*eS z5qyj<_w7gYH2dikMVt=p5JO#k=57KMaN2KvCx!kPZhQUIwsSTZ;ZGm& z9$HjNykjIXK6HMsz)dN4NxdJ1w-}e*Y(^3luW=$xelO-l)yxJ+K-GNgg`yzpOPQe5 znmlLi4`pp6DCbwyL-^jap9=fLm0cWaieg_psMU~#d z^v7$`7A8;IGxar1RQ);jd@bcR>~_zEL?+RxS7%%s^tbB3_al7D{%eqbT^fL{MF*AeSJ??4 zm|o|Se~JjuAKgAi5a4_LwO910ip`Z-w+|mV7^i#~bXg-cNMrIhheK-PnD1O9f_1d<-_{jL-KJsi0cK;q(I{|z7 zhxpDwSXE(Dzlx&V%WmDoMv6P+ecj6H$r6?2lHc#9NV7OH{@yEK_y=&W1l7;mK|1k} zFOy1XZ@g8bDc0O{dLa>4X09ShmkiCr2J$D|p+!HQp3fu`xUt;+u#O_jH)#}(aoa&8 z?NOyO)wmy!@1LJ5h*%xs#HxAD1`FhJkHizVI^$5qJh1V#4|q;hBYfWLQ9D0 z%R5|y(>1{icn@Z#MCG46bzn7Q$3_S8z2#Z=@rteT^?LQ4LdQ>zt1+7hg?#s-c|173 z>}laz19|=P)SCxsg$B|u&&`+!^Ox?eE9(!NVmG5kvU=K9WVix(t)$+Q5Lu#|)A`1NoUdWC1kxuCd*>E8+|N+n^X6`N9t!m>#_vd1ZcT zdh`~^zp>n9ISpvl`fA15`RIywpor~bM4maxPjW5}p06VtPC%Y@U`MlFRJb6PV{Xs6 z%-sJ#^v6o;Pa>$N@!=+En4%1jPdxvGZ#Tm$5id@GYs>TD#U$1;GZXVtqnN^Enp^3y zGLR>PReqk>y;KE@cpL}i2W76l31UxyJs$KJXE-8{uzd>TDO81VjHCxjG1{gi)X?~7 z#U_Lv*o>!sYryBaRsKF17s#_enYbgxmHhLrS*KDj9y6w6?uwEh>`LaG+aVET_e2QD zbGanhM3kPnYtTKTq^lsHacR&S;NdF2^`dO5gwE z7bg#4cVAbX$1WuHUTzfAf_W7^D`HvL;ecbB@LRv3lf#F*47R;g9BXWbOF-WB zFcCJ%s1TrCbpJuc?Tm{dLV9n46B66)wfWAGOG{56AM!zDy#5qZdORni_if}@wt?iB z*cKtaK8*dnu7IAI4UmtSkvI67)^HME^E?&D-omDG#xKe_;eLu0g&RY^fouzqkAGYk zJ@E;f8l%D;I>NHAu{R}psP42CbzU`t-x(xN4dknLsv#Q8#O`}(&$(=fg!Uli;Wl7l zUdGIC0$Anm3=4pKAJ(f%InS!O56RCN8=5H3<5COmbI@%Uled_}@J97q0Qmum?y|al zwqRFr&B_9K*}gMu*B3cb2WHX!ha8eXMmJp95zVAit7R9ooeOV z-g!&oeXIWDGd{mB#yc6Y-Tv>Qv^hXt=tB?7<6|YWG+vG-?=>QnEr}1ML6(YT=qJN< zNa&QvK%VC$6}K>Fj<~Q}cJm_I%9`bB)Zb6)^#(ETqj=Un90a{3oHiRNO0Pa56W==B zt=6yElCx*QroVIHddl!u|uP&Se`QcrDRP;kR6ui}) zMQwgGW&ZL^bEAX_)C|se9U%X51D%hc(?KsHgEs{u?{=d@F%)CXG>NA6E*sm}wu=Ig z&!e>5)1&B3t>^lRZH-YUQ)*N|*Ql5CUFq?QFMVU?-9Y}ML5(h^4EkD}<@s_r0XTn* z*!w;kL$U!utx=D`CNYAZe5lDqa}qNWYz)@|E4D|41hgZ4!)+N{$rx+bXB>k#0_{VO zy7H;Qkf$EBxN&8knVLSKb)OpgtQCfjcz|q5_1g~6Dz6y7@wuo@0a9y zM^BLA+-!t1qVVewLVVuwg%Yeu9!}7fh2F>E*L_~&{S40`zAtPTOhe`2c-8>4-$wJ+ zNecfYT1uyHiM5knu4x-E_n=3_!VBL{KXr1dJfQ)bMFV-{O$Phd z2UZ{nx)Pn;j(Lf?l0)6Bz2r0tfogquuCGl%-udTG93zli?88)L!l|;#!qH;-sHj!6 zycqNm{oAvxwLm@xsakp3PjWDHLHy9Iq3NPMe_Z7&^9v9+^rA>`{&{ounAJx&*c zh9OIJN*$KuZP^DfBD3Mw7?o$Qw)7DEX zH~@Lu{rfzF9n{uC;?W;dKJOE!l4W(u*7po@J{nZWD$JJ#@~cV^LmhHgd9m0;_m`Y2 zR4OYwTonvAFFBt=@=i=K-vIefJvhSk!MjoLX6%^3Xw-StI@>ZGUyb5-Lba}779DnnI3WMYmW~X<@R`=;OsTzgtbYU9 zg@Y=t->lKZh4Z{zzTp_iFN}(=bm6bp)}cmDx#j7P@j#JTd>ZRUD{4I)>sOmLQH_XaMG9W8!Ul^Pm~{};BeeDT~Xdz z83HS=r&aaG^~s7N#G8T^k}tkv_Mrw|MM=)fcL6!<;j^<=sC>JgtwrI~9veXW!DTOo zJ#X&NRXqE!Xu54j)Af0u4bmG+np8$=qg&eK0^}cS9W0Q2(;VL@-DZWfOKp;iP7$0c zj6U0P)9fuaNXG&4dByLL?@f!pzLG*}4TzW4V#;9;Fm-Fda=r>;o^c{Xh=(b+t~bY* z!zWz1bhj>a_uV8FDUQ_NjFlnZ8|$Opun*rBh?aGsnEt+F%hKX6Ig(vE zwLmvYWTxqdkRO9o`IRkg+nCDq6(YH5D-Zzfqns+Trp82d zTzx<>#ldn!e z_>zrP2>kb$a)R(1ad__EvY!P+?!pWl6-d<26JlF~O1ayTlz=?8=Vu%mm(RshM;^DG z8q@~s#RCoO`FXKgdL7i}J>5)!Jg&xUBCIckNWsgbEFwh8f#YYceet22*5`U8B2u2U zXF#5ys4(k|26*5(`6wl!T?!kQf<_jQC-nx`a})hkxVMem$V8hl z#t!3~vOh@yf2Bb#=1#@KK;RQr5?l@QCRU1N#tE(h!y|I*8F}%#lpx9ktR_y+a)CTm zViH-|wEG4LOPSBDR}ZK+b(X5Nf3W{>yX<0(Aew0g@-(sf-IvYpV|hpSY0WZ(&-mu? zk0{penbhftvgb#YA?#l|ilm5xCDX%2P>5_ReswTkL)(uzl)lMdp5E>1rt9d-%mCWwoOm1` z>~ibv){5*+G25A4@O;O-a(i>&jgQ@$7 zG7*WTPHMCloNu;(`nkHv-D~*~^hadt(+*!ee|K`ijX}FGo2Vz`l5bBZur!nlknK{` z+zo*Khzs5M(p+Hpu0YbJ&B`xKR7{#-&7@ssVQWZ0GLVx6q5hP>9&j>fs!c6l!vU4P z0tsKyfb|GMKN)aK(R7#{wR z4dq`vW0l0hY?S1ViQGoW*Y|BYnQ&*j^BuxG21v&0maJj|_1$5edT&f%o+cGG2=#;9 z6_sV3MB@eOo-YXrWK-k45f?WFfl2i-nOM(xKTjRdAHB^a;UA-#jIX@LY9QbCqN25} zn6x|&u>3-1PqL=c(t*5w;txhwhC!#qyHs8bCRP~2>rFicwdosrvY-;&+0W7zRrwy?at_A ztHRVvt($8n=b{MprzIVxUOlDkU5>ogxxdC6=9$c+c;XS<4+BTO_y|GJH|ysl`FlM#1XZ3&nFuj&?kSqwkm&z3 zrcxPo;tfJM{0g*h>ppo(&H74nTYLY?!25Zqjr5a@;F}Mw7&uacc?aSV^v$X5GyE5> zBXGaf2YQ@el+dfJt;R-?khIazjxNZ_rKke!JAHo3qqo#MI#B%5g}gP%(`3F+8XVgIa~?`Gmr-NxP(>d}t^@l8i_YE%Guw;ouC|4wpd zMrJzIK($9aDJ|O6&P1b0qT~zfVfu~`An!wAMaU3UR$u2nU3RjYI>%z=s*4r)gx^n} z_JNXsC&IkKCp5Hpkhd*zvQxuGY*0LTiLBz0#)7LZbG5gvQ~WK2{>Z0(?{&q{JeD~9 zDn$@Sb^VvzTSY?3ilfevTSr=H5QO?FP+{~X7LN$EUmbPIuuk)!%$LF@V+fssDP^L$ zi#ifB(EpIiR{3|g94F48Sr?=RD*K7-Gniaoi?DIB)gxFY_z?D2w2F_=-2|S@(Imqy z53VEdY@zj&V*|OkLk@O_7vUg;d3YR(!YroV&5h>_-6WRsw|FpkGUjX#6ZMmztOxz{ z2MG0We98>2-3Wp5=kbHa;Zle*%9gF8& z3xUs|Ce7%4Y%~xiRM{7Axzqfk;?hfHWQ$v*-23&=gguZ?b@BP`Z;_rJC%pYM%S7Kg zAR>z6bZGcpv`uk(o8Pf0kWXJ%PgS1^df)rt>M^TMG;s_a^@e`7hOU1T2d+LG@s%IoufpV15EtL_G1JR1juLCsCmsg zoXnJEbiOi^$}UhrU5=IS-H-Q5!465d5=58}JY~uo0n?Zb3I)9Ld}6tL;Ba@HUhmQ! z)!E@qENPx6HPC*}_r@rRBG$UeCOjY7)v$&ri#TQJ&USlr+27zB|g_XK=5Nbp+b464{9El2grC zG2oulaan_xx6%hK7cF*sGS3Cs94Nr2d+on;}6gLElxt9+3$*HyE z*Q{3&<}I(@5Z&3H(<7Yv=~+YF?ZU?TCAj|d^0e>;i7|3U`FKCj{|;%BvoV(EZ2s}} z7s2jwM&270N6BXn{$4-s*~K;8MDVBM%vxmQvr6Zjt@CXcS`?Tv%6Z_JO=-XNUg|hj zpA3S&_1w=e=uQnFJ#I8}D?fQz6AN>8duZE+mn3N1DMeu)1N5g?-RNkSu!N>^onp`- z_AQoBKJ@L8s%LW%y6GDAKsG{s(#J_Oh&y2#cXXa~c}No_!B7?ISQ@j$(dL`hjdKz; z4YWUyV^z{Dv`$rEBc&NYfo4xRF3Jp>bmmLENj3OpjS*qKI>LuURI`KU(N_}n(z&%* zGMyZAYw}0XLRq(<+mO01!u)FV@vd_V14n1HpW%2wOvmmDM&3=Q18kqPq!BW?uV2D| z{!EY*N_UTOiN@^&xDcX5j*py&qA|67f768PTXnQ0$pYl(vWVU~%EwQiw`I7*2 zJ-_)SE>DAU==9-LL?X&0W{O?q;ZQo}x0+|t4nOWA%tMxtpVx;*maj|?XtH2FZLC;H zA3A=SKDgf2o3=<|=Y0yazm!xNUamHVdmgOw%D>}BC24d2zI(<`jv<3E*<7vyg!*S$ zqbX{)b*}_`e-PjP6fGf*kptC2ueq|Xw}y3-8s&{#vSYNqDa$?{?Cb>E-wcP5 z1o}SV99Anl=E>OQnVf$Hd$?&qI#3{fAu@I{1mr(o#fA4^wyGF81l>QG!K9Fz^=*Cc zZM&)PM(!$`&KjYA-w!RZRrsa3Ej<)lXu$RE*7Tl8vPh>P#9N|Id##?Yug$+f5L$F>BuqS#*uPP zxjy8&x@87u|z60xyjCl$5Qnl}~rnUEo#6~q>Giwx*04u^8%qzqauKwcXY^pVe`yI1@e b^3v$IYcqE0MuT@t#Y*|a*OA^l?S%gW_`RYA diff --git a/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin b/vendor/github.com/google/go-tpm-tools/server/secure-boot/dbxupdate_x64-2021-04-29.bin deleted file mode 100644 index 7c282d1c1ddb1b0010c2a2a453d196baf2e9fd0b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13501 zcmd6sbyOVBm-ZRlT@qY_!=MQoG`K^6;O-3W?h**@1h?P>cZc8>APEWX7BmE1^3(73 z?7sWQd-j~=a2Trl(@)>7zV+0tny*N3hzF#r4kVLbi^dxDugQ!Tq}c_b56#_jw3 zwOI)`2z?V41meH~V<4g!hDn3W;NW3F2rytYL=>hl>9AiIAS6(35b6~;2mu)!1otx+ z4i*Fpi^ugSM-yG?|8%ddh3IcLq4}fmk4r#kj|zbS9B5z^L^ut2L_AmxH4Z#5&YuP{ z9;&91v!#{2g$u-<0~?I_=O7XulB$`h9mL+0gB(oy=Ljkufr6EZ6T}%}?m{UJadLn- z8M#mkON#0!Tp(f%#B$NkEM&&1F*FtoO{6LK^c==CYT`5W&l z_DVd1mPks26v`SUS8W~hhYiP&DvMHKb7X-nhNh7ucW3{f%V#K~H)jhuH6cy!7==nq z9R|!pve-?=1ng96>Z7AVq#}ej@52;}y=J1&khd#|8eeKlHjFA6mn*m5jl(l-8_eDl zVH_O^UJrKAzVy$IOjkvJ5%!Vd`(x|0awwW%Sa^lVp zOx^V5EuSo6+vHJNTkNrt{z0apVC6rjao}aZQiYOWaSlc>{hxP)hDZ7DcckQC_V*-n zrc`z{b8>-Ds#=*qI0*lCLwE!{3{FlyK3)!HZeA`hm* za}4jS^pU4#qmf8bQFE{k(ouTtice0bB;Qg*PLrR^q;27H+kNXCkwM?LZJ4E4XgYrA zFMGQ;Uu8ye|Em|T$w))s1KFJ z-VdI4$r$PXSjx2T95YUpx@Z(0W_iO?LH>*K#g*sxc57eKb2{y=cM>Qj*$m#|rwg#! zyjgo#>T4{dZlMhcu``$r%pk(EbmWQf%wyOx^euKVGv`My+~aR*2u(+QWXMm z`QwR?&dAHj%?ak_;N<(`iM)Sr^89K3U$E`}$qoB=8lt)?HJ{Zy>)YGD(e#pl)kDJg zD!b{zv{i$3V7GtZ-?IM3gwqFyNC|Ttt>gtkV(j3>N=R)+Cd>9kQ~W&2>RLB^X$6>c zS^5l7Im5I>#eXgR0G}Yr@`zp3%9Te)i4uBid-VgP7Cky*}9+aU5JUzXquU+odh|$o&g0_K7*`l$7;zZUM?-xa`dILPWWvB$|MCF@Fx;aZ{3pYcG*=a0_0z)X znpb>Jqk$~IPiKWr{wpIsCN1 z0Ac>y;FQ&bv>a#CzTOP@qWhw`)dQ)3`9AX-_v?^@pphz3I)^Nq-TOGKg%pa-?Iemi zCiED&2L?uL?_Uc(MbmCA2*aL-SaAtiz4yxyKU*yCxgN>y+$t%2SeyE<7oQ-coFf&B zeav;gLwMl+6+VSMLE(xoYS}Rc@WUZ@F>LL8 zjoVv&D;wkVA;(E#$BfZ&uS5j`Nh}tBi))*WVzl4EBq*J`3Y3)5-YScVc&@N2p<2_s z*{dF=Sb0}t{R&5zlI*Qi!w;mm0mFZI&TI5l){2CC(eiK}cG5NpeRk58+Ox9uXFFW} zE5ovWq+Y6^le^O$Pfo+G#flJ#6a-=F z4s|~;c(8nGxSd*44F!IB?&sH$>g5wQhY#$MTsEZAL0;sn$6rTzruA82HWiRkBBWl8 z;8(#c^q+O(W4qdL=aMv}8=mRb3}`Cy&Txiwz2^u5^*;`??#Ch-9GLchz#aeF+WW87 z`(H}&$669T2n6FxG?EBMf`cpi@>+aI=u#E*wTSedHo z`%`cBx$`^JXN3Jd^2!M!6=kBoc@xDMD(L?I36*>$V&bQxr$OY7Y zvEt~$fW3<^CVx7uL{_M}WmhNiw$xBTlp?__2NlR)um=}hXWh&vU^y|+e%pYPiEV-&dCL3Zu|8SF=ycE_mYNyb8Gqo6qww zlGBCt=b;+9Igr=7Ng_T@&es6F2>i&b9iw|_%VY9=+RTtxa{0Y&=zKdy zI}9)N&!&O=l*s|ZrC+Psi79KB?*rFh0n_)e97DW&LN*r8lhI8(AkR3suUaq2pBK%t zcxYd0=yNQ1z1n(@W9F)Rx`iJiD*@!=ZniP4=D9>-go)5CIltA-psdi-(Jwa&$;>1> z6`#ukd2C3<-sHiZB3QuXJRmn9ZEY%mIS~>&}ho`O$R52aA!~W<`_` zxXFbk`HU?llCBys*=WkXCZGd(=Jd&DVr&WbyaruzeHiq}w(nQvydVz}H|#cXAggpf zAkXFyZxL4f%UOk@j`0JATKqBY(&3?m=U(ZZ*$BthkZ5h#?Iy&FO_8<3ClXun`I#H zcp3+pp_cJeFL-5KPMdl=j7{l|b%AHOyZ)tX^v=W;$OnBBn5e%*7N5vY?VAoC&(szj z7uvzb)PgX7ef?b1zyioe%}Z;aBsW~dRDVc9vo^A*nD>gXfA=cUl*ox{KwGi}$j8Ly zM^0{|k|LEmn~gFYsT|GdR*tje zelF^?tLG?XpWoyG`F@m+3Mtph#cv58s2iG|+`LW7d&NSrTS(ZV7sVCPdkf?TiF!(F zkC*~U85&ASae#?zDdNSa zS{TG9ut1*kA_+Y|dl5IkM{?^n($t*cVa&%%Y-AIc%QuFx9}UWHvF8j%3sS1i2!wYo z5301PcciQtP${3?I$l!wPRg{h1NG&?EQ{vM+P^=RgE6-cV(?0%Q&kh3w+=X^!tsVX zIVeCr@@)EYBeaiu93dMed42q@8^N(QBuzcUOJYewdTr?j$bUNEfk!;G*T{INhr?Lg z|Dn!ax)cOXW&L%AswvDKtY`*N-Qw;bmeP-*u1y z@;OgT4mFATlIqz`P|cBQC5mk}hf6K+z{p=q%>;dxMwX0tvOCYYlHMv;{#RBJ! z~b}zxOiRlmd1STVKvHjHm)Ndo3 zwo`*aHi6L4z?GCjgdS3ILLvydHRW)77sBs9y#(^;D^xI-K7LmQiif=KV7nX=UZ4un zjKtshKNZJFszHAW$;(r04bZoNGaZoKoEW##F>5rKxvP^j^^IJfova)Z^S zxQKVp_zst7gAom1_q{G}asi3hal=I+Q2*4uS}AiWK58eYK)2_kB6pfRd{wF$CyQW> zjHUvwGSqyE(JSw|Pkj8k<%GZGhvC{mUcU+q_gY-rN83wO^-LP5`8rrD@U%#i)j_*q z*hKk>21CNGq%j1?;L`|F#jlPXO{jQUmoGMc-k0Dwke1$1Z}h*QS|_JMzhEU(a`~=& zGR4;pjK5#CJjBp>`OO5~Sh0eQ7s?kza1^oGzN*N2|NcnX7}WfJ5+*#{bpA4_68{D* zTGmR&>#f;AJCnvrn;51$^V_9(puYE~QFW6EED%KlvVL=``*g)jaQ{nLO+&#Ryi=C_ z0Z$;m1H-4+i3zV6xC5i&QQvxzulduSAfBq&N87-9jSle+$dlGDjhqhSPL|Xs#^O2N zGpEF3Z6HxWzNj-;u-f`L69ReR3Hs5G2NEyFHfdVu`+piN>1y*oH~*FdzB)d*{C{fAJl)KdjaH^ z#spWpF*j;z;lpR0a<8Q>dLfzx+MV9?0p$3K6|Mb19#-?g5sQg%Bl4q5Vz(Q7$#|I& z<6`NZ2_HO%9+2mc|M`29!9PD;-Zv4Ag;;-8erI(UEW43hIqNzXRWQnnvOj+I%VrK;STKd>K5%U<2qksd1nLKt)_rm%-lr%p`SwG9*NUur?}&+` zFB(6-6yM@?agzg(k5xNfBDhkW*eu><O_sE7VRw1M=ytJQ*cL zzanQWTjX(Cq~F+(ZiyS$9M(&ajy>_=GxY}YIfb8LU(N}SJcz-x`o)N=(PcCH={q%` z*gpi&&)Z=`z28}I+|HLyF@XDW1#8!|z5R%c*r~FzD^;2O zE~L@=aqRPClcn3B&40+kZ7Z83jR_y9kK9Hbxw}iEK>6^Jz*xn)#xFIK#rAlu++lFJ z=V?w%5s*h=_$dtrLe3LV|S|~Ar_23^G_P(B)3!__(LmrD!&#vS>kSB?YCn%kB-o#@l^`Pl6Cf(9l zu2R2dzIM9nW(>obZwB&Y(ONxs&0nLr#*WAhQu%*zf5AK>T7Rimt0~Bw8&L{1ekq9J z!;Y8rPk(@dBwI170=dJ&K&==&4?<~XJ!(FOi9mgN^pLvjuoDy98tV@m`_0Q&KYWof zf^;JI9*E586(6L4JmXlQx?%x%o*;fG#7Y-G%LX2Xy24v0a&&6 zligpa5w*+aU9)kednR`!eRs**-9ypYpOy;LXPu0V33Q;D-dU9-7P6c_0DtNHBH!NZ z|MYv$7>KZf7|3%FGY#k{cV~h>jwQAvym${%iw0%k2P(pcu#B-LQ_vgP>}(iwWpm9+vH zt=d7l_o2Xec-dyjC~H^X5*Tnf${?tylRsdMBGtB%KOM8xwD!3wL-Af5o52wrl`KfF zq#~?smrsedYFp#c9zvJA!mBd%(}4VQvjwYeo!`-7-aI&Q0#wg;3Ns<0*{CPlht^>p z*2UaF{)L^D?lP;S+X~6Z*u}On zuHs1{1pkjiYj``UoyTGt*GEwG75}!aqun zl>Z3qZ0~c&@bo0SdpcwlViA!}C^~&PiJ~H(2Wyq60pYud5+DyGd z1ck(@*7e#YmUf1pi~6%NK-GsLsDpOeO*Khn>u8|j4iNtX8CVl5cw3uYjI7h(y!9PW zUoI}-$>V$Fp8oeH;S@Hh3`Vm*RL$P z=+GB>a&1Cf2JyygmrbMmwVWYcnp1iZSG{tJbD+M|1BpqkNaHR1p(h?5$Ck=h9X56% zEWN680-@fU0nS<=uelY^e?6v3-QhM~&2e=Y5vguUr{;2u;uW-TkujT`0_3&guBjcV zhV0@F-5+anUJ@slpMZmnP32tw6|CKSk;^-m;u zS>guM(B!cD8yVJwI%yksZE>U4mufy&0OL2S+a7!J1+I@{8Ao;5c?9DV=S&V!x=Y{y z1RP%Xode3>%s=4e9`-(cp^zn}$49?)D698WWMF$-p(5hK9RzoJ0@Sy3p1CAt>`>iR zKYGx1{}5~;o}L;=Z2UmQk`%}_7z5>Rc5Qnz!f(USuj>6>Zf=Vx71r0HBk=Ir$jHZ* zq@)rRf%iePe@#9~}r=<6RAQR}LsdmBC4DZ`!4P`a}SEhdfEt(@H)Kt4h@S z+AlqHoQk`s2YkI+5g_ilNLH0{An()*3G&%bNJ~viAsMW4iNPmFnBAXj)Qc0XGyg={ z83g1#h)l7mB1-FPo##p~4w4obOdVgN_^0!DX^|VtJ$HrLPw)s1E*#=&3!mvyu@D*( zPFN-=_f=VPd`(~FZfO@o1GRqfs6QMjAO3tulpP zs|GY)(9Y%c-F}*qo`kBe;!G}X1~$DKf7m8P;2Tn|I@P*;F4vqJ&cQOoB)Vr^13quO znRVf@jKB-p+@@!o(i>~@nnlCXF%jsEIv{5h&Kor-K9v+dwJTO2st-VM?3Vxgd~F*-%bW zo(=fgXZ#S$s1b=9MM1i$6*_|v+3THOHiZI}KdHeDM-mCUJMn`WC+7h?$=Q{Xf|$nq zKkvOyyNf(R*Ma(}MZ_o)62=&3Zx;tuSSsQ&T<^raRySrC83WvmXab?~A+>a%6=$B} zxJ}O*;j1D+s}yVh;JA#_Eis(lIu$qj22ekpfpY8Mt?1V(xy5qniy+Hg@nVNr-J-RQ zabX|%q+BN`UOlfYTVtm-vYcc@R4)E9m*^>ltw^a2MEK0|dl(D{kk71Ea$B&um@iH3 z>M#(?%u|40iI(m=ig8Os4SM(R0%|>;MVB)QCNmh~^ZV?YZnAQ0!@EJLdFKpoZ!;B* zpW{jj)X$z-YGT)SA*4UuUE!|{g)0ydyexw+^ep^_@Wqc>xeUm^pM8nd{sgU?^C~VY zzrURO$zdPAWDy1(RY60zb-^ABkT3k=(bV6Or_S>k`Km>mt+%N126xZ965pEVpaGm@ z3bj93Mmsw)|5dDsFEb@KIT!NevbMaa*}3NPS?&>)bA7ZeP`^@OGqPJsG4+Q|T^E;{ zjC7MtGo0Jr}LM&z~-Jp*P^98tphn6L>}(Of83&Y!2B?20;OL9%CCA~ zrE2#i`Qe{88aS0*e5{U!*gJV!wqeA-(Crcc2g^iN8A~ix8oz47M$fT4rhUOzuIuh?oQF4`!Pd zHS=wdmKba7uhs@Y>#}ShZO|4Ty?Prd1!{Ai!W4QDeMSQexEfh^5MBbUX z4p=JfdEqpy>qw5@c^+)cYWnH^D6&OZ4|l^x$G2a!s(}Jl&eRz#OnF5Llq45G{jWTRcj%lA z^1*Yb4`Fd|GsuZn6{o`~$XC@R;x^Z>p!O@4VL#LdhnKC+4XQFAXEm0urVO8dOc~l} z>r4KDXXSng)L)LT2rW|@N52Ww=q0L zUkzbeUn0Cqre=XR(roVUY3ZFDGiwJqoAX&}{f%tDLVyb2O zsV`FSLiy)^Y=_={iKwC z&Y60^IrF6i;=N^rKbR+cD=>aB4CMD7-iG!fw<_q^1iZSKM<$Y5@NE6+Zn-5hCH0U= zVGgw(KMF1~moY*qQL-M~z+Q%FW6Y0Rfh8cU5{RNdS!w98O5B@z-}_O$jeVYWciC_ zqiYV@zMQSg@8)gXWej4Hfc$x^-J)Y`vVdW}5=&<>YBJT2DvNJ)VmiM36M`zfU!eB? zhY<_~m2zLW+l!r=48qrEr-Z;!uO_g*Ml7poYv{U%0QD&dk={HLCqVg{WY2Dm8&mrPc!E)saEpx%GPbgwHuX>YR6PMbAEM zaBnGJEt@cTiS%< zDU$o;f(WlHAg{}G&)pH_wcjS5MMrjHEv5vs$y1?lN#2tx*?58($q(ey7b;X%*yRWV!YBI=%w!a7OUp~O?pwbC`C{Z!f0d43YRqy0*U5X!%OqDdqYY8Me0-ly zNO8AGq4sk+=8$bcIeITb)CRwByUu24nmM&TxEir=lDsN-qsCYZ)E`Zk6G4b;wC&Qk zHRsV7`8jto@yx|^N|J@fXhnZ@9BTh({wSs?Xx+B@MjqKMF`7V8MUE9lCWaDb6@AtQ8?0Sxn z_n`RW@Xp9WJTu=NC;T)GmftI9J-S+7l6PIcPNcTA!D;bJG@yM2G}k84>OT@&(c;97zv0b(%Pnt?NqYwC-@J{eRLeZj^Q=G&1e9>?eJSd^|+n1sq{6Az9!xXHu9d|`$g0)9K;uS^*U1!B4Qha{bm<`lV z*FIE4*pzO_p-Mz9)G*l#ZKIYa{$h84nbN&YaXTIev{sJ3QHCOQ?zVrTuMqNDk!xP zAC6q!v}iGH6a~r;bs|qb(DLL8J^4}xH|<}4Q+RcOWP9?vdHzfDGiqucsPF4x{N?SV@md!2= zQ`XPV3%R{Q-e$YE!9B&se9pybyRx*WU7M9y&U59h&4t3Db$jeGm{>C#gBiU)<~^v^ZF4K_5G;rHw( zC^xS#*<%ZSu*R|ZY2OFr@+)10k znSZhFYrU=Al|@+{kxcsfwkM8h+;jSOGssru&>x2xg5S#a_v}t(VrFDuTx@AzZXn3U znb79J*!IJTk&%UknTbWfKol6fvZ^e620UzB+H8z0j7{cT%!~%yAYp!x8ukX{zy-!D zFmM?e!ljoa_-MZTRGS?$`SzKd`4aY-9_fYorKiu-@ArN3 zqSLlc(5cvFZ^xWTOOrC}H9&a(<` z`SMxw=k3|Sm-gzf%_>!MP1&_eV_JLP_79cezpD6byeuZ|`84&@bBzn%Z_JR2vz)gz zwPEk)TSE2$W$BvpFLHCqwNH;Jy8W54#Op5muCkX|f9@*Xc4NA}p6lpa(LMayD{uGi Vug_n*X!}uLFZay{!zOGK2LKf_J{bT2 diff --git a/vendor/github.com/google/go-tpm-tools/server/verify.go b/vendor/github.com/google/go-tpm-tools/server/verify.go deleted file mode 100644 index 7584f768f..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/verify.go +++ /dev/null @@ -1,344 +0,0 @@ -package server - -import ( - "crypto" - "crypto/x509" - "crypto/x509/pkix" - "encoding/asn1" - "errors" - "fmt" - - "github.com/google/go-tpm-tools/internal" - pb "github.com/google/go-tpm-tools/proto/attest" - tpmpb "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm/legacy/tpm2" - "google.golang.org/protobuf/proto" -) - -// We conditinally support SHA-1 for PCR hashes, but at the lowest priority. -var pcrHashAlgs = append(internal.SignatureHashAlgs, tpm2.AlgSHA1) - -var oidExtensionSubjectAltName = []int{2, 5, 29, 17} - -var cloudComputeInstanceIdentifierOID asn1.ObjectIdentifier = []int{1, 3, 6, 1, 4, 1, 11129, 2, 1, 21} - -// VerifyOpts allows for customizing the functionality of VerifyAttestation. -type VerifyOpts struct { - // The nonce used when calling client.Attest - Nonce []byte - // Trusted public keys that can be used to directly verify the key used for - // attestation. This option should be used if you already know the AK, as - // it provides the highest level of assurance. - TrustedAKs []crypto.PublicKey - // Allow using SHA-1 PCRs to verify attestations. This defaults to false - // because SHA-1 is a weak hash algorithm with known collision attacks. - // However, setting this to true may be necessary if the client only - // supports the legacy event log format. This is the case on older Linux - // distributions (such as Debian 10). Note that this will NOT allow - // SHA-1 signatures to be used, just SHA-1 PCRs. - AllowSHA1 bool - // A collection of trusted root CAs that are used to sign AK certificates. - // The TrustedAKs are used first, followed by TrustRootCerts and - // IntermediateCerts. - // Adding a specific TPM manufacturer's root and intermediate CAs means all - // TPMs signed by that CA will be trusted. - // To trust the MachineState's GCE instance_info, the caller MUST use - // authentic Google-signed certificates provided in server/ca-certs - // OR fetched via - // https://privateca-content-62d71773-0000-21da-852e-f4f5e80d7778.storage.googleapis.com/032bf9d39db4fa06aade/ca.crt - // https://pki.goog/cloud_integrity/tpm_ek_root_1.crt. - TrustedRootCerts []*x509.Certificate - IntermediateCerts []*x509.Certificate - // Which bootloader the instance uses. Pick UNSUPPORTED to skip this - // parsing or for unsupported bootloaders (e.g., systemd). - Loader Bootloader - // TEEOpts allows customizing the functionality of VerifyTEEAttestation. - // Its type can be *VerifySnpOpts if the TEEAttestation is a SevSnpAttestation - // or can be *VerifyTdxOpts if the TEEAttestation is a TdxAttestation - // If nil, uses Nonce for ReportData and the TEE's verification library's - // embedded root certs for its roots of trust. - // - // Deprecated: go-tpm-tools no longer verifies SNP or TDX attestation. - // Please use go-sev-guest and go-tdx-guest. - TEEOpts interface{} - // AllowEFIAppBeforeCallingEvent skips a check that requires - // EV_EFI_BOOT_SERVICES_APPLICATION to occur after a - // "Calling EFI Application from Boot Option". This option is useful when - // the host platform loads EFI Applications unrelated to OS boot. - AllowEFIAppBeforeCallingEvent bool -} - -// Bootloader refers to the second-stage bootloader that loads and transfers -// execution to the OS kernel. -type Bootloader int - -const ( - // UnsupportedLoader refers to a second-stage bootloader that is of an - // unsupported type. VerifyAttestation will not parse the PCClient Event Log - // for bootloader events. - UnsupportedLoader Bootloader = iota - // GRUB (https://www.gnu.org/software/grub/). - GRUB -) - -// TODO: Change int64 fields to uint64 when compatible with ASN1 parsing. -type gceSecurityProperties struct { - SecurityVersion int64 `asn1:"explicit,tag:0,optional"` - IsProduction bool `asn1:"explicit,tag:1,optional"` -} - -type gceInstanceInfo struct { - Zone string `asn1:"utf8"` - ProjectNumber int64 - ProjectID string `asn1:"utf8"` - InstanceID int64 - InstanceName string `asn1:"utf8"` - SecurityProperties gceSecurityProperties `asn1:"explicit,optional"` -} - -// VerifyAttestation performs the following checks on an Attestation: -// - the AK used to generate the attestation is trusted (based on VerifyOpts) -// - the provided signature is generated by the trusted AK public key -// - the signature signs the provided quote data -// - the quote data starts with TPM_GENERATED_VALUE -// - the quote data is a valid TPMS_QUOTE_INFO -// - the quote data was taken over the provided PCRs -// - the provided PCR values match the quote data internal digest -// - the provided opts.Nonce matches that in the quote data -// - the provided eventlog matches the provided PCR values -// -// After this, the eventlog is parsed and the corresponding MachineState is -// returned. This design prevents unverified MachineStates from being used. -func VerifyAttestation(attestation *pb.Attestation, opts VerifyOpts) (*pb.MachineState, error) { - if err := validateOpts(opts); err != nil { - return nil, fmt.Errorf("bad options: %w", err) - } - - machineState, akPubKey, err := validateAK(attestation, opts) - if err != nil { - return nil, fmt.Errorf("failed to parse and validate AK: %w", err) - } - - // Attempt to replay the log against our PCRs in order of hash preference - var lastErr error - for _, quote := range supportedQuotes(attestation.GetQuotes()) { - // Verify the Quote - if err := internal.VerifyQuote(quote, akPubKey, opts.Nonce); err != nil { - lastErr = fmt.Errorf("failed to verify quote: %w", err) - continue - } - - // Parse event logs and replay the events against the provided PCRs - pcrs := quote.GetPcrs() - tpmMachineState, err := parseMachineStateFromTPM(attestation, pcrs, opts) - if err != nil { - lastErr = fmt.Errorf("failed to parse machine state from TCG event log: %w", err) - continue - } - - // Verify the PCR hash algorithm. We have this check here (instead of at - // the start of the loop) so that the user gets a "SHA-1 not supported" - // error only if allowing SHA-1 support would actually allow the log - // to be verified. This makes debugging failed verifications easier. - if !opts.AllowSHA1 && tpm2.Algorithm(pcrs.GetHash()) == tpm2.AlgSHA1 { - lastErr = fmt.Errorf("SHA-1 is not allowed for verification (set VerifyOpts.AllowSHA1 to true to allow)") - continue - } - - proto.Merge(machineState, tpmMachineState) - - return machineState, nil - } - - if lastErr != nil { - return nil, lastErr - } - return nil, fmt.Errorf("attestation does not contain a supported quote") -} - -// validateAK validates AK cert in the attestation, and returns AK cert (if exists) and public key. -// It also pulls out the GCE Instance Info if it exists. -func validateAK(attestation *pb.Attestation, opts VerifyOpts) (*pb.MachineState, crypto.PublicKey, error) { - if len(attestation.GetAkCert()) == 0 || len(opts.TrustedRootCerts) == 0 { - // If the AK Cert is not in the attestation, use the AK Public Area. - akPubArea, err := tpm2.DecodePublic(attestation.GetAkPub()) - if err != nil { - return nil, nil, fmt.Errorf("failed to decode AK public area: %w", err) - } - akPubKey, err := akPubArea.Key() - if err != nil { - return nil, nil, fmt.Errorf("failed to get AK public key: %w", err) - } - if err := validateAKPub(akPubKey, opts); err != nil { - return nil, nil, fmt.Errorf("failed to validate AK public key: %w", err) - } - return &pb.MachineState{}, akPubKey, nil - } - - // If AK Cert is presented, ignore the AK Public Area. - akCert, err := x509.ParseCertificate(attestation.GetAkCert()) - if err != nil { - return nil, nil, fmt.Errorf("failed to parse AK certificate: %w", err) - } - // Use intermediate certs from the attestation if they exist. - certs, err := parseCerts(attestation.IntermediateCerts) - if err != nil { - return nil, nil, fmt.Errorf("attestation intermediates: %w", err) - } - opts.IntermediateCerts = append(opts.IntermediateCerts, certs...) - - if err := VerifyAKCert(akCert, opts.TrustedRootCerts, opts.IntermediateCerts); err != nil { - return nil, nil, fmt.Errorf("failed to validate AK certificate: %w", err) - } - instanceInfo, err := getInstanceInfoFromExtensions(akCert.Extensions) - if err != nil { - return nil, nil, fmt.Errorf("error getting instance info: %v", err) - } - - return &pb.MachineState{Platform: &pb.PlatformState{InstanceInfo: instanceInfo}}, akCert.PublicKey, nil -} - -// GetGCEInstanceInfo takes a GCE-issued x509 EK/AK certificate and tries to -// extract its GCE instance information. It returns an error if the cert is nil -// or malformed, but it does not return an error if the cert does not contain -// the GCE Instance OID. -// The caller must first `ValidateAKCert` using a GCE EK Certificate root CA. -func GetGCEInstanceInfo(cert *x509.Certificate) (*pb.GCEInstanceInfo, error) { - if cert == nil { - return nil, errors.New("cannot extract GCEInstanceInfo from a nil cert") - } - return getInstanceInfoFromExtensions(cert.Extensions) -} - -func getInstanceInfoFromExtensions(extensions []pkix.Extension) (*pb.GCEInstanceInfo, error) { - var rawInfo []byte - for _, ext := range extensions { - if ext.Id.Equal(cloudComputeInstanceIdentifierOID) { - rawInfo = ext.Value - break - } - } - - // If GCE Instance Info extension is not found. - if len(rawInfo) == 0 { - return nil, nil - } - - info := gceInstanceInfo{} - if _, err := asn1.Unmarshal(rawInfo, &info); err != nil { - return nil, fmt.Errorf("failed to parse GCE Instance Information Extension: %w", err) - } - - // TODO: Remove when fields are changed to uint64. - if info.ProjectNumber < 0 || info.InstanceID < 0 || info.SecurityProperties.SecurityVersion < 0 { - return nil, fmt.Errorf("negative integer fields found in GCE Instance Information Extension") - } - - // Check production. - if !info.SecurityProperties.IsProduction { - return nil, nil - } - - return &pb.GCEInstanceInfo{ - Zone: info.Zone, - ProjectId: info.ProjectID, - ProjectNumber: uint64(info.ProjectNumber), - InstanceName: info.InstanceName, - InstanceId: uint64(info.InstanceID), - }, nil -} - -// Check that we are passing in a valid VerifyOpts structure -func validateOpts(opts VerifyOpts) error { - checkPub := len(opts.TrustedAKs) > 0 - checkCert := len(opts.TrustedRootCerts) > 0 - if !checkPub && !checkCert { - return fmt.Errorf("no trust mechanism provided, either use TrustedAKs or TrustedRootCerts") - } - if checkPub && checkCert { - return fmt.Errorf("multiple trust mechanisms provided, only use one of TrustedAKs or TrustedRootCerts") - } - return nil -} - -func validateAKPub(ak crypto.PublicKey, opts VerifyOpts) error { - for _, trusted := range opts.TrustedAKs { - if internal.PubKeysEqual(ak, trusted) { - return nil - } - } - return fmt.Errorf("key not trusted") -} - -// VerifyAKCert checks a given Attestation Key certificate against the provided -// root and intermediate CAs. -func VerifyAKCert(akCert *x509.Certificate, trustedRootCerts []*x509.Certificate, intermediateCerts []*x509.Certificate) error { - if akCert == nil { - return errors.New("failed to validate AK Cert: received nil cert") - } - if len(trustedRootCerts) == 0 { - return errors.New("failed to validate AK Cert: received no trusted root certs") - } - - // We manually handle the SAN extension because x509 marks it unhandled if - // SAN does not parse any of DNSNames, EmailAddresses, IPAddresses, or URIs. - // https://cs.opensource.google/go/go/+/master:src/crypto/x509/parser.go;l=668-678 - var exts []asn1.ObjectIdentifier - for _, ext := range akCert.UnhandledCriticalExtensions { - if ext.Equal(oidExtensionSubjectAltName) { - continue - } - exts = append(exts, ext) - } - akCert.UnhandledCriticalExtensions = exts - - x509Opts := x509.VerifyOptions{ - Roots: makePool(trustedRootCerts), - Intermediates: makePool(intermediateCerts), - // The default key usage (ExtKeyUsageServerAuth) is not appropriate for - // an Attestation Key: ExtKeyUsage of - // - https://oidref.com/2.23.133.8.1 - // - https://oidref.com/2.23.133.8.3 - // https://pkg.go.dev/crypto/x509#VerifyOptions - KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsage(x509.ExtKeyUsageAny)}, - } - if _, err := akCert.Verify(x509Opts); err != nil { - return fmt.Errorf("certificate did not chain to a trusted root: %v", err) - } - - return nil -} - -// Retrieve the supported quotes in order of hash preference. -func supportedQuotes(quotes []*tpmpb.Quote) []*tpmpb.Quote { - out := make([]*tpmpb.Quote, 0, len(quotes)) - for _, alg := range pcrHashAlgs { - for _, quote := range quotes { - if tpm2.Algorithm(quote.GetPcrs().GetHash()) == alg { - out = append(out, quote) - break - } - } - } - return out -} - -func makePool(certs []*x509.Certificate) *x509.CertPool { - pool := x509.NewCertPool() - for _, cert := range certs { - pool.AddCert(cert) - } - return pool -} - -// parseMachineStateFromTPM is a wrapper function around `parsePCClientEventLog` method to: -// 1. parse partial machine state from TPM TCG event logs. -// 2. verify GceTechnology since the GCE Technology event is directly related to the TPM. -// 3. populate the machineState TeeAttestatation field with the verified TDX/SNP attestation data. -func parseMachineStateFromTPM(attestation *pb.Attestation, pcrs *tpmpb.PCRs, opts VerifyOpts) (*pb.MachineState, error) { - ms, err := parsePCClientEventLog(attestation.GetEventLog(), pcrs, opts) - if err != nil { - return nil, fmt.Errorf("failed to validate the PCClient event log: %w", err) - } - return ms, nil -} diff --git a/vendor/github.com/google/go-tpm-tools/server/verify_test.go b/vendor/github.com/google/go-tpm-tools/server/verify_test.go deleted file mode 100644 index cfa30eb90..000000000 --- a/vendor/github.com/google/go-tpm-tools/server/verify_test.go +++ /dev/null @@ -1,794 +0,0 @@ -package server - -import ( - "crypto" - "crypto/rand" - "crypto/rsa" - "crypto/sha256" - "crypto/x509" - "crypto/x509/pkix" - _ "embed" - "encoding/asn1" - "encoding/pem" - "fmt" - "io" - "os" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/internal" - "github.com/google/go-tpm-tools/internal/test" - attestpb "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm/legacy/tpm2" - "github.com/google/go-tpm/tpmutil" - "github.com/google/logger" - "google.golang.org/protobuf/proto" -) - -func getDigestHash(input string) []byte { - inputDigestHash := sha256.New() - inputDigestHash.Write([]byte(input)) - return inputDigestHash.Sum(nil) -} - -func extendPCRsRandomly(rwc io.ReadWriteCloser, selpcr tpm2.PCRSelection) error { - var pcrExtendValue []byte - if selpcr.Hash == tpm2.AlgSHA256 { - pcrExtendValue = make([]byte, 32) - } else if selpcr.Hash == tpm2.AlgSHA1 { - pcrExtendValue = make([]byte, 20) - } - - for _, v := range selpcr.PCRs { - _, err := rand.Read(pcrExtendValue) - if err != nil { - return fmt.Errorf("random bytes read fail %v", err) - } - err = tpm2.PCRExtend(rwc, tpmutil.Handle(v), selpcr.Hash, pcrExtendValue, "") - if err != nil { - return fmt.Errorf("PCR extend fail %v", err) - } - } - return nil -} - -func TestMain(m *testing.M) { - logger.Init("TestLog", false, false, os.Stderr) - os.Exit(m.Run()) -} - -func TestVerifyHappyCases(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - onePCR := []int{test.DebugPCR} - twoPCR := append(onePCR, test.ApplicationPCR) - dupePCR := append(twoPCR, twoPCR...) - - subtests := []struct { - name string - getKey func(io.ReadWriter) (*client.Key, error) - pcrHashAlgo tpm2.Algorithm - quotePCRList []int - extraData []byte - }{ - {"AK-RSA_SHA1_2PCRs_nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, twoPCR, getDigestHash("test")}, - {"AK-RSA_SHA1_1PCR_nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, onePCR, getDigestHash("t")}, - {"AK-RSA_SHA1_1PCR_no-nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, onePCR, nil}, - {"AK-RSA_SHA256_2PCRs_nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, twoPCR, getDigestHash("test")}, - {"AK-RSA_SHA256_2PCR_empty-nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, twoPCR, []byte{}}, - {"AK-RSA_SHA256_dupePCrSel_nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, dupePCR, getDigestHash("")}, - - {"AK-ECC_SHA1_2PCRs_nonce", client.AttestationKeyECC, tpm2.AlgSHA1, twoPCR, getDigestHash("test")}, - {"AK-ECC_SHA1_1PCR_nonce", client.AttestationKeyECC, tpm2.AlgSHA1, onePCR, getDigestHash("t")}, - {"AK-ECC_SHA1_1PCR_no-nonce", client.AttestationKeyECC, tpm2.AlgSHA1, onePCR, nil}, - {"AK-ECC_SHA256_2PCRs_nonce", client.AttestationKeyECC, tpm2.AlgSHA256, twoPCR, getDigestHash("test")}, - {"AK-ECC_SHA256_2PCR_empty-nonce", client.AttestationKeyECC, tpm2.AlgSHA256, twoPCR, []byte{}}, - {"AK-ECC_SHA256_dupePCrSel_nonce", client.AttestationKeyECC, tpm2.AlgSHA256, dupePCR, getDigestHash("")}, - } - for _, subtest := range subtests { - t.Run(subtest.name, func(t *testing.T) { - ak, err := subtest.getKey(rwc) - if err != nil { - t.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - - selpcr := tpm2.PCRSelection{ - Hash: subtest.pcrHashAlgo, - PCRs: subtest.quotePCRList, - } - err = extendPCRsRandomly(rwc, selpcr) - if err != nil { - t.Fatalf("failed to extend test PCRs: %v", err) - } - quote, err := ak.Quote(selpcr, subtest.extraData) - if err != nil { - t.Fatalf("failed to quote: %v", err) - } - err = internal.VerifyQuote(quote, ak.PublicKey(), subtest.extraData) - if err != nil { - t.Fatalf("failed to verify: %v", err) - } - }) - } -} - -func TestVerifyPCRChanged(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - - selpcr := tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{test.DebugPCR}, - } - err = extendPCRsRandomly(rwc, selpcr) - if err != nil { - t.Errorf("failed to extend test PCRs: %v", err) - } - nonce := getDigestHash("test") - quote, err := ak.Quote(selpcr, nonce) - if err != nil { - t.Error(err) - } - - // change the PCR value - err = extendPCRsRandomly(rwc, selpcr) - if err != nil { - t.Errorf("failed to extend test PCRs: %v", err) - } - - quote.Pcrs, err = client.ReadPCRs(rwc, selpcr) - if err != nil { - t.Errorf("failed to read PCRs: %v", err) - } - err = internal.VerifyQuote(quote, ak.PublicKey(), nonce) - if err == nil { - t.Errorf("Verify should fail as Verify read a modified PCR") - } -} - -func TestVerifyUsingDifferentPCR(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Errorf("failed to generate AK: %v", err) - } - defer ak.Close() - - err = extendPCRsRandomly(rwc, tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{test.DebugPCR, test.ApplicationPCR}, - }) - if err != nil { - t.Errorf("failed to extend test PCRs: %v", err) - } - - nonce := getDigestHash("test") - quote, err := ak.Quote(tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{test.DebugPCR}, - }, nonce) - if err != nil { - t.Error(err) - } - - quote.Pcrs, err = client.ReadPCRs(rwc, tpm2.PCRSelection{ - Hash: tpm2.AlgSHA256, - PCRs: []int{test.ApplicationPCR}, - }) - if err != nil { - t.Errorf("failed to read PCRs: %v", err) - } - err = internal.VerifyQuote(quote, ak.PublicKey(), nonce) - if err == nil { - t.Errorf("Verify should fail as Verify read a different PCR") - } -} - -func TestVerifyWithTrustedAK(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - nonce := []byte("super secret nonce") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - opts := VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - } - _, err = VerifyAttestation(attestation, opts) - if err != nil { - t.Errorf("failed to verify: %v", err) - } -} - -func TestVerifySHA1Attestation(t *testing.T) { - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - nonce := []byte("super secret nonce") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - - // We should get a SHA-256 state, even if we allow SHA-1 - opts := VerifyOpts{ - Nonce: nonce, - TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, - AllowSHA1: true, - } - state, err := VerifyAttestation(attestation, opts) - if err != nil { - t.Errorf("failed to verify: %v", err) - } - h := tpm2.Algorithm(state.GetHash()) - if h != tpm2.AlgSHA256 { - t.Errorf("expected SHA-256 state, got: %v", h) - } - - // Now we mess up the SHA-256 state to force SHA-1 fallback - for _, quote := range attestation.GetQuotes() { - if tpm2.Algorithm(quote.GetPcrs().GetHash()) == tpm2.AlgSHA256 { - quote.Quote = nil - } - } - state, err = VerifyAttestation(attestation, opts) - if err != nil { - t.Errorf("failed to verify: %v", err) - } - h = tpm2.Algorithm(state.GetHash()) - if h != tpm2.AlgSHA1 { - t.Errorf("expected SHA-1 state, got: %v", h) - } - - // SHA-1 fallback can then be disabled - opts.AllowSHA1 = false - if _, err = VerifyAttestation(attestation, opts); err == nil { - t.Error("expected attestation to fail with only SHA-1") - } -} - -func TestVerifyAttestationWithCerts(t *testing.T) { - tests := []struct { - name string - attestation []byte - nonce []byte - }{ - { - "no-nonce", - test.COS85NoNonce, - nil, - }, - { - "nonce-9009", - test.COS85Nonce9009, - []byte{0x90, 0x09}, - }, - } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - attestBytes := test.attestation - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - - if _, err := VerifyAttestation(att, VerifyOpts{ - Nonce: test.nonce, - TrustedRootCerts: GceEKRoots, - IntermediateCerts: GceEKIntermediates, - }); err != nil { - t.Errorf("failed to VerifyAttestation with AKCert: %v", err) - } - }) - } -} - -func TestVerifyAutomaticallyUsesIntermediatesInAttestation(t *testing.T) { - attestBytes := test.COS85Nonce9009 - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - att.IntermediateCerts = [][]byte{gceEKIntermediateCA2} - - if _, err := VerifyAttestation(att, VerifyOpts{ - Nonce: []byte{0x90, 0x09}, - TrustedRootCerts: GceEKRoots, - }); err != nil { - t.Errorf("failed to VerifyAttestation with intermediates provided in attestation: %v", err) - } -} - -func TestVerifySucceedsWithOverlappingIntermediatesInOptionsAndAttestation(t *testing.T) { - attestBytes := test.COS85Nonce9009 - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - att.IntermediateCerts = [][]byte{gceEKIntermediateCA2} - - if _, err := VerifyAttestation(att, VerifyOpts{ - Nonce: []byte{0x90, 0x09}, - TrustedRootCerts: GceEKRoots, - IntermediateCerts: GceEKIntermediates, - }); err != nil { - t.Errorf("failed to VerifyAttestation with overlapping intermediates provided in attestation and options: %v", err) - } -} - -func TestValidateOptsFailWithCertsAndPubkey(t *testing.T) { - priv, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - t.Fatal(err) - } - opts := VerifyOpts{ - Nonce: nil, - TrustedRootCerts: GceEKRoots, - IntermediateCerts: GceEKIntermediates, - TrustedAKs: []crypto.PublicKey{priv.Public()}, - } - if err := validateOpts(opts); err == nil { - t.Error("Verified attestation even with multiple trust methods") - } -} - -func TestValidateAK(t *testing.T) { - attestBytes := test.COS85NoNonce - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - - rwc := test.GetTPM(t) - t.Cleanup(func() { client.CheckedClose(t, rwc) }) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - t.Cleanup(ak.Close) - - testCases := []struct { - name string - att func() *attestpb.Attestation - opts VerifyOpts - wantPass bool - }{ - { - name: "success with validateAKCert", - att: func() *attestpb.Attestation { return att }, - opts: VerifyOpts{ - TrustedRootCerts: GceEKRoots, - IntermediateCerts: GceEKIntermediates, - }, - wantPass: true, - }, - { - name: "success with validateAKPub", - att: func() *attestpb.Attestation { - nonce := []byte("super secret nonce") - attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - return attestation - }, - opts: VerifyOpts{TrustedAKs: []crypto.PublicKey{ak.PublicKey()}}, - wantPass: true, - }, - { - name: "failed with empty roots and intermediates", - att: func() *attestpb.Attestation { return att }, - opts: VerifyOpts{ - TrustedRootCerts: nil, - IntermediateCerts: nil, - }, - wantPass: false, - }, - { - name: "failed with empty VerifyOpts", - att: func() *attestpb.Attestation { return att }, - opts: VerifyOpts{}, - wantPass: false, - }, - { - name: "failed with missing roots", - att: func() *attestpb.Attestation { return att }, - opts: VerifyOpts{IntermediateCerts: GceEKIntermediates}, - wantPass: false, - }, - { - name: "failed with missing intermediates", - att: func() *attestpb.Attestation { return att }, - opts: VerifyOpts{TrustedRootCerts: GceEKRoots}, - wantPass: false, - }, - { - name: "failed with wrong trusted AKs", - att: func() *attestpb.Attestation { return att }, - opts: VerifyOpts{TrustedAKs: []crypto.PublicKey{ak.PublicKey()}}, - wantPass: false, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - _, _, err := validateAK(tc.att(), tc.opts) - if gotPass := (err == nil); gotPass != tc.wantPass { - t.Errorf("ValidateAK failed, got pass %v, but want %v", gotPass, tc.wantPass) - } - }) - } - -} - -func TestVerifyIgnoreAKPubWithAKCert(t *testing.T) { - // Make sure that we ignore the AKPub if the AKCert is presented - rwc := test.GetTPM(t) - defer client.CheckedClose(t, rwc) - - ak, err := client.AttestationKeyRSA(rwc) - if err != nil { - t.Fatalf("failed to generate AK: %v", err) - } - defer ak.Close() - - nonce := []byte{0x90, 0x09} - badAtt, err := ak.Attest(client.AttestOpts{Nonce: nonce}) - if err != nil { - t.Fatalf("failed to attest: %v", err) - } - // Copy "good" certificate into "bad" attestation - goodAtt := &attestpb.Attestation{} - if err := proto.Unmarshal(test.COS85Nonce9009, goodAtt); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - badAtt.AkCert = goodAtt.GetAkCert() - - opts := VerifyOpts{ - Nonce: nonce, - TrustedRootCerts: GceEKRoots, - IntermediateCerts: GceEKIntermediates, - } - if _, err := VerifyAttestation(badAtt, opts); err == nil { - t.Error("expected error when calling VerifyAttestation, because the cert is replaced") - } -} - -func TestVerifyFailsWithMalformedIntermediatesInAttestation(t *testing.T) { - attestBytes := test.COS85Nonce9009 - att := &attestpb.Attestation{} - if err := proto.Unmarshal(attestBytes, att); err != nil { - t.Fatalf("failed to unmarshal attestation: %v", err) - } - att.IntermediateCerts = [][]byte{[]byte("Not an intermediate cert.")} - - if _, err := VerifyAttestation(att, VerifyOpts{ - Nonce: []byte{0x90, 0x09}, - TrustedRootCerts: GceEKRoots, - }); err == nil { - t.Error("expected error when calling VerifyAttestation with malformed intermediate") - } -} - -func TestGetInstanceInfo(t *testing.T) { - expectedInstanceInfo := &attestpb.GCEInstanceInfo{ - Zone: "expected zone", - ProjectId: "expected project id", - ProjectNumber: 0, - InstanceName: "expected instance name", - InstanceId: 1, - } - - extStruct := gceInstanceInfo{ - Zone: expectedInstanceInfo.Zone, - ProjectID: expectedInstanceInfo.ProjectId, - ProjectNumber: int64(expectedInstanceInfo.ProjectNumber), - InstanceName: expectedInstanceInfo.InstanceName, - InstanceID: int64(expectedInstanceInfo.InstanceId), - SecurityProperties: gceSecurityProperties{ - SecurityVersion: 0, - IsProduction: true, - }, - } - - marshaledExt, err := asn1.Marshal(extStruct) - if err != nil { - t.Fatalf("Error marshaling test extension: %v", err) - } - - ext := []pkix.Extension{{ - Id: cloudComputeInstanceIdentifierOID, - Value: marshaledExt, - }} - - instanceInfo, err := getInstanceInfoFromExtensions(ext) - if err != nil { - t.Fatalf("getInstanceInfo returned with error: %v", err) - } - if instanceInfo == nil { - t.Fatal("getInstanceInfo returned nil instance info.") - } - - if !proto.Equal(instanceInfo, expectedInstanceInfo) { - t.Errorf("getInstanceInfo did not return expected instance info: got %v, want %v", instanceInfo, expectedInstanceInfo) - } -} - -func TestGetInstanceInfoReturnsNil(t *testing.T) { - extStruct := gceInstanceInfo{ - Zone: "zone", - ProjectID: "project id", - ProjectNumber: 0, - InstanceName: "instance name", - InstanceID: 1, - SecurityProperties: gceSecurityProperties{IsProduction: false}, - } - - marshaledExt, err := asn1.Marshal(extStruct) - if err != nil { - t.Fatalf("Error marshaling test extension: %v", err) - } - - testcases := []struct { - name string - ext []pkix.Extension - }{ - { - name: "No extension with expected OID", - ext: []pkix.Extension{{ - Id: asn1.ObjectIdentifier([]int{1, 2, 3, 4}), - Value: []byte("fake extension"), - }}, - }, - { - name: "IsProduction is false", - ext: []pkix.Extension{{ - Id: cloudComputeInstanceIdentifierOID, - Value: marshaledExt, - }}, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - instanceInfo, err := getInstanceInfoFromExtensions(tc.ext) - if err != nil { - t.Fatalf("getInstanceInfo returned with error: %v", err) - } - - if instanceInfo != nil { - t.Error("getInstanceInfo returned instance information, expected nil") - } - }) - } -} - -func TestGetInstanceInfoError(t *testing.T) { - testcases := []struct { - name string - instanceInfo *gceInstanceInfo - }{ - { - name: "Extension value is not valid ASN1", - instanceInfo: nil, - }, - { - name: "Negative ProjectNumber", - instanceInfo: &gceInstanceInfo{ - Zone: "zone", - ProjectID: "project id", - ProjectNumber: -1, - InstanceName: "instance name", - InstanceID: 1, - SecurityProperties: gceSecurityProperties{IsProduction: false}, - }, - }, - { - name: "Negative InstanceID", - instanceInfo: &gceInstanceInfo{ - Zone: "zone", - ProjectID: "project id", - ProjectNumber: 0, - InstanceName: "instance name", - InstanceID: -1, - SecurityProperties: gceSecurityProperties{IsProduction: false}, - }, - }, - { - name: "Negative SecurityVersion", - instanceInfo: &gceInstanceInfo{ - Zone: "zone", - ProjectID: "project id", - ProjectNumber: 0, - InstanceName: "instance name", - InstanceID: 1, - SecurityProperties: gceSecurityProperties{ - SecurityVersion: -1, - IsProduction: false, - }, - }, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - var extensionVal []byte - var err error - if tc.instanceInfo != nil { - extensionVal, err = asn1.Marshal(*tc.instanceInfo) - if err != nil { - t.Fatalf("Error marshaling test extension: %v", err) - } - } else { - extensionVal = []byte("Not a valid ASN1 extension.") - } - - _, err = getInstanceInfoFromExtensions([]pkix.Extension{{ - Id: cloudComputeInstanceIdentifierOID, - Value: extensionVal, - }}) - - if err == nil { - t.Error("getInstanceInfo returned successfully, expected error") - } - }) - } - - ext := []pkix.Extension{{ - Id: cloudComputeInstanceIdentifierOID, - Value: []byte("not valid ASN1"), - }} - - _, err := getInstanceInfoFromExtensions(ext) - if err == nil { - t.Error("getInstanceInfo returned successfully, expected error") - } -} - -func TestGetInstanceInfoASN(t *testing.T) { - expectedInstanceInfo := &attestpb.GCEInstanceInfo{ - Zone: "us-west1-b", - ProjectId: "jiankun-vm-test", - ProjectNumber: 620438545889, - InstanceName: "jkltest42102", - InstanceId: 3560342035431930290, - } - - // The payload is extract from a real AK cert, the ASN1 encoding requires gceSecurityProperties - // to have explicit ASN tag. - extPayload := []byte{48, 95, 12, 10, 117, 115, 45, 119, 101, 115, 116, 49, 45, 98, 2, 6, 0, 144, 117, 4, 229, 225, 12, 15, 106, 105, 97, 110, 107, 117, 110, 45, 118, 109, 45, 116, 101, 115, 116, 2, 8, 49, 104, 224, 55, 188, 207, 185, 178, 12, 12, 106, 107, 108, 116, 101, 115, 116, 52, 50, 49, 48, 50, 160, 32, 48, 30, 160, 3, 2, 1, 0, 161, 3, 1, 1, 255, 162, 3, 1, 1, 0, 163, 3, 1, 1, 0, 164, 3, 1, 1, 0, 165, 3, 1, 1, 0} - - ext := []pkix.Extension{{ - Id: cloudComputeInstanceIdentifierOID, - Value: extPayload, - }} - - instanceInfo, err := getInstanceInfoFromExtensions(ext) - if err != nil { - t.Fatalf("getInstanceInfo returned with error: %v", err) - } - if instanceInfo == nil { - t.Fatal("getInstanceInfo returned nil instance info.") - } - - if !proto.Equal(instanceInfo, expectedInstanceInfo) { - t.Errorf("getInstanceInfo did not return expected instance info: got %v, want %v", instanceInfo, expectedInstanceInfo) - } -} - -func TestValidateAKGCEAndGetGCEInstanceInfo(t *testing.T) { - testCases := []struct { - name string - certPEM []byte - rootCertDER []byte - intermediateDER []byte - }{ - { - name: "GCE UCA AK ECC", - certPEM: test.GCESignECCCertUCA, - rootCertDER: gceEKRootCA, - intermediateDER: gceEKIntermediateCA3, - }, - { - name: "GCE UCA AK RSA", - certPEM: test.GCESignRSACertUCA, - rootCertDER: gceEKRootCA, - intermediateDER: gceEKIntermediateCA3, - }, - { - name: "GCE UCA EK ECC", - certPEM: test.GCEEncryptECCCertUCA, - rootCertDER: gceEKRootCA, - intermediateDER: gceEKIntermediateCA3, - }, - { - name: "GCE UCA EK RSA", - certPEM: test.GCEEncryptRSACertUCA, - rootCertDER: gceEKRootCA, - intermediateDER: gceEKIntermediateCA3, - }, - { - name: "GCE CAS AK ECC", - certPEM: test.GCESignECCCertPCA, - rootCertDER: gcpCASEKRootCA, - intermediateDER: gcpCASEKIntermediateCA3, - }, - { - name: "GCE CAS AK RSA", - certPEM: test.GCESignRSACertPCA, - rootCertDER: gcpCASEKRootCA, - intermediateDER: gcpCASEKIntermediateCA3, - }, - { - name: "GCE CAS EK ECC", - certPEM: test.GCEEncryptECCCertPCA, - rootCertDER: gcpCASEKRootCA, - intermediateDER: gcpCASEKIntermediateCA3, - }, - { - name: "GCE CAS EK RSA", - certPEM: test.GCEEncryptRSACertPCA, - rootCertDER: gcpCASEKRootCA, - intermediateDER: gcpCASEKIntermediateCA3, - }, - } - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - crtBlock, _ := pem.Decode(tc.certPEM) - if crtBlock.Bytes == nil { - t.Fatalf("failed to pem.Decode(tc.certPEM)") - } - - akCrt, err := x509.ParseCertificate(crtBlock.Bytes) - if err != nil { - t.Fatalf("x509.ParseCertificate(crtBlock.Bytes): %v", err) - } - root, err := x509.ParseCertificate(tc.rootCertDER) - if err != nil { - t.Fatalf("x509.ParseCertificate(tc.rootCertDER): %v", err) - } - intermediate, err := x509.ParseCertificate(tc.intermediateDER) - if err != nil { - t.Fatalf("x509.ParseCertificate(tc.intermediateDER): %v", err) - } - - if err := VerifyAKCert(akCrt, []*x509.Certificate{root}, []*x509.Certificate{intermediate}); err != nil { - t.Errorf("ValidateAKCert(%v): %v)", tc.name, err) - } - - if gceInfo, err := GetGCEInstanceInfo(akCrt); err != nil { - t.Errorf("GetGCEInstanceInfo(akCrt): %v", err) - } else { - t.Log(gceInfo) - fmt.Print(gceInfo) - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md deleted file mode 100644 index e7ae53660..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/CONTRIBUTING.md +++ /dev/null @@ -1,42 +0,0 @@ -# Guidelines for reporting bugs: -Non-security-critical bugs can be filed on the Issues tracker: - -https://github.com/Microsoft/ms-tpm-20-ref/issues - -Security sensitive bugs should be reported to secure@microsoft.com - -# Guideline for submitting changes: - -This repository tracks official TPM Library Specification releases and errata from -the Trusted Computing Group: - -https://trustedcomputinggroup.org/tpm-library-specification/ - -All changes to core TPM logic, particularly changes to files in -TPMCmd/tpm and its subdirectories, must be approved by TCG voting -members.  Github pull requests may be used to propose changes, but changes -will not be incorporated without TCG member approval. - -Other changes (e.g. new files or changes to TPMCmd/Platform or TPMCmd/Simulator), -particularly to support new platforms, scenarios, build environments or -crypto-libraries, will be considered if they are expected to be widely useful. - -Contributors that wish to be involved in -the future evolution of the TPM specification and reference implementation -should consider joining the Trusted Computing Group.  Information about -membership and liaison programs is available at https://trustedcomputinggroup.org/membership/ - -# Contributing - -This project welcomes contributions and suggestions. Most contributions require you to -agree to a Contributor License Agreement (CLA) declaring that you have the right to, -and actually do, grant us the rights to use your contribution. For details, visit -https://cla.microsoft.com. - -When you submit a pull request, a CLA-bot will automatically determine whether you need -to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the -instructions provided by the bot. You will only need to do this once across all repositories using our CLA. - -This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). -For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) -or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE deleted file mode 100644 index 3dea085cf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/LICENSE +++ /dev/null @@ -1,17 +0,0 @@ -Microsoft Reference Implementation for TPM 2.0 - -The copyright in this software is being made available under the BSD License, included below. This software may be subject to other third party and contributor rights, including patent rights, and no such rights are granted under this license. - -Copyright (c) Microsoft Corporation - -All rights reserved. - -BSD License - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - -Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - -Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md deleted file mode 100644 index bacd4bd88..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# MS TPM 2.0 Reference Implementation # - -[![Build Status](https://travis-ci.org/Microsoft/ms-tpm-20-ref.svg?branch=master)](https://travis-ci.org/Microsoft/ms-tpm-20-ref) - -This is the official TCG reference implementation of the [TPM 2.0 Specification](https://trustedcomputinggroup.org/tpm-library-specification). The project contains complete source code of the reference implementation with a Microsoft Visual Studio solution and Linux autotools build scripts. - -See the definition of the `SPEC_VERSION`, `SPEC_YEAR` and `SPEC_DAY_OF_YEAR` values in the [TpmTypes.h](TPMCmd/tpm/include/TpmTypes.h) header for the exact revision/date of the TPM 2.0 specification, which the given source tree snapshot corresponds to. - -## Visual Studio build ## - -Before building the Visual Studio solution: - -1. Uncomment and update the definitions of the following macros in the [VendorString.h](TPMCmd/tpm/include/VendorString.h) header: - - MANUFACTURER - - VENDOR_STRING_1 - - FIRMWARE_V1 and FIRMWARE_V2 - -2. Setup the underlying cryptographic library: - -### OpenSSL library ### - -1. Create `TPMCmd/lib` folder and place a static OpenSSL library (`libeay32.lib` or `libcrypto.lib`) there. This may be either complete static library, or import library accompanying the corresponding DLL. In the latter case you'll need to copy the OpenSSL DLL into the standard Windows search path, so that it is available when you run the simulator executable (e.g. copy it into the same folder where simulator.exe is located). - - If you use `libcrypto.lib`, you'll need to either update `Linker|Input|Additional Dependencies` property of the Tpm project in the simulator solution or, alternatively, rename `libcrypto.lib` to `libeay32.lib`. - - Recommended version of OpenSSL is 1.0.2d or higher. - -2. Create `TPMCmd/OsslInclude/openssl` folder and copy there the contents of the `openssl/include/openssl` folder of the OpenSSL source tree used to build the static library used on the step 2). - -3. Build the solution with either Debug or Release as the active configuration. - -### Wolfcrypt library (wolfSSL) ### - -1. WolfSSL is included as a submodule. Initialize and update the submodule to fetch the project and checkout the appropriate commit. - - > git submodule init - > git submodule update - - The current commit will point the minimum recommended version of wolfSSL. Moving to a more recent tag or commit should also be supported but might not be tested. - -2. Build the solution with either WolfDebug or WolfRelease as the active configuration, either from inside the Visual Studio or with the following command line: - - > msbuild TPMCmd\simulator.sln /p:Configuration=WolfDebug - -## Linux build - -Follows the common `./bootstrap && ./configure && make` convention. - -Note that autotools scripts require the following prerequisite packages: `autoconf-archive`, `pkg-config`. Their absence is not automatically detected. The build also requires `libssl-dev` package to be installed. diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c deleted file mode 100644 index bb8e4bba0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Clock.c +++ /dev/null @@ -1,174 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// -// This file contains the routines that are used by the simulator to mimic -// a hardware clock on a TPM. -// -// In this implementation, all the time values are measured in millisecond. -// However, the precision of the clock functions may be implementation -// dependent. - -#ifdef _WIN32 -#include -#include -#else -#include -#endif - -#include "PlatformData.h" -#include "Platform_fp.h" - -unsigned int s_adjustRate; -bool s_timerReset; - -clock64_t s_realTimePrevious; -clock64_t s_tpmTime; -clock64_t s_lastSystemTime; -clock64_t s_lastReportedTime; - -void _plat__TimerReset() { - s_lastSystemTime = 0; - s_tpmTime = 0; - s_adjustRate = CLOCK_NOMINAL; - s_timerReset = true; - return; -} - -static clock64_t _plat__RealTime() { -#ifdef _WIN32 // On Windows we might be using msvcrt, which only has _ftime. - struct _timeb sysTime; - _ftime_s(&sysTime); - return (clock64_t)(sysTime.time) * 1000 + sysTime.millitm; -#else - struct timespec systime; - clock_gettime(CLOCK_MONOTONIC, &systime); - return (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000); -#endif -} - -uint64_t _plat__TimerRead() { - clock64_t timeDiff; - clock64_t adjustedTimeDiff; - clock64_t timeNow; - clock64_t readjustedTimeDiff; - - // This produces a timeNow that is basically locked to the system clock. - timeNow = _plat__RealTime(); - - // if this hasn't been initialized, initialize it - if (s_lastSystemTime == 0) { - s_lastSystemTime = timeNow; - s_lastReportedTime = 0; - s_realTimePrevious = 0; - } - // The system time can bounce around and that's OK as long as we don't allow - // time to go backwards. When the time does appear to go backwards, set - // lastSystemTime to be the new value and then update the reported time. - if (timeNow < s_lastReportedTime) s_lastSystemTime = timeNow; - s_lastReportedTime = s_lastReportedTime + timeNow - s_lastSystemTime; - s_lastSystemTime = timeNow; - timeNow = s_lastReportedTime; - - // The code above produces a timeNow that is similar to the value returned - // by Clock(). The difference is that timeNow does not max out, and it is - // at a ms. rate rather than at a CLOCKS_PER_SEC rate. The code below - // uses that value and does the rate adjustment on the time value. - // If there is no difference in time, then skip all the computations - if (s_realTimePrevious >= timeNow) return s_tpmTime; - // Compute the amount of time since the last update of the system clock - timeDiff = timeNow - s_realTimePrevious; - - // Do the time rate adjustment and conversion from CLOCKS_PER_SEC to mSec - adjustedTimeDiff = (timeDiff * CLOCK_NOMINAL) / ((uint64_t)s_adjustRate); - - // update the TPM time with the adjusted timeDiff - s_tpmTime += (clock64_t)adjustedTimeDiff; - - // Might have some rounding error that would loose CLOCKS. See what is not - // being used. As mentioned above, this could result in putting back more than - // is taken out. Here, we are trying to recreate timeDiff. - readjustedTimeDiff = - (adjustedTimeDiff * (uint64_t)s_adjustRate) / CLOCK_NOMINAL; - - // adjusted is now converted back to being the amount we should advance the - // previous sampled time. It should always be less than or equal to timeDiff. - // That is, we could not have use more time than we started with. - s_realTimePrevious = s_realTimePrevious + readjustedTimeDiff; - - return s_tpmTime; -} - -bool _plat__TimerWasReset() { - bool retVal = s_timerReset; - s_timerReset = false; - return retVal; -} - -void _plat__ClockAdjustRate(int adjust) { - // We expect the caller should only use a fixed set of constant values to - // adjust the rate - switch (adjust) { - case CLOCK_ADJUST_COARSE: - s_adjustRate += CLOCK_ADJUST_COARSE; - break; - case -CLOCK_ADJUST_COARSE: - s_adjustRate -= CLOCK_ADJUST_COARSE; - break; - case CLOCK_ADJUST_MEDIUM: - s_adjustRate += CLOCK_ADJUST_MEDIUM; - break; - case -CLOCK_ADJUST_MEDIUM: - s_adjustRate -= CLOCK_ADJUST_MEDIUM; - break; - case CLOCK_ADJUST_FINE: - s_adjustRate += CLOCK_ADJUST_FINE; - break; - case -CLOCK_ADJUST_FINE: - s_adjustRate -= CLOCK_ADJUST_FINE; - break; - default: - // ignore any other values; - break; - } - - if (s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT)) - s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT; - if (s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT)) - s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT; - - return; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c deleted file mode 100644 index ecaba7950..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c +++ /dev/null @@ -1,11 +0,0 @@ -#include - -#include "Platform_fp.h" - -// We get entropy from OpenSSL which gets its entropy from the OS. -int32_t _plat__GetEntropy(uint8_t *entropy, uint32_t amount) { - if (RAND_bytes(entropy, amount) != 1) { - return -1; - } - return amount; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c deleted file mode 100644 index baac11b82..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c +++ /dev/null @@ -1,81 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// -// This file contains the NV read and write access methods. This -// implementation uses RAM/file and does not manage the RAM/file as NV -// blocks. The implementation may become more sophisticated over time. -// - -#include -#include - -#include "PlatformData.h" -#include "Platform_fp.h" - -unsigned char s_NV[NV_MEMORY_SIZE]; - -void _plat__NvMemoryRead(unsigned int start, unsigned int size, void *data) { - assert(start + size <= NV_MEMORY_SIZE); - memcpy(data, &s_NV[start], size); - return; -} - -int _plat__NvIsDifferent(unsigned int start, unsigned int size, void *data) { - return (memcmp(&s_NV[start], data, size) != 0); -} - -bool _plat__NvMemoryWrite(unsigned int start, unsigned int size, void *data) { - if (start + size <= NV_MEMORY_SIZE) { - memcpy(&s_NV[start], data, size); - return true; - } - return false; -} - -void _plat__NvMemoryClear(unsigned int start, unsigned int size) { - assert(start + size <= NV_MEMORY_SIZE); - // In this implementation, assume that the erase value for NV is all 1s - memset(&s_NV[start], 0xff, size); -} - -void _plat__NvMemoryMove(unsigned int sourceOffset, unsigned int destOffset, - unsigned int size) { - assert(sourceOffset + size <= NV_MEMORY_SIZE); - assert(destOffset + size <= NV_MEMORY_SIZE); - memmove(&s_NV[destOffset], &s_NV[sourceOffset], size); - return; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h deleted file mode 100644 index b71713a7a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// External interface to the vTPM - -#ifndef _PLATFORM_H_ -#define _PLATFORM_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -//***_plat__RunCommand() -// This version of RunCommand will set up a jum_buf and call ExecuteCommand(). -// If the command executes without failing, it will return and RunCommand will -// return. If there is a failure in the command, then _plat__Fail() is called -// and it will longjump back to RunCommand which will call ExecuteCommand again. -// However, this time, the TPM will be in failure mode so ExecuteCommand will -// simply build a failure response and return. -void _plat__RunCommand(uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer -); - -//*** _plat_Reset() -// Reset the TPM. This should always be called before _plat__RunCommand. The -// first time this function is called, the TPM will be manufactured. Pass true -// for forceManufacture to perfrom a manufacturer reset. -void _plat__Reset(bool forceManufacture); - -#ifdef __cplusplus -} -#endif - -#endif // _PLATFORM_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h deleted file mode 100644 index 4d9a276d5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h +++ /dev/null @@ -1,86 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the instance data for the Platform module. It is collected -// in this file so that the state of the module is easier to manage. - -#ifndef _PLATFORM_DATA_H_ -#define _PLATFORM_DATA_H_ - -#include -#include - -#include "TpmProfile.h" // For NV_MEMORY_SIZE - -typedef uint64_t clock64_t; -// This is the value returned the last time that the system clock was read. This -// is only relevant for a simulator or virtual TPM. -extern clock64_t s_realTimePrevious; - -// These values are used to try to synthesize a long lived version of clock(). -extern clock64_t s_lastSystemTime; -extern clock64_t s_lastReportedTime; - -// This is the rate adjusted value that is the equivalent of what would be read -// from a hardware register that produced rate adjusted time. -extern clock64_t s_tpmTime; - -// This value indicates that the timer was reset -extern bool s_timerReset; -// This variable records the timer adjustment factor. -extern unsigned int s_adjustRate; - -// CLOCK_NOMINAL is the number of hardware ticks per mS. A value of 300000 means -// that the nominal clock rate used to drive the hardware clock is 30 MHz. The -// adjustment rates are used to determine the conversion of the hardware ticks -// to internal hardware clock value. In practice, we would expect that there -// would be a hardware register with accumulated mS. It would be incremented by -// the output of a prescaler. The prescaler would divide the ticks from the -// clock by some value that would compensate for the difference between clock -// time and real time. The code in Clock does the emulation of this function. -#define CLOCK_NOMINAL 30000 -// A 1% change in rate is 300 counts -#define CLOCK_ADJUST_COARSE 300 -// A 0.1% change in rate is 30 counts -#define CLOCK_ADJUST_MEDIUM 30 -// A minimum change in rate is 1 count -#define CLOCK_ADJUST_FINE 1 -// The clock tolerance is +/-15% (4500 counts) -// Allow some guard band (16.7%) -#define CLOCK_ADJUST_LIMIT 5000 - -extern unsigned char s_NV[NV_MEMORY_SIZE]; - -#endif // _PLATFORM_DATA_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h deleted file mode 100644 index e8d63d242..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h +++ /dev/null @@ -1,197 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// Platform functions used by libtpm - -#ifndef _PLATFORM_FP_H_ -#define _PLATFORM_FP_H_ - -#include -#include - -//***_plat__IsCanceled() -// We opt to not support cancellation, so always return false. -// Return values: -// true(1) if cancel flag is set -// false(0) if cancel flag is not set -static inline int _plat__IsCanceled() { return false; } - -//***_plat__TimerReset() -// This function sets current system clock time as t0 for counting TPM time. -// This function is called at a power on event to reset the clock. When the -// clock is reset, the indication that the clock was stopped is also set. -void _plat__TimerReset(); - -//***_plat__TimerRead() -// This function provides access to the tick timer of the platform. The TPM code -// uses this value to drive the TPM Clock. -// -// The tick timer is supposed to run when power is applied to the device. This -// timer should not be reset by time events including _TPM_Init. It should only -// be reset when TPM power is re-applied. -// -// If the TPM is run in a protected environment, that environment may provide -// the tick time to the TPM as long as the time provided by the environment is -// not allowed to go backwards. If the time provided by the system can go -// backwards during a power discontinuity, then the _plat__Signal_PowerOn should -// call _plat__TimerReset(). -uint64_t _plat__TimerRead(); - -//*** _plat__TimerWasReset() -// This function is used to interrogate the flag indicating if the tick timer -// has been reset. -// -// If the resetFlag parameter is SET, then the flag will be CLEAR before the -// function returns. -bool _plat__TimerWasReset(); - -//*** _plat__TimerWasStopped() -// As we have CLOCK_STOPS=NO, we will only stop our timer on resets. -static inline bool _plat__TimerWasStopped() { return _plat__TimerWasReset(); } - -//***_plat__ClockAdjustRate() -// Adjust the clock rate -// IN: the adjust number. It could be positive or negative -void _plat__ClockAdjustRate(int adjust); - -//*** _plat__GetEntropy() -// This function is used to get available hardware entropy. In a hardware -// implementation of this function, there would be no call to the system -// to get entropy. -// Return values: -// < 0 hardware failure of the entropy generator, this is sticky -// >= 0 the returned amount of entropy (bytes) -int32_t _plat__GetEntropy(uint8_t *entropy, // output buffer - uint32_t amount // amount requested -); - -//***_plat__LocalityGet() -// We do not support non-zero localities, so just always return 0. -static inline uint8_t _plat__LocalityGet() { return 0; } - -//***_plat__NVEnable() -// As we just hold the NV data in memory, always return success. -// Return values: -// 0 if success -// > 0 if receive recoverable error -// < 0 if unrecoverable error -static inline int _plat__NVEnable(void *platParameter) { - (void)(platParameter); - return 0; -}; - -//***_plat__IsNvAvailable() -// Our NV Data is always available and has no write limits. -// Return values: -// 0 NV is available -// 1 NV is not available due to write failure -// 2 NV is not available due to rate limit -static inline int _plat__IsNvAvailable() { return 0; } - -//***_plat__NvMemoryRead() -// Function: Read a chunk of NV memory -void _plat__NvMemoryRead(unsigned int startOffset, // IN: read start - unsigned int size, // IN: size of bytes to read - void *data // OUT: data buffer -); - -//*** _plat__NvIsDifferent() -// This function checks to see if the NV is different from the test value. This -// is so that NV will not be written if it has not changed. -// Return Type: int -// TRUE(1) the NV location is different from the test value -// FALSE(0) the NV location is the same as the test value -int _plat__NvIsDifferent(unsigned int startOffset, // IN: read start - unsigned int size, // IN: size of bytes to read - void *data // IN: data buffer -); - -//***_plat__NvMemoryWrite() -// This function is used to update NV memory. The "write" is to a memory copy of -// NV. At the end of the current command, any changes are written to -// the actual NV memory. -// NOTE: A useful optimization would be for this code to compare the current -// contents of NV with the local copy and note the blocks that have changed. -// Then only write those blocks when _plat__NvCommit() is called. -bool _plat__NvMemoryWrite(unsigned int startOffset, // IN: write start - unsigned int size, // IN: size of bytes to write - void *data // OUT: data buffer -); - -//***_plat__NvMemoryClear() -// Function is used to set a range of NV memory bytes to an implementation- -// dependent value. The value represents the erase state of the memory. -void _plat__NvMemoryClear(unsigned int start, // IN: clear start - unsigned int size // IN: number of bytes to clear -); - -//***_plat__NvMemoryMove() -// Function: Move a chunk of NV memory from source to destination -// This function should ensure that if there overlap, the original data is -// copied before it is written -void _plat__NvMemoryMove(unsigned int sourceOffset, // IN: source offset - unsigned int destOffset, // IN: destination offset - unsigned int size // IN: size of data being moved -); - -//***_plat__NvCommit() -// Our NV Data is just in memory, so "committing" it is a no-op. -// Return values: -// 0 NV write success -// != 0 NV write fail -static inline int _plat__NvCommit() { return 0; } - -//*** _plat__WasPowerLost() -// Test whether power was lost before a _TPM_Init. As we use in-memory NV Data, -// there's no reason to to not do the power-loss activities on every _TPM_Init. -// Return values: -// true(1) power was lost -// false(0) power was not lost -static inline int _plat__WasPowerLost() { return true; } - -//** From PPPlat.c - -//***_plat__PhysicalPresenceAsserted() -// Our vTPM has no way to assert physical presence, so we always return true. -// Return values: -// true(1) if physical presence is signaled -// false(0) if physical presence is not signaled -static inline int _plat__PhysicalPresenceAsserted() { return true; } - -//***_plat__Fail() -// This is the platform depended failure exit for the TPM. -_Noreturn void _plat__Fail(); - -#endif // _PLATFORM_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c deleted file mode 100644 index 044dc043d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/Samples/Google/Run.c +++ /dev/null @@ -1,78 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD - * License, included below. This software may be subject to other third party - * and contributor rights, including patent rights, and no such rights are - * granted under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS - * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//**Introduction -// This module provides the platform specific entry and fail processing. The -// _plat__RunCommand() function is used to call to ExecuteCommand() in the TPM -// code. This function does whatever processing is necessary to set up the -// platform in anticipation of the call to the TPM including settup for error -// processing. -// -// The _plat__Fail() function is called when there is a failure in the TPM. The -// TPM code will have set the flag to indicate that the TPM is in failure mode. -// This call will then recursively call ExecuteCommand in order to build the -// failure mode response. When ExecuteCommand() returns to _plat__Fail(), the -// platform will do some platform specif operation to return to the environment -// in which the TPM is executing. For a simulator, setjmp/longjmp is used. For -// an OS, a system exit to the OS would be appropriate. - -#include - -#include "CompilerDependencies.h" -#include "ExecCommand_fp.h" -#include "Manufacture_fp.h" -#include "Platform.h" -#include "Platform_fp.h" -#include "_TPM_Init_fp.h" - -jmp_buf s_jumpBuffer; - -void _plat__RunCommand(uint32_t requestSize, unsigned char *request, - uint32_t *responseSize, unsigned char **response) { - setjmp(s_jumpBuffer); - ExecuteCommand(requestSize, request, responseSize, response); -} - -_Noreturn void _plat__Fail(void) { longjmp(&s_jumpBuffer[0], 1); } - -void _plat__Reset(bool forceManufacture) { - // We ignore errors, as we don't care if the TPM has been Manufactured before. - if (forceManufacture) { - TPM_TearDown(); - } - TPM_Manufacture(0); - _plat__TimerReset(); - _TPM_Init(); -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am deleted file mode 100644 index 1df7a5e2c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am +++ /dev/null @@ -1,62 +0,0 @@ -## The copyright in this software is being made available under the BSD License, -## included below. This software may be subject to other third party and -## contributor rights, including patent rights, and no such rights are granted -## under this license. -## -## Copyright (c) Intel Corporation -## -## All rights reserved. -## -## BSD License -## -## Redistribution and use in source and binary forms, with or without modification, -## are permitted provided that the following conditions are met: -## -## Redistributions of source code must retain the above copyright notice, this list -## of conditions and the following disclaimer. -## -## Redistributions in binary form must reproduce the above copyright notice, this -## list of conditions and the following disclaimer in the documentation and/or -## other materials provided with the distribution. -## -## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" -## AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -## DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -## ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -## (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -## ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -## SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -include src.mk - -PLATFORM_INC = -I $(srcdir)/Platform/include \ - -I $(srcdir)/Platform/include/prototypes -SIMULATOR_INC = -I $(srcdir)/Simulator/include \ - -I $(srcdir)/Simulator/include/prototypes -TPM_INC = -I $(srcdir)/tpm/include \ - -I $(srcdir)/tpm/include/prototypes - -libplatform = Platform/src/libplatform.a -libtpm = tpm/src/libtpm.a -tpm2_simulator = Simulator/src/tpm2-simulator - -bin_PROGRAMS = $(tpm2_simulator) -noinst_LIBRARIES = $(libplatform) $(libtpm) - -Platform_src_libplatform_a_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) $(TPM_INC) -Platform_src_libplatform_a_SOURCES = $(PLATFORM_C) $(PLATFORM_H) - -Simulator_src_tpm2_simulator_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) \ - $(TPM_INC) $(SIMULATOR_INC) $(LIBCRYPTO_CFLAGS) $(PTHREAD_CFLAGS) -# the weird / duplicate static library is necessary for dealing with the -# circular dependency beetween libplatform and libtpm -Simulator_src_tpm2_simulator_LDADD = $(libplatform) $(libtpm) \ - $(libplatform) $(LIBCRYPTO_LIBS) $(PTHREAD_LIBS) @ADDITIONAL_LIBS@ -Simulator_src_tpm2_simulator_SOURCES = $(SIMULATOR_C) $(SIMULATOR_H) - -tpm_src_libtpm_a_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) $(TPM_INC) \ - $(LIBCRYPTO_CFLAGS) -tpm_src_libtpm_a_SOURCES = $(TPM_C) $(TPM_H) $(PLATFORM_H) diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac deleted file mode 100644 index 58a74b416..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/configure.ac +++ /dev/null @@ -1,89 +0,0 @@ -dnl The copyright in this software is being made available under the BSD License, -dnl included below. This software may be subject to other third party and -dnl contributor rights, including patent rights, and no such rights are granted -dnl under this license. -dnl -dnl Copyright (c) Intel Corporation -dnl -dnl All rights reserved. -dnl -dnl BSD License -dnl -dnl Redistribution and use in source and binary forms, with or without modification, -dnl are permitted provided that the following conditions are met: -dnl -dnl Redistributions of source code must retain the above copyright notice, this list -dnl of conditions and the following disclaimer. -dnl -dnl Redistributions in binary form must reproduce the above copyright notice, this -dnl list of conditions and the following disclaimer in the documentation and/or -dnl other materials provided with the distribution. -dnl -dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" -dnl AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -dnl DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -dnl ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -dnl (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -dnl LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -dnl ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -AC_INIT([ms-tpm-20-ref], - [0.1], - [https://github.com/microsoft/ms-tpm-20-ref/issues], - [], - [https://github.com/microsoft/ms-tpm-20-ref]) -AC_CONFIG_MACRO_DIR([.]) -AC_PROG_CC -AC_PROG_LN_S -AC_PROG_RANLIB -AM_INIT_AUTOMAKE([foreign subdir-objects]) -AC_CONFIG_FILES([Makefile]) -AC_SUBST([DISTCHECK_CONFIGURE_FLAGS],[$ac_configure_args]) - -dnl By enabling this feature tpm simulator gets seeds derived from hardware parameters. -dnl It is enabled only for linux devices. -dnl Note that the seeds are not derived from secure hardware source. - -AC_ARG_ENABLE(usedeviceid, - AS_HELP_STRING([--enable-usedeviceid], - [tpm simulator get seeds derived from hardware parameters. Seeds are not derived from secure hardware source.])) - -PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto]) -AS_IF([test "x$enable_usedeviceid" = "xyes"], [ - PKG_CHECK_MODULES([LIBUDEV], [libudev]) - [ADDITIONAL_LIBS="-ludev"] -]) -AX_PTHREAD([], [AC_MSG_ERROR([requires pthread])]) - -AC_DEFINE([HASH_LIB], [Ossl], [Crypto lib for hash algorithms]) -AC_DEFINE([SYM_LIB], [Ossl], [Crypto lib for symmetric encryption algorithms]) -AC_DEFINE([MATH_LIB], [Ossl], [Crypto lib for bignum operations]) - -ADD_COMPILER_FLAG([-std=gnu11]) -ADD_COMPILER_FLAG([-Werror]) -ADD_COMPILER_FLAG([-Wall]) -ADD_COMPILER_FLAG([-Wformat-security]) -ADD_COMPILER_FLAG([-fstack-protector-all]) -ADD_COMPILER_FLAG([-fPIC]) -ADD_COMPILER_FLAG([-Wno-error=empty-body]) -ADD_COMPILER_FLAG([-Wno-error=expansion-to-defined]) -ADD_COMPILER_FLAG([-Wno-error=parentheses]) -ADD_COMPILER_FLAG([-Wno-error=pointer-to-int-cast]) -ADD_COMPILER_FLAG([-Wno-error=missing-braces]) -ADD_COMPILER_FLAG([-Wno-error=unused-result]) - -AS_IF([test "x$enable_usedeviceid" = "xyes"], [ - ADD_COMPILER_FLAG([-DNDEBUG]) - ADD_COMPILER_FLAG([-g]) - ADD_COMPILER_FLAG([-DUSE_PLATFORM_EPS]) - AC_SUBST(ADDITIONAL_LIBS) -]) -ADD_LINK_FLAG([-Wl,--no-undefined]) -ADD_LINK_FLAG([-Wl,-z,noexecstack]) -ADD_LINK_FLAG([-Wl,-z,now]) -ADD_LINK_FLAG([-Wl,-z,relro]) - -AC_OUTPUT diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 deleted file mode 100644 index 286c10bfa..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/flags.m4 +++ /dev/null @@ -1,84 +0,0 @@ -dnl The copyright in this software is being made available under the BSD License, -dnl included below. This software may be subject to other third party and -dnl contributor rights, including patent rights, and no such rights are granted -dnl under this license. -dnl -dnl Copyright (c) Intel Corporation -dnl -dnl All rights reserved. -dnl -dnl BSD License -dnl -dnl Redistribution and use in source and binary forms, with or without modification, -dnl are permitted provided that the following conditions are met: -dnl -dnl Redistributions of source code must retain the above copyright notice, this list -dnl of conditions and the following disclaimer. -dnl -dnl Redistributions in binary form must reproduce the above copyright notice, this -dnl list of conditions and the following disclaimer in the documentation and/or -dnl other materials provided with the distribution. -dnl -dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" -dnl AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -dnl DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -dnl ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -dnl (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -dnl LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -dnl ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -dnl ADD_COMPILER_FLAG: -dnl A macro to add a CFLAG to the EXTRA_CFLAGS variable. This macro will -dnl check to be sure the compiler supprts the flag. Flags can be made -dnl mandatory (configure will fail). -dnl $1: C compiler flag to add to EXTRA_CFLAGS. -dnl $2: Set to "required" to cause configure failure if flag not supported.. -AC_DEFUN([ADD_COMPILER_FLAG],[ - AX_CHECK_COMPILE_FLAG([$1],[ - EXTRA_CFLAGS="$EXTRA_CFLAGS $1" - AC_SUBST([EXTRA_CFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional CFLAG "$1" not supported by your compiler, continuing.])],[ - AC_MSG_ERROR([Required CFLAG "$1" not supported by your compiler, aborting.])] - )],[ - -Wall -Werror] - )] -) -dnl ADD_PREPROC_FLAG: -dnl Add the provided preprocessor flag to the EXTRA_CFLAGS variable. This -dnl macro will check to be sure the preprocessor supports the flag. -dnl The flag can be made mandatory by provideing the string 'required' as -dnl the second parameter. -dnl $1: Preprocessor flag to add to EXTRA_CFLAGS. -dnl $2: Set to "required" t ocause configure failure if preprocesor flag -dnl is not supported. -AC_DEFUN([ADD_PREPROC_FLAG],[ - AX_CHECK_PREPROC_FLAG([$1],[ - EXTRA_CFLAGS="$EXTRA_CFLAGS $1" - AC_SUBST([EXTRA_CFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional preprocessor flag "$1" not supported by your compiler, continuing.])],[ - AC_MSG_ERROR([Required preprocessor flag "$1" not supported by your compiler, aborting.])] - )],[ - -Wall -Werror] - )] -) -dnl ADD_LINK_FLAG: -dnl A macro to add a LDLAG to the EXTRA_LDFLAGS variable. This macro will -dnl check to be sure the linker supprts the flag. Flags can be made -dnl mandatory (configure will fail). -dnl $1: linker flag to add to EXTRA_LDFLAGS. -dnl $2: Set to "required" to cause configure failure if flag not supported. -AC_DEFUN([ADD_LINK_FLAG],[ - AX_CHECK_LINK_FLAG([$1],[ - EXTRA_LDFLAGS="$EXTRA_LDFLAGS $1" - AC_SUBST([EXTRA_LDFLAGS])],[ - AS_IF([test x$2 != xrequired],[ - AC_MSG_WARN([Optional LDFLAG "$1" not supported by your linker, continuing.])],[ - AC_MSG_ERROR([Required LDFLAG "$1" not supported by your linker, aborting.])] - )] - )] -) diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h deleted file mode 100644 index afcfef974..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.2 Feb 22, 2019 - * Date: Mar 20, 2019 Time: 08:27:26PM - */ - -#ifndef _BASE_TYPES_H_ -#define _BASE_TYPES_H_ - -// NULL definition -#ifndef NULL -#define NULL (0) -#endif - -typedef uint8_t UINT8; -typedef uint8_t BYTE; -typedef int8_t INT8; -typedef int BOOL; -typedef uint16_t UINT16; -typedef int16_t INT16; -typedef uint32_t UINT32; -typedef int32_t INT32; -typedef uint64_t UINT64; -typedef int64_t INT64; - - -#endif // _BASE_TYPES_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h deleted file mode 100644 index bb3fe3fa9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h +++ /dev/null @@ -1,320 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction - -// This file contains the definitions needed for defining the internal BIGNUM -// structure. - -// A BIGNUM is a pointer to a structure. The structure has three fields. The -// last field is and array (d) of crypt_uword_t. Each word is in machine format -// (big- or little-endian) with the words in ascending significance (i.e. words -// in little-endian order). This is the order that seems to be used in every -// big number library in the worlds, so... -// -// The first field in the structure (allocated) is the number of words in 'd'. -// This is the upper limit on the size of the number that can be held in the -// structure. This differs from libraries like OpenSSL as this is not intended -// to deal with numbers of arbitrary size; just numbers that are needed to deal -// with the algorithms that are defined in the TPM implementation. -// -// The second field in the structure (size) is the number of significant words -// in 'n'. When this number is zero, the number is zero. The word at used-1 should -// never be zero. All words between d[size] and d[allocated-1] should be zero. - -//** Defines - -#ifndef _BN_NUMBERS_H -#define _BN_NUMBERS_H - -#if RADIX_BITS == 64 -# define RADIX_LOG2 6 -#elif RADIX_BITS == 32 -#define RADIX_LOG2 5 -#else -# error "Unsupported radix" -#endif - -#define RADIX_MOD(x) ((x) & ((1 << RADIX_LOG2) - 1)) -#define RADIX_DIV(x) ((x) >> RADIX_LOG2) -#define RADIX_MASK ((((crypt_uword_t)1) << RADIX_LOG2) - 1) - -#define BITS_TO_CRYPT_WORDS(bits) RADIX_DIV((bits) + (RADIX_BITS - 1)) -#define BYTES_TO_CRYPT_WORDS(bytes) BITS_TO_CRYPT_WORDS(bytes * 8) -#define SIZE_IN_CRYPT_WORDS(thing) BYTES_TO_CRYPT_WORDS(sizeof(thing)) - -#if RADIX_BITS == 64 -#define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_64(x) - typedef uint64_t crypt_uword_t; - typedef int64_t crypt_word_t; -# define TO_CRYPT_WORD_64 BIG_ENDIAN_BYTES_TO_UINT64 -# define TO_CRYPT_WORD_32(a, b, c, d) TO_CRYPT_WORD_64(0, 0, 0, 0, a, b, c, d) -#elif RADIX_BITS == 32 -# define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_32((x)) - typedef uint32_t crypt_uword_t; - typedef int32_t crypt_word_t; -# define TO_CRYPT_WORD_64(a, b, c, d, e, f, g, h) \ - BIG_ENDIAN_BYTES_TO_UINT32(e, f, g, h), \ - BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) -#endif - -#define MAX_CRYPT_UWORD (~((crypt_uword_t)0)) -#define MAX_CRYPT_WORD ((crypt_word_t)(MAX_CRYPT_UWORD >> 1)) -#define MIN_CRYPT_WORD (~MAX_CRYPT_WORD) - -#define LARGEST_NUMBER (MAX((ALG_RSA * MAX_RSA_KEY_BYTES), \ - MAX((ALG_ECC * MAX_ECC_KEY_BYTES), MAX_DIGEST_SIZE))) -#define LARGEST_NUMBER_BITS (LARGEST_NUMBER * 8) - -#define MAX_ECC_PARAMETER_BYTES (MAX_ECC_KEY_BYTES * ALG_ECC) - -// These are the basic big number formats. This is convertible to the library- -// specific format without to much difficulty. For the math performed using -// these numbers, the value is always positive. -#define BN_STRUCT_DEF(count) struct { \ - crypt_uword_t allocated; \ - crypt_uword_t size; \ - crypt_uword_t d[count]; \ - } - -typedef BN_STRUCT_DEF(1) bignum_t; -#ifndef bigNum -typedef bignum_t *bigNum; -typedef const bignum_t *bigConst; -#endif - -extern const bignum_t BnConstZero; - -// The Functions to access the properties of a big number. -// Get number of allocated words -#define BnGetAllocated(x) (unsigned)((x)->allocated) - -// Get number of words used -#define BnGetSize(x) ((x)->size) - -// Get a pointer to the data array -#define BnGetArray(x) ((crypt_uword_t *)&((x)->d[0])) - -// Get the nth word of a BIGNUM (zero-based) -#define BnGetWord(x, i) (crypt_uword_t)((x)->d[i]) - -// Some things that are done often. - -// Test to see if a bignum_t is equal to zero -#define BnEqualZero(bn) (BnGetSize(bn) == 0) - -// Test to see if a bignum_t is equal to a word type -#define BnEqualWord(bn, word) \ - ((BnGetSize(bn) == 1) && (BnGetWord(bn, 0) == (crypt_uword_t)word)) - -// Determine if a BIGNUM is even. A zero is even. Although the -// indication that a number is zero is that it's size is zero, -// all words of the number are 0 so this test works on zero. -#define BnIsEven(n) ((BnGetWord(n, 0) & 1) == 0) - -// The macros below are used to define BIGNUM values of the required -// size. The values are allocated on the stack so they can be -// treated like simple local values. - -// This will call the initialization function for a defined bignum_t. -// This sets the allocated and used fields and clears the words of 'n'. -#define BN_INIT(name) \ - (bigNum)BnInit((bigNum)&(name), \ - BYTES_TO_CRYPT_WORDS(sizeof(name.d))) - -// In some cases, a function will need the address of the structure -// associated with a variable. The structure for a BIGNUM variable -// of 'name' is 'name_'. Generally, when the structure is created, it -// is initialized and a parameter is created with a pointer to the -// structure. The pointer has the 'name' and the structure it points -// to is 'name_' -#define BN_ADDRESS(name) (bigNum)&name##_ - -#define BN_STRUCT_ALLOCATION(bits) (BITS_TO_CRYPT_WORDS(bits) + 1) - -// Create a structure of the correct size. -#define BN_STRUCT(bits) \ - BN_STRUCT_DEF(BN_STRUCT_ALLOCATION(bits)) - -// Define a BIGNUM type with a specific allocation -#define BN_TYPE(name, bits) \ - typedef BN_STRUCT(bits) bn_##name##_t - -// This creates a local BIGNUM variable of a specific size and -// initializes it from a TPM2B input parameter. -#define BN_INITIALIZED(name, bits, initializer) \ - BN_STRUCT(bits) name##_; \ - bigNum name = BnFrom2B(BN_INIT(name##_), \ - (const TPM2B *)initializer) - -// Create a local variable that can hold a number with 'bits' -#define BN_VAR(name, bits) \ - BN_STRUCT(bits) _##name; \ - bigNum name = BN_INIT(_##name) - -// Create a type that can hold the largest number defined by the -// implementation. -#define BN_MAX(name) BN_VAR(name, LARGEST_NUMBER_BITS) -#define BN_MAX_INITIALIZED(name, initializer) \ - BN_INITIALIZED(name, LARGEST_NUMBER_BITS, initializer) - -// A word size value is useful -#define BN_WORD(name) BN_VAR(name, RADIX_BITS) - -// This is used to created a word-size BIGNUM and initialize it with -// an input parameter to a function. -#define BN_WORD_INITIALIZED(name, initial) \ - BN_STRUCT(RADIX_BITS) name##_; \ - bigNum name = BnInitializeWord((bigNum)&name##_, \ - BN_STRUCT_ALLOCATION(RADIX_BITS), initial) - -// ECC-Specific Values - -// This is the format for a point. It is always in affine format. The Z value is -// carried as part of the point, primarily to simplify the interface to the support -// library. Rather than have the interface layer have to create space for the -// point each time it is used... -// The x, y, and z values are pointers to bigNum values and not in-line versions of -// the numbers. This is a relic of the days when there was no standard TPM format -// for the numbers -typedef struct _bn_point_t -{ - bigNum x; - bigNum y; - bigNum z; -} bn_point_t; - -typedef bn_point_t *bigPoint; -typedef const bn_point_t *pointConst; - -typedef struct constant_point_t -{ - bigConst x; - bigConst y; - bigConst z; -} constant_point_t; - -#define ECC_BITS (MAX_ECC_KEY_BYTES * 8) -BN_TYPE(ecc, ECC_BITS); -#define ECC_NUM(name) BN_VAR(name, ECC_BITS) -#define ECC_INITIALIZED(name, initializer) \ - BN_INITIALIZED(name, ECC_BITS, initializer) - -#define POINT_INSTANCE(name, bits) \ - BN_STRUCT (bits) name##_x = \ - {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ - BN_STRUCT ( bits ) name##_y = \ - {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ - BN_STRUCT ( bits ) name##_z = \ - {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ - bn_point_t name##_ - -#define POINT_INITIALIZER(name) \ - BnInitializePoint(&name##_, (bigNum)&name##_x, \ - (bigNum)&name##_y, (bigNum)&name##_z) - -#define POINT_INITIALIZED(name, initValue) \ - POINT_INSTANCE(name, MAX_ECC_KEY_BITS); \ - bigPoint name = BnPointFrom2B( \ - POINT_INITIALIZER(name), \ - initValue) - -#define POINT_VAR(name, bits) \ - POINT_INSTANCE (name, bits); \ - bigPoint name = POINT_INITIALIZER(name) - -#define POINT(name) POINT_VAR(name, MAX_ECC_KEY_BITS) - -// Structure for the curve parameters. This is an analog to the -// TPMS_ALGORITHM_DETAIL_ECC -typedef struct -{ - bigConst prime; // a prime number - bigConst order; // the order of the curve - bigConst h; // cofactor - bigConst a; // linear coefficient - bigConst b; // constant term - constant_point_t base; // base point -} ECC_CURVE_DATA; - -// Access macros for the ECC_CURVE structure. The parameter 'C' is a pointer -// to an ECC_CURVE_DATA structure. In some libraries, the curve structure contains -// a pointer to an ECC_CURVE_DATA structure as well as some other bits. For those -// cases, the AccessCurveData macro is used in the code to first get the pointer -// to the ECC_CURVE_DATA for access. In some cases, the macro does noting. -#define CurveGetPrime(C) ((C)->prime) -#define CurveGetOrder(C) ((C)->order) -#define CurveGetCofactor(C) ((C)->h) -#define CurveGet_a(C) ((C)->a) -#define CurveGet_b(C) ((C)->b) -#define CurveGetG(C) ((pointConst)&((C)->base)) -#define CurveGetGx(C) ((C)->base.x) -#define CurveGetGy(C) ((C)->base.y) - - -// Convert bytes in initializers according to the endianess of the system. -// This is used for CryptEccData.c. -#define BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) \ - ( ((UINT32)(a) << 24) \ - + ((UINT32)(b) << 16) \ - + ((UINT32)(c) << 8) \ - + ((UINT32)(d)) \ - ) - -#define BIG_ENDIAN_BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \ - ( ((UINT64)(a) << 56) \ - + ((UINT64)(b) << 48) \ - + ((UINT64)(c) << 40) \ - + ((UINT64)(d) << 32) \ - + ((UINT64)(e) << 24) \ - + ((UINT64)(f) << 16) \ - + ((UINT64)(g) << 8) \ - + ((UINT64)(h)) \ - ) - -#ifndef RADIX_BYTES -# if RADIX_BITS == 32 -# define RADIX_BYTES 4 -# elif RADIX_BITS == 64 -# define RADIX_BYTES 8 -# else -# error "RADIX_BITS must either be 32 or 64" -# endif -#endif - -// Add implementation dependent definitions for other ECC Values and for linkages. -#include LIB_INCLUDE(MATH_LIB, Math) - - -#endif // _BN_NUMBERS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h deleted file mode 100644 index 54f620c20..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _CAPABILITIES_H -#define _CAPABILITIES_H - -#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP)-sizeof(UINT32)) -#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) -#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) -#define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC)) -#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) -#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) -#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) -#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) - -#define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT)) - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h deleted file mode 100644 index 8c3e5e433..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h +++ /dev/null @@ -1,916 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 3.0 June 16, 2017 - * Date: Oct 9, 2018 Time: 07:25:18PM - */ -// This file should only be included by CommandCodeAttibutes.c -#ifdef _COMMAND_CODE_ATTRIBUTES_ - -#include "CommandAttributes.h" - -#if COMPRESSED_LISTS -# define PAD_LIST 0 -#else -# define PAD_LIST 1 -#endif - - -// This is the command code attribute array for GetCapability. -// Both this array and s_commandAttributes provides command code attributes, -// but tuned for different purpose -const TPMA_CC s_ccAttr [] = { -#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - TPMA_CC_INITIALIZER(0x011F, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EvictControl) - TPMA_CC_INITIALIZER(0x0120, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_HierarchyControl) - TPMA_CC_INITIALIZER(0x0121, 0, 1, 1, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_UndefineSpace) - TPMA_CC_INITIALIZER(0x0122, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0123, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ChangeEPS) - TPMA_CC_INITIALIZER(0x0124, 0, 1, 1, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ChangePPS) - TPMA_CC_INITIALIZER(0x0125, 0, 1, 1, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Clear) - TPMA_CC_INITIALIZER(0x0126, 0, 1, 1, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ClearControl) - TPMA_CC_INITIALIZER(0x0127, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ClockSet) - TPMA_CC_INITIALIZER(0x0128, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_HierarchyChangeAuth) - TPMA_CC_INITIALIZER(0x0129, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_DefineSpace) - TPMA_CC_INITIALIZER(0x012A, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Allocate) - TPMA_CC_INITIALIZER(0x012B, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_SetAuthPolicy) - TPMA_CC_INITIALIZER(0x012C, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PP_Commands) - TPMA_CC_INITIALIZER(0x012D, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SetPrimaryPolicy) - TPMA_CC_INITIALIZER(0x012E, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_FieldUpgradeStart) - TPMA_CC_INITIALIZER(0x012F, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ClockRateAdjust) - TPMA_CC_INITIALIZER(0x0130, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_CreatePrimary) - TPMA_CC_INITIALIZER(0x0131, 0, 0, 0, 0, 1, 1, 0, 0), -#endif -#if (PAD_LIST || CC_NV_GlobalWriteLock) - TPMA_CC_INITIALIZER(0x0132, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetCommandAuditDigest) - TPMA_CC_INITIALIZER(0x0133, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Increment) - TPMA_CC_INITIALIZER(0x0134, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_SetBits) - TPMA_CC_INITIALIZER(0x0135, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Extend) - TPMA_CC_INITIALIZER(0x0136, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Write) - TPMA_CC_INITIALIZER(0x0137, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_WriteLock) - TPMA_CC_INITIALIZER(0x0138, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_DictionaryAttackLockReset) - TPMA_CC_INITIALIZER(0x0139, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_DictionaryAttackParameters) - TPMA_CC_INITIALIZER(0x013A, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_ChangeAuth) - TPMA_CC_INITIALIZER(0x013B, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Event) - TPMA_CC_INITIALIZER(0x013C, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Reset) - TPMA_CC_INITIALIZER(0x013D, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SequenceComplete) - TPMA_CC_INITIALIZER(0x013E, 0, 0, 0, 1, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SetAlgorithmSet) - TPMA_CC_INITIALIZER(0x013F, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SetCommandCodeAuditStatus) - TPMA_CC_INITIALIZER(0x0140, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_FieldUpgradeData) - TPMA_CC_INITIALIZER(0x0141, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_IncrementalSelfTest) - TPMA_CC_INITIALIZER(0x0142, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_SelfTest) - TPMA_CC_INITIALIZER(0x0143, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Startup) - TPMA_CC_INITIALIZER(0x0144, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Shutdown) - TPMA_CC_INITIALIZER(0x0145, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_StirRandom) - TPMA_CC_INITIALIZER(0x0146, 0, 1, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ActivateCredential) - TPMA_CC_INITIALIZER(0x0147, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Certify) - TPMA_CC_INITIALIZER(0x0148, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyNV) - TPMA_CC_INITIALIZER(0x0149, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_CertifyCreation) - TPMA_CC_INITIALIZER(0x014A, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Duplicate) - TPMA_CC_INITIALIZER(0x014B, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetTime) - TPMA_CC_INITIALIZER(0x014C, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetSessionAuditDigest) - TPMA_CC_INITIALIZER(0x014D, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Read) - TPMA_CC_INITIALIZER(0x014E, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_ReadLock) - TPMA_CC_INITIALIZER(0x014F, 0, 1, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ObjectChangeAuth) - TPMA_CC_INITIALIZER(0x0150, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicySecret) - TPMA_CC_INITIALIZER(0x0151, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Rewrap) - TPMA_CC_INITIALIZER(0x0152, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Create) - TPMA_CC_INITIALIZER(0x0153, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ECDH_ZGen) - TPMA_CC_INITIALIZER(0x0154, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || (CC_HMAC || CC_MAC)) - TPMA_CC_INITIALIZER(0x0155, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Import) - TPMA_CC_INITIALIZER(0x0156, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Load) - TPMA_CC_INITIALIZER(0x0157, 0, 0, 0, 0, 1, 1, 0, 0), -#endif -#if (PAD_LIST || CC_Quote) - TPMA_CC_INITIALIZER(0x0158, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_RSA_Decrypt) - TPMA_CC_INITIALIZER(0x0159, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x015A, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) - TPMA_CC_INITIALIZER(0x015B, 0, 0, 0, 0, 1, 1, 0, 0), -#endif -#if (PAD_LIST || CC_SequenceUpdate) - TPMA_CC_INITIALIZER(0x015C, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Sign) - TPMA_CC_INITIALIZER(0x015D, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Unseal) - TPMA_CC_INITIALIZER(0x015E, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x015F, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicySigned) - TPMA_CC_INITIALIZER(0x0160, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ContextLoad) - TPMA_CC_INITIALIZER(0x0161, 0, 0, 0, 0, 0, 1, 0, 0), -#endif -#if (PAD_LIST || CC_ContextSave) - TPMA_CC_INITIALIZER(0x0162, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ECDH_KeyGen) - TPMA_CC_INITIALIZER(0x0163, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EncryptDecrypt) - TPMA_CC_INITIALIZER(0x0164, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_FlushContext) - TPMA_CC_INITIALIZER(0x0165, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0166, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_LoadExternal) - TPMA_CC_INITIALIZER(0x0167, 0, 0, 0, 0, 0, 1, 0, 0), -#endif -#if (PAD_LIST || CC_MakeCredential) - TPMA_CC_INITIALIZER(0x0168, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_ReadPublic) - TPMA_CC_INITIALIZER(0x0169, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyAuthorize) - TPMA_CC_INITIALIZER(0x016A, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyAuthValue) - TPMA_CC_INITIALIZER(0x016B, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyCommandCode) - TPMA_CC_INITIALIZER(0x016C, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyCounterTimer) - TPMA_CC_INITIALIZER(0x016D, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyCpHash) - TPMA_CC_INITIALIZER(0x016E, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyLocality) - TPMA_CC_INITIALIZER(0x016F, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyNameHash) - TPMA_CC_INITIALIZER(0x0170, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyOR) - TPMA_CC_INITIALIZER(0x0171, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyTicket) - TPMA_CC_INITIALIZER(0x0172, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ReadPublic) - TPMA_CC_INITIALIZER(0x0173, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_RSA_Encrypt) - TPMA_CC_INITIALIZER(0x0174, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0175, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_StartAuthSession) - TPMA_CC_INITIALIZER(0x0176, 0, 0, 0, 0, 2, 1, 0, 0), -#endif -#if (PAD_LIST || CC_VerifySignature) - TPMA_CC_INITIALIZER(0x0177, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ECC_Parameters) - TPMA_CC_INITIALIZER(0x0178, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_FirmwareRead) - TPMA_CC_INITIALIZER(0x0179, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetCapability) - TPMA_CC_INITIALIZER(0x017A, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetRandom) - TPMA_CC_INITIALIZER(0x017B, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_GetTestResult) - TPMA_CC_INITIALIZER(0x017C, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Hash) - TPMA_CC_INITIALIZER(0x017D, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Read) - TPMA_CC_INITIALIZER(0x017E, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyPCR) - TPMA_CC_INITIALIZER(0x017F, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyRestart) - TPMA_CC_INITIALIZER(0x0180, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ReadClock) - TPMA_CC_INITIALIZER(0x0181, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_Extend) - TPMA_CC_INITIALIZER(0x0182, 0, 1, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PCR_SetAuthValue) - TPMA_CC_INITIALIZER(0x0183, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_NV_Certify) - TPMA_CC_INITIALIZER(0x0184, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EventSequenceComplete) - TPMA_CC_INITIALIZER(0x0185, 0, 1, 0, 1, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_HashSequenceStart) - TPMA_CC_INITIALIZER(0x0186, 0, 0, 0, 0, 0, 1, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyPhysicalPresence) - TPMA_CC_INITIALIZER(0x0187, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyDuplicationSelect) - TPMA_CC_INITIALIZER(0x0188, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyGetDigest) - TPMA_CC_INITIALIZER(0x0189, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_TestParms) - TPMA_CC_INITIALIZER(0x018A, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Commit) - TPMA_CC_INITIALIZER(0x018B, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyPassword) - TPMA_CC_INITIALIZER(0x018C, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_ZGen_2Phase) - TPMA_CC_INITIALIZER(0x018D, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EC_Ephemeral) - TPMA_CC_INITIALIZER(0x018E, 0, 0, 0, 0, 0, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyNvWritten) - TPMA_CC_INITIALIZER(0x018F, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyTemplate) - TPMA_CC_INITIALIZER(0x0190, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_CreateLoaded) - TPMA_CC_INITIALIZER(0x0191, 0, 0, 0, 0, 1, 1, 0, 0), -#endif -#if (PAD_LIST || CC_PolicyAuthorizeNV) - TPMA_CC_INITIALIZER(0x0192, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_EncryptDecrypt2) - TPMA_CC_INITIALIZER(0x0193, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_AC_GetCapability) - TPMA_CC_INITIALIZER(0x0194, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_AC_Send) - TPMA_CC_INITIALIZER(0x0195, 0, 0, 0, 0, 3, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Policy_AC_SendSelect) - TPMA_CC_INITIALIZER(0x0196, 0, 0, 0, 0, 1, 0, 0, 0), -#endif -#if (PAD_LIST || CC_CertifyX509) - TPMA_CC_INITIALIZER(0x0197, 0, 0, 0, 0, 2, 0, 0, 0), -#endif -#if (PAD_LIST || CC_Vendor_TCG_Test) - TPMA_CC_INITIALIZER(0x0000, 0, 0, 0, 0, 0, 0, 1, 0), -#endif - TPMA_ZERO_INITIALIZER() -}; - - - -// This is the command code attribute structure. -const COMMAND_ATTRIBUTES s_commandAttributes [] = { -#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011F - (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_EvictControl) - (COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_HierarchyControl) - (COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_NV_UndefineSpace) - (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0123 -#endif -#if (PAD_LIST || CC_ChangeEPS) - (COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_ChangePPS) - (COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_Clear) - (COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_ClearControl) - (COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_ClockSet) - (COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_HierarchyChangeAuth) - (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_NV_DefineSpace) - (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012A - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_PCR_Allocate) - (COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012B - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_PCR_SetAuthPolicy) - (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012C - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_PP_Commands) - (COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012D - (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), -#endif -#if (PAD_LIST || CC_SetPrimaryPolicy) - (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012E - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_FieldUpgradeStart) - (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012F - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_ClockRateAdjust) - (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_CreatePrimary) - (COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_NV_GlobalWriteLock) - (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_GetCommandAuditDigest) - (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_NV_Increment) - (COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_SetBits) - (COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_Extend) - (COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_Write) - (COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_WriteLock) - (COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_DictionaryAttackLockReset) - (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_DictionaryAttackParameters) - (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013A - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_ChangeAuth) - (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013B - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), -#endif -#if (PAD_LIST || CC_PCR_Event) - (COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013C - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_PCR_Reset) - (COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013D - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_SequenceComplete) - (COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013E - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_SetAlgorithmSet) - (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013F - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_SetCommandCodeAuditStatus) - (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), -#endif -#if (PAD_LIST || CC_FieldUpgradeData) - (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141 - (IS_IMPLEMENTED+DECRYPT_2)), -#endif -#if (PAD_LIST || CC_IncrementalSelfTest) - (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_SelfTest) - (COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_Startup) - (COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144 - (IS_IMPLEMENTED+NO_SESSIONS)), -#endif -#if (PAD_LIST || CC_Shutdown) - (COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_StirRandom) - (COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146 - (IS_IMPLEMENTED+DECRYPT_2)), -#endif -#if (PAD_LIST || CC_ActivateCredential) - (COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Certify) - (COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicyNV) - (COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_CertifyCreation) - (COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014A - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Duplicate) - (COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014B - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_GetTime) - (COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014C - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_GetSessionAuditDigest) - (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014D - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_NV_Read) - (COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014E - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_NV_ReadLock) - (COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014F - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_ObjectChangeAuth) - (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicySecret) - (COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Rewrap) - (COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Create) - (COMMAND_ATTRIBUTES)(CC_Create * // 0x0153 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_ECDH_ZGen) - (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || (CC_HMAC || CC_MAC)) - (COMMAND_ATTRIBUTES)((CC_HMAC || CC_MAC) * // 0x0155 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Import) - (COMMAND_ATTRIBUTES)(CC_Import * // 0x0156 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Load) - (COMMAND_ATTRIBUTES)(CC_Load * // 0x0157 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_Quote) - (COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_RSA_Decrypt) - (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x015A -#endif -#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) - (COMMAND_ATTRIBUTES)((CC_HMAC_Start || CC_MAC_Start) * // 0x015B - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), -#endif -#if (PAD_LIST || CC_SequenceUpdate) - (COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015C - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_Sign) - (COMMAND_ATTRIBUTES)(CC_Sign * // 0x015D - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_Unseal) - (COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015E - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x015F -#endif -#if (PAD_LIST || CC_PolicySigned) - (COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_ContextLoad) - (COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161 - (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), -#endif -#if (PAD_LIST || CC_ContextSave) - (COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162 - (IS_IMPLEMENTED+NO_SESSIONS)), -#endif -#if (PAD_LIST || CC_ECDH_KeyGen) - (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163 - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_EncryptDecrypt) - (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164 - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_FlushContext) - (COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165 - (IS_IMPLEMENTED+NO_SESSIONS)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0166 -#endif -#if (PAD_LIST || CC_LoadExternal) - (COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_MakeCredential) - (COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_NV_ReadPublic) - (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169 - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicyAuthorize) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016A - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyAuthValue) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016B - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyCommandCode) - (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016C - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyCounterTimer) - (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016D - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyCpHash) - (COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016E - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyLocality) - (COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016F - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyNameHash) - (COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyOR) - (COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171 - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyTicket) - (COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_ReadPublic) - (COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173 - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_RSA_Encrypt) - (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), -#endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0175 -#endif -#if (PAD_LIST || CC_StartAuthSession) - (COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_VerifySignature) - (COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177 - (IS_IMPLEMENTED+DECRYPT_2)), -#endif -#if (PAD_LIST || CC_ECC_Parameters) - (COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_FirmwareRead) - (COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179 - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_GetCapability) - (COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017A - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_GetRandom) - (COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017B - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_GetTestResult) - (COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017C - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Hash) - (COMMAND_ATTRIBUTES)(CC_Hash * // 0x017D - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PCR_Read) - (COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017E - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_PolicyPCR) - (COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017F - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyRestart) - (COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180 - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_ReadClock) - (COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_PCR_Extend) - (COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182 - (IS_IMPLEMENTED+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_PCR_SetAuthValue) - (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), -#endif -#if (PAD_LIST || CC_NV_Certify) - (COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_EventSequenceComplete) - (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), -#endif -#if (PAD_LIST || CC_HashSequenceStart) - (COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186 - (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_PolicyPhysicalPresence) - (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187 - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyDuplicationSelect) - (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyGetDigest) - (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189 - (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_TestParms) - (COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018A - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_Commit) - (COMMAND_ATTRIBUTES)(CC_Commit * // 0x018B - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicyPassword) - (COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018C - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_ZGen_2Phase) - (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018D - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_EC_Ephemeral) - (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018E - (IS_IMPLEMENTED+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_PolicyNvWritten) - (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018F - (IS_IMPLEMENTED+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_PolicyTemplate) - (COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_CreateLoaded) - (COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), -#endif -#if (PAD_LIST || CC_PolicyAuthorizeNV) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192 - (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_EncryptDecrypt2) - (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_AC_GetCapability) - (COMMAND_ATTRIBUTES)(CC_AC_GetCapability * // 0x0194 - (IS_IMPLEMENTED)), -#endif -#if (PAD_LIST || CC_AC_Send) - (COMMAND_ATTRIBUTES)(CC_AC_Send * // 0x0195 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+HANDLE_2_USER)), -#endif -#if (PAD_LIST || CC_Policy_AC_SendSelect) - (COMMAND_ATTRIBUTES)(CC_Policy_AC_SendSelect * // 0x0196 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), -#endif -#if (PAD_LIST || CC_CertifyX509) - (COMMAND_ATTRIBUTES)(CC_CertifyX509 * // 0x0197 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), -#endif -#if (PAD_LIST || CC_Vendor_TCG_Test) - (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), -#endif - 0 -}; - - - -#endif // _COMMAND_CODE_ATTRIBUTES_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h deleted file mode 100644 index eec0469fc..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 3.0 June 16, 2017 - * Date: Aug 14, 2017 Time: 02:53:08PM - */ -// The attributes defined in this file are produced by the parser that -// creates the structure definitions from Part 3. The attributes are defined -// in that parser and should track the attributes being tested in -// CommandCodeAttributes.c. Generally, when an attribute is added to this list, -// new code will be needed in CommandCodeAttributes.c to test it. - -#ifndef COMMAND_ATTRIBUTES_H -#define COMMAND_ATTRIBUTES_H - -typedef UINT16 COMMAND_ATTRIBUTES; -#define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0) -#define ENCRYPT_2 ((COMMAND_ATTRIBUTES)1 << 0) -#define ENCRYPT_4 ((COMMAND_ATTRIBUTES)1 << 1) -#define DECRYPT_2 ((COMMAND_ATTRIBUTES)1 << 2) -#define DECRYPT_4 ((COMMAND_ATTRIBUTES)1 << 3) -#define HANDLE_1_USER ((COMMAND_ATTRIBUTES)1 << 4) -#define HANDLE_1_ADMIN ((COMMAND_ATTRIBUTES)1 << 5) -#define HANDLE_1_DUP ((COMMAND_ATTRIBUTES)1 << 6) -#define HANDLE_2_USER ((COMMAND_ATTRIBUTES)1 << 7) -#define PP_COMMAND ((COMMAND_ATTRIBUTES)1 << 8) -#define IS_IMPLEMENTED ((COMMAND_ATTRIBUTES)1 << 9) -#define NO_SESSIONS ((COMMAND_ATTRIBUTES)1 << 10) -#define NV_COMMAND ((COMMAND_ATTRIBUTES)1 << 11) -#define PP_REQUIRED ((COMMAND_ATTRIBUTES)1 << 12) -#define R_HANDLE ((COMMAND_ATTRIBUTES)1 << 13) -#define ALLOW_TRIAL ((COMMAND_ATTRIBUTES)1 << 14) - -#endif // COMMAND_ATTRIBUTES_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h deleted file mode 100644 index 2c2461544..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h +++ /dev/null @@ -1,5167 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 2, 2019 Time: 11:00:48AM - */ - -// This file should only be included by CommandCodeAttibutes.c -#ifdef _COMMAND_TABLE_DISPATCH_ - - -// Define the stop value -#define END_OF_LIST 0xff -#define ADD_FLAG 0x80 - -// These macros provide some variability in how the data is encoded. They also make -// the lines a little sorter. ;-) -# define UNMARSHAL_DISPATCH(name) (UNMARSHAL_t)name##_Unmarshal -# define MARSHAL_DISPATCH(name) (MARSHAL_t)name##_Marshal -# define _UNMARSHAL_T_ UNMARSHAL_t -# define _MARSHAL_T_ MARSHAL_t - - -// The UnmarshalArray contains the dispatch functions for the unmarshaling code. -// The defines in this array are used to make it easier to cross reference the -// unmarshaling values in the types array of each command - -const _UNMARSHAL_T_ UnmarshalArray[] = { -#define TPMI_DH_CONTEXT_H_UNMARSHAL 0 - UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), -#define TPMI_RH_AC_H_UNMARSHAL (TPMI_DH_CONTEXT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_AC), -#define TPMI_RH_CLEAR_H_UNMARSHAL (TPMI_RH_AC_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_CLEAR), -#define TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL (TPMI_RH_CLEAR_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY_AUTH), -#define TPMI_RH_LOCKOUT_H_UNMARSHAL (TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_LOCKOUT), -#define TPMI_RH_NV_AUTH_H_UNMARSHAL (TPMI_RH_LOCKOUT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_NV_AUTH), -#define TPMI_RH_NV_INDEX_H_UNMARSHAL (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_NV_INDEX), -#define TPMI_RH_PLATFORM_H_UNMARSHAL (TPMI_RH_NV_INDEX_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_PLATFORM), -#define TPMI_RH_PROVISION_H_UNMARSHAL (TPMI_RH_PLATFORM_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_PROVISION), -#define TPMI_SH_HMAC_H_UNMARSHAL (TPMI_RH_PROVISION_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_SH_HMAC), -#define TPMI_SH_POLICY_H_UNMARSHAL (TPMI_SH_HMAC_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_SH_POLICY), -// HANDLE_FIRST_FLAG_TYPE is the first handle that needs a flag when called. -#define HANDLE_FIRST_FLAG_TYPE (TPMI_SH_POLICY_H_UNMARSHAL + 1) -#define TPMI_DH_ENTITY_H_UNMARSHAL (TPMI_SH_POLICY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_ENTITY), -#define TPMI_DH_OBJECT_H_UNMARSHAL (TPMI_DH_ENTITY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_OBJECT), -#define TPMI_DH_PARENT_H_UNMARSHAL (TPMI_DH_OBJECT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PARENT), -#define TPMI_DH_PCR_H_UNMARSHAL (TPMI_DH_PARENT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PCR), -#define TPMI_RH_ENDORSEMENT_H_UNMARSHAL (TPMI_DH_PCR_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_ENDORSEMENT), -#define TPMI_RH_HIERARCHY_H_UNMARSHAL (TPMI_RH_ENDORSEMENT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), -// PARAMETER_FIRST_TYPE marks the end of the handle list. -#define PARAMETER_FIRST_TYPE (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) -#define TPM2B_DATA_P_UNMARSHAL (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_DATA), -#define TPM2B_DIGEST_P_UNMARSHAL (TPM2B_DATA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_DIGEST), -#define TPM2B_ECC_PARAMETER_P_UNMARSHAL (TPM2B_DIGEST_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ECC_PARAMETER), -#define TPM2B_ECC_POINT_P_UNMARSHAL (TPM2B_ECC_PARAMETER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ECC_POINT), -#define TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL (TPM2B_ECC_POINT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), -#define TPM2B_EVENT_P_UNMARSHAL (TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_EVENT), -#define TPM2B_ID_OBJECT_P_UNMARSHAL (TPM2B_EVENT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ID_OBJECT), -#define TPM2B_IV_P_UNMARSHAL (TPM2B_ID_OBJECT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_IV), -#define TPM2B_MAX_BUFFER_P_UNMARSHAL (TPM2B_IV_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_MAX_BUFFER), -#define TPM2B_MAX_NV_BUFFER_P_UNMARSHAL (TPM2B_MAX_BUFFER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), -#define TPM2B_NAME_P_UNMARSHAL (TPM2B_MAX_NV_BUFFER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_NAME), -#define TPM2B_NV_PUBLIC_P_UNMARSHAL (TPM2B_NAME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_NV_PUBLIC), -#define TPM2B_PRIVATE_P_UNMARSHAL (TPM2B_NV_PUBLIC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PRIVATE), -#define TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL (TPM2B_PRIVATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), -#define TPM2B_SENSITIVE_P_UNMARSHAL (TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE), -#define TPM2B_SENSITIVE_CREATE_P_UNMARSHAL (TPM2B_SENSITIVE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_CREATE), -#define TPM2B_SENSITIVE_DATA_P_UNMARSHAL (TPM2B_SENSITIVE_CREATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), -#define TPM2B_TEMPLATE_P_UNMARSHAL (TPM2B_SENSITIVE_DATA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_TEMPLATE), -#define TPM2B_TIMEOUT_P_UNMARSHAL (TPM2B_TEMPLATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_TIMEOUT), -#define TPMI_DH_CONTEXT_P_UNMARSHAL (TPM2B_TIMEOUT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), -#define TPMI_DH_PERSISTENT_P_UNMARSHAL (TPMI_DH_CONTEXT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PERSISTENT), -#define TPMI_ECC_CURVE_P_UNMARSHAL (TPMI_DH_PERSISTENT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ECC_CURVE), -#define TPMI_YES_NO_P_UNMARSHAL (TPMI_ECC_CURVE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_YES_NO), -#define TPML_ALG_P_UNMARSHAL (TPMI_YES_NO_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_ALG), -#define TPML_CC_P_UNMARSHAL (TPML_ALG_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_CC), -#define TPML_DIGEST_P_UNMARSHAL (TPML_CC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_DIGEST), -#define TPML_DIGEST_VALUES_P_UNMARSHAL (TPML_DIGEST_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_DIGEST_VALUES), -#define TPML_PCR_SELECTION_P_UNMARSHAL (TPML_DIGEST_VALUES_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_PCR_SELECTION), -#define TPMS_CONTEXT_P_UNMARSHAL (TPML_PCR_SELECTION_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMS_CONTEXT), -#define TPMT_PUBLIC_PARMS_P_UNMARSHAL (TPMS_CONTEXT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_PUBLIC_PARMS), -#define TPMT_TK_AUTH_P_UNMARSHAL (TPMT_PUBLIC_PARMS_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_AUTH), -#define TPMT_TK_CREATION_P_UNMARSHAL (TPMT_TK_AUTH_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_CREATION), -#define TPMT_TK_HASHCHECK_P_UNMARSHAL (TPMT_TK_CREATION_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_HASHCHECK), -#define TPMT_TK_VERIFIED_P_UNMARSHAL (TPMT_TK_HASHCHECK_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_VERIFIED), -#define TPM_AT_P_UNMARSHAL (TPMT_TK_VERIFIED_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_AT), -#define TPM_CAP_P_UNMARSHAL (TPM_AT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_CAP), -#define TPM_CLOCK_ADJUST_P_UNMARSHAL (TPM_CAP_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_CLOCK_ADJUST), -#define TPM_EO_P_UNMARSHAL (TPM_CLOCK_ADJUST_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_EO), -#define TPM_SE_P_UNMARSHAL (TPM_EO_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_SE), -#define TPM_SU_P_UNMARSHAL (TPM_SE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM_SU), -#define UINT16_P_UNMARSHAL (TPM_SU_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT16), -#define UINT32_P_UNMARSHAL (UINT16_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT32), -#define UINT64_P_UNMARSHAL (UINT32_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT64), -#define UINT8_P_UNMARSHAL (UINT64_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT8), -// PARAMETER_FIRST_FLAG_TYPE is the first parameter to need a flag. -#define PARAMETER_FIRST_FLAG_TYPE (UINT8_P_UNMARSHAL + 1) -#define TPM2B_PUBLIC_P_UNMARSHAL (UINT8_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PUBLIC), -#define TPMI_ALG_CIPHER_MODE_P_UNMARSHAL (TPM2B_PUBLIC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_CIPHER_MODE), -#define TPMI_ALG_HASH_P_UNMARSHAL (TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_HASH), -#define TPMI_ALG_MAC_SCHEME_P_UNMARSHAL (TPMI_ALG_HASH_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_MAC_SCHEME), -#define TPMI_DH_PCR_P_UNMARSHAL (TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PCR), -#define TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL (TPMI_DH_PCR_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ECC_KEY_EXCHANGE), -#define TPMI_RH_ENABLES_P_UNMARSHAL (TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_ENABLES), -#define TPMI_RH_HIERARCHY_P_UNMARSHAL (TPMI_RH_ENABLES_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), -#define TPMT_RSA_DECRYPT_P_UNMARSHAL (TPMI_RH_HIERARCHY_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_RSA_DECRYPT), -#define TPMT_SIGNATURE_P_UNMARSHAL (TPMT_RSA_DECRYPT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SIGNATURE), -#define TPMT_SIG_SCHEME_P_UNMARSHAL (TPMT_SIGNATURE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SIG_SCHEME), -#define TPMT_SYM_DEF_P_UNMARSHAL (TPMT_SIG_SCHEME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SYM_DEF), -#define TPMT_SYM_DEF_OBJECT_P_UNMARSHAL (TPMT_SYM_DEF_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SYM_DEF_OBJECT) -// PARAMETER_LAST_TYPE is the end of the command parameter list. -#define PARAMETER_LAST_TYPE (TPMT_SYM_DEF_OBJECT_P_UNMARSHAL) -}; - -// The MarshalArray contains the dispatch functions for the marshaling code. -// The defines in this array are used to make it easier to cross reference the -// marshaling values in the types array of each command -const _MARSHAL_T_ MarshalArray[] = { - -#define UINT32_H_MARSHAL 0 - MARSHAL_DISPATCH(UINT32), -// RESPONSE_PARAMETER_FIRST_TYPE marks the end of the response handles. -#define RESPONSE_PARAMETER_FIRST_TYPE (UINT32_H_MARSHAL + 1) -#define TPM2B_ATTEST_P_MARSHAL (UINT32_H_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ATTEST), -#define TPM2B_CREATION_DATA_P_MARSHAL (TPM2B_ATTEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_CREATION_DATA), -#define TPM2B_DATA_P_MARSHAL (TPM2B_CREATION_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_DATA), -#define TPM2B_DIGEST_P_MARSHAL (TPM2B_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_DIGEST), -#define TPM2B_ECC_POINT_P_MARSHAL (TPM2B_DIGEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ECC_POINT), -#define TPM2B_ENCRYPTED_SECRET_P_MARSHAL (TPM2B_ECC_POINT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), -#define TPM2B_ID_OBJECT_P_MARSHAL (TPM2B_ENCRYPTED_SECRET_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ID_OBJECT), -#define TPM2B_IV_P_MARSHAL (TPM2B_ID_OBJECT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_IV), -#define TPM2B_MAX_BUFFER_P_MARSHAL (TPM2B_IV_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_MAX_BUFFER), -#define TPM2B_MAX_NV_BUFFER_P_MARSHAL (TPM2B_MAX_BUFFER_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), -#define TPM2B_NAME_P_MARSHAL (TPM2B_MAX_NV_BUFFER_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_NAME), -#define TPM2B_NV_PUBLIC_P_MARSHAL (TPM2B_NAME_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_NV_PUBLIC), -#define TPM2B_PRIVATE_P_MARSHAL (TPM2B_NV_PUBLIC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PRIVATE), -#define TPM2B_PUBLIC_P_MARSHAL (TPM2B_PRIVATE_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PUBLIC), -#define TPM2B_PUBLIC_KEY_RSA_P_MARSHAL (TPM2B_PUBLIC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), -#define TPM2B_SENSITIVE_DATA_P_MARSHAL (TPM2B_PUBLIC_KEY_RSA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), -#define TPM2B_TIMEOUT_P_MARSHAL (TPM2B_SENSITIVE_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_TIMEOUT), -#define UINT8_P_MARSHAL (TPM2B_TIMEOUT_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT8), -#define TPML_AC_CAPABILITIES_P_MARSHAL (UINT8_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_AC_CAPABILITIES), -#define TPML_ALG_P_MARSHAL (TPML_AC_CAPABILITIES_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_ALG), -#define TPML_DIGEST_P_MARSHAL (TPML_ALG_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_DIGEST), -#define TPML_DIGEST_VALUES_P_MARSHAL (TPML_DIGEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_DIGEST_VALUES), -#define TPML_PCR_SELECTION_P_MARSHAL (TPML_DIGEST_VALUES_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_PCR_SELECTION), -#define TPMS_AC_OUTPUT_P_MARSHAL (TPML_PCR_SELECTION_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_AC_OUTPUT), -#define TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL (TPMS_AC_OUTPUT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_ALGORITHM_DETAIL_ECC), -#define TPMS_CAPABILITY_DATA_P_MARSHAL \ - (TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_CAPABILITY_DATA), -#define TPMS_CONTEXT_P_MARSHAL (TPMS_CAPABILITY_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_CONTEXT), -#define TPMS_TIME_INFO_P_MARSHAL (TPMS_CONTEXT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_TIME_INFO), -#define TPMT_HA_P_MARSHAL (TPMS_TIME_INFO_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_HA), -#define TPMT_SIGNATURE_P_MARSHAL (TPMT_HA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_SIGNATURE), -#define TPMT_TK_AUTH_P_MARSHAL (TPMT_SIGNATURE_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_AUTH), -#define TPMT_TK_CREATION_P_MARSHAL (TPMT_TK_AUTH_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_CREATION), -#define TPMT_TK_HASHCHECK_P_MARSHAL (TPMT_TK_CREATION_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_HASHCHECK), -#define TPMT_TK_VERIFIED_P_MARSHAL (TPMT_TK_HASHCHECK_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_VERIFIED), -#define UINT32_P_MARSHAL (TPMT_TK_VERIFIED_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT32), -#define UINT16_P_MARSHAL (UINT32_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT16) -// RESPONSE_PARAMETER_LAST_TYPE is the end of the response parameter list. -#define RESPONSE_PARAMETER_LAST_TYPE (UINT16_P_MARSHAL) -}; - -// This list of aliases allows the types in the _COMMAND_DESCRIPTOR_T to match the -// types in the command/response templates of part 3. -#define INT32_P_UNMARSHAL UINT32_P_UNMARSHAL -#define TPM2B_AUTH_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPM2B_NONCE_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPM2B_OPERAND_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPMA_LOCALITY_P_UNMARSHAL UINT8_P_UNMARSHAL -#define TPM_CC_P_UNMARSHAL UINT32_P_UNMARSHAL -#define TPMI_DH_CONTEXT_H_MARSHAL UINT32_H_MARSHAL -#define TPMI_DH_OBJECT_H_MARSHAL UINT32_H_MARSHAL -#define TPMI_SH_AUTH_SESSION_H_MARSHAL UINT32_H_MARSHAL -#define TPM_HANDLE_H_MARSHAL UINT32_H_MARSHAL -#define TPM2B_NONCE_P_MARSHAL TPM2B_DIGEST_P_MARSHAL -#define TPMI_YES_NO_P_MARSHAL UINT8_P_MARSHAL -#define TPM_RC_P_MARSHAL UINT32_P_MARSHAL - - -#if CC_Startup - -#include "Startup_fp.h" - -typedef TPM_RC (Startup_Entry)( - Startup_In *in -); - -typedef const struct { - Startup_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} Startup_COMMAND_DESCRIPTOR_t; - -Startup_COMMAND_DESCRIPTOR_t _StartupData = { - /* entry */ &TPM2_Startup, - /* inSize */ (UINT16)(sizeof(Startup_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Startup_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPM_SU_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _StartupDataAddress (&_StartupData) -#else -#define _StartupDataAddress 0 -#endif // CC_Startup - -#if CC_Shutdown - -#include "Shutdown_fp.h" - -typedef TPM_RC (Shutdown_Entry)( - Shutdown_In *in -); - -typedef const struct { - Shutdown_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} Shutdown_COMMAND_DESCRIPTOR_t; - -Shutdown_COMMAND_DESCRIPTOR_t _ShutdownData = { - /* entry */ &TPM2_Shutdown, - /* inSize */ (UINT16)(sizeof(Shutdown_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Shutdown_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPM_SU_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ShutdownDataAddress (&_ShutdownData) -#else -#define _ShutdownDataAddress 0 -#endif // CC_Shutdown - -#if CC_SelfTest - -#include "SelfTest_fp.h" - -typedef TPM_RC (SelfTest_Entry)( - SelfTest_In *in -); - -typedef const struct { - SelfTest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} SelfTest_COMMAND_DESCRIPTOR_t; - -SelfTest_COMMAND_DESCRIPTOR_t _SelfTestData = { - /* entry */ &TPM2_SelfTest, - /* inSize */ (UINT16)(sizeof(SelfTest_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SelfTest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SelfTestDataAddress (&_SelfTestData) -#else -#define _SelfTestDataAddress 0 -#endif // CC_SelfTest - -#if CC_IncrementalSelfTest - -#include "IncrementalSelfTest_fp.h" - -typedef TPM_RC (IncrementalSelfTest_Entry)( - IncrementalSelfTest_In *in, - IncrementalSelfTest_Out *out -); - -typedef const struct { - IncrementalSelfTest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} IncrementalSelfTest_COMMAND_DESCRIPTOR_t; - -IncrementalSelfTest_COMMAND_DESCRIPTOR_t _IncrementalSelfTestData = { - /* entry */ &TPM2_IncrementalSelfTest, - /* inSize */ (UINT16)(sizeof(IncrementalSelfTest_In)), - /* outSize */ (UINT16)(sizeof(IncrementalSelfTest_Out)), - /* offsetOfTypes */ offsetof(IncrementalSelfTest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPML_ALG_P_UNMARSHAL, - END_OF_LIST, - TPML_ALG_P_MARSHAL, - END_OF_LIST} -}; - -#define _IncrementalSelfTestDataAddress (&_IncrementalSelfTestData) -#else -#define _IncrementalSelfTestDataAddress 0 -#endif // CC_IncrementalSelfTest - -#if CC_GetTestResult - -#include "GetTestResult_fp.h" - -typedef TPM_RC (GetTestResult_Entry)( - GetTestResult_Out *out -); - -typedef const struct { - GetTestResult_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} GetTestResult_COMMAND_DESCRIPTOR_t; - -GetTestResult_COMMAND_DESCRIPTOR_t _GetTestResultData = { - /* entry */ &TPM2_GetTestResult, - /* inSize */ 0, - /* outSize */ (UINT16)(sizeof(GetTestResult_Out)), - /* offsetOfTypes */ offsetof(GetTestResult_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetTestResult_Out, testResult))}, - /* types */ {END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM_RC_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetTestResultDataAddress (&_GetTestResultData) -#else -#define _GetTestResultDataAddress 0 -#endif // CC_GetTestResult - -#if CC_StartAuthSession - -#include "StartAuthSession_fp.h" - -typedef TPM_RC (StartAuthSession_Entry)( - StartAuthSession_In *in, - StartAuthSession_Out *out -); - -typedef const struct { - StartAuthSession_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; -} StartAuthSession_COMMAND_DESCRIPTOR_t; - -StartAuthSession_COMMAND_DESCRIPTOR_t _StartAuthSessionData = { - /* entry */ &TPM2_StartAuthSession, - /* inSize */ (UINT16)(sizeof(StartAuthSession_In)), - /* outSize */ (UINT16)(sizeof(StartAuthSession_Out)), - /* offsetOfTypes */ offsetof(StartAuthSession_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(StartAuthSession_In, bind)), - (UINT16)(offsetof(StartAuthSession_In, nonceCaller)), - (UINT16)(offsetof(StartAuthSession_In, encryptedSalt)), - (UINT16)(offsetof(StartAuthSession_In, sessionType)), - (UINT16)(offsetof(StartAuthSession_In, symmetric)), - (UINT16)(offsetof(StartAuthSession_In, authHash)), - (UINT16)(offsetof(StartAuthSession_Out, nonceTPM))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_ENTITY_H_UNMARSHAL + ADD_FLAG, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - TPM_SE_P_UNMARSHAL, - TPMT_SYM_DEF_P_UNMARSHAL + ADD_FLAG, - TPMI_ALG_HASH_P_UNMARSHAL, - END_OF_LIST, - TPMI_SH_AUTH_SESSION_H_MARSHAL, - TPM2B_NONCE_P_MARSHAL, - END_OF_LIST} -}; - -#define _StartAuthSessionDataAddress (&_StartAuthSessionData) -#else -#define _StartAuthSessionDataAddress 0 -#endif // CC_StartAuthSession - -#if CC_PolicyRestart - -#include "PolicyRestart_fp.h" - -typedef TPM_RC (PolicyRestart_Entry)( - PolicyRestart_In *in -); - -typedef const struct { - PolicyRestart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PolicyRestart_COMMAND_DESCRIPTOR_t; - -PolicyRestart_COMMAND_DESCRIPTOR_t _PolicyRestartData = { - /* entry */ &TPM2_PolicyRestart, - /* inSize */ (UINT16)(sizeof(PolicyRestart_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyRestart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyRestartDataAddress (&_PolicyRestartData) -#else -#define _PolicyRestartDataAddress 0 -#endif // CC_PolicyRestart - -#if CC_Create - -#include "Create_fp.h" - -typedef TPM_RC (Create_Entry)( - Create_In *in, - Create_Out *out -); - -typedef const struct { - Create_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[8]; - BYTE types[12]; -} Create_COMMAND_DESCRIPTOR_t; - -Create_COMMAND_DESCRIPTOR_t _CreateData = { - /* entry */ &TPM2_Create, - /* inSize */ (UINT16)(sizeof(Create_In)), - /* outSize */ (UINT16)(sizeof(Create_Out)), - /* offsetOfTypes */ offsetof(Create_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Create_In, inSensitive)), - (UINT16)(offsetof(Create_In, inPublic)), - (UINT16)(offsetof(Create_In, outsideInfo)), - (UINT16)(offsetof(Create_In, creationPCR)), - (UINT16)(offsetof(Create_Out, outPublic)), - (UINT16)(offsetof(Create_Out, creationData)), - (UINT16)(offsetof(Create_Out, creationHash)), - (UINT16)(offsetof(Create_Out, creationTicket))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_CREATION_DATA_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_CREATION_P_MARSHAL, - END_OF_LIST} -}; - -#define _CreateDataAddress (&_CreateData) -#else -#define _CreateDataAddress 0 -#endif // CC_Create - -#if CC_Load - -#include "Load_fp.h" - -typedef TPM_RC (Load_Entry)( - Load_In *in, - Load_Out *out -); - -typedef const struct { - Load_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} Load_COMMAND_DESCRIPTOR_t; - -Load_COMMAND_DESCRIPTOR_t _LoadData = { - /* entry */ &TPM2_Load, - /* inSize */ (UINT16)(sizeof(Load_In)), - /* outSize */ (UINT16)(sizeof(Load_Out)), - /* offsetOfTypes */ offsetof(Load_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Load_In, inPrivate)), - (UINT16)(offsetof(Load_In, inPublic)), - (UINT16)(offsetof(Load_Out, name))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _LoadDataAddress (&_LoadData) -#else -#define _LoadDataAddress 0 -#endif // CC_Load - -#if CC_LoadExternal - -#include "LoadExternal_fp.h" - -typedef TPM_RC (LoadExternal_Entry)( - LoadExternal_In *in, - LoadExternal_Out *out -); - -typedef const struct { - LoadExternal_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} LoadExternal_COMMAND_DESCRIPTOR_t; - -LoadExternal_COMMAND_DESCRIPTOR_t _LoadExternalData = { - /* entry */ &TPM2_LoadExternal, - /* inSize */ (UINT16)(sizeof(LoadExternal_In)), - /* outSize */ (UINT16)(sizeof(LoadExternal_Out)), - /* offsetOfTypes */ offsetof(LoadExternal_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(LoadExternal_In, inPublic)), - (UINT16)(offsetof(LoadExternal_In, hierarchy)), - (UINT16)(offsetof(LoadExternal_Out, name))}, - /* types */ {TPM2B_SENSITIVE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL + ADD_FLAG, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _LoadExternalDataAddress (&_LoadExternalData) -#else -#define _LoadExternalDataAddress 0 -#endif // CC_LoadExternal - -#if CC_ReadPublic - -#include "ReadPublic_fp.h" - -typedef TPM_RC (ReadPublic_Entry)( - ReadPublic_In *in, - ReadPublic_Out *out -); - -typedef const struct { - ReadPublic_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} ReadPublic_COMMAND_DESCRIPTOR_t; - -ReadPublic_COMMAND_DESCRIPTOR_t _ReadPublicData = { - /* entry */ &TPM2_ReadPublic, - /* inSize */ (UINT16)(sizeof(ReadPublic_In)), - /* outSize */ (UINT16)(sizeof(ReadPublic_Out)), - /* offsetOfTypes */ offsetof(ReadPublic_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ReadPublic_Out, name)), - (UINT16)(offsetof(ReadPublic_Out, qualifiedName))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _ReadPublicDataAddress (&_ReadPublicData) -#else -#define _ReadPublicDataAddress 0 -#endif // CC_ReadPublic - -#if CC_ActivateCredential - -#include "ActivateCredential_fp.h" - -typedef TPM_RC (ActivateCredential_Entry)( - ActivateCredential_In *in, - ActivateCredential_Out *out -); - -typedef const struct { - ActivateCredential_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} ActivateCredential_COMMAND_DESCRIPTOR_t; - -ActivateCredential_COMMAND_DESCRIPTOR_t _ActivateCredentialData = { - /* entry */ &TPM2_ActivateCredential, - /* inSize */ (UINT16)(sizeof(ActivateCredential_In)), - /* outSize */ (UINT16)(sizeof(ActivateCredential_Out)), - /* offsetOfTypes */ offsetof(ActivateCredential_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ActivateCredential_In, keyHandle)), - (UINT16)(offsetof(ActivateCredential_In, credentialBlob)), - (UINT16)(offsetof(ActivateCredential_In, secret))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ID_OBJECT_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _ActivateCredentialDataAddress (&_ActivateCredentialData) -#else -#define _ActivateCredentialDataAddress 0 -#endif // CC_ActivateCredential - -#if CC_MakeCredential - -#include "MakeCredential_fp.h" - -typedef TPM_RC (MakeCredential_Entry)( - MakeCredential_In *in, - MakeCredential_Out *out -); - -typedef const struct { - MakeCredential_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} MakeCredential_COMMAND_DESCRIPTOR_t; - -MakeCredential_COMMAND_DESCRIPTOR_t _MakeCredentialData = { - /* entry */ &TPM2_MakeCredential, - /* inSize */ (UINT16)(sizeof(MakeCredential_In)), - /* outSize */ (UINT16)(sizeof(MakeCredential_Out)), - /* offsetOfTypes */ offsetof(MakeCredential_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MakeCredential_In, credential)), - (UINT16)(offsetof(MakeCredential_In, objectName)), - (UINT16)(offsetof(MakeCredential_Out, secret))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ID_OBJECT_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} -}; - -#define _MakeCredentialDataAddress (&_MakeCredentialData) -#else -#define _MakeCredentialDataAddress 0 -#endif // CC_MakeCredential - -#if CC_Unseal - -#include "Unseal_fp.h" - -typedef TPM_RC (Unseal_Entry)( - Unseal_In *in, - Unseal_Out *out -); - -typedef const struct { - Unseal_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} Unseal_COMMAND_DESCRIPTOR_t; - -Unseal_COMMAND_DESCRIPTOR_t _UnsealData = { - /* entry */ &TPM2_Unseal, - /* inSize */ (UINT16)(sizeof(Unseal_In)), - /* outSize */ (UINT16)(sizeof(Unseal_Out)), - /* offsetOfTypes */ offsetof(Unseal_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_SENSITIVE_DATA_P_MARSHAL, - END_OF_LIST} -}; - -#define _UnsealDataAddress (&_UnsealData) -#else -#define _UnsealDataAddress 0 -#endif // CC_Unseal - -#if CC_ObjectChangeAuth - -#include "ObjectChangeAuth_fp.h" - -typedef TPM_RC (ObjectChangeAuth_Entry)( - ObjectChangeAuth_In *in, - ObjectChangeAuth_Out *out -); - -typedef const struct { - ObjectChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} ObjectChangeAuth_COMMAND_DESCRIPTOR_t; - -ObjectChangeAuth_COMMAND_DESCRIPTOR_t _ObjectChangeAuthData = { - /* entry */ &TPM2_ObjectChangeAuth, - /* inSize */ (UINT16)(sizeof(ObjectChangeAuth_In)), - /* outSize */ (UINT16)(sizeof(ObjectChangeAuth_Out)), - /* offsetOfTypes */ offsetof(ObjectChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ObjectChangeAuth_In, parentHandle)), - (UINT16)(offsetof(ObjectChangeAuth_In, newAuth))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - END_OF_LIST} -}; - -#define _ObjectChangeAuthDataAddress (&_ObjectChangeAuthData) -#else -#define _ObjectChangeAuthDataAddress 0 -#endif // CC_ObjectChangeAuth - -#if CC_CreateLoaded - -#include "CreateLoaded_fp.h" - -typedef TPM_RC (CreateLoaded_Entry)( - CreateLoaded_In *in, - CreateLoaded_Out *out -); - -typedef const struct { - CreateLoaded_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} CreateLoaded_COMMAND_DESCRIPTOR_t; - -CreateLoaded_COMMAND_DESCRIPTOR_t _CreateLoadedData = { - /* entry */ &TPM2_CreateLoaded, - /* inSize */ (UINT16)(sizeof(CreateLoaded_In)), - /* outSize */ (UINT16)(sizeof(CreateLoaded_Out)), - /* offsetOfTypes */ offsetof(CreateLoaded_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CreateLoaded_In, inSensitive)), - (UINT16)(offsetof(CreateLoaded_In, inPublic)), - (UINT16)(offsetof(CreateLoaded_Out, outPrivate)), - (UINT16)(offsetof(CreateLoaded_Out, outPublic)), - (UINT16)(offsetof(CreateLoaded_Out, name))}, - /* types */ {TPMI_DH_PARENT_H_UNMARSHAL + ADD_FLAG, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_TEMPLATE_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _CreateLoadedDataAddress (&_CreateLoadedData) -#else -#define _CreateLoadedDataAddress 0 -#endif // CC_CreateLoaded - -#if CC_Duplicate - -#include "Duplicate_fp.h" - -typedef TPM_RC (Duplicate_Entry)( - Duplicate_In *in, - Duplicate_Out *out -); - -typedef const struct { - Duplicate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} Duplicate_COMMAND_DESCRIPTOR_t; - -Duplicate_COMMAND_DESCRIPTOR_t _DuplicateData = { - /* entry */ &TPM2_Duplicate, - /* inSize */ (UINT16)(sizeof(Duplicate_In)), - /* outSize */ (UINT16)(sizeof(Duplicate_Out)), - /* offsetOfTypes */ offsetof(Duplicate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Duplicate_In, newParentHandle)), - (UINT16)(offsetof(Duplicate_In, encryptionKeyIn)), - (UINT16)(offsetof(Duplicate_In, symmetricAlg)), - (UINT16)(offsetof(Duplicate_Out, duplicate)), - (UINT16)(offsetof(Duplicate_Out, outSymSeed))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DATA_P_MARSHAL, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} -}; - -#define _DuplicateDataAddress (&_DuplicateData) -#else -#define _DuplicateDataAddress 0 -#endif // CC_Duplicate - -#if CC_Rewrap - -#include "Rewrap_fp.h" - -typedef TPM_RC (Rewrap_Entry)( - Rewrap_In *in, - Rewrap_Out *out -); - -typedef const struct { - Rewrap_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} Rewrap_COMMAND_DESCRIPTOR_t; - -Rewrap_COMMAND_DESCRIPTOR_t _RewrapData = { - /* entry */ &TPM2_Rewrap, - /* inSize */ (UINT16)(sizeof(Rewrap_In)), - /* outSize */ (UINT16)(sizeof(Rewrap_Out)), - /* offsetOfTypes */ offsetof(Rewrap_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Rewrap_In, newParent)), - (UINT16)(offsetof(Rewrap_In, inDuplicate)), - (UINT16)(offsetof(Rewrap_In, name)), - (UINT16)(offsetof(Rewrap_In, inSymSeed)), - (UINT16)(offsetof(Rewrap_Out, outSymSeed))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} -}; - -#define _RewrapDataAddress (&_RewrapData) -#else -#define _RewrapDataAddress 0 -#endif // CC_Rewrap - -#if CC_Import - -#include "Import_fp.h" - -typedef TPM_RC (Import_Entry)( - Import_In *in, - Import_Out *out -); - -typedef const struct { - Import_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} Import_COMMAND_DESCRIPTOR_t; - -Import_COMMAND_DESCRIPTOR_t _ImportData = { - /* entry */ &TPM2_Import, - /* inSize */ (UINT16)(sizeof(Import_In)), - /* outSize */ (UINT16)(sizeof(Import_Out)), - /* offsetOfTypes */ offsetof(Import_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Import_In, encryptionKey)), - (UINT16)(offsetof(Import_In, objectPublic)), - (UINT16)(offsetof(Import_In, duplicate)), - (UINT16)(offsetof(Import_In, inSymSeed)), - (UINT16)(offsetof(Import_In, symmetricAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - END_OF_LIST} -}; - -#define _ImportDataAddress (&_ImportData) -#else -#define _ImportDataAddress 0 -#endif // CC_Import - -#if CC_RSA_Encrypt - -#include "RSA_Encrypt_fp.h" - -typedef TPM_RC (RSA_Encrypt_Entry)( - RSA_Encrypt_In *in, - RSA_Encrypt_Out *out -); - -typedef const struct { - RSA_Encrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} RSA_Encrypt_COMMAND_DESCRIPTOR_t; - -RSA_Encrypt_COMMAND_DESCRIPTOR_t _RSA_EncryptData = { - /* entry */ &TPM2_RSA_Encrypt, - /* inSize */ (UINT16)(sizeof(RSA_Encrypt_In)), - /* outSize */ (UINT16)(sizeof(RSA_Encrypt_Out)), - /* offsetOfTypes */ offsetof(RSA_Encrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(RSA_Encrypt_In, message)), - (UINT16)(offsetof(RSA_Encrypt_In, inScheme)), - (UINT16)(offsetof(RSA_Encrypt_In, label))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, - TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, - END_OF_LIST} -}; - -#define _RSA_EncryptDataAddress (&_RSA_EncryptData) -#else -#define _RSA_EncryptDataAddress 0 -#endif // CC_RSA_Encrypt - -#if CC_RSA_Decrypt - -#include "RSA_Decrypt_fp.h" - -typedef TPM_RC (RSA_Decrypt_Entry)( - RSA_Decrypt_In *in, - RSA_Decrypt_Out *out -); - -typedef const struct { - RSA_Decrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} RSA_Decrypt_COMMAND_DESCRIPTOR_t; - -RSA_Decrypt_COMMAND_DESCRIPTOR_t _RSA_DecryptData = { - /* entry */ &TPM2_RSA_Decrypt, - /* inSize */ (UINT16)(sizeof(RSA_Decrypt_In)), - /* outSize */ (UINT16)(sizeof(RSA_Decrypt_Out)), - /* offsetOfTypes */ offsetof(RSA_Decrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(RSA_Decrypt_In, cipherText)), - (UINT16)(offsetof(RSA_Decrypt_In, inScheme)), - (UINT16)(offsetof(RSA_Decrypt_In, label))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, - TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, - END_OF_LIST} -}; - -#define _RSA_DecryptDataAddress (&_RSA_DecryptData) -#else -#define _RSA_DecryptDataAddress 0 -#endif // CC_RSA_Decrypt - -#if CC_ECDH_KeyGen - -#include "ECDH_KeyGen_fp.h" - -typedef TPM_RC (ECDH_KeyGen_Entry)( - ECDH_KeyGen_In *in, - ECDH_KeyGen_Out *out -); - -typedef const struct { - ECDH_KeyGen_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} ECDH_KeyGen_COMMAND_DESCRIPTOR_t; - -ECDH_KeyGen_COMMAND_DESCRIPTOR_t _ECDH_KeyGenData = { - /* entry */ &TPM2_ECDH_KeyGen, - /* inSize */ (UINT16)(sizeof(ECDH_KeyGen_In)), - /* outSize */ (UINT16)(sizeof(ECDH_KeyGen_Out)), - /* offsetOfTypes */ offsetof(ECDH_KeyGen_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ECDH_KeyGen_Out, pubPoint))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} -}; - -#define _ECDH_KeyGenDataAddress (&_ECDH_KeyGenData) -#else -#define _ECDH_KeyGenDataAddress 0 -#endif // CC_ECDH_KeyGen - -#if CC_ECDH_ZGen - -#include "ECDH_ZGen_fp.h" - -typedef TPM_RC (ECDH_ZGen_Entry)( - ECDH_ZGen_In *in, - ECDH_ZGen_Out *out -); - -typedef const struct { - ECDH_ZGen_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} ECDH_ZGen_COMMAND_DESCRIPTOR_t; - -ECDH_ZGen_COMMAND_DESCRIPTOR_t _ECDH_ZGenData = { - /* entry */ &TPM2_ECDH_ZGen, - /* inSize */ (UINT16)(sizeof(ECDH_ZGen_In)), - /* outSize */ (UINT16)(sizeof(ECDH_ZGen_Out)), - /* offsetOfTypes */ offsetof(ECDH_ZGen_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ECDH_ZGen_In, inPoint))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} -}; - -#define _ECDH_ZGenDataAddress (&_ECDH_ZGenData) -#else -#define _ECDH_ZGenDataAddress 0 -#endif // CC_ECDH_ZGen - -#if CC_ECC_Parameters - -#include "ECC_Parameters_fp.h" - -typedef TPM_RC (ECC_Parameters_Entry)( - ECC_Parameters_In *in, - ECC_Parameters_Out *out -); - -typedef const struct { - ECC_Parameters_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} ECC_Parameters_COMMAND_DESCRIPTOR_t; - -ECC_Parameters_COMMAND_DESCRIPTOR_t _ECC_ParametersData = { - /* entry */ &TPM2_ECC_Parameters, - /* inSize */ (UINT16)(sizeof(ECC_Parameters_In)), - /* outSize */ (UINT16)(sizeof(ECC_Parameters_Out)), - /* offsetOfTypes */ offsetof(ECC_Parameters_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, - END_OF_LIST, - TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL, - END_OF_LIST} -}; - -#define _ECC_ParametersDataAddress (&_ECC_ParametersData) -#else -#define _ECC_ParametersDataAddress 0 -#endif // CC_ECC_Parameters - -#if CC_ZGen_2Phase - -#include "ZGen_2Phase_fp.h" - -typedef TPM_RC (ZGen_2Phase_Entry)( - ZGen_2Phase_In *in, - ZGen_2Phase_Out *out -); - -typedef const struct { - ZGen_2Phase_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} ZGen_2Phase_COMMAND_DESCRIPTOR_t; - -ZGen_2Phase_COMMAND_DESCRIPTOR_t _ZGen_2PhaseData = { - /* entry */ &TPM2_ZGen_2Phase, - /* inSize */ (UINT16)(sizeof(ZGen_2Phase_In)), - /* outSize */ (UINT16)(sizeof(ZGen_2Phase_Out)), - /* offsetOfTypes */ offsetof(ZGen_2Phase_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ZGen_2Phase_In, inQsB)), - (UINT16)(offsetof(ZGen_2Phase_In, inQeB)), - (UINT16)(offsetof(ZGen_2Phase_In, inScheme)), - (UINT16)(offsetof(ZGen_2Phase_In, counter)), - (UINT16)(offsetof(ZGen_2Phase_Out, outZ2))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} -}; - -#define _ZGen_2PhaseDataAddress (&_ZGen_2PhaseData) -#else -#define _ZGen_2PhaseDataAddress 0 -#endif // CC_ZGen_2Phase - -#if CC_EncryptDecrypt - -#include "EncryptDecrypt_fp.h" - -typedef TPM_RC (EncryptDecrypt_Entry)( - EncryptDecrypt_In *in, - EncryptDecrypt_Out *out -); - -typedef const struct { - EncryptDecrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} EncryptDecrypt_COMMAND_DESCRIPTOR_t; - -EncryptDecrypt_COMMAND_DESCRIPTOR_t _EncryptDecryptData = { - /* entry */ &TPM2_EncryptDecrypt, - /* inSize */ (UINT16)(sizeof(EncryptDecrypt_In)), - /* outSize */ (UINT16)(sizeof(EncryptDecrypt_Out)), - /* offsetOfTypes */ offsetof(EncryptDecrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EncryptDecrypt_In, decrypt)), - (UINT16)(offsetof(EncryptDecrypt_In, mode)), - (UINT16)(offsetof(EncryptDecrypt_In, ivIn)), - (UINT16)(offsetof(EncryptDecrypt_In, inData)), - (UINT16)(offsetof(EncryptDecrypt_Out, ivOut))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, - TPM2B_IV_P_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_IV_P_MARSHAL, - END_OF_LIST} -}; - -#define _EncryptDecryptDataAddress (&_EncryptDecryptData) -#else -#define _EncryptDecryptDataAddress 0 -#endif // CC_EncryptDecrypt - -#if CC_EncryptDecrypt2 - -#include "EncryptDecrypt2_fp.h" - -typedef TPM_RC (EncryptDecrypt2_Entry)( - EncryptDecrypt2_In *in, - EncryptDecrypt2_Out *out -); - -typedef const struct { - EncryptDecrypt2_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} EncryptDecrypt2_COMMAND_DESCRIPTOR_t; - -EncryptDecrypt2_COMMAND_DESCRIPTOR_t _EncryptDecrypt2Data = { - /* entry */ &TPM2_EncryptDecrypt2, - /* inSize */ (UINT16)(sizeof(EncryptDecrypt2_In)), - /* outSize */ (UINT16)(sizeof(EncryptDecrypt2_Out)), - /* offsetOfTypes */ offsetof(EncryptDecrypt2_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EncryptDecrypt2_In, inData)), - (UINT16)(offsetof(EncryptDecrypt2_In, decrypt)), - (UINT16)(offsetof(EncryptDecrypt2_In, mode)), - (UINT16)(offsetof(EncryptDecrypt2_In, ivIn)), - (UINT16)(offsetof(EncryptDecrypt2_Out, ivOut))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, - TPM2B_IV_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_IV_P_MARSHAL, - END_OF_LIST} -}; - -#define _EncryptDecrypt2DataAddress (&_EncryptDecrypt2Data) -#else -#define _EncryptDecrypt2DataAddress 0 -#endif // CC_EncryptDecrypt2 - -#if CC_Hash - -#include "Hash_fp.h" - -typedef TPM_RC (Hash_Entry)( - Hash_In *in, - Hash_Out *out -); - -typedef const struct { - Hash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} Hash_COMMAND_DESCRIPTOR_t; - -Hash_COMMAND_DESCRIPTOR_t _HashData = { - /* entry */ &TPM2_Hash, - /* inSize */ (UINT16)(sizeof(Hash_In)), - /* outSize */ (UINT16)(sizeof(Hash_Out)), - /* offsetOfTypes */ offsetof(Hash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Hash_In, hashAlg)), - (UINT16)(offsetof(Hash_In, hierarchy)), - (UINT16)(offsetof(Hash_Out, validation))}, - /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_HASHCHECK_P_MARSHAL, - END_OF_LIST} -}; - -#define _HashDataAddress (&_HashData) -#else -#define _HashDataAddress 0 -#endif // CC_Hash - -#if CC_HMAC - -#include "HMAC_fp.h" - -typedef TPM_RC (HMAC_Entry)( - HMAC_In *in, - HMAC_Out *out -); - -typedef const struct { - HMAC_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} HMAC_COMMAND_DESCRIPTOR_t; - -HMAC_COMMAND_DESCRIPTOR_t _HMACData = { - /* entry */ &TPM2_HMAC, - /* inSize */ (UINT16)(sizeof(HMAC_In)), - /* outSize */ (UINT16)(sizeof(HMAC_Out)), - /* offsetOfTypes */ offsetof(HMAC_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HMAC_In, buffer)), - (UINT16)(offsetof(HMAC_In, hashAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _HMACDataAddress (&_HMACData) -#else -#define _HMACDataAddress 0 -#endif // CC_HMAC - -#if CC_MAC - -#include "MAC_fp.h" - -typedef TPM_RC (MAC_Entry)( - MAC_In *in, - MAC_Out *out -); - -typedef const struct { - MAC_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} MAC_COMMAND_DESCRIPTOR_t; - -MAC_COMMAND_DESCRIPTOR_t _MACData = { - /* entry */ &TPM2_MAC, - /* inSize */ (UINT16)(sizeof(MAC_In)), - /* outSize */ (UINT16)(sizeof(MAC_Out)), - /* offsetOfTypes */ offsetof(MAC_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MAC_In, buffer)), - (UINT16)(offsetof(MAC_In, inScheme))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _MACDataAddress (&_MACData) -#else -#define _MACDataAddress 0 -#endif // CC_MAC - -#if CC_GetRandom - -#include "GetRandom_fp.h" - -typedef TPM_RC (GetRandom_Entry)( - GetRandom_In *in, - GetRandom_Out *out -); - -typedef const struct { - GetRandom_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} GetRandom_COMMAND_DESCRIPTOR_t; - -GetRandom_COMMAND_DESCRIPTOR_t _GetRandomData = { - /* entry */ &TPM2_GetRandom, - /* inSize */ (UINT16)(sizeof(GetRandom_In)), - /* outSize */ (UINT16)(sizeof(GetRandom_Out)), - /* offsetOfTypes */ offsetof(GetRandom_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetRandomDataAddress (&_GetRandomData) -#else -#define _GetRandomDataAddress 0 -#endif // CC_GetRandom - -#if CC_StirRandom - -#include "StirRandom_fp.h" - -typedef TPM_RC (StirRandom_Entry)( - StirRandom_In *in -); - -typedef const struct { - StirRandom_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} StirRandom_COMMAND_DESCRIPTOR_t; - -StirRandom_COMMAND_DESCRIPTOR_t _StirRandomData = { - /* entry */ &TPM2_StirRandom, - /* inSize */ (UINT16)(sizeof(StirRandom_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(StirRandom_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPM2B_SENSITIVE_DATA_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _StirRandomDataAddress (&_StirRandomData) -#else -#define _StirRandomDataAddress 0 -#endif // CC_StirRandom - -#if CC_HMAC_Start - -#include "HMAC_Start_fp.h" - -typedef TPM_RC (HMAC_Start_Entry)( - HMAC_Start_In *in, - HMAC_Start_Out *out -); - -typedef const struct { - HMAC_Start_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} HMAC_Start_COMMAND_DESCRIPTOR_t; - -HMAC_Start_COMMAND_DESCRIPTOR_t _HMAC_StartData = { - /* entry */ &TPM2_HMAC_Start, - /* inSize */ (UINT16)(sizeof(HMAC_Start_In)), - /* outSize */ (UINT16)(sizeof(HMAC_Start_Out)), - /* offsetOfTypes */ offsetof(HMAC_Start_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HMAC_Start_In, auth)), - (UINT16)(offsetof(HMAC_Start_In, hashAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} -}; - -#define _HMAC_StartDataAddress (&_HMAC_StartData) -#else -#define _HMAC_StartDataAddress 0 -#endif // CC_HMAC_Start - -#if CC_MAC_Start - -#include "MAC_Start_fp.h" - -typedef TPM_RC (MAC_Start_Entry)( - MAC_Start_In *in, - MAC_Start_Out *out -); - -typedef const struct { - MAC_Start_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} MAC_Start_COMMAND_DESCRIPTOR_t; - -MAC_Start_COMMAND_DESCRIPTOR_t _MAC_StartData = { - /* entry */ &TPM2_MAC_Start, - /* inSize */ (UINT16)(sizeof(MAC_Start_In)), - /* outSize */ (UINT16)(sizeof(MAC_Start_Out)), - /* offsetOfTypes */ offsetof(MAC_Start_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MAC_Start_In, auth)), - (UINT16)(offsetof(MAC_Start_In, inScheme))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} -}; - -#define _MAC_StartDataAddress (&_MAC_StartData) -#else -#define _MAC_StartDataAddress 0 -#endif // CC_MAC_Start - -#if CC_HashSequenceStart - -#include "HashSequenceStart_fp.h" - -typedef TPM_RC (HashSequenceStart_Entry)( - HashSequenceStart_In *in, - HashSequenceStart_Out *out -); - -typedef const struct { - HashSequenceStart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} HashSequenceStart_COMMAND_DESCRIPTOR_t; - -HashSequenceStart_COMMAND_DESCRIPTOR_t _HashSequenceStartData = { - /* entry */ &TPM2_HashSequenceStart, - /* inSize */ (UINT16)(sizeof(HashSequenceStart_In)), - /* outSize */ (UINT16)(sizeof(HashSequenceStart_Out)), - /* offsetOfTypes */ offsetof(HashSequenceStart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HashSequenceStart_In, hashAlg))}, - /* types */ {TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} -}; - -#define _HashSequenceStartDataAddress (&_HashSequenceStartData) -#else -#define _HashSequenceStartDataAddress 0 -#endif // CC_HashSequenceStart - -#if CC_SequenceUpdate - -#include "SequenceUpdate_fp.h" - -typedef TPM_RC (SequenceUpdate_Entry)( - SequenceUpdate_In *in -); - -typedef const struct { - SequenceUpdate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} SequenceUpdate_COMMAND_DESCRIPTOR_t; - -SequenceUpdate_COMMAND_DESCRIPTOR_t _SequenceUpdateData = { - /* entry */ &TPM2_SequenceUpdate, - /* inSize */ (UINT16)(sizeof(SequenceUpdate_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SequenceUpdate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SequenceUpdate_In, buffer))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SequenceUpdateDataAddress (&_SequenceUpdateData) -#else -#define _SequenceUpdateDataAddress 0 -#endif // CC_SequenceUpdate - -#if CC_SequenceComplete - -#include "SequenceComplete_fp.h" - -typedef TPM_RC (SequenceComplete_Entry)( - SequenceComplete_In *in, - SequenceComplete_Out *out -); - -typedef const struct { - SequenceComplete_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} SequenceComplete_COMMAND_DESCRIPTOR_t; - -SequenceComplete_COMMAND_DESCRIPTOR_t _SequenceCompleteData = { - /* entry */ &TPM2_SequenceComplete, - /* inSize */ (UINT16)(sizeof(SequenceComplete_In)), - /* outSize */ (UINT16)(sizeof(SequenceComplete_Out)), - /* offsetOfTypes */ offsetof(SequenceComplete_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SequenceComplete_In, buffer)), - (UINT16)(offsetof(SequenceComplete_In, hierarchy)), - (UINT16)(offsetof(SequenceComplete_Out, validation))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_HASHCHECK_P_MARSHAL, - END_OF_LIST} -}; - -#define _SequenceCompleteDataAddress (&_SequenceCompleteData) -#else -#define _SequenceCompleteDataAddress 0 -#endif // CC_SequenceComplete - -#if CC_EventSequenceComplete - -#include "EventSequenceComplete_fp.h" - -typedef TPM_RC (EventSequenceComplete_Entry)( - EventSequenceComplete_In *in, - EventSequenceComplete_Out *out -); - -typedef const struct { - EventSequenceComplete_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} EventSequenceComplete_COMMAND_DESCRIPTOR_t; - -EventSequenceComplete_COMMAND_DESCRIPTOR_t _EventSequenceCompleteData = { - /* entry */ &TPM2_EventSequenceComplete, - /* inSize */ (UINT16)(sizeof(EventSequenceComplete_In)), - /* outSize */ (UINT16)(sizeof(EventSequenceComplete_Out)), - /* offsetOfTypes */ offsetof(EventSequenceComplete_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EventSequenceComplete_In, sequenceHandle)), - (UINT16)(offsetof(EventSequenceComplete_In, buffer))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPML_DIGEST_VALUES_P_MARSHAL, - END_OF_LIST} -}; - -#define _EventSequenceCompleteDataAddress (&_EventSequenceCompleteData) -#else -#define _EventSequenceCompleteDataAddress 0 -#endif // CC_EventSequenceComplete - -#if CC_Certify - -#include "Certify_fp.h" - -typedef TPM_RC (Certify_Entry)( - Certify_In *in, - Certify_Out *out -); - -typedef const struct { - Certify_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} Certify_COMMAND_DESCRIPTOR_t; - -Certify_COMMAND_DESCRIPTOR_t _CertifyData = { - /* entry */ &TPM2_Certify, - /* inSize */ (UINT16)(sizeof(Certify_In)), - /* outSize */ (UINT16)(sizeof(Certify_Out)), - /* offsetOfTypes */ offsetof(Certify_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Certify_In, signHandle)), - (UINT16)(offsetof(Certify_In, qualifyingData)), - (UINT16)(offsetof(Certify_In, inScheme)), - (UINT16)(offsetof(Certify_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _CertifyDataAddress (&_CertifyData) -#else -#define _CertifyDataAddress 0 -#endif // CC_Certify - -#if CC_CertifyCreation - -#include "CertifyCreation_fp.h" - -typedef TPM_RC (CertifyCreation_Entry)( - CertifyCreation_In *in, - CertifyCreation_Out *out -); - -typedef const struct { - CertifyCreation_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; -} CertifyCreation_COMMAND_DESCRIPTOR_t; - -CertifyCreation_COMMAND_DESCRIPTOR_t _CertifyCreationData = { - /* entry */ &TPM2_CertifyCreation, - /* inSize */ (UINT16)(sizeof(CertifyCreation_In)), - /* outSize */ (UINT16)(sizeof(CertifyCreation_Out)), - /* offsetOfTypes */ offsetof(CertifyCreation_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CertifyCreation_In, objectHandle)), - (UINT16)(offsetof(CertifyCreation_In, qualifyingData)), - (UINT16)(offsetof(CertifyCreation_In, creationHash)), - (UINT16)(offsetof(CertifyCreation_In, inScheme)), - (UINT16)(offsetof(CertifyCreation_In, creationTicket)), - (UINT16)(offsetof(CertifyCreation_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPMT_TK_CREATION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _CertifyCreationDataAddress (&_CertifyCreationData) -#else -#define _CertifyCreationDataAddress 0 -#endif // CC_CertifyCreation - -#if CC_Quote - -#include "Quote_fp.h" - -typedef TPM_RC (Quote_Entry)( - Quote_In *in, - Quote_Out *out -); - -typedef const struct { - Quote_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} Quote_COMMAND_DESCRIPTOR_t; - -Quote_COMMAND_DESCRIPTOR_t _QuoteData = { - /* entry */ &TPM2_Quote, - /* inSize */ (UINT16)(sizeof(Quote_In)), - /* outSize */ (UINT16)(sizeof(Quote_Out)), - /* offsetOfTypes */ offsetof(Quote_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Quote_In, qualifyingData)), - (UINT16)(offsetof(Quote_In, inScheme)), - (UINT16)(offsetof(Quote_In, PCRselect)), - (UINT16)(offsetof(Quote_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _QuoteDataAddress (&_QuoteData) -#else -#define _QuoteDataAddress 0 -#endif // CC_Quote - -#if CC_GetSessionAuditDigest - -#include "GetSessionAuditDigest_fp.h" - -typedef TPM_RC (GetSessionAuditDigest_Entry)( - GetSessionAuditDigest_In *in, - GetSessionAuditDigest_Out *out -); - -typedef const struct { - GetSessionAuditDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} GetSessionAuditDigest_COMMAND_DESCRIPTOR_t; - -GetSessionAuditDigest_COMMAND_DESCRIPTOR_t _GetSessionAuditDigestData = { - /* entry */ &TPM2_GetSessionAuditDigest, - /* inSize */ (UINT16)(sizeof(GetSessionAuditDigest_In)), - /* outSize */ (UINT16)(sizeof(GetSessionAuditDigest_Out)), - /* offsetOfTypes */ offsetof(GetSessionAuditDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetSessionAuditDigest_In, signHandle)), - (UINT16)(offsetof(GetSessionAuditDigest_In, sessionHandle)), - (UINT16)(offsetof(GetSessionAuditDigest_In, qualifyingData)), - (UINT16)(offsetof(GetSessionAuditDigest_In, inScheme)), - (UINT16)(offsetof(GetSessionAuditDigest_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_SH_HMAC_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetSessionAuditDigestDataAddress (&_GetSessionAuditDigestData) -#else -#define _GetSessionAuditDigestDataAddress 0 -#endif // CC_GetSessionAuditDigest - -#if CC_GetCommandAuditDigest - -#include "GetCommandAuditDigest_fp.h" - -typedef TPM_RC (GetCommandAuditDigest_Entry)( - GetCommandAuditDigest_In *in, - GetCommandAuditDigest_Out *out -); - -typedef const struct { - GetCommandAuditDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} GetCommandAuditDigest_COMMAND_DESCRIPTOR_t; - -GetCommandAuditDigest_COMMAND_DESCRIPTOR_t _GetCommandAuditDigestData = { - /* entry */ &TPM2_GetCommandAuditDigest, - /* inSize */ (UINT16)(sizeof(GetCommandAuditDigest_In)), - /* outSize */ (UINT16)(sizeof(GetCommandAuditDigest_Out)), - /* offsetOfTypes */ offsetof(GetCommandAuditDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetCommandAuditDigest_In, signHandle)), - (UINT16)(offsetof(GetCommandAuditDigest_In, qualifyingData)), - (UINT16)(offsetof(GetCommandAuditDigest_In, inScheme)), - (UINT16)(offsetof(GetCommandAuditDigest_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetCommandAuditDigestDataAddress (&_GetCommandAuditDigestData) -#else -#define _GetCommandAuditDigestDataAddress 0 -#endif // CC_GetCommandAuditDigest - -#if CC_GetTime - -#include "GetTime_fp.h" - -typedef TPM_RC (GetTime_Entry)( - GetTime_In *in, - GetTime_Out *out -); - -typedef const struct { - GetTime_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} GetTime_COMMAND_DESCRIPTOR_t; - -GetTime_COMMAND_DESCRIPTOR_t _GetTimeData = { - /* entry */ &TPM2_GetTime, - /* inSize */ (UINT16)(sizeof(GetTime_In)), - /* outSize */ (UINT16)(sizeof(GetTime_Out)), - /* offsetOfTypes */ offsetof(GetTime_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetTime_In, signHandle)), - (UINT16)(offsetof(GetTime_In, qualifyingData)), - (UINT16)(offsetof(GetTime_In, inScheme)), - (UINT16)(offsetof(GetTime_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetTimeDataAddress (&_GetTimeData) -#else -#define _GetTimeDataAddress 0 -#endif // CC_GetTime - -#if CC_CertifyX509 - -#include "CertifyX509_fp.h" - -typedef TPM_RC (CertifyX509_Entry)( - CertifyX509_In *in, - CertifyX509_Out *out -); - -typedef const struct { - CertifyX509_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; -} CertifyX509_COMMAND_DESCRIPTOR_t; - -CertifyX509_COMMAND_DESCRIPTOR_t _CertifyX509Data = { - /* entry */ &TPM2_CertifyX509, - /* inSize */ (UINT16)(sizeof(CertifyX509_In)), - /* outSize */ (UINT16)(sizeof(CertifyX509_Out)), - /* offsetOfTypes */ offsetof(CertifyX509_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CertifyX509_In, signHandle)), - (UINT16)(offsetof(CertifyX509_In, qualifyingData)), - (UINT16)(offsetof(CertifyX509_In, inScheme)), - (UINT16)(offsetof(CertifyX509_In, partialCertificate)), - (UINT16)(offsetof(CertifyX509_Out, tbsDigest)), - (UINT16)(offsetof(CertifyX509_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _CertifyX509DataAddress (&_CertifyX509Data) -#else -#define _CertifyX509DataAddress 0 -#endif // CC_CertifyX509 - -#if CC_Commit - -#include "Commit_fp.h" - -typedef TPM_RC (Commit_Entry)( - Commit_In *in, - Commit_Out *out -); - -typedef const struct { - Commit_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; -} Commit_COMMAND_DESCRIPTOR_t; - -Commit_COMMAND_DESCRIPTOR_t _CommitData = { - /* entry */ &TPM2_Commit, - /* inSize */ (UINT16)(sizeof(Commit_In)), - /* outSize */ (UINT16)(sizeof(Commit_Out)), - /* offsetOfTypes */ offsetof(Commit_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Commit_In, P1)), - (UINT16)(offsetof(Commit_In, s2)), - (UINT16)(offsetof(Commit_In, y2)), - (UINT16)(offsetof(Commit_Out, L)), - (UINT16)(offsetof(Commit_Out, E)), - (UINT16)(offsetof(Commit_Out, counter))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPM2B_SENSITIVE_DATA_P_UNMARSHAL, - TPM2B_ECC_PARAMETER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - UINT16_P_MARSHAL, - END_OF_LIST} -}; - -#define _CommitDataAddress (&_CommitData) -#else -#define _CommitDataAddress 0 -#endif // CC_Commit - -#if CC_EC_Ephemeral - -#include "EC_Ephemeral_fp.h" - -typedef TPM_RC (EC_Ephemeral_Entry)( - EC_Ephemeral_In *in, - EC_Ephemeral_Out *out -); - -typedef const struct { - EC_Ephemeral_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} EC_Ephemeral_COMMAND_DESCRIPTOR_t; - -EC_Ephemeral_COMMAND_DESCRIPTOR_t _EC_EphemeralData = { - /* entry */ &TPM2_EC_Ephemeral, - /* inSize */ (UINT16)(sizeof(EC_Ephemeral_In)), - /* outSize */ (UINT16)(sizeof(EC_Ephemeral_Out)), - /* offsetOfTypes */ offsetof(EC_Ephemeral_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EC_Ephemeral_Out, counter))}, - /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - UINT16_P_MARSHAL, - END_OF_LIST} -}; - -#define _EC_EphemeralDataAddress (&_EC_EphemeralData) -#else -#define _EC_EphemeralDataAddress 0 -#endif // CC_EC_Ephemeral - -#if CC_VerifySignature - -#include "VerifySignature_fp.h" - -typedef TPM_RC (VerifySignature_Entry)( - VerifySignature_In *in, - VerifySignature_Out *out -); - -typedef const struct { - VerifySignature_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} VerifySignature_COMMAND_DESCRIPTOR_t; - -VerifySignature_COMMAND_DESCRIPTOR_t _VerifySignatureData = { - /* entry */ &TPM2_VerifySignature, - /* inSize */ (UINT16)(sizeof(VerifySignature_In)), - /* outSize */ (UINT16)(sizeof(VerifySignature_Out)), - /* offsetOfTypes */ offsetof(VerifySignature_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(VerifySignature_In, digest)), - (UINT16)(offsetof(VerifySignature_In, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - TPMT_TK_VERIFIED_P_MARSHAL, - END_OF_LIST} -}; - -#define _VerifySignatureDataAddress (&_VerifySignatureData) -#else -#define _VerifySignatureDataAddress 0 -#endif // CC_VerifySignature - -#if CC_Sign - -#include "Sign_fp.h" - -typedef TPM_RC (Sign_Entry)( - Sign_In *in, - Sign_Out *out -); - -typedef const struct { - Sign_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} Sign_COMMAND_DESCRIPTOR_t; - -Sign_COMMAND_DESCRIPTOR_t _SignData = { - /* entry */ &TPM2_Sign, - /* inSize */ (UINT16)(sizeof(Sign_In)), - /* outSize */ (UINT16)(sizeof(Sign_Out)), - /* offsetOfTypes */ offsetof(Sign_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Sign_In, digest)), - (UINT16)(offsetof(Sign_In, inScheme)), - (UINT16)(offsetof(Sign_In, validation))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPMT_TK_HASHCHECK_P_UNMARSHAL, - END_OF_LIST, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _SignDataAddress (&_SignData) -#else -#define _SignDataAddress 0 -#endif // CC_Sign - -#if CC_SetCommandCodeAuditStatus - -#include "SetCommandCodeAuditStatus_fp.h" - -typedef TPM_RC (SetCommandCodeAuditStatus_Entry)( - SetCommandCodeAuditStatus_In *in -); - -typedef const struct { - SetCommandCodeAuditStatus_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t; - -SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t _SetCommandCodeAuditStatusData = { - /* entry */ &TPM2_SetCommandCodeAuditStatus, - /* inSize */ (UINT16)(sizeof(SetCommandCodeAuditStatus_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetCommandCodeAuditStatus_In, auditAlg)), - (UINT16)(offsetof(SetCommandCodeAuditStatus_In, setList)), - (UINT16)(offsetof(SetCommandCodeAuditStatus_In, clearList))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - TPML_CC_P_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SetCommandCodeAuditStatusDataAddress (&_SetCommandCodeAuditStatusData) -#else -#define _SetCommandCodeAuditStatusDataAddress 0 -#endif // CC_SetCommandCodeAuditStatus - -#if CC_PCR_Extend - -#include "PCR_Extend_fp.h" - -typedef TPM_RC (PCR_Extend_Entry)( - PCR_Extend_In *in -); - -typedef const struct { - PCR_Extend_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PCR_Extend_COMMAND_DESCRIPTOR_t; - -PCR_Extend_COMMAND_DESCRIPTOR_t _PCR_ExtendData = { - /* entry */ &TPM2_PCR_Extend, - /* inSize */ (UINT16)(sizeof(PCR_Extend_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_Extend_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Extend_In, digests))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPML_DIGEST_VALUES_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PCR_ExtendDataAddress (&_PCR_ExtendData) -#else -#define _PCR_ExtendDataAddress 0 -#endif // CC_PCR_Extend - -#if CC_PCR_Event - -#include "PCR_Event_fp.h" - -typedef TPM_RC (PCR_Event_Entry)( - PCR_Event_In *in, - PCR_Event_Out *out -); - -typedef const struct { - PCR_Event_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} PCR_Event_COMMAND_DESCRIPTOR_t; - -PCR_Event_COMMAND_DESCRIPTOR_t _PCR_EventData = { - /* entry */ &TPM2_PCR_Event, - /* inSize */ (UINT16)(sizeof(PCR_Event_In)), - /* outSize */ (UINT16)(sizeof(PCR_Event_Out)), - /* offsetOfTypes */ offsetof(PCR_Event_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Event_In, eventData))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPM2B_EVENT_P_UNMARSHAL, - END_OF_LIST, - TPML_DIGEST_VALUES_P_MARSHAL, - END_OF_LIST} -}; - -#define _PCR_EventDataAddress (&_PCR_EventData) -#else -#define _PCR_EventDataAddress 0 -#endif // CC_PCR_Event - -#if CC_PCR_Read - -#include "PCR_Read_fp.h" - -typedef TPM_RC (PCR_Read_Entry)( - PCR_Read_In *in, - PCR_Read_Out *out -); - -typedef const struct { - PCR_Read_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; -} PCR_Read_COMMAND_DESCRIPTOR_t; - -PCR_Read_COMMAND_DESCRIPTOR_t _PCR_ReadData = { - /* entry */ &TPM2_PCR_Read, - /* inSize */ (UINT16)(sizeof(PCR_Read_In)), - /* outSize */ (UINT16)(sizeof(PCR_Read_Out)), - /* offsetOfTypes */ offsetof(PCR_Read_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Read_Out, pcrSelectionOut)), - (UINT16)(offsetof(PCR_Read_Out, pcrValues))}, - /* types */ {TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - UINT32_P_MARSHAL, - TPML_PCR_SELECTION_P_MARSHAL, - TPML_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _PCR_ReadDataAddress (&_PCR_ReadData) -#else -#define _PCR_ReadDataAddress 0 -#endif // CC_PCR_Read - -#if CC_PCR_Allocate - -#include "PCR_Allocate_fp.h" - -typedef TPM_RC (PCR_Allocate_Entry)( - PCR_Allocate_In *in, - PCR_Allocate_Out *out -); - -typedef const struct { - PCR_Allocate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; -} PCR_Allocate_COMMAND_DESCRIPTOR_t; - -PCR_Allocate_COMMAND_DESCRIPTOR_t _PCR_AllocateData = { - /* entry */ &TPM2_PCR_Allocate, - /* inSize */ (UINT16)(sizeof(PCR_Allocate_In)), - /* outSize */ (UINT16)(sizeof(PCR_Allocate_Out)), - /* offsetOfTypes */ offsetof(PCR_Allocate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Allocate_In, pcrAllocation)), - (UINT16)(offsetof(PCR_Allocate_Out, maxPCR)), - (UINT16)(offsetof(PCR_Allocate_Out, sizeNeeded)), - (UINT16)(offsetof(PCR_Allocate_Out, sizeAvailable))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPMI_YES_NO_P_MARSHAL, - UINT32_P_MARSHAL, - UINT32_P_MARSHAL, - UINT32_P_MARSHAL, - END_OF_LIST} -}; - -#define _PCR_AllocateDataAddress (&_PCR_AllocateData) -#else -#define _PCR_AllocateDataAddress 0 -#endif // CC_PCR_Allocate - -#if CC_PCR_SetAuthPolicy - -#include "PCR_SetAuthPolicy_fp.h" - -typedef TPM_RC (PCR_SetAuthPolicy_Entry)( - PCR_SetAuthPolicy_In *in -); - -typedef const struct { - PCR_SetAuthPolicy_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t; - -PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t _PCR_SetAuthPolicyData = { - /* entry */ &TPM2_PCR_SetAuthPolicy, - /* inSize */ (UINT16)(sizeof(PCR_SetAuthPolicy_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_SetAuthPolicy_In, authPolicy)), - (UINT16)(offsetof(PCR_SetAuthPolicy_In, hashAlg)), - (UINT16)(offsetof(PCR_SetAuthPolicy_In, pcrNum))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - TPMI_DH_PCR_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PCR_SetAuthPolicyDataAddress (&_PCR_SetAuthPolicyData) -#else -#define _PCR_SetAuthPolicyDataAddress 0 -#endif // CC_PCR_SetAuthPolicy - -#if CC_PCR_SetAuthValue - -#include "PCR_SetAuthValue_fp.h" - -typedef TPM_RC (PCR_SetAuthValue_Entry)( - PCR_SetAuthValue_In *in -); - -typedef const struct { - PCR_SetAuthValue_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PCR_SetAuthValue_COMMAND_DESCRIPTOR_t; - -PCR_SetAuthValue_COMMAND_DESCRIPTOR_t _PCR_SetAuthValueData = { - /* entry */ &TPM2_PCR_SetAuthValue, - /* inSize */ (UINT16)(sizeof(PCR_SetAuthValue_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_SetAuthValue_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_SetAuthValue_In, auth))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PCR_SetAuthValueDataAddress (&_PCR_SetAuthValueData) -#else -#define _PCR_SetAuthValueDataAddress 0 -#endif // CC_PCR_SetAuthValue - -#if CC_PCR_Reset - -#include "PCR_Reset_fp.h" - -typedef TPM_RC (PCR_Reset_Entry)( - PCR_Reset_In *in -); - -typedef const struct { - PCR_Reset_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PCR_Reset_COMMAND_DESCRIPTOR_t; - -PCR_Reset_COMMAND_DESCRIPTOR_t _PCR_ResetData = { - /* entry */ &TPM2_PCR_Reset, - /* inSize */ (UINT16)(sizeof(PCR_Reset_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_Reset_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_DH_PCR_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PCR_ResetDataAddress (&_PCR_ResetData) -#else -#define _PCR_ResetDataAddress 0 -#endif // CC_PCR_Reset - -#if CC_PolicySigned - -#include "PolicySigned_fp.h" - -typedef TPM_RC (PolicySigned_Entry)( - PolicySigned_In *in, - PolicySigned_Out *out -); - -typedef const struct { - PolicySigned_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; -} PolicySigned_COMMAND_DESCRIPTOR_t; - -PolicySigned_COMMAND_DESCRIPTOR_t _PolicySignedData = { - /* entry */ &TPM2_PolicySigned, - /* inSize */ (UINT16)(sizeof(PolicySigned_In)), - /* outSize */ (UINT16)(sizeof(PolicySigned_Out)), - /* offsetOfTypes */ offsetof(PolicySigned_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicySigned_In, policySession)), - (UINT16)(offsetof(PolicySigned_In, nonceTPM)), - (UINT16)(offsetof(PolicySigned_In, cpHashA)), - (UINT16)(offsetof(PolicySigned_In, policyRef)), - (UINT16)(offsetof(PolicySigned_In, expiration)), - (UINT16)(offsetof(PolicySigned_In, auth)), - (UINT16)(offsetof(PolicySigned_Out, policyTicket))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - INT32_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - TPM2B_TIMEOUT_P_MARSHAL, - TPMT_TK_AUTH_P_MARSHAL, - END_OF_LIST} -}; - -#define _PolicySignedDataAddress (&_PolicySignedData) -#else -#define _PolicySignedDataAddress 0 -#endif // CC_PolicySigned - -#if CC_PolicySecret - -#include "PolicySecret_fp.h" - -typedef TPM_RC (PolicySecret_Entry)( - PolicySecret_In *in, - PolicySecret_Out *out -); - -typedef const struct { - PolicySecret_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; -} PolicySecret_COMMAND_DESCRIPTOR_t; - -PolicySecret_COMMAND_DESCRIPTOR_t _PolicySecretData = { - /* entry */ &TPM2_PolicySecret, - /* inSize */ (UINT16)(sizeof(PolicySecret_In)), - /* outSize */ (UINT16)(sizeof(PolicySecret_Out)), - /* offsetOfTypes */ offsetof(PolicySecret_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicySecret_In, policySession)), - (UINT16)(offsetof(PolicySecret_In, nonceTPM)), - (UINT16)(offsetof(PolicySecret_In, cpHashA)), - (UINT16)(offsetof(PolicySecret_In, policyRef)), - (UINT16)(offsetof(PolicySecret_In, expiration)), - (UINT16)(offsetof(PolicySecret_Out, policyTicket))}, - /* types */ {TPMI_DH_ENTITY_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - INT32_P_UNMARSHAL, - END_OF_LIST, - TPM2B_TIMEOUT_P_MARSHAL, - TPMT_TK_AUTH_P_MARSHAL, - END_OF_LIST} -}; - -#define _PolicySecretDataAddress (&_PolicySecretData) -#else -#define _PolicySecretDataAddress 0 -#endif // CC_PolicySecret - -#if CC_PolicyTicket - -#include "PolicyTicket_fp.h" - -typedef TPM_RC (PolicyTicket_Entry)( - PolicyTicket_In *in -); - -typedef const struct { - PolicyTicket_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[8]; -} PolicyTicket_COMMAND_DESCRIPTOR_t; - -PolicyTicket_COMMAND_DESCRIPTOR_t _PolicyTicketData = { - /* entry */ &TPM2_PolicyTicket, - /* inSize */ (UINT16)(sizeof(PolicyTicket_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyTicket_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyTicket_In, timeout)), - (UINT16)(offsetof(PolicyTicket_In, cpHashA)), - (UINT16)(offsetof(PolicyTicket_In, policyRef)), - (UINT16)(offsetof(PolicyTicket_In, authName)), - (UINT16)(offsetof(PolicyTicket_In, ticket))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_TIMEOUT_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMT_TK_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyTicketDataAddress (&_PolicyTicketData) -#else -#define _PolicyTicketDataAddress 0 -#endif // CC_PolicyTicket - -#if CC_PolicyOR - -#include "PolicyOR_fp.h" - -typedef TPM_RC (PolicyOR_Entry)( - PolicyOR_In *in -); - -typedef const struct { - PolicyOR_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyOR_COMMAND_DESCRIPTOR_t; - -PolicyOR_COMMAND_DESCRIPTOR_t _PolicyORData = { - /* entry */ &TPM2_PolicyOR, - /* inSize */ (UINT16)(sizeof(PolicyOR_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyOR_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyOR_In, pHashList))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPML_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyORDataAddress (&_PolicyORData) -#else -#define _PolicyORDataAddress 0 -#endif // CC_PolicyOR - -#if CC_PolicyPCR - -#include "PolicyPCR_fp.h" - -typedef TPM_RC (PolicyPCR_Entry)( - PolicyPCR_In *in -); - -typedef const struct { - PolicyPCR_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} PolicyPCR_COMMAND_DESCRIPTOR_t; - -PolicyPCR_COMMAND_DESCRIPTOR_t _PolicyPCRData = { - /* entry */ &TPM2_PolicyPCR, - /* inSize */ (UINT16)(sizeof(PolicyPCR_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPCR_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyPCR_In, pcrDigest)), - (UINT16)(offsetof(PolicyPCR_In, pcrs))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyPCRDataAddress (&_PolicyPCRData) -#else -#define _PolicyPCRDataAddress 0 -#endif // CC_PolicyPCR - -#if CC_PolicyLocality - -#include "PolicyLocality_fp.h" - -typedef TPM_RC (PolicyLocality_Entry)( - PolicyLocality_In *in -); - -typedef const struct { - PolicyLocality_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyLocality_COMMAND_DESCRIPTOR_t; - -PolicyLocality_COMMAND_DESCRIPTOR_t _PolicyLocalityData = { - /* entry */ &TPM2_PolicyLocality, - /* inSize */ (UINT16)(sizeof(PolicyLocality_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyLocality_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyLocality_In, locality))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPMA_LOCALITY_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyLocalityDataAddress (&_PolicyLocalityData) -#else -#define _PolicyLocalityDataAddress 0 -#endif // CC_PolicyLocality - -#if CC_PolicyNV - -#include "PolicyNV_fp.h" - -typedef TPM_RC (PolicyNV_Entry)( - PolicyNV_In *in -); - -typedef const struct { - PolicyNV_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[8]; -} PolicyNV_COMMAND_DESCRIPTOR_t; - -PolicyNV_COMMAND_DESCRIPTOR_t _PolicyNVData = { - /* entry */ &TPM2_PolicyNV, - /* inSize */ (UINT16)(sizeof(PolicyNV_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNV_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNV_In, nvIndex)), - (UINT16)(offsetof(PolicyNV_In, policySession)), - (UINT16)(offsetof(PolicyNV_In, operandB)), - (UINT16)(offsetof(PolicyNV_In, offset)), - (UINT16)(offsetof(PolicyNV_In, operation))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_OPERAND_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - TPM_EO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyNVDataAddress (&_PolicyNVData) -#else -#define _PolicyNVDataAddress 0 -#endif // CC_PolicyNV - -#if CC_PolicyCounterTimer - -#include "PolicyCounterTimer_fp.h" - -typedef TPM_RC (PolicyCounterTimer_Entry)( - PolicyCounterTimer_In *in -); - -typedef const struct { - PolicyCounterTimer_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} PolicyCounterTimer_COMMAND_DESCRIPTOR_t; - -PolicyCounterTimer_COMMAND_DESCRIPTOR_t _PolicyCounterTimerData = { - /* entry */ &TPM2_PolicyCounterTimer, - /* inSize */ (UINT16)(sizeof(PolicyCounterTimer_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCounterTimer_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCounterTimer_In, operandB)), - (UINT16)(offsetof(PolicyCounterTimer_In, offset)), - (UINT16)(offsetof(PolicyCounterTimer_In, operation))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_OPERAND_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - TPM_EO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyCounterTimerDataAddress (&_PolicyCounterTimerData) -#else -#define _PolicyCounterTimerDataAddress 0 -#endif // CC_PolicyCounterTimer - -#if CC_PolicyCommandCode - -#include "PolicyCommandCode_fp.h" - -typedef TPM_RC (PolicyCommandCode_Entry)( - PolicyCommandCode_In *in -); - -typedef const struct { - PolicyCommandCode_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyCommandCode_COMMAND_DESCRIPTOR_t; - -PolicyCommandCode_COMMAND_DESCRIPTOR_t _PolicyCommandCodeData = { - /* entry */ &TPM2_PolicyCommandCode, - /* inSize */ (UINT16)(sizeof(PolicyCommandCode_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCommandCode_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCommandCode_In, code))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyCommandCodeDataAddress (&_PolicyCommandCodeData) -#else -#define _PolicyCommandCodeDataAddress 0 -#endif // CC_PolicyCommandCode - -#if CC_PolicyPhysicalPresence - -#include "PolicyPhysicalPresence_fp.h" - -typedef TPM_RC (PolicyPhysicalPresence_Entry)( - PolicyPhysicalPresence_In *in -); - -typedef const struct { - PolicyPhysicalPresence_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t; - -PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t _PolicyPhysicalPresenceData = { - /* entry */ &TPM2_PolicyPhysicalPresence, - /* inSize */ (UINT16)(sizeof(PolicyPhysicalPresence_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyPhysicalPresenceDataAddress (&_PolicyPhysicalPresenceData) -#else -#define _PolicyPhysicalPresenceDataAddress 0 -#endif // CC_PolicyPhysicalPresence - -#if CC_PolicyCpHash - -#include "PolicyCpHash_fp.h" - -typedef TPM_RC (PolicyCpHash_Entry)( - PolicyCpHash_In *in -); - -typedef const struct { - PolicyCpHash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyCpHash_COMMAND_DESCRIPTOR_t; - -PolicyCpHash_COMMAND_DESCRIPTOR_t _PolicyCpHashData = { - /* entry */ &TPM2_PolicyCpHash, - /* inSize */ (UINT16)(sizeof(PolicyCpHash_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCpHash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCpHash_In, cpHashA))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyCpHashDataAddress (&_PolicyCpHashData) -#else -#define _PolicyCpHashDataAddress 0 -#endif // CC_PolicyCpHash - -#if CC_PolicyNameHash - -#include "PolicyNameHash_fp.h" - -typedef TPM_RC (PolicyNameHash_Entry)( - PolicyNameHash_In *in -); - -typedef const struct { - PolicyNameHash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyNameHash_COMMAND_DESCRIPTOR_t; - -PolicyNameHash_COMMAND_DESCRIPTOR_t _PolicyNameHashData = { - /* entry */ &TPM2_PolicyNameHash, - /* inSize */ (UINT16)(sizeof(PolicyNameHash_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNameHash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNameHash_In, nameHash))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyNameHashDataAddress (&_PolicyNameHashData) -#else -#define _PolicyNameHashDataAddress 0 -#endif // CC_PolicyNameHash - -#if CC_PolicyDuplicationSelect - -#include "PolicyDuplicationSelect_fp.h" - -typedef TPM_RC (PolicyDuplicationSelect_Entry)( - PolicyDuplicationSelect_In *in -); - -typedef const struct { - PolicyDuplicationSelect_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t; - -PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t _PolicyDuplicationSelectData = { - /* entry */ &TPM2_PolicyDuplicationSelect, - /* inSize */ (UINT16)(sizeof(PolicyDuplicationSelect_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyDuplicationSelect_In, objectName)), - (UINT16)(offsetof(PolicyDuplicationSelect_In, newParentName)), - (UINT16)(offsetof(PolicyDuplicationSelect_In, includeObject))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyDuplicationSelectDataAddress (&_PolicyDuplicationSelectData) -#else -#define _PolicyDuplicationSelectDataAddress 0 -#endif // CC_PolicyDuplicationSelect - -#if CC_PolicyAuthorize - -#include "PolicyAuthorize_fp.h" - -typedef TPM_RC (PolicyAuthorize_Entry)( - PolicyAuthorize_In *in -); - -typedef const struct { - PolicyAuthorize_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[7]; -} PolicyAuthorize_COMMAND_DESCRIPTOR_t; - -PolicyAuthorize_COMMAND_DESCRIPTOR_t _PolicyAuthorizeData = { - /* entry */ &TPM2_PolicyAuthorize, - /* inSize */ (UINT16)(sizeof(PolicyAuthorize_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthorize_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyAuthorize_In, approvedPolicy)), - (UINT16)(offsetof(PolicyAuthorize_In, policyRef)), - (UINT16)(offsetof(PolicyAuthorize_In, keySign)), - (UINT16)(offsetof(PolicyAuthorize_In, checkTicket))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMT_TK_VERIFIED_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyAuthorizeDataAddress (&_PolicyAuthorizeData) -#else -#define _PolicyAuthorizeDataAddress 0 -#endif // CC_PolicyAuthorize - -#if CC_PolicyAuthValue - -#include "PolicyAuthValue_fp.h" - -typedef TPM_RC (PolicyAuthValue_Entry)( - PolicyAuthValue_In *in -); - -typedef const struct { - PolicyAuthValue_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PolicyAuthValue_COMMAND_DESCRIPTOR_t; - -PolicyAuthValue_COMMAND_DESCRIPTOR_t _PolicyAuthValueData = { - /* entry */ &TPM2_PolicyAuthValue, - /* inSize */ (UINT16)(sizeof(PolicyAuthValue_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthValue_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyAuthValueDataAddress (&_PolicyAuthValueData) -#else -#define _PolicyAuthValueDataAddress 0 -#endif // CC_PolicyAuthValue - -#if CC_PolicyPassword - -#include "PolicyPassword_fp.h" - -typedef TPM_RC (PolicyPassword_Entry)( - PolicyPassword_In *in -); - -typedef const struct { - PolicyPassword_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} PolicyPassword_COMMAND_DESCRIPTOR_t; - -PolicyPassword_COMMAND_DESCRIPTOR_t _PolicyPasswordData = { - /* entry */ &TPM2_PolicyPassword, - /* inSize */ (UINT16)(sizeof(PolicyPassword_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPassword_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyPasswordDataAddress (&_PolicyPasswordData) -#else -#define _PolicyPasswordDataAddress 0 -#endif // CC_PolicyPassword - -#if CC_PolicyGetDigest - -#include "PolicyGetDigest_fp.h" - -typedef TPM_RC (PolicyGetDigest_Entry)( - PolicyGetDigest_In *in, - PolicyGetDigest_Out *out -); - -typedef const struct { - PolicyGetDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} PolicyGetDigest_COMMAND_DESCRIPTOR_t; - -PolicyGetDigest_COMMAND_DESCRIPTOR_t _PolicyGetDigestData = { - /* entry */ &TPM2_PolicyGetDigest, - /* inSize */ (UINT16)(sizeof(PolicyGetDigest_In)), - /* outSize */ (UINT16)(sizeof(PolicyGetDigest_Out)), - /* offsetOfTypes */ offsetof(PolicyGetDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} -}; - -#define _PolicyGetDigestDataAddress (&_PolicyGetDigestData) -#else -#define _PolicyGetDigestDataAddress 0 -#endif // CC_PolicyGetDigest - -#if CC_PolicyNvWritten - -#include "PolicyNvWritten_fp.h" - -typedef TPM_RC (PolicyNvWritten_Entry)( - PolicyNvWritten_In *in -); - -typedef const struct { - PolicyNvWritten_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyNvWritten_COMMAND_DESCRIPTOR_t; - -PolicyNvWritten_COMMAND_DESCRIPTOR_t _PolicyNvWrittenData = { - /* entry */ &TPM2_PolicyNvWritten, - /* inSize */ (UINT16)(sizeof(PolicyNvWritten_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNvWritten_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNvWritten_In, writtenSet))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyNvWrittenDataAddress (&_PolicyNvWrittenData) -#else -#define _PolicyNvWrittenDataAddress 0 -#endif // CC_PolicyNvWritten - -#if CC_PolicyTemplate - -#include "PolicyTemplate_fp.h" - -typedef TPM_RC (PolicyTemplate_Entry)( - PolicyTemplate_In *in -); - -typedef const struct { - PolicyTemplate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} PolicyTemplate_COMMAND_DESCRIPTOR_t; - -PolicyTemplate_COMMAND_DESCRIPTOR_t _PolicyTemplateData = { - /* entry */ &TPM2_PolicyTemplate, - /* inSize */ (UINT16)(sizeof(PolicyTemplate_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyTemplate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyTemplate_In, templateHash))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyTemplateDataAddress (&_PolicyTemplateData) -#else -#define _PolicyTemplateDataAddress 0 -#endif // CC_PolicyTemplate - -#if CC_PolicyAuthorizeNV - -#include "PolicyAuthorizeNV_fp.h" - -typedef TPM_RC (PolicyAuthorizeNV_Entry)( - PolicyAuthorizeNV_In *in -); - -typedef const struct { - PolicyAuthorizeNV_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t; - -PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t _PolicyAuthorizeNVData = { - /* entry */ &TPM2_PolicyAuthorizeNV, - /* inSize */ (UINT16)(sizeof(PolicyAuthorizeNV_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyAuthorizeNV_In, nvIndex)), - (UINT16)(offsetof(PolicyAuthorizeNV_In, policySession))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PolicyAuthorizeNVDataAddress (&_PolicyAuthorizeNVData) -#else -#define _PolicyAuthorizeNVDataAddress 0 -#endif // CC_PolicyAuthorizeNV - -#if CC_CreatePrimary - -#include "CreatePrimary_fp.h" - -typedef TPM_RC (CreatePrimary_Entry)( - CreatePrimary_In *in, - CreatePrimary_Out *out -); - -typedef const struct { - CreatePrimary_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[9]; - BYTE types[13]; -} CreatePrimary_COMMAND_DESCRIPTOR_t; - -CreatePrimary_COMMAND_DESCRIPTOR_t _CreatePrimaryData = { - /* entry */ &TPM2_CreatePrimary, - /* inSize */ (UINT16)(sizeof(CreatePrimary_In)), - /* outSize */ (UINT16)(sizeof(CreatePrimary_Out)), - /* offsetOfTypes */ offsetof(CreatePrimary_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CreatePrimary_In, inSensitive)), - (UINT16)(offsetof(CreatePrimary_In, inPublic)), - (UINT16)(offsetof(CreatePrimary_In, outsideInfo)), - (UINT16)(offsetof(CreatePrimary_In, creationPCR)), - (UINT16)(offsetof(CreatePrimary_Out, outPublic)), - (UINT16)(offsetof(CreatePrimary_Out, creationData)), - (UINT16)(offsetof(CreatePrimary_Out, creationHash)), - (UINT16)(offsetof(CreatePrimary_Out, creationTicket)), - (UINT16)(offsetof(CreatePrimary_Out, name))}, - /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL + ADD_FLAG, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_CREATION_DATA_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_CREATION_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _CreatePrimaryDataAddress (&_CreatePrimaryData) -#else -#define _CreatePrimaryDataAddress 0 -#endif // CC_CreatePrimary - -#if CC_HierarchyControl - -#include "HierarchyControl_fp.h" - -typedef TPM_RC (HierarchyControl_Entry)( - HierarchyControl_In *in -); - -typedef const struct { - HierarchyControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} HierarchyControl_COMMAND_DESCRIPTOR_t; - -HierarchyControl_COMMAND_DESCRIPTOR_t _HierarchyControlData = { - /* entry */ &TPM2_HierarchyControl, - /* inSize */ (UINT16)(sizeof(HierarchyControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(HierarchyControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HierarchyControl_In, enable)), - (UINT16)(offsetof(HierarchyControl_In, state))}, - /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL, - TPMI_RH_ENABLES_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _HierarchyControlDataAddress (&_HierarchyControlData) -#else -#define _HierarchyControlDataAddress 0 -#endif // CC_HierarchyControl - -#if CC_SetPrimaryPolicy - -#include "SetPrimaryPolicy_fp.h" - -typedef TPM_RC (SetPrimaryPolicy_Entry)( - SetPrimaryPolicy_In *in -); - -typedef const struct { - SetPrimaryPolicy_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} SetPrimaryPolicy_COMMAND_DESCRIPTOR_t; - -SetPrimaryPolicy_COMMAND_DESCRIPTOR_t _SetPrimaryPolicyData = { - /* entry */ &TPM2_SetPrimaryPolicy, - /* inSize */ (UINT16)(sizeof(SetPrimaryPolicy_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetPrimaryPolicy_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetPrimaryPolicy_In, authPolicy)), - (UINT16)(offsetof(SetPrimaryPolicy_In, hashAlg))}, - /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SetPrimaryPolicyDataAddress (&_SetPrimaryPolicyData) -#else -#define _SetPrimaryPolicyDataAddress 0 -#endif // CC_SetPrimaryPolicy - -#if CC_ChangePPS - -#include "ChangePPS_fp.h" - -typedef TPM_RC (ChangePPS_Entry)( - ChangePPS_In *in -); - -typedef const struct { - ChangePPS_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} ChangePPS_COMMAND_DESCRIPTOR_t; - -ChangePPS_COMMAND_DESCRIPTOR_t _ChangePPSData = { - /* entry */ &TPM2_ChangePPS, - /* inSize */ (UINT16)(sizeof(ChangePPS_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ChangePPS_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ChangePPSDataAddress (&_ChangePPSData) -#else -#define _ChangePPSDataAddress 0 -#endif // CC_ChangePPS - -#if CC_ChangeEPS - -#include "ChangeEPS_fp.h" - -typedef TPM_RC (ChangeEPS_Entry)( - ChangeEPS_In *in -); - -typedef const struct { - ChangeEPS_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} ChangeEPS_COMMAND_DESCRIPTOR_t; - -ChangeEPS_COMMAND_DESCRIPTOR_t _ChangeEPSData = { - /* entry */ &TPM2_ChangeEPS, - /* inSize */ (UINT16)(sizeof(ChangeEPS_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ChangeEPS_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ChangeEPSDataAddress (&_ChangeEPSData) -#else -#define _ChangeEPSDataAddress 0 -#endif // CC_ChangeEPS - -#if CC_Clear - -#include "Clear_fp.h" - -typedef TPM_RC (Clear_Entry)( - Clear_In *in -); - -typedef const struct { - Clear_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} Clear_COMMAND_DESCRIPTOR_t; - -Clear_COMMAND_DESCRIPTOR_t _ClearData = { - /* entry */ &TPM2_Clear, - /* inSize */ (UINT16)(sizeof(Clear_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Clear_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ClearDataAddress (&_ClearData) -#else -#define _ClearDataAddress 0 -#endif // CC_Clear - -#if CC_ClearControl - -#include "ClearControl_fp.h" - -typedef TPM_RC (ClearControl_Entry)( - ClearControl_In *in -); - -typedef const struct { - ClearControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} ClearControl_COMMAND_DESCRIPTOR_t; - -ClearControl_COMMAND_DESCRIPTOR_t _ClearControlData = { - /* entry */ &TPM2_ClearControl, - /* inSize */ (UINT16)(sizeof(ClearControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClearControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClearControl_In, disable))}, - /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ClearControlDataAddress (&_ClearControlData) -#else -#define _ClearControlDataAddress 0 -#endif // CC_ClearControl - -#if CC_HierarchyChangeAuth - -#include "HierarchyChangeAuth_fp.h" - -typedef TPM_RC (HierarchyChangeAuth_Entry)( - HierarchyChangeAuth_In *in -); - -typedef const struct { - HierarchyChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} HierarchyChangeAuth_COMMAND_DESCRIPTOR_t; - -HierarchyChangeAuth_COMMAND_DESCRIPTOR_t _HierarchyChangeAuthData = { - /* entry */ &TPM2_HierarchyChangeAuth, - /* inSize */ (UINT16)(sizeof(HierarchyChangeAuth_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(HierarchyChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HierarchyChangeAuth_In, newAuth))}, - /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _HierarchyChangeAuthDataAddress (&_HierarchyChangeAuthData) -#else -#define _HierarchyChangeAuthDataAddress 0 -#endif // CC_HierarchyChangeAuth - -#if CC_DictionaryAttackLockReset - -#include "DictionaryAttackLockReset_fp.h" - -typedef TPM_RC (DictionaryAttackLockReset_Entry)( - DictionaryAttackLockReset_In *in -); - -typedef const struct { - DictionaryAttackLockReset_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t; - -DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t _DictionaryAttackLockResetData = { - /* entry */ &TPM2_DictionaryAttackLockReset, - /* inSize */ (UINT16)(sizeof(DictionaryAttackLockReset_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _DictionaryAttackLockResetDataAddress (&_DictionaryAttackLockResetData) -#else -#define _DictionaryAttackLockResetDataAddress 0 -#endif // CC_DictionaryAttackLockReset - -#if CC_DictionaryAttackParameters - -#include "DictionaryAttackParameters_fp.h" - -typedef TPM_RC (DictionaryAttackParameters_Entry)( - DictionaryAttackParameters_In *in -); - -typedef const struct { - DictionaryAttackParameters_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} DictionaryAttackParameters_COMMAND_DESCRIPTOR_t; - -DictionaryAttackParameters_COMMAND_DESCRIPTOR_t _DictionaryAttackParametersData = { - /* entry */ &TPM2_DictionaryAttackParameters, - /* inSize */ (UINT16)(sizeof(DictionaryAttackParameters_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(DictionaryAttackParameters_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(DictionaryAttackParameters_In, newMaxTries)), - (UINT16)(offsetof(DictionaryAttackParameters_In, newRecoveryTime)), - (UINT16)(offsetof(DictionaryAttackParameters_In, lockoutRecovery))}, - /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _DictionaryAttackParametersDataAddress (&_DictionaryAttackParametersData) -#else -#define _DictionaryAttackParametersDataAddress 0 -#endif // CC_DictionaryAttackParameters - -#if CC_PP_Commands - -#include "PP_Commands_fp.h" - -typedef TPM_RC (PP_Commands_Entry)( - PP_Commands_In *in -); - -typedef const struct { - PP_Commands_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} PP_Commands_COMMAND_DESCRIPTOR_t; - -PP_Commands_COMMAND_DESCRIPTOR_t _PP_CommandsData = { - /* entry */ &TPM2_PP_Commands, - /* inSize */ (UINT16)(sizeof(PP_Commands_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PP_Commands_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PP_Commands_In, setList)), - (UINT16)(offsetof(PP_Commands_In, clearList))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _PP_CommandsDataAddress (&_PP_CommandsData) -#else -#define _PP_CommandsDataAddress 0 -#endif // CC_PP_Commands - -#if CC_SetAlgorithmSet - -#include "SetAlgorithmSet_fp.h" - -typedef TPM_RC (SetAlgorithmSet_Entry)( - SetAlgorithmSet_In *in -); - -typedef const struct { - SetAlgorithmSet_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} SetAlgorithmSet_COMMAND_DESCRIPTOR_t; - -SetAlgorithmSet_COMMAND_DESCRIPTOR_t _SetAlgorithmSetData = { - /* entry */ &TPM2_SetAlgorithmSet, - /* inSize */ (UINT16)(sizeof(SetAlgorithmSet_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetAlgorithmSet_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetAlgorithmSet_In, algorithmSet))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _SetAlgorithmSetDataAddress (&_SetAlgorithmSetData) -#else -#define _SetAlgorithmSetDataAddress 0 -#endif // CC_SetAlgorithmSet - -#if CC_FieldUpgradeStart - -#include "FieldUpgradeStart_fp.h" - -typedef TPM_RC (FieldUpgradeStart_Entry)( - FieldUpgradeStart_In *in -); - -typedef const struct { - FieldUpgradeStart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} FieldUpgradeStart_COMMAND_DESCRIPTOR_t; - -FieldUpgradeStart_COMMAND_DESCRIPTOR_t _FieldUpgradeStartData = { - /* entry */ &TPM2_FieldUpgradeStart, - /* inSize */ (UINT16)(sizeof(FieldUpgradeStart_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(FieldUpgradeStart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(FieldUpgradeStart_In, keyHandle)), - (UINT16)(offsetof(FieldUpgradeStart_In, fuDigest)), - (UINT16)(offsetof(FieldUpgradeStart_In, manifestSignature))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _FieldUpgradeStartDataAddress (&_FieldUpgradeStartData) -#else -#define _FieldUpgradeStartDataAddress 0 -#endif // CC_FieldUpgradeStart - -#if CC_FieldUpgradeData - -#include "FieldUpgradeData_fp.h" - -typedef TPM_RC (FieldUpgradeData_Entry)( - FieldUpgradeData_In *in, - FieldUpgradeData_Out *out -); - -typedef const struct { - FieldUpgradeData_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} FieldUpgradeData_COMMAND_DESCRIPTOR_t; - -FieldUpgradeData_COMMAND_DESCRIPTOR_t _FieldUpgradeDataData = { - /* entry */ &TPM2_FieldUpgradeData, - /* inSize */ (UINT16)(sizeof(FieldUpgradeData_In)), - /* outSize */ (UINT16)(sizeof(FieldUpgradeData_Out)), - /* offsetOfTypes */ offsetof(FieldUpgradeData_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(FieldUpgradeData_Out, firstDigest))}, - /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPMT_HA_P_MARSHAL, - TPMT_HA_P_MARSHAL, - END_OF_LIST} -}; - -#define _FieldUpgradeDataDataAddress (&_FieldUpgradeDataData) -#else -#define _FieldUpgradeDataDataAddress 0 -#endif // CC_FieldUpgradeData - -#if CC_FirmwareRead - -#include "FirmwareRead_fp.h" - -typedef TPM_RC (FirmwareRead_Entry)( - FirmwareRead_In *in, - FirmwareRead_Out *out -); - -typedef const struct { - FirmwareRead_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} FirmwareRead_COMMAND_DESCRIPTOR_t; - -FirmwareRead_COMMAND_DESCRIPTOR_t _FirmwareReadData = { - /* entry */ &TPM2_FirmwareRead, - /* inSize */ (UINT16)(sizeof(FirmwareRead_In)), - /* outSize */ (UINT16)(sizeof(FirmwareRead_Out)), - /* offsetOfTypes */ offsetof(FirmwareRead_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {UINT32_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - END_OF_LIST} -}; - -#define _FirmwareReadDataAddress (&_FirmwareReadData) -#else -#define _FirmwareReadDataAddress 0 -#endif // CC_FirmwareRead - -#if CC_ContextSave - -#include "ContextSave_fp.h" - -typedef TPM_RC (ContextSave_Entry)( - ContextSave_In *in, - ContextSave_Out *out -); - -typedef const struct { - ContextSave_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} ContextSave_COMMAND_DESCRIPTOR_t; - -ContextSave_COMMAND_DESCRIPTOR_t _ContextSaveData = { - /* entry */ &TPM2_ContextSave, - /* inSize */ (UINT16)(sizeof(ContextSave_In)), - /* outSize */ (UINT16)(sizeof(ContextSave_Out)), - /* offsetOfTypes */ offsetof(ContextSave_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_DH_CONTEXT_H_UNMARSHAL, - END_OF_LIST, - TPMS_CONTEXT_P_MARSHAL, - END_OF_LIST} -}; - -#define _ContextSaveDataAddress (&_ContextSaveData) -#else -#define _ContextSaveDataAddress 0 -#endif // CC_ContextSave - -#if CC_ContextLoad - -#include "ContextLoad_fp.h" - -typedef TPM_RC (ContextLoad_Entry)( - ContextLoad_In *in, - ContextLoad_Out *out -); - -typedef const struct { - ContextLoad_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} ContextLoad_COMMAND_DESCRIPTOR_t; - -ContextLoad_COMMAND_DESCRIPTOR_t _ContextLoadData = { - /* entry */ &TPM2_ContextLoad, - /* inSize */ (UINT16)(sizeof(ContextLoad_In)), - /* outSize */ (UINT16)(sizeof(ContextLoad_Out)), - /* offsetOfTypes */ offsetof(ContextLoad_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMS_CONTEXT_P_UNMARSHAL, - END_OF_LIST, - TPMI_DH_CONTEXT_H_MARSHAL, - END_OF_LIST} -}; - -#define _ContextLoadDataAddress (&_ContextLoadData) -#else -#define _ContextLoadDataAddress 0 -#endif // CC_ContextLoad - -#if CC_FlushContext - -#include "FlushContext_fp.h" - -typedef TPM_RC (FlushContext_Entry)( - FlushContext_In *in -); - -typedef const struct { - FlushContext_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} FlushContext_COMMAND_DESCRIPTOR_t; - -FlushContext_COMMAND_DESCRIPTOR_t _FlushContextData = { - /* entry */ &TPM2_FlushContext, - /* inSize */ (UINT16)(sizeof(FlushContext_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(FlushContext_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_DH_CONTEXT_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _FlushContextDataAddress (&_FlushContextData) -#else -#define _FlushContextDataAddress 0 -#endif // CC_FlushContext - -#if CC_EvictControl - -#include "EvictControl_fp.h" - -typedef TPM_RC (EvictControl_Entry)( - EvictControl_In *in -); - -typedef const struct { - EvictControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} EvictControl_COMMAND_DESCRIPTOR_t; - -EvictControl_COMMAND_DESCRIPTOR_t _EvictControlData = { - /* entry */ &TPM2_EvictControl, - /* inSize */ (UINT16)(sizeof(EvictControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(EvictControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EvictControl_In, objectHandle)), - (UINT16)(offsetof(EvictControl_In, persistentHandle))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_PERSISTENT_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _EvictControlDataAddress (&_EvictControlData) -#else -#define _EvictControlDataAddress 0 -#endif // CC_EvictControl - -#if CC_ReadClock - -#include "ReadClock_fp.h" - -typedef TPM_RC (ReadClock_Entry)( - ReadClock_Out *out -); - -typedef const struct { - ReadClock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} ReadClock_COMMAND_DESCRIPTOR_t; - -ReadClock_COMMAND_DESCRIPTOR_t _ReadClockData = { - /* entry */ &TPM2_ReadClock, - /* inSize */ 0, - /* outSize */ (UINT16)(sizeof(ReadClock_Out)), - /* offsetOfTypes */ offsetof(ReadClock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {END_OF_LIST, - TPMS_TIME_INFO_P_MARSHAL, - END_OF_LIST} -}; - -#define _ReadClockDataAddress (&_ReadClockData) -#else -#define _ReadClockDataAddress 0 -#endif // CC_ReadClock - -#if CC_ClockSet - -#include "ClockSet_fp.h" - -typedef TPM_RC (ClockSet_Entry)( - ClockSet_In *in -); - -typedef const struct { - ClockSet_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} ClockSet_COMMAND_DESCRIPTOR_t; - -ClockSet_COMMAND_DESCRIPTOR_t _ClockSetData = { - /* entry */ &TPM2_ClockSet, - /* inSize */ (UINT16)(sizeof(ClockSet_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClockSet_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClockSet_In, newTime))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - UINT64_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ClockSetDataAddress (&_ClockSetData) -#else -#define _ClockSetDataAddress 0 -#endif // CC_ClockSet - -#if CC_ClockRateAdjust - -#include "ClockRateAdjust_fp.h" - -typedef TPM_RC (ClockRateAdjust_Entry)( - ClockRateAdjust_In *in -); - -typedef const struct { - ClockRateAdjust_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} ClockRateAdjust_COMMAND_DESCRIPTOR_t; - -ClockRateAdjust_COMMAND_DESCRIPTOR_t _ClockRateAdjustData = { - /* entry */ &TPM2_ClockRateAdjust, - /* inSize */ (UINT16)(sizeof(ClockRateAdjust_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClockRateAdjust_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClockRateAdjust_In, rateAdjust))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPM_CLOCK_ADJUST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _ClockRateAdjustDataAddress (&_ClockRateAdjustData) -#else -#define _ClockRateAdjustDataAddress 0 -#endif // CC_ClockRateAdjust - -#if CC_GetCapability - -#include "GetCapability_fp.h" - -typedef TPM_RC (GetCapability_Entry)( - GetCapability_In *in, - GetCapability_Out *out -); - -typedef const struct { - GetCapability_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} GetCapability_COMMAND_DESCRIPTOR_t; - -GetCapability_COMMAND_DESCRIPTOR_t _GetCapabilityData = { - /* entry */ &TPM2_GetCapability, - /* inSize */ (UINT16)(sizeof(GetCapability_In)), - /* outSize */ (UINT16)(sizeof(GetCapability_Out)), - /* offsetOfTypes */ offsetof(GetCapability_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetCapability_In, property)), - (UINT16)(offsetof(GetCapability_In, propertyCount)), - (UINT16)(offsetof(GetCapability_Out, capabilityData))}, - /* types */ {TPM_CAP_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - TPMI_YES_NO_P_MARSHAL, - TPMS_CAPABILITY_DATA_P_MARSHAL, - END_OF_LIST} -}; - -#define _GetCapabilityDataAddress (&_GetCapabilityData) -#else -#define _GetCapabilityDataAddress 0 -#endif // CC_GetCapability - -#if CC_TestParms - -#include "TestParms_fp.h" - -typedef TPM_RC (TestParms_Entry)( - TestParms_In *in -); - -typedef const struct { - TestParms_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} TestParms_COMMAND_DESCRIPTOR_t; - -TestParms_COMMAND_DESCRIPTOR_t _TestParmsData = { - /* entry */ &TPM2_TestParms, - /* inSize */ (UINT16)(sizeof(TestParms_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(TestParms_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMT_PUBLIC_PARMS_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _TestParmsDataAddress (&_TestParmsData) -#else -#define _TestParmsDataAddress 0 -#endif // CC_TestParms - -#if CC_NV_DefineSpace - -#include "NV_DefineSpace_fp.h" - -typedef TPM_RC (NV_DefineSpace_Entry)( - NV_DefineSpace_In *in -); - -typedef const struct { - NV_DefineSpace_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} NV_DefineSpace_COMMAND_DESCRIPTOR_t; - -NV_DefineSpace_COMMAND_DESCRIPTOR_t _NV_DefineSpaceData = { - /* entry */ &TPM2_NV_DefineSpace, - /* inSize */ (UINT16)(sizeof(NV_DefineSpace_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_DefineSpace_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_DefineSpace_In, auth)), - (UINT16)(offsetof(NV_DefineSpace_In, publicInfo))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPM2B_NV_PUBLIC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_DefineSpaceDataAddress (&_NV_DefineSpaceData) -#else -#define _NV_DefineSpaceDataAddress 0 -#endif // CC_NV_DefineSpace - -#if CC_NV_UndefineSpace - -#include "NV_UndefineSpace_fp.h" - -typedef TPM_RC (NV_UndefineSpace_Entry)( - NV_UndefineSpace_In *in -); - -typedef const struct { - NV_UndefineSpace_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_UndefineSpace_COMMAND_DESCRIPTOR_t; - -NV_UndefineSpace_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceData = { - /* entry */ &TPM2_NV_UndefineSpace, - /* inSize */ (UINT16)(sizeof(NV_UndefineSpace_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_UndefineSpace_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_UndefineSpace_In, nvIndex))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_UndefineSpaceDataAddress (&_NV_UndefineSpaceData) -#else -#define _NV_UndefineSpaceDataAddress 0 -#endif // CC_NV_UndefineSpace - -#if CC_NV_UndefineSpaceSpecial - -#include "NV_UndefineSpaceSpecial_fp.h" - -typedef TPM_RC (NV_UndefineSpaceSpecial_Entry)( - NV_UndefineSpaceSpecial_In *in -); - -typedef const struct { - NV_UndefineSpaceSpecial_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t; - -NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceSpecialData = { - /* entry */ &TPM2_NV_UndefineSpaceSpecial, - /* inSize */ (UINT16)(sizeof(NV_UndefineSpaceSpecial_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_UndefineSpaceSpecial_In, platform))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_UndefineSpaceSpecialDataAddress (&_NV_UndefineSpaceSpecialData) -#else -#define _NV_UndefineSpaceSpecialDataAddress 0 -#endif // CC_NV_UndefineSpaceSpecial - -#if CC_NV_ReadPublic - -#include "NV_ReadPublic_fp.h" - -typedef TPM_RC (NV_ReadPublic_Entry)( - NV_ReadPublic_In *in, - NV_ReadPublic_Out *out -); - -typedef const struct { - NV_ReadPublic_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; -} NV_ReadPublic_COMMAND_DESCRIPTOR_t; - -NV_ReadPublic_COMMAND_DESCRIPTOR_t _NV_ReadPublicData = { - /* entry */ &TPM2_NV_ReadPublic, - /* inSize */ (UINT16)(sizeof(NV_ReadPublic_In)), - /* outSize */ (UINT16)(sizeof(NV_ReadPublic_Out)), - /* offsetOfTypes */ offsetof(NV_ReadPublic_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ReadPublic_Out, nvName))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - TPM2B_NV_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} -}; - -#define _NV_ReadPublicDataAddress (&_NV_ReadPublicData) -#else -#define _NV_ReadPublicDataAddress 0 -#endif // CC_NV_ReadPublic - -#if CC_NV_Write - -#include "NV_Write_fp.h" - -typedef TPM_RC (NV_Write_Entry)( - NV_Write_In *in -); - -typedef const struct { - NV_Write_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; -} NV_Write_COMMAND_DESCRIPTOR_t; - -NV_Write_COMMAND_DESCRIPTOR_t _NV_WriteData = { - /* entry */ &TPM2_NV_Write, - /* inSize */ (UINT16)(sizeof(NV_Write_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Write_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Write_In, nvIndex)), - (UINT16)(offsetof(NV_Write_In, data)), - (UINT16)(offsetof(NV_Write_In, offset))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_WriteDataAddress (&_NV_WriteData) -#else -#define _NV_WriteDataAddress 0 -#endif // CC_NV_Write - -#if CC_NV_Increment - -#include "NV_Increment_fp.h" - -typedef TPM_RC (NV_Increment_Entry)( - NV_Increment_In *in -); - -typedef const struct { - NV_Increment_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_Increment_COMMAND_DESCRIPTOR_t; - -NV_Increment_COMMAND_DESCRIPTOR_t _NV_IncrementData = { - /* entry */ &TPM2_NV_Increment, - /* inSize */ (UINT16)(sizeof(NV_Increment_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Increment_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Increment_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_IncrementDataAddress (&_NV_IncrementData) -#else -#define _NV_IncrementDataAddress 0 -#endif // CC_NV_Increment - -#if CC_NV_Extend - -#include "NV_Extend_fp.h" - -typedef TPM_RC (NV_Extend_Entry)( - NV_Extend_In *in -); - -typedef const struct { - NV_Extend_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} NV_Extend_COMMAND_DESCRIPTOR_t; - -NV_Extend_COMMAND_DESCRIPTOR_t _NV_ExtendData = { - /* entry */ &TPM2_NV_Extend, - /* inSize */ (UINT16)(sizeof(NV_Extend_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Extend_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Extend_In, nvIndex)), - (UINT16)(offsetof(NV_Extend_In, data))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_ExtendDataAddress (&_NV_ExtendData) -#else -#define _NV_ExtendDataAddress 0 -#endif // CC_NV_Extend - -#if CC_NV_SetBits - -#include "NV_SetBits_fp.h" - -typedef TPM_RC (NV_SetBits_Entry)( - NV_SetBits_In *in -); - -typedef const struct { - NV_SetBits_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; -} NV_SetBits_COMMAND_DESCRIPTOR_t; - -NV_SetBits_COMMAND_DESCRIPTOR_t _NV_SetBitsData = { - /* entry */ &TPM2_NV_SetBits, - /* inSize */ (UINT16)(sizeof(NV_SetBits_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_SetBits_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_SetBits_In, nvIndex)), - (UINT16)(offsetof(NV_SetBits_In, bits))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - UINT64_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_SetBitsDataAddress (&_NV_SetBitsData) -#else -#define _NV_SetBitsDataAddress 0 -#endif // CC_NV_SetBits - -#if CC_NV_WriteLock - -#include "NV_WriteLock_fp.h" - -typedef TPM_RC (NV_WriteLock_Entry)( - NV_WriteLock_In *in -); - -typedef const struct { - NV_WriteLock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_WriteLock_COMMAND_DESCRIPTOR_t; - -NV_WriteLock_COMMAND_DESCRIPTOR_t _NV_WriteLockData = { - /* entry */ &TPM2_NV_WriteLock, - /* inSize */ (UINT16)(sizeof(NV_WriteLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_WriteLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_WriteLock_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_WriteLockDataAddress (&_NV_WriteLockData) -#else -#define _NV_WriteLockDataAddress 0 -#endif // CC_NV_WriteLock - -#if CC_NV_GlobalWriteLock - -#include "NV_GlobalWriteLock_fp.h" - -typedef TPM_RC (NV_GlobalWriteLock_Entry)( - NV_GlobalWriteLock_In *in -); - -typedef const struct { - NV_GlobalWriteLock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; -} NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t; - -NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t _NV_GlobalWriteLockData = { - /* entry */ &TPM2_NV_GlobalWriteLock, - /* inSize */ (UINT16)(sizeof(NV_GlobalWriteLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_GlobalWriteLockDataAddress (&_NV_GlobalWriteLockData) -#else -#define _NV_GlobalWriteLockDataAddress 0 -#endif // CC_NV_GlobalWriteLock - -#if CC_NV_Read - -#include "NV_Read_fp.h" - -typedef TPM_RC (NV_Read_Entry)( - NV_Read_In *in, - NV_Read_Out *out -); - -typedef const struct { - NV_Read_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} NV_Read_COMMAND_DESCRIPTOR_t; - -NV_Read_COMMAND_DESCRIPTOR_t _NV_ReadData = { - /* entry */ &TPM2_NV_Read, - /* inSize */ (UINT16)(sizeof(NV_Read_In)), - /* outSize */ (UINT16)(sizeof(NV_Read_Out)), - /* offsetOfTypes */ offsetof(NV_Read_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Read_In, nvIndex)), - (UINT16)(offsetof(NV_Read_In, size)), - (UINT16)(offsetof(NV_Read_In, offset))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - UINT16_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_NV_BUFFER_P_MARSHAL, - END_OF_LIST} -}; - -#define _NV_ReadDataAddress (&_NV_ReadData) -#else -#define _NV_ReadDataAddress 0 -#endif // CC_NV_Read - -#if CC_NV_ReadLock - -#include "NV_ReadLock_fp.h" - -typedef TPM_RC (NV_ReadLock_Entry)( - NV_ReadLock_In *in -); - -typedef const struct { - NV_ReadLock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_ReadLock_COMMAND_DESCRIPTOR_t; - -NV_ReadLock_COMMAND_DESCRIPTOR_t _NV_ReadLockData = { - /* entry */ &TPM2_NV_ReadLock, - /* inSize */ (UINT16)(sizeof(NV_ReadLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_ReadLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ReadLock_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_ReadLockDataAddress (&_NV_ReadLockData) -#else -#define _NV_ReadLockDataAddress 0 -#endif // CC_NV_ReadLock - -#if CC_NV_ChangeAuth - -#include "NV_ChangeAuth_fp.h" - -typedef TPM_RC (NV_ChangeAuth_Entry)( - NV_ChangeAuth_In *in -); - -typedef const struct { - NV_ChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; -} NV_ChangeAuth_COMMAND_DESCRIPTOR_t; - -NV_ChangeAuth_COMMAND_DESCRIPTOR_t _NV_ChangeAuthData = { - /* entry */ &TPM2_NV_ChangeAuth, - /* inSize */ (UINT16)(sizeof(NV_ChangeAuth_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_ChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ChangeAuth_In, newAuth))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _NV_ChangeAuthDataAddress (&_NV_ChangeAuthData) -#else -#define _NV_ChangeAuthDataAddress 0 -#endif // CC_NV_ChangeAuth - -#if CC_NV_Certify - -#include "NV_Certify_fp.h" - -typedef TPM_RC (NV_Certify_Entry)( - NV_Certify_In *in, - NV_Certify_Out *out -); - -typedef const struct { - NV_Certify_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; -} NV_Certify_COMMAND_DESCRIPTOR_t; - -NV_Certify_COMMAND_DESCRIPTOR_t _NV_CertifyData = { - /* entry */ &TPM2_NV_Certify, - /* inSize */ (UINT16)(sizeof(NV_Certify_In)), - /* outSize */ (UINT16)(sizeof(NV_Certify_Out)), - /* offsetOfTypes */ offsetof(NV_Certify_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Certify_In, authHandle)), - (UINT16)(offsetof(NV_Certify_In, nvIndex)), - (UINT16)(offsetof(NV_Certify_In, qualifyingData)), - (UINT16)(offsetof(NV_Certify_In, inScheme)), - (UINT16)(offsetof(NV_Certify_In, size)), - (UINT16)(offsetof(NV_Certify_In, offset)), - (UINT16)(offsetof(NV_Certify_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - UINT16_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} -}; - -#define _NV_CertifyDataAddress (&_NV_CertifyData) -#else -#define _NV_CertifyDataAddress 0 -#endif // CC_NV_Certify - -#if CC_AC_GetCapability - -#include "AC_GetCapability_fp.h" - -typedef TPM_RC (AC_GetCapability_Entry)( - AC_GetCapability_In *in, - AC_GetCapability_Out *out -); - -typedef const struct { - AC_GetCapability_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} AC_GetCapability_COMMAND_DESCRIPTOR_t; - -AC_GetCapability_COMMAND_DESCRIPTOR_t _AC_GetCapabilityData = { - /* entry */ &TPM2_AC_GetCapability, - /* inSize */ (UINT16)(sizeof(AC_GetCapability_In)), - /* outSize */ (UINT16)(sizeof(AC_GetCapability_Out)), - /* offsetOfTypes */ offsetof(AC_GetCapability_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(AC_GetCapability_In, capability)), - (UINT16)(offsetof(AC_GetCapability_In, count)), - (UINT16)(offsetof(AC_GetCapability_Out, capabilitiesData))}, - /* types */ {TPMI_RH_AC_H_UNMARSHAL, - TPM_AT_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - TPMI_YES_NO_P_MARSHAL, - TPML_AC_CAPABILITIES_P_MARSHAL, - END_OF_LIST} -}; - -#define _AC_GetCapabilityDataAddress (&_AC_GetCapabilityData) -#else -#define _AC_GetCapabilityDataAddress 0 -#endif // CC_AC_GetCapability - -#if CC_AC_Send - -#include "AC_Send_fp.h" - -typedef TPM_RC (AC_Send_Entry)( - AC_Send_In *in, - AC_Send_Out *out -); - -typedef const struct { - AC_Send_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; -} AC_Send_COMMAND_DESCRIPTOR_t; - -AC_Send_COMMAND_DESCRIPTOR_t _AC_SendData = { - /* entry */ &TPM2_AC_Send, - /* inSize */ (UINT16)(sizeof(AC_Send_In)), - /* outSize */ (UINT16)(sizeof(AC_Send_Out)), - /* offsetOfTypes */ offsetof(AC_Send_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(AC_Send_In, authHandle)), - (UINT16)(offsetof(AC_Send_In, ac)), - (UINT16)(offsetof(AC_Send_In, acDataIn))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_AC_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPMS_AC_OUTPUT_P_MARSHAL, - END_OF_LIST} -}; - -#define _AC_SendDataAddress (&_AC_SendData) -#else -#define _AC_SendDataAddress 0 -#endif // CC_AC_Send - -#if CC_Policy_AC_SendSelect - -#include "Policy_AC_SendSelect_fp.h" - -typedef TPM_RC (Policy_AC_SendSelect_Entry)( - Policy_AC_SendSelect_In *in -); - -typedef const struct { - Policy_AC_SendSelect_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[7]; -} Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t; - -Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t _Policy_AC_SendSelectData = { - /* entry */ &TPM2_Policy_AC_SendSelect, - /* inSize */ (UINT16)(sizeof(Policy_AC_SendSelect_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Policy_AC_SendSelect_In, objectName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, authHandleName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, acName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, includeObject))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} -}; - -#define _Policy_AC_SendSelectDataAddress (&_Policy_AC_SendSelectData) -#else -#define _Policy_AC_SendSelectDataAddress 0 -#endif // CC_Policy_AC_SendSelect - -#if CC_Vendor_TCG_Test - -#include "Vendor_TCG_Test_fp.h" - -typedef TPM_RC (Vendor_TCG_Test_Entry)( - Vendor_TCG_Test_In *in, - Vendor_TCG_Test_Out *out -); - -typedef const struct { - Vendor_TCG_Test_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} Vendor_TCG_Test_COMMAND_DESCRIPTOR_t; - -Vendor_TCG_Test_COMMAND_DESCRIPTOR_t _Vendor_TCG_TestData = { - /* entry */ &TPM2_Vendor_TCG_Test, - /* inSize */ (UINT16)(sizeof(Vendor_TCG_Test_In)), - /* outSize */ (UINT16)(sizeof(Vendor_TCG_Test_Out)), - /* offsetOfTypes */ offsetof(Vendor_TCG_Test_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets; - /* types */ {TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DATA_P_MARSHAL, - END_OF_LIST} -}; - -#define _Vendor_TCG_TestDataAddress (&_Vendor_TCG_TestData) -#else -#define _Vendor_TCG_TestDataAddress 0 -#endif // CC_Vendor_TCG_Test - -COMMAND_DESCRIPTOR_t *s_CommandDataArray[] = { -#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceSpecialDataAddress, -#endif // CC_NV_UndefineSpaceSpecial -#if (PAD_LIST || CC_EvictControl) - (COMMAND_DESCRIPTOR_t *)_EvictControlDataAddress, -#endif // CC_EvictControl -#if (PAD_LIST || CC_HierarchyControl) - (COMMAND_DESCRIPTOR_t *)_HierarchyControlDataAddress, -#endif // CC_HierarchyControl -#if (PAD_LIST || CC_NV_UndefineSpace) - (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceDataAddress, -#endif // CC_NV_UndefineSpace -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || CC_ChangeEPS) - (COMMAND_DESCRIPTOR_t *)_ChangeEPSDataAddress, -#endif // CC_ChangeEPS -#if (PAD_LIST || CC_ChangePPS) - (COMMAND_DESCRIPTOR_t *)_ChangePPSDataAddress, -#endif // CC_ChangePPS -#if (PAD_LIST || CC_Clear) - (COMMAND_DESCRIPTOR_t *)_ClearDataAddress, -#endif // CC_Clear -#if (PAD_LIST || CC_ClearControl) - (COMMAND_DESCRIPTOR_t *)_ClearControlDataAddress, -#endif // CC_ClearControl -#if (PAD_LIST || CC_ClockSet) - (COMMAND_DESCRIPTOR_t *)_ClockSetDataAddress, -#endif // CC_ClockSet -#if (PAD_LIST || CC_HierarchyChangeAuth) - (COMMAND_DESCRIPTOR_t *)_HierarchyChangeAuthDataAddress, -#endif // CC_HierarchyChangeAuth -#if (PAD_LIST || CC_NV_DefineSpace) - (COMMAND_DESCRIPTOR_t *)_NV_DefineSpaceDataAddress, -#endif // CC_NV_DefineSpace -#if (PAD_LIST || CC_PCR_Allocate) - (COMMAND_DESCRIPTOR_t *)_PCR_AllocateDataAddress, -#endif // CC_PCR_Allocate -#if (PAD_LIST || CC_PCR_SetAuthPolicy) - (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthPolicyDataAddress, -#endif // CC_PCR_SetAuthPolicy -#if (PAD_LIST || CC_PP_Commands) - (COMMAND_DESCRIPTOR_t *)_PP_CommandsDataAddress, -#endif // CC_PP_Commands -#if (PAD_LIST || CC_SetPrimaryPolicy) - (COMMAND_DESCRIPTOR_t *)_SetPrimaryPolicyDataAddress, -#endif // CC_SetPrimaryPolicy -#if (PAD_LIST || CC_FieldUpgradeStart) - (COMMAND_DESCRIPTOR_t *)_FieldUpgradeStartDataAddress, -#endif // CC_FieldUpgradeStart -#if (PAD_LIST || CC_ClockRateAdjust) - (COMMAND_DESCRIPTOR_t *)_ClockRateAdjustDataAddress, -#endif // CC_ClockRateAdjust -#if (PAD_LIST || CC_CreatePrimary) - (COMMAND_DESCRIPTOR_t *)_CreatePrimaryDataAddress, -#endif // CC_CreatePrimary -#if (PAD_LIST || CC_NV_GlobalWriteLock) - (COMMAND_DESCRIPTOR_t *)_NV_GlobalWriteLockDataAddress, -#endif // CC_NV_GlobalWriteLock -#if (PAD_LIST || CC_GetCommandAuditDigest) - (COMMAND_DESCRIPTOR_t *)_GetCommandAuditDigestDataAddress, -#endif // CC_GetCommandAuditDigest -#if (PAD_LIST || CC_NV_Increment) - (COMMAND_DESCRIPTOR_t *)_NV_IncrementDataAddress, -#endif // CC_NV_Increment -#if (PAD_LIST || CC_NV_SetBits) - (COMMAND_DESCRIPTOR_t *)_NV_SetBitsDataAddress, -#endif // CC_NV_SetBits -#if (PAD_LIST || CC_NV_Extend) - (COMMAND_DESCRIPTOR_t *)_NV_ExtendDataAddress, -#endif // CC_NV_Extend -#if (PAD_LIST || CC_NV_Write) - (COMMAND_DESCRIPTOR_t *)_NV_WriteDataAddress, -#endif // CC_NV_Write -#if (PAD_LIST || CC_NV_WriteLock) - (COMMAND_DESCRIPTOR_t *)_NV_WriteLockDataAddress, -#endif // CC_NV_WriteLock -#if (PAD_LIST || CC_DictionaryAttackLockReset) - (COMMAND_DESCRIPTOR_t *)_DictionaryAttackLockResetDataAddress, -#endif // CC_DictionaryAttackLockReset -#if (PAD_LIST || CC_DictionaryAttackParameters) - (COMMAND_DESCRIPTOR_t *)_DictionaryAttackParametersDataAddress, -#endif // CC_DictionaryAttackParameters -#if (PAD_LIST || CC_NV_ChangeAuth) - (COMMAND_DESCRIPTOR_t *)_NV_ChangeAuthDataAddress, -#endif // CC_NV_ChangeAuth -#if (PAD_LIST || CC_PCR_Event) - (COMMAND_DESCRIPTOR_t *)_PCR_EventDataAddress, -#endif // CC_PCR_Event -#if (PAD_LIST || CC_PCR_Reset) - (COMMAND_DESCRIPTOR_t *)_PCR_ResetDataAddress, -#endif // CC_PCR_Reset -#if (PAD_LIST || CC_SequenceComplete) - (COMMAND_DESCRIPTOR_t *)_SequenceCompleteDataAddress, -#endif // CC_SequenceComplete -#if (PAD_LIST || CC_SetAlgorithmSet) - (COMMAND_DESCRIPTOR_t *)_SetAlgorithmSetDataAddress, -#endif // CC_SetAlgorithmSet -#if (PAD_LIST || CC_SetCommandCodeAuditStatus) - (COMMAND_DESCRIPTOR_t *)_SetCommandCodeAuditStatusDataAddress, -#endif // CC_SetCommandCodeAuditStatus -#if (PAD_LIST || CC_FieldUpgradeData) - (COMMAND_DESCRIPTOR_t *)_FieldUpgradeDataDataAddress, -#endif // CC_FieldUpgradeData -#if (PAD_LIST || CC_IncrementalSelfTest) - (COMMAND_DESCRIPTOR_t *)_IncrementalSelfTestDataAddress, -#endif // CC_IncrementalSelfTest -#if (PAD_LIST || CC_SelfTest) - (COMMAND_DESCRIPTOR_t *)_SelfTestDataAddress, -#endif // CC_SelfTest -#if (PAD_LIST || CC_Startup) - (COMMAND_DESCRIPTOR_t *)_StartupDataAddress, -#endif // CC_Startup -#if (PAD_LIST || CC_Shutdown) - (COMMAND_DESCRIPTOR_t *)_ShutdownDataAddress, -#endif // CC_Shutdown -#if (PAD_LIST || CC_StirRandom) - (COMMAND_DESCRIPTOR_t *)_StirRandomDataAddress, -#endif // CC_StirRandom -#if (PAD_LIST || CC_ActivateCredential) - (COMMAND_DESCRIPTOR_t *)_ActivateCredentialDataAddress, -#endif // CC_ActivateCredential -#if (PAD_LIST || CC_Certify) - (COMMAND_DESCRIPTOR_t *)_CertifyDataAddress, -#endif // CC_Certify -#if (PAD_LIST || CC_PolicyNV) - (COMMAND_DESCRIPTOR_t *)_PolicyNVDataAddress, -#endif // CC_PolicyNV -#if (PAD_LIST || CC_CertifyCreation) - (COMMAND_DESCRIPTOR_t *)_CertifyCreationDataAddress, -#endif // CC_CertifyCreation -#if (PAD_LIST || CC_Duplicate) - (COMMAND_DESCRIPTOR_t *)_DuplicateDataAddress, -#endif // CC_Duplicate -#if (PAD_LIST || CC_GetTime) - (COMMAND_DESCRIPTOR_t *)_GetTimeDataAddress, -#endif // CC_GetTime -#if (PAD_LIST || CC_GetSessionAuditDigest) - (COMMAND_DESCRIPTOR_t *)_GetSessionAuditDigestDataAddress, -#endif // CC_GetSessionAuditDigest -#if (PAD_LIST || CC_NV_Read) - (COMMAND_DESCRIPTOR_t *)_NV_ReadDataAddress, -#endif // CC_NV_Read -#if (PAD_LIST || CC_NV_ReadLock) - (COMMAND_DESCRIPTOR_t *)_NV_ReadLockDataAddress, -#endif // CC_NV_ReadLock -#if (PAD_LIST || CC_ObjectChangeAuth) - (COMMAND_DESCRIPTOR_t *)_ObjectChangeAuthDataAddress, -#endif // CC_ObjectChangeAuth -#if (PAD_LIST || CC_PolicySecret) - (COMMAND_DESCRIPTOR_t *)_PolicySecretDataAddress, -#endif // CC_PolicySecret -#if (PAD_LIST || CC_Rewrap) - (COMMAND_DESCRIPTOR_t *)_RewrapDataAddress, -#endif // CC_Rewrap -#if (PAD_LIST || CC_Create) - (COMMAND_DESCRIPTOR_t *)_CreateDataAddress, -#endif // CC_Create -#if (PAD_LIST || CC_ECDH_ZGen) - (COMMAND_DESCRIPTOR_t *)_ECDH_ZGenDataAddress, -#endif // CC_ECDH_ZGen -#if (PAD_LIST || (CC_HMAC || CC_MAC)) -# if CC_HMAC - (COMMAND_DESCRIPTOR_t *)_HMACDataAddress, -# endif -# if CC_MAC - (COMMAND_DESCRIPTOR_t *)_MACDataAddress, -# endif -# if (CC_HMAC || CC_MAC) > 1 -# error "More than one aliased command defined" -# endif -#endif // CC_HMAC CC_MAC -#if (PAD_LIST || CC_Import) - (COMMAND_DESCRIPTOR_t *)_ImportDataAddress, -#endif // CC_Import -#if (PAD_LIST || CC_Load) - (COMMAND_DESCRIPTOR_t *)_LoadDataAddress, -#endif // CC_Load -#if (PAD_LIST || CC_Quote) - (COMMAND_DESCRIPTOR_t *)_QuoteDataAddress, -#endif // CC_Quote -#if (PAD_LIST || CC_RSA_Decrypt) - (COMMAND_DESCRIPTOR_t *)_RSA_DecryptDataAddress, -#endif // CC_RSA_Decrypt -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) -# if CC_HMAC_Start - (COMMAND_DESCRIPTOR_t *)_HMAC_StartDataAddress, -# endif -# if CC_MAC_Start - (COMMAND_DESCRIPTOR_t *)_MAC_StartDataAddress, -# endif -# if (CC_HMAC_Start || CC_MAC_Start) > 1 -# error "More than one aliased command defined" -# endif -#endif // CC_HMAC_Start CC_MAC_Start -#if (PAD_LIST || CC_SequenceUpdate) - (COMMAND_DESCRIPTOR_t *)_SequenceUpdateDataAddress, -#endif // CC_SequenceUpdate -#if (PAD_LIST || CC_Sign) - (COMMAND_DESCRIPTOR_t *)_SignDataAddress, -#endif // CC_Sign -#if (PAD_LIST || CC_Unseal) - (COMMAND_DESCRIPTOR_t *)_UnsealDataAddress, -#endif // CC_Unseal -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || CC_PolicySigned) - (COMMAND_DESCRIPTOR_t *)_PolicySignedDataAddress, -#endif // CC_PolicySigned -#if (PAD_LIST || CC_ContextLoad) - (COMMAND_DESCRIPTOR_t *)_ContextLoadDataAddress, -#endif // CC_ContextLoad -#if (PAD_LIST || CC_ContextSave) - (COMMAND_DESCRIPTOR_t *)_ContextSaveDataAddress, -#endif // CC_ContextSave -#if (PAD_LIST || CC_ECDH_KeyGen) - (COMMAND_DESCRIPTOR_t *)_ECDH_KeyGenDataAddress, -#endif // CC_ECDH_KeyGen -#if (PAD_LIST || CC_EncryptDecrypt) - (COMMAND_DESCRIPTOR_t *)_EncryptDecryptDataAddress, -#endif // CC_EncryptDecrypt -#if (PAD_LIST || CC_FlushContext) - (COMMAND_DESCRIPTOR_t *)_FlushContextDataAddress, -#endif // CC_FlushContext -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || CC_LoadExternal) - (COMMAND_DESCRIPTOR_t *)_LoadExternalDataAddress, -#endif // CC_LoadExternal -#if (PAD_LIST || CC_MakeCredential) - (COMMAND_DESCRIPTOR_t *)_MakeCredentialDataAddress, -#endif // CC_MakeCredential -#if (PAD_LIST || CC_NV_ReadPublic) - (COMMAND_DESCRIPTOR_t *)_NV_ReadPublicDataAddress, -#endif // CC_NV_ReadPublic -#if (PAD_LIST || CC_PolicyAuthorize) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeDataAddress, -#endif // CC_PolicyAuthorize -#if (PAD_LIST || CC_PolicyAuthValue) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthValueDataAddress, -#endif // CC_PolicyAuthValue -#if (PAD_LIST || CC_PolicyCommandCode) - (COMMAND_DESCRIPTOR_t *)_PolicyCommandCodeDataAddress, -#endif // CC_PolicyCommandCode -#if (PAD_LIST || CC_PolicyCounterTimer) - (COMMAND_DESCRIPTOR_t *)_PolicyCounterTimerDataAddress, -#endif // CC_PolicyCounterTimer -#if (PAD_LIST || CC_PolicyCpHash) - (COMMAND_DESCRIPTOR_t *)_PolicyCpHashDataAddress, -#endif // CC_PolicyCpHash -#if (PAD_LIST || CC_PolicyLocality) - (COMMAND_DESCRIPTOR_t *)_PolicyLocalityDataAddress, -#endif // CC_PolicyLocality -#if (PAD_LIST || CC_PolicyNameHash) - (COMMAND_DESCRIPTOR_t *)_PolicyNameHashDataAddress, -#endif // CC_PolicyNameHash -#if (PAD_LIST || CC_PolicyOR) - (COMMAND_DESCRIPTOR_t *)_PolicyORDataAddress, -#endif // CC_PolicyOR -#if (PAD_LIST || CC_PolicyTicket) - (COMMAND_DESCRIPTOR_t *)_PolicyTicketDataAddress, -#endif // CC_PolicyTicket -#if (PAD_LIST || CC_ReadPublic) - (COMMAND_DESCRIPTOR_t *)_ReadPublicDataAddress, -#endif // CC_ReadPublic -#if (PAD_LIST || CC_RSA_Encrypt) - (COMMAND_DESCRIPTOR_t *)_RSA_EncryptDataAddress, -#endif // CC_RSA_Encrypt -#if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif // -#if (PAD_LIST || CC_StartAuthSession) - (COMMAND_DESCRIPTOR_t *)_StartAuthSessionDataAddress, -#endif // CC_StartAuthSession -#if (PAD_LIST || CC_VerifySignature) - (COMMAND_DESCRIPTOR_t *)_VerifySignatureDataAddress, -#endif // CC_VerifySignature -#if (PAD_LIST || CC_ECC_Parameters) - (COMMAND_DESCRIPTOR_t *)_ECC_ParametersDataAddress, -#endif // CC_ECC_Parameters -#if (PAD_LIST || CC_FirmwareRead) - (COMMAND_DESCRIPTOR_t *)_FirmwareReadDataAddress, -#endif // CC_FirmwareRead -#if (PAD_LIST || CC_GetCapability) - (COMMAND_DESCRIPTOR_t *)_GetCapabilityDataAddress, -#endif // CC_GetCapability -#if (PAD_LIST || CC_GetRandom) - (COMMAND_DESCRIPTOR_t *)_GetRandomDataAddress, -#endif // CC_GetRandom -#if (PAD_LIST || CC_GetTestResult) - (COMMAND_DESCRIPTOR_t *)_GetTestResultDataAddress, -#endif // CC_GetTestResult -#if (PAD_LIST || CC_Hash) - (COMMAND_DESCRIPTOR_t *)_HashDataAddress, -#endif // CC_Hash -#if (PAD_LIST || CC_PCR_Read) - (COMMAND_DESCRIPTOR_t *)_PCR_ReadDataAddress, -#endif // CC_PCR_Read -#if (PAD_LIST || CC_PolicyPCR) - (COMMAND_DESCRIPTOR_t *)_PolicyPCRDataAddress, -#endif // CC_PolicyPCR -#if (PAD_LIST || CC_PolicyRestart) - (COMMAND_DESCRIPTOR_t *)_PolicyRestartDataAddress, -#endif // CC_PolicyRestart -#if (PAD_LIST || CC_ReadClock) - (COMMAND_DESCRIPTOR_t *)_ReadClockDataAddress, -#endif // CC_ReadClock -#if (PAD_LIST || CC_PCR_Extend) - (COMMAND_DESCRIPTOR_t *)_PCR_ExtendDataAddress, -#endif // CC_PCR_Extend -#if (PAD_LIST || CC_PCR_SetAuthValue) - (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthValueDataAddress, -#endif // CC_PCR_SetAuthValue -#if (PAD_LIST || CC_NV_Certify) - (COMMAND_DESCRIPTOR_t *)_NV_CertifyDataAddress, -#endif // CC_NV_Certify -#if (PAD_LIST || CC_EventSequenceComplete) - (COMMAND_DESCRIPTOR_t *)_EventSequenceCompleteDataAddress, -#endif // CC_EventSequenceComplete -#if (PAD_LIST || CC_HashSequenceStart) - (COMMAND_DESCRIPTOR_t *)_HashSequenceStartDataAddress, -#endif // CC_HashSequenceStart -#if (PAD_LIST || CC_PolicyPhysicalPresence) - (COMMAND_DESCRIPTOR_t *)_PolicyPhysicalPresenceDataAddress, -#endif // CC_PolicyPhysicalPresence -#if (PAD_LIST || CC_PolicyDuplicationSelect) - (COMMAND_DESCRIPTOR_t *)_PolicyDuplicationSelectDataAddress, -#endif // CC_PolicyDuplicationSelect -#if (PAD_LIST || CC_PolicyGetDigest) - (COMMAND_DESCRIPTOR_t *)_PolicyGetDigestDataAddress, -#endif // CC_PolicyGetDigest -#if (PAD_LIST || CC_TestParms) - (COMMAND_DESCRIPTOR_t *)_TestParmsDataAddress, -#endif // CC_TestParms -#if (PAD_LIST || CC_Commit) - (COMMAND_DESCRIPTOR_t *)_CommitDataAddress, -#endif // CC_Commit -#if (PAD_LIST || CC_PolicyPassword) - (COMMAND_DESCRIPTOR_t *)_PolicyPasswordDataAddress, -#endif // CC_PolicyPassword -#if (PAD_LIST || CC_ZGen_2Phase) - (COMMAND_DESCRIPTOR_t *)_ZGen_2PhaseDataAddress, -#endif // CC_ZGen_2Phase -#if (PAD_LIST || CC_EC_Ephemeral) - (COMMAND_DESCRIPTOR_t *)_EC_EphemeralDataAddress, -#endif // CC_EC_Ephemeral -#if (PAD_LIST || CC_PolicyNvWritten) - (COMMAND_DESCRIPTOR_t *)_PolicyNvWrittenDataAddress, -#endif // CC_PolicyNvWritten -#if (PAD_LIST || CC_PolicyTemplate) - (COMMAND_DESCRIPTOR_t *)_PolicyTemplateDataAddress, -#endif // CC_PolicyTemplate -#if (PAD_LIST || CC_CreateLoaded) - (COMMAND_DESCRIPTOR_t *)_CreateLoadedDataAddress, -#endif // CC_CreateLoaded -#if (PAD_LIST || CC_PolicyAuthorizeNV) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeNVDataAddress, -#endif // CC_PolicyAuthorizeNV -#if (PAD_LIST || CC_EncryptDecrypt2) - (COMMAND_DESCRIPTOR_t *)_EncryptDecrypt2DataAddress, -#endif // CC_EncryptDecrypt2 -#if (PAD_LIST || CC_AC_GetCapability) - (COMMAND_DESCRIPTOR_t *)_AC_GetCapabilityDataAddress, -#endif // CC_AC_GetCapability -#if (PAD_LIST || CC_AC_Send) - (COMMAND_DESCRIPTOR_t *)_AC_SendDataAddress, -#endif // CC_AC_Send -#if (PAD_LIST || CC_Policy_AC_SendSelect) - (COMMAND_DESCRIPTOR_t *)_Policy_AC_SendSelectDataAddress, -#endif // CC_Policy_AC_SendSelect -#if (PAD_LIST || CC_CertifyX509) - (COMMAND_DESCRIPTOR_t *)_CertifyX509DataAddress, -#endif // CC_CertifyX509 -#if (PAD_LIST || CC_Vendor_TCG_Test) - (COMMAND_DESCRIPTOR_t *)_Vendor_TCG_TestDataAddress, -#endif // CC_Vendor_TCG_Test - 0 -}; - - -#endif // _COMMAND_TABLE_DISPATCH_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h deleted file mode 100644 index 78c3f855a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h +++ /dev/null @@ -1,2051 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmDispatch; Version 4.0 July 8,2017 - * Date: Oct 27, 2018 Time: 06:49:39PM - */ - -// This macro is added just so that the code is only excessively long. -#define EXIT_IF_ERROR_PLUS(x) \ - if(TPM_RC_SUCCESS != result) { result += (x); goto Exit; } -#if CC_Startup -case TPM_CC_Startup: { - Startup_In *in = (Startup_In *) - MemoryGetInBuffer(sizeof(Startup_In)); - result = TPM_SU_Unmarshal(&in->startupType, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Startup_startupType); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Startup (in); -break; -} -#endif // CC_Startup -#if CC_Shutdown -case TPM_CC_Shutdown: { - Shutdown_In *in = (Shutdown_In *) - MemoryGetInBuffer(sizeof(Shutdown_In)); - result = TPM_SU_Unmarshal(&in->shutdownType, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Shutdown_shutdownType); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Shutdown (in); -break; -} -#endif // CC_Shutdown -#if CC_SelfTest -case TPM_CC_SelfTest: { - SelfTest_In *in = (SelfTest_In *) - MemoryGetInBuffer(sizeof(SelfTest_In)); - result = TPMI_YES_NO_Unmarshal(&in->fullTest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SelfTest_fullTest); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SelfTest (in); -break; -} -#endif // CC_SelfTest -#if CC_IncrementalSelfTest -case TPM_CC_IncrementalSelfTest: { - IncrementalSelfTest_In *in = (IncrementalSelfTest_In *) - MemoryGetInBuffer(sizeof(IncrementalSelfTest_In)); - IncrementalSelfTest_Out *out = (IncrementalSelfTest_Out *) - MemoryGetOutBuffer(sizeof(IncrementalSelfTest_Out)); - result = TPML_ALG_Unmarshal(&in->toTest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_IncrementalSelfTest_toTest); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_IncrementalSelfTest (in, out); - rSize = sizeof(IncrementalSelfTest_Out); - *respParmSize += TPML_ALG_Marshal(&out->toDoList, - responseBuffer, &rSize); -break; -} -#endif // CC_IncrementalSelfTest -#if CC_GetTestResult -case TPM_CC_GetTestResult: { - GetTestResult_Out *out = (GetTestResult_Out *) - MemoryGetOutBuffer(sizeof(GetTestResult_Out)); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetTestResult (out); - rSize = sizeof(GetTestResult_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, - responseBuffer, &rSize); - *respParmSize += TPM_RC_Marshal(&out->testResult, - responseBuffer, &rSize); -break; -} -#endif // CC_GetTestResult -#if CC_StartAuthSession -case TPM_CC_StartAuthSession: { - StartAuthSession_In *in = (StartAuthSession_In *) - MemoryGetInBuffer(sizeof(StartAuthSession_In)); - StartAuthSession_Out *out = (StartAuthSession_Out *) - MemoryGetOutBuffer(sizeof(StartAuthSession_Out)); - in->tpmKey = handles[0]; - in->bind = handles[1]; - result = TPM2B_NONCE_Unmarshal(&in->nonceCaller, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_nonceCaller); - result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->encryptedSalt, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_encryptedSalt); - result = TPM_SE_Unmarshal(&in->sessionType, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_sessionType); - result = TPMT_SYM_DEF_Unmarshal(&in->symmetric, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_symmetric); - result = TPMI_ALG_HASH_Unmarshal(&in->authHash, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_StartAuthSession_authHash); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_StartAuthSession (in, out); - rSize = sizeof(StartAuthSession_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->sessionHandle; - *respParmSize += TPM2B_NONCE_Marshal(&out->nonceTPM, - responseBuffer, &rSize); -break; -} -#endif // CC_StartAuthSession -#if CC_PolicyRestart -case TPM_CC_PolicyRestart: { - PolicyRestart_In *in = (PolicyRestart_In *) - MemoryGetInBuffer(sizeof(PolicyRestart_In)); - in->sessionHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyRestart (in); -break; -} -#endif // CC_PolicyRestart -#if CC_Create -case TPM_CC_Create: { - Create_In *in = (Create_In *) - MemoryGetInBuffer(sizeof(Create_In)); - Create_Out *out = (Create_Out *) - MemoryGetOutBuffer(sizeof(Create_Out)); - in->parentHandle = handles[0]; - result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Create_inSensitive); - result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_Create_inPublic); - result = TPM2B_DATA_Unmarshal(&in->outsideInfo, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Create_outsideInfo); - result = TPML_PCR_SELECTION_Unmarshal(&in->creationPCR, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Create_creationPCR); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Create (in, out); - rSize = sizeof(Create_Out); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, - responseBuffer, &rSize); - *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_CREATION_DATA_Marshal(&out->creationData, - responseBuffer, &rSize); - *respParmSize += TPM2B_DIGEST_Marshal(&out->creationHash, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_CREATION_Marshal(&out->creationTicket, - responseBuffer, &rSize); -break; -} -#endif // CC_Create -#if CC_Load -case TPM_CC_Load: { - Load_In *in = (Load_In *) - MemoryGetInBuffer(sizeof(Load_In)); - Load_Out *out = (Load_Out *) - MemoryGetOutBuffer(sizeof(Load_Out)); - in->parentHandle = handles[0]; - result = TPM2B_PRIVATE_Unmarshal(&in->inPrivate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Load_inPrivate); - result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_Load_inPublic); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Load (in, out); - rSize = sizeof(Load_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->objectHandle; - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); -break; -} -#endif // CC_Load -#if CC_LoadExternal -case TPM_CC_LoadExternal: { - LoadExternal_In *in = (LoadExternal_In *) - MemoryGetInBuffer(sizeof(LoadExternal_In)); - LoadExternal_Out *out = (LoadExternal_Out *) - MemoryGetOutBuffer(sizeof(LoadExternal_Out)); - result = TPM2B_SENSITIVE_Unmarshal(&in->inPrivate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_LoadExternal_inPrivate); - result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_LoadExternal_inPublic); - result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_LoadExternal_hierarchy); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_LoadExternal (in, out); - rSize = sizeof(LoadExternal_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->objectHandle; - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); -break; -} -#endif // CC_LoadExternal -#if CC_ReadPublic -case TPM_CC_ReadPublic: { - ReadPublic_In *in = (ReadPublic_In *) - MemoryGetInBuffer(sizeof(ReadPublic_In)); - ReadPublic_Out *out = (ReadPublic_Out *) - MemoryGetOutBuffer(sizeof(ReadPublic_Out)); - in->objectHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ReadPublic (in, out); - rSize = sizeof(ReadPublic_Out); - *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->qualifiedName, - responseBuffer, &rSize); -break; -} -#endif // CC_ReadPublic -#if CC_ActivateCredential -case TPM_CC_ActivateCredential: { - ActivateCredential_In *in = (ActivateCredential_In *) - MemoryGetInBuffer(sizeof(ActivateCredential_In)); - ActivateCredential_Out *out = (ActivateCredential_Out *) - MemoryGetOutBuffer(sizeof(ActivateCredential_Out)); - in->activateHandle = handles[0]; - in->keyHandle = handles[1]; - result = TPM2B_ID_OBJECT_Unmarshal(&in->credentialBlob, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ActivateCredential_credentialBlob); - result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->secret, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ActivateCredential_secret); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ActivateCredential (in, out); - rSize = sizeof(ActivateCredential_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->certInfo, - responseBuffer, &rSize); -break; -} -#endif // CC_ActivateCredential -#if CC_MakeCredential -case TPM_CC_MakeCredential: { - MakeCredential_In *in = (MakeCredential_In *) - MemoryGetInBuffer(sizeof(MakeCredential_In)); - MakeCredential_Out *out = (MakeCredential_Out *) - MemoryGetOutBuffer(sizeof(MakeCredential_Out)); - in->handle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->credential, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_MakeCredential_credential); - result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_MakeCredential_objectName); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_MakeCredential (in, out); - rSize = sizeof(MakeCredential_Out); - *respParmSize += TPM2B_ID_OBJECT_Marshal(&out->credentialBlob, - responseBuffer, &rSize); - *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->secret, - responseBuffer, &rSize); -break; -} -#endif // CC_MakeCredential -#if CC_Unseal -case TPM_CC_Unseal: { - Unseal_In *in = (Unseal_In *) - MemoryGetInBuffer(sizeof(Unseal_In)); - Unseal_Out *out = (Unseal_Out *) - MemoryGetOutBuffer(sizeof(Unseal_Out)); - in->itemHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Unseal (in, out); - rSize = sizeof(Unseal_Out); - *respParmSize += TPM2B_SENSITIVE_DATA_Marshal(&out->outData, - responseBuffer, &rSize); -break; -} -#endif // CC_Unseal -#if CC_ObjectChangeAuth -case TPM_CC_ObjectChangeAuth: { - ObjectChangeAuth_In *in = (ObjectChangeAuth_In *) - MemoryGetInBuffer(sizeof(ObjectChangeAuth_In)); - ObjectChangeAuth_Out *out = (ObjectChangeAuth_Out *) - MemoryGetOutBuffer(sizeof(ObjectChangeAuth_Out)); - in->objectHandle = handles[0]; - in->parentHandle = handles[1]; - result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ObjectChangeAuth_newAuth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ObjectChangeAuth (in, out); - rSize = sizeof(ObjectChangeAuth_Out); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, - responseBuffer, &rSize); -break; -} -#endif // CC_ObjectChangeAuth -#if CC_CreateLoaded -case TPM_CC_CreateLoaded: { - CreateLoaded_In *in = (CreateLoaded_In *) - MemoryGetInBuffer(sizeof(CreateLoaded_In)); - CreateLoaded_Out *out = (CreateLoaded_Out *) - MemoryGetOutBuffer(sizeof(CreateLoaded_Out)); - in->parentHandle = handles[0]; - result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreateLoaded_inSensitive); - result = TPM2B_TEMPLATE_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreateLoaded_inPublic); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_CreateLoaded (in, out); - rSize = sizeof(CreateLoaded_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->objectHandle; - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, - responseBuffer, &rSize); - *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); -break; -} -#endif // CC_CreateLoaded -#if CC_Duplicate -case TPM_CC_Duplicate: { - Duplicate_In *in = (Duplicate_In *) - MemoryGetInBuffer(sizeof(Duplicate_In)); - Duplicate_Out *out = (Duplicate_Out *) - MemoryGetOutBuffer(sizeof(Duplicate_Out)); - in->objectHandle = handles[0]; - in->newParentHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->encryptionKeyIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Duplicate_encryptionKeyIn); - result = TPMT_SYM_DEF_OBJECT_Unmarshal(&in->symmetricAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Duplicate_symmetricAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Duplicate (in, out); - rSize = sizeof(Duplicate_Out); - *respParmSize += TPM2B_DATA_Marshal(&out->encryptionKeyOut, - responseBuffer, &rSize); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->duplicate, - responseBuffer, &rSize); - *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->outSymSeed, - responseBuffer, &rSize); -break; -} -#endif // CC_Duplicate -#if CC_Rewrap -case TPM_CC_Rewrap: { - Rewrap_In *in = (Rewrap_In *) - MemoryGetInBuffer(sizeof(Rewrap_In)); - Rewrap_Out *out = (Rewrap_Out *) - MemoryGetOutBuffer(sizeof(Rewrap_Out)); - in->oldParent = handles[0]; - in->newParent = handles[1]; - result = TPM2B_PRIVATE_Unmarshal(&in->inDuplicate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Rewrap_inDuplicate); - result = TPM2B_NAME_Unmarshal(&in->name, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Rewrap_name); - result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->inSymSeed, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Rewrap_inSymSeed); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Rewrap (in, out); - rSize = sizeof(Rewrap_Out); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outDuplicate, - responseBuffer, &rSize); - *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->outSymSeed, - responseBuffer, &rSize); -break; -} -#endif // CC_Rewrap -#if CC_Import -case TPM_CC_Import: { - Import_In *in = (Import_In *) - MemoryGetInBuffer(sizeof(Import_In)); - Import_Out *out = (Import_Out *) - MemoryGetOutBuffer(sizeof(Import_Out)); - in->parentHandle = handles[0]; - result = TPM2B_DATA_Unmarshal(&in->encryptionKey, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Import_encryptionKey); - result = TPM2B_PUBLIC_Unmarshal(&in->objectPublic, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_Import_objectPublic); - result = TPM2B_PRIVATE_Unmarshal(&in->duplicate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Import_duplicate); - result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->inSymSeed, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Import_inSymSeed); - result = TPMT_SYM_DEF_OBJECT_Unmarshal(&in->symmetricAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Import_symmetricAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Import (in, out); - rSize = sizeof(Import_Out); - *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, - responseBuffer, &rSize); -break; -} -#endif // CC_Import -#if CC_RSA_Encrypt -case TPM_CC_RSA_Encrypt: { - RSA_Encrypt_In *in = (RSA_Encrypt_In *) - MemoryGetInBuffer(sizeof(RSA_Encrypt_In)); - RSA_Encrypt_Out *out = (RSA_Encrypt_Out *) - MemoryGetOutBuffer(sizeof(RSA_Encrypt_Out)); - in->keyHandle = handles[0]; - result = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&in->message, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_message); - result = TPMT_RSA_DECRYPT_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_inScheme); - result = TPM2B_DATA_Unmarshal(&in->label, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_label); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_RSA_Encrypt (in, out); - rSize = sizeof(RSA_Encrypt_Out); - *respParmSize += TPM2B_PUBLIC_KEY_RSA_Marshal(&out->outData, - responseBuffer, &rSize); -break; -} -#endif // CC_RSA_Encrypt -#if CC_RSA_Decrypt -case TPM_CC_RSA_Decrypt: { - RSA_Decrypt_In *in = (RSA_Decrypt_In *) - MemoryGetInBuffer(sizeof(RSA_Decrypt_In)); - RSA_Decrypt_Out *out = (RSA_Decrypt_Out *) - MemoryGetOutBuffer(sizeof(RSA_Decrypt_Out)); - in->keyHandle = handles[0]; - result = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&in->cipherText, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_cipherText); - result = TPMT_RSA_DECRYPT_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_inScheme); - result = TPM2B_DATA_Unmarshal(&in->label, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_label); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_RSA_Decrypt (in, out); - rSize = sizeof(RSA_Decrypt_Out); - *respParmSize += TPM2B_PUBLIC_KEY_RSA_Marshal(&out->message, - responseBuffer, &rSize); -break; -} -#endif // CC_RSA_Decrypt -#if CC_ECDH_KeyGen -case TPM_CC_ECDH_KeyGen: { - ECDH_KeyGen_In *in = (ECDH_KeyGen_In *) - MemoryGetInBuffer(sizeof(ECDH_KeyGen_In)); - ECDH_KeyGen_Out *out = (ECDH_KeyGen_Out *) - MemoryGetOutBuffer(sizeof(ECDH_KeyGen_Out)); - in->keyHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ECDH_KeyGen (in, out); - rSize = sizeof(ECDH_KeyGen_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->zPoint, - responseBuffer, &rSize); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->pubPoint, - responseBuffer, &rSize); -break; -} -#endif // CC_ECDH_KeyGen -#if CC_ECDH_ZGen -case TPM_CC_ECDH_ZGen: { - ECDH_ZGen_In *in = (ECDH_ZGen_In *) - MemoryGetInBuffer(sizeof(ECDH_ZGen_In)); - ECDH_ZGen_Out *out = (ECDH_ZGen_Out *) - MemoryGetOutBuffer(sizeof(ECDH_ZGen_Out)); - in->keyHandle = handles[0]; - result = TPM2B_ECC_POINT_Unmarshal(&in->inPoint, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ECDH_ZGen_inPoint); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ECDH_ZGen (in, out); - rSize = sizeof(ECDH_ZGen_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outPoint, - responseBuffer, &rSize); -break; -} -#endif // CC_ECDH_ZGen -#if CC_ECC_Parameters -case TPM_CC_ECC_Parameters: { - ECC_Parameters_In *in = (ECC_Parameters_In *) - MemoryGetInBuffer(sizeof(ECC_Parameters_In)); - ECC_Parameters_Out *out = (ECC_Parameters_Out *) - MemoryGetOutBuffer(sizeof(ECC_Parameters_Out)); - result = TPMI_ECC_CURVE_Unmarshal(&in->curveID, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ECC_Parameters_curveID); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ECC_Parameters (in, out); - rSize = sizeof(ECC_Parameters_Out); - *respParmSize += TPMS_ALGORITHM_DETAIL_ECC_Marshal(&out->parameters, - responseBuffer, &rSize); -break; -} -#endif // CC_ECC_Parameters -#if CC_ZGen_2Phase -case TPM_CC_ZGen_2Phase: { - ZGen_2Phase_In *in = (ZGen_2Phase_In *) - MemoryGetInBuffer(sizeof(ZGen_2Phase_In)); - ZGen_2Phase_Out *out = (ZGen_2Phase_Out *) - MemoryGetOutBuffer(sizeof(ZGen_2Phase_Out)); - in->keyA = handles[0]; - result = TPM2B_ECC_POINT_Unmarshal(&in->inQsB, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inQsB); - result = TPM2B_ECC_POINT_Unmarshal(&in->inQeB, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inQeB); - result = TPMI_ECC_KEY_EXCHANGE_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inScheme); - result = UINT16_Unmarshal(&in->counter, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_counter); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ZGen_2Phase (in, out); - rSize = sizeof(ZGen_2Phase_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outZ1, - responseBuffer, &rSize); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outZ2, - responseBuffer, &rSize); -break; -} -#endif // CC_ZGen_2Phase -#if CC_EncryptDecrypt -case TPM_CC_EncryptDecrypt: { - EncryptDecrypt_In *in = (EncryptDecrypt_In *) - MemoryGetInBuffer(sizeof(EncryptDecrypt_In)); - EncryptDecrypt_Out *out = (EncryptDecrypt_Out *) - MemoryGetOutBuffer(sizeof(EncryptDecrypt_Out)); - in->keyHandle = handles[0]; - result = TPMI_YES_NO_Unmarshal(&in->decrypt, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_decrypt); - result = TPMI_ALG_CIPHER_MODE_Unmarshal(&in->mode, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_mode); - result = TPM2B_IV_Unmarshal(&in->ivIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_ivIn); - result = TPM2B_MAX_BUFFER_Unmarshal(&in->inData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_inData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EncryptDecrypt (in, out); - rSize = sizeof(EncryptDecrypt_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, - responseBuffer, &rSize); - *respParmSize += TPM2B_IV_Marshal(&out->ivOut, - responseBuffer, &rSize); -break; -} -#endif // CC_EncryptDecrypt -#if CC_EncryptDecrypt2 -case TPM_CC_EncryptDecrypt2: { - EncryptDecrypt2_In *in = (EncryptDecrypt2_In *) - MemoryGetInBuffer(sizeof(EncryptDecrypt2_In)); - EncryptDecrypt2_Out *out = (EncryptDecrypt2_Out *) - MemoryGetOutBuffer(sizeof(EncryptDecrypt2_Out)); - in->keyHandle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->inData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_inData); - result = TPMI_YES_NO_Unmarshal(&in->decrypt, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_decrypt); - result = TPMI_ALG_CIPHER_MODE_Unmarshal(&in->mode, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_mode); - result = TPM2B_IV_Unmarshal(&in->ivIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_ivIn); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EncryptDecrypt2 (in, out); - rSize = sizeof(EncryptDecrypt2_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, - responseBuffer, &rSize); - *respParmSize += TPM2B_IV_Marshal(&out->ivOut, - responseBuffer, &rSize); -break; -} -#endif // CC_EncryptDecrypt2 -#if CC_Hash -case TPM_CC_Hash: { - Hash_In *in = (Hash_In *) - MemoryGetInBuffer(sizeof(Hash_In)); - Hash_Out *out = (Hash_Out *) - MemoryGetOutBuffer(sizeof(Hash_Out)); - result = TPM2B_MAX_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Hash_data); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_Hash_hashAlg); - result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Hash_hierarchy); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Hash (in, out); - rSize = sizeof(Hash_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->outHash, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_HASHCHECK_Marshal(&out->validation, - responseBuffer, &rSize); -break; -} -#endif // CC_Hash -#if CC_HMAC -case TPM_CC_HMAC: { - HMAC_In *in = (HMAC_In *) - MemoryGetInBuffer(sizeof(HMAC_In)); - HMAC_Out *out = (HMAC_Out *) - MemoryGetOutBuffer(sizeof(HMAC_Out)); - in->handle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HMAC_buffer); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_HMAC_hashAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HMAC (in, out); - rSize = sizeof(HMAC_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->outHMAC, - responseBuffer, &rSize); -break; -} -#endif // CC_HMAC -#if CC_MAC -case TPM_CC_MAC: { - MAC_In *in = (MAC_In *) - MemoryGetInBuffer(sizeof(MAC_In)); - MAC_Out *out = (MAC_Out *) - MemoryGetOutBuffer(sizeof(MAC_Out)); - in->handle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_MAC_buffer); - result = TPMI_ALG_MAC_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_MAC_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_MAC (in, out); - rSize = sizeof(MAC_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->outMAC, - responseBuffer, &rSize); -break; -} -#endif // CC_MAC -#if CC_GetRandom -case TPM_CC_GetRandom: { - GetRandom_In *in = (GetRandom_In *) - MemoryGetInBuffer(sizeof(GetRandom_In)); - GetRandom_Out *out = (GetRandom_Out *) - MemoryGetOutBuffer(sizeof(GetRandom_Out)); - result = UINT16_Unmarshal(&in->bytesRequested, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetRandom_bytesRequested); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetRandom (in, out); - rSize = sizeof(GetRandom_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->randomBytes, - responseBuffer, &rSize); -break; -} -#endif // CC_GetRandom -#if CC_StirRandom -case TPM_CC_StirRandom: { - StirRandom_In *in = (StirRandom_In *) - MemoryGetInBuffer(sizeof(StirRandom_In)); - result = TPM2B_SENSITIVE_DATA_Unmarshal(&in->inData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_StirRandom_inData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_StirRandom (in); -break; -} -#endif // CC_StirRandom -#if CC_HMAC_Start -case TPM_CC_HMAC_Start: { - HMAC_Start_In *in = (HMAC_Start_In *) - MemoryGetInBuffer(sizeof(HMAC_Start_In)); - HMAC_Start_Out *out = (HMAC_Start_Out *) - MemoryGetOutBuffer(sizeof(HMAC_Start_Out)); - in->handle = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HMAC_Start_auth); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_HMAC_Start_hashAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HMAC_Start (in, out); - rSize = sizeof(HMAC_Start_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->sequenceHandle; -break; -} -#endif // CC_HMAC_Start -#if CC_MAC_Start -case TPM_CC_MAC_Start: { - MAC_Start_In *in = (MAC_Start_In *) - MemoryGetInBuffer(sizeof(MAC_Start_In)); - MAC_Start_Out *out = (MAC_Start_Out *) - MemoryGetOutBuffer(sizeof(MAC_Start_Out)); - in->handle = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_MAC_Start_auth); - result = TPMI_ALG_MAC_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_MAC_Start_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_MAC_Start (in, out); - rSize = sizeof(MAC_Start_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->sequenceHandle; -break; -} -#endif // CC_MAC_Start -#if CC_HashSequenceStart -case TPM_CC_HashSequenceStart: { - HashSequenceStart_In *in = (HashSequenceStart_In *) - MemoryGetInBuffer(sizeof(HashSequenceStart_In)); - HashSequenceStart_Out *out = (HashSequenceStart_Out *) - MemoryGetOutBuffer(sizeof(HashSequenceStart_Out)); - result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HashSequenceStart_auth); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_HashSequenceStart_hashAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HashSequenceStart (in, out); - rSize = sizeof(HashSequenceStart_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->sequenceHandle; -break; -} -#endif // CC_HashSequenceStart -#if CC_SequenceUpdate -case TPM_CC_SequenceUpdate: { - SequenceUpdate_In *in = (SequenceUpdate_In *) - MemoryGetInBuffer(sizeof(SequenceUpdate_In)); - in->sequenceHandle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SequenceUpdate_buffer); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SequenceUpdate (in); -break; -} -#endif // CC_SequenceUpdate -#if CC_SequenceComplete -case TPM_CC_SequenceComplete: { - SequenceComplete_In *in = (SequenceComplete_In *) - MemoryGetInBuffer(sizeof(SequenceComplete_In)); - SequenceComplete_Out *out = (SequenceComplete_Out *) - MemoryGetOutBuffer(sizeof(SequenceComplete_Out)); - in->sequenceHandle = handles[0]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SequenceComplete_buffer); - result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_SequenceComplete_hierarchy); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SequenceComplete (in, out); - rSize = sizeof(SequenceComplete_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->result, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_HASHCHECK_Marshal(&out->validation, - responseBuffer, &rSize); -break; -} -#endif // CC_SequenceComplete -#if CC_EventSequenceComplete -case TPM_CC_EventSequenceComplete: { - EventSequenceComplete_In *in = (EventSequenceComplete_In *) - MemoryGetInBuffer(sizeof(EventSequenceComplete_In)); - EventSequenceComplete_Out *out = (EventSequenceComplete_Out *) - MemoryGetOutBuffer(sizeof(EventSequenceComplete_Out)); - in->pcrHandle = handles[0]; - in->sequenceHandle = handles[1]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EventSequenceComplete_buffer); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EventSequenceComplete (in, out); - rSize = sizeof(EventSequenceComplete_Out); - *respParmSize += TPML_DIGEST_VALUES_Marshal(&out->results, - responseBuffer, &rSize); -break; -} -#endif // CC_EventSequenceComplete -#if CC_Certify -case TPM_CC_Certify: { - Certify_In *in = (Certify_In *) - MemoryGetInBuffer(sizeof(Certify_In)); - Certify_Out *out = (Certify_Out *) - MemoryGetOutBuffer(sizeof(Certify_Out)); - in->objectHandle = handles[0]; - in->signHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Certify_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Certify_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Certify (in, out); - rSize = sizeof(Certify_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_Certify -#if CC_CertifyCreation -case TPM_CC_CertifyCreation: { - CertifyCreation_In *in = (CertifyCreation_In *) - MemoryGetInBuffer(sizeof(CertifyCreation_In)); - CertifyCreation_Out *out = (CertifyCreation_Out *) - MemoryGetOutBuffer(sizeof(CertifyCreation_Out)); - in->signHandle = handles[0]; - in->objectHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyCreation_qualifyingData); - result = TPM2B_DIGEST_Unmarshal(&in->creationHash, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyCreation_creationHash); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_CertifyCreation_inScheme); - result = TPMT_TK_CREATION_Unmarshal(&in->creationTicket, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyCreation_creationTicket); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_CertifyCreation (in, out); - rSize = sizeof(CertifyCreation_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_CertifyCreation -#if CC_Quote -case TPM_CC_Quote: { - Quote_In *in = (Quote_In *) - MemoryGetInBuffer(sizeof(Quote_In)); - Quote_Out *out = (Quote_Out *) - MemoryGetOutBuffer(sizeof(Quote_Out)); - in->signHandle = handles[0]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Quote_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Quote_inScheme); - result = TPML_PCR_SELECTION_Unmarshal(&in->PCRselect, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Quote_PCRselect); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Quote (in, out); - rSize = sizeof(Quote_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->quoted, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_Quote -#if CC_GetSessionAuditDigest -case TPM_CC_GetSessionAuditDigest: { - GetSessionAuditDigest_In *in = (GetSessionAuditDigest_In *) - MemoryGetInBuffer(sizeof(GetSessionAuditDigest_In)); - GetSessionAuditDigest_Out *out = (GetSessionAuditDigest_Out *) - MemoryGetOutBuffer(sizeof(GetSessionAuditDigest_Out)); - in->privacyAdminHandle = handles[0]; - in->signHandle = handles[1]; - in->sessionHandle = handles[2]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetSessionAuditDigest_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_GetSessionAuditDigest_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetSessionAuditDigest (in, out); - rSize = sizeof(GetSessionAuditDigest_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->auditInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_GetSessionAuditDigest -#if CC_GetCommandAuditDigest -case TPM_CC_GetCommandAuditDigest: { - GetCommandAuditDigest_In *in = (GetCommandAuditDigest_In *) - MemoryGetInBuffer(sizeof(GetCommandAuditDigest_In)); - GetCommandAuditDigest_Out *out = (GetCommandAuditDigest_Out *) - MemoryGetOutBuffer(sizeof(GetCommandAuditDigest_Out)); - in->privacyHandle = handles[0]; - in->signHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetCommandAuditDigest_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_GetCommandAuditDigest_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetCommandAuditDigest (in, out); - rSize = sizeof(GetCommandAuditDigest_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->auditInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_GetCommandAuditDigest -#if CC_GetTime -case TPM_CC_GetTime: { - GetTime_In *in = (GetTime_In *) - MemoryGetInBuffer(sizeof(GetTime_In)); - GetTime_Out *out = (GetTime_Out *) - MemoryGetOutBuffer(sizeof(GetTime_Out)); - in->privacyAdminHandle = handles[0]; - in->signHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetTime_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_GetTime_inScheme); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetTime (in, out); - rSize = sizeof(GetTime_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->timeInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_GetTime -#if CC_CertifyX509 -case TPM_CC_CertifyX509: { - CertifyX509_In *in = (CertifyX509_In *) - MemoryGetInBuffer(sizeof(CertifyX509_In)); - CertifyX509_Out *out = (CertifyX509_Out *) - MemoryGetOutBuffer(sizeof(CertifyX509_Out)); - in->objectHandle = handles[0]; - in->signHandle = handles[1]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyX509_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_CertifyX509_inScheme); - result = TPM2B_MAX_BUFFER_Unmarshal(&in->partialCertificate, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CertifyX509_partialCertificate); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_CertifyX509 (in, out); - rSize = sizeof(CertifyX509_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->addedToCertificate, - responseBuffer, &rSize); - *respParmSize += TPM2B_DIGEST_Marshal(&out->tbsDigest, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_CertifyX509 -#if CC_Commit -case TPM_CC_Commit: { - Commit_In *in = (Commit_In *) - MemoryGetInBuffer(sizeof(Commit_In)); - Commit_Out *out = (Commit_Out *) - MemoryGetOutBuffer(sizeof(Commit_Out)); - in->signHandle = handles[0]; - result = TPM2B_ECC_POINT_Unmarshal(&in->P1, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Commit_P1); - result = TPM2B_SENSITIVE_DATA_Unmarshal(&in->s2, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Commit_s2); - result = TPM2B_ECC_PARAMETER_Unmarshal(&in->y2, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Commit_y2); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Commit (in, out); - rSize = sizeof(Commit_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->K, - responseBuffer, &rSize); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->L, - responseBuffer, &rSize); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->E, - responseBuffer, &rSize); - *respParmSize += UINT16_Marshal(&out->counter, - responseBuffer, &rSize); -break; -} -#endif // CC_Commit -#if CC_EC_Ephemeral -case TPM_CC_EC_Ephemeral: { - EC_Ephemeral_In *in = (EC_Ephemeral_In *) - MemoryGetInBuffer(sizeof(EC_Ephemeral_In)); - EC_Ephemeral_Out *out = (EC_Ephemeral_Out *) - MemoryGetOutBuffer(sizeof(EC_Ephemeral_Out)); - result = TPMI_ECC_CURVE_Unmarshal(&in->curveID, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EC_Ephemeral_curveID); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EC_Ephemeral (in, out); - rSize = sizeof(EC_Ephemeral_Out); - *respParmSize += TPM2B_ECC_POINT_Marshal(&out->Q, - responseBuffer, &rSize); - *respParmSize += UINT16_Marshal(&out->counter, - responseBuffer, &rSize); -break; -} -#endif // CC_EC_Ephemeral -#if CC_VerifySignature -case TPM_CC_VerifySignature: { - VerifySignature_In *in = (VerifySignature_In *) - MemoryGetInBuffer(sizeof(VerifySignature_In)); - VerifySignature_Out *out = (VerifySignature_Out *) - MemoryGetOutBuffer(sizeof(VerifySignature_Out)); - in->keyHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->digest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_VerifySignature_digest); - result = TPMT_SIGNATURE_Unmarshal(&in->signature, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_VerifySignature_signature); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_VerifySignature (in, out); - rSize = sizeof(VerifySignature_Out); - *respParmSize += TPMT_TK_VERIFIED_Marshal(&out->validation, - responseBuffer, &rSize); -break; -} -#endif // CC_VerifySignature -#if CC_Sign -case TPM_CC_Sign: { - Sign_In *in = (Sign_In *) - MemoryGetInBuffer(sizeof(Sign_In)); - Sign_Out *out = (Sign_Out *) - MemoryGetOutBuffer(sizeof(Sign_Out)); - in->keyHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->digest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Sign_digest); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_Sign_inScheme); - result = TPMT_TK_HASHCHECK_Unmarshal(&in->validation, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Sign_validation); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Sign (in, out); - rSize = sizeof(Sign_Out); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_Sign -#if CC_SetCommandCodeAuditStatus -case TPM_CC_SetCommandCodeAuditStatus: { - SetCommandCodeAuditStatus_In *in = (SetCommandCodeAuditStatus_In *) - MemoryGetInBuffer(sizeof(SetCommandCodeAuditStatus_In)); - in->auth = handles[0]; - result = TPMI_ALG_HASH_Unmarshal(&in->auditAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_auditAlg); - result = TPML_CC_Unmarshal(&in->setList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_setList); - result = TPML_CC_Unmarshal(&in->clearList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_clearList); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SetCommandCodeAuditStatus (in); -break; -} -#endif // CC_SetCommandCodeAuditStatus -#if CC_PCR_Extend -case TPM_CC_PCR_Extend: { - PCR_Extend_In *in = (PCR_Extend_In *) - MemoryGetInBuffer(sizeof(PCR_Extend_In)); - in->pcrHandle = handles[0]; - result = TPML_DIGEST_VALUES_Unmarshal(&in->digests, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_Extend_digests); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Extend (in); -break; -} -#endif // CC_PCR_Extend -#if CC_PCR_Event -case TPM_CC_PCR_Event: { - PCR_Event_In *in = (PCR_Event_In *) - MemoryGetInBuffer(sizeof(PCR_Event_In)); - PCR_Event_Out *out = (PCR_Event_Out *) - MemoryGetOutBuffer(sizeof(PCR_Event_Out)); - in->pcrHandle = handles[0]; - result = TPM2B_EVENT_Unmarshal(&in->eventData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_Event_eventData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Event (in, out); - rSize = sizeof(PCR_Event_Out); - *respParmSize += TPML_DIGEST_VALUES_Marshal(&out->digests, - responseBuffer, &rSize); -break; -} -#endif // CC_PCR_Event -#if CC_PCR_Read -case TPM_CC_PCR_Read: { - PCR_Read_In *in = (PCR_Read_In *) - MemoryGetInBuffer(sizeof(PCR_Read_In)); - PCR_Read_Out *out = (PCR_Read_Out *) - MemoryGetOutBuffer(sizeof(PCR_Read_Out)); - result = TPML_PCR_SELECTION_Unmarshal(&in->pcrSelectionIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_Read_pcrSelectionIn); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Read (in, out); - rSize = sizeof(PCR_Read_Out); - *respParmSize += UINT32_Marshal(&out->pcrUpdateCounter, - responseBuffer, &rSize); - *respParmSize += TPML_PCR_SELECTION_Marshal(&out->pcrSelectionOut, - responseBuffer, &rSize); - *respParmSize += TPML_DIGEST_Marshal(&out->pcrValues, - responseBuffer, &rSize); -break; -} -#endif // CC_PCR_Read -#if CC_PCR_Allocate -case TPM_CC_PCR_Allocate: { - PCR_Allocate_In *in = (PCR_Allocate_In *) - MemoryGetInBuffer(sizeof(PCR_Allocate_In)); - PCR_Allocate_Out *out = (PCR_Allocate_Out *) - MemoryGetOutBuffer(sizeof(PCR_Allocate_Out)); - in->authHandle = handles[0]; - result = TPML_PCR_SELECTION_Unmarshal(&in->pcrAllocation, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_Allocate_pcrAllocation); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Allocate (in, out); - rSize = sizeof(PCR_Allocate_Out); - *respParmSize += TPMI_YES_NO_Marshal(&out->allocationSuccess, - responseBuffer, &rSize); - *respParmSize += UINT32_Marshal(&out->maxPCR, - responseBuffer, &rSize); - *respParmSize += UINT32_Marshal(&out->sizeNeeded, - responseBuffer, &rSize); - *respParmSize += UINT32_Marshal(&out->sizeAvailable, - responseBuffer, &rSize); -break; -} -#endif // CC_PCR_Allocate -#if CC_PCR_SetAuthPolicy -case TPM_CC_PCR_SetAuthPolicy: { - PCR_SetAuthPolicy_In *in = (PCR_SetAuthPolicy_In *) - MemoryGetInBuffer(sizeof(PCR_SetAuthPolicy_In)); - in->authHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->authPolicy, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_authPolicy); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_hashAlg); - result = TPMI_DH_PCR_Unmarshal(&in->pcrNum, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_pcrNum); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_SetAuthPolicy (in); -break; -} -#endif // CC_PCR_SetAuthPolicy -#if CC_PCR_SetAuthValue -case TPM_CC_PCR_SetAuthValue: { - PCR_SetAuthValue_In *in = (PCR_SetAuthValue_In *) - MemoryGetInBuffer(sizeof(PCR_SetAuthValue_In)); - in->pcrHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthValue_auth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_SetAuthValue (in); -break; -} -#endif // CC_PCR_SetAuthValue -#if CC_PCR_Reset -case TPM_CC_PCR_Reset: { - PCR_Reset_In *in = (PCR_Reset_In *) - MemoryGetInBuffer(sizeof(PCR_Reset_In)); - in->pcrHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PCR_Reset (in); -break; -} -#endif // CC_PCR_Reset -#if CC_PolicySigned -case TPM_CC_PolicySigned: { - PolicySigned_In *in = (PolicySigned_In *) - MemoryGetInBuffer(sizeof(PolicySigned_In)); - PolicySigned_Out *out = (PolicySigned_Out *) - MemoryGetOutBuffer(sizeof(PolicySigned_Out)); - in->authObject = handles[0]; - in->policySession = handles[1]; - result = TPM2B_NONCE_Unmarshal(&in->nonceTPM, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_nonceTPM); - result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_cpHashA); - result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_policyRef); - result = INT32_Unmarshal(&in->expiration, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_expiration); - result = TPMT_SIGNATURE_Unmarshal(&in->auth, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_PolicySigned_auth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicySigned (in, out); - rSize = sizeof(PolicySigned_Out); - *respParmSize += TPM2B_TIMEOUT_Marshal(&out->timeout, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_AUTH_Marshal(&out->policyTicket, - responseBuffer, &rSize); -break; -} -#endif // CC_PolicySigned -#if CC_PolicySecret -case TPM_CC_PolicySecret: { - PolicySecret_In *in = (PolicySecret_In *) - MemoryGetInBuffer(sizeof(PolicySecret_In)); - PolicySecret_Out *out = (PolicySecret_Out *) - MemoryGetOutBuffer(sizeof(PolicySecret_Out)); - in->authHandle = handles[0]; - in->policySession = handles[1]; - result = TPM2B_NONCE_Unmarshal(&in->nonceTPM, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySecret_nonceTPM); - result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySecret_cpHashA); - result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySecret_policyRef); - result = INT32_Unmarshal(&in->expiration, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicySecret_expiration); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicySecret (in, out); - rSize = sizeof(PolicySecret_Out); - *respParmSize += TPM2B_TIMEOUT_Marshal(&out->timeout, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_AUTH_Marshal(&out->policyTicket, - responseBuffer, &rSize); -break; -} -#endif // CC_PolicySecret -#if CC_PolicyTicket -case TPM_CC_PolicyTicket: { - PolicyTicket_In *in = (PolicyTicket_In *) - MemoryGetInBuffer(sizeof(PolicyTicket_In)); - in->policySession = handles[0]; - result = TPM2B_TIMEOUT_Unmarshal(&in->timeout, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_timeout); - result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_cpHashA); - result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_policyRef); - result = TPM2B_NAME_Unmarshal(&in->authName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_authName); - result = TPMT_TK_AUTH_Unmarshal(&in->ticket, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTicket_ticket); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyTicket (in); -break; -} -#endif // CC_PolicyTicket -#if CC_PolicyOR -case TPM_CC_PolicyOR: { - PolicyOR_In *in = (PolicyOR_In *) - MemoryGetInBuffer(sizeof(PolicyOR_In)); - in->policySession = handles[0]; - result = TPML_DIGEST_Unmarshal(&in->pHashList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyOR_pHashList); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyOR (in); -break; -} -#endif // CC_PolicyOR -#if CC_PolicyPCR -case TPM_CC_PolicyPCR: { - PolicyPCR_In *in = (PolicyPCR_In *) - MemoryGetInBuffer(sizeof(PolicyPCR_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->pcrDigest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyPCR_pcrDigest); - result = TPML_PCR_SELECTION_Unmarshal(&in->pcrs, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyPCR_pcrs); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyPCR (in); -break; -} -#endif // CC_PolicyPCR -#if CC_PolicyLocality -case TPM_CC_PolicyLocality: { - PolicyLocality_In *in = (PolicyLocality_In *) - MemoryGetInBuffer(sizeof(PolicyLocality_In)); - in->policySession = handles[0]; - result = TPMA_LOCALITY_Unmarshal(&in->locality, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyLocality_locality); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyLocality (in); -break; -} -#endif // CC_PolicyLocality -#if CC_PolicyNV -case TPM_CC_PolicyNV: { - PolicyNV_In *in = (PolicyNV_In *) - MemoryGetInBuffer(sizeof(PolicyNV_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - in->policySession = handles[2]; - result = TPM2B_OPERAND_Unmarshal(&in->operandB, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNV_operandB); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNV_offset); - result = TPM_EO_Unmarshal(&in->operation, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNV_operation); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyNV (in); -break; -} -#endif // CC_PolicyNV -#if CC_PolicyCounterTimer -case TPM_CC_PolicyCounterTimer: { - PolicyCounterTimer_In *in = (PolicyCounterTimer_In *) - MemoryGetInBuffer(sizeof(PolicyCounterTimer_In)); - in->policySession = handles[0]; - result = TPM2B_OPERAND_Unmarshal(&in->operandB, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_operandB); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_offset); - result = TPM_EO_Unmarshal(&in->operation, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_operation); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyCounterTimer (in); -break; -} -#endif // CC_PolicyCounterTimer -#if CC_PolicyCommandCode -case TPM_CC_PolicyCommandCode: { - PolicyCommandCode_In *in = (PolicyCommandCode_In *) - MemoryGetInBuffer(sizeof(PolicyCommandCode_In)); - in->policySession = handles[0]; - result = TPM_CC_Unmarshal(&in->code, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCommandCode_code); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyCommandCode (in); -break; -} -#endif // CC_PolicyCommandCode -#if CC_PolicyPhysicalPresence -case TPM_CC_PolicyPhysicalPresence: { - PolicyPhysicalPresence_In *in = (PolicyPhysicalPresence_In *) - MemoryGetInBuffer(sizeof(PolicyPhysicalPresence_In)); - in->policySession = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyPhysicalPresence (in); -break; -} -#endif // CC_PolicyPhysicalPresence -#if CC_PolicyCpHash -case TPM_CC_PolicyCpHash: { - PolicyCpHash_In *in = (PolicyCpHash_In *) - MemoryGetInBuffer(sizeof(PolicyCpHash_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyCpHash_cpHashA); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyCpHash (in); -break; -} -#endif // CC_PolicyCpHash -#if CC_PolicyNameHash -case TPM_CC_PolicyNameHash: { - PolicyNameHash_In *in = (PolicyNameHash_In *) - MemoryGetInBuffer(sizeof(PolicyNameHash_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->nameHash, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNameHash_nameHash); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyNameHash (in); -break; -} -#endif // CC_PolicyNameHash -#if CC_PolicyDuplicationSelect -case TPM_CC_PolicyDuplicationSelect: { - PolicyDuplicationSelect_In *in = (PolicyDuplicationSelect_In *) - MemoryGetInBuffer(sizeof(PolicyDuplicationSelect_In)); - in->policySession = handles[0]; - result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_objectName); - result = TPM2B_NAME_Unmarshal(&in->newParentName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_newParentName); - result = TPMI_YES_NO_Unmarshal(&in->includeObject, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_includeObject); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyDuplicationSelect (in); -break; -} -#endif // CC_PolicyDuplicationSelect -#if CC_PolicyAuthorize -case TPM_CC_PolicyAuthorize: { - PolicyAuthorize_In *in = (PolicyAuthorize_In *) - MemoryGetInBuffer(sizeof(PolicyAuthorize_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->approvedPolicy, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_approvedPolicy); - result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_policyRef); - result = TPM2B_NAME_Unmarshal(&in->keySign, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_keySign); - result = TPMT_TK_VERIFIED_Unmarshal(&in->checkTicket, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_checkTicket); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyAuthorize (in); -break; -} -#endif // CC_PolicyAuthorize -#if CC_PolicyAuthValue -case TPM_CC_PolicyAuthValue: { - PolicyAuthValue_In *in = (PolicyAuthValue_In *) - MemoryGetInBuffer(sizeof(PolicyAuthValue_In)); - in->policySession = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyAuthValue (in); -break; -} -#endif // CC_PolicyAuthValue -#if CC_PolicyPassword -case TPM_CC_PolicyPassword: { - PolicyPassword_In *in = (PolicyPassword_In *) - MemoryGetInBuffer(sizeof(PolicyPassword_In)); - in->policySession = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyPassword (in); -break; -} -#endif // CC_PolicyPassword -#if CC_PolicyGetDigest -case TPM_CC_PolicyGetDigest: { - PolicyGetDigest_In *in = (PolicyGetDigest_In *) - MemoryGetInBuffer(sizeof(PolicyGetDigest_In)); - PolicyGetDigest_Out *out = (PolicyGetDigest_Out *) - MemoryGetOutBuffer(sizeof(PolicyGetDigest_Out)); - in->policySession = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyGetDigest (in, out); - rSize = sizeof(PolicyGetDigest_Out); - *respParmSize += TPM2B_DIGEST_Marshal(&out->policyDigest, - responseBuffer, &rSize); -break; -} -#endif // CC_PolicyGetDigest -#if CC_PolicyNvWritten -case TPM_CC_PolicyNvWritten: { - PolicyNvWritten_In *in = (PolicyNvWritten_In *) - MemoryGetInBuffer(sizeof(PolicyNvWritten_In)); - in->policySession = handles[0]; - result = TPMI_YES_NO_Unmarshal(&in->writtenSet, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyNvWritten_writtenSet); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyNvWritten (in); -break; -} -#endif // CC_PolicyNvWritten -#if CC_PolicyTemplate -case TPM_CC_PolicyTemplate: { - PolicyTemplate_In *in = (PolicyTemplate_In *) - MemoryGetInBuffer(sizeof(PolicyTemplate_In)); - in->policySession = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->templateHash, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PolicyTemplate_templateHash); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyTemplate (in); -break; -} -#endif // CC_PolicyTemplate -#if CC_PolicyAuthorizeNV -case TPM_CC_PolicyAuthorizeNV: { - PolicyAuthorizeNV_In *in = (PolicyAuthorizeNV_In *) - MemoryGetInBuffer(sizeof(PolicyAuthorizeNV_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - in->policySession = handles[2]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PolicyAuthorizeNV (in); -break; -} -#endif // CC_PolicyAuthorizeNV -#if CC_CreatePrimary -case TPM_CC_CreatePrimary: { - CreatePrimary_In *in = (CreatePrimary_In *) - MemoryGetInBuffer(sizeof(CreatePrimary_In)); - CreatePrimary_Out *out = (CreatePrimary_Out *) - MemoryGetOutBuffer(sizeof(CreatePrimary_Out)); - in->primaryHandle = handles[0]; - result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreatePrimary_inSensitive); - result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_CreatePrimary_inPublic); - result = TPM2B_DATA_Unmarshal(&in->outsideInfo, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreatePrimary_outsideInfo); - result = TPML_PCR_SELECTION_Unmarshal(&in->creationPCR, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_CreatePrimary_creationPCR); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_CreatePrimary (in, out); - rSize = sizeof(CreatePrimary_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->objectHandle; - *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_CREATION_DATA_Marshal(&out->creationData, - responseBuffer, &rSize); - *respParmSize += TPM2B_DIGEST_Marshal(&out->creationHash, - responseBuffer, &rSize); - *respParmSize += TPMT_TK_CREATION_Marshal(&out->creationTicket, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->name, - responseBuffer, &rSize); -break; -} -#endif // CC_CreatePrimary -#if CC_HierarchyControl -case TPM_CC_HierarchyControl: { - HierarchyControl_In *in = (HierarchyControl_In *) - MemoryGetInBuffer(sizeof(HierarchyControl_In)); - in->authHandle = handles[0]; - result = TPMI_RH_ENABLES_Unmarshal(&in->enable, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_HierarchyControl_enable); - result = TPMI_YES_NO_Unmarshal(&in->state, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HierarchyControl_state); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HierarchyControl (in); -break; -} -#endif // CC_HierarchyControl -#if CC_SetPrimaryPolicy -case TPM_CC_SetPrimaryPolicy: { - SetPrimaryPolicy_In *in = (SetPrimaryPolicy_In *) - MemoryGetInBuffer(sizeof(SetPrimaryPolicy_In)); - in->authHandle = handles[0]; - result = TPM2B_DIGEST_Unmarshal(&in->authPolicy, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SetPrimaryPolicy_authPolicy); - result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_SetPrimaryPolicy_hashAlg); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SetPrimaryPolicy (in); -break; -} -#endif // CC_SetPrimaryPolicy -#if CC_ChangePPS -case TPM_CC_ChangePPS: { - ChangePPS_In *in = (ChangePPS_In *) - MemoryGetInBuffer(sizeof(ChangePPS_In)); - in->authHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ChangePPS (in); -break; -} -#endif // CC_ChangePPS -#if CC_ChangeEPS -case TPM_CC_ChangeEPS: { - ChangeEPS_In *in = (ChangeEPS_In *) - MemoryGetInBuffer(sizeof(ChangeEPS_In)); - in->authHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ChangeEPS (in); -break; -} -#endif // CC_ChangeEPS -#if CC_Clear -case TPM_CC_Clear: { - Clear_In *in = (Clear_In *) - MemoryGetInBuffer(sizeof(Clear_In)); - in->authHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Clear (in); -break; -} -#endif // CC_Clear -#if CC_ClearControl -case TPM_CC_ClearControl: { - ClearControl_In *in = (ClearControl_In *) - MemoryGetInBuffer(sizeof(ClearControl_In)); - in->auth = handles[0]; - result = TPMI_YES_NO_Unmarshal(&in->disable, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ClearControl_disable); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ClearControl (in); -break; -} -#endif // CC_ClearControl -#if CC_HierarchyChangeAuth -case TPM_CC_HierarchyChangeAuth: { - HierarchyChangeAuth_In *in = (HierarchyChangeAuth_In *) - MemoryGetInBuffer(sizeof(HierarchyChangeAuth_In)); - in->authHandle = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_HierarchyChangeAuth_newAuth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_HierarchyChangeAuth (in); -break; -} -#endif // CC_HierarchyChangeAuth -#if CC_DictionaryAttackLockReset -case TPM_CC_DictionaryAttackLockReset: { - DictionaryAttackLockReset_In *in = (DictionaryAttackLockReset_In *) - MemoryGetInBuffer(sizeof(DictionaryAttackLockReset_In)); - in->lockHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_DictionaryAttackLockReset (in); -break; -} -#endif // CC_DictionaryAttackLockReset -#if CC_DictionaryAttackParameters -case TPM_CC_DictionaryAttackParameters: { - DictionaryAttackParameters_In *in = (DictionaryAttackParameters_In *) - MemoryGetInBuffer(sizeof(DictionaryAttackParameters_In)); - in->lockHandle = handles[0]; - result = UINT32_Unmarshal(&in->newMaxTries, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_newMaxTries); - result = UINT32_Unmarshal(&in->newRecoveryTime, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_newRecoveryTime); - result = UINT32_Unmarshal(&in->lockoutRecovery, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_lockoutRecovery); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_DictionaryAttackParameters (in); -break; -} -#endif // CC_DictionaryAttackParameters -#if CC_PP_Commands -case TPM_CC_PP_Commands: { - PP_Commands_In *in = (PP_Commands_In *) - MemoryGetInBuffer(sizeof(PP_Commands_In)); - in->auth = handles[0]; - result = TPML_CC_Unmarshal(&in->setList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PP_Commands_setList); - result = TPML_CC_Unmarshal(&in->clearList, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_PP_Commands_clearList); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_PP_Commands (in); -break; -} -#endif // CC_PP_Commands -#if CC_SetAlgorithmSet -case TPM_CC_SetAlgorithmSet: { - SetAlgorithmSet_In *in = (SetAlgorithmSet_In *) - MemoryGetInBuffer(sizeof(SetAlgorithmSet_In)); - in->authHandle = handles[0]; - result = UINT32_Unmarshal(&in->algorithmSet, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_SetAlgorithmSet_algorithmSet); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_SetAlgorithmSet (in); -break; -} -#endif // CC_SetAlgorithmSet -#if CC_FieldUpgradeStart -case TPM_CC_FieldUpgradeStart: { - FieldUpgradeStart_In *in = (FieldUpgradeStart_In *) - MemoryGetInBuffer(sizeof(FieldUpgradeStart_In)); - in->authorization = handles[0]; - in->keyHandle = handles[1]; - result = TPM2B_DIGEST_Unmarshal(&in->fuDigest, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_FieldUpgradeStart_fuDigest); - result = TPMT_SIGNATURE_Unmarshal(&in->manifestSignature, paramBuffer, paramBufferSize, FALSE); - ERROR_IF_EXIT_PLUS(RC_FieldUpgradeStart_manifestSignature); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_FieldUpgradeStart (in); -break; -} -#endif // CC_FieldUpgradeStart -#if CC_FieldUpgradeData -case TPM_CC_FieldUpgradeData: { - FieldUpgradeData_In *in = (FieldUpgradeData_In *) - MemoryGetInBuffer(sizeof(FieldUpgradeData_In)); - FieldUpgradeData_Out *out = (FieldUpgradeData_Out *) - MemoryGetOutBuffer(sizeof(FieldUpgradeData_Out)); - result = TPM2B_MAX_BUFFER_Unmarshal(&in->fuData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_FieldUpgradeData_fuData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_FieldUpgradeData (in, out); - rSize = sizeof(FieldUpgradeData_Out); - *respParmSize += TPMT_HA_Marshal(&out->nextDigest, - responseBuffer, &rSize); - *respParmSize += TPMT_HA_Marshal(&out->firstDigest, - responseBuffer, &rSize); -break; -} -#endif // CC_FieldUpgradeData -#if CC_FirmwareRead -case TPM_CC_FirmwareRead: { - FirmwareRead_In *in = (FirmwareRead_In *) - MemoryGetInBuffer(sizeof(FirmwareRead_In)); - FirmwareRead_Out *out = (FirmwareRead_Out *) - MemoryGetOutBuffer(sizeof(FirmwareRead_Out)); - result = UINT32_Unmarshal(&in->sequenceNumber, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_FirmwareRead_sequenceNumber); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_FirmwareRead (in, out); - rSize = sizeof(FirmwareRead_Out); - *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->fuData, - responseBuffer, &rSize); -break; -} -#endif // CC_FirmwareRead -#if CC_ContextSave -case TPM_CC_ContextSave: { - ContextSave_In *in = (ContextSave_In *) - MemoryGetInBuffer(sizeof(ContextSave_In)); - ContextSave_Out *out = (ContextSave_Out *) - MemoryGetOutBuffer(sizeof(ContextSave_Out)); - in->saveHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ContextSave (in, out); - rSize = sizeof(ContextSave_Out); - *respParmSize += TPMS_CONTEXT_Marshal(&out->context, - responseBuffer, &rSize); -break; -} -#endif // CC_ContextSave -#if CC_ContextLoad -case TPM_CC_ContextLoad: { - ContextLoad_In *in = (ContextLoad_In *) - MemoryGetInBuffer(sizeof(ContextLoad_In)); - ContextLoad_Out *out = (ContextLoad_Out *) - MemoryGetOutBuffer(sizeof(ContextLoad_Out)); - result = TPMS_CONTEXT_Unmarshal(&in->context, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ContextLoad_context); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ContextLoad (in, out); - rSize = sizeof(ContextLoad_Out); - if(TPM_RC_SUCCESS != result) goto Exit; -; command->handles[command->handleNum++] = out->loadedHandle; -break; -} -#endif // CC_ContextLoad -#if CC_FlushContext -case TPM_CC_FlushContext: { - FlushContext_In *in = (FlushContext_In *) - MemoryGetInBuffer(sizeof(FlushContext_In)); - result = TPMI_DH_CONTEXT_Unmarshal(&in->flushHandle, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_FlushContext_flushHandle); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_FlushContext (in); -break; -} -#endif // CC_FlushContext -#if CC_EvictControl -case TPM_CC_EvictControl: { - EvictControl_In *in = (EvictControl_In *) - MemoryGetInBuffer(sizeof(EvictControl_In)); - in->auth = handles[0]; - in->objectHandle = handles[1]; - result = TPMI_DH_PERSISTENT_Unmarshal(&in->persistentHandle, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_EvictControl_persistentHandle); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_EvictControl (in); -break; -} -#endif // CC_EvictControl -#if CC_ReadClock -case TPM_CC_ReadClock: { - ReadClock_Out *out = (ReadClock_Out *) - MemoryGetOutBuffer(sizeof(ReadClock_Out)); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ReadClock (out); - rSize = sizeof(ReadClock_Out); - *respParmSize += TPMS_TIME_INFO_Marshal(&out->currentTime, - responseBuffer, &rSize); -break; -} -#endif // CC_ReadClock -#if CC_ClockSet -case TPM_CC_ClockSet: { - ClockSet_In *in = (ClockSet_In *) - MemoryGetInBuffer(sizeof(ClockSet_In)); - in->auth = handles[0]; - result = UINT64_Unmarshal(&in->newTime, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ClockSet_newTime); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ClockSet (in); -break; -} -#endif // CC_ClockSet -#if CC_ClockRateAdjust -case TPM_CC_ClockRateAdjust: { - ClockRateAdjust_In *in = (ClockRateAdjust_In *) - MemoryGetInBuffer(sizeof(ClockRateAdjust_In)); - in->auth = handles[0]; - result = TPM_CLOCK_ADJUST_Unmarshal(&in->rateAdjust, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_ClockRateAdjust_rateAdjust); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_ClockRateAdjust (in); -break; -} -#endif // CC_ClockRateAdjust -#if CC_GetCapability -case TPM_CC_GetCapability: { - GetCapability_In *in = (GetCapability_In *) - MemoryGetInBuffer(sizeof(GetCapability_In)); - GetCapability_Out *out = (GetCapability_Out *) - MemoryGetOutBuffer(sizeof(GetCapability_Out)); - result = TPM_CAP_Unmarshal(&in->capability, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetCapability_capability); - result = UINT32_Unmarshal(&in->property, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetCapability_property); - result = UINT32_Unmarshal(&in->propertyCount, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_GetCapability_propertyCount); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_GetCapability (in, out); - rSize = sizeof(GetCapability_Out); - *respParmSize += TPMI_YES_NO_Marshal(&out->moreData, - responseBuffer, &rSize); - *respParmSize += TPMS_CAPABILITY_DATA_Marshal(&out->capabilityData, - responseBuffer, &rSize); -break; -} -#endif // CC_GetCapability -#if CC_TestParms -case TPM_CC_TestParms: { - TestParms_In *in = (TestParms_In *) - MemoryGetInBuffer(sizeof(TestParms_In)); - result = TPMT_PUBLIC_PARMS_Unmarshal(&in->parameters, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_TestParms_parameters); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_TestParms (in); -break; -} -#endif // CC_TestParms -#if CC_NV_DefineSpace -case TPM_CC_NV_DefineSpace: { - NV_DefineSpace_In *in = (NV_DefineSpace_In *) - MemoryGetInBuffer(sizeof(NV_DefineSpace_In)); - in->authHandle = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_DefineSpace_auth); - result = TPM2B_NV_PUBLIC_Unmarshal(&in->publicInfo, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_DefineSpace_publicInfo); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_DefineSpace (in); -break; -} -#endif // CC_NV_DefineSpace -#if CC_NV_UndefineSpace -case TPM_CC_NV_UndefineSpace: { - NV_UndefineSpace_In *in = (NV_UndefineSpace_In *) - MemoryGetInBuffer(sizeof(NV_UndefineSpace_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_UndefineSpace (in); -break; -} -#endif // CC_NV_UndefineSpace -#if CC_NV_UndefineSpaceSpecial -case TPM_CC_NV_UndefineSpaceSpecial: { - NV_UndefineSpaceSpecial_In *in = (NV_UndefineSpaceSpecial_In *) - MemoryGetInBuffer(sizeof(NV_UndefineSpaceSpecial_In)); - in->nvIndex = handles[0]; - in->platform = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_UndefineSpaceSpecial (in); -break; -} -#endif // CC_NV_UndefineSpaceSpecial -#if CC_NV_ReadPublic -case TPM_CC_NV_ReadPublic: { - NV_ReadPublic_In *in = (NV_ReadPublic_In *) - MemoryGetInBuffer(sizeof(NV_ReadPublic_In)); - NV_ReadPublic_Out *out = (NV_ReadPublic_Out *) - MemoryGetOutBuffer(sizeof(NV_ReadPublic_Out)); - in->nvIndex = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_ReadPublic (in, out); - rSize = sizeof(NV_ReadPublic_Out); - *respParmSize += TPM2B_NV_PUBLIC_Marshal(&out->nvPublic, - responseBuffer, &rSize); - *respParmSize += TPM2B_NAME_Marshal(&out->nvName, - responseBuffer, &rSize); -break; -} -#endif // CC_NV_ReadPublic -#if CC_NV_Write -case TPM_CC_NV_Write: { - NV_Write_In *in = (NV_Write_In *) - MemoryGetInBuffer(sizeof(NV_Write_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - result = TPM2B_MAX_NV_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Write_data); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Write_offset); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Write (in); -break; -} -#endif // CC_NV_Write -#if CC_NV_Increment -case TPM_CC_NV_Increment: { - NV_Increment_In *in = (NV_Increment_In *) - MemoryGetInBuffer(sizeof(NV_Increment_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Increment (in); -break; -} -#endif // CC_NV_Increment -#if CC_NV_Extend -case TPM_CC_NV_Extend: { - NV_Extend_In *in = (NV_Extend_In *) - MemoryGetInBuffer(sizeof(NV_Extend_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - result = TPM2B_MAX_NV_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Extend_data); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Extend (in); -break; -} -#endif // CC_NV_Extend -#if CC_NV_SetBits -case TPM_CC_NV_SetBits: { - NV_SetBits_In *in = (NV_SetBits_In *) - MemoryGetInBuffer(sizeof(NV_SetBits_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - result = UINT64_Unmarshal(&in->bits, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_SetBits_bits); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_SetBits (in); -break; -} -#endif // CC_NV_SetBits -#if CC_NV_WriteLock -case TPM_CC_NV_WriteLock: { - NV_WriteLock_In *in = (NV_WriteLock_In *) - MemoryGetInBuffer(sizeof(NV_WriteLock_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_WriteLock (in); -break; -} -#endif // CC_NV_WriteLock -#if CC_NV_GlobalWriteLock -case TPM_CC_NV_GlobalWriteLock: { - NV_GlobalWriteLock_In *in = (NV_GlobalWriteLock_In *) - MemoryGetInBuffer(sizeof(NV_GlobalWriteLock_In)); - in->authHandle = handles[0]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_GlobalWriteLock (in); -break; -} -#endif // CC_NV_GlobalWriteLock -#if CC_NV_Read -case TPM_CC_NV_Read: { - NV_Read_In *in = (NV_Read_In *) - MemoryGetInBuffer(sizeof(NV_Read_In)); - NV_Read_Out *out = (NV_Read_Out *) - MemoryGetOutBuffer(sizeof(NV_Read_Out)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - result = UINT16_Unmarshal(&in->size, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Read_size); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Read_offset); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Read (in, out); - rSize = sizeof(NV_Read_Out); - *respParmSize += TPM2B_MAX_NV_BUFFER_Marshal(&out->data, - responseBuffer, &rSize); -break; -} -#endif // CC_NV_Read -#if CC_NV_ReadLock -case TPM_CC_NV_ReadLock: { - NV_ReadLock_In *in = (NV_ReadLock_In *) - MemoryGetInBuffer(sizeof(NV_ReadLock_In)); - in->authHandle = handles[0]; - in->nvIndex = handles[1]; - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_ReadLock (in); -break; -} -#endif // CC_NV_ReadLock -#if CC_NV_ChangeAuth -case TPM_CC_NV_ChangeAuth: { - NV_ChangeAuth_In *in = (NV_ChangeAuth_In *) - MemoryGetInBuffer(sizeof(NV_ChangeAuth_In)); - in->nvIndex = handles[0]; - result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_ChangeAuth_newAuth); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_ChangeAuth (in); -break; -} -#endif // CC_NV_ChangeAuth -#if CC_NV_Certify -case TPM_CC_NV_Certify: { - NV_Certify_In *in = (NV_Certify_In *) - MemoryGetInBuffer(sizeof(NV_Certify_In)); - NV_Certify_Out *out = (NV_Certify_Out *) - MemoryGetOutBuffer(sizeof(NV_Certify_Out)); - in->signHandle = handles[0]; - in->authHandle = handles[1]; - in->nvIndex = handles[2]; - result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Certify_qualifyingData); - result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); - ERROR_IF_EXIT_PLUS(RC_NV_Certify_inScheme); - result = UINT16_Unmarshal(&in->size, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Certify_size); - result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_NV_Certify_offset); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_NV_Certify (in, out); - rSize = sizeof(NV_Certify_Out); - *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, - responseBuffer, &rSize); - *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, - responseBuffer, &rSize); -break; -} -#endif // CC_NV_Certify -#if CC_AC_GetCapability -case TPM_CC_AC_GetCapability: { - AC_GetCapability_In *in = (AC_GetCapability_In *) - MemoryGetInBuffer(sizeof(AC_GetCapability_In)); - AC_GetCapability_Out *out = (AC_GetCapability_Out *) - MemoryGetOutBuffer(sizeof(AC_GetCapability_Out)); - in->ac = handles[0]; - result = TPM_AT_Unmarshal(&in->capability, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_AC_GetCapability_capability); - result = UINT32_Unmarshal(&in->count, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_AC_GetCapability_count); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_AC_GetCapability (in, out); - rSize = sizeof(AC_GetCapability_Out); - *respParmSize += TPMI_YES_NO_Marshal(&out->moreData, - responseBuffer, &rSize); - *respParmSize += TPML_AC_CAPABILITIES_Marshal(&out->capabilitiesData, - responseBuffer, &rSize); -break; -} -#endif // CC_AC_GetCapability -#if CC_AC_Send -case TPM_CC_AC_Send: { - AC_Send_In *in = (AC_Send_In *) - MemoryGetInBuffer(sizeof(AC_Send_In)); - AC_Send_Out *out = (AC_Send_Out *) - MemoryGetOutBuffer(sizeof(AC_Send_Out)); - in->sendObject = handles[0]; - in->authHandle = handles[1]; - in->ac = handles[2]; - result = TPM2B_MAX_BUFFER_Unmarshal(&in->acDataIn, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_AC_Send_acDataIn); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_AC_Send (in, out); - rSize = sizeof(AC_Send_Out); - *respParmSize += TPMS_AC_OUTPUT_Marshal(&out->acDataOut, - responseBuffer, &rSize); -break; -} -#endif // CC_AC_Send -#if CC_Policy_AC_SendSelect -case TPM_CC_Policy_AC_SendSelect: { - Policy_AC_SendSelect_In *in = (Policy_AC_SendSelect_In *) - MemoryGetInBuffer(sizeof(Policy_AC_SendSelect_In)); - in->policySession = handles[0]; - result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_objectName); - result = TPM2B_NAME_Unmarshal(&in->authHandleName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_authHandleName); - result = TPM2B_NAME_Unmarshal(&in->acName, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_acName); - result = TPMI_YES_NO_Unmarshal(&in->includeObject, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_includeObject); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Policy_AC_SendSelect (in); -break; -} -#endif // CC_Policy_AC_SendSelect -#if CC_Vendor_TCG_Test -case TPM_CC_Vendor_TCG_Test: { - Vendor_TCG_Test_In *in = (Vendor_TCG_Test_In *) - MemoryGetInBuffer(sizeof(Vendor_TCG_Test_In)); - Vendor_TCG_Test_Out *out = (Vendor_TCG_Test_Out *) - MemoryGetOutBuffer(sizeof(Vendor_TCG_Test_Out)); - result = TPM2B_DATA_Unmarshal(&in->inputData, paramBuffer, paramBufferSize); - ERROR_IF_EXIT_PLUS(RC_Vendor_TCG_Test_inputData); - if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } -result = TPM2_Vendor_TCG_Test (in, out); - rSize = sizeof(Vendor_TCG_Test_Out); - *respParmSize += TPM2B_DATA_Marshal(&out->outputData, - responseBuffer, &rSize); -break; -} -#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h deleted file mode 100644 index f72c71e1a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h +++ /dev/null @@ -1,451 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.1 Dec 8, 2018 - * Date: Jan 28, 2019 Time: 01:24:09AM - */ - -#ifndef _COMMANDS_H_ -#define _COMMANDS_H_ - - -// Start-up -#ifdef TPM_CC_Startup -#include "Startup_fp.h" -#endif -#ifdef TPM_CC_Shutdown -#include "Shutdown_fp.h" -#endif - -// Testing -#ifdef TPM_CC_SelfTest -#include "SelfTest_fp.h" -#endif -#ifdef TPM_CC_IncrementalSelfTest -#include "IncrementalSelfTest_fp.h" -#endif -#ifdef TPM_CC_GetTestResult -#include "GetTestResult_fp.h" -#endif - -// Session Commands -#ifdef TPM_CC_StartAuthSession -#include "StartAuthSession_fp.h" -#endif -#ifdef TPM_CC_PolicyRestart -#include "PolicyRestart_fp.h" -#endif - -// Object Commands -#ifdef TPM_CC_Create -#include "Create_fp.h" -#endif -#ifdef TPM_CC_Load -#include "Load_fp.h" -#endif -#ifdef TPM_CC_LoadExternal -#include "LoadExternal_fp.h" -#endif -#ifdef TPM_CC_ReadPublic -#include "ReadPublic_fp.h" -#endif -#ifdef TPM_CC_ActivateCredential -#include "ActivateCredential_fp.h" -#endif -#ifdef TPM_CC_MakeCredential -#include "MakeCredential_fp.h" -#endif -#ifdef TPM_CC_Unseal -#include "Unseal_fp.h" -#endif -#ifdef TPM_CC_ObjectChangeAuth -#include "ObjectChangeAuth_fp.h" -#endif -#ifdef TPM_CC_CreateLoaded -#include "CreateLoaded_fp.h" -#endif - -// Duplication Commands -#ifdef TPM_CC_Duplicate -#include "Duplicate_fp.h" -#endif -#ifdef TPM_CC_Rewrap -#include "Rewrap_fp.h" -#endif -#ifdef TPM_CC_Import -#include "Import_fp.h" -#endif - -// Asymmetric Primitives -#ifdef TPM_CC_RSA_Encrypt -#include "RSA_Encrypt_fp.h" -#endif -#ifdef TPM_CC_RSA_Decrypt -#include "RSA_Decrypt_fp.h" -#endif -#ifdef TPM_CC_ECDH_KeyGen -#include "ECDH_KeyGen_fp.h" -#endif -#ifdef TPM_CC_ECDH_ZGen -#include "ECDH_ZGen_fp.h" -#endif -#ifdef TPM_CC_ECC_Parameters -#include "ECC_Parameters_fp.h" -#endif -#ifdef TPM_CC_ZGen_2Phase -#include "ZGen_2Phase_fp.h" -#endif - -// Symmetric Primitives -#ifdef TPM_CC_EncryptDecrypt -#include "EncryptDecrypt_fp.h" -#endif -#ifdef TPM_CC_EncryptDecrypt2 -#include "EncryptDecrypt2_fp.h" -#endif -#ifdef TPM_CC_Hash -#include "Hash_fp.h" -#endif -#ifdef TPM_CC_HMAC -#include "HMAC_fp.h" -#endif -#ifdef TPM_CC_MAC -#include "MAC_fp.h" -#endif - -// Random Number Generator -#ifdef TPM_CC_GetRandom -#include "GetRandom_fp.h" -#endif -#ifdef TPM_CC_StirRandom -#include "StirRandom_fp.h" -#endif - -// Hash/HMAC/Event Sequences -#ifdef TPM_CC_HMAC_Start -#include "HMAC_Start_fp.h" -#endif -#ifdef TPM_CC_MAC_Start -#include "MAC_Start_fp.h" -#endif -#ifdef TPM_CC_HashSequenceStart -#include "HashSequenceStart_fp.h" -#endif -#ifdef TPM_CC_SequenceUpdate -#include "SequenceUpdate_fp.h" -#endif -#ifdef TPM_CC_SequenceComplete -#include "SequenceComplete_fp.h" -#endif -#ifdef TPM_CC_EventSequenceComplete -#include "EventSequenceComplete_fp.h" -#endif - -// Attestation Commands -#ifdef TPM_CC_Certify -#include "Certify_fp.h" -#endif -#ifdef TPM_CC_CertifyCreation -#include "CertifyCreation_fp.h" -#endif -#ifdef TPM_CC_Quote -#include "Quote_fp.h" -#endif -#ifdef TPM_CC_GetSessionAuditDigest -#include "GetSessionAuditDigest_fp.h" -#endif -#ifdef TPM_CC_GetCommandAuditDigest -#include "GetCommandAuditDigest_fp.h" -#endif -#ifdef TPM_CC_GetTime -#include "GetTime_fp.h" -#endif -#ifdef TPM_CC_CertifyX509 -#include "CertifyX509_fp.h" -#endif - -// Ephemeral EC Keys -#ifdef TPM_CC_Commit -#include "Commit_fp.h" -#endif -#ifdef TPM_CC_EC_Ephemeral -#include "EC_Ephemeral_fp.h" -#endif - -// Signing and Signature Verification -#ifdef TPM_CC_VerifySignature -#include "VerifySignature_fp.h" -#endif -#ifdef TPM_CC_Sign -#include "Sign_fp.h" -#endif - -// Command Audit -#ifdef TPM_CC_SetCommandCodeAuditStatus -#include "SetCommandCodeAuditStatus_fp.h" -#endif - -// Integrity Collection (PCR) -#ifdef TPM_CC_PCR_Extend -#include "PCR_Extend_fp.h" -#endif -#ifdef TPM_CC_PCR_Event -#include "PCR_Event_fp.h" -#endif -#ifdef TPM_CC_PCR_Read -#include "PCR_Read_fp.h" -#endif -#ifdef TPM_CC_PCR_Allocate -#include "PCR_Allocate_fp.h" -#endif -#ifdef TPM_CC_PCR_SetAuthPolicy -#include "PCR_SetAuthPolicy_fp.h" -#endif -#ifdef TPM_CC_PCR_SetAuthValue -#include "PCR_SetAuthValue_fp.h" -#endif -#ifdef TPM_CC_PCR_Reset -#include "PCR_Reset_fp.h" -#endif - -// Enhanced Authorization (EA) Commands -#ifdef TPM_CC_PolicySigned -#include "PolicySigned_fp.h" -#endif -#ifdef TPM_CC_PolicySecret -#include "PolicySecret_fp.h" -#endif -#ifdef TPM_CC_PolicyTicket -#include "PolicyTicket_fp.h" -#endif -#ifdef TPM_CC_PolicyOR -#include "PolicyOR_fp.h" -#endif -#ifdef TPM_CC_PolicyPCR -#include "PolicyPCR_fp.h" -#endif -#ifdef TPM_CC_PolicyLocality -#include "PolicyLocality_fp.h" -#endif -#ifdef TPM_CC_PolicyNV -#include "PolicyNV_fp.h" -#endif -#ifdef TPM_CC_PolicyCounterTimer -#include "PolicyCounterTimer_fp.h" -#endif -#ifdef TPM_CC_PolicyCommandCode -#include "PolicyCommandCode_fp.h" -#endif -#ifdef TPM_CC_PolicyPhysicalPresence -#include "PolicyPhysicalPresence_fp.h" -#endif -#ifdef TPM_CC_PolicyCpHash -#include "PolicyCpHash_fp.h" -#endif -#ifdef TPM_CC_PolicyNameHash -#include "PolicyNameHash_fp.h" -#endif -#ifdef TPM_CC_PolicyDuplicationSelect -#include "PolicyDuplicationSelect_fp.h" -#endif -#ifdef TPM_CC_PolicyAuthorize -#include "PolicyAuthorize_fp.h" -#endif -#ifdef TPM_CC_PolicyAuthValue -#include "PolicyAuthValue_fp.h" -#endif -#ifdef TPM_CC_PolicyPassword -#include "PolicyPassword_fp.h" -#endif -#ifdef TPM_CC_PolicyGetDigest -#include "PolicyGetDigest_fp.h" -#endif -#ifdef TPM_CC_PolicyNvWritten -#include "PolicyNvWritten_fp.h" -#endif -#ifdef TPM_CC_PolicyTemplate -#include "PolicyTemplate_fp.h" -#endif -#ifdef TPM_CC_PolicyAuthorizeNV -#include "PolicyAuthorizeNV_fp.h" -#endif - -// Hierarchy Commands -#ifdef TPM_CC_CreatePrimary -#include "CreatePrimary_fp.h" -#endif -#ifdef TPM_CC_HierarchyControl -#include "HierarchyControl_fp.h" -#endif -#ifdef TPM_CC_SetPrimaryPolicy -#include "SetPrimaryPolicy_fp.h" -#endif -#ifdef TPM_CC_ChangePPS -#include "ChangePPS_fp.h" -#endif -#ifdef TPM_CC_ChangeEPS -#include "ChangeEPS_fp.h" -#endif -#ifdef TPM_CC_Clear -#include "Clear_fp.h" -#endif -#ifdef TPM_CC_ClearControl -#include "ClearControl_fp.h" -#endif -#ifdef TPM_CC_HierarchyChangeAuth -#include "HierarchyChangeAuth_fp.h" -#endif - -// Dictionary Attack Functions -#ifdef TPM_CC_DictionaryAttackLockReset -#include "DictionaryAttackLockReset_fp.h" -#endif -#ifdef TPM_CC_DictionaryAttackParameters -#include "DictionaryAttackParameters_fp.h" -#endif - -// Miscellaneous Management Functions -#ifdef TPM_CC_PP_Commands -#include "PP_Commands_fp.h" -#endif -#ifdef TPM_CC_SetAlgorithmSet -#include "SetAlgorithmSet_fp.h" -#endif - -// Field Upgrade -#ifdef TPM_CC_FieldUpgradeStart -#include "FieldUpgradeStart_fp.h" -#endif -#ifdef TPM_CC_FieldUpgradeData -#include "FieldUpgradeData_fp.h" -#endif -#ifdef TPM_CC_FirmwareRead -#include "FirmwareRead_fp.h" -#endif - -// Context Management -#ifdef TPM_CC_ContextSave -#include "ContextSave_fp.h" -#endif -#ifdef TPM_CC_ContextLoad -#include "ContextLoad_fp.h" -#endif -#ifdef TPM_CC_FlushContext -#include "FlushContext_fp.h" -#endif -#ifdef TPM_CC_EvictControl -#include "EvictControl_fp.h" -#endif - -// Clocks and Timers -#ifdef TPM_CC_ReadClock -#include "ReadClock_fp.h" -#endif -#ifdef TPM_CC_ClockSet -#include "ClockSet_fp.h" -#endif -#ifdef TPM_CC_ClockRateAdjust -#include "ClockRateAdjust_fp.h" -#endif - -// Capability Commands -#ifdef TPM_CC_GetCapability -#include "GetCapability_fp.h" -#endif -#ifdef TPM_CC_TestParms -#include "TestParms_fp.h" -#endif - -// Non-volatile Storage -#ifdef TPM_CC_NV_DefineSpace -#include "NV_DefineSpace_fp.h" -#endif -#ifdef TPM_CC_NV_UndefineSpace -#include "NV_UndefineSpace_fp.h" -#endif -#ifdef TPM_CC_NV_UndefineSpaceSpecial -#include "NV_UndefineSpaceSpecial_fp.h" -#endif -#ifdef TPM_CC_NV_ReadPublic -#include "NV_ReadPublic_fp.h" -#endif -#ifdef TPM_CC_NV_Write -#include "NV_Write_fp.h" -#endif -#ifdef TPM_CC_NV_Increment -#include "NV_Increment_fp.h" -#endif -#ifdef TPM_CC_NV_Extend -#include "NV_Extend_fp.h" -#endif -#ifdef TPM_CC_NV_SetBits -#include "NV_SetBits_fp.h" -#endif -#ifdef TPM_CC_NV_WriteLock -#include "NV_WriteLock_fp.h" -#endif -#ifdef TPM_CC_NV_GlobalWriteLock -#include "NV_GlobalWriteLock_fp.h" -#endif -#ifdef TPM_CC_NV_Read -#include "NV_Read_fp.h" -#endif -#ifdef TPM_CC_NV_ReadLock -#include "NV_ReadLock_fp.h" -#endif -#ifdef TPM_CC_NV_ChangeAuth -#include "NV_ChangeAuth_fp.h" -#endif -#ifdef TPM_CC_NV_Certify -#include "NV_Certify_fp.h" -#endif - -// Attached Components -#ifdef TPM_CC_AC_GetCapability -#include "AC_GetCapability_fp.h" -#endif -#ifdef TPM_CC_AC_Send -#include "AC_Send_fp.h" -#endif -#ifdef TPM_CC_Policy_AC_SendSelect -#include "Policy_AC_SendSelect_fp.h" -#endif - -// Vendor Specific -#ifdef TPM_CC_Vendor_TCG_Test -#include "Vendor_TCG_Test_fp.h" -#endif - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h deleted file mode 100644 index 2931952f0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h +++ /dev/null @@ -1,132 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the build switches. This contains switches for multiple -// versions of the crypto-library so some may not apply to your environment. -// - -#ifndef _COMPILER_DEPENDENCIES_H_ -#define _COMPILER_DEPENDENCIES_H_ - -#ifdef GCC -# undef _MSC_VER -# undef WIN32 -#endif - -#ifdef _MSC_VER -// These definitions are for the Microsoft compiler - -// Endian conversion for aligned structures -# define REVERSE_ENDIAN_16(_Number) _byteswap_ushort(_Number) -# define REVERSE_ENDIAN_32(_Number) _byteswap_ulong(_Number) -# define REVERSE_ENDIAN_64(_Number) _byteswap_uint64(_Number) - -// Avoid compiler warning for in line of stdio (or not) -//#define _NO_CRT_STDIO_INLINE - -// This macro is used to handle LIB_EXPORT of function and variable names in lieu -// of a .def file. Visual Studio requires that functions be explicitly exported and -// imported. -# define LIB_EXPORT __declspec(dllexport) // VS compatible version -# define LIB_IMPORT __declspec(dllimport) - -// This is defined to indicate a function that does not return. Microsoft compilers -// do not support the _Noretrun function parameter. -# define NORETURN __declspec(noreturn) -# if _MSC_VER >= 1400 // SAL processing when needed -# include -# endif - -# ifdef _WIN64 -# define _INTPTR 2 -# else -# define _INTPTR 1 -# endif - - -#define NOT_REFERENCED(x) (x) - -// Lower the compiler error warning for system include -// files. They tend not to be that clean and there is no -// reason to sort through all the spurious errors that they -// generate when the normal error level is set to /Wall -# define _REDUCE_WARNING_LEVEL_(n) \ -__pragma(warning(push, n)) -// Restore the compiler warning level -# define _NORMAL_WARNING_LEVEL_ \ -__pragma(warning(pop)) -# include -#endif - -#ifndef _MSC_VER -#ifndef WINAPI -# define WINAPI -#endif -# define __pragma(x) -# define REVERSE_ENDIAN_16(_Number) __builtin_bswap16(_Number) -# define REVERSE_ENDIAN_32(_Number) __builtin_bswap32(_Number) -# define REVERSE_ENDIAN_64(_Number) __builtin_bswap64(_Number) -#endif - -#if defined(__GNUC__) -# define NORETURN __attribute__((noreturn)) -# include -#endif - -// Things that are not defined should be defined as NULL -#ifndef NORETURN -# define NORETURN -#endif -#ifndef LIB_EXPORT -# define LIB_EXPORT -#endif -#ifndef LIB_IMPORT -# define LIB_IMPORT -#endif -#ifndef _REDUCE_WARNING_LEVEL_ -# define _REDUCE_WARNING_LEVEL_(n) -#endif -#ifndef _NORMAL_WARNING_LEVEL_ -# define _NORMAL_WARNING_LEVEL_ -#endif -#ifndef NOT_REFERENCED -# define NOT_REFERENCED(x) (x = x) -#endif - -#ifdef _POSIX_ -typedef int SOCKET; -#endif - - -#endif // _COMPILER_DEPENDENCIES_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h deleted file mode 100644 index f05e781ad..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains structure definitions used for ECC. The -// structures in this file are only used internally. The ECC-related structures -// that cross the TPM interface are defined in TpmTypes.h -// - -#ifndef _CRYPT_ECC_H -#define _CRYPT_ECC_H - -//** Structures - -// This is used to define the macro that may or may not be in the data set for the -// curve (CryptEccData.c). If there is a mismatch, the compiler will warn that there -// is to much/not enough initialization data in the curve. The macro is used because -// not all versions of the CryptEccData.c need the curve name. -#ifdef NAMED_CURVES -#define CURVE_NAME(a) , a -#define CURVE_NAME_DEF const char *name; -#else -# define CURVE_NAME(a) -# define CURVE_NAME_DEF -#endif - -typedef struct ECC_CURVE -{ - const TPM_ECC_CURVE curveId; - const UINT16 keySizeBits; - const TPMT_KDF_SCHEME kdf; - const TPMT_ECC_SCHEME sign; - const ECC_CURVE_DATA *curveData; // the address of the curve data - const BYTE *OID; - CURVE_NAME_DEF -} ECC_CURVE; - -extern const ECC_CURVE eccCurves[ECC_CURVE_COUNT]; - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h deleted file mode 100644 index de6eb5148..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h +++ /dev/null @@ -1,303 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This header contains the hash structure definitions used in the TPM code -// to define the amount of space to be reserved for the hash state. This allows -// the TPM code to not have to import all of the symbols used by the hash -// computations. This lets the build environment of the TPM code not to have -// include the header files associated with the CryptoEngine code. - -#ifndef _CRYPT_HASH_H -#define _CRYPT_HASH_H - -//** Hash-related Structures - -union SMAC_STATES; - -// These definitions add the high-level methods for processing state that may be -// an SMAC -typedef void(* SMAC_DATA_METHOD)( - union SMAC_STATES *state, - UINT32 size, - const BYTE *buffer - ); - -typedef UINT16(* SMAC_END_METHOD)( - union SMAC_STATES *state, - UINT32 size, - BYTE *buffer - ); - -typedef struct sequenceMethods { - SMAC_DATA_METHOD data; - SMAC_END_METHOD end; -} SMAC_METHODS; - -#define SMAC_IMPLEMENTED (CC_MAC || CC_MAC_Start) - -// These definitions are here because the SMAC state is in the union of hash states. -typedef struct tpmCmacState { - TPM_ALG_ID symAlg; - UINT16 keySizeBits; - INT16 bcount; // current count of bytes accumulated in IV - TPM2B_IV iv; // IV buffer - TPM2B_SYM_KEY symKey; -} tpmCmacState_t; - -typedef union SMAC_STATES { -#if ALG_CMAC - tpmCmacState_t cmac; -#endif - UINT64 pad; -} SMAC_STATES; - -typedef struct SMAC_STATE { - SMAC_METHODS smacMethods; - SMAC_STATES state; -} SMAC_STATE; - - -typedef union -{ -#if ALG_SHA1 - tpmHashStateSHA1_t Sha1; -#endif -#if ALG_SHA256 - tpmHashStateSHA256_t Sha256; -#endif -#if ALG_SHA384 - tpmHashStateSHA384_t Sha384; -#endif -#if ALG_SHA512 - tpmHashStateSHA512_t Sha512; -#endif - -// Additions for symmetric block cipher MAC -#if SMAC_IMPLEMENTED - SMAC_STATE smac; -#endif - // to force structure alignment to be no worse than HASH_ALIGNMENT -#if HASH_ALIGNMENT == 4 - uint32_t align; -#else - uint64_t align; -#endif -} ANY_HASH_STATE; - -typedef ANY_HASH_STATE *PANY_HASH_STATE; -typedef const ANY_HASH_STATE *PCANY_HASH_STATE; - -#define ALIGNED_SIZE(x, b) ((((x) + (b) - 1) / (b)) * (b)) -// MAX_HASH_STATE_SIZE will change with each implementation. It is assumed that -// a hash state will not be larger than twice the block size plus some -// overhead (in this case, 16 bytes). The overall size needs to be as -// large as any of the hash contexts. The structure needs to start on an -// alignment boundary and be an even multiple of the alignment -#define MAX_HASH_STATE_SIZE ((2 * MAX_HASH_BLOCK_SIZE) + 16) -#define MAX_HASH_STATE_SIZE_ALIGNED \ - ALIGNED_SIZE(MAX_HASH_STATE_SIZE, HASH_ALIGNMENT) - -// This is an aligned byte array that will hold any of the hash contexts. -typedef ANY_HASH_STATE ALIGNED_HASH_STATE; - -// The header associated with the hash library is expected to define the methods -// which include the calling sequence. When not compiling CryptHash.c, the methods -// are not defined so we need placeholder functions for the structures - -#ifndef HASH_START_METHOD_DEF -# define HASH_START_METHOD_DEF void (HASH_START_METHOD)(void) -#endif -#ifndef HASH_DATA_METHOD_DEF -# define HASH_DATA_METHOD_DEF void (HASH_DATA_METHOD)(void) -#endif -#ifndef HASH_END_METHOD_DEF -# define HASH_END_METHOD_DEF void (HASH_END_METHOD)(void) -#endif -#ifndef HASH_STATE_COPY_METHOD_DEF -# define HASH_STATE_COPY_METHOD_DEF void (HASH_STATE_COPY_METHOD)(void) -#endif -#ifndef HASH_STATE_EXPORT_METHOD_DEF -# define HASH_STATE_EXPORT_METHOD_DEF void (HASH_STATE_EXPORT_METHOD)(void) -#endif -#ifndef HASH_STATE_IMPORT_METHOD_DEF -# define HASH_STATE_IMPORT_METHOD_DEF void (HASH_STATE_IMPORT_METHOD)(void) -#endif - -// Define the prototypical function call for each of the methods. This defines the -// order in which the parameters are passed to the underlying function. -typedef HASH_START_METHOD_DEF; -typedef HASH_DATA_METHOD_DEF; -typedef HASH_END_METHOD_DEF; -typedef HASH_STATE_COPY_METHOD_DEF; -typedef HASH_STATE_EXPORT_METHOD_DEF; -typedef HASH_STATE_IMPORT_METHOD_DEF; - - -typedef struct _HASH_METHODS -{ - HASH_START_METHOD *start; - HASH_DATA_METHOD *data; - HASH_END_METHOD *end; - HASH_STATE_COPY_METHOD *copy; // Copy a hash block - HASH_STATE_EXPORT_METHOD *copyOut; // Copy a hash block from a hash - // context - HASH_STATE_IMPORT_METHOD *copyIn; // Copy a hash block to a proper hash - // context -} HASH_METHODS, *PHASH_METHODS; - -#if ALG_SHA1 - TPM2B_TYPE(SHA1_DIGEST, SHA1_DIGEST_SIZE); -#endif -#if ALG_SHA256 - TPM2B_TYPE(SHA256_DIGEST, SHA256_DIGEST_SIZE); -#endif -#if ALG_SHA384 - TPM2B_TYPE(SHA384_DIGEST, SHA384_DIGEST_SIZE); -#endif -#if ALG_SHA512 - TPM2B_TYPE(SHA512_DIGEST, SHA512_DIGEST_SIZE); -#endif -#if ALG_SM3_256 - TPM2B_TYPE(SM3_256_DIGEST, SM3_256_DIGEST_SIZE); -#endif - -// When the TPM implements RSA, the hash-dependent OID pointers are part of the -// HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the -// HASH_DEF_TEMPLATE. -#if ALG_RSA -#define PKCS1_HASH_REF const BYTE *PKCS1; -#define PKCS1_OID(NAME) , OID_PKCS1_##NAME -#else -#define PKCS1_HASH_REF -#define PKCS1_OID(NAME) -#endif - -// When the TPM implements ECC, the hash-dependent OID pointers are part of the -// HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the -// HASH_DEF_TEMPLATE. -#if ALG_ECDSA -#define ECDSA_HASH_REF const BYTE *ECDSA; -#define ECDSA_OID(NAME) , OID_ECDSA_##NAME -#else -#define ECDSA_HASH_REF -#define ECDSA_OID(NAME) -#endif - -typedef const struct HASH_DEF -{ - HASH_METHODS method; - uint16_t blockSize; - uint16_t digestSize; - uint16_t contextSize; - uint16_t hashAlg; - const BYTE *OID; - PKCS1_HASH_REF // PKCS1 OID - ECDSA_HASH_REF // ECDSA OID -} HASH_DEF, *PHASH_DEF; - -// Macro to fill in the HASH_DEF for an algorithm. For SHA1, the instance would be: -// HASH_DEF_TEMPLATE(Sha1, SHA1) -// This handles the difference in capitalization for the various pieces. -#define HASH_DEF_TEMPLATE(HASH, Hash) \ - HASH_DEF Hash##_Def= { \ - {(HASH_START_METHOD *)&tpmHashStart_##HASH, \ - (HASH_DATA_METHOD *)&tpmHashData_##HASH, \ - (HASH_END_METHOD *)&tpmHashEnd_##HASH, \ - (HASH_STATE_COPY_METHOD *)&tpmHashStateCopy_##HASH, \ - (HASH_STATE_EXPORT_METHOD *)&tpmHashStateExport_##HASH, \ - (HASH_STATE_IMPORT_METHOD *)&tpmHashStateImport_##HASH, \ - }, \ - HASH##_BLOCK_SIZE, /*block size */ \ - HASH##_DIGEST_SIZE, /*data size */ \ - sizeof(tpmHashState##HASH##_t), \ - TPM_ALG_##HASH, OID_##HASH \ - PKCS1_OID(HASH) ECDSA_OID(HASH)}; - -// These definitions are for the types that can be in a hash state structure. -// These types are used in the cryptographic utilities. This is a define rather than -// an enum so that the size of this field can be explicit. -typedef BYTE HASH_STATE_TYPE; -#define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0) -#define HASH_STATE_HASH ((HASH_STATE_TYPE) 1) -#define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2) -#if CC_MAC || CC_MAC_Start -#define HASH_STATE_SMAC ((HASH_STATE_TYPE) 3) -#endif - - -// This is the structure that is used for passing a context into the hashing -// functions. It should be the same size as the function context used within -// the hashing functions. This is checked when the hash function is initialized. -// This version uses a new layout for the contexts and a different definition. The -// state buffer is an array of HASH_UNIT values so that a decent compiler will put -// the structure on a HASH_UNIT boundary. If the structure is not properly aligned, -// the code that manipulates the structure will copy to a properly aligned -// structure before it is used and copy the result back. This just makes things -// slower. -// NOTE: This version of the state had the pointer to the update method in the -// state. This is to allow the SMAC functions to use the same structure without -// having to replicate the entire HASH_DEF structure. -typedef struct _HASH_STATE -{ - HASH_STATE_TYPE type; // type of the context - TPM_ALG_ID hashAlg; - PHASH_DEF def; - ANY_HASH_STATE state; -} HASH_STATE, *PHASH_STATE; -typedef const HASH_STATE *PCHASH_STATE; - - -//** HMAC State Structures - -// An HMAC_STATE structure contains an opaque HMAC stack state. A caller would -// use this structure when performing incremental HMAC operations. This structure -// contains a hash state and an HMAC key and allows slightly better stack -// optimization than adding an HMAC key to each hash state. -typedef struct hmacState -{ - HASH_STATE hashState; // the hash state - TPM2B_HASH_BLOCK hmacKey; // the HMAC key -} HMAC_STATE, *PHMAC_STATE; - -// This is for the external hash state. This implementation assumes that the size -// of the exported hash state is no larger than the internal hash state. -typedef struct -{ - BYTE buffer[sizeof(HASH_STATE)]; -} EXPORT_HASH_STATE, *PEXPORT_HASH_STATE; - -typedef const EXPORT_HASH_STATE *PCEXPORT_HASH_STATE; - -#endif // _CRYPT_HASH_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h deleted file mode 100644 index 60a8a0435..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h +++ /dev/null @@ -1,199 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains constant definition shared by CryptUtil and the parts -// of the Crypto Engine. -// - -#ifndef _CRYPT_RAND_H -#define _CRYPT_RAND_H - - -//** DRBG Structures and Defines - -// Values and structures for the random number generator. These values are defined -// in this header file so that the size of the RNG state can be known to TPM.lib. -// This allows the allocation of some space in NV memory for the state to -// be stored on an orderly shutdown. - -// The DRBG based on a symmetric block cipher is defined by three values, -// 1) the key size -// 2) the block size (the IV size) -// 3) the symmetric algorithm - -#define DRBG_KEY_SIZE_BITS AES_MAX_KEY_SIZE_BITS -#define DRBG_IV_SIZE_BITS (AES_MAX_BLOCK_SIZE * 8) -#define DRBG_ALGORITHM TPM_ALG_AES - - -typedef tpmKeyScheduleAES DRBG_KEY_SCHEDULE; -#define DRBG_ENCRYPT_SETUP(key, keySizeInBits, schedule) \ - TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) -#define DRBG_ENCRYPT(keySchedule, in, out) \ - TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)) - -#if ((DRBG_KEY_SIZE_BITS % RADIX_BITS) != 0) \ - || ((DRBG_IV_SIZE_BITS % RADIX_BITS) != 0) -#error "Key size and IV for DRBG must be even multiples of the radix" -#endif -#if (DRBG_KEY_SIZE_BITS % DRBG_IV_SIZE_BITS) != 0 -#error "Key size for DRBG must be even multiple of the cypher block size" -#endif - -// Derived values -#define DRBG_MAX_REQUESTS_PER_RESEED (1 << 48) -#define DRBG_MAX_REQEST_SIZE (1 << 32) - -#define pDRBG_KEY(seed) ((DRBG_KEY *)&(((BYTE *)(seed))[0])) -#define pDRBG_IV(seed) ((DRBG_IV *)&(((BYTE *)(seed))[DRBG_KEY_SIZE_BYTES])) - -#define DRBG_KEY_SIZE_WORDS (BITS_TO_CRYPT_WORDS(DRBG_KEY_SIZE_BITS)) -#define DRBG_KEY_SIZE_BYTES (DRBG_KEY_SIZE_WORDS * RADIX_BYTES) - -#define DRBG_IV_SIZE_WORDS (BITS_TO_CRYPT_WORDS(DRBG_IV_SIZE_BITS)) -#define DRBG_IV_SIZE_BYTES (DRBG_IV_SIZE_WORDS * RADIX_BYTES) - -#define DRBG_SEED_SIZE_WORDS (DRBG_KEY_SIZE_WORDS + DRBG_IV_SIZE_WORDS) -#define DRBG_SEED_SIZE_BYTES (DRBG_KEY_SIZE_BYTES + DRBG_IV_SIZE_BYTES) - - -typedef union -{ - BYTE bytes[DRBG_KEY_SIZE_BYTES]; - crypt_uword_t words[DRBG_KEY_SIZE_WORDS]; -} DRBG_KEY; - -typedef union -{ - BYTE bytes[DRBG_IV_SIZE_BYTES]; - crypt_uword_t words[DRBG_IV_SIZE_WORDS]; -} DRBG_IV; - -typedef union -{ - BYTE bytes[DRBG_SEED_SIZE_BYTES]; - crypt_uword_t words[DRBG_SEED_SIZE_WORDS]; -} DRBG_SEED; - -#define CTR_DRBG_MAX_REQUESTS_PER_RESEED ((UINT64)1 << 20) -#define CTR_DRBG_MAX_BYTES_PER_REQUEST (1 << 16) - -# define CTR_DRBG_MIN_ENTROPY_INPUT_LENGTH DRBG_SEED_SIZE_BYTES -# define CTR_DRBG_MAX_ENTROPY_INPUT_LENGTH DRBG_SEED_SIZE_BYTES -# define CTR_DRBG_MAX_ADDITIONAL_INPUT_LENGTH DRBG_SEED_SIZE_BYTES - -#define TESTING (1 << 0) -#define ENTROPY (1 << 1) -#define TESTED (1 << 2) - -#define IsTestStateSet(BIT) ((g_cryptoSelfTestState.rng & BIT) != 0) -#define SetTestStateBit(BIT) (g_cryptoSelfTestState.rng |= BIT) -#define ClearTestStateBit(BIT) (g_cryptoSelfTestState.rng &= ~BIT) - -#define IsSelfTest() IsTestStateSet(TESTING) -#define SetSelfTest() SetTestStateBit(TESTING) -#define ClearSelfTest() ClearTestStateBit(TESTING) - -#define IsEntropyBad() IsTestStateSet(ENTROPY) -#define SetEntropyBad() SetTestStateBit(ENTROPY) -#define ClearEntropyBad() ClearTestStateBit(ENTROPY) - -#define IsDrbgTested() IsTestStateSet(TESTED) -#define SetDrbgTested() SetTestStateBit(TESTED) -#define ClearDrbgTested() ClearTestStateBit(TESTED) - -typedef struct -{ - UINT64 reseedCounter; - UINT32 magic; - DRBG_SEED seed; // contains the key and IV for the counter mode DRBG - UINT32 lastValue[4]; // used when the TPM does continuous self-test - // for FIPS compliance of DRBG -} DRBG_STATE, *pDRBG_STATE; -#define DRBG_MAGIC ((UINT32) 0x47425244) // "DRBG" backwards so that it displays - -typedef struct -{ - UINT64 counter; - UINT32 magic; - UINT32 limit; - TPM2B *seed; - const TPM2B *label; - TPM2B *context; - TPM_ALG_ID hash; - TPM_ALG_ID kdf; - UINT16 digestSize; - TPM2B_DIGEST residual; -} KDF_STATE, *pKDR_STATE; -#define KDF_MAGIC ((UINT32) 0x4048444a) // "KDF " backwards - -// Make sure that any other structures added to this union start with a 64-bit -// counter and a 32-bit magic number -typedef union -{ - DRBG_STATE drbg; - KDF_STATE kdf; -} RAND_STATE; - -// This is the state used when the library uses a random number generator. -// A special function is installed for the library to call. That function -// picks up the state from this location and uses it for the generation -// of the random number. -extern RAND_STATE *s_random; - -// When instrumenting RSA key sieve -#if RSA_INSTRUMENT -#define PRIME_INDEX(x) ((x) == 512 ? 0 : (x) == 1024 ? 1 : 2) -# define INSTRUMENT_SET(a, b) ((a) = (b)) -# define INSTRUMENT_ADD(a, b) (a) = (a) + (b) -# define INSTRUMENT_INC(a) (a) = (a) + 1 - -extern UINT32 PrimeIndex; -extern UINT32 failedAtIteration[10]; -extern UINT32 PrimeCounts[3]; -extern UINT32 MillerRabinTrials[3]; -extern UINT32 totalFieldsSieved[3]; -extern UINT32 bitsInFieldAfterSieve[3]; -extern UINT32 emptyFieldsSieved[3]; -extern UINT32 noPrimeFields[3]; -extern UINT32 primesChecked[3]; -extern UINT16 lastSievePrime; -#else -# define INSTRUMENT_SET(a, b) -# define INSTRUMENT_ADD(a, b) -# define INSTRUMENT_INC(a) -#endif - -#endif // _CRYPT_RAND_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h deleted file mode 100644 index 5d0aebdae..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h +++ /dev/null @@ -1,69 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the RSA-related structures and defines. - -#ifndef _CRYPT_RSA_H -#define _CRYPT_RSA_H - -// These values are used in the bigNum representation of various RSA values. -BN_TYPE(rsa, MAX_RSA_KEY_BITS); -#define BN_RSA(name) BN_VAR(name, MAX_RSA_KEY_BITS) -#define BN_RSA_INITIALIZED(name, initializer) \ - BN_INITIALIZED(name, MAX_RSA_KEY_BITS, initializer) - -#define BN_PRIME(name) BN_VAR(name, (MAX_RSA_KEY_BITS / 2)) -BN_TYPE(prime, (MAX_RSA_KEY_BITS / 2)); -#define BN_PRIME_INITIALIZED(name, initializer) \ - BN_INITIALIZED(name, MAX_RSA_KEY_BITS / 2, initializer) - -#if !CRT_FORMAT_RSA -# error This verson only works with CRT formatted data -#endif // !CRT_FORMAT_RSA - -typedef struct privateExponent -{ - bigNum P; - bigNum Q; - bigNum dP; - bigNum dQ; - bigNum qInv; - bn_prime_t entries[5]; -} privateExponent; - -#define NEW_PRIVATE_EXPONENT(X) \ - privateExponent _##X; \ - privateExponent *X = RsaInitializeExponent(&(_##X)) - -#endif // _CRYPT_RSA_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h deleted file mode 100644 index efbd24195..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h +++ /dev/null @@ -1,143 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the implementation of the symmetric block cipher modes -// allowed for a TPM. These functions only use the single block encryption functions -// of the selected symmetric cryptographic library. - -//** Includes, Defines, and Typedefs -#ifndef CRYPT_SYM_H -#define CRYPT_SYM_H - -typedef union tpmCryptKeySchedule_t { -#if ALG_AES - tpmKeyScheduleAES AES; -#endif -#if ALG_SM4 - tpmKeyScheduleSM4 SM4; -#endif -#if ALG_CAMELLIA - tpmKeyScheduleCAMELLIA CAMELLIA; -#endif - -#if ALG_TDES - tpmKeyScheduleTDES TDES[3]; -#endif -#if SYMMETRIC_ALIGNMENT == 8 - uint64_t alignment; -#else - uint32_t alignment; -#endif -} tpmCryptKeySchedule_t; - - -// Each block cipher within a library is expected to conform to the same calling -// conventions with three parameters ('keySchedule', 'in', and 'out') in the same -// order. That means that all algorithms would use the same order of the same -// parameters. The code is written assuming the ('keySchedule', 'in', and 'out') -// order. However, if the library uses a different order, the order can be changed -// with a SWIZZLE macro that puts the parameters in the correct order. -// Note that all algorithms have to use the same order and number of parameters -// because the code to build the calling list is common for each call to encrypt -// or decrypt with the algorithm chosen by setting a function pointer to select -// the algorithm that is used. - -# define ENCRYPT(keySchedule, in, out) \ - encrypt(SWIZZLE(keySchedule, in, out)) - -# define DECRYPT(keySchedule, in, out) \ - decrypt(SWIZZLE(keySchedule, in, out)) - - -// Note that the macros rely on 'encrypt' as local values in the -// functions that use these macros. Those parameters are set by the macro that -// set the key schedule to be used for the call. - - -#define ENCRYPT_CASE(ALG) \ - case TPM_ALG_##ALG: \ - TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.ALG); \ - encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \ - break; -#define DECRYPT_CASE(ALG) \ - case TPM_ALG_##ALG: \ - TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.ALG); \ - decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \ - break; - -#if ALG_AES -#define ENCRYPT_CASE_AES ENCRYPT_CASE(AES) -#define DECRYPT_CASE_AES DECRYPT_CASE(AES) -#else -#define ENCRYPT_CASE_AES -#define DECRYPT_CASE_AES -#endif -#if ALG_SM4 -#define ENCRYPT_CASE_SM4 ENCRYPT_CASE(SM4) -#define DECRYPT_CASE_SM4 DECRYPT_CASE(SM4) -#else -#define ENCRYPT_CASE_SM4 -#define DECRYPT_CASE_SM4 -#endif -#if ALG_CAMELLIA -#define ENCRYPT_CASE_CAMELLIA ENCRYPT_CASE(CAMELLIA) -#define DECRYPT_CASE_CAMELLIA DECRYPT_CASE(CAMELLIA) -#else -#define ENCRYPT_CASE_CAMELLIA -#define DECRYPT_CASE_CAMELLIA -#endif -#if ALG_TDES -#define ENCRYPT_CASE_TDES ENCRYPT_CASE(TDES) -#define DECRYPT_CASE_TDES DECRYPT_CASE(TDES) -#else -#define ENCRYPT_CASE_TDES -#define DECRYPT_CASE_TDES -#endif - -// For each algorithm the case will either be defined or null. -#define SELECT(direction) \ - switch(algorithm) \ - { \ - direction##_CASE_AES \ - direction##_CASE_SM4 \ - direction##_CASE_CAMELLIA \ - direction##_CASE_TDES \ - default: \ - FAIL(FATAL_ERROR_INTERNAL); \ - } - - -#endif // CRYPT_SYM_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h deleted file mode 100644 index 4b0d16074..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains constant definitions used for self-test. - -#ifndef _CRYPT_TEST_H -#define _CRYPT_TEST_H - -// This is the definition of a bit array with one bit per algorithm. -// NOTE: Since bit numbering starts at zero, when ALG_LAST_VALUE is a multiple of 8, -// ALGORITHM_VECTOR will need to have byte for the single bit in the last byte. So, -// for example, when ALG_LAST_VECTOR is 8, ALGORITHM_VECTOR will need 2 bytes. -#define ALGORITHM_VECTOR_BYTES ((ALG_LAST_VALUE + 8) / 8) -typedef BYTE ALGORITHM_VECTOR[ALGORITHM_VECTOR_BYTES]; - -#ifdef TEST_SELF_TEST -LIB_EXPORT extern ALGORITHM_VECTOR LibToTest; -#endif - -// This structure is used to contain self-test tracking information for the -// cryptographic modules. Each of the major modules is given a 32-bit value in -// which it may maintain its own self test information. The convention for this -// state is that when all of the bits in this structure are 0, all functions need -// to be tested. -typedef struct -{ - UINT32 rng; - UINT32 hash; - UINT32 sym; -#if ALG_RSA - UINT32 rsa; -#endif -#if ALG_ECC - UINT32 ecc; -#endif -} CRYPTO_SELF_TEST_STATE; - - -#endif // _CRYPT_TEST_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h deleted file mode 100644 index f5680a75c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h +++ /dev/null @@ -1,158 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the parameter data for ECC testing. - -#ifdef SELF_TEST_DATA - -TPM2B_TYPE(EC_TEST, 32); -const TPM_ECC_CURVE c_testCurve = 00003; - -// The "static" key - -const TPM2B_EC_TEST c_ecTestKey_ds = {{32, { - 0xdf,0x8d,0xa4,0xa3,0x88,0xf6,0x76,0x96,0x89,0xfc,0x2f,0x2d,0xa1,0xb4,0x39,0x7a, - 0x78,0xc4,0x7f,0x71,0x8c,0xa6,0x91,0x85,0xc0,0xbf,0xf3,0x54,0x20,0x91,0x2f,0x73}}}; - -const TPM2B_EC_TEST c_ecTestKey_QsX = {{32, { - 0x17,0xad,0x2f,0xcb,0x18,0xd4,0xdb,0x3f,0x2c,0x53,0x13,0x82,0x42,0x97,0xff,0x8d, - 0x99,0x50,0x16,0x02,0x35,0xa7,0x06,0xae,0x1f,0xda,0xe2,0x9c,0x12,0x77,0xc0,0xf9}}}; - -const TPM2B_EC_TEST c_ecTestKey_QsY = {{32, { - 0xa6,0xca,0xf2,0x18,0x45,0x96,0x6e,0x58,0xe6,0x72,0x34,0x12,0x89,0xcd,0xaa,0xad, - 0xcb,0x68,0xb2,0x51,0xdc,0x5e,0xd1,0x6d,0x38,0x20,0x35,0x57,0xb2,0xfd,0xc7,0x52}}}; - -// The "ephemeral" key - -const TPM2B_EC_TEST c_ecTestKey_de = {{32, { - 0xb6,0xb5,0x33,0x5c,0xd1,0xee,0x52,0x07,0x99,0xea,0x2e,0x8f,0x8b,0x19,0x18,0x07, - 0xc1,0xf8,0xdf,0xdd,0xb8,0x77,0x00,0xc7,0xd6,0x53,0x21,0xed,0x02,0x53,0xee,0xac}}}; - -const TPM2B_EC_TEST c_ecTestKey_QeX = {{32, { - 0xa5,0x1e,0x80,0xd1,0x76,0x3e,0x8b,0x96,0xce,0xcc,0x21,0x82,0xc9,0xa2,0xa2,0xed, - 0x47,0x21,0x89,0x53,0x44,0xe9,0xc7,0x92,0xe7,0x31,0x48,0x38,0xe6,0xea,0x93,0x47}}}; - -const TPM2B_EC_TEST c_ecTestKey_QeY = {{32, { - 0x30,0xe6,0x4f,0x97,0x03,0xa1,0xcb,0x3b,0x32,0x2a,0x70,0x39,0x94,0xeb,0x4e,0xea, - 0x55,0x88,0x81,0x3f,0xb5,0x00,0xb8,0x54,0x25,0xab,0xd4,0xda,0xfd,0x53,0x7a,0x18}}}; - -// ECDH test results -const TPM2B_EC_TEST c_ecTestEcdh_X = {{32, { - 0x64,0x02,0x68,0x92,0x78,0xdb,0x33,0x52,0xed,0x3b,0xfa,0x3b,0x74,0xa3,0x3d,0x2c, - 0x2f,0x9c,0x59,0x03,0x07,0xf8,0x22,0x90,0xed,0xe3,0x45,0xf8,0x2a,0x0a,0xd8,0x1d}}}; - -const TPM2B_EC_TEST c_ecTestEcdh_Y = {{32, { - 0x58,0x94,0x05,0x82,0xbe,0x5f,0x33,0x02,0x25,0x90,0x3a,0x33,0x90,0x89,0xe3,0xe5, - 0x10,0x4a,0xbc,0x78,0xa5,0xc5,0x07,0x64,0xaf,0x91,0xbc,0xe6,0xff,0x85,0x11,0x40}}}; - -TPM2B_TYPE(TEST_VALUE, 64); -const TPM2B_TEST_VALUE c_ecTestValue = {{64, { - 0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0, - 0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d, - 0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff, - 0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}}; - -#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH - -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0x57,0xf3,0x36,0xb7,0xec,0xc2,0xdd,0x76,0x0e,0xe2,0x81,0x21,0x49,0xc5,0x66,0x11, - 0x4b,0x8a,0x4f,0x17,0x62,0x82,0xcc,0x06,0xf6,0x64,0x78,0xef,0x6b,0x7c,0xf2,0x6c}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0x1b,0xed,0x23,0x72,0x8f,0x17,0x5f,0x47,0x2e,0xa7,0x97,0x2c,0x51,0x57,0x20,0x70, - 0x6f,0x89,0x74,0x8a,0xa8,0xf4,0x26,0xf4,0x96,0xa1,0xb8,0x3e,0xe5,0x35,0xc5,0x94}}}; - -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x1b,0x08,0x9f,0xde, - 0xef,0x62,0xe3,0xf1,0x14,0xcb,0x54,0x28,0x13,0x76,0xfc,0x6d,0x69,0x22,0xb5,0x3e}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xd9,0xd3,0x20,0xfb,0x4d,0x16,0xf2,0xe6,0xe2,0x45,0x07,0x45,0x1c,0x92,0x92,0x92, - 0xa9,0x6b,0x48,0xf8,0xd1,0x98,0x29,0x4d,0xd3,0x8f,0x56,0xf2,0xbb,0x2e,0x22,0x3b}}}; - -#endif // SHA1 - -#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH - -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0x04,0x7d,0x54,0xeb,0x04,0x6f,0x56,0xec,0xa2,0x6c,0x38,0x8c,0xeb,0x43,0x0b,0x71, - 0xf8,0xf2,0xf4,0xa5,0xe0,0x1d,0x3c,0xa2,0x39,0x31,0xe4,0xe7,0x36,0x3b,0xb5,0x5f}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0x8f,0xd0,0x12,0xd9,0x24,0x75,0xf6,0xc4,0x3b,0xb5,0x46,0x75,0x3a,0x41,0x8d,0x80, - 0x23,0x99,0x38,0xd7,0xe2,0x40,0xca,0x9a,0x19,0x2a,0xfc,0x54,0x75,0xd3,0x4a,0x6e}}}; - -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { - 0xf7,0xb9,0x15,0x4c,0x34,0xf6,0x41,0x19,0xa3,0xd2,0xf1,0xbd,0xf4,0x13,0x6a,0x4f, - 0x63,0xb8,0x4d,0xb5,0xc8,0xcd,0xde,0x85,0x95,0xa5,0x39,0x0a,0x14,0x49,0x3d,0x2f}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xfe,0xbe,0x17,0xaa,0x31,0x22,0x9f,0xd0,0xd2,0xf5,0x25,0x04,0x92,0xb0,0xaa,0x4e, - 0xcc,0x1c,0xb6,0x79,0xd6,0x42,0xb3,0x4e,0x3f,0xbb,0xfe,0x5f,0xd0,0xd0,0x8b,0xc3}}}; - -#endif // SHA256 - -#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH - -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31, - 0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd, - 0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}}; - -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { - 0x1e,0xb8,0xe1,0xbf,0xa1,0x9e,0x39,0x1e,0x58,0xa2,0xe6,0x59,0xd0,0x1a,0x6a,0x03, - 0x6a,0x1f,0x1c,0x4f,0x36,0x19,0xc1,0xec,0x30,0xa4,0x85,0x1b,0xe9,0x74,0x35,0x66}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xb9,0xe6,0xe3,0x7e,0xcb,0xb9,0xea,0xf1,0xcc,0xf4,0x48,0x44,0x4a,0xda,0xc8,0xd7, - 0x87,0xb4,0xba,0x40,0xfe,0x5b,0x68,0x11,0x14,0xcf,0xa0,0x0e,0x85,0x46,0x99,0x01}}}; - -#endif // SHA384 - -#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH - -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0xc9,0x71,0xa6,0xb4,0xaf,0x46,0x26,0x8c,0x27,0x00,0x06,0x3b,0x00,0x0f,0xa3,0x17, - 0x72,0x48,0x40,0x49,0x4d,0x51,0x4f,0xa4,0xcb,0x7e,0x86,0xe9,0xe7,0xb4,0x79,0xb2}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32,{ - 0x87,0xbc,0xc0,0xed,0x74,0x60,0x9e,0xfa,0x4e,0xe8,0x16,0xf3,0xf9,0x6b,0x26,0x07, - 0x3c,0x74,0x31,0x7e,0xf0,0x62,0x46,0xdc,0xd6,0x45,0x22,0x47,0x3e,0x0c,0xa0,0x02}}}; - -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ - 0xcc,0x07,0xad,0x65,0x91,0xdd,0xa0,0x10,0x23,0xae,0x53,0xec,0xdf,0xf1,0x50,0x90, - 0x16,0x96,0xf4,0x45,0x09,0x73,0x9c,0x84,0xb5,0x5c,0x5f,0x08,0x51,0xcb,0x60,0x01}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0x55,0x20,0x21,0x54,0xe2,0x49,0x07,0x47,0x71,0xf4,0x99,0x15,0x54,0xf3,0xab,0x14, - 0xdb,0x8e,0xda,0x79,0xb6,0x02,0x0e,0xe3,0x5e,0x6f,0x2c,0xb6,0x05,0xbd,0x14,0x10}}}; - -#endif // SHA512 - -#endif // SELF_TEST_DATA diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h deleted file mode 100644 index 09bf6fc41..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h +++ /dev/null @@ -1,1439 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Description - -// This file contains internal global type definitions and data declarations that -// are need between subsystems. The instantiation of global data is in Global.c. -// The initialization of global data is in the subsystem that is the primary owner -// of the data. -// -// The first part of this file has the typedefs for structures and other defines -// used in many portions of the code. After the typedef section, is a section that -// defines global values that are only present in RAM. The next three sections -// define the structures for the NV data areas: persistent, orderly, and state -// save. Additional sections define the data that is used in specific modules. That -// data is private to the module but is collected here to simplify the management -// of the instance data. -// All the data is instanced in Global.c. -#if !defined _TPM_H_ -#error "Should only be instanced in TPM.h" -#endif - - -//** Includes - -#ifndef GLOBAL_H -#define GLOBAL_H - -#ifdef GLOBAL_C -#define EXTERN -#define INITIALIZER(_value_) = _value_ -#else -#define EXTERN extern -#define INITIALIZER(_value_) -#endif - -_REDUCE_WARNING_LEVEL_(2) -#include -#include -_NORMAL_WARNING_LEVEL_ - -#if SIMULATION -#undef CONTEXT_SLOT -# define CONTEXT_SLOT UINT8 -#endif -#include "Capabilities.h" -#include "TpmTypes.h" -#include "CommandAttributes.h" -#include "CryptTest.h" -#include "BnValues.h" -#include "CryptHash.h" -#include "CryptSym.h" -#include "CryptRand.h" -#include "CryptEcc.h" -#include "CryptRsa.h" -#include "CryptTest.h" -#include "TpmError.h" -#include "NV.h" - -//** Defines and Types - -//*** Size Types -// These types are used to differentiate the two different size values used. -// -// NUMBYTES is used when a size is a number of bytes (usually a TPM2B) -typedef UINT16 NUMBYTES; - -//*** Other Types -// An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) -typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; - -// A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO -typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; - -// A NAME is a BYTE array that can contain a TPMU_NAME -typedef BYTE NAME[sizeof(TPMU_NAME)]; - -// Definition for a PROOF value -TPM2B_TYPE(PROOF, PROOF_SIZE); - -// Definition for a Primary Seed value -TPM2B_TYPE(SEED, PRIMARY_SEED_SIZE); - - -// A CLOCK_NONCE is used to tag the time value in the authorization session and -// in the ticket computation so that the ticket expires when there is a time -// discontinuity. When the clock stops during normal operation, the nonce is -// 64-bit value kept in RAM but it is a 32-bit counter when the clock only stops -// during power events. -#if CLOCK_STOPS -typedef UINT64 CLOCK_NONCE; -#else -typedef UINT32 CLOCK_NONCE; -#endif - -//** Loaded Object Structures -//*** Description -// The structures in this section define the object layout as it exists in TPM -// memory. -// -// Two types of objects are defined: an ordinary object such as a key, and a -// sequence object that may be a hash, HMAC, or event. -// -//*** OBJECT_ATTRIBUTES -// An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. -// These properties are not part of the public properties but are used by the -// TPM in managing the object. An OBJECT_ATTRIBUTES is used in the definition of -// the OBJECT data type. - -typedef struct -{ - unsigned publicOnly : 1; //0) SET if only the public portion of - // an object is loaded - unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS - // Hierarchy - unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS - // Hierarchy - unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS - // Hierarchy - unsigned evict : 1; //4) SET if the object is a platform or - // owner evict object. Platform- - // evict object belongs to PPS - // hierarchy, owner-evict object - // belongs to SPS or EPS hierarchy. - // This bit is also used to mark a - // completed sequence object so it - // will be flush when the - // SequenceComplete command succeeds. - unsigned primary : 1; //5) SET for a primary object - unsigned temporary : 1; //6) SET for a temporary object - unsigned stClear : 1; //7) SET for an stClear object - unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence - // object - unsigned hashSeq : 1; //9) SET for a hash sequence object - unsigned eventSeq : 1; //10) SET for an event sequence object - unsigned ticketSafe : 1; //11) SET if a ticket is safe to create - // for hash sequence object - unsigned firstBlock : 1; //12) SET if the first block of hash - // data has been received. It - // works with ticketSafe bit - unsigned isParent : 1; //13) SET if the key has the proper - // attributes to be a parent key -// unsigned privateExp : 1; //14) SET when the private exponent -// // of an RSA key has been validated. - unsigned not_used_14 : 1; - unsigned occupied : 1; //15) SET when the slot is occupied. - unsigned derivation : 1; //16) SET when the key is a derivation - // parent - unsigned external : 1; //17) SET when the object is loaded with - // TPM2_LoadExternal(); -} OBJECT_ATTRIBUTES; - -#if ALG_RSA -// There is an overload of the sensitive.rsa.t.size field of a TPMT_SENSITIVE when an -// RSA key is loaded. When the sensitive->sensitive contains an RSA key with all of -// the CRT values, then the MSB of the size field will be set to indicate that the -// buffer contains all 5 of the CRT private key values. -#define RSA_prime_flag 0x8000 -#endif - - -//*** OBJECT Structure -// An OBJECT structure holds the object public, sensitive, and meta-data -// associated. This structure is implementation dependent. For this -// implementation, the structure is not optimized for space but rather -// for clarity of the reference implementation. Other implementations -// may choose to overlap portions of the structure that are not used -// simultaneously. These changes would necessitate changes to the source -// code but those changes would be compatible with the reference -// implementation. - -typedef struct OBJECT -{ - // The attributes field is required to be first followed by the publicArea. - // This allows the overlay of the object structure and a sequence structure - OBJECT_ATTRIBUTES attributes; // object attributes - TPMT_PUBLIC publicArea; // public area of an object - TPMT_SENSITIVE sensitive; // sensitive area of an object - TPM2B_NAME qualifiedName; // object qualified name - TPMI_DH_OBJECT evictHandle; // if the object is an evict object, - // the original handle is kept here. - // The 'working' handle will be the - // handle of an object slot. - TPM2B_NAME name; // Name of the object name. Kept here - // to avoid repeatedly computing it. -} OBJECT; - -//*** HASH_OBJECT Structure -// This structure holds a hash sequence object or an event sequence object. -// -// The first four components of this structure are manually set to be the same as -// the first four components of the object structure. This prevents the object -// from being inadvertently misused as sequence objects occupy the same memory as -// a regular object. A debug check is present to make sure that the offsets are -// what they are supposed to be. -// NOTE: In a future version, this will probably be renamed as SEQUENCE_OBJECT -typedef struct HASH_OBJECT -{ - OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object - TPMI_ALG_PUBLIC type; // algorithm - TPMI_ALG_HASH nameAlg; // name algorithm - TPMA_OBJECT objectAttributes; // object attributes - - // The data below is unique to a sequence object - TPM2B_AUTH auth; // authorization for use of sequence - union - { - HASH_STATE hashState[HASH_COUNT]; - HMAC_STATE hmacState; - } state; -} HASH_OBJECT; - -typedef BYTE HASH_OBJECT_BUFFER[sizeof(HASH_OBJECT)]; - -//*** ANY_OBJECT -// This is the union for holding either a sequence object or a regular object. -// for ContextSave and ContextLoad -typedef union ANY_OBJECT -{ - OBJECT entity; - HASH_OBJECT hash; -} ANY_OBJECT; - -typedef BYTE ANY_OBJECT_BUFFER[sizeof(ANY_OBJECT)]; - -//**AUTH_DUP Types -// These values are used in the authorization processing. - -typedef UINT32 AUTH_ROLE; -#define AUTH_NONE ((AUTH_ROLE)(0)) -#define AUTH_USER ((AUTH_ROLE)(1)) -#define AUTH_ADMIN ((AUTH_ROLE)(2)) -#define AUTH_DUP ((AUTH_ROLE)(3)) - -//** Active Session Context -//*** Description -// The structures in this section define the internal structure of a session -// context. -// -//*** SESSION_ATTRIBUTES -// The attributes in the SESSION_ATTRIBUTES structure track the various properties -// of the session. It maintains most of the tracking state information for the -// policy session. It is used within the SESSION structure. - -typedef struct SESSION_ATTRIBUTES -{ - unsigned isPolicy : 1; //1) SET if the session may only be used - // for policy - unsigned isAudit : 1; //2) SET if the session is used for audit - unsigned isBound : 1; //3) SET if the session is bound to with an - // entity. This attribute will be CLEAR - // if either isPolicy or isAudit is SET. - unsigned isCpHashDefined : 1; //3) SET if the cpHash has been defined - // This attribute is not SET unless - // 'isPolicy' is SET. - unsigned isAuthValueNeeded : 1; //5) SET if the authValue is required for - // computing the session HMAC. This - // attribute is not SET unless 'isPolicy' - // is SET. - unsigned isPasswordNeeded : 1; //6) SET if a password authValue is required - // for authorization This attribute is not - // SET unless 'isPolicy' is SET. - unsigned isPPRequired : 1; //7) SET if physical presence is required to - // be asserted when the authorization is - // checked. This attribute is not SET - // unless 'isPolicy' is SET. - unsigned isTrialPolicy : 1; //8) SET if the policy session is created - // for trial of the policy's policyHash - // generation. This attribute is not SET - // unless 'isPolicy' is SET. - unsigned isDaBound : 1; //9) SET if the bind entity had noDA CLEAR. - // If this is SET, then an authorization - // failure using this session will count - // against lockout even if the object - // being authorized is exempt from DA. - unsigned isLockoutBound : 1; //10) SET if the session is bound to - // lockoutAuth. - unsigned includeAuth : 1; //11) This attribute is SET when the - // authValue of an object is to be - // included in the computation of the - // HMAC key for the command and response - // computations. (was 'requestWasBound') - unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN attribute - // needs to be checked when the policy is - // used for authorization for NV access. - // If this is SET for any other type, the - // policy will fail. - unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is required to - // be SET. Used when 'checkNvWritten' is - // SET - unsigned isTemplateSet : 1; //14) SET if the templateHash needs to be - // checked for Create, CreatePrimary, or - // CreateLoaded. -} SESSION_ATTRIBUTES; - -//*** SESSION Structure -// The SESSION structure contains all the context of a session except for the -// associated contextID. -// -// Note: The contextID of a session is only relevant when the session context -// is stored off the TPM. - -typedef struct SESSION -{ - SESSION_ATTRIBUTES attributes; // session attributes - UINT32 pcrCounter; // PCR counter value when PCR is - // included (policy session) - // If no PCR is included, this - // value is 0. - UINT64 startTime; // The value in g_time when the session - // was started (policy session) - UINT64 timeout; // The timeout relative to g_time - // There is no timeout if this value - // is 0. - CLOCK_NONCE epoch; // The g_clockEpoch value when the - // session was started. If g_clockEpoch - // does not match this value when the - // timeout is used, then - // then the command will fail. - TPM_CC commandCode; // command code (policy session) - TPM_ALG_ID authHashAlg; // session hash algorithm - TPMA_LOCALITY commandLocality; // command locality (policy session) - TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) - TPM2B_AUTH sessionKey; // session secret value used for - // this session - TPM2B_NONCE nonceTPM; // last TPM-generated nonce for - // generating HMAC and encryption keys - union - { - TPM2B_NAME boundEntity; // value used to track the entity to - // which the session is bound - - TPM2B_DIGEST cpHash; // the required cpHash value for the - // command being authorized - TPM2B_DIGEST nameHash; // the required nameHash - TPM2B_DIGEST templateHash; // the required template for creation - } u1; - - union - { - TPM2B_DIGEST auditDigest; // audit session digest - TPM2B_DIGEST policyDigest; // policyHash - } u2; // audit log and policyHash may - // share space to save memory -} SESSION; - -#define EXPIRES_ON_RESET INT32_MIN -#define TIMEOUT_ON_RESET UINT64_MAX -#define EXPIRES_ON_RESTART (INT32_MIN + 1) -#define TIMEOUT_ON_RESTART (UINT64_MAX - 1) - -typedef BYTE SESSION_BUF[sizeof(SESSION)]; - -//********************************************************************************* -//** PCR -//********************************************************************************* -//***PCR_SAVE Structure -// The PCR_SAVE structure type contains the PCR data that are saved across power -// cycles. Only the static PCR are required to be saved across power cycles. The -// DRTM and resettable PCR are not saved. The number of static and resettable PCR -// is determined by the platform-specific specification to which the TPM is built. - -typedef struct PCR_SAVE -{ -#if ALG_SHA1 - BYTE sha1[NUM_STATIC_PCR][SHA1_DIGEST_SIZE]; -#endif -#if ALG_SHA256 - BYTE sha256[NUM_STATIC_PCR][SHA256_DIGEST_SIZE]; -#endif -#if ALG_SHA384 - BYTE sha384[NUM_STATIC_PCR][SHA384_DIGEST_SIZE]; -#endif -#if ALG_SHA512 - BYTE sha512[NUM_STATIC_PCR][SHA512_DIGEST_SIZE]; -#endif -#if ALG_SM3_256 - BYTE sm3_256[NUM_STATIC_PCR][SM3_256_DIGEST_SIZE]; -#endif - - // This counter increments whenever the PCR are updated. - // NOTE: A platform-specific specification may designate - // certain PCR changes as not causing this counter - // to increment. - UINT32 pcrCounter; -} PCR_SAVE; - -//***PCR_POLICY -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 -// This structure holds the PCR policies, one for each group of PCR controlled -// by policy. -typedef struct PCR_POLICY -{ - TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; - TPM2B_DIGEST a; - TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; -} PCR_POLICY; -#endif - -//***PCR_AUTHVALUE -// This structure holds the PCR policies, one for each group of PCR controlled -// by policy. -typedef struct PCR_AUTH_VALUE -{ - TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; -} PCR_AUTHVALUE; - - - -//**STARTUP_TYPE -// This enumeration is the possible startup types. The type is determined -// by the combination of TPM2_ShutDown and TPM2_Startup. -typedef enum -{ - SU_RESET, - SU_RESTART, - SU_RESUME -} STARTUP_TYPE; - -//**NV - -//***NV_INDEX -// The NV_INDEX structure defines the internal format for an NV index. -// The 'indexData' size varies according to the type of the index. -// In this implementation, all of the index is manipulated as a unit. -typedef struct NV_INDEX -{ - TPMS_NV_PUBLIC publicArea; - TPM2B_AUTH authValue; -} NV_INDEX; - -//*** NV_REF -// An NV_REF is an opaque value returned by the NV subsystem. It is used to -// reference and NV Index in a relatively efficient way. Rather than having to -// continually search for an Index, its reference value may be used. In this -// implementation, an NV_REF is a byte pointer that points to the copy of the -// NV memory that is kept in RAM. -typedef UINT32 NV_REF; - -typedef BYTE *NV_RAM_REF; -//***NV_PIN -// This structure deals with the possible endianess differences between the -// canonical form of the TPMS_NV_PIN_COUNTER_PARAMETERS structure and the internal -// value. The structures allow the data in a PIN index to be read as an 8-octet -// value using NvReadUINT64Data(). That function will byte swap all the values on a -// little endian system. This will put the bytes with the 4-octet values in the -// correct order but will swap the pinLimit and pinCount values. When written, the -// PIN index is simply handled as a normal index with the octets in canonical order. -#if BIG_ENDIAN_TPM -typedef struct -{ - UINT32 pinCount; - UINT32 pinLimit; -} PIN_DATA; -#else -typedef struct -{ - UINT32 pinLimit; - UINT32 pinCount; -} PIN_DATA; -#endif - -typedef union -{ - UINT64 intVal; - PIN_DATA pin; -} NV_PIN; - -//**COMMIT_INDEX_MASK -// This is the define for the mask value that is used when manipulating -// the bits in the commit bit array. The commit counter is a 64-bit -// value and the low order bits are used to index the commitArray. -// This mask value is applied to the commit counter to extract the -// bit number in the array. -#if ALG_ECC - -#define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) - -#endif - -//***************************************************************************** -//***************************************************************************** -//** RAM Global Values -//***************************************************************************** -//***************************************************************************** -//*** Description -// The values in this section are only extant in RAM or ROM as constant values. - -//*** Crypto Self-Test Values -EXTERN ALGORITHM_VECTOR g_implementedAlgorithms; -EXTERN ALGORITHM_VECTOR g_toTest; - -//*** g_rcIndex[] -// This array is used to contain the array of values that are added to a return -// code when it is a parameter-, handle-, or session-related error. -// This is an implementation choice and the same result can be achieved by using -// a macro. -#define g_rcIndexInitializer { TPM_RC_1, TPM_RC_2, TPM_RC_3, TPM_RC_4, \ - TPM_RC_5, TPM_RC_6, TPM_RC_7, TPM_RC_8, \ - TPM_RC_9, TPM_RC_A, TPM_RC_B, TPM_RC_C, \ - TPM_RC_D, TPM_RC_E, TPM_RC_F } -EXTERN const UINT16 g_rcIndex[15] INITIALIZER(g_rcIndexInitializer); - -//*** g_exclusiveAuditSession -// This location holds the session handle for the current exclusive audit -// session. If there is no exclusive audit session, the location is set to -// TPM_RH_UNASSIGNED. -EXTERN TPM_HANDLE g_exclusiveAuditSession; - -//*** g_time -// This is the value in which we keep the current command time. This is initialized -// at the start of each command. The time is the accumulated time since the last -// time that the TPM's timer was last powered up. Clock is the accumulated time -// since the last time that the TPM was cleared. g_time is in mS. -EXTERN UINT64 g_time; - -//*** g_timeEpoch -// This value contains the current clock Epoch. It changes when there is a clock -// discontinuity. It may be necessary to place this in NV should the timer be able -// to run across a power down of the TPM but not in all cases (e.g. dead battery). -// If the nonce is placed in NV, it should go in gp because it should be changing -// slowly. -#if CLOCK_STOPS -EXTERN CLOCK_NONCE g_timeEpoch; -#else -#define g_timeEpoch gp.timeEpoch -#endif - - -//*** g_phEnable -// This is the platform hierarchy control and determines if the platform hierarchy -// is available. This value is SET on each TPM2_Startup(). The default value is -// SET. -EXTERN BOOL g_phEnable; - -//*** g_pcrReConfig -// This value is SET if a TPM2_PCR_Allocate command successfully executed since -// the last TPM2_Startup(). If so, then the next shutdown is required to be -// Shutdown(CLEAR). -EXTERN BOOL g_pcrReConfig; - -//*** g_DRTMHandle -// This location indicates the sequence object handle that holds the DRTM -// sequence data. When not used, it is set to TPM_RH_UNASSIGNED. A sequence -// DRTM sequence is started on either _TPM_Init or _TPM_Hash_Start. -EXTERN TPMI_DH_OBJECT g_DRTMHandle; - -//*** g_DrtmPreStartup -// This value indicates that an H-CRTM occurred after _TPM_Init but before -// TPM2_Startup(). The define for PRE_STARTUP_FLAG is used to add the -// g_DrtmPreStartup value to gp_orderlyState at shutdown. This hack is to avoid -// adding another NV variable. -EXTERN BOOL g_DrtmPreStartup; - -//*** g_StartupLocality3 -// This value indicates that a TPM2_Startup() occurred at locality 3. Otherwise, it -// at locality 0. The define for STARTUP_LOCALITY_3 is to -// indicate that the startup was not at locality 0. This hack is to avoid -// adding another NV variable. -EXTERN BOOL g_StartupLocality3; - -//***TPM_SU_NONE -// Part 2 defines the two shutdown/startup types that may be used in -// TPM2_Shutdown() and TPM2_Starup(). This additional define is -// used by the TPM to indicate that no shutdown was received. -// NOTE: This is a reserved value. -#define SU_NONE_VALUE (0xFFFF) -#define TPM_SU_NONE (TPM_SU)(SU_NONE_VALUE) - -//*** TPM_SU_DA_USED -// As with TPM_SU_NONE, this value is added to allow indication that the shutdown -// was not orderly and that a DA=protected object was reference during the previous -// cycle. -#define SU_DA_USED_VALUE (SU_NONE_VALUE - 1) -#define TPM_SU_DA_USED (TPM_SU)(SU_DA_USED_VALUE) - - - -//*** Startup Flags -// These flags are included in gp.orderlyState. These are hacks and are being -// used to avoid having to change the layout of gp. The PRE_STARTUP_FLAG indicates -// that a _TPM_Hash_Start/_Data/_End sequence was received after _TPM_Init but -// before TPM2_StartUp(). STARTUP_LOCALITY_3 indicates that the last TPM2_Startup() -// was received at locality 3. These flags are only relevant if after a -// TPM2_Shutdown(STATE). -#define PRE_STARTUP_FLAG 0x8000 -#define STARTUP_LOCALITY_3 0x4000 - -#if USE_DA_USED -//*** g_daUsed -// This location indicates if a DA-protected value is accessed during a boot -// cycle. If none has, then there is no need to increment 'failedTries' on the -// next non-orderly startup. This bit is merged with gp.orderlyState when that -// gp.orderly is set to SU_NONE_VALUE -EXTERN BOOL g_daUsed; -#endif - -//*** g_updateNV -// This flag indicates if NV should be updated at the end of a command. -// This flag is set to UT_NONE at the beginning of each command in ExecuteCommand(). -// This flag is checked in ExecuteCommand() after the detailed actions of a command -// complete. If the command execution was successful and this flag is not UT_NONE, -// any pending NV writes will be committed to NV. -// UT_ORDERLY causes any RAM data to be written to the orderly space for staging -// the write to NV. -typedef BYTE UPDATE_TYPE; -#define UT_NONE (UPDATE_TYPE)0 -#define UT_NV (UPDATE_TYPE)1 -#define UT_ORDERLY (UPDATE_TYPE)(UT_NV + 2) -EXTERN UPDATE_TYPE g_updateNV; - -//*** g_powerWasLost -// This flag is used to indicate if the power was lost. It is SET in _TPM__Init. -// This flag is cleared by TPM2_Startup() after all power-lost activities are -// completed. -// Note: When power is applied, this value can come up as anything. However, -// _plat__WasPowerLost() will provide the proper indication in that case. So, when -// power is actually lost, we get the correct answer. When power was not lost, but -// the power-lost processing has not been completed before the next _TPM_Init(), -// then the TPM still does the correct thing. -EXTERN BOOL g_powerWasLost; - -//*** g_clearOrderly -// This flag indicates if the execution of a command should cause the orderly -// state to be cleared. This flag is set to FALSE at the beginning of each -// command in ExecuteCommand() and is checked in ExecuteCommand() after the -// detailed actions of a command complete but before the check of -// 'g_updateNV'. If this flag is TRUE, and the orderly state is not -// SU_NONE_VALUE, then the orderly state in NV memory will be changed to -// SU_NONE_VALUE or SU_DA_USED_VALUE. -EXTERN BOOL g_clearOrderly; - -//*** g_prevOrderlyState -// This location indicates how the TPM was shut down before the most recent -// TPM2_Startup(). This value, along with the startup type, determines if -// the TPM should do a TPM Reset, TPM Restart, or TPM Resume. -EXTERN TPM_SU g_prevOrderlyState; - -//*** g_nvOk -// This value indicates if the NV integrity check was successful or not. If not and -// the failure was severe, then the TPM would have been put into failure mode after -// it had been re-manufactured. If the NV failure was in the area where the state-save -// data is kept, then this variable will have a value of FALSE indicating that -// a TPM2_Startup(CLEAR) is required. -EXTERN BOOL g_nvOk; -// NV availability is sampled as the start of each command and stored here -// so that its value remains consistent during the command execution -EXTERN TPM_RC g_NvStatus; - -#ifdef VENDOR_PERMANENT -//*** g_platformUnique -// This location contains the unique value(s) used to identify the TPM. It is -// loaded on every _TPM2_Startup() -// The first value is used to seed the RNG. The second value is used as a vendor -// authValue. The value used by the RNG would be the value derived from the -// chip unique value (such as fused) with a dependency on the authorities of the -// code in the TPM boot path. The second would be derived from the chip unique value -// with a dependency on the details of the code in the boot path. That is, the -// first value depends on the various signers of the code and the second depends on -// what was signed. The TPM vendor should not be able to know the first value but -// they are expected to know the second. -EXTERN TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG - -EXTERN TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT -#endif - -//********************************************************************************* -//********************************************************************************* -//** Persistent Global Values -//********************************************************************************* -//********************************************************************************* -//*** Description -// The values in this section are global values that are persistent across power -// events. The lifetime of the values determines the structure in which the value -// is placed. - -//********************************************************************************* -//*** PERSISTENT_DATA -//********************************************************************************* -// This structure holds the persistent values that only change as a consequence -// of a specific Protected Capability and are not affected by TPM power events -// (TPM2_Startup() or TPM2_Shutdown(). -typedef struct -{ -//********************************************************************************* -// Hierarchy -//********************************************************************************* -// The values in this section are related to the hierarchies. - - BOOL disableClear; // TRUE if TPM2_Clear() using - // lockoutAuth is disabled - - // Hierarchy authPolicies - TPMI_ALG_HASH ownerAlg; - TPMI_ALG_HASH endorsementAlg; - TPMI_ALG_HASH lockoutAlg; - TPM2B_DIGEST ownerPolicy; - TPM2B_DIGEST endorsementPolicy; - TPM2B_DIGEST lockoutPolicy; - - // Hierarchy authValues - TPM2B_AUTH ownerAuth; - TPM2B_AUTH endorsementAuth; - TPM2B_AUTH lockoutAuth; - - // Primary Seeds - TPM2B_SEED EPSeed; - TPM2B_SEED SPSeed; - TPM2B_SEED PPSeed; - // Note there is a nullSeed in the state_reset memory. - - // Hierarchy proofs - TPM2B_PROOF phProof; - TPM2B_PROOF shProof; - TPM2B_PROOF ehProof; - // Note there is a nullProof in the state_reset memory. - -//********************************************************************************* -// Reset Events -//********************************************************************************* -// A count that increments at each TPM reset and never get reset during the life -// time of TPM. The value of this counter is initialized to 1 during TPM -// manufacture process. It is used to invalidate all saved contexts after a TPM -// Reset. - UINT64 totalResetCount; - -// This counter increments on each TPM Reset. The counter is reset by -// TPM2_Clear(). - UINT32 resetCount; - -//********************************************************************************* -// PCR -//********************************************************************************* -// This structure hold the policies for those PCR that have an update policy. -// This implementation only supports a single group of PCR controlled by -// policy. If more are required, then this structure would be changed to -// an array. -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - PCR_POLICY pcrPolicies; -#endif - -// This structure indicates the allocation of PCR. The structure contains a -// list of PCR allocations for each implemented algorithm. If no PCR are -// allocated for an algorithm, a list entry still exists but the bit map -// will contain no SET bits. - TPML_PCR_SELECTION pcrAllocated; - -//********************************************************************************* -// Physical Presence -//********************************************************************************* -// The PP_LIST type contains a bit map of the commands that require physical -// to be asserted when the authorization is evaluated. Physical presence will be -// checked if the corresponding bit in the array is SET and if the authorization -// handle is TPM_RH_PLATFORM. -// -// These bits may be changed with TPM2_PP_Commands(). - BYTE ppList[(COMMAND_COUNT + 7) / 8]; - -//********************************************************************************* -// Dictionary attack values -//********************************************************************************* -// These values are used for dictionary attack tracking and control. - UINT32 failedTries; // the current count of unexpired - // authorization failures - - UINT32 maxTries; // number of unexpired authorization - // failures before the TPM is in - // lockout - - UINT32 recoveryTime; // time between authorization failures - // before failedTries is decremented - - UINT32 lockoutRecovery; // time that must expire between - // authorization failures associated - // with lockoutAuth - - BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is - // allowed - -//***************************************************************************** -// Orderly State -//***************************************************************************** -// The orderly state for current cycle - TPM_SU orderlyState; - -//***************************************************************************** -// Command audit values. -//***************************************************************************** - BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8]; - TPMI_ALG_HASH auditHashAlg; - UINT64 auditCounter; - -//***************************************************************************** -// Algorithm selection -//***************************************************************************** -// -// The 'algorithmSet' value indicates the collection of algorithms that are -// currently in used on the TPM. The interpretation of value is vendor dependent. - UINT32 algorithmSet; - -//***************************************************************************** -// Firmware version -//***************************************************************************** -// The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is -// a scheme used in development to allow determination of the linker build time -// of the TPM. An actual implementation would implement these values in a way that -// is consistent with vendor needs. The values are maintained in RAM for simplified -// access with a master version in NV. These values are modified in a -// vendor-specific way. - -// g_firmwareV1 contains the more significant 32-bits of the vendor version number. -// In the reference implementation, if this value is printed as a hex -// value, it will have the format of YYYYMMDD - UINT32 firmwareV1; - -// g_firmwareV1 contains the less significant 32-bits of the vendor version number. -// In the reference implementation, if this value is printed as a hex -// value, it will have the format of 00 HH MM SS - UINT32 firmwareV2; -//***************************************************************************** -// Timer Epoch -//***************************************************************************** -// timeEpoch contains a nonce that has a vendor=specific size (should not be -// less than 8 bytes. This nonce changes when the clock epoch changes. The clock -// epoch changes when there is a discontinuity in the timing of the TPM. -#if !CLOCK_STOPS - CLOCK_NONCE timeEpoch; -#endif - -} PERSISTENT_DATA; - -EXTERN PERSISTENT_DATA gp; - -//********************************************************************************* -//********************************************************************************* -//*** ORDERLY_DATA -//********************************************************************************* -//********************************************************************************* -// The data in this structure is saved to NV on each TPM2_Shutdown(). -typedef struct orderly_data -{ -//***************************************************************************** -// TIME -//***************************************************************************** - -// Clock has two parts. One is the state save part and one is the NV part. The -// state save version is updated on each command. When the clock rolls over, the -// NV version is updated. When the TPM starts up, if the TPM was shutdown in and -// orderly way, then the sClock value is used to initialize the clock. If the -// TPM shutdown was not orderly, then the persistent value is used and the safe -// attribute is clear. - - UINT64 clock; // The orderly version of clock - TPMI_YES_NO clockSafe; // Indicates if the clock value is - // safe. - - // In many implementations, the quality of the entropy available is not that - // high. To compensate, the current value of the drbgState can be saved and - // restored on each power cycle. This prevents the internal state from reverting - // to the initial state on each power cycle and starting with a limited amount - // of entropy. By keeping the old state and adding entropy, the entropy will - // accumulate. - DRBG_STATE drbgState; - -// These values allow the accumulation of self-healing time across orderly shutdown -// of the TPM. -#if ACCUMULATE_SELF_HEAL_TIMER - UINT64 selfHealTimer; // current value of s_selfHealTimer - UINT64 lockoutTimer; // current value of s_lockoutTimer - UINT64 time; // current value of g_time at shutdown -#endif // ACCUMULATE_SELF_HEAL_TIMER - -} ORDERLY_DATA; - -#if ACCUMULATE_SELF_HEAL_TIMER -#define s_selfHealTimer go.selfHealTimer -#define s_lockoutTimer go.lockoutTimer -#endif // ACCUMULATE_SELF_HEAL_TIMER - -# define drbgDefault go.drbgState - -EXTERN ORDERLY_DATA go; - -//********************************************************************************* -//********************************************************************************* -//*** STATE_CLEAR_DATA -//********************************************************************************* -//********************************************************************************* -// This structure contains the data that is saved on Shutdown(STATE) -// and restored on Startup(STATE). The values are set to their default -// settings on any Startup(Clear). In other words, the data is only persistent -// across TPM Resume. -// -// If the comments associated with a parameter indicate a default reset value, the -// value is applied on each Startup(CLEAR). - -typedef struct state_clear_data -{ -//***************************************************************************** -// Hierarchy Control -//***************************************************************************** - BOOL shEnable; // default reset is SET - BOOL ehEnable; // default reset is SET - BOOL phEnableNV; // default reset is SET - TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL - TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer - TPM2B_AUTH platformAuth; // default reset is an Empty Buffer - -//***************************************************************************** -// PCR -//***************************************************************************** -// The set of PCR to be saved on Shutdown(STATE) - PCR_SAVE pcrSave; // default reset is 0...0 - -// This structure hold the authorization values for those PCR that have an -// update authorization. -// This implementation only supports a single group of PCR controlled by -// authorization. If more are required, then this structure would be changed to -// an array. - PCR_AUTHVALUE pcrAuthValues; -} STATE_CLEAR_DATA; - -EXTERN STATE_CLEAR_DATA gc; - -//********************************************************************************* -//********************************************************************************* -//*** State Reset Data -//********************************************************************************* -//********************************************************************************* -// This structure contains data is that is saved on Shutdown(STATE) and restored on -// the subsequent Startup(ANY). That is, the data is preserved across TPM Resume -// and TPM Restart. -// -// If a default value is specified in the comments this value is applied on -// TPM Reset. - -typedef struct state_reset_data -{ -//***************************************************************************** -// Hierarchy Control -//***************************************************************************** - TPM2B_PROOF nullProof; // The proof value associated with - // the TPM_RH_NULL hierarchy. The - // default reset value is from the RNG. - - TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL - // hierarchy. The default reset value - // is from the RNG. - -//***************************************************************************** -// Context -//***************************************************************************** -// The 'clearCount' counter is incremented each time the TPM successfully executes -// a TPM Resume. The counter is included in each saved context that has 'stClear' -// SET (including descendants of keys that have 'stClear' SET). This prevents these -// objects from being loaded after a TPM Resume. -// If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE), -// the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). - UINT32 clearCount; // The default reset value is 0. - - UINT64 objectContextID; // This is the context ID for a saved - // object context. The default reset - // value is 0. -#ifndef NDEBUG -#undef CONTEXT_SLOT -#define CONTEXT_SLOT BYTE -#endif - - CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains - // contains the values used to track - // the version numbers of saved - // contexts (see - // Session.c in for details). The - // default reset value is {0}. - - CONTEXT_COUNTER contextCounter; // This is the value from which the - // 'contextID' is derived. The - // default reset value is {0}. - -//***************************************************************************** -// Command Audit -//***************************************************************************** -// When an audited command completes, ExecuteCommand() checks the return -// value. If it is TPM_RC_SUCCESS, and the command is an audited command, the -// TPM will extend the cpHash and rpHash for the command to this value. If this -// digest was the Zero Digest before the cpHash was extended, the audit counter -// is incremented. - - TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest - // by TPM2_GetCommandAuditDigest() or a - // TPM Reset. - -//***************************************************************************** -// Boot counter -//***************************************************************************** - - UINT32 restartCount; // This counter counts TPM Restarts. - // The default reset value is 0. - -//********************************************************************************* -// PCR -//********************************************************************************* -// This counter increments whenever the PCR are updated. This counter is preserved -// across TPM Resume even though the PCR are not preserved. This is because -// sessions remain active across TPM Restart and the count value in the session -// is compared to this counter so this counter must have values that are unique -// as long as the sessions are active. -// NOTE: A platform-specific specification may designate that certain PCR changes -// do not increment this counter to increment. - UINT32 pcrCounter; // The default reset value is 0. - -#if ALG_ECC - -//***************************************************************************** -// ECDAA -//***************************************************************************** - UINT64 commitCounter; // This counter increments each time - // TPM2_Commit() returns - // TPM_RC_SUCCESS. The default reset - // value is 0. - - TPM2B_NONCE commitNonce; // This random value is used to compute - // the commit values. The default reset - // value is from the RNG. - -// This implementation relies on the number of bits in g_commitArray being a -// power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. - BYTE commitArray[16]; // The default reset value is {0}. - -#endif // ALG_ECC -} STATE_RESET_DATA; - -EXTERN STATE_RESET_DATA gr; - -//** NV Layout -// The NV data organization is -// 1) a PERSISTENT_DATA structure -// 2) a STATE_RESET_DATA structure -// 3) a STATE_CLEAR_DATA structure -// 4) an ORDERLY_DATA structure -// 5) the user defined NV index space -#define NV_PERSISTENT_DATA (0) -#define NV_STATE_RESET_DATA (NV_PERSISTENT_DATA + sizeof(PERSISTENT_DATA)) -#define NV_STATE_CLEAR_DATA (NV_STATE_RESET_DATA + sizeof(STATE_RESET_DATA)) -#define NV_ORDERLY_DATA (NV_STATE_CLEAR_DATA + sizeof(STATE_CLEAR_DATA)) -#define NV_INDEX_RAM_DATA (NV_ORDERLY_DATA + sizeof(ORDERLY_DATA)) -#define NV_USER_DYNAMIC (NV_INDEX_RAM_DATA + sizeof(s_indexOrderlyRam)) -#define NV_USER_DYNAMIC_END NV_MEMORY_SIZE - -//** Global Macro Definitions -// The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members -// of the PERSISTENT_DATA structure in NV. -#define NV_READ_PERSISTENT(to, from) \ - NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) - -#define NV_WRITE_PERSISTENT(to, from) \ - NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) - -#define CLEAR_PERSISTENT(item) \ - NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) - -#define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item) - -// At the start of command processing, the index of the command is determined. This -// index value is used to access the various data tables that contain per-command -// information. There are multiple options for how the per-command tables can be -// implemented. This is resolved in GetClosestCommandIndex(). -typedef UINT16 COMMAND_INDEX; -#define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) - -typedef struct _COMMAND_FLAGS_ -{ - unsigned trialPolicy : 1; //1) If SET, one of the handles references a - // trial policy and authorization may be - // skipped. This is only allowed for a policy - // command. -} COMMAND_FLAGS; - -// This structure is used to avoid having to manage a large number of -// parameters being passed through various levels of the command input processing. -// -typedef struct _COMMAND_ -{ - TPM_ST tag; // the parsed command tag - TPM_CC code; // the parsed command code - COMMAND_INDEX index; // the computed command index - UINT32 handleNum; // the number of entity handles in the - // handle area of the command - TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values - UINT32 sessionNum; // the number of sessions found - INT32 parameterSize; // starts out with the parsed command size - // and is reduced and values are - // unmarshaled. Just before calling the - // command actions, this should be zero. - // After the command actions, this number - // should grow as values are marshaled - // in to the response buffer. - INT32 authSize; // this is initialized with the parsed size - // of authorizationSize field and should - // be zero when the authorizations are - // parsed. - BYTE *parameterBuffer; // input to ExecuteCommand - BYTE *responseBuffer; // input to ExecuteCommand -#if ALG_SHA1 - TPM2B_SHA1_DIGEST sha1CpHash; - TPM2B_SHA1_DIGEST sha1RpHash; -#endif -#if ALG_SHA256 - TPM2B_SHA256_DIGEST sha256CpHash; - TPM2B_SHA256_DIGEST sha256RpHash; -#endif -#if ALG_SHA384 - TPM2B_SHA384_DIGEST sha384CpHash; - TPM2B_SHA384_DIGEST sha384RpHash; -#endif -#if ALG_SHA512 - TPM2B_SHA512_DIGEST sha512CpHash; - TPM2B_SHA512_DIGEST sha512RpHash; -#endif -#if ALG_SM3_256 - TPM2B_SM3_256_DIGEST sm3_256CpHash; - TPM2B_SM3_256_DIGEST sm3_256RpHash; -#endif -} COMMAND; - -// Global sting constants for consistency in KDF function calls. -// These string constants are shared across functions to make sure that they -// are all using consistent sting values. - -#define STRING_INITIALIZER(value) {{sizeof(value), {value}}} -#define TPM2B_STRING(name, value) \ -typedef union name##_ { \ - struct { \ - UINT16 size; \ - BYTE buffer[sizeof(value)]; \ - } t; \ - TPM2B b; \ - } TPM2B_##name##_; \ -EXTERN const TPM2B_##name##_ name##_ INITIALIZER(STRING_INITIALIZER(value)); \ -EXTERN const TPM2B *name INITIALIZER(&name##_.b) - -TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation"); -TPM2B_STRING(CFB_KEY, "CFB"); -TPM2B_STRING(CONTEXT_KEY, "CONTEXT"); -TPM2B_STRING(INTEGRITY_KEY, "INTEGRITY"); -TPM2B_STRING(SECRET_KEY, "SECRET"); -TPM2B_STRING(SESSION_KEY, "ATH"); -TPM2B_STRING(STORAGE_KEY, "STORAGE"); -TPM2B_STRING(XOR_KEY, "XOR"); -TPM2B_STRING(COMMIT_STRING, "ECDAA Commit"); -TPM2B_STRING(DUPLICATE_STRING, "DUPLICATE"); -TPM2B_STRING(IDENTITY_STRING, "IDENTITY"); -TPM2B_STRING(OBFUSCATE_STRING, "OBFUSCATE"); -#if SELF_TEST -TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value"); -#endif // SELF_TEST - -//***************************************************************************** -//** From CryptTest.c -//***************************************************************************** -// This structure contains the self-test state values for the cryptographic modules. -EXTERN CRYPTO_SELF_TEST_STATE g_cryptoSelfTestState; - -//***************************************************************************** -//** From Manufacture.c -//***************************************************************************** -EXTERN BOOL g_manufactured INITIALIZER(FALSE); - -// This value indicates if a TPM2_Startup commands has been -// receive since the power on event. This flag is maintained in power -// simulation module because this is the only place that may reliably set this -// flag to FALSE. -EXTERN BOOL g_initialized; - -//** Private data - -//***************************************************************************** -//*** From SessionProcess.c -//***************************************************************************** -#if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C -// The following arrays are used to save command sessions information so that the -// command handle/session buffer does not have to be preserved for the duration of -// the command. These arrays are indexed by the session index in accordance with -// the order of sessions in the session area of the command. -// -// Array of the authorization session handles -EXTERN TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; - -// Array of authorization session attributes -EXTERN TPMA_SESSION s_attributes[MAX_SESSION_NUM]; - -// Array of handles authorized by the corresponding authorization sessions; -// and if none, then TPM_RH_UNASSIGNED value is used -EXTERN TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; - -// Array of nonces provided by the caller for the corresponding sessions -EXTERN TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; - -// Array of authorization values (HMAC's or passwords) for the corresponding -// sessions -EXTERN TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; - -// Array of pointers to the SESSION structures for the sessions in a command -EXTERN SESSION *s_usedSessions[MAX_SESSION_NUM]; - -// Special value to indicate an undefined session index -#define UNDEFINED_INDEX (0xFFFF) - -// Index of the session used for encryption of a response parameter -EXTERN UINT32 s_encryptSessionIndex; - -// Index of the session used for decryption of a command parameter -EXTERN UINT32 s_decryptSessionIndex; - -// Index of a session used for audit -EXTERN UINT32 s_auditSessionIndex; - -// The cpHash for command audit -#ifdef TPM_CC_GetCommandAuditDigest -EXTERN TPM2B_DIGEST s_cpHashForCommandAudit; -#endif - -// Flag indicating if NV update is pending for the lockOutAuthEnabled or -// failedTries DA parameter -EXTERN BOOL s_DAPendingOnNV; - -#endif // SESSION_PROCESS_C - -//***************************************************************************** -//*** From DA.c -//***************************************************************************** -#if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C -// This variable holds the accumulated time since the last time -// that 'failedTries' was decremented. This value is in millisecond. -#if !ACCUMULATE_SELF_HEAL_TIMER -EXTERN UINT64 s_selfHealTimer; - -// This variable holds the accumulated time that the lockoutAuth has been -// blocked. -EXTERN UINT64 s_lockoutTimer; -#endif // ACCUMULATE_SELF_HEAL_TIMER - -#endif // DA_C - -//***************************************************************************** -//*** From NV.c -//***************************************************************************** -#if defined NV_C || defined GLOBAL_C -// This marks the end of the NV area. This is a run-time variable as it might -// not be compile-time constant. -EXTERN NV_REF s_evictNvEnd; - -// This space is used to hold the index data for an orderly Index. It also contains -// the attributes for the index. -EXTERN BYTE s_indexOrderlyRam[RAM_INDEX_SPACE]; // The orderly NV Index data - -// This value contains the current max counter value. It is written to the end of -// allocatable NV space each time an index is deleted or added. This value is -// initialized on Startup. The indices are searched and the maximum of all the -// current counter indices and this value is the initial value for this. -EXTERN UINT64 s_maxCounter; - -// This is space used for the NV Index cache. As with a persistent object, the -// contents of a referenced index are copied into the cache so that the -// NV Index memory scanning and data copying can be reduced. -// Only code that operates on NV Index data should use this cache directly. When -// that action code runs, s_lastNvIndex will contain the index header information. -// It will have been loaded when the handles were verified. -// NOTE: An NV index handle can appear in many commands that do not operate on the -// NV data (e.g. TPM2_StartAuthSession). However, only one NV Index at a time is -// ever directly referenced by any command. If that changes, then the NV Index -// caching needs to be changed to accommodate that. Currently, the code will verify -// that only one NV Index is referenced by the handles of the command. -EXTERN NV_INDEX s_cachedNvIndex; -EXTERN NV_REF s_cachedNvRef; -EXTERN BYTE *s_cachedNvRamRef; - -// Initial NV Index/evict object iterator value -#define NV_REF_INIT (NV_REF)0xFFFFFFFF - -#endif - -//***************************************************************************** -//*** From Object.c -//***************************************************************************** -#if defined OBJECT_C || defined GLOBAL_C -// This type is the container for an object. - -EXTERN OBJECT s_objects[MAX_LOADED_OBJECTS]; - -#endif // OBJECT_C - -//***************************************************************************** -//*** From PCR.c -//***************************************************************************** -#if defined PCR_C || defined GLOBAL_C -typedef struct -{ -#if ALG_SHA1 - // SHA1 PCR - BYTE sha1Pcr[SHA1_DIGEST_SIZE]; -#endif -#if ALG_SHA256 - // SHA256 PCR - BYTE sha256Pcr[SHA256_DIGEST_SIZE]; -#endif -#if ALG_SHA384 - // SHA384 PCR - BYTE sha384Pcr[SHA384_DIGEST_SIZE]; -#endif -#if ALG_SHA512 - // SHA512 PCR - BYTE sha512Pcr[SHA512_DIGEST_SIZE]; -#endif -#if ALG_SM3_256 - // SHA256 PCR - BYTE sm3_256Pcr[SM3_256_DIGEST_SIZE]; -#endif -} PCR; - -typedef struct -{ - unsigned int stateSave : 1; // if the PCR value should be - // saved in state save - unsigned int resetLocality : 5; // The locality that the PCR - // can be reset - unsigned int extendLocality : 5; // The locality that the PCR - // can be extend -} PCR_Attributes; - -EXTERN PCR s_pcrs[IMPLEMENTATION_PCR]; - -#endif // PCR_C - -//***************************************************************************** -//*** From Session.c -//***************************************************************************** -#if defined SESSION_C || defined GLOBAL_C -// Container for HMAC or policy session tracking information -typedef struct -{ - BOOL occupied; - SESSION session; // session structure -} SESSION_SLOT; - -EXTERN SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; - -// The index in contextArray that has the value of the oldest saved session -// context. When no context is saved, this will have a value that is greater -// than or equal to MAX_ACTIVE_SESSIONS. -EXTERN UINT32 s_oldestSavedSession; - -// The number of available session slot openings. When this is 1, -// a session can't be created or loaded if the GAP is maxed out. -// The exception is that the oldest saved session context can always -// be loaded (assuming that there is a space in memory to put it) -EXTERN int s_freeSessionSlots; - -#endif // SESSION_C - -//***************************************************************************** -//*** From IoBuffers.c -//***************************************************************************** -#if defined IO_BUFFER_C || defined GLOBAL_C -// Each command function is allowed a structure for the inputs to the function and -// a structure for the outputs. The command dispatch code unmarshals the input butter -// to the command action input structure starting at the first byte of -// s_actionIoBuffer. The value of s_actionIoAllocation is the number of UINT64 values -// allocated. It is used to set the pointer for the response structure. The command -// dispatch code will marshal the response values into the final output buffer. -EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer -EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the - // action input structure -#endif // IO_BUFFER_C - -//***************************************************************************** -//*** From TPMFail.c -//***************************************************************************** -// This value holds the address of the string containing the name of the function -// in which the failure occurred. This address value isn't useful for anything -// other than helping the vendor to know in which file the failure occurred. -EXTERN BOOL g_inFailureMode; // Indicates that the TPM is in failure mode -#if SIMULATION -EXTERN BOOL g_forceFailureMode; // flag to force failure mode during test -#endif - -typedef void(FailFunction)(const char *function, int line, int code); - -#if defined TPM_FAIL_C || defined GLOBAL_C -EXTERN UINT32 s_failFunction; -EXTERN UINT32 s_failLine; // the line in the file at which - // the error was signaled -EXTERN UINT32 s_failCode; // the error code used - -EXTERN FailFunction *LibFailCallback; - -#endif // TPM_FAIL_C - -//***************************************************************************** -//*** From CommandCodeAttributes.c -//***************************************************************************** -// This array is instanced in CommandCodeAttributes.c when it includes -// CommandCodeAttributes.h. Don't change the extern to EXTERN. -extern const TPMA_CC s_ccAttr[]; -extern const COMMAND_ATTRIBUTES s_commandAttributes[]; - -#endif // GLOBAL_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h deleted file mode 100644 index 22f1b5a7e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h +++ /dev/null @@ -1,332 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file is a collection of miscellaneous macros. - -#ifndef GP_MACROS_H -#define GP_MACROS_H - -#ifndef NULL -#define NULL 0 -#endif - -#include "swap.h" -#include "VendorString.h" - - -//** For Self-test -// These macros are used in CryptUtil to invoke the incremental self test. -#if SELF_TEST -# define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL) - -// Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting -// to test a hash with that value, don't do it. -# define TEST_HASH(alg) \ - if(TEST_BIT(alg, g_toTest) \ - && (alg != ALG_NULL_VALUE)) \ - CryptTestAlgorithm(alg, NULL) -#else -# define TEST(alg) -# define TEST_HASH(alg) -#endif // SELF_TEST - -//** For Failures -#if defined _POSIX_ -# define FUNCTION_NAME 0 -#else -# define FUNCTION_NAME __FUNCTION__ -#endif - -#if !FAIL_TRACE -# define FAIL(errorCode) (TpmFail(errorCode)) -# define LOG_FAILURE(errorCode) (TpmLogFailure(errorCode)) -#else -# define FAIL(errorCode) TpmFail(FUNCTION_NAME, __LINE__, errorCode) -# define LOG_FAILURE(errorCode) TpmLogFailure(FUNCTION_NAME, __LINE__, errorCode) -#endif - -// If implementation is using longjmp, then the call to TpmFail() does not return -// and the compiler will complain about unreachable code that comes after. To allow -// for not having longjmp, TpmFail() will return and the subsequent code will be -// executed. This macro accounts for the difference. -#ifndef NO_LONGJMP -# define FAIL_RETURN(returnCode) -# define TPM_FAIL_RETURN NORETURN void -#else -# define FAIL_RETURN(returnCode) return (returnCode) -# define TPM_FAIL_RETURN void -#endif - -// This macro tests that a condition is TRUE and puts the TPM into failure mode -// if it is not. If longjmp is being used, then the FAIL(FATAL_ERROR_) macro makes -// a call from which there is no return. Otherwise, it returns and the function -// will exit with the appropriate return code. -#define REQUIRE(condition, errorCode, returnCode) \ - { \ - if(!!(condition)) \ - { \ - FAIL(FATAL_ERROR_errorCode); \ - FAIL_RETURN(returnCode); \ - } \ - } - -#define PARAMETER_CHECK(condition, returnCode) \ - REQUIRE((condition), PARAMETER, returnCode) - -#if (defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO) -# define pAssert(a) ((void)0) -#else -# define pAssert(a) {if(!(a)) FAIL(FATAL_ERROR_PARAMETER);} -#endif - -//** Derived from Vendor-specific values -// Values derived from vendor specific settings in TpmProfile.h -#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) -#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) -#define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1) - -//** Compile-time Checks -// In some cases, the relationship between two values may be dependent -// on things that change based on various selections like the chosen cryptographic -// libraries. It is possible that these selections will result in incompatible -// settings. These are often detectable by the compiler but it isn't always -// possible to do the check in the preprocessor code. For example, when the -// check requires use of "sizeof" then the preprocessor can't do the comparison. -// For these cases, we include a special macro that, depending on the compiler -// will generate a warning to indicate if the check always passes or always fails -// because it involves fixed constants. To run these checks, define COMPILER_CHECKS -// in TpmBuildSwitches.h -#if COMPILER_CHECKS -# define cAssert pAssert -#else -# define cAssert(value) -#endif - -// This is used commonly in the "Crypt" code as a way to keep listings from -// getting too long. This is not to save paper but to allow one to see more -// useful stuff on the screen at any given time. -#define ERROR_RETURN(returnCode) \ - { \ - retVal = returnCode; \ - goto Exit; \ - } - -#ifndef MAX -# define MAX(a, b) ((a) > (b) ? (a) : (b)) -#endif -#ifndef MIN -# define MIN(a, b) ((a) < (b) ? (a) : (b)) -#endif -#ifndef IsOdd -# define IsOdd(a) (((a) & 1) != 0) -#endif - -#ifndef BITS_TO_BYTES -# define BITS_TO_BYTES(bits) (((bits) + 7) >> 3) -#endif - -// These are defined for use when the size of the vector being checked is known -// at compile time. -#define TEST_BIT(bit, vector) TestBit((bit), (BYTE *)&(vector), sizeof(vector)) -#define SET_BIT(bit, vector) SetBit((bit), (BYTE *)&(vector), sizeof(vector)) -#define CLEAR_BIT(bit, vector) ClearBit((bit), (BYTE *)&(vector), sizeof(vector)) - - -// The following definitions are used if they have not already been defined. The -// defaults for these settings are compatible with ISO/IEC 9899:2011 (E) -#ifndef LIB_EXPORT -# define LIB_EXPORT -# define LIB_IMPORT -#endif -#ifndef NORETURN -# define NORETURN _Noreturn -#endif -#ifndef NOT_REFERENCED -# define NOT_REFERENCED(x = x) ((void) (x)) -#endif - -#define STD_RESPONSE_HEADER (sizeof(TPM_ST) + sizeof(UINT32) + sizeof(TPM_RC)) - -#define JOIN(x, y) x##y -#define JOIN3(x, y, z) x##y##z -#define CONCAT(x, y) JOIN(x, y) -#define CONCAT3(x, y, z) JOIN3(x,y,z) - -// If CONTEXT_INTEGRITY_HASH_ALG is defined, then the vendor is using the old style -// table. Otherwise, pick the "strongest" implemented hash algorithm as the context -// hash. -#ifndef CONTEXT_HASH_ALGORITHM -# if defined ALG_SHA512 && ALG_SHA512 == YES -# define CONTEXT_HASH_ALGORITHM SHA512 -# elif defined ALG_SHA384 && ALG_SHA384 == YES -# define CONTEXT_HASH_ALGORITHM SHA384 -# elif defined ALG_SHA256 && ALG_SHA256 == YES -# define CONTEXT_HASH_ALGORITHM SHA256 -# elif defined ALG_SM3_256 && ALG_SM3_256 == YES -# define CONTEXT_HASH_ALGORITHM SM3_256 -# elif defined ALG_SHA1 && ALG_SHA1 == YES -# define CONTEXT_HASH_ALGORITHM SHA1 -# endif -# define CONTEXT_INTEGRITY_HASH_ALG CONCAT(TPM_ALG_, CONTEXT_HASH_ALGORITHM) -#endif - -#ifndef CONTEXT_INTEGRITY_HASH_SIZE -#define CONTEXT_INTEGRITY_HASH_SIZE CONCAT(CONTEXT_HASH_ALGORITHM, _DIGEST_SIZE) -#endif -#if ALG_RSA -#define RSA_SECURITY_STRENGTH (MAX_RSA_KEY_BITS >= 15360 ? 256 : \ - (MAX_RSA_KEY_BITS >= 7680 ? 192 : \ - (MAX_RSA_KEY_BITS >= 3072 ? 128 : \ - (MAX_RSA_KEY_BITS >= 2048 ? 112 : \ - (MAX_RSA_KEY_BITS >= 1024 ? 80 : 0))))) -#else -#define RSA_SECURITY_STRENGTH 0 -#endif // ALG_RSA - -#if ALG_ECC -#define ECC_SECURITY_STRENGTH (MAX_ECC_KEY_BITS >= 521 ? 256 : \ - (MAX_ECC_KEY_BITS >= 384 ? 192 : \ - (MAX_ECC_KEY_BITS >= 256 ? 128 : 0))) -#else -#define ECC_SECURITY_STRENGTH 0 -#endif // ALG_ECC - -#define MAX_ASYM_SECURITY_STRENGTH \ - MAX(RSA_SECURITY_STRENGTH, ECC_SECURITY_STRENGTH) - -#define MAX_HASH_SECURITY_STRENGTH ((CONTEXT_INTEGRITY_HASH_SIZE * 8) / 2) - -// Unless some algorithm is broken... -#define MAX_SYM_SECURITY_STRENGTH MAX_SYM_KEY_BITS - -#define MAX_SECURITY_STRENGTH_BITS \ - MAX(MAX_ASYM_SECURITY_STRENGTH, \ - MAX(MAX_SYM_SECURITY_STRENGTH, \ - MAX_HASH_SECURITY_STRENGTH)) - -// This is the size that was used before the 1.38 errata requiring that P1.14.4 be -// followed -#define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE - -// As required by P1.14.4 -#define COMPLIANT_PROOF_SIZE \ - (MAX(CONTEXT_INTEGRITY_HASH_SIZE, (2 * MAX_SYM_KEY_BYTES))) - -// As required by P1.14.3.1 -#define COMPLIANT_PRIMARY_SEED_SIZE \ - BITS_TO_BYTES(MAX_SECURITY_STRENGTH_BITS * 2) - -// This is the pre-errata version -#ifndef PRIMARY_SEED_SIZE -# define PRIMARY_SEED_SIZE PROOF_SIZE -#endif - -#if USE_SPEC_COMPLIANT_PROOFS -# undef PROOF_SIZE -# define PROOF_SIZE COMPLIANT_PROOF_SIZE -# undef PRIMARY_SEED_SIZE -# define PRIMARY_SEED_SIZE COMPLIANT_PRIMARY_SEED_SIZE -#endif // USE_SPEC_COMPLIANT_PROOFS - -#if !SKIP_PROOF_ERRORS -# if PROOF_SIZE < COMPLIANT_PROOF_SIZE -# error "PROOF_SIZE is not compliant with TPM specification" -# endif -# if PRIMARY_SEED_SIZE < COMPLIANT_PRIMARY_SEED_SIZE -# error Non-compliant PRIMARY_SEED_SIZE -# endif -#endif // !SKIP_PROOF_ERRORS - -// If CONTEXT_ENCRYPT_ALG is defined, then the vendor is using the old style table -#if defined CONTEXT_ENCRYPT_ALG -# undef CONTEXT_ENCRYPT_ALGORITHM -# if CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE -# define CONTEXT_ENCRYPT_ALGORITHM AES -# elif CONTEXT_ENCRYPT_ALG == ALG_SM4_VALUE -# define CONTEXT_ENCRYPT_ALGORITHM SM4 -# elif CONTEXT_ENCRYPT_ALG == ALG_CAMELLIA_VALUE -# define CONTEXT_ENCRYPT_ALGORITHM CAMELLIA -# elif CONTEXT_ENCRYPT_ALG == ALG_TDES_VALUE -# error Are you kidding? -# else -# error Unknown value for CONTEXT_ENCRYPT_ALG -# endif // CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE -#else -# define CONTEXT_ENCRYPT_ALG \ - CONCAT3(ALG_, CONTEXT_ENCRYPT_ALGORITHM, _VALUE) -#endif // CONTEXT_ENCRYPT_ALG -#define CONTEXT_ENCRYPT_KEY_BITS \ - CONCAT(CONTEXT_ENCRYPT_ALGORITHM, _MAX_KEY_SIZE_BITS) -#define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7)/8) - -// This is updated to follow the requirement of P2 that the label not be larger -// than 32 bytes. -#ifndef LABEL_MAX_BUFFER -#define LABEL_MAX_BUFFER MIN(32, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE)) -#endif - -// This bit is used to indicate that an authorization ticket expires on TPM Reset -// and TPM Restart. It is added to the timeout value returned by TPM2_PoliySigned() -// and TPM2_PolicySecret() and used by TPM2_PolicyTicket(). The timeout value is -// relative to Time (g_time). Time is reset whenever the TPM loses power and cannot -// be moved forward by the user (as can Clock). 'g_time' is a 64-bit value expressing -// time in ms. Stealing the MSb for a flag means that the TPM needs to be reset -// at least once every 292,471,208 years rather than once every 584,942,417 years. -#define EXPIRATION_BIT ((UINT64)1 << 63) - -// Check for consistency of the bit ordering of bit fields -#if BIG_ENDIAN_TPM && MOST_SIGNIFICANT_BIT_0 && USE_BIT_FIELD_STRUCTURES -# error "Settings not consistent" -#endif - -// These macros are used to handle the variation in handling of bit fields. If -#if USE_BIT_FIELD_STRUCTURES // The default, old version, with bit fields -# define IS_ATTRIBUTE(a, type, b) ((a.b) != 0) -# define SET_ATTRIBUTE(a, type, b) (a.b = SET) -# define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR) -# define GET_ATTRIBUTE(a, type, b) (a.b) -# define TPMA_ZERO_INITIALIZER() {0} -#else -# define IS_ATTRIBUTE(a, type, b) ((a & type##_##b) != 0) -# define SET_ATTRIBUTE(a, type, b) (a |= type##_##b) -# define CLEAR_ATTRIBUTE(a, type, b) (a &= ~type##_##b) -# define GET_ATTRIBUTE(a, type, b) \ - (type)((a & type##_##b) >> type##_##b##_SHIFT) -# define TPMA_ZERO_INITIALIZER() (0) -#endif - -#define VERIFY(_X) if(!(_X)) goto Error - -#endif // GP_MACROS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h deleted file mode 100644 index 51e740ff4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h +++ /dev/null @@ -1,1008 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmDispatch; Version 4.0 July 8,2017 - * Date: Oct 9, 2018 Time: 07:25:19PM - */ -#if CC_Startup -case TPM_CC_Startup: - break; -#endif // CC_Startup -#if CC_Shutdown -case TPM_CC_Shutdown: - break; -#endif // CC_Shutdown -#if CC_SelfTest -case TPM_CC_SelfTest: - break; -#endif // CC_SelfTest -#if CC_IncrementalSelfTest -case TPM_CC_IncrementalSelfTest: - break; -#endif // CC_IncrementalSelfTest -#if CC_GetTestResult -case TPM_CC_GetTestResult: - break; -#endif // CC_GetTestResult -#if CC_StartAuthSession -case TPM_CC_StartAuthSession: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_ENTITY_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_StartAuthSession -#if CC_PolicyRestart -case TPM_CC_PolicyRestart: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyRestart -#if CC_Create -case TPM_CC_Create: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Create -#if CC_Load -case TPM_CC_Load: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Load -#if CC_LoadExternal -case TPM_CC_LoadExternal: - break; -#endif // CC_LoadExternal -#if CC_ReadPublic -case TPM_CC_ReadPublic: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ReadPublic -#if CC_ActivateCredential -case TPM_CC_ActivateCredential: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_ActivateCredential -#if CC_MakeCredential -case TPM_CC_MakeCredential: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_MakeCredential -#if CC_Unseal -case TPM_CC_Unseal: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Unseal -#if CC_ObjectChangeAuth -case TPM_CC_ObjectChangeAuth: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_ObjectChangeAuth -#if CC_CreateLoaded -case TPM_CC_CreateLoaded: - *handleCount = 1; - result = TPMI_DH_PARENT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_CreateLoaded -#if CC_Duplicate -case TPM_CC_Duplicate: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_Duplicate -#if CC_Rewrap -case TPM_CC_Rewrap: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_Rewrap -#if CC_Import -case TPM_CC_Import: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Import -#if CC_RSA_Encrypt -case TPM_CC_RSA_Encrypt: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_RSA_Encrypt -#if CC_RSA_Decrypt -case TPM_CC_RSA_Decrypt: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_RSA_Decrypt -#if CC_ECDH_KeyGen -case TPM_CC_ECDH_KeyGen: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ECDH_KeyGen -#if CC_ECDH_ZGen -case TPM_CC_ECDH_ZGen: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ECDH_ZGen -#if CC_ECC_Parameters -case TPM_CC_ECC_Parameters: - break; -#endif // CC_ECC_Parameters -#if CC_ZGen_2Phase -case TPM_CC_ZGen_2Phase: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ZGen_2Phase -#if CC_EncryptDecrypt -case TPM_CC_EncryptDecrypt: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_EncryptDecrypt -#if CC_EncryptDecrypt2 -case TPM_CC_EncryptDecrypt2: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_EncryptDecrypt2 -#if CC_Hash -case TPM_CC_Hash: - break; -#endif // CC_Hash -#if CC_HMAC -case TPM_CC_HMAC: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_HMAC -#if CC_MAC -case TPM_CC_MAC: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_MAC -#if CC_GetRandom -case TPM_CC_GetRandom: - break; -#endif // CC_GetRandom -#if CC_StirRandom -case TPM_CC_StirRandom: - break; -#endif // CC_StirRandom -#if CC_HMAC_Start -case TPM_CC_HMAC_Start: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_HMAC_Start -#if CC_MAC_Start -case TPM_CC_MAC_Start: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_MAC_Start -#if CC_HashSequenceStart -case TPM_CC_HashSequenceStart: - break; -#endif // CC_HashSequenceStart -#if CC_SequenceUpdate -case TPM_CC_SequenceUpdate: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SequenceUpdate -#if CC_SequenceComplete -case TPM_CC_SequenceComplete: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SequenceComplete -#if CC_EventSequenceComplete -case TPM_CC_EventSequenceComplete: - *handleCount = 2; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_EventSequenceComplete -#if CC_Certify -case TPM_CC_Certify: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_Certify -#if CC_CertifyCreation -case TPM_CC_CertifyCreation: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_CertifyCreation -#if CC_Quote -case TPM_CC_Quote: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Quote -#if CC_GetSessionAuditDigest -case TPM_CC_GetSessionAuditDigest: - *handleCount = 3; - result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_SH_HMAC_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_GetSessionAuditDigest -#if CC_GetCommandAuditDigest -case TPM_CC_GetCommandAuditDigest: - *handleCount = 2; - result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_GetCommandAuditDigest -#if CC_GetTime -case TPM_CC_GetTime: - *handleCount = 2; - result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_GetTime -#if CC_CertifyX509 -case TPM_CC_CertifyX509: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_CertifyX509 -#if CC_Commit -case TPM_CC_Commit: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Commit -#if CC_EC_Ephemeral -case TPM_CC_EC_Ephemeral: - break; -#endif // CC_EC_Ephemeral -#if CC_VerifySignature -case TPM_CC_VerifySignature: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_VerifySignature -#if CC_Sign -case TPM_CC_Sign: - *handleCount = 1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Sign -#if CC_SetCommandCodeAuditStatus -case TPM_CC_SetCommandCodeAuditStatus: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SetCommandCodeAuditStatus -#if CC_PCR_Extend -case TPM_CC_PCR_Extend: - *handleCount = 1; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_Extend -#if CC_PCR_Event -case TPM_CC_PCR_Event: - *handleCount = 1; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_Event -#if CC_PCR_Read -case TPM_CC_PCR_Read: - break; -#endif // CC_PCR_Read -#if CC_PCR_Allocate -case TPM_CC_PCR_Allocate: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_Allocate -#if CC_PCR_SetAuthPolicy -case TPM_CC_PCR_SetAuthPolicy: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_SetAuthPolicy -#if CC_PCR_SetAuthValue -case TPM_CC_PCR_SetAuthValue: - *handleCount = 1; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_SetAuthValue -#if CC_PCR_Reset -case TPM_CC_PCR_Reset: - *handleCount = 1; - result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PCR_Reset -#if CC_PolicySigned -case TPM_CC_PolicySigned: - *handleCount = 2; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_SH_POLICY_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_PolicySigned -#if CC_PolicySecret -case TPM_CC_PolicySecret: - *handleCount = 2; - result = TPMI_DH_ENTITY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_SH_POLICY_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_PolicySecret -#if CC_PolicyTicket -case TPM_CC_PolicyTicket: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyTicket -#if CC_PolicyOR -case TPM_CC_PolicyOR: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyOR -#if CC_PolicyPCR -case TPM_CC_PolicyPCR: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyPCR -#if CC_PolicyLocality -case TPM_CC_PolicyLocality: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyLocality -#if CC_PolicyNV -case TPM_CC_PolicyNV: - *handleCount = 3; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_SH_POLICY_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_PolicyNV -#if CC_PolicyCounterTimer -case TPM_CC_PolicyCounterTimer: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyCounterTimer -#if CC_PolicyCommandCode -case TPM_CC_PolicyCommandCode: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyCommandCode -#if CC_PolicyPhysicalPresence -case TPM_CC_PolicyPhysicalPresence: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyPhysicalPresence -#if CC_PolicyCpHash -case TPM_CC_PolicyCpHash: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyCpHash -#if CC_PolicyNameHash -case TPM_CC_PolicyNameHash: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyNameHash -#if CC_PolicyDuplicationSelect -case TPM_CC_PolicyDuplicationSelect: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyDuplicationSelect -#if CC_PolicyAuthorize -case TPM_CC_PolicyAuthorize: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyAuthorize -#if CC_PolicyAuthValue -case TPM_CC_PolicyAuthValue: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyAuthValue -#if CC_PolicyPassword -case TPM_CC_PolicyPassword: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyPassword -#if CC_PolicyGetDigest -case TPM_CC_PolicyGetDigest: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyGetDigest -#if CC_PolicyNvWritten -case TPM_CC_PolicyNvWritten: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyNvWritten -#if CC_PolicyTemplate -case TPM_CC_PolicyTemplate: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PolicyTemplate -#if CC_PolicyAuthorizeNV -case TPM_CC_PolicyAuthorizeNV: - *handleCount = 3; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_SH_POLICY_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_PolicyAuthorizeNV -#if CC_CreatePrimary -case TPM_CC_CreatePrimary: - *handleCount = 1; - result = TPMI_RH_HIERARCHY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_CreatePrimary -#if CC_HierarchyControl -case TPM_CC_HierarchyControl: - *handleCount = 1; - result = TPMI_RH_HIERARCHY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_HierarchyControl -#if CC_SetPrimaryPolicy -case TPM_CC_SetPrimaryPolicy: - *handleCount = 1; - result = TPMI_RH_HIERARCHY_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SetPrimaryPolicy -#if CC_ChangePPS -case TPM_CC_ChangePPS: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ChangePPS -#if CC_ChangeEPS -case TPM_CC_ChangeEPS: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ChangeEPS -#if CC_Clear -case TPM_CC_Clear: - *handleCount = 1; - result = TPMI_RH_CLEAR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Clear -#if CC_ClearControl -case TPM_CC_ClearControl: - *handleCount = 1; - result = TPMI_RH_CLEAR_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ClearControl -#if CC_HierarchyChangeAuth -case TPM_CC_HierarchyChangeAuth: - *handleCount = 1; - result = TPMI_RH_HIERARCHY_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_HierarchyChangeAuth -#if CC_DictionaryAttackLockReset -case TPM_CC_DictionaryAttackLockReset: - *handleCount = 1; - result = TPMI_RH_LOCKOUT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_DictionaryAttackLockReset -#if CC_DictionaryAttackParameters -case TPM_CC_DictionaryAttackParameters: - *handleCount = 1; - result = TPMI_RH_LOCKOUT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_DictionaryAttackParameters -#if CC_PP_Commands -case TPM_CC_PP_Commands: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_PP_Commands -#if CC_SetAlgorithmSet -case TPM_CC_SetAlgorithmSet: - *handleCount = 1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_SetAlgorithmSet -#if CC_FieldUpgradeStart -case TPM_CC_FieldUpgradeStart: - *handleCount = 2; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_FieldUpgradeStart -#if CC_FieldUpgradeData -case TPM_CC_FieldUpgradeData: - break; -#endif // CC_FieldUpgradeData -#if CC_FirmwareRead -case TPM_CC_FirmwareRead: - break; -#endif // CC_FirmwareRead -#if CC_ContextSave -case TPM_CC_ContextSave: - *handleCount = 1; - result = TPMI_DH_CONTEXT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ContextSave -#if CC_ContextLoad -case TPM_CC_ContextLoad: - break; -#endif // CC_ContextLoad -#if CC_FlushContext -case TPM_CC_FlushContext: - break; -#endif // CC_FlushContext -#if CC_EvictControl -case TPM_CC_EvictControl: - *handleCount = 2; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_EvictControl -#if CC_ReadClock -case TPM_CC_ReadClock: - break; -#endif // CC_ReadClock -#if CC_ClockSet -case TPM_CC_ClockSet: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ClockSet -#if CC_ClockRateAdjust -case TPM_CC_ClockRateAdjust: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_ClockRateAdjust -#if CC_GetCapability -case TPM_CC_GetCapability: - break; -#endif // CC_GetCapability -#if CC_TestParms -case TPM_CC_TestParms: - break; -#endif // CC_TestParms -#if CC_NV_DefineSpace -case TPM_CC_NV_DefineSpace: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_NV_DefineSpace -#if CC_NV_UndefineSpace -case TPM_CC_NV_UndefineSpace: - *handleCount = 2; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_UndefineSpace -#if CC_NV_UndefineSpaceSpecial -case TPM_CC_NV_UndefineSpaceSpecial: - *handleCount = 2; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_PLATFORM_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_UndefineSpaceSpecial -#if CC_NV_ReadPublic -case TPM_CC_NV_ReadPublic: - *handleCount = 1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_NV_ReadPublic -#if CC_NV_Write -case TPM_CC_NV_Write: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_Write -#if CC_NV_Increment -case TPM_CC_NV_Increment: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_Increment -#if CC_NV_Extend -case TPM_CC_NV_Extend: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_Extend -#if CC_NV_SetBits -case TPM_CC_NV_SetBits: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_SetBits -#if CC_NV_WriteLock -case TPM_CC_NV_WriteLock: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_WriteLock -#if CC_NV_GlobalWriteLock -case TPM_CC_NV_GlobalWriteLock: - *handleCount = 1; - result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_NV_GlobalWriteLock -#if CC_NV_Read -case TPM_CC_NV_Read: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_Read -#if CC_NV_ReadLock -case TPM_CC_NV_ReadLock: - *handleCount = 2; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - break; -#endif // CC_NV_ReadLock -#if CC_NV_ChangeAuth -case TPM_CC_NV_ChangeAuth: - *handleCount = 1; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_NV_ChangeAuth -#if CC_NV_Certify -case TPM_CC_NV_Certify: - *handleCount = 3; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, TRUE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_RH_NV_INDEX_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_NV_Certify -#if CC_AC_GetCapability -case TPM_CC_AC_GetCapability: - *handleCount = 1; - result = TPMI_RH_AC_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_AC_GetCapability -#if CC_AC_Send -case TPM_CC_AC_Send: - *handleCount = 3; - result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize, FALSE); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - result = TPMI_RH_NV_AUTH_Unmarshal(&handles[1], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; - result = TPMI_RH_AC_Unmarshal(&handles[2], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; - break; -#endif // CC_AC_Send -#if CC_Policy_AC_SendSelect -case TPM_CC_Policy_AC_SendSelect: - *handleCount = 1; - result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, - bufferRemainingSize); - if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; - break; -#endif // CC_Policy_AC_SendSelect -#if CC_Vendor_TCG_Test -case TPM_CC_Vendor_TCG_Test: - break; -#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h deleted file mode 100644 index 8bd471a3f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h +++ /dev/null @@ -1,104 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// -// Hash Test Vectors -// - -TPM2B_TYPE(HASH_TEST_KEY, 128); // Twice the largest digest size -TPM2B_HASH_TEST_KEY c_hashTestKey = {{128, { - 0xa0,0xed,0x5c,0x9a,0xd2,0x4a,0x21,0x40,0x1a,0xd0,0x81,0x47,0x39,0x63,0xf9,0x50, - 0xdc,0x59,0x47,0x11,0x40,0x13,0x99,0x92,0xc0,0x72,0xa4,0x0f,0xe2,0x33,0xe4,0x63, - 0x9b,0xb6,0x76,0xc3,0x1e,0x6f,0x13,0xee,0xcc,0x99,0x71,0xa5,0xc0,0xcf,0x9a,0x40, - 0xcf,0xdb,0x66,0x70,0x05,0x63,0x54,0x12,0x25,0xf4,0xe0,0x1b,0x23,0x35,0xe3,0x70, - 0x7d,0x19,0x5f,0x00,0xe4,0xf1,0x61,0x73,0x05,0xd8,0x58,0x7f,0x60,0x61,0x84,0x36, - 0xec,0xbe,0x96,0x1b,0x69,0x00,0xf0,0x9a,0x6e,0xe3,0x26,0x73,0x0d,0x17,0x5b,0x33, - 0x41,0x44,0x9d,0x90,0xab,0xd9,0x6b,0x7d,0x48,0x99,0x25,0x93,0x29,0x14,0x2b,0xce, - 0x93,0x8d,0x8c,0xaf,0x31,0x0e,0x9c,0x57,0xd8,0x5b,0x57,0x20,0x1b,0x9f,0x2d,0xa5 - }}}; - -TPM2B_TYPE(HASH_TEST_DATA, 256); // Twice the largest block size -TPM2B_HASH_TEST_DATA c_hashTestData = {{256, { - 0x88,0xac,0xc3,0xe5,0x5f,0x66,0x9d,0x18,0x80,0xc9,0x7a,0x9c,0xa4,0x08,0x90,0x98, - 0x0f,0x3a,0x53,0x92,0x4c,0x67,0x4e,0xb7,0x37,0xec,0x67,0x87,0xb6,0xbe,0x10,0xca, - 0x11,0x5b,0x4a,0x0b,0x45,0xc3,0x32,0x68,0x48,0x69,0xce,0x25,0x1b,0xc8,0xaf,0x44, - 0x79,0x22,0x83,0xc8,0xfb,0xe2,0x63,0x94,0xa2,0x3c,0x59,0x3e,0x3e,0xc6,0x64,0x2c, - 0x1f,0x8c,0x11,0x93,0x24,0xa3,0x17,0xc5,0x2f,0x37,0xcf,0x95,0x97,0x8e,0x63,0x39, - 0x68,0xd5,0xca,0xba,0x18,0x37,0x69,0x6e,0x4f,0x19,0xfd,0x8a,0xc0,0x8d,0x87,0x3a, - 0xbc,0x31,0x42,0x04,0x05,0xef,0xb5,0x02,0xef,0x1e,0x92,0x4b,0xb7,0x73,0x2c,0x8c, - 0xeb,0x23,0x13,0x81,0x34,0xb9,0xb5,0xc1,0x17,0x37,0x39,0xf8,0x3e,0xe4,0x4c,0x06, - 0xa8,0x81,0x52,0x2f,0xef,0xc9,0x9c,0x69,0x89,0xbc,0x85,0x9c,0x30,0x16,0x02,0xca, - 0xe3,0x61,0xd4,0x0f,0xed,0x34,0x1b,0xca,0xc1,0x1b,0xd1,0xfa,0xc1,0xa2,0xe0,0xdf, - 0x52,0x2f,0x0b,0x4b,0x9f,0x0e,0x45,0x54,0xb9,0x17,0xb6,0xaf,0xd6,0xd5,0xca,0x90, - 0x29,0x57,0x7b,0x70,0x50,0x94,0x5c,0x8e,0xf6,0x4e,0x21,0x8b,0xc6,0x8b,0xa6,0xbc, - 0xb9,0x64,0xd4,0x4d,0xf3,0x68,0xd8,0xac,0xde,0xd8,0xd8,0xb5,0x6d,0xcd,0x93,0xeb, - 0x28,0xa4,0xe2,0x5c,0x44,0xef,0xf0,0xe1,0x6f,0x38,0x1a,0x3c,0xe6,0xef,0xa2,0x9d, - 0xb9,0xa8,0x05,0x2a,0x95,0xec,0x5f,0xdb,0xb0,0x25,0x67,0x9c,0x86,0x7a,0x8e,0xea, - 0x51,0xcc,0xc3,0xd3,0xff,0x6e,0xf0,0xed,0xa3,0xae,0xf9,0x5d,0x33,0x70,0xf2,0x11 - }}}; - -#if ALG_SHA1 == YES -TPM2B_TYPE(SHA1, 20); -TPM2B_SHA1 c_SHA1_digest = {{20, { - 0xee,0x2c,0xef,0x93,0x76,0xbd,0xf8,0x91,0xbc,0xe6,0xe5,0x57,0x53,0x77,0x01,0xb5, - 0x70,0x95,0xe5,0x40 - }}}; -#endif - -#if ALG_SHA256 == YES -TPM2B_TYPE(SHA256, 32); -TPM2B_SHA256 c_SHA256_digest = {{32, { - 0x64,0xe8,0xe0,0xc3,0xa9,0xa4,0x51,0x49,0x10,0x55,0x8d,0x31,0x71,0xe5,0x2f,0x69, - 0x3a,0xdc,0xc7,0x11,0x32,0x44,0x61,0xbd,0x34,0x39,0x57,0xb0,0xa8,0x75,0x86,0x1b - }}}; -#endif - -#if ALG_SHA384 == YES -TPM2B_TYPE(SHA384, 48); -TPM2B_SHA384 c_SHA384_digest = {{48, { - 0x37,0x75,0x29,0xb5,0x20,0x15,0x6e,0xa3,0x7e,0xa3,0x0d,0xcd,0x80,0xa8,0xa3,0x3d, - 0xeb,0xe8,0xad,0x4e,0x1c,0x77,0x94,0x5a,0xaf,0x6c,0xd0,0xc1,0xfa,0x43,0x3f,0xc7, - 0xb8,0xf1,0x01,0xc0,0x60,0xbf,0xf2,0x87,0xe8,0x71,0x9e,0x51,0x97,0xa0,0x09,0x8d - }}}; -#endif - -#if ALG_SHA512 == YES -TPM2B_TYPE(SHA512, 64); -TPM2B_SHA512 c_SHA512_digest = {{64, { - 0xe2,0x7b,0x10,0x3d,0x5e,0x48,0x58,0x44,0x67,0xac,0xa3,0x81,0x8c,0x1d,0xc5,0x71, - 0x66,0x92,0x8a,0x89,0xaa,0xd4,0x35,0x51,0x60,0x37,0x31,0xd7,0xba,0xe7,0x93,0x0b, - 0x16,0x4d,0xb3,0xc8,0x34,0x98,0x3c,0xd3,0x53,0xde,0x5e,0xe8,0x0c,0xbc,0xaf,0xc9, - 0x24,0x2c,0xcc,0xed,0xdb,0xde,0xba,0x1f,0x14,0x14,0x5a,0x95,0x80,0xde,0x66,0xbd - }}}; -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h deleted file mode 100644 index 11bab88c0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h +++ /dev/null @@ -1,127 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef INTERNAL_ROUTINES_H -#define INTERNAL_ROUTINES_H - -#if !defined _LIB_SUPPORT_H_ && !defined _TPM_H_ -#error "Should not be called" -#endif - -// DRTM functions -#include "_TPM_Hash_Start_fp.h" -#include "_TPM_Hash_Data_fp.h" -#include "_TPM_Hash_End_fp.h" - -// Internal subsystem functions -#include "Object_fp.h" -#include "Context_spt_fp.h" -#include "Object_spt_fp.h" -#include "Entity_fp.h" -#include "Session_fp.h" -#include "Hierarchy_fp.h" -#include "NvReserved_fp.h" -#include "NvDynamic_fp.h" -#include "NV_spt_fp.h" -#include "PCR_fp.h" -#include "DA_fp.h" -#include "TpmFail_fp.h" -#include "SessionProcess_fp.h" - -// Internal support functions -#include "CommandCodeAttributes_fp.h" -#include "Marshal_fp.h" -#include "Time_fp.h" -#include "Locality_fp.h" -#include "PP_fp.h" -#include "CommandAudit_fp.h" -#include "Manufacture_fp.h" -#include "Handle_fp.h" -#include "Power_fp.h" -#include "Response_fp.h" -#include "CommandDispatcher_fp.h" - -#ifdef CC_AC_Send -# include "AC_spt_fp.h" -#endif // CC_AC_Send - -// Miscellaneous -#include "Bits_fp.h" -#include "AlgorithmCap_fp.h" -#include "PropertyCap_fp.h" -#include "IoBuffers_fp.h" -#include "Memory_fp.h" -#include "ResponseCodeProcessing_fp.h" - -// Internal cryptographic functions -#include "BnConvert_fp.h" -#include "BnMath_fp.h" -#include "BnMemory_fp.h" -#include "Ticket_fp.h" -#include "CryptUtil_fp.h" -#include "CryptHash_fp.h" -#include "CryptSym_fp.h" -#include "CryptDes_fp.h" -#include "CryptPrime_fp.h" -#include "CryptRand_fp.h" -#include "CryptSelfTest_fp.h" -#include "MathOnByteBuffers_fp.h" -#include "CryptSym_fp.h" -#include "AlgorithmTests_fp.h" - -#if ALG_RSA -#include "CryptRsa_fp.h" -#include "CryptPrimeSieve_fp.h" -#endif - -#if ALG_ECC -#include "CryptEccMain_fp.h" -#include "CryptEccSignature_fp.h" -#include "CryptEccKeyExchange_fp.h" -#endif - -#if CC_MAC || CC_MAC_Start -# include "CryptSmac_fp.h" -# if ALG_CMAC -# include "CryptCmac_fp.h" -# endif -#endif - -// Support library -#include "SupportLibraryFunctionPrototypes_fp.h" - -// Linkage to platform functions -#include "Platform_fp.h" - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h deleted file mode 100644 index bf27cfc84..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h +++ /dev/null @@ -1,83 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -// -// Hash Test Vectors -// - -#define TEST_KDF_KEY_SIZE 20 - -TPM2B_TYPE(KDF_TEST_KEY, TEST_KDF_KEY_SIZE); -TPM2B_KDF_TEST_KEY c_kdfTestKeyIn = {{TEST_KDF_KEY_SIZE, { - 0x27, 0x1F, 0xA0, 0x8B, 0xBD, 0xC5, 0x06, 0x0E, 0xC3, 0xDF, - 0xA9, 0x28, 0xFF, 0x9B, 0x73, 0x12, 0x3A, 0x12, 0xDA, 0x0C }}}; - -TPM2B_TYPE(KDF_TEST_LABEL, 17); -TPM2B_KDF_TEST_LABEL c_kdfTestLabel = {{17, { - 0x4B, 0x44, 0x46, 0x53, 0x45, 0x4C, 0x46, 0x54, - 0x45, 0x53, 0x54, 0x4C, 0x41, 0x42, 0x45, 0x4C, 0x00 }}}; - -TPM2B_TYPE(KDF_TEST_CONTEXT, 8); -TPM2B_KDF_TEST_CONTEXT c_kdfTestContextU = {{8, { - 0xCE, 0x24, 0x4F, 0x39, 0x5D, 0xCA, 0x73, 0x91 }}}; - -TPM2B_KDF_TEST_CONTEXT c_kdfTestContextV = {{8, { - 0xDA, 0x50, 0x40, 0x31, 0xDD, 0xF1, 0x2E, 0x83 }}}; - - -#if ALG_SHA512 == ALG_YES - TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x8b, 0xe2, 0xc1, 0xb8, 0x5b, 0x78, 0x56, 0x9b, 0x9f, 0xa7, - 0x59, 0xf5, 0x85, 0x7c, 0x56, 0xd6, 0x84, 0x81, 0x0f, 0xd3 }}}; - #define KDF_TEST_ALG TPM_ALG_SHA512 - -#elif ALG_SHA384 == ALG_YES - TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x1d, 0xce, 0x70, 0xc9, 0x11, 0x3e, 0xb2, 0xdb, 0xa4, 0x7b, - 0xd9, 0xcf, 0xc7, 0x2b, 0xf4, 0x6f, 0x45, 0xb0, 0x93, 0x12 }}}; - #define KDF_TEST_ALG TPM_ALG_SHA384 - -#elif ALG_SHA256 == ALG_YES - TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0xbb, 0x02, 0x59, 0xe1, 0xc8, 0xba, 0x60, 0x7e, 0x6a, 0x2c, - 0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4 }}}; - #define KDF_TEST_ALG TPM_ALG_SHA256 - -#elif ALG_SHA1 == ALG_YES - TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x55, 0xb5, 0xa7, 0x18, 0x4a, 0xa0, 0x74, 0x23, 0xc4, 0x7d, - 0xae, 0x76, 0x6c, 0x26, 0xa2, 0x37, 0x7d, 0x7c, 0xf8, 0x51 }}}; - #define KDF_TEST_ALG TPM_ALG_SHA1 -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h deleted file mode 100644 index 2506be1dd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This header file is used to select the library code that gets included in the -// TPM build. - -#ifndef _LIB_SUPPORT_H_ -#define _LIB_SUPPORT_H_ - -//********************* -#ifndef RADIX_BITS -# if defined(__x86_64__) || defined(__x86_64) \ - || defined(__amd64__) || defined(__amd64) || defined(_WIN64) || defined(_M_X64) \ - || defined(_M_ARM64) || defined(__aarch64__) \ - || (defined(__riscv) && __riscv_xlen == 64) -# define RADIX_BITS 64 -# elif defined(__i386__) || defined(__i386) || defined(i386) \ - || defined(_WIN32) || defined(_M_IX86) \ - || defined(_M_ARM) || defined(__arm__) || defined(__thumb__) \ - || (defined(__riscv) && __riscv_xlen == 32) -# define RADIX_BITS 32 -# else -# error Unable to determine RADIX_BITS from compiler environment -# endif -#endif // RADIX_BITS - -// These macros use the selected libraries to the proper include files. -#define LIB_QUOTE(_STRING_) #_STRING_ -#define LIB_INCLUDE2(_LIB_, _TYPE_) LIB_QUOTE(_LIB_/TpmTo##_LIB_##_TYPE_.h) -#define LIB_INCLUDE(_LIB_, _TYPE_) LIB_INCLUDE2(_LIB_, _TYPE_) - -// Include the options for hashing and symmetric. Defer the load of the math package -// Until the bignum parameters are defined. -#include LIB_INCLUDE(SYM_LIB, Sym) -#include LIB_INCLUDE(HASH_LIB, Hash) - -#undef MIN -#undef MAX - -#endif // _LIB_SUPPORT_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h deleted file mode 100644 index 0e31d344d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h +++ /dev/null @@ -1,84 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This header file contains some defines that are necessary to get LTC to compile -// correctly -// -#ifndef _LTC_SETTINGS_H_ -#define _LTC_SETTINGS_H_ - -#if (defined HASH_LIB_LTC) || (defined SYM_LIB_LTC) || (defined MATH_LIB_LTC) - -#if ALG_AES -# define LTC_RIJNDAEL -#endif -#if ALG_TDES -# define LTC_DES -#endif - -#define _Bool int - -// LibTomCrypt types -typedef unsigned long long ulong64; - -/* default no functions m for LTC */ -#define LTC_MUTEX_GLOBAL(x) -#define LTC_MUTEX_PROTO(x) -#define LTC_MUTEX_TYPE(x) -#define LTC_MUTEX_INIT(x) -#define LTC_MUTEX_LOCK(x) -#define LTC_MUTEX_UNLOCK(x) - -#ifndef XMEM_NEQ -#define XMEM_NEQ -#endif - -#define LTC_SHA512 -#define LTC_SHA384 -#define LTC_SHA256 -#define LTC_SHA1 - -// Define these function calls as needed -#define CryptLibStartup() LtcLibStartup() - -_REDUCE_WARNING_LEVEL_(0) -#include "tomcrypt.h" -_NORMAL_WARNING_LEVEL_ - -#endif - -#endif // diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h deleted file mode 100644 index 6f429852c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h +++ /dev/null @@ -1,172 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// This header defines the interface between the hashing code and the LIbTomCrypt -// hash functions. - -#ifndef HASH_LIB_DEFINED -#define HASH_LIB_DEFINED - -#define HASH_LIB_LTC - -// Avoid pulling in the MPA math if not doing asymmetric with LTC -#if !(defined MATH_LIB_LTC) -# define LTC_NO_ASYMMETRIC -#endif - -#include "LtcSettings.h" - -//*************************************************************** -//******** Linking to the TomCrypt HASH code ******************** -//*************************************************************** -// These defines need to be known in all parts of the TPM so that the structure -// sizes can be properly computed when needed. -#define tpmHashStateSHA1_t struct sha1_state -#define tpmHashStateSHA256_t struct sha256_state -#define tpmHashStateSHA512_t struct sha512_state -#define tpmHashStateSHA384_t struct sha512_state - -// The following defines are only needed by CryptHash.c -#ifdef _CRYPT_HASH_C_ - -// Define the interface between CryptHash.c to the functions provided by the -// library. For each method, define the calling parameters of the method and then -// define how the method is invoked in CryptHash.c. -// -// All hashes are required to have the same calling sequence. If they don't, create -// a simple adaptation function that converts from the "standard" form of the call -// to the form used by the specific hash (and then send a nasty letter to the -// person who wrote the hash function for the library). -// -// The macro that calls the method also defines how the -// parameters get swizzled between the default form (in CryptHash.c)and the -// library form. -// -// Initialize the hash context -#define HASH_START_METHOD_DEF \ - void (HASH_START_METHOD)(PANY_HASH_STATE state) -#define HASH_START(hashState) \ - ((hashState)->def->method.start)(&(hashState)->state) - -// Add data to the hash -#define HASH_DATA_METHOD_DEF \ - void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ - const BYTE *buffer, \ - size_t size) -#define HASH_DATA(hashState, dInSize, dIn) \ - ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) - -// Finalize the hash and get the digest -#define HASH_END_METHOD_DEF \ - void (HASH_END_METHOD)(PANY_HASH_STATE \ - state, \ - BYTE *buffer) -#define HASH_END(hashState, buffer) \ - ((hashState)->def->method.end)(&(hashState)->state, buffer) - -// Copy the hash context -// Note: For import, export, and copy, memcpy() is used since there is no -// reformatting necessary between the internal and external forms -#define HASH_STATE_COPY_METHOD_DEF \ - void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ - ((hashStateIn)->def->method.copy) \ - (&(hashStateOut)->state, \ - &(hashStateIn)->state, \ - (hashStateIn)->def->contextSize) - -// Copy (with reformatting when necessary) an internal hash structure to an -// external blob -#define HASH_STATE_EXPORT_METHOD_DEF \ - void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ - PANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_EXPORT(to, hashStateFrom) \ - ((hashStateFrom)->def->method.copyOut) \ - (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ - &(hashStateFrom)->state, \ - (hashStateFrom)->def->contextSize) - -// Copy from an external blob to an internal formate (with reformatting when -// necessary -#define HASH_STATE_IMPORT_METHOD_DEF \ - void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ - const BYTE *from, \ - size_t size) -#define HASH_STATE_IMPORT(hashStateTo, from) \ - ((hashStateTo)->def->method.copyIn) \ - (&(hashStateTo)->state, \ - &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ - (hashStateTo)->def->contextSize) - -// Internal External -// Designation Designation -#define tpmHashStart_SHA1 sha1_init -#define tpmHashData_SHA1 sha1_process -#define tpmHashEnd_SHA1 sha1_done -#define tpmHashStateCopy_SHA1 memcpy -#define tpmHashStateExport_SHA1 memcpy -#define tpmHashStateImport_SHA1 memcpy -#define tpmHashStart_SHA256 sha256_init -#define tpmHashData_SHA256 sha256_process -#define tpmHashEnd_SHA256 sha256_done -#define tpmHashStateCopy_SHA256 memcpy -#define tpmHashStateExport_SHA256 memcpy -#define tpmHashStateImport_SHA256 memcpy -#define tpmHashStart_SHA384 sha384_init -#define tpmHashData_SHA384 sha384_process -#define tpmHashEnd_SHA384 sha384_done -#define tpmHashStateCopy_SHA384 memcpy -#define tpmHashStateExport_SHA384 memcpy -#define tpmHashStateImport_SHA384 memcpy -#define tpmHashStart_SHA512 sha512_init -#define tpmHashData_SHA512 sha512_process -#define tpmHashEnd_SHA512 sha512_done -#define tpmHashStateCopy_SHA512 memcpy -#define tpmHashStateExport_SHA512 memcpy -#define tpmHashStateImport_SHA512 memcpy - -#endif // _CRYPT_HASH_C_ - -// No special processing to initialize the LTC hash library -#define LibHashInit() - -// No special processing at the end of the simulation (i.e., no statistics to print) -#define HashLibSimulationEnd() - -#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h deleted file mode 100644 index 93ede548d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h +++ /dev/null @@ -1,89 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// This file contains the structure definitions used for linking from the TPM -// code to the MPA and LTC math libraries. - -#ifndef MATH_LIB_DEFINED -#define MATH_LIB_DEFINED - -#define MATH_LIB_LTC - -_REDUCE_WARNING_LEVEL_(2) -#include "LtcSettings.h" -#include "mpalib.h" -#include "mpa.h" -#include "tomcrypt_mpa.h" -_NORMAL_WARNING_LEVEL_ - - -#if RADIX_BITS != 32 -#error "The mpa library used with LibTomCrypt only works for 32-bit words" -#endif - -// These macros handle entering and leaving a scope -// from which an MPA or LibTomCrypt function may be called. -// Many of these functions require a scratch pool from which -// they will allocate scratch variables (rather than using their -// own stack). -extern mpa_scratch_mem external_mem_pool; - -#define MPA_ENTER(vars, bits) \ - mpa_word_t POOL_ [ \ - mpa_scratch_mem_size_in_U32(vars, bits)]; \ - mpa_scratch_mem pool_save = external_mem_pool; \ - mpa_scratch_mem POOL = LtcPoolInit(POOL_, vars, bits) - -#define MPA_LEAVE() init_mpa_tomcrypt(pool_save) - -typedef ECC_CURVE_DATA bnCurve_t; - -typedef bnCurve_t *bigCurve; - -#define AccessCurveData(E) (E) - -// Include the support functions for the routines that are used by LTC thunk. -#include "TpmToLtcSupport_fp.h" - -#define CURVE_INITIALIZED(name, initializer) \ - bnCurve_t *name = (ECC_CURVE_DATA *)GetCurveData(initializer) - -#define CURVE_FREE(E) - -// This definition would change if there were something to report -#define MathLibSimulationEnd() - -#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h deleted file mode 100644 index 68de231a8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h +++ /dev/null @@ -1,110 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This header file is used to "splice" the TPM to the LTC symmetric cipher code. - -#ifndef SYM_LIB_DEFINED -#define SYM_LIB_DEFINED - -#define SYM_LIB_LTC - -// Avoid pulling in the MPA math if not doing asymmetric with LTC -#if !(defined MATH_LIB_LTC) -# define LTC_NO_ASYMMETRIC -#endif - -#include "LtcSettings.h" - -//*************************************************************** -//******** Linking to the TomCrypt AES code ********************* -//*************************************************************** - -#if ALG_SM4 -#error "SM4 is not available" -#endif - -#if ALG_CAMELLIA -#error "Camellia is not available" -#endif - -// Define the order of parameters to the functions that do block encryption and -// decryption. -typedef void(*TpmCryptSetSymKeyCall_t)( - const void *in, - void *out, - void *keySchedule - ); - -// Macro to put the parameters in the order required by the library -#define SWIZZLE(keySchedule, in, out) \ - (const void *)(in), (void *)(out), (void *)(keySchedule) - -// Macros to set up the encryption/decryption key schedules -// -// AES: -# define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ - aes_setup((key), BITS_TO_BYTES(keySizeInBits), 0, (symmetric_key *)(schedule)) -# define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ - aes_setup((key), BITS_TO_BYTES(keySizeInBits), 0, (symmetric_key *)(schedule)) - -// TDES: -# define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_setup((key), (keySizeInBits), (symmetric_key *)(schedule)) -# define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_setup((key), (keySizeInBits), (symmetric_key *)(schedule)) - - -// Macros to alias encrypt and decrypt function calls to library-specific values -// sparingly. These should be used sparingly. Currently, they are only used by -// CryptRand.c in the AES version of the DRBG. -#define TpmCryptEncryptAES aes_ecb_encrypt -#define TpmCryptDecryptAES aes_ecb_decrypt -#define tpmKeyScheduleAES struct rijndael_key -// -#define TpmCryptEncryptTDES des3_ecb_encrypt -#define TpmCryptDecryptTDES des3_ecb_decrypt -#define tpmKeyScheduleTDES struct des3_key - -typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; - -#include "TpmToLtcDesSupport_fp.h" - -// This is used to trigger printing of simulation statistics - -#define SymLibSimulationEnd() - -#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h deleted file mode 100644 index 720065055..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h +++ /dev/null @@ -1,46 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _MIN_MAX_H_ -#define _MIN_MAX_H_ - -#ifndef MAX -#define MAX(a, b) ((a) > (b) ? (a) : (b)) -#endif -#ifndef MIN -#define MIN(a, b) ((a) < (b) ? (a) : (b)) -#endif - -#endif // _MIN_MAX_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h deleted file mode 100644 index 88564f73c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h +++ /dev/null @@ -1,165 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Index Type Definitions - -// These definitions allow the same code to be used pre and post 1.21. The main -// action is to redefine the index type values from the bit values. -// Use TPM_NT_ORDINARY to indicate if the TPM_NT type is defined - -#ifndef _NV_H_ -#define _NV_H_ - - -#ifdef TPM_NT_ORDINARY -// If TPM_NT_ORDINARY is defined, then the TPM_NT field is present in a TPMA_NV -# define GET_TPM_NT(attributes) GET_ATTRIBUTE(attributes, TPMA_NV, TPM_NT) -#else -// If TPM_NT_ORDINARY is not defined, then need to synthesize it from the -// attributes -# define GetNv_TPM_NV(attributes) \ - ( IS_ATTRIBUTE(attributes, TPMA_NV, COUNTER) \ - + (IS_ATTRIBUTE(attributes, TPMA_NV, BITS) << 1) \ - + (IS_ATTRIBUTE(attributes, TPMA_NV, EXTEND) << 2) \ - ) -# define TPM_NT_ORDINARY (0) -# define TPM_NT_COUNTER (1) -# define TPM_NT_BITS (2) -# define TPM_NT_EXTEND (4) -#endif - - -//** Attribute Macros -// These macros are used to isolate the differences in the way that the index type -// changed in version 1.21 of the specification -# define IsNvOrdinaryIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_ORDINARY) - -# define IsNvCounterIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_COUNTER) - -# define IsNvBitsIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_BITS) - -# define IsNvExtendIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_EXTEND) - -#ifdef TPM_NT_PIN_PASS -# define IsNvPinPassIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_PIN_PASS) -#endif - -#ifdef TPM_NT_PIN_FAIL -# define IsNvPinFailIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_PIN_FAIL) -#endif - -typedef struct { - UINT32 size; - TPM_HANDLE handle; -} NV_ENTRY_HEADER; - -#define NV_EVICT_OBJECT_SIZE \ - (sizeof(UINT32) + sizeof(TPM_HANDLE) + sizeof(OBJECT)) - -#define NV_INDEX_COUNTER_SIZE \ - (sizeof(UINT32) + sizeof(NV_INDEX) + sizeof(UINT64)) - -#define NV_RAM_INDEX_COUNTER_SIZE \ - (sizeof(NV_RAM_HEADER) + sizeof(UINT64)) - -typedef struct { - UINT32 size; - TPM_HANDLE handle; - TPMA_NV attributes; -} NV_RAM_HEADER; - -// Defines the end-of-list marker for NV. The list terminator is -// a UINT32 of zero, followed by the current value of s_maxCounter which is a -// 64-bit value. The structure is defined as an array of 3 UINT32 values so that -// there is no padding between the UINT32 list end marker and the UINT64 maxCounter -// value. -typedef UINT32 NV_LIST_TERMINATOR[3]; - -//** Orderly RAM Values -// The following defines are for accessing orderly RAM values. - -// This is the initialize for the RAM reference iterator. -#define NV_RAM_REF_INIT 0 -// This is the starting address of the RAM space used for orderly data -#define RAM_ORDERLY_START \ - (&s_indexOrderlyRam[0]) -// This is the offset within NV that is used to save the orderly data on an -// orderly shutdown. -#define NV_ORDERLY_START \ - (NV_INDEX_RAM_DATA) -// This is the end of the orderly RAM space. It is actually the first byte after the -// last byte of orderly RAM data -#define RAM_ORDERLY_END \ - (RAM_ORDERLY_START + sizeof(s_indexOrderlyRam)) -// This is the end of the orderly space in NV memory. As with RAM_ORDERLY_END, it is -// actually the offset of the first byte after the end of the NV orderly data. -#define NV_ORDERLY_END \ - (NV_ORDERLY_START + sizeof(s_indexOrderlyRam)) - -// Macro to check that an orderly RAM address is with range. -#define ORDERLY_RAM_ADDRESS_OK(start, offset) \ - ((start >= RAM_ORDERLY_START) && ((start + offset - 1) < RAM_ORDERLY_END)) - - -#define RETURN_IF_NV_IS_NOT_AVAILABLE \ -{ \ - if(g_NvStatus != TPM_RC_SUCCESS) \ - return g_NvStatus; \ -} - -// Routinely have to clear the orderly flag and fail if the -// NV is not available so that it can be cleared. -#define RETURN_IF_ORDERLY \ -{ \ - if(NvClearOrderly() != TPM_RC_SUCCESS) \ - return g_NvStatus; \ -} - -#define NV_IS_AVAILABLE (g_NvStatus == TPM_RC_SUCCESS) - -#define IS_ORDERLY(value) (value < SU_DA_USED_VALUE) - -#define NV_IS_ORDERLY (IS_ORDERLY(gp.orderlyState)) - -// Macro to set the NV UPDATE_TYPE. This deals with the fact that the update is -// possibly a combination of UT_NV and UT_ORDERLY. -#define SET_NV_UPDATE(type) g_updateNV |= (type) - -#endif // _NV_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h deleted file mode 100644 index 312ae69ff..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h +++ /dev/null @@ -1,275 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _OIDS_H_ -#define _OIDS_H_ - -// All the OIDs in this file are defined as DER-encoded values with a leading tag -// 0x06 (ASN1_OBJECT_IDENTIFIER), followed by a single length byte. This allows the -// OID size to be determined by looking at octet[1] of the OID (total size is -// OID[1] + 2). - -#define MAKE_OID(NAME) \ - EXTERN const BYTE OID##NAME[] INITIALIZER({OID##NAME##_VALUE}) - - -// These macros allow OIDs to be defined (or not) depending on whether the associated -// hash algorithm is implemented. -// NOTE: When one of these macros is used, the NAME needs '_" on each side. The -// exception is when the macro is used for the hash OID when only a single '_' is -// used. -#if ALG_SHA1 -#define SHA1_OID(NAME) MAKE_OID(NAME##SHA1) -#else -#define SHA1_OID(NAME) -#endif -#if ALG_SHA256 -#define SHA256_OID(NAME) MAKE_OID(NAME##SHA256) -#else -#define SHA256_OID(NAME) -#endif -#if ALG_SHA384 -#define SHA384_OID(NAME) MAKE_OID(NAME##SHA384) -#else -#define SHA#84_OID(NAME) -#endif -#if ALG_SHA512 -#define SHA512_OID(NAME) MAKE_OID(NAME##SHA512) -#else -#define SHA512_OID(NAME) -#endif -#if ALG_SM3_256 -#define SM3_256_OID(NAME) MAKE_OID(NAME##SM2_256) -#else -#define SM3_256_OID(NAME) -#endif -#if ALG_SHA3_256 -#define SHA3_256_OID(NAME) MAKE_OID(NAME##SHA3_256) -#else -#define SHA3_256_OID(NAME) -#endif -#if ALG_SHA3_384 -#define SHA3_384_OID(NAME) MAKE_OID(NAME##SHA3_384) -#else -#define SHA3_384_OID(NAME) -#endif -#if ALG_SHA3_512 -#define SSHA3_512_OID(NAME) MAKE_OID(NAME##SHA3_512) -#else -#define SHA3_512_OID(NAME) -#endif - -// These are encoded to take one additional byte of algorithm selector -#define NIST_HASH 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 2 -#define NIST_SIG 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 3 - -// These hash OIDs used in a lot of places. -#define OID_SHA1_VALUE 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A -SHA1_OID(_); // Expands to - // MAKE_OID(_SHA1) - // which expands to: - // extern BYTE OID_SHA1[] - // or - // const BYTE OID_SHA1[] = {OID_SHA1_VALUE} - // which is: - // const BYTE OID_SHA1[] = {0x06, 0x05, 0x2B, 0x0E, - // 0x03, 0x02, 0x1A} - - -#define OID_SHA256_VALUE NIST_HASH, 1 -SHA256_OID(_); - -#define OID_SHA384_VALUE NIST_HASH, 2 -SHA384_OID(_); - -#define OID_SHA512_VALUE NIST_HASH, 3 -SHA512_OID(_); - -#define OID_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ - 0x83, 0x11 -SM3_256_OID(_); // (1.2.156.10197.1.401) - -#define OID_SHA3_256_VALUE NIST_HASH, 8 -SHA3_256_OID(_); - -#define OID_SHA3_384_VALUE NIST_HASH, 9 -SHA3_384_OID(_); - -#define OID_SHA3_512_VALUE NIST_HASH, 10 -SHA3_512_OID(_); - - -// These are used for RSA-PSS -#if ALG_RSA - -#define OID_MGF1_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x08 -MAKE_OID(_MGF1); - -#define OID_RSAPSS_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x0A -MAKE_OID(_RSAPSS); - -// This is the OID to designate the public part of an RSA key. -#define OID_PKCS1_PUB_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x01 -MAKE_OID(_PKCS1_PUB); - -// These are used for RSA PKCS1 signature Algorithms -#define OID_PKCS1_SHA1_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x05 -SHA1_OID(_PKCS1_); // (1.2.840.113549.1.1.5) - -#define OID_PKCS1_SHA256_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0B -SHA256_OID(_PKCS1_); // (1.2.840.113549.1.1.11) - -#define OID_PKCS1_SHA384_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0C -SHA384_OID(_PKCS1_); // (1.2.840.113549.1.1.12) - -#define OID_PKCS1_SHA512_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0D -SHA512_OID(_PKCS1_); //(1.2.840.113549.1.1.13) - -#define OID_PKCS1_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, \ - 0x01, 0x83, 0x78 -SM3_256_OID(_PKCS1_); // 1.2.156.10197.1.504 - -#define OID_PKCS1_SHA3_256_VALUE NIST_SIG, 14 -SHA3_256_OID(_PKCS1_); -#define OID_PKCS1_SHA3_384_VALUE NIST_SIG, 15 -SHA3_256_OID(_PKCS1_); -#define OID_PKCS1_SHA3_512_VALUE NIST_SIG, 16 -SHA3_512_OID(_PKCS1_); - - -#endif // ALG_RSA - -#if ALG_ECDSA - -#define OID_ECDSA_SHA1_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x01 -SHA1_OID(_ECDSA_); // (1.2.840.10045.4.1) SHA1 digest signed by an ECDSA key. - -#define OID_ECDSA_SHA256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x02 -SHA256_OID(_ECDSA_); // (1.2.840.10045.4.3.2) SHA256 digest signed by an ECDSA key. - -#define OID_ECDSA_SHA384_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x03 -SHA384_OID(_ECDSA_); // (1.2.840.10045.4.3.3) SHA384 digest signed by an ECDSA key. - -#define OID_ECDSA_SHA512_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x04 -SHA512_OID(_ECDSA_); // (1.2.840.10045.4.3.4) SHA512 digest signed by an ECDSA key. - -#define OID_ECDSA_SM3_256_VALUE 0x00 -SM3_256_OID(_ECDSA_); - -#define OID_ECDSA_SHA3_256_VALUE NIST_SIG, 10 -SHA3_256_OID(_ECDSA_); -#define OID_ECDSA_SHA3_384_VALUE NIST_SIG, 11 -SHA3_384_OID(_ECDSA_); -#define OID_ECDSA_SHA3_512_VALUE NIST_SIG, 12 -SHA3_512_OID(_ECDSA_); - - - -#endif // ALG_ECDSA - -#if ALG_ECC - -#define OID_ECC_PUBLIC_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ - 0x01 -MAKE_OID(_ECC_PUBLIC); - - -#define OID_ECC_NIST_P192_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ - 0x01, 0x01 -#if ECC_NIST_P192 -MAKE_OID(_ECC_NIST_P192); // (1.2.840.10045.3.1.1) 'nistP192' -#endif // ECC_NIST_P192 - -#define OID_ECC_NIST_P224_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 -#if ECC_NIST_P224 -MAKE_OID(_ECC_NIST_P224); // (1.3.132.0.33) 'nistP224' -#endif // ECC_NIST_P224 - -#define OID_ECC_NIST_P256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ - 0x01, 0x07 -#if ECC_NIST_P256 -MAKE_OID(_ECC_NIST_P256); // (1.2.840.10045.3.1.7) 'nistP256' -#endif // ECC_NIST_P256 - -#define OID_ECC_NIST_P384_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 -#if ECC_NIST_P384 -MAKE_OID(_ECC_NIST_P384); // (1.3.132.0.34) 'nistP384' -#endif // ECC_NIST_P384 - -#define OID_ECC_NIST_P521_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 -#if ECC_NIST_P521 -MAKE_OID(_ECC_NIST_P521); // (1.3.132.0.35) 'nistP521' -#endif // ECC_NIST_P521 - -// No OIDs defined for these anonymous curves -#define OID_ECC_BN_P256_VALUE 0x00 -#if ECC_BN_P256 -MAKE_OID(_ECC_BN_P256); -#endif // ECC_BN_P256 - -#define OID_ECC_BN_P638_VALUE 0x00 -#if ECC_BN_P638 -MAKE_OID(_ECC_BN_P638); -#endif // ECC_BN_P638 - -#define OID_ECC_SM2_P256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ - 0x82, 0x2D -#if ECC_SM2_P256 -MAKE_OID(_ECC_SM2_P256); // Don't know where I found this OID. It needs checking -#endif // ECC_SM2_P256 - -#if ECC_BN_P256 -#define OID_ECC_BN_P256 NULL -#endif // ECC_BN_P256 - -#endif // ALG_ECC - -#undef MAKE_OID - - -#define OID_SIZE(OID) (OID[1] + 2) - -#endif // !_OIDS_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h deleted file mode 100644 index 56f414464..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h +++ /dev/null @@ -1,180 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This header file is used to 'splice' the OpenSSL hash code into the TPM code. -// -#ifndef HASH_LIB_DEFINED -#define HASH_LIB_DEFINED - -#define HASH_LIB_OSSL - -#include -#include -#include - - -//*************************************************************** -//** Links to the OpenSSL HASH code -//*************************************************************** - -// Redefine the internal name used for each of the hash state structures to the -// name used by the library. -// These defines need to be known in all parts of the TPM so that the structure -// sizes can be properly computed when needed. - -#define tpmHashStateSHA1_t SHA_CTX -#define tpmHashStateSHA256_t SHA256_CTX -#define tpmHashStateSHA384_t SHA512_CTX -#define tpmHashStateSHA512_t SHA512_CTX - -#if ALG_SM3_256 -# error "The version of OpenSSL used by this code does not support SM3" -#endif - -// The defines below are only needed when compiling CryptHash.c or CryptSmac.c. -// This isolation is primarily to avoid name space collision. However, if there -// is a real collision, it will likely show up when the linker tries to put things -// together. - -#ifdef _CRYPT_HASH_C_ - -typedef BYTE *PBYTE; -typedef const BYTE *PCBYTE; - -// Define the interface between CryptHash.c to the functions provided by the -// library. For each method, define the calling parameters of the method and then -// define how the method is invoked in CryptHash.c. -// -// All hashes are required to have the same calling sequence. If they don't, create -// a simple adaptation function that converts from the "standard" form of the call -// to the form used by the specific hash (and then send a nasty letter to the -// person who wrote the hash function for the library). -// -// The macro that calls the method also defines how the -// parameters get swizzled between the default form (in CryptHash.c)and the -// library form. -// -// Initialize the hash context -#define HASH_START_METHOD_DEF void (HASH_START_METHOD)(PANY_HASH_STATE state) -#define HASH_START(hashState) \ - ((hashState)->def->method.start)(&(hashState)->state); - -// Add data to the hash -#define HASH_DATA_METHOD_DEF \ - void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ - PCBYTE buffer, \ - size_t size) -#define HASH_DATA(hashState, dInSize, dIn) \ - ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) - -// Finalize the hash and get the digest -#define HASH_END_METHOD_DEF \ - void (HASH_END_METHOD)(BYTE *buffer, PANY_HASH_STATE state) -#define HASH_END(hashState, buffer) \ - ((hashState)->def->method.end)(buffer, &(hashState)->state) - -// Copy the hash context -// Note: For import, export, and copy, memcpy() is used since there is no -// reformatting necessary between the internal and external forms. -#define HASH_STATE_COPY_METHOD_DEF \ - void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ - ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ - &(hashStateIn)->state, \ - (hashStateIn)->def->contextSize) - -// Copy (with reformatting when necessary) an internal hash structure to an -// external blob -#define HASH_STATE_EXPORT_METHOD_DEF \ - void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_EXPORT(to, hashStateFrom) \ - ((hashStateFrom)->def->method.copyOut) \ - (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ - &(hashStateFrom)->state, \ - (hashStateFrom)->def->contextSize) - -// Copy from an external blob to an internal formate (with reformatting when -// necessary -#define HASH_STATE_IMPORT_METHOD_DEF \ - void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ - const BYTE *from, \ - size_t size) -#define HASH_STATE_IMPORT(hashStateTo, from) \ - ((hashStateTo)->def->method.copyIn) \ - (&(hashStateTo)->state, \ - &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ - (hashStateTo)->def->contextSize) - - -// Function aliases. The code in CryptHash.c uses the internal designation for the -// functions. These need to be translated to the function names of the library. -#define tpmHashStart_SHA1 SHA1_Init // external name of the - // initialization method -#define tpmHashData_SHA1 SHA1_Update -#define tpmHashEnd_SHA1 SHA1_Final -#define tpmHashStateCopy_SHA1 memcpy -#define tpmHashStateExport_SHA1 memcpy -#define tpmHashStateImport_SHA1 memcpy -#define tpmHashStart_SHA256 SHA256_Init -#define tpmHashData_SHA256 SHA256_Update -#define tpmHashEnd_SHA256 SHA256_Final -#define tpmHashStateCopy_SHA256 memcpy -#define tpmHashStateExport_SHA256 memcpy -#define tpmHashStateImport_SHA256 memcpy -#define tpmHashStart_SHA384 SHA384_Init -#define tpmHashData_SHA384 SHA384_Update -#define tpmHashEnd_SHA384 SHA384_Final -#define tpmHashStateCopy_SHA384 memcpy -#define tpmHashStateExport_SHA384 memcpy -#define tpmHashStateImport_SHA384 memcpy -#define tpmHashStart_SHA512 SHA512_Init -#define tpmHashData_SHA512 SHA512_Update -#define tpmHashEnd_SHA512 SHA512_Final -#define tpmHashStateCopy_SHA512 memcpy -#define tpmHashStateExport_SHA512 memcpy -#define tpmHashStateImport_SHA512 memcpy - -#endif // _CRYPT_HASH_C_ - -#define LibHashInit() -// This definition would change if there were something to report -#define HashLibSimulationEnd() - -#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h deleted file mode 100644 index 39cb472fd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h +++ /dev/null @@ -1,127 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the structure definitions used for ECC in the LibTomCrypt -// version of the code. These definitions would change, based on the library. -// The ECC-related structures that cross the TPM interface are defined -// in TpmTypes.h -// - -#ifndef MATH_LIB_DEFINED -#define MATH_LIB_DEFINED - -#define MATH_LIB_OSSL - -#include -#include -#if 0 // OPENSSL_VERSION_NUMBER >= 0x10200000L - // Check the bignum_st definition in crypto/bn/bn_lcl.h and either update the - // version check or provide the new definition for this version. -# error Untested OpenSSL version -#elif OPENSSL_VERSION_NUMBER >= 0x10100000L - // from crypto/bn/bn_lcl.h - struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; - }; -#endif // OPENSSL_VERSION_NUMBER -#include - -//** Macros and Defines - -// Make sure that the library is using the correct size for a crypt word -#if defined THIRTY_TWO_BIT && (RADIX_BITS != 32) \ - || ((defined SIXTY_FOUR_BIT_LONG || defined SIXTY_FOUR_BIT) \ - && (RADIX_BITS != 64)) -# error Ossl library is using different radix -#endif - -// Allocate a local BIGNUM value. For the allocation, a bigNum structure is created -// as is a local BIGNUM. The bigNum is initialized and then the BIGNUM is -// set to reference the local value. -#define BIG_VAR(name, bits) \ - BN_VAR(name##Bn, (bits)); \ - BIGNUM _##name; \ - BIGNUM *name = BigInitialized(&_##name, \ - BnInit(name##Bn, \ - BYTES_TO_CRYPT_WORDS(sizeof(_##name##Bn.d)))) - -// Allocate a BIGNUM and initialize with the values in a bigNum initializer -#define BIG_INITIALIZED(name, initializer) \ - BIGNUM _##name; \ - BIGNUM *name = BigInitialized(&_##name, initializer) - - -typedef struct -{ - const ECC_CURVE_DATA *C; // the TPM curve values - EC_GROUP *G; // group parameters - BN_CTX *CTX; // the context for the math (this might not be - // the context in which the curve was created>; -} OSSL_CURVE_DATA; - -typedef OSSL_CURVE_DATA *bigCurve; - -#define AccessCurveData(E) ((E)->C) - - -#include "TpmToOsslSupport_fp.h" - -// Start and end a context within which the OpenSSL memory management works -#define OSSL_ENTER() BN_CTX *CTX = OsslContextEnter() -#define OSSL_LEAVE() OsslContextLeave(CTX) - -// Start and end a context that spans multiple ECC functions. This is used so that -// the group for the curve can persist across multiple frames. -#define CURVE_INITIALIZED(name, initializer) \ - OSSL_CURVE_DATA _##name; \ - bigCurve name = BnCurveInitialize(&_##name, initializer) -#define CURVE_FREE(name) BnCurveFree(name) - -// Start and end a local stack frame within the context of the curve frame -#define ECC_ENTER() BN_CTX *CTX = OsslPushContext(E->CTX) -#define ECC_LEAVE() OsslPopContext(CTX) - -#define BN_NEW() BnNewVariable(CTX) - -// This definition would change if there were something to report -#define MathLibSimulationEnd() - -#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h deleted file mode 100644 index e65365d7a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h +++ /dev/null @@ -1,120 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This header file is used to 'splice' the OpenSSL library into the TPM code. -// -// The support required of a library are a hash module, a block cipher module and -// portions of a big number library. - -#ifndef SYM_LIB_DEFINED -#define SYM_LIB_DEFINED - -#define SYM_LIB_OSSL - -#include -#include -#include -#include - -//*************************************************************** -//** Links to the OpenSSL AES code -//*************************************************************** - -#if ALG_SM4 -#error "SM4 is not available" -#endif - -#if ALG_CAMELLIA -#error "Camellia is not available" -#endif - -// Define the order of parameters to the library functions that do block encryption -// and decryption. -typedef void(*TpmCryptSetSymKeyCall_t)( - const BYTE *in, - BYTE *out, - void *keySchedule - ); - -// The Crypt functions that call the block encryption function use the parameters -// in the order: -// 1) keySchedule -// 2) in buffer -// 3) out buffer -// Since open SSL uses the order in encryptoCall_t above, need to swizzle the -// values to the order required by the library. -#define SWIZZLE(keySchedule, in, out) \ - (const BYTE *)(in), (BYTE *)(out), (void *)(keySchedule) - -// Macros to set up the encryption/decryption key schedules -// -// AES: -#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ - AES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES *)(schedule)) -#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ - AES_set_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES *)(schedule)) - -// TDES: -#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) -#define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) - -// Macros to alias encryption calls to specific algorithms. This should be used -// sparingly. Currently, only used by CryptRand.c -// -// When using these calls, to call the AES block encryption code, the caller -// should use: -// TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)); -#define TpmCryptEncryptAES AES_encrypt -#define TpmCryptDecryptAES AES_decrypt -#define tpmKeyScheduleAES AES_KEY - - -#define TpmCryptEncryptTDES TDES_encrypt -#define TpmCryptDecryptTDES TDES_decrypt -#define tpmKeyScheduleTDES DES_key_schedule - -typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; - -#if ALG_TDES -#include "TpmToOsslDesSupport_fp.h" -#endif - -// This definition would change if there were something to report -#define SymLibSimulationEnd() - -#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h deleted file mode 100644 index 96c7f5b48..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h +++ /dev/null @@ -1,140 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _MSBN_DRBG_TEST_VECTORS_H -#define _MSBN_DRBG_TEST_VECTORS_H - -//#if DRBG_ALGORITHM == TPM_ALG_AES && DRBG_KEY_BITS == 256 -#if DRBG_KEY_SIZE_BITS == 256 - -/*(NIST test vector) -[AES-256 no df] -[PredictionResistance = False] -[EntropyInputLen = 384] -[NonceLen = 128] -[PersonalizationStringLen = 0] -[AdditionalInputLen = 0] - -COUNT = 0 -EntropyInput = 0d15aa80 b16c3a10 906cfedb 795dae0b 5b81041c 5c5bfacb - 373d4440 d9120f7e 3d6cf909 86cf52d8 5d3e947d 8c061f91 -Nonce = 06caef5f b538e08e 1f3b0452 03f8f4b2 -PersonalizationString = -AdditionalInput = - INTERMEDIATE Key = be5df629 34cc1230 166a6773 345bbd6b - 4c8869cf 8aec1c3b 1aa98bca 37cacf61 - INTERMEDIATE V = 3182dd1e 7638ec70 014e93bd 813e524c - INTERMEDIATE ReturnedBits = 28e0ebb8 21016650 8c8f65f2 207bd0a3 -EntropyInputReseed = 6ee793a3 3955d72a d12fd80a 8a3fcf95 ed3b4dac 5795fe25 - cf869f7c 27573bbc 56f1acae 13a65042 b340093c 464a7a22 -AdditionalInputReseed = -AdditionalInput = -ReturnedBits = 946f5182 d54510b9 461248f5 71ca06c9 -*/ - - -// Entropy is the size of the state. The state is the size of the key -// plus the IV. The IV is a block. If Key = 256 and Block = 128 then State = 384 -# define DRBG_TEST_INITIATE_ENTROPY \ - 0x0d, 0x15, 0xaa, 0x80, 0xb1, 0x6c, 0x3a, 0x10, \ - 0x90, 0x6c, 0xfe, 0xdb, 0x79, 0x5d, 0xae, 0x0b, \ - 0x5b, 0x81, 0x04, 0x1c, 0x5c, 0x5b, 0xfa, 0xcb, \ - 0x37, 0x3d, 0x44, 0x40, 0xd9, 0x12, 0x0f, 0x7e, \ - 0x3d, 0x6c, 0xf9, 0x09, 0x86, 0xcf, 0x52, 0xd8, \ - 0x5d, 0x3e, 0x94, 0x7d, 0x8c, 0x06, 0x1f, 0x91 - -# define DRBG_TEST_RESEED_ENTROPY \ - 0x6e, 0xe7, 0x93, 0xa3, 0x39, 0x55, 0xd7, 0x2a, \ - 0xd1, 0x2f, 0xd8, 0x0a, 0x8a, 0x3f, 0xcf, 0x95, \ - 0xed, 0x3b, 0x4d, 0xac, 0x57, 0x95, 0xfe, 0x25, \ - 0xcf, 0x86, 0x9f, 0x7c, 0x27, 0x57, 0x3b, 0xbc, \ - 0x56, 0xf1, 0xac, 0xae, 0x13, 0xa6, 0x50, 0x42, \ - 0xb3, 0x40, 0x09, 0x3c, 0x46, 0x4a, 0x7a, 0x22 - -# define DRBG_TEST_GENERATED_INTERM \ - 0x28, 0xe0, 0xeb, 0xb8, 0x21, 0x01, 0x66, 0x50, \ - 0x8c, 0x8f, 0x65, 0xf2, 0x20, 0x7b, 0xd0, 0xa3 - - -# define DRBG_TEST_GENERATED \ - 0x94, 0x6f, 0x51, 0x82, 0xd5, 0x45, 0x10, 0xb9, \ - 0x46, 0x12, 0x48, 0xf5, 0x71, 0xca, 0x06, 0xc9 -#elif DRBG_KEY_SIZE_BITS == 128 -/*(NIST test vector) -[AES-128 no df] -[PredictionResistance = False] -[EntropyInputLen = 256] -[NonceLen = 64] -[PersonalizationStringLen = 0] -[AdditionalInputLen = 0] - -COUNT = 0 -EntropyInput = 8fc11bdb5aabb7e093b61428e0907303cb459f3b600dad870955f22da80a44f8 -Nonce = be1f73885ddd15aa -PersonalizationString = -AdditionalInput = - INTERMEDIATE Key = b134ecc836df6dbd624900af118dd7e6 - INTERMEDIATE V = 01bb09e86dabd75c9f26dbf6f9531368 - INTERMEDIATE ReturnedBits = dc3cf6bf5bd341135f2c6811a1071c87 -EntropyInputReseed = - 0cd53cd5eccd5a10d7ea266111259b05574fc6ddd8bed8bd72378cf82f1dba2a -AdditionalInputReseed = -AdditionalInput = -ReturnedBits = b61850decfd7106d44769a8e6e8c1ad4 -*/ - -# define DRBG_TEST_INITIATE_ENTROPY \ - 0x8f, 0xc1, 0x1b, 0xdb, 0x5a, 0xab, 0xb7, 0xe0, \ - 0x93, 0xb6, 0x14, 0x28, 0xe0, 0x90, 0x73, 0x03, \ - 0xcb, 0x45, 0x9f, 0x3b, 0x60, 0x0d, 0xad, 0x87, \ - 0x09, 0x55, 0xf2, 0x2d, 0xa8, 0x0a, 0x44, 0xf8 - -# define DRBG_TEST_RESEED_ENTROPY \ - 0x0c, 0xd5, 0x3c, 0xd5, 0xec, 0xcd, 0x5a, 0x10, \ - 0xd7, 0xea, 0x26, 0x61, 0x11, 0x25, 0x9b, 0x05, \ - 0x57, 0x4f, 0xc6, 0xdd, 0xd8, 0xbe, 0xd8, 0xbd, \ - 0x72, 0x37, 0x8c, 0xf8, 0x2f, 0x1d, 0xba, 0x2a - -#define DRBG_TEST_GENERATED_INTERM \ - 0xdc, 0x3c, 0xf6, 0xbf, 0x5b, 0xd3, 0x41, 0x13, \ - 0x5f, 0x2c, 0x68, 0x11, 0xa1, 0x07, 0x1c, 0x87 - -# define DRBG_TEST_GENERATED \ - 0xb6, 0x18, 0x50, 0xde, 0xcf, 0xd7, 0x10, 0x6d, \ - 0x44, 0x76, 0x9a, 0x8e, 0x6e, 0x8c, 0x1a, 0xd4 - -#endif - - -#endif // _MSBN_DRBG_TEST_VECTORS_H \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h deleted file mode 100644 index 9721daa35..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h +++ /dev/null @@ -1,423 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// -// RSA Test Vectors - -#define RSA_TEST_KEY_SIZE 256 - -typedef struct -{ - UINT16 size; - BYTE buffer[RSA_TEST_KEY_SIZE]; -} TPM2B_RSA_TEST_KEY; - -typedef TPM2B_RSA_TEST_KEY TPM2B_RSA_TEST_VALUE; - -typedef struct -{ - UINT16 size; - BYTE buffer[RSA_TEST_KEY_SIZE / 2]; -} TPM2B_RSA_TEST_PRIME; - -const TPM2B_RSA_TEST_KEY c_rsaPublicModulus = {256, { - 0x91,0x12,0xf5,0x07,0x9d,0x5f,0x6b,0x1c,0x90,0xf6,0xcc,0x87,0xde,0x3a,0x7a,0x15, - 0xdc,0x54,0x07,0x6c,0x26,0x8f,0x25,0xef,0x7e,0x66,0xc0,0xe3,0x82,0x12,0x2f,0xab, - 0x52,0x82,0x1e,0x85,0xbc,0x53,0xba,0x2b,0x01,0xad,0x01,0xc7,0x8d,0x46,0x4f,0x7d, - 0xdd,0x7e,0xdc,0xb0,0xad,0xf6,0x0c,0xa1,0x62,0x92,0x97,0x8a,0x3e,0x6f,0x7e,0x3e, - 0xf6,0x9a,0xcc,0xf9,0xa9,0x86,0x77,0xb6,0x85,0x43,0x42,0x04,0x13,0x65,0xe2,0xad, - 0x36,0xc9,0xbf,0xc1,0x97,0x84,0x6f,0xee,0x7c,0xda,0x58,0xd2,0xae,0x07,0x00,0xaf, - 0xc5,0x5f,0x4d,0x3a,0x98,0xb0,0xed,0x27,0x7c,0xc2,0xce,0x26,0x5d,0x87,0xe1,0xe3, - 0xa9,0x69,0x88,0x4f,0x8c,0x08,0x31,0x18,0xae,0x93,0x16,0xe3,0x74,0xde,0xd3,0xf6, - 0x16,0xaf,0xa3,0xac,0x37,0x91,0x8d,0x10,0xc6,0x6b,0x64,0x14,0x3a,0xd9,0xfc,0xe4, - 0xa0,0xf2,0xd1,0x01,0x37,0x4f,0x4a,0xeb,0xe5,0xec,0x98,0xc5,0xd9,0x4b,0x30,0xd2, - 0x80,0x2a,0x5a,0x18,0x5a,0x7d,0xd4,0x3d,0xb7,0x62,0x98,0xce,0x6d,0xa2,0x02,0x6e, - 0x45,0xaa,0x95,0x73,0xe0,0xaa,0x75,0x57,0xb1,0x3d,0x1b,0x05,0x75,0x23,0x6b,0x20, - 0x69,0x9e,0x14,0xb0,0x7f,0xac,0xae,0xd2,0xc7,0x48,0x3b,0xe4,0x56,0x11,0x34,0x1e, - 0x05,0x1a,0x30,0x20,0xef,0x68,0x93,0x6b,0x9d,0x7e,0xdd,0xba,0x96,0x50,0xcc,0x1c, - 0x81,0xb4,0x59,0xb9,0x74,0x36,0xd9,0x97,0xdc,0x8f,0x17,0x82,0x72,0xb3,0x59,0xf6, - 0x23,0xfa,0x84,0xf7,0x6d,0xf2,0x05,0xff,0xf1,0xb9,0xcc,0xe9,0xa2,0x82,0x01,0xfb}}; - -const TPM2B_RSA_TEST_PRIME c_rsaPrivatePrime = {RSA_TEST_KEY_SIZE / 2, { - 0xb7,0xa0,0x90,0xc7,0x92,0x09,0xde,0x71,0x03,0x37,0x4a,0xb5,0x2f,0xda,0x61,0xb8, - 0x09,0x1b,0xba,0x99,0x70,0x45,0xc1,0x0b,0x15,0x12,0x71,0x8a,0xb3,0x2a,0x4d,0x5a, - 0x41,0x9b,0x73,0x89,0x80,0x0a,0x8f,0x18,0x4c,0x8b,0xa2,0x5b,0xda,0xbd,0x43,0xbe, - 0xdc,0x76,0x4d,0x71,0x0f,0xb9,0xfc,0x7a,0x09,0xfe,0x4f,0xac,0x63,0xd9,0x2e,0x50, - 0x3a,0xa1,0x37,0xc6,0xf2,0xa1,0x89,0x12,0xe7,0x72,0x64,0x2b,0xba,0xc1,0x1f,0xca, - 0x9d,0xb7,0xaa,0x3a,0xa9,0xd3,0xa6,0x6f,0x73,0x02,0xbb,0x85,0x5d,0x9a,0xb9,0x5c, - 0x08,0x83,0x22,0x20,0x49,0x91,0x5f,0x4b,0x86,0xbc,0x3f,0x76,0x43,0x08,0x97,0xbf, - 0x82,0x55,0x36,0x2d,0x8b,0x6e,0x9e,0xfb,0xc1,0x67,0x6a,0x43,0xa2,0x46,0x81,0x71}}; - -const BYTE c_RsaTestValue[RSA_TEST_KEY_SIZE] = { - 0x2a,0x24,0x3a,0xbb,0x50,0x1d,0xd4,0x2a,0xf9,0x18,0x32,0x34,0xa2,0x0f,0xea,0x5c, - 0x91,0x77,0xe9,0xe1,0x09,0x83,0xdc,0x5f,0x71,0x64,0x5b,0xeb,0x57,0x79,0xa0,0x41, - 0xc9,0xe4,0x5a,0x0b,0xf4,0x9f,0xdb,0x84,0x04,0xa6,0x48,0x24,0xf6,0x3f,0x66,0x1f, - 0xa8,0x04,0x5c,0xf0,0x7a,0x6b,0x4a,0x9c,0x7e,0x21,0xb6,0xda,0x6b,0x65,0x9c,0x3a, - 0x68,0x50,0x13,0x1e,0xa4,0xb7,0xca,0xec,0xd3,0xcc,0xb2,0x9b,0x8c,0x87,0xa4,0x6a, - 0xba,0xc2,0x06,0x3f,0x40,0x48,0x7b,0xa8,0xb8,0x2c,0x03,0x14,0x33,0xf3,0x1d,0xe9, - 0xbd,0x6f,0x54,0x66,0xb4,0x69,0x5e,0xbc,0x80,0x7c,0xe9,0x6a,0x43,0x7f,0xb8,0x6a, - 0xa0,0x5f,0x5d,0x7a,0x20,0xfd,0x7a,0x39,0xe1,0xea,0x0e,0x94,0x91,0x28,0x63,0x7a, - 0xac,0xc9,0xa5,0x3a,0x6d,0x31,0x7b,0x7c,0x54,0x56,0x99,0x56,0xbb,0xb7,0xa1,0x2d, - 0xd2,0x5c,0x91,0x5f,0x1c,0xd3,0x06,0x7f,0x34,0x53,0x2f,0x4c,0xd1,0x8b,0xd2,0x9e, - 0xdc,0xc3,0x94,0x0a,0xe1,0x0f,0xa5,0x15,0x46,0x2a,0x8e,0x10,0xc2,0xfe,0xb7,0x5e, - 0x2d,0x0d,0xd1,0x25,0xfc,0xe4,0xf7,0x02,0x19,0xfe,0xb6,0xe4,0x95,0x9c,0x17,0x4a, - 0x9b,0xdb,0xab,0xc7,0x79,0xe3,0x5e,0x40,0xd0,0x56,0x6d,0x25,0x0a,0x72,0x65,0x80, - 0x92,0x9a,0xa8,0x07,0x70,0x32,0x14,0xfb,0xfe,0x08,0xeb,0x13,0xb4,0x07,0x68,0xb4, - 0x58,0x39,0xbe,0x8e,0x78,0x3a,0x59,0x3f,0x9c,0x4c,0xe9,0xa8,0x64,0x68,0xf7,0xb9, - 0x6e,0x20,0xf5,0xcb,0xca,0x47,0xf2,0x17,0xaa,0x8b,0xbc,0x13,0x14,0x84,0xf6,0xab}; - -const TPM2B_RSA_TEST_VALUE c_RsaepKvt = {RSA_TEST_KEY_SIZE, { - 0x73,0xbd,0x65,0x49,0xda,0x7b,0xb8,0x50,0x9e,0x87,0xf0,0x0a,0x8a,0x9a,0x07,0xb6, - 0x00,0x82,0x10,0x14,0x60,0xd8,0x01,0xfc,0xc5,0x18,0xea,0x49,0x5f,0x13,0xcf,0x65, - 0x66,0x30,0x6c,0x60,0x3f,0x24,0x3c,0xfb,0xe2,0x31,0x16,0x99,0x7e,0x31,0x98,0xab, - 0x93,0xb8,0x07,0x53,0xcc,0xdb,0x7f,0x44,0xd9,0xee,0x5d,0xe8,0x5f,0x97,0x5f,0xe8, - 0x1f,0x88,0x52,0x24,0x7b,0xac,0x62,0x95,0xb7,0x7d,0xf5,0xf8,0x9f,0x5a,0xa8,0x24, - 0x9a,0x76,0x71,0x2a,0x35,0x2a,0xa1,0x08,0xbb,0x95,0xe3,0x64,0xdc,0xdb,0xc2,0x33, - 0xa9,0x5f,0xbe,0x4c,0xc4,0xcc,0x28,0xc9,0x25,0xff,0xee,0x17,0x15,0x9a,0x50,0x90, - 0x0e,0x15,0xb4,0xea,0x6a,0x09,0xe6,0xff,0xa4,0xee,0xc7,0x7e,0xce,0xa9,0x73,0xe4, - 0xa0,0x56,0xbd,0x53,0x2a,0xe4,0xc0,0x2b,0xa8,0x9b,0x09,0x30,0x72,0x62,0x0f,0xf9, - 0xf6,0xa1,0x52,0xd2,0x8a,0x37,0xee,0xa5,0xc8,0x47,0xe1,0x99,0x21,0x47,0xeb,0xdd, - 0x37,0xaa,0xe4,0xbd,0x55,0x46,0x5a,0x5a,0x5d,0xfb,0x7b,0xfc,0xff,0xbf,0x26,0x71, - 0xf6,0x1e,0xad,0xbc,0xbf,0x33,0xca,0xe1,0x92,0x8f,0x2a,0x89,0x6c,0x45,0x24,0xd1, - 0xa6,0x52,0x56,0x24,0x5e,0x90,0x47,0xe5,0xcb,0x12,0xb0,0x32,0xf9,0xa6,0xbb,0xea, - 0x37,0xa9,0xbd,0xef,0x23,0xef,0x63,0x07,0x6c,0xc4,0x4e,0x64,0x3c,0xc6,0x11,0x84, - 0x7d,0x65,0xd6,0x5d,0x7a,0x17,0x58,0xa5,0xf7,0x74,0x3b,0x42,0xe3,0xd2,0xda,0x5f, - 0x6f,0xe0,0x1e,0x4b,0xcf,0x46,0xe2,0xdf,0x3e,0x41,0x8e,0x0e,0xb0,0x3f,0x8b,0x65}}; - -#define OAEP_TEST_LABEL "OAEP Test Value" - -#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH - -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x32,0x68,0x84,0x0b,0x9c,0xc9,0x25,0x26,0xd9,0xc0,0xd0,0xb1,0xde,0x60,0x55,0xae, - 0x33,0xe5,0xcf,0x6c,0x85,0xbe,0x0d,0x71,0x11,0xe1,0x45,0x60,0xbb,0x42,0x3d,0xf3, - 0xb1,0x18,0x84,0x7b,0xc6,0x5d,0xce,0x1d,0x5f,0x9a,0x97,0xcf,0xb1,0x97,0x9a,0x85, - 0x7c,0xa7,0xa1,0x63,0x23,0xb6,0x74,0x0f,0x1a,0xee,0x29,0x51,0xeb,0x50,0x8f,0x3c, - 0x8e,0x4e,0x31,0x38,0xdc,0x11,0xfc,0x9a,0x4e,0xaf,0x93,0xc9,0x7f,0x6e,0x35,0xf3, - 0xc9,0xe4,0x89,0x14,0x53,0xe2,0xc2,0x1a,0xf7,0x6b,0x9b,0xf0,0x7a,0xa4,0x69,0x52, - 0xe0,0x24,0x8f,0xea,0x31,0xa7,0x5c,0x43,0xb0,0x65,0xc9,0xfe,0xba,0xfe,0x80,0x9e, - 0xa5,0xc0,0xf5,0x8d,0xce,0x41,0xf9,0x83,0x0d,0x8e,0x0f,0xef,0x3d,0x1f,0x6a,0xcc, - 0x8a,0x3d,0x3b,0xdf,0x22,0x38,0xd7,0x34,0x58,0x7b,0x55,0xc9,0xf6,0xbc,0x7c,0x4c, - 0x3f,0xd7,0xde,0x4e,0x30,0xa9,0x69,0xf3,0x5f,0x56,0x8f,0xc2,0xe7,0x75,0x79,0xb8, - 0xa5,0xc8,0x0d,0xc0,0xcd,0xb6,0xc9,0x63,0xad,0x7c,0xe4,0x8f,0x39,0x60,0x4d,0x7d, - 0xdb,0x34,0x49,0x2a,0x47,0xde,0xc0,0x42,0x4a,0x19,0x94,0x2e,0x50,0x21,0x03,0x47, - 0xff,0x73,0xb3,0xb7,0x89,0xcc,0x7b,0x2c,0xeb,0x03,0xa7,0x9a,0x06,0xfd,0xed,0x19, - 0xbb,0x82,0xa0,0x13,0xe9,0xfa,0xac,0x06,0x5f,0xc5,0xa9,0x2b,0xda,0x88,0x23,0xa2, - 0x5d,0xc2,0x7f,0xda,0xc8,0x5a,0x94,0x31,0xc1,0x21,0xd7,0x1e,0x6b,0xd7,0x89,0xb1, - 0x93,0x80,0xab,0xd1,0x37,0xf2,0x6f,0x50,0xcd,0x2a,0xea,0xb1,0xc4,0xcd,0xcb,0xb5}}; - -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x29,0xa4,0x2f,0xbb,0x8a,0x14,0x05,0x1e,0x3c,0x72,0x76,0x77,0x38,0xe7,0x73,0xe3, - 0x6e,0x24,0x4b,0x38,0xd2,0x1a,0xcf,0x23,0x58,0x78,0x36,0x82,0x23,0x6e,0x6b,0xef, - 0x2c,0x3d,0xf2,0xe8,0xd6,0xc6,0x87,0x8e,0x78,0x9b,0x27,0x39,0xc0,0xd6,0xef,0x4d, - 0x0b,0xfc,0x51,0x27,0x18,0xf3,0x51,0x5e,0x4d,0x96,0x3a,0xe2,0x15,0xe2,0x7e,0x42, - 0xf4,0x16,0xd5,0xc6,0x52,0x5d,0x17,0x44,0x76,0x09,0x7a,0xcf,0xe3,0x30,0xe3,0x84, - 0xf6,0x6f,0x3a,0x33,0xfb,0x32,0x0d,0x1d,0xe7,0x7c,0x80,0x82,0x4f,0xed,0xda,0x87, - 0x11,0x9c,0xc3,0x7e,0x85,0xbd,0x18,0x58,0x08,0x2b,0x23,0x37,0xe7,0x9d,0xd0,0xd1, - 0x79,0xe2,0x05,0xbd,0xf5,0x4f,0x0e,0x0f,0xdb,0x4a,0x74,0xeb,0x09,0x01,0xb3,0xca, - 0xbd,0xa6,0x7b,0x09,0xb1,0x13,0x77,0x30,0x4d,0x87,0x41,0x06,0x57,0x2e,0x5f,0x36, - 0x6e,0xfc,0x35,0x69,0xfe,0x0a,0x24,0x6c,0x98,0x8c,0xda,0x97,0xf4,0xfb,0xc7,0x83, - 0x2d,0x3e,0x7d,0xc0,0x5c,0x34,0xfd,0x11,0x2a,0x12,0xa7,0xae,0x4a,0xde,0xc8,0x4e, - 0xcf,0xf4,0x85,0x63,0x77,0xc6,0x33,0x34,0xe0,0x27,0xe4,0x9e,0x91,0x0b,0x4b,0x85, - 0xf0,0xb0,0x79,0xaa,0x7c,0xc6,0xff,0x3b,0xbc,0x04,0x73,0xb8,0x95,0xd7,0x31,0x54, - 0x3b,0x56,0xec,0x52,0x15,0xd7,0x3e,0x62,0xf5,0x82,0x99,0x3e,0x2a,0xc0,0x4b,0x2e, - 0x06,0x57,0x6d,0x3f,0x3e,0x77,0x1f,0x2b,0x2d,0xc5,0xb9,0x3b,0x68,0x56,0x73,0x70, - 0x32,0x6b,0x6b,0x65,0x25,0x76,0x45,0x6c,0x45,0xf1,0x6c,0x59,0xfc,0x94,0xa7,0x15}}; - -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x01,0xfe,0xd5,0x83,0x0b,0x15,0xba,0x90,0x2c,0xdf,0xf7,0x26,0xb7,0x8f,0xb1,0xd7, - 0x0b,0xfd,0x83,0xf9,0x95,0xd5,0xd7,0xb5,0xc5,0xc5,0x4a,0xde,0xd5,0xe6,0x20,0x78, - 0xca,0x73,0x77,0x3d,0x61,0x36,0x48,0xae,0x3e,0x8f,0xee,0x43,0x29,0x96,0xdf,0x3f, - 0x1c,0x97,0x5a,0xbe,0xe5,0xa2,0x7e,0x5b,0xd0,0xc0,0x29,0x39,0x83,0x81,0x77,0x24, - 0x43,0xdb,0x3c,0x64,0x4d,0xf0,0x23,0xe4,0xae,0x0f,0x78,0x31,0x8c,0xda,0x0c,0xec, - 0xf1,0xdf,0x09,0xf2,0x14,0x6a,0x4d,0xaf,0x36,0x81,0x6e,0xbd,0xbe,0x36,0x79,0x88, - 0x98,0xb6,0x6f,0x5a,0xad,0xcf,0x7c,0xee,0xe0,0xdd,0x00,0xbe,0x59,0x97,0x88,0x00, - 0x34,0xc0,0x8b,0x48,0x42,0x05,0x04,0x5a,0xb7,0x85,0x38,0xa0,0x35,0xd7,0x3b,0x51, - 0xb8,0x7b,0x81,0x83,0xee,0xff,0x76,0x6f,0x50,0x39,0x4d,0xab,0x89,0x63,0x07,0x6d, - 0xf5,0xe5,0x01,0x10,0x56,0xfe,0x93,0x06,0x8f,0xd3,0xc9,0x41,0xab,0xc9,0xdf,0x6e, - 0x59,0xa8,0xc3,0x1d,0xbf,0x96,0x4a,0x59,0x80,0x3c,0x90,0x3a,0x59,0x56,0x4c,0x6d, - 0x44,0x6d,0xeb,0xdc,0x73,0xcd,0xc1,0xec,0xb8,0x41,0xbf,0x89,0x8c,0x03,0x69,0x4c, - 0xaf,0x3f,0xc1,0xc5,0xc7,0xe7,0x7d,0xa7,0x83,0x39,0x70,0xa2,0x6b,0x83,0xbc,0xbe, - 0xf5,0xbf,0x1c,0xee,0x6e,0xa3,0x22,0x1e,0x25,0x2f,0x16,0x68,0x69,0x5a,0x1d,0xfa, - 0x2c,0x3a,0x0f,0x67,0xe1,0x77,0x12,0xe8,0x3d,0xba,0xaa,0xef,0x96,0x9c,0x1f,0x64, - 0x32,0xf4,0xa7,0xb3,0x3f,0x7d,0x61,0xbb,0x9a,0x27,0xad,0xfb,0x2f,0x33,0xc4,0x70}}; - -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x67,0x4e,0xdd,0xc2,0xd2,0x6d,0xe0,0x03,0xc4,0xc2,0x41,0xd3,0xd4,0x61,0x30,0xd0, - 0xe1,0x68,0x31,0x4a,0xda,0xd9,0xc2,0x5d,0xaa,0xa2,0x7b,0xfb,0x44,0x02,0xf5,0xd6, - 0xd8,0x2e,0xcd,0x13,0x36,0xc9,0x4b,0xdb,0x1a,0x4b,0x66,0x1b,0x4f,0x9c,0xb7,0x17, - 0xac,0x53,0x37,0x4f,0x21,0xbd,0x0c,0x66,0xac,0x06,0x65,0x52,0x9f,0x04,0xf6,0xa5, - 0x22,0x5b,0xf7,0xe6,0x0d,0x3c,0x9f,0x41,0x19,0x09,0x88,0x7c,0x41,0x4c,0x2f,0x9c, - 0x8b,0x3c,0xdd,0x7c,0x28,0x78,0x24,0xd2,0x09,0xa6,0x5b,0xf7,0x3c,0x88,0x7e,0x73, - 0x5a,0x2d,0x36,0x02,0x4f,0x65,0xb0,0xcb,0xc8,0xdc,0xac,0xa2,0xda,0x8b,0x84,0x91, - 0x71,0xe4,0x30,0x8b,0xb6,0x12,0xf2,0xf0,0xd0,0xa0,0x38,0xcf,0x75,0xb7,0x20,0xcb, - 0x35,0x51,0x52,0x6b,0xc4,0xf4,0x21,0x95,0xc2,0xf7,0x9a,0x13,0xc1,0x1a,0x7b,0x8f, - 0x77,0xda,0x19,0x48,0xbb,0x6d,0x14,0x5d,0xba,0x65,0xb4,0x9e,0x43,0x42,0x58,0x98, - 0x0b,0x91,0x46,0xd8,0x4c,0xf3,0x4c,0xaf,0x2e,0x02,0xa6,0xb2,0x49,0x12,0x62,0x43, - 0x4e,0xa8,0xac,0xbf,0xfd,0xfa,0x37,0x24,0xea,0x69,0x1c,0xf5,0xae,0xfa,0x08,0x82, - 0x30,0xc3,0xc0,0xf8,0x9a,0x89,0x33,0xe1,0x40,0x6d,0x18,0x5c,0x7b,0x90,0x48,0xbf, - 0x37,0xdb,0xea,0xfb,0x0e,0xd4,0x2e,0x11,0xfa,0xa9,0x86,0xff,0x00,0x0b,0x7b,0xca, - 0x09,0x64,0x6a,0x8f,0x0c,0x0e,0x09,0x14,0x36,0x4a,0x74,0x31,0x18,0x5b,0x18,0xeb, - 0xea,0x83,0xc3,0x66,0x68,0xa6,0x7d,0x43,0x06,0x0f,0x99,0x60,0xce,0x65,0x08,0xf6}}; - -#endif // SHA1 - -#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH - -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x33,0x20,0x6e,0x21,0xc3,0xf6,0xcd,0xf8,0xd7,0x5d,0x9f,0xe9,0x05,0x14,0x8c,0x7c, - 0xbb,0x69,0x24,0x9e,0x52,0x8f,0xaf,0x84,0x73,0x21,0x2c,0x85,0xa5,0x30,0x4d,0xb6, - 0xb8,0xfa,0x15,0x9b,0xc7,0x8f,0xc9,0x7a,0x72,0x4b,0x85,0xa4,0x1c,0xc5,0xd8,0xe4, - 0x92,0xb3,0xec,0xd9,0xa8,0xca,0x5e,0x74,0x73,0x89,0x7f,0xb4,0xac,0x7e,0x68,0x12, - 0xb2,0x53,0x27,0x4b,0xbf,0xd0,0x71,0x69,0x46,0x9f,0xef,0xf4,0x70,0x60,0xf8,0xd7, - 0xae,0xc7,0x5a,0x27,0x38,0x25,0x2d,0x25,0xab,0x96,0x56,0x66,0x3a,0x23,0x40,0xa8, - 0xdb,0xbc,0x86,0xe8,0xf3,0xd2,0x58,0x0b,0x44,0xfc,0x94,0x1e,0xb7,0x5d,0xb4,0x57, - 0xb5,0xf3,0x56,0xee,0x9b,0xcf,0x97,0x91,0x29,0x36,0xe3,0x06,0x13,0xa2,0xea,0xd6, - 0xd6,0x0b,0x86,0x0b,0x1a,0x27,0xe6,0x22,0xc4,0x7b,0xff,0xde,0x0f,0xbf,0x79,0xc8, - 0x1b,0xed,0xf1,0x27,0x62,0xb5,0x8b,0xf9,0xd9,0x76,0x90,0xf6,0xcc,0x83,0x0f,0xce, - 0xce,0x2e,0x63,0x7a,0x9b,0xf4,0x48,0x5b,0xd7,0x81,0x2c,0x3a,0xdb,0x59,0x0d,0x4d, - 0x9e,0x46,0xe9,0x9e,0x92,0x22,0x27,0x1c,0xb0,0x67,0x8a,0xe6,0x8a,0x16,0x8a,0xdf, - 0x95,0x76,0x24,0x82,0xad,0xf1,0xbc,0x97,0xbf,0xd3,0x5e,0x6e,0x14,0x0c,0x5b,0x25, - 0xfe,0x58,0xfa,0x64,0xe5,0x14,0x46,0xb7,0x58,0xc6,0x3f,0x7f,0x42,0xd2,0x8e,0x45, - 0x13,0x41,0x85,0x12,0x2e,0x96,0x19,0xd0,0x5e,0x7d,0x34,0x06,0x32,0x2b,0xc8,0xd9, - 0x0d,0x6c,0x06,0x36,0xa0,0xff,0x47,0x57,0x2c,0x25,0xbc,0x8a,0xa5,0xe2,0xc7,0xe3}}; - -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x39,0xfc,0x10,0x5d,0xf4,0x45,0x3d,0x94,0x53,0x06,0x89,0x24,0xe7,0xe8,0xfd,0x03, - 0xac,0xfd,0xbd,0xb2,0x28,0xd3,0x4a,0x52,0xc5,0xd4,0xdb,0x17,0xd4,0x24,0x05,0xc4, - 0xeb,0x6a,0xce,0x1d,0xbb,0x37,0xcb,0x09,0xd8,0x6c,0x83,0x19,0x93,0xd4,0xe2,0x88, - 0x88,0x9b,0xaf,0x92,0x16,0xc4,0x15,0xbd,0x49,0x13,0x22,0xb7,0x84,0xcf,0x23,0xf2, - 0x6f,0x0c,0x3e,0x8f,0xde,0x04,0x09,0x31,0x2d,0x99,0xdf,0xe6,0x74,0x70,0x30,0xde, - 0x8c,0xad,0x32,0x86,0xe2,0x7c,0x12,0x90,0x21,0xf3,0x86,0xb7,0xe2,0x64,0xca,0x98, - 0xcc,0x64,0x4b,0xef,0x57,0x4f,0x5a,0x16,0x6e,0xd7,0x2f,0x5b,0xf6,0x07,0xad,0x33, - 0xb4,0x8f,0x3b,0x3a,0x8b,0xd9,0x06,0x2b,0xed,0x3c,0x3c,0x76,0xf6,0x21,0x31,0xe3, - 0xfb,0x2c,0x45,0x61,0x42,0xba,0xe0,0xc3,0x72,0x63,0xd0,0x6b,0x8f,0x36,0x26,0xfb, - 0x9e,0x89,0x0e,0x44,0x9a,0xc1,0x84,0x5e,0x84,0x8d,0xb6,0xea,0xf1,0x0d,0x66,0xc7, - 0xdb,0x44,0xbd,0x19,0x7c,0x05,0xbe,0xc4,0xab,0x88,0x32,0xbe,0xc7,0x63,0x31,0xe6, - 0x38,0xd4,0xe5,0xb8,0x4b,0xf5,0x0e,0x55,0x9a,0x3a,0xe6,0x0a,0xec,0xee,0xe2,0xa8, - 0x88,0x04,0xf2,0xb8,0xaa,0x5a,0xd8,0x97,0x5d,0xa0,0xa8,0x42,0xfb,0xd9,0xde,0x80, - 0xae,0x4c,0xb3,0xa1,0x90,0x47,0x57,0x03,0x10,0x78,0xa6,0x8f,0x11,0xba,0x4b,0xce, - 0x2d,0x56,0xa4,0xe1,0xbd,0xf8,0xa0,0xa4,0xd5,0x48,0x3c,0x63,0x20,0x00,0x38,0xa0, - 0xd1,0xe6,0x12,0xe9,0x1d,0xd8,0x49,0xe3,0xd5,0x24,0xb5,0xc5,0x3a,0x1f,0xb0,0xd4}}; - -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x74,0x89,0x29,0x3e,0x1b,0xac,0xc6,0x85,0xca,0xf0,0x63,0x43,0x30,0x7d,0x1c,0x9b, - 0x2f,0xbd,0x4d,0x69,0x39,0x5e,0x85,0xe2,0xef,0x86,0x0a,0xc6,0x6b,0xa6,0x08,0x19, - 0x6c,0x56,0x38,0x24,0x55,0x92,0x84,0x9b,0x1b,0x8b,0x04,0xcf,0x24,0x14,0x24,0x13, - 0x0e,0x8b,0x82,0x6f,0x96,0xc8,0x9a,0x68,0xfc,0x4c,0x02,0xf0,0xdc,0xcd,0x36,0x25, - 0x31,0xd5,0x82,0xcf,0xc9,0x69,0x72,0xf6,0x1d,0xab,0x68,0x20,0x2e,0x2d,0x19,0x49, - 0xf0,0x2e,0xad,0xd2,0xda,0xaf,0xff,0xb6,0x92,0x83,0x5b,0x8a,0x06,0x2d,0x0c,0x32, - 0x11,0x32,0x3b,0x77,0x17,0xf6,0x50,0xfb,0xf8,0x57,0xc9,0xc7,0x9b,0x9e,0xc6,0xd1, - 0xa9,0x55,0xf0,0x22,0x35,0xda,0xca,0x3c,0x8e,0xc6,0x9a,0xd8,0x25,0xc8,0x5e,0x93, - 0x0d,0xaa,0xa7,0x06,0xaf,0x11,0x29,0x99,0xe7,0x7c,0xee,0x49,0x82,0x30,0xba,0x2c, - 0xe2,0x40,0x8f,0x0a,0xa6,0x7b,0x24,0x75,0xc5,0xcd,0x03,0x12,0xf4,0xb2,0x4b,0x3a, - 0xd1,0x91,0x3c,0x20,0x0e,0x58,0x2b,0x31,0xf8,0x8b,0xee,0xbc,0x1f,0x95,0x35,0x58, - 0x6a,0x73,0xee,0x99,0xb0,0x01,0x42,0x4f,0x66,0xc0,0x66,0xbb,0x35,0x86,0xeb,0xd9, - 0x7b,0x55,0x77,0x2d,0x54,0x78,0x19,0x49,0xe8,0xcc,0xfd,0xb1,0xcb,0x49,0xc9,0xea, - 0x20,0xab,0xed,0xb5,0xed,0xfe,0xb2,0xb5,0xa8,0xcf,0x05,0x06,0xd5,0x7d,0x2b,0xbb, - 0x0b,0x65,0x6b,0x2b,0x6d,0x55,0x95,0x85,0x44,0x8b,0x12,0x05,0xf3,0x4b,0xd4,0x8e, - 0x3d,0x68,0x2d,0x29,0x9c,0x05,0x79,0xd6,0xfc,0x72,0x90,0x6a,0xab,0x46,0x38,0x81}}; - -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x8a,0xb1,0x0a,0xb5,0xe4,0x02,0xf7,0xdd,0x45,0x2a,0xcc,0x2b,0x6b,0x8c,0x0e,0x9a, - 0x92,0x4f,0x9b,0xc5,0xe4,0x8b,0x82,0xb9,0xb0,0xd9,0x87,0x8c,0xcb,0xf0,0xb0,0x59, - 0xa5,0x92,0x21,0xa0,0xa7,0x61,0x5c,0xed,0xa8,0x6e,0x22,0x29,0x46,0xc7,0x86,0x37, - 0x4b,0x1b,0x1e,0x94,0x93,0xc8,0x4c,0x17,0x7a,0xae,0x59,0x91,0xf8,0x83,0x84,0xc4, - 0x8c,0x38,0xc2,0x35,0x0e,0x7e,0x50,0x67,0x76,0xe7,0xd3,0xec,0x6f,0x0d,0xa0,0x5c, - 0x2f,0x0a,0x80,0x28,0xd3,0xc5,0x7d,0x2d,0x1a,0x0b,0x96,0xd6,0xe5,0x98,0x05,0x8c, - 0x4d,0xa0,0x1f,0x8c,0xb6,0xfb,0xb1,0xcf,0xe9,0xcb,0x38,0x27,0x60,0x64,0x17,0xca, - 0xf4,0x8b,0x61,0xb7,0x1d,0xb6,0x20,0x9d,0x40,0x2a,0x1c,0xfd,0x55,0x40,0x4b,0x95, - 0x39,0x52,0x18,0x3b,0xab,0x44,0xe8,0x83,0x4b,0x7c,0x47,0xfb,0xed,0x06,0x9c,0xcd, - 0x4f,0xba,0x81,0xd6,0xb7,0x31,0xcf,0x5c,0x23,0xf8,0x25,0xab,0x95,0x77,0x0a,0x8f, - 0x46,0xef,0xfb,0x59,0xb8,0x04,0xd7,0x1e,0xf5,0xaf,0x6a,0x1a,0x26,0x9b,0xae,0xf4, - 0xf5,0x7f,0x84,0x6f,0x3c,0xed,0xf8,0x24,0x0b,0x43,0xd1,0xba,0x74,0x89,0x4e,0x39, - 0xfe,0xab,0xa5,0x16,0xa5,0x28,0xee,0x96,0x84,0x3e,0x16,0x6d,0x5f,0x4e,0x0b,0x7d, - 0x94,0x16,0x1b,0x8c,0xf9,0xaa,0x9b,0xc0,0x49,0x02,0x4c,0x3e,0x62,0xff,0xfe,0xa2, - 0x20,0x33,0x5e,0xa6,0xdd,0xda,0x15,0x2d,0xb7,0xcd,0xda,0xff,0xb1,0x0b,0x45,0x7b, - 0xd3,0xa0,0x42,0x29,0xab,0xa9,0x73,0xe9,0xa4,0xd9,0x8d,0xac,0xa1,0x88,0x2c,0x2d}}; - -#endif // SHA256 - -#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH - -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x0f,0x3c,0x42,0x4d,0x8c,0x91,0x96,0x05,0x3c,0xfd,0x59,0x3b,0x7f,0x29,0xbc,0x03, - 0x67,0xc1,0xff,0x74,0xe7,0x09,0xf4,0x13,0x45,0xbe,0x13,0x1d,0xc9,0x86,0x94,0xfe, - 0xed,0xa6,0xe8,0x3a,0xcb,0x89,0x4d,0xec,0x86,0x63,0x4c,0xdb,0xf1,0x95,0xee,0xc1, - 0x46,0xc5,0x3b,0xd8,0xf8,0xa2,0x41,0x6a,0x60,0x8b,0x9e,0x5e,0x7f,0x20,0x16,0xe3, - 0x69,0xb6,0x2d,0x92,0xfc,0x60,0xa2,0x74,0x88,0xd5,0xc7,0xa6,0xd1,0xff,0xe3,0x45, - 0x02,0x51,0x39,0xd9,0xf3,0x56,0x0b,0x91,0x80,0xe0,0x6c,0xa8,0xc3,0x78,0xef,0x34, - 0x22,0x8c,0xf5,0xfb,0x47,0x98,0x5d,0x57,0x8e,0x3a,0xb9,0xff,0x92,0x04,0xc7,0xc2, - 0x6e,0xfa,0x14,0xc1,0xb9,0x68,0x15,0x5c,0x12,0xe8,0xa8,0xbe,0xea,0xe8,0x8d,0x9b, - 0x48,0x28,0x35,0xdb,0x4b,0x52,0xc1,0x2d,0x85,0x47,0x83,0xd0,0xe9,0xae,0x90,0x6e, - 0x65,0xd4,0x34,0x7f,0x81,0xce,0x69,0xf0,0x96,0x62,0xf7,0xec,0x41,0xd5,0xc2,0xe3, - 0x4b,0xba,0x9c,0x8a,0x02,0xce,0xf0,0x5d,0x14,0xf7,0x09,0x42,0x8e,0x4a,0x27,0xfe, - 0x3e,0x66,0x42,0x99,0x03,0xe1,0x69,0xbd,0xdb,0x7f,0x9b,0x70,0xeb,0x4e,0x9c,0xac, - 0x45,0x67,0x91,0x9f,0x75,0x10,0xc6,0xfc,0x14,0xe1,0x28,0xc1,0x0e,0xe0,0x7e,0xc0, - 0x5c,0x1d,0xee,0xe8,0xff,0x45,0x79,0x51,0x86,0x08,0xe6,0x39,0xac,0xb5,0xfd,0xb8, - 0xf1,0xdd,0x2e,0xf4,0xb2,0x1a,0x69,0x0d,0xd9,0x98,0x8e,0xdb,0x85,0x61,0x70,0x20, - 0x82,0x91,0x26,0x87,0x80,0xc4,0x6a,0xd8,0x3b,0x91,0x4d,0xd3,0x33,0x84,0xad,0xb7}}; - -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x44,0xd5,0x9f,0xbc,0x48,0x03,0x3d,0x9f,0x22,0x91,0x2a,0xab,0x3c,0x31,0x71,0xab, - 0x86,0x3f,0x0f,0x6f,0x59,0x5b,0x93,0x27,0xbc,0xbc,0xcd,0x29,0x38,0x43,0x2a,0x3b, - 0x3b,0xd2,0xb3,0x45,0x40,0xba,0x15,0xb4,0x45,0xe3,0x56,0xab,0xff,0xb3,0x20,0x26, - 0x39,0xcc,0x48,0xc5,0x5d,0x41,0x0d,0x2f,0x57,0x7f,0x9d,0x16,0x2e,0x26,0x57,0xc7, - 0x6b,0xf3,0x36,0x54,0xbd,0xb6,0x1d,0x46,0x4e,0x13,0x50,0xd7,0x61,0x9d,0x8d,0x7b, - 0xeb,0x21,0x9f,0x79,0xf3,0xfd,0xe0,0x1b,0xa8,0xed,0x6d,0x29,0x33,0x0d,0x65,0x94, - 0x24,0x1e,0x62,0x88,0x6b,0x2b,0x4e,0x39,0xf5,0x80,0x39,0xca,0x76,0x95,0xbc,0x7c, - 0x27,0x1d,0xdd,0x3a,0x11,0xf1,0x3e,0x54,0x03,0xb7,0x43,0x91,0x99,0x33,0xfe,0x9d, - 0x14,0x2c,0x87,0x9a,0x95,0x18,0x1f,0x02,0x04,0x6a,0xe2,0xb7,0x81,0x14,0x13,0x45, - 0x16,0xfb,0xe4,0xb7,0x8f,0xab,0x2b,0xd7,0x60,0x34,0x8a,0x55,0xbc,0x01,0x8c,0x49, - 0x02,0x29,0xf1,0x9c,0x94,0x98,0x44,0xd0,0x94,0xcb,0xd4,0x85,0x4c,0x3b,0x77,0x72, - 0x99,0xd5,0x4b,0xc6,0x3b,0xe4,0xd2,0xc8,0xe9,0x6a,0x23,0x18,0x3b,0x3b,0x5e,0x32, - 0xec,0x70,0x84,0x5d,0xbb,0x6a,0x8f,0x0c,0x5f,0x55,0xa5,0x30,0x34,0x48,0xbb,0xc2, - 0xdf,0x12,0xb9,0x81,0xad,0x36,0x3f,0xf0,0x24,0x16,0x48,0x04,0x4a,0x7f,0xfd,0x9f, - 0x4c,0xea,0xfe,0x1d,0x83,0xd0,0x81,0xad,0x25,0x6c,0x5f,0x45,0x36,0x91,0xf0,0xd5, - 0x8b,0x53,0x0a,0xdf,0xec,0x9f,0x04,0x58,0xc4,0x35,0xa0,0x78,0x1f,0x68,0xe0,0x22}}; - -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x3f,0x3a,0x82,0x6d,0x42,0xe3,0x8b,0x4f,0x45,0x9c,0xda,0x6c,0xbe,0xbe,0xcd,0x00, - 0x98,0xfb,0xbe,0x59,0x30,0xc6,0x3c,0xaa,0xb3,0x06,0x27,0xb5,0xda,0xfa,0xb2,0xc3, - 0x43,0xb7,0xbd,0xe9,0xd3,0x23,0xed,0x80,0xce,0x74,0xb3,0xb8,0x77,0x8d,0xe6,0x8d, - 0x3c,0xe5,0xf5,0xd7,0x80,0xcf,0x38,0x55,0x76,0xd7,0x87,0xa8,0xd6,0x3a,0xcf,0xfd, - 0xd8,0x91,0x65,0xab,0x43,0x66,0x50,0xb7,0x9a,0x13,0x6b,0x45,0x80,0x76,0x86,0x22, - 0x27,0x72,0xf7,0xbb,0x65,0x22,0x5c,0x55,0x60,0xd8,0x84,0x9f,0xf2,0x61,0x52,0xac, - 0xf2,0x4f,0x5b,0x7b,0x21,0xe1,0xf5,0x4b,0x8f,0x01,0xf2,0x4b,0xcf,0xd3,0xfb,0x74, - 0x5e,0x6e,0x96,0xb4,0xa8,0x0f,0x01,0x9b,0x26,0x54,0x0a,0x70,0x55,0x26,0xb7,0x0b, - 0xe8,0x01,0x68,0x66,0x0d,0x6f,0xb5,0xfc,0x66,0xbd,0x9e,0x44,0xed,0x6a,0x1e,0x3c, - 0x3b,0x61,0x5d,0xe8,0xdb,0x99,0x5b,0x67,0xbf,0x94,0xfb,0xe6,0x8c,0x4b,0x07,0xcb, - 0x43,0x3a,0x0d,0xb1,0x1b,0x10,0x66,0x81,0xe2,0x0d,0xe7,0xd1,0xca,0x85,0xa7,0x50, - 0x82,0x2d,0xbf,0xed,0xcf,0x43,0x6d,0xdb,0x2c,0x7b,0x73,0x20,0xfe,0x73,0x3f,0x19, - 0xc6,0xdb,0x69,0xb8,0xc3,0xd3,0xf4,0xe5,0x64,0xf8,0x36,0x8e,0xd5,0xd8,0x09,0x2a, - 0x5f,0x26,0x70,0xa1,0xd9,0x5b,0x14,0xf8,0x22,0xe9,0x9d,0x22,0x51,0xf4,0x52,0xc1, - 0x6f,0x53,0xf5,0xca,0x0d,0xda,0x39,0x8c,0x29,0x42,0xe8,0x58,0x89,0xbb,0xd1,0x2e, - 0xc5,0xdb,0x86,0x8d,0xaf,0xec,0x58,0x36,0x8d,0x8d,0x57,0x23,0xd5,0xdd,0xb9,0x24}}; - -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x39,0x10,0x58,0x7d,0x6d,0xa8,0xd5,0x90,0x07,0xd6,0x2b,0x13,0xe9,0xd8,0x93,0x7e, - 0xf3,0x5d,0x71,0xe0,0xf0,0x33,0x3a,0x4a,0x22,0xf3,0xe6,0x95,0xd3,0x8e,0x8c,0x41, - 0xe7,0xb3,0x13,0xde,0x4a,0x45,0xd3,0xd1,0xfb,0xb1,0x3f,0x9b,0x39,0xa5,0x50,0x58, - 0xef,0xb6,0x3a,0x43,0xdd,0x54,0xab,0xda,0x9d,0x32,0x49,0xe4,0x57,0x96,0xe5,0x1b, - 0x1d,0x8f,0x33,0x8e,0x07,0x67,0x56,0x14,0xc1,0x18,0x78,0xa2,0x52,0xe6,0x2e,0x07, - 0x81,0xbe,0xd8,0xca,0x76,0x63,0x68,0xc5,0x47,0xa2,0x92,0x5e,0x4c,0xfd,0x14,0xc7, - 0x46,0x14,0xbe,0xc7,0x85,0xef,0xe6,0xb8,0x46,0xcb,0x3a,0x67,0x66,0x89,0xc6,0xee, - 0x9d,0x64,0xf5,0x0d,0x09,0x80,0x9a,0x6f,0x0e,0xeb,0xe4,0xb9,0xe9,0xab,0x90,0x4f, - 0xe7,0x5a,0xc8,0xca,0xf6,0x16,0x0a,0x82,0xbd,0xb7,0x76,0x59,0x08,0x2d,0xd9,0x40, - 0x5d,0xaa,0xa5,0xef,0xfb,0xe3,0x81,0x2c,0x2c,0x5c,0xa8,0x16,0xbd,0x63,0x20,0xc2, - 0x4d,0x3b,0x51,0xaa,0x62,0x1f,0x06,0xe5,0xbb,0x78,0x44,0x04,0x0c,0x5c,0xe1,0x1b, - 0x6b,0x9d,0x21,0x10,0xaf,0x48,0x48,0x98,0x97,0x77,0xc2,0x73,0xb4,0x98,0x64,0xcc, - 0x94,0x2c,0x29,0x28,0x45,0x36,0xd1,0xc5,0xd0,0x2f,0x97,0x27,0x92,0x65,0x22,0xbb, - 0x63,0x79,0xea,0xf5,0xff,0x77,0x0f,0x4b,0x56,0x8a,0x9f,0xad,0x1a,0x97,0x67,0x39, - 0x69,0xb8,0x4c,0x6c,0xc2,0x56,0xc5,0x7a,0xa8,0x14,0x5a,0x24,0x7a,0xa4,0x6e,0x55, - 0xb2,0x86,0x1d,0xf4,0x62,0x5a,0x2d,0x87,0x6d,0xde,0x99,0x78,0x2d,0xef,0xd7,0xdc}}; - -#endif // SHA384 - -#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH - -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x48,0x45,0xa7,0x70,0xb2,0x41,0xb7,0x48,0x5e,0x79,0x8c,0xdf,0x1c,0xc6,0x7e,0xbb, - 0x11,0x80,0x82,0x52,0xbf,0x40,0x3d,0x90,0x03,0x6e,0x20,0x3a,0xb9,0x65,0xc8,0x51, - 0x4c,0xbd,0x9c,0xa9,0x43,0x89,0xd0,0x57,0x0c,0xa3,0x69,0x22,0x7e,0x82,0x2a,0x1c, - 0x1d,0x5a,0x80,0x84,0x81,0xbb,0x5e,0x5e,0xd0,0xc1,0x66,0x9a,0xac,0x00,0xba,0x14, - 0xa2,0xe9,0xd0,0x3a,0x89,0x5a,0x63,0xe2,0xec,0x92,0x05,0xf4,0x47,0x66,0x12,0x7f, - 0xdb,0xa7,0x3c,0x5b,0x67,0xe1,0x55,0xca,0x0a,0x27,0xbf,0x39,0x89,0x11,0x05,0xba, - 0x9b,0x5a,0x9b,0x65,0x44,0xad,0x78,0xcf,0x8f,0x94,0xf6,0x9a,0xb4,0x52,0x39,0x0e, - 0x00,0xba,0xbc,0xe0,0xbd,0x6f,0x81,0x2d,0x76,0x42,0x66,0x70,0x07,0x77,0xbf,0x09, - 0x88,0x2a,0x0c,0xb1,0x56,0x3e,0xee,0xfd,0xdc,0xb6,0x3c,0x0d,0xc5,0xa4,0x0d,0x10, - 0x32,0x80,0x3e,0x1e,0xfe,0x36,0x8f,0xb5,0x42,0xc1,0x21,0x7b,0xdf,0xdf,0x4a,0xd2, - 0x68,0x0c,0x01,0x9f,0x4a,0xfd,0xd4,0xec,0xf7,0x49,0x06,0xab,0xed,0xc6,0xd5,0x1b, - 0x63,0x76,0x38,0xc8,0x6c,0xc7,0x4f,0xcb,0x29,0x8a,0x0e,0x6f,0x33,0xaf,0x69,0x31, - 0x8e,0xa7,0xdd,0x9a,0x36,0xde,0x9b,0xf1,0x0b,0xfb,0x20,0xa0,0x6d,0x33,0x31,0xc9, - 0x9e,0xb4,0x2e,0xc5,0x40,0x0e,0x60,0x71,0x36,0x75,0x05,0xf9,0x37,0xe0,0xca,0x8e, - 0x8f,0x56,0xe0,0xea,0x9b,0xeb,0x17,0xf3,0xca,0x40,0xc3,0x48,0x01,0xba,0xdc,0xc6, - 0x4b,0x2b,0x5b,0x7b,0x5c,0x81,0xa6,0xbb,0xc7,0x43,0xc0,0xbe,0xc0,0x30,0x7b,0x55}}; - -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x74,0x83,0xfa,0x52,0x65,0x50,0x68,0xd0,0x82,0x05,0x72,0x70,0x78,0x1c,0xac,0x10, - 0x23,0xc5,0x07,0xf8,0x93,0xd2,0xeb,0x65,0x87,0xbb,0x47,0xc2,0xfb,0x30,0x9e,0x61, - 0x4c,0xac,0x04,0x57,0x5a,0x7c,0xeb,0x29,0x08,0x84,0x86,0x89,0x1e,0x8f,0x07,0x32, - 0xa3,0x8b,0x70,0xe7,0xa2,0x9f,0x9c,0x42,0x71,0x3d,0x23,0x59,0x82,0x5e,0x8a,0xde, - 0xd6,0xfb,0xd8,0xc5,0x8b,0xc0,0xdb,0x10,0x38,0x87,0xd3,0xbf,0x04,0xb0,0x66,0xb9, - 0x85,0x81,0x54,0x4c,0x69,0xdc,0xba,0x78,0xf3,0x4a,0xdb,0x25,0xa2,0xf2,0x34,0x55, - 0xdd,0xaa,0xa5,0xc4,0xed,0x55,0x06,0x0e,0x2a,0x30,0x77,0xab,0x82,0x79,0xf0,0xcd, - 0x9d,0x6f,0x09,0xa0,0xc8,0x82,0xc9,0xe0,0x61,0xda,0x40,0xcd,0x17,0x59,0xc0,0xef, - 0x95,0x6d,0xa3,0x6d,0x1c,0x2b,0xee,0x24,0xef,0xd8,0x4a,0x55,0x6c,0xd6,0x26,0x42, - 0x32,0x17,0xfd,0x6a,0xb3,0x4f,0xde,0x07,0x2f,0x10,0xd4,0xac,0x14,0xea,0x89,0x68, - 0xcc,0xd3,0x07,0xb7,0xcf,0xba,0x39,0x20,0x63,0x20,0x7b,0x44,0x8b,0x48,0x60,0x5d, - 0x3a,0x2a,0x0a,0xe9,0x68,0xab,0x15,0x46,0x27,0x64,0xb5,0x82,0x06,0x29,0xe7,0x25, - 0xca,0x46,0x48,0x6e,0x2a,0x34,0x57,0x4b,0x81,0x75,0xae,0xb6,0xfd,0x6f,0x51,0x5f, - 0x04,0x59,0xc7,0x15,0x1f,0xe0,0x68,0xf7,0x36,0x2d,0xdf,0xc8,0x9d,0x05,0x27,0x2d, - 0x3f,0x2b,0x59,0x5d,0xcb,0xf3,0xc4,0x92,0x6e,0x00,0xa8,0x8d,0xd0,0x69,0xe5,0x59, - 0xda,0xba,0x4f,0x38,0xf5,0xa0,0x8b,0xf1,0x73,0xe9,0x0d,0xee,0x64,0xe5,0xa2,0xd8}}; - -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x1b,0xca,0x8b,0x18,0x15,0x3b,0x95,0x5b,0x0a,0x89,0x10,0x03,0x7f,0x7c,0xa0,0xc9, - 0x66,0x57,0x86,0x6a,0xc9,0xeb,0x82,0x71,0xf3,0x8d,0x6f,0xa9,0xa4,0x2d,0xd0,0x22, - 0xdf,0xe9,0xc6,0x71,0x5b,0xf4,0x27,0x38,0x5b,0x2c,0x8a,0x54,0xcc,0x85,0x11,0x69, - 0x6d,0x6f,0x42,0xe7,0x22,0xcb,0xd6,0xad,0x1a,0xc5,0xab,0x6a,0xa5,0xfc,0xa5,0x70, - 0x72,0x4a,0x62,0x25,0xd0,0xa2,0x16,0x61,0xab,0xac,0x31,0xa0,0x46,0x24,0x4f,0xdd, - 0x9a,0x36,0x55,0xb6,0x00,0x9e,0x23,0x50,0x0d,0x53,0x01,0xb3,0x46,0x56,0xb2,0x1d, - 0x33,0x5b,0xca,0x41,0x7f,0x65,0x7e,0x00,0x5c,0x12,0xff,0x0a,0x70,0x5d,0x8c,0x69, - 0x4a,0x02,0xee,0x72,0x30,0xa7,0x5c,0xa4,0xbb,0xbe,0x03,0x0c,0xe4,0x5f,0x33,0xb6, - 0x78,0x91,0x9d,0xd8,0xec,0x34,0x03,0x2e,0x63,0x32,0xc7,0x2a,0x36,0x50,0xd5,0x8b, - 0x0e,0x7f,0x54,0x4e,0xf4,0x29,0x11,0x1b,0xcd,0x0f,0x37,0xa5,0xbc,0x61,0x83,0x50, - 0xfa,0x18,0x75,0xd9,0xfe,0xa7,0xe8,0x9b,0xc1,0x4f,0x96,0x37,0x81,0x71,0xdf,0x71, - 0x8b,0x89,0x81,0xf4,0x95,0xb5,0x29,0x66,0x41,0x0c,0x73,0xd7,0x0b,0x21,0xb4,0xfb, - 0xf9,0x63,0x2f,0xe9,0x7b,0x38,0xaa,0x20,0xc3,0x96,0xcc,0xb7,0xb2,0x24,0xa1,0xe0, - 0x59,0x9c,0x10,0x9e,0x5a,0xf7,0xe3,0x02,0xe6,0x23,0xe2,0x44,0x21,0x3f,0x6e,0x5e, - 0x79,0xb2,0x93,0x7d,0xce,0xed,0xe2,0xe1,0xab,0x98,0x07,0xa7,0xbd,0xbc,0xd8,0xf7, - 0x06,0xeb,0xc5,0xa6,0x37,0x18,0x11,0x88,0xf7,0x63,0x39,0xb9,0x57,0x29,0xdc,0x03}}; - -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x05,0x55,0x00,0x62,0x01,0xc6,0x04,0x31,0x55,0x73,0x3f,0x2a,0xf9,0xd4,0x0f,0xc1, - 0x2b,0xeb,0xd8,0xc8,0xdb,0xb2,0xab,0x6c,0x26,0xde,0x2d,0x89,0xc2,0x2d,0x36,0x62, - 0xc8,0x22,0x5d,0x58,0x03,0xb1,0x46,0x14,0xa5,0xd4,0xbc,0x25,0x6b,0x7f,0x8f,0x14, - 0x7e,0x03,0x2f,0x3d,0xb8,0x39,0xa5,0x79,0x13,0x7e,0x22,0x2a,0xb9,0x3e,0x8f,0xaa, - 0x01,0x7c,0x03,0x12,0x21,0x6c,0x2a,0xb4,0x39,0x98,0x6d,0xff,0x08,0x6c,0x59,0x2d, - 0xdc,0xc6,0xf1,0x77,0x62,0x10,0xa6,0xcc,0xe2,0x71,0x8e,0x97,0x00,0x87,0x5b,0x0e, - 0x20,0x00,0x3f,0x18,0x63,0x83,0xf0,0xe4,0x0a,0x64,0x8c,0xe9,0x8c,0x91,0xe7,0x89, - 0x04,0x64,0x2c,0x8b,0x41,0xc8,0xac,0xf6,0x5a,0x75,0xe6,0xa5,0x76,0x43,0xcb,0xa5, - 0x33,0x8b,0x07,0xc9,0x73,0x0f,0x45,0xa4,0xc3,0xac,0xc1,0xc3,0xe6,0xe7,0x21,0x66, - 0x1c,0xba,0xbf,0xea,0x3e,0x39,0xfa,0xb2,0xe2,0x8f,0xfe,0x9c,0xb4,0x85,0x89,0x33, - 0x2a,0x0c,0xc8,0x5d,0x58,0xe1,0x89,0x12,0xe9,0x4d,0x42,0xb3,0x1f,0x99,0x0c,0x3e, - 0xd8,0xb2,0xeb,0xf5,0x88,0xfb,0xe1,0x4b,0x8e,0xdc,0xd3,0xa8,0xda,0xbe,0x04,0x45, - 0xbf,0x56,0xc6,0x54,0x70,0x00,0xb8,0x66,0x46,0x3a,0xa3,0x1e,0xb6,0xeb,0x1a,0xa0, - 0x0b,0xd3,0x9a,0x9a,0x52,0xda,0x60,0x69,0xb7,0xef,0x93,0x47,0x38,0xab,0x1a,0xa0, - 0x22,0x6e,0x76,0x06,0xb6,0x74,0xaf,0x74,0x8f,0x51,0xc0,0x89,0x5a,0x4b,0xbe,0x6a, - 0x91,0x18,0x25,0x7d,0xa6,0x77,0xe6,0xfd,0xc2,0x62,0x36,0x07,0xc6,0xef,0x79,0xc9}}; - -#endif // SHA512 - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h deleted file mode 100644 index 4b9fc478f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h +++ /dev/null @@ -1,105 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the structure definitions for the self-test. It also contains -// macros for use when the self-test is implemented. -#ifndef _SELF_TEST_H_ -#define _SELF_TEST_H_ - -//** Defines - -// Was typing this a lot -#define SELF_TEST_FAILURE FAIL(FATAL_ERROR_SELF_TEST) - -// Use the definition of key sizes to set algorithm values for key size. -#define AES_ENTRIES (AES_128 + AES_192 + AES_256) -#define SM4_ENTRIES (SM4_128) -#define CAMELLIA_ENTRIES (CAMELLIA_128 + CAMELLIA_192 + CAMELLIA_256) -#define TDES_ENTRIES (TDES_128 + TDES_192) - -#define NUM_SYMS (AES_ENTRIES + SM4_ENTRIES + CAMELLIA_ENTRIES + TDES_ENTRIES) - -typedef UINT32 SYM_INDEX; - -// These two defines deal with the fact that the TPM_ALG_ID table does not delimit -// the symmetric mode values with a TPM_SYM_MODE_FIRST and TPM_SYM_MODE_LAST -#define TPM_SYM_MODE_FIRST ALG_CTR_VALUE -#define TPM_SYM_MODE_LAST ALG_ECB_VALUE - -#define NUM_SYM_MODES (TPM_SYM_MODE_LAST - TPM_SYM_MODE_FIRST + 1) - -// Define a type to hold a bit vector for the modes. -#if NUM_SYM_MODES <= 0 -#error "No symmetric modes implemented" -#elif NUM_SYM_MODES <= 8 -typedef BYTE SYM_MODES; -#elif NUM_SYM_MODES <= 16 -typedef UINT16 SYM_MODES; -#elif NUM_SYM_MODES <= 32 -typedef UINT32 SYM_MODES; -#else -#error "Too many symmetric modes" -#endif - -typedef struct SYMMETRIC_TEST_VECTOR { - const TPM_ALG_ID alg; // the algorithm - const UINT16 keyBits; // bits in the key - const BYTE *key; // The test key - const UINT32 ivSize; // block size of the algorithm - const UINT32 dataInOutSize; // size to encrypt/decrypt - const BYTE *dataIn; // data to encrypt - const BYTE *dataOut[NUM_SYM_MODES];// data to decrypt -} SYMMETRIC_TEST_VECTOR; - -#if ALG_SHA512 -# define DEFAULT_TEST_HASH ALG_SHA512_VALUE -# define DEFAULT_TEST_DIGEST_SIZE SHA512_DIGEST_SIZE -# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA512_BLOCK_SIZE -#elif ALG_SHA384 -# define DEFAULT_TEST_HASH ALG_SHA384_VALUE -# define DEFAULT_TEST_DIGEST_SIZE SHA384_DIGEST_SIZE -# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA384_BLOCK_SIZE -#elif ALG_SHA256 -# define DEFAULT_TEST_HASH ALG_SHA256_VALUE -# define DEFAULT_TEST_DIGEST_SIZE SHA256_DIGEST_SIZE -# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA256_BLOCK_SIZE -#elif ALG_SHA1 -# define DEFAULT_TEST_HASH ALG_SHA1_VALUE -# define DEFAULT_TEST_DIGEST_SIZE SHA1_DIGEST_SIZE -# define DEFAULT_TEST_HASH_BLOCK_SIZE SHA1_BLOCK_SIZE -#endif - - -#endif // _SELF_TEST_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h deleted file mode 100644 index 3cdd2c816..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h +++ /dev/null @@ -1,137 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the function prototypes for the functions that need to be -// present in the selected math library. For each function listed, there should -// be a small stub function. That stub provides the interface between the TPM -// code and the support library. In most cases, the stub function will only need -// to do a format conversion between the TPM big number and the support library -// big number. The TPM big number format was chosen to make this relatively -// simple and fast. -// -// Arithmetic operations return a BOOL to indicate if the operation completed -// successfully or not. - -#ifndef SUPPORT_LIBRARY_FUNCTION_PROTOTYPES_H -#define SUPPORT_LIBRARY_FUNCTION_PROTOTYPES_H - -//** SupportLibInit() -// This function is called by CryptInit() so that necessary initializations can be -// performed on the cryptographic library. -LIB_EXPORT -int SupportLibInit(void); - -//** MathLibraryCompatibililtyCheck() -// This function is only used during development to make sure that the library -// that is being referenced is using the same size of data structures as the TPM. -void -MathLibraryCompatibilityCheck( - void - ); - -//** BnModMult() -// Does 'op1' * 'op2' and divide by 'modulus' returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst modulus); - -//** BnMult() -// Multiplies two numbers and returns the result -LIB_EXPORT BOOL -BnMult(bigNum result, bigConst multiplicand, bigConst multiplier); - -//** BnDiv() -// This function divides two bigNum values. The function returns FALSE if there is -// an error in the operation. -LIB_EXPORT BOOL -BnDiv(bigNum quotient, bigNum remainder, - bigConst dividend, bigConst divisor); -//** BnMod() -#define BnMod(a, b) BnDiv(NULL, (a), (a), (b)) - -//** BnGcd() -// Get the greatest common divisor of two numbers. This function is only needed -// when the TPM implements RSA. -LIB_EXPORT BOOL -BnGcd(bigNum gcd, bigConst number1, bigConst number2); - -//** BnModExp() -// Do modular exponentiation using bigNum values. This function is only needed -// when the TPM implements RSA. -LIB_EXPORT BOOL -BnModExp(bigNum result, bigConst number, - bigConst exponent, bigConst modulus); -//** BnModInverse() -// Modular multiplicative inverse. This function is only needed -// when the TPM implements RSA. -LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, - bigConst modulus); - -//** BnEccModMult() -// This function does a point multiply of the form R = [d]S. A return of FALSE -// indicates that the result was the point at infinity. This function is only needed -// if the TPM supports ECC. -LIB_EXPORT BOOL -BnEccModMult(bigPoint R, pointConst S, bigConst d, bigCurve E); - -//** BnEccModMult2() -// This function does a point multiply of the form R = [d]S + [u]Q. A return of -// FALSE indicates that the result was the point at infinity. This function is only -// needed if the TPM supports ECC. -LIB_EXPORT BOOL -BnEccModMult2(bigPoint R, pointConst S, bigConst d, - pointConst Q, bigConst u, bigCurve E); - -//** BnEccAdd() -// This function does a point add R = S + Q. A return of FALSE -// indicates that the result was the point at infinity. This function is only needed -// if the TPM supports ECC. -LIB_EXPORT BOOL -BnEccAdd(bigPoint R, pointConst S, pointConst Q, bigCurve E); - -//** BnCurveInitialize() -// This function is used to initialize the pointers of a bnCurve_t structure. The -// structure is a set of pointers to bigNum values. The curve-dependent values are -// set by a different function. This function is only needed -// if the TPM supports ECC. -LIB_EXPORT bigCurve -BnCurveInitialize(bigCurve E, TPM_ECC_CURVE curveId); - -//*** BnCurveFree() -// This function will free the allocated components of the curve and end the -// frame in which the curve data exists -LIB_EXPORT void -BnCurveFree(bigCurve E); - -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h deleted file mode 100644 index bf052152b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction - -// This file contains the structures and data definitions for the symmetric tests. -// This file references the header file that contains the actual test vectors. This -// organization was chosen so that the program that is used to generate the test -// vector values does not have to also re-generate this data. -#ifndef SELF_TEST_DATA -#error "This file may only be included in AlgorithmTests.c" -#endif - -#ifndef _SYMMETRIC_TEST_H -#define _SYMMETRIC_TEST_H -#include "SymmetricTestData.h" - - -//** Symmetric Test Structures - -const SYMMETRIC_TEST_VECTOR c_symTestValues[NUM_SYMS + 1] = { -#if ALG_AES && AES_128 - {ALG_AES_VALUE, 128, key_AES128, 16, sizeof(dataIn_AES128), dataIn_AES128, - {dataOut_AES128_CTR, dataOut_AES128_OFB, dataOut_AES128_CBC, - dataOut_AES128_CFB, dataOut_AES128_ECB}}, -#endif -#if ALG_AES && AES_192 - {ALG_AES_VALUE, 192, key_AES192, 16, sizeof(dataIn_AES192), dataIn_AES192, - {dataOut_AES192_CTR, dataOut_AES192_OFB, dataOut_AES192_CBC, - dataOut_AES192_CFB, dataOut_AES192_ECB}}, -#endif -#if ALG_AES && AES_256 - {ALG_AES_VALUE, 256, key_AES256, 16, sizeof(dataIn_AES256), dataIn_AES256, - {dataOut_AES256_CTR, dataOut_AES256_OFB, dataOut_AES256_CBC, - dataOut_AES256_CFB, dataOut_AES256_ECB}}, -#endif -#if ALG_SM4 && SM4_128 - {ALG_SM4_VALUE, 128, key_SM4128, 16, sizeof(dataIn_SM4128), dataIn_SM4128, - {dataOut_SM4128_CTR, dataOut_SM4128_OFB, dataOut_SM4128_CBC, - dataOut_SM4128_CFB, dataOut_AES128_ECB}}, -#endif - {0} -}; - -#endif // _SYMMETRIC_TEST_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h deleted file mode 100644 index e171c07ac..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h +++ /dev/null @@ -1,178 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This is a vector for testing either encrypt or decrypt. The premise for decrypt -// is that the IV for decryption is the same as the IV for encryption. However, -// the ivOut value may be different for encryption and decryption. We will encrypt -// at least two blocks. This means that the chaining value will be used for each -// of the schemes (if any) and that implicitly checks that the chaining value -// is handled properly. - - -#if AES_128 - -const BYTE key_AES128 [] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; - -const BYTE dataIn_AES128 [] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; - - -const BYTE dataOut_AES128_ECB [] = { - 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, - 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97, - 0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d, - 0xe7, 0x85, 0x89, 0x5a, 0x96, 0xfd, 0xba, 0xaf}; - -const BYTE dataOut_AES128_CBC [] = { - 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, - 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, - 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, - 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2}; - -const BYTE dataOut_AES128_CFB [] = { - 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, - 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, - 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f, - 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b}; - -const BYTE dataOut_AES128_OFB [] = { - 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, - 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, - 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, - 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25}; - - -const BYTE dataOut_AES128_CTR [] = { - 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, - 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, - 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, - 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff}; -#endif - -#if AES_192 - -const BYTE key_AES192 [] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b}; - -const BYTE dataIn_AES192 [] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; - -const BYTE dataOut_AES192_ECB [] = { - 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f, - 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc, - 0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad, - 0x77, 0x34, 0xec, 0xb3, 0xec, 0xee, 0x4e, 0xef}; - -const BYTE dataOut_AES192_CBC [] = { - 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d, - 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8, - 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4, - 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a}; - -const BYTE dataOut_AES192_CFB [] = { - 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, - 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, - 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21, - 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a}; - -const BYTE dataOut_AES192_OFB [] = { - 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, - 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, - 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, - 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01}; - -const BYTE dataOut_AES192_CTR [] = { - 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, - 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, - 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, - 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94}; -#endif - -#if AES_256 - -const BYTE key_AES256 [] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4}; - -const BYTE dataIn_AES256 [] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; - -const BYTE dataOut_AES256_ECB [] = { - 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c, - 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8, - 0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26, - 0xdc, 0x5b, 0xa7, 0x4a, 0x31, 0x36, 0x28, 0x70}; - -const BYTE dataOut_AES256_CBC [] = { - 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, - 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, - 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, - 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d}; - -const BYTE dataOut_AES256_CFB [] = { - 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, - 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, - 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8, - 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b}; - -const BYTE dataOut_AES256_OFB [] = { - 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, - 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, - 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, - 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d}; - -const BYTE dataOut_AES256_CTR [] = { - 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, - 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, - 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, - 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5}; -#endif - - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h deleted file mode 100644 index d815632ca..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// -// This file contains extra TPM2B structures -// - -#ifndef _TPMB_H -#define _TPMB_H - -// TPM2B Types -typedef struct { - UINT16 size; - BYTE buffer[1]; -} TPM2B, *P2B; -typedef const TPM2B *PC2B; - -// This macro helps avoid having to type in the structure in order to create -// a new TPM2B type that is used in a function. -#define TPM2B_TYPE(name, bytes) \ - typedef union { \ - struct { \ - UINT16 size; \ - BYTE buffer[(bytes)]; \ - } t; \ - TPM2B b; \ - } TPM2B_##name - -// This macro defines a TPM2B with a constant character value. This macro -// sets the size of the string to the size minus the terminating zero byte. -// This lets the user of the label add their terminating 0. This method -// is chosen so that existing code that provides a label will continue -// to work correctly. - -// Macro to instance and initialize a TPM2B value -#define TPM2B_INIT(TYPE, name) \ - TPM2B_##TYPE name = {sizeof(name.t.buffer), {0}} - -#define TPM2B_BYTE_VALUE(bytes) TPM2B_TYPE(bytes##_BYTE_VALUE, bytes) - - -#endif diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h deleted file mode 100644 index e1b45c2cc..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h +++ /dev/null @@ -1,55 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// Root header file for building any TPM.lib code - -#ifndef _TPM_H_ -#define _TPM_H_ - -#include "TpmBuildSwitches.h" -#include "BaseTypes.h" -#include "TPMB.h" -#include "MinMax.h" - -#include "TpmProfile.h" -#include "TpmAlgorithmDefines.h" -#include "LibSupport.h" // Types from the library. These need to come before - // Global.h because some of the structures in - // that file depend on the structures used by the - // cryptographic libraries. -#include "GpMacros.h" // Define additional macros -#include "Global.h" // Define other TPM types -#include "InternalRoutines.h" // Function prototypes - -#endif // _TPM_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h deleted file mode 100644 index eafeed4a7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h +++ /dev/null @@ -1,127 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the macro and structure definitions for the X509 commands and -// functions. - -#ifndef _TPMASN1_H_ -#define _TPMASN1_H_ - -//** Includes - -#include "Tpm.h" -#include "OIDs.h" - -//** Defined Constants -//*** ASN.1 Universal Types (Class 00b) -#define ASN1_EOC 0x00 -#define ASN1_BOOLEAN 0x01 -#define ASN1_INTEGER 0x02 -#define ASN1_BITSTRING 0x03 -#define ASN1_OCTET_STRING 0x04 -#define ASN1_NULL 0x05 -#define ASN1_OBJECT_IDENTIFIER 0x06 -#define ASN1_OBJECT_DESCRIPTOR 0x07 -#define ASN1_EXTERNAL 0x08 -#define ASN1_REAL 0x09 -#define ASN1_ENUMERATED 0x0A -#define ASN1_EMBEDDED 0x0B -#define ASN1_UTF8String 0x0C -#define ASN1_RELATIVE_OID 0x0D -#define ASN1_SEQUENCE 0x10 // Primitive + Constructed + 0x10 -#define ASN1_SET 0x11 // Primitive + Constructed + 0x11 -#define ASN1_NumericString 0x12 -#define ASN1_PrintableString 0x13 -#define ASN1_T61String 0x14 -#define ASN1_VideoString 0x15 -#define ASN1_IA5String 0x16 -#define ASN1_UTCTime 0x17 -#define ASN1_GeneralizeTime 0x18 -#define ASN1_VisibleString 0x1A -#define ASN1_GeneralString 0x1B -#define ASN1_UniversalString 0x1C -#define ASN1_CHARACTER STRING 0x1D -#define ASN1_BMPString 0x1E -#define ASN1_CONSTRUCTED 0x20 - -#define ASN1_APPLICAIION_SPECIFIC 0xA0 - -#define ASN1_CONSTRUCTED_SEQUENCE (ASN1_SEQUENCE + ASN1_CONSTRUCTED) - -#define MAX_DEPTH 10 // maximum push depth for marshaling context. - -//** Macros - -//*** Unmarshaling Macros -#ifndef VERIFY -#define VERIFY(_X_) {if(!(_X_)) goto Error; } -#endif -// Checks the validity of the size making sure that there is no wrap around -#define CHECK_SIZE(context, length) \ - VERIFY( (((length) + (context)->offset) >= (context)->offset) \ - && (((length) + (context)->offset) <= (context)->size)) -#define NEXT_OCTET(context) ((context)->buffer[(context)->offset++]) -#define PEEK_NEXT(context) ((context)->buffer[(context)->offset]) - -//*** Marshaling Macros - -// Marshaling works in reverse order. The offset is set to the top of the buffer and, -// as the buffer is filled, 'offset' counts down to zero. When the full thing is -// encoded it can be moved to the top of the buffer. This happens when the last -// context is closed. - -#define CHECK_SPACE(context, length) VERIFY(context->offset > length) - -//** Structures - -typedef struct ASN1UnmarshalContext { - BYTE *buffer; // pointer to the buffer - INT16 size; // size of the buffer (a negative number indicates - // a parsing failure). - INT16 offset; // current offset into the buffer (a negative number - // indicates a parsing failure). Not used - BYTE tag; // The last unmarshaled tag -} ASN1UnmarshalContext; - -typedef struct ASN1MarshalContext { - BYTE *buffer; // pointer to the start of the buffer - INT16 offset; // place on the top where the last entry was added - // items are added from the bottom up. - INT16 end; // the end offset of the current value - INT16 depth; // how many pushed end values. - INT16 ends[MAX_DEPTH]; -} ASN1MarshalContext; - -#endif // _TPMASN1_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h deleted file mode 100644 index 5954a8447..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h +++ /dev/null @@ -1,423 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 7, 2019 Time: 06:58:55PM - */ - -#ifndef _TPM_ALGORITHM_DEFINES_H_ -#define _TPM_ALGORITHM_DEFINES_H_ - -// Table 2:3 - Definition of Base Types -// Base Types are in BaseTypes.h - -#define ECC_CURVES \ - {TPM_ECC_BN_P256, TPM_ECC_BN_P638, TPM_ECC_NIST_P192, \ - TPM_ECC_NIST_P224, TPM_ECC_NIST_P256, TPM_ECC_NIST_P384, \ - TPM_ECC_NIST_P521, TPM_ECC_SM2_P256} -#define ECC_CURVE_COUNT \ - (ECC_BN_P256 + ECC_BN_P638 + ECC_NIST_P192 + ECC_NIST_P224 + \ - ECC_NIST_P256 + ECC_NIST_P384 + ECC_NIST_P521 + ECC_SM2_P256) -#define MAX_ECC_KEY_BITS \ - MAX(ECC_BN_P256 * 256, MAX(ECC_BN_P638 * 638, \ - MAX(ECC_NIST_P192 * 192, MAX(ECC_NIST_P224 * 224, \ - MAX(ECC_NIST_P256 * 256, MAX(ECC_NIST_P384 * 384, \ - MAX(ECC_NIST_P521 * 521, MAX(ECC_SM2_P256 * 256, \ - 0)))))))) -#define MAX_ECC_KEY_BYTES BITS_TO_BYTES(MAX_ECC_KEY_BITS) - - -// Table 0:6 - Defines for PLATFORM Values -#define PLATFORM_FAMILY TPM_SPEC_FAMILY -#define PLATFORM_LEVEL TPM_SPEC_LEVEL -#define PLATFORM_VERSION TPM_SPEC_VERSION -#define PLATFORM_YEAR TPM_SPEC_YEAR -#define PLATFORM_DAY_OF_YEAR TPM_SPEC_DAY_OF_YEAR - -// Table 1:12 - Defines for SHA1 Hash Values -#define SHA1_DIGEST_SIZE 20 -#define SHA1_BLOCK_SIZE 64 - - -// Table 1:13 - Defines for SHA256 Hash Values -#define SHA256_DIGEST_SIZE 32 -#define SHA256_BLOCK_SIZE 64 - - -// Table 1:14 - Defines for SHA384 Hash Values -#define SHA384_DIGEST_SIZE 48 -#define SHA384_BLOCK_SIZE 128 - - -// Table 1:15 - Defines for SHA512 Hash Values -#define SHA512_DIGEST_SIZE 64 -#define SHA512_BLOCK_SIZE 128 - - -// Table 1:16 - Defines for SM3_256 Hash Values -#define SM3_256_DIGEST_SIZE 32 -#define SM3_256_BLOCK_SIZE 64 - - -// Table 1:16 - Defines for SHA3_256 Hash Values -#define SHA3_256_DIGEST_SIZE 32 -#define SHA3_256_BLOCK_SIZE 136 - - -// Table 1:16 - Defines for SHA3_384 Hash Values -#define SHA3_384_DIGEST_SIZE 48 -#define SHA3_384_BLOCK_SIZE 104 - - -// Table 1:16 - Defines for SHA3_512 Hash Values -#define SHA3_512_DIGEST_SIZE 64 -#define SHA3_512_BLOCK_SIZE 72 - - -// Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants -#define RSA_KEY_SIZES_BITS \ - (1024 * RSA_1024), (2048 * RSA_2048), (3072 * RSA_3072), \ - (4096 * RSA_4096) -#if RSA_4096 -# define RSA_MAX_KEY_SIZE_BITS 4096 -#elif RSA_3072 -# define RSA_MAX_KEY_SIZE_BITS 3072 -#elif RSA_2048 -# define RSA_MAX_KEY_SIZE_BITS 2048 -#elif RSA_1024 -# define RSA_MAX_KEY_SIZE_BITS 1024 -#else -# define RSA_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_RSA_KEY_BITS RSA_MAX_KEY_SIZE_BITS -#define MAX_RSA_KEY_BYTES ((RSA_MAX_KEY_SIZE_BITS + 7) / 8) - - -// Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants -#define AES_KEY_SIZES_BITS \ - (128 * AES_128), (192 * AES_192), (256 * AES_256) -#if AES_256 -# define AES_MAX_KEY_SIZE_BITS 256 -#elif AES_192 -# define AES_MAX_KEY_SIZE_BITS 192 -#elif AES_128 -# define AES_MAX_KEY_SIZE_BITS 128 -#else -# define AES_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_AES_KEY_BITS AES_MAX_KEY_SIZE_BITS -#define MAX_AES_KEY_BYTES ((AES_MAX_KEY_SIZE_BITS + 7) / 8) -#define AES_128_BLOCK_SIZE_BYTES (AES_128 * 16) -#define AES_192_BLOCK_SIZE_BYTES (AES_192 * 16) -#define AES_256_BLOCK_SIZE_BYTES (AES_256 * 16) -#define AES_BLOCK_SIZES \ - AES_128_BLOCK_SIZE_BYTES, AES_192_BLOCK_SIZE_BYTES, \ - AES_256_BLOCK_SIZE_BYTES -#if ALG_AES -# define AES_MAX_BLOCK_SIZE 16 -#else -# define AES_MAX_BLOCK_SIZE 0 -#endif -#define MAX_AES_BLOCK_SIZE_BYTES AES_MAX_BLOCK_SIZE - - -// Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants -#define SM4_KEY_SIZES_BITS (128 * SM4_128) -#if SM4_128 -# define SM4_MAX_KEY_SIZE_BITS 128 -#else -# define SM4_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_SM4_KEY_BITS SM4_MAX_KEY_SIZE_BITS -#define MAX_SM4_KEY_BYTES ((SM4_MAX_KEY_SIZE_BITS + 7) / 8) -#define SM4_128_BLOCK_SIZE_BYTES (SM4_128 * 16) -#define SM4_BLOCK_SIZES SM4_128_BLOCK_SIZE_BYTES -#if ALG_SM4 -# define SM4_MAX_BLOCK_SIZE 16 -#else -# define SM4_MAX_BLOCK_SIZE 0 -#endif -#define MAX_SM4_BLOCK_SIZE_BYTES SM4_MAX_BLOCK_SIZE - - -// Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants -#define CAMELLIA_KEY_SIZES_BITS \ - (128 * CAMELLIA_128), (192 * CAMELLIA_192), (256 * CAMELLIA_256) -#if CAMELLIA_256 -# define CAMELLIA_MAX_KEY_SIZE_BITS 256 -#elif CAMELLIA_192 -# define CAMELLIA_MAX_KEY_SIZE_BITS 192 -#elif CAMELLIA_128 -# define CAMELLIA_MAX_KEY_SIZE_BITS 128 -#else -# define CAMELLIA_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_CAMELLIA_KEY_BITS CAMELLIA_MAX_KEY_SIZE_BITS -#define MAX_CAMELLIA_KEY_BYTES ((CAMELLIA_MAX_KEY_SIZE_BITS + 7) / 8) -#define CAMELLIA_128_BLOCK_SIZE_BYTES (CAMELLIA_128 * 16) -#define CAMELLIA_192_BLOCK_SIZE_BYTES (CAMELLIA_192 * 16) -#define CAMELLIA_256_BLOCK_SIZE_BYTES (CAMELLIA_256 * 16) -#define CAMELLIA_BLOCK_SIZES \ - CAMELLIA_128_BLOCK_SIZE_BYTES, CAMELLIA_192_BLOCK_SIZE_BYTES, \ - CAMELLIA_256_BLOCK_SIZE_BYTES -#if ALG_CAMELLIA -# define CAMELLIA_MAX_BLOCK_SIZE 16 -#else -# define CAMELLIA_MAX_BLOCK_SIZE 0 -#endif -#define MAX_CAMELLIA_BLOCK_SIZE_BYTES CAMELLIA_MAX_BLOCK_SIZE - - -// Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants -#define TDES_KEY_SIZES_BITS (128 * TDES_128), (192 * TDES_192) -#if TDES_192 -# define TDES_MAX_KEY_SIZE_BITS 192 -#elif TDES_128 -# define TDES_MAX_KEY_SIZE_BITS 128 -#else -# define TDES_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_TDES_KEY_BITS TDES_MAX_KEY_SIZE_BITS -#define MAX_TDES_KEY_BYTES ((TDES_MAX_KEY_SIZE_BITS + 7) / 8) -#define TDES_128_BLOCK_SIZE_BYTES (TDES_128 * 8) -#define TDES_192_BLOCK_SIZE_BYTES (TDES_192 * 8) -#define TDES_BLOCK_SIZES \ - TDES_128_BLOCK_SIZE_BYTES, TDES_192_BLOCK_SIZE_BYTES -#if ALG_TDES -# define TDES_MAX_BLOCK_SIZE 8 -#else -# define TDES_MAX_BLOCK_SIZE 0 -#endif -#define MAX_TDES_BLOCK_SIZE_BYTES TDES_MAX_BLOCK_SIZE - - -// Additional values for benefit of code -#define TPM_CC_FIRST 0x0000011F -#define TPM_CC_LAST 0x00000197 - - -#if COMPRESSED_LISTS -#define ADD_FILL 0 -#else -#define ADD_FILL 1 -#endif - -// Size the array of library commands based on whether or not -// the array is packed (only defined commands) or dense -// (having entries for unimplemented commands) -#define LIBRARY_COMMAND_ARRAY_SIZE (0 \ - + (ADD_FILL || CC_NV_UndefineSpaceSpecial) /* 0x0000011F */ \ - + (ADD_FILL || CC_EvictControl) /* 0x00000120 */ \ - + (ADD_FILL || CC_HierarchyControl) /* 0x00000121 */ \ - + (ADD_FILL || CC_NV_UndefineSpace) /* 0x00000122 */ \ - + ADD_FILL /* 0x00000123 */ \ - + (ADD_FILL || CC_ChangeEPS) /* 0x00000124 */ \ - + (ADD_FILL || CC_ChangePPS) /* 0x00000125 */ \ - + (ADD_FILL || CC_Clear) /* 0x00000126 */ \ - + (ADD_FILL || CC_ClearControl) /* 0x00000127 */ \ - + (ADD_FILL || CC_ClockSet) /* 0x00000128 */ \ - + (ADD_FILL || CC_HierarchyChangeAuth) /* 0x00000129 */ \ - + (ADD_FILL || CC_NV_DefineSpace) /* 0x0000012A */ \ - + (ADD_FILL || CC_PCR_Allocate) /* 0x0000012B */ \ - + (ADD_FILL || CC_PCR_SetAuthPolicy) /* 0x0000012C */ \ - + (ADD_FILL || CC_PP_Commands) /* 0x0000012D */ \ - + (ADD_FILL || CC_SetPrimaryPolicy) /* 0x0000012E */ \ - + (ADD_FILL || CC_FieldUpgradeStart) /* 0x0000012F */ \ - + (ADD_FILL || CC_ClockRateAdjust) /* 0x00000130 */ \ - + (ADD_FILL || CC_CreatePrimary) /* 0x00000131 */ \ - + (ADD_FILL || CC_NV_GlobalWriteLock) /* 0x00000132 */ \ - + (ADD_FILL || CC_GetCommandAuditDigest) /* 0x00000133 */ \ - + (ADD_FILL || CC_NV_Increment) /* 0x00000134 */ \ - + (ADD_FILL || CC_NV_SetBits) /* 0x00000135 */ \ - + (ADD_FILL || CC_NV_Extend) /* 0x00000136 */ \ - + (ADD_FILL || CC_NV_Write) /* 0x00000137 */ \ - + (ADD_FILL || CC_NV_WriteLock) /* 0x00000138 */ \ - + (ADD_FILL || CC_DictionaryAttackLockReset) /* 0x00000139 */ \ - + (ADD_FILL || CC_DictionaryAttackParameters) /* 0x0000013A */ \ - + (ADD_FILL || CC_NV_ChangeAuth) /* 0x0000013B */ \ - + (ADD_FILL || CC_PCR_Event) /* 0x0000013C */ \ - + (ADD_FILL || CC_PCR_Reset) /* 0x0000013D */ \ - + (ADD_FILL || CC_SequenceComplete) /* 0x0000013E */ \ - + (ADD_FILL || CC_SetAlgorithmSet) /* 0x0000013F */ \ - + (ADD_FILL || CC_SetCommandCodeAuditStatus) /* 0x00000140 */ \ - + (ADD_FILL || CC_FieldUpgradeData) /* 0x00000141 */ \ - + (ADD_FILL || CC_IncrementalSelfTest) /* 0x00000142 */ \ - + (ADD_FILL || CC_SelfTest) /* 0x00000143 */ \ - + (ADD_FILL || CC_Startup) /* 0x00000144 */ \ - + (ADD_FILL || CC_Shutdown) /* 0x00000145 */ \ - + (ADD_FILL || CC_StirRandom) /* 0x00000146 */ \ - + (ADD_FILL || CC_ActivateCredential) /* 0x00000147 */ \ - + (ADD_FILL || CC_Certify) /* 0x00000148 */ \ - + (ADD_FILL || CC_PolicyNV) /* 0x00000149 */ \ - + (ADD_FILL || CC_CertifyCreation) /* 0x0000014A */ \ - + (ADD_FILL || CC_Duplicate) /* 0x0000014B */ \ - + (ADD_FILL || CC_GetTime) /* 0x0000014C */ \ - + (ADD_FILL || CC_GetSessionAuditDigest) /* 0x0000014D */ \ - + (ADD_FILL || CC_NV_Read) /* 0x0000014E */ \ - + (ADD_FILL || CC_NV_ReadLock) /* 0x0000014F */ \ - + (ADD_FILL || CC_ObjectChangeAuth) /* 0x00000150 */ \ - + (ADD_FILL || CC_PolicySecret) /* 0x00000151 */ \ - + (ADD_FILL || CC_Rewrap) /* 0x00000152 */ \ - + (ADD_FILL || CC_Create) /* 0x00000153 */ \ - + (ADD_FILL || CC_ECDH_ZGen) /* 0x00000154 */ \ - + (ADD_FILL || CC_HMAC || CC_MAC) /* 0x00000155 */ \ - + (ADD_FILL || CC_Import) /* 0x00000156 */ \ - + (ADD_FILL || CC_Load) /* 0x00000157 */ \ - + (ADD_FILL || CC_Quote) /* 0x00000158 */ \ - + (ADD_FILL || CC_RSA_Decrypt) /* 0x00000159 */ \ - + ADD_FILL /* 0x0000015A */ \ - + (ADD_FILL || CC_HMAC_Start || CC_MAC_Start) /* 0x0000015B */ \ - + (ADD_FILL || CC_SequenceUpdate) /* 0x0000015C */ \ - + (ADD_FILL || CC_Sign) /* 0x0000015D */ \ - + (ADD_FILL || CC_Unseal) /* 0x0000015E */ \ - + ADD_FILL /* 0x0000015F */ \ - + (ADD_FILL || CC_PolicySigned) /* 0x00000160 */ \ - + (ADD_FILL || CC_ContextLoad) /* 0x00000161 */ \ - + (ADD_FILL || CC_ContextSave) /* 0x00000162 */ \ - + (ADD_FILL || CC_ECDH_KeyGen) /* 0x00000163 */ \ - + (ADD_FILL || CC_EncryptDecrypt) /* 0x00000164 */ \ - + (ADD_FILL || CC_FlushContext) /* 0x00000165 */ \ - + ADD_FILL /* 0x00000166 */ \ - + (ADD_FILL || CC_LoadExternal) /* 0x00000167 */ \ - + (ADD_FILL || CC_MakeCredential) /* 0x00000168 */ \ - + (ADD_FILL || CC_NV_ReadPublic) /* 0x00000169 */ \ - + (ADD_FILL || CC_PolicyAuthorize) /* 0x0000016A */ \ - + (ADD_FILL || CC_PolicyAuthValue) /* 0x0000016B */ \ - + (ADD_FILL || CC_PolicyCommandCode) /* 0x0000016C */ \ - + (ADD_FILL || CC_PolicyCounterTimer) /* 0x0000016D */ \ - + (ADD_FILL || CC_PolicyCpHash) /* 0x0000016E */ \ - + (ADD_FILL || CC_PolicyLocality) /* 0x0000016F */ \ - + (ADD_FILL || CC_PolicyNameHash) /* 0x00000170 */ \ - + (ADD_FILL || CC_PolicyOR) /* 0x00000171 */ \ - + (ADD_FILL || CC_PolicyTicket) /* 0x00000172 */ \ - + (ADD_FILL || CC_ReadPublic) /* 0x00000173 */ \ - + (ADD_FILL || CC_RSA_Encrypt) /* 0x00000174 */ \ - + ADD_FILL /* 0x00000175 */ \ - + (ADD_FILL || CC_StartAuthSession) /* 0x00000176 */ \ - + (ADD_FILL || CC_VerifySignature) /* 0x00000177 */ \ - + (ADD_FILL || CC_ECC_Parameters) /* 0x00000178 */ \ - + (ADD_FILL || CC_FirmwareRead) /* 0x00000179 */ \ - + (ADD_FILL || CC_GetCapability) /* 0x0000017A */ \ - + (ADD_FILL || CC_GetRandom) /* 0x0000017B */ \ - + (ADD_FILL || CC_GetTestResult) /* 0x0000017C */ \ - + (ADD_FILL || CC_Hash) /* 0x0000017D */ \ - + (ADD_FILL || CC_PCR_Read) /* 0x0000017E */ \ - + (ADD_FILL || CC_PolicyPCR) /* 0x0000017F */ \ - + (ADD_FILL || CC_PolicyRestart) /* 0x00000180 */ \ - + (ADD_FILL || CC_ReadClock) /* 0x00000181 */ \ - + (ADD_FILL || CC_PCR_Extend) /* 0x00000182 */ \ - + (ADD_FILL || CC_PCR_SetAuthValue) /* 0x00000183 */ \ - + (ADD_FILL || CC_NV_Certify) /* 0x00000184 */ \ - + (ADD_FILL || CC_EventSequenceComplete) /* 0x00000185 */ \ - + (ADD_FILL || CC_HashSequenceStart) /* 0x00000186 */ \ - + (ADD_FILL || CC_PolicyPhysicalPresence) /* 0x00000187 */ \ - + (ADD_FILL || CC_PolicyDuplicationSelect) /* 0x00000188 */ \ - + (ADD_FILL || CC_PolicyGetDigest) /* 0x00000189 */ \ - + (ADD_FILL || CC_TestParms) /* 0x0000018A */ \ - + (ADD_FILL || CC_Commit) /* 0x0000018B */ \ - + (ADD_FILL || CC_PolicyPassword) /* 0x0000018C */ \ - + (ADD_FILL || CC_ZGen_2Phase) /* 0x0000018D */ \ - + (ADD_FILL || CC_EC_Ephemeral) /* 0x0000018E */ \ - + (ADD_FILL || CC_PolicyNvWritten) /* 0x0000018F */ \ - + (ADD_FILL || CC_PolicyTemplate) /* 0x00000190 */ \ - + (ADD_FILL || CC_CreateLoaded) /* 0x00000191 */ \ - + (ADD_FILL || CC_PolicyAuthorizeNV) /* 0x00000192 */ \ - + (ADD_FILL || CC_EncryptDecrypt2) /* 0x00000193 */ \ - + (ADD_FILL || CC_AC_GetCapability) /* 0x00000194 */ \ - + (ADD_FILL || CC_AC_Send) /* 0x00000195 */ \ - + (ADD_FILL || CC_Policy_AC_SendSelect) /* 0x00000196 */ \ - + (ADD_FILL || CC_CertifyX509) /* 0x00000197 */ \ - ) - -#define VENDOR_COMMAND_ARRAY_SIZE (0 + CC_Vendor_TCG_Test) - -#define COMMAND_COUNT (LIBRARY_COMMAND_ARRAY_SIZE + VENDOR_COMMAND_ARRAY_SIZE) - -#define HASH_COUNT \ - (ALG_SHA1 + ALG_SHA256 + ALG_SHA384 + ALG_SHA3_256 + \ - ALG_SHA3_384 + ALG_SHA3_512 + ALG_SHA512 + ALG_SM3_256) - -#define MAX_HASH_BLOCK_SIZE \ - (MAX(ALG_SHA1 * SHA1_BLOCK_SIZE, \ - MAX(ALG_SHA256 * SHA256_BLOCK_SIZE, \ - MAX(ALG_SHA384 * SHA384_BLOCK_SIZE, \ - MAX(ALG_SHA3_256 * SHA3_256_BLOCK_SIZE, \ - MAX(ALG_SHA3_384 * SHA3_384_BLOCK_SIZE, \ - MAX(ALG_SHA3_512 * SHA3_512_BLOCK_SIZE, \ - MAX(ALG_SHA512 * SHA512_BLOCK_SIZE, \ - MAX(ALG_SM3_256 * SM3_256_BLOCK_SIZE, \ - 0))))))))) - -#define MAX_DIGEST_SIZE \ - (MAX(ALG_SHA1 * SHA1_DIGEST_SIZE, \ - MAX(ALG_SHA256 * SHA256_DIGEST_SIZE, \ - MAX(ALG_SHA384 * SHA384_DIGEST_SIZE, \ - MAX(ALG_SHA3_256 * SHA3_256_DIGEST_SIZE, \ - MAX(ALG_SHA3_384 * SHA3_384_DIGEST_SIZE, \ - MAX(ALG_SHA3_512 * SHA3_512_DIGEST_SIZE, \ - MAX(ALG_SHA512 * SHA512_DIGEST_SIZE, \ - MAX(ALG_SM3_256 * SM3_256_DIGEST_SIZE, \ - 0))))))))) - - -#if MAX_DIGEST_SIZE == 0 || MAX_HASH_BLOCK_SIZE == 0 -#error "Hash data not valid" -#endif - -// Define the 2B structure that would hold any hash block -TPM2B_TYPE(MAX_HASH_BLOCK, MAX_HASH_BLOCK_SIZE); - -// Following typedef is for some old code -typedef TPM2B_MAX_HASH_BLOCK TPM2B_HASH_BLOCK; - -/* Additional symmetric constants */ -#define MAX_SYM_KEY_BITS \ - (MAX(AES_MAX_KEY_SIZE_BITS, MAX(CAMELLIA_MAX_KEY_SIZE_BITS, \ - MAX(SM4_MAX_KEY_SIZE_BITS, MAX(TDES_MAX_KEY_SIZE_BITS, \ - 0))))) - -#define MAX_SYM_KEY_BYTES ((MAX_SYM_KEY_BITS + 7) / 8) - -#define MAX_SYM_BLOCK_SIZE \ - (MAX(AES_MAX_BLOCK_SIZE, MAX(CAMELLIA_MAX_BLOCK_SIZE, \ - MAX(SM4_MAX_BLOCK_SIZE, MAX(TDES_MAX_BLOCK_SIZE, \ - 0))))) - -#if MAX_SYM_KEY_BITS == 0 || MAX_SYM_BLOCK_SIZE == 0 -# error Bad size for MAX_SYM_KEY_BITS or MAX_SYM_BLOCK -#endif - - -#endif // _TPM_ALGORITHM_DEFINES_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h deleted file mode 100644 index 7ab437684..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h +++ /dev/null @@ -1,341 +0,0 @@ - -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -// This file contains the build switches. This contains switches for multiple -// versions of the crypto-library so some may not apply to your environment. -// -// The switches are guarded so that they can either be set on the command line or -// set here. If the switch is listed on the command line (-DSOME_SWITCH) with NO -// setting, then the switch will be set to YES. If the switch setting is not on the -// command line or if the setting is other than YES or NO, then the switch will be set -// to the default value. The default can either be YES or NO as indicated on each line -// where the default is selected. -// -// A caution. Do not try to test these macros by inserting #defines in this file. For -// some curious reason, a variable set on the command line with no setting will have a -// value of 1. An #if SOME_VARIABLE will work if the variable is not defined or is -// defined on the command line with no initial setting. However, a -// "#define SOME_VARIABLE" is a null string and when used in "#if SOME_VARIABLE" will -// not be a proper expression If you want to test various switches, either use the -// command line or change the default. -// -#ifndef _TPM_BUILD_SWITCHES_H_ -#define _TPM_BUILD_SWITCHES_H_ - -#undef YES -#define YES 1 -#undef NO -#define NO 0 - -// Allow the command line to specify a "profile" file -#ifdef PROFILE -# define PROFILE_QUOTE(a) #a -# define PROFILE_INCLUDE(a) PROFILE_QUOTE(a) -# include PROFILE_INCLUDE(PROFILE) -#endif - -// Need an unambiguous definition for DEBUG. Don't change this -#ifndef DEBUG -# ifdef NDEBUG -# define DEBUG NO -# else -# define DEBUG YES -# endif -#elif (DEBUG != NO) && (DEBUG != YES) -# undef DEBUG -# define DEBUG YES // Default: Either YES or NO -#endif - -#include "CompilerDependencies.h" - -// This definition is required for the re-factored code -#if (!defined USE_BN_ECC_DATA) \ - || ((USE_BN_ECC_DATA != NO) && (USE_BN_ECC_DATA != YES)) -# undef USE_BN_ECC_DATA -# define USE_BN_ECC_DATA YES // Default: Either YES or NO -#endif - -// The SIMULATION switch allows certain other macros to be enabled. The things that -// can be enabled in a simulation include key caching, reproducible "random" -// sequences, instrumentation of the RSA key generation process, and certain other -// debug code. SIMULATION Needs to be defined as either YES or NO. This grouping of -// macros will make sure that it is set correctly. A simulated TPM would include a -// Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard -// ones in the Simulator project. -// -// If SIMULATION is in the compile parameters without modifiers, -// make SIMULATION == YES -#if !(defined SIMULATION) || ((SIMULATION != NO) && (SIMULATION != YES)) -# undef SIMULATION -# define SIMULATION YES // Default: Either YES or NO -#endif - -// Define this to run the function that checks the compatibility between the -// chosen big number math library and the TPM code. Not all ports use this. -#if !(defined LIBRARY_COMPATABILITY_CHECK) \ - || ((LIBRARY_COMPATABILITY_CHECK != NO) \ - && (LIBRARY_COMPATABILITY_CHECK != YES)) -# undef LIBRARY_COMPATABILITY_CHECK -# define LIBRARY_COMPATABILITY_CHECK YES // Default: Either YES or NO -#endif - -#if !(defined FIPS_COMPLIANT) || ((FIPS_COMPLIANT != NO) && (FIPS_COMPLIANT != YES)) -# undef FIPS_COMPLIANT -# define FIPS_COMPLIANT YES // Default: Either YES or NO -#endif - -// Definition to allow alternate behavior for non-orderly startup. If there is a -// chance that the TPM could not update 'failedTries' -#if !(defined USE_DA_USED) || ((USE_DA_USED != NO) && (USE_DA_USED != YES)) -# undef USE_DA_USED -# define USE_DA_USED YES // Default: Either YES or NO -#endif - -// Define TABLE_DRIVEN_DISPATCH to use tables rather than case statements -// for command dispatch and handle unmarshaling -#if !(defined TABLE_DRIVEN_DISPATCH) \ - || ((TABLE_DRIVEN_DISPATCH != NO) && (TABLE_DRIVEN_DISPATCH != YES)) -# undef TABLE_DRIVEN_DISPATCH -# define TABLE_DRIVEN_DISPATCH YES // Default: Either YES or NO -#endif - -// This switch is used to enable the self-test capability in AlgorithmTests.c -#if !(defined SELF_TEST) || ((SELF_TEST != NO) && (SELF_TEST != YES)) -# undef SELF_TEST -# define SELF_TEST YES // Default: Either YES or NO -#endif - -// Enable the generation of RSA primes using a sieve. -#if !(defined RSA_KEY_SIEVE) || ((RSA_KEY_SIEVE != NO) && (RSA_KEY_SIEVE != YES)) -# undef RSA_KEY_SIEVE -# define RSA_KEY_SIEVE YES // Default: Either YES or NO -#endif - -// Enable the instrumentation of the sieve process. This is used to tune the sieve -// variables. -#if RSA_KEY_SIEVE && SIMULATION -# if !(defined RSA_INSTRUMENT) \ - || ((RSA_INSTRUMENT != NO) && (RSA_INSTRUMENT != YES)) -# undef RSA_INSTRUMENT -# define RSA_INSTRUMENT NO // Default: Either YES or NO -# endif -#endif - -// This switch enables the RNG state save and restore -#if !(defined _DRBG_STATE_SAVE) \ - || ((_DRBG_STATE_SAVE != NO) && (_DRBG_STATE_SAVE != YES)) -# undef _DRBG_STATE_SAVE -# define _DRBG_STATE_SAVE YES // Default: Either YES or NO -#endif - -// Switch added to support packed lists that leave out space associated with -// unimplemented commands. Comment this out to use linear lists. -// Note: if vendor specific commands are present, the associated list is always -// in compressed form. -#if !(defined COMPRESSED_LISTS) \ - || ((COMPRESSED_LISTS != NO) && (COMPRESSED_LISTS != YES)) -# undef COMPRESSED_LISTS -# define COMPRESSED_LISTS YES // Default: Either YES or NO -#endif - -// This switch indicates where clock epoch value should be stored. If this value -// defined, then it is assumed that the timer will change at any time so the -// nonce should be a random number kept in RAM. When it is not defined, then the -// timer only stops during power outages. -#if !(defined CLOCK_STOPS) || ((CLOCK_STOPS != NO) && (CLOCK_STOPS != YES)) -# undef CLOCK_STOPS -# define CLOCK_STOPS NO // Default: Either YES or NO -#endif - -// This switch allows use of #defines in place of pass-through marshaling or -// unmarshaling code. A pass-through function just calls another function to do -// the required function and does no parameter checking of its own. The -// table-driven dispatcher calls directly to the lowest level -// marshaling/unmarshaling code and by-passes any pass-through functions. -#if (defined USE_MARSHALING_DEFINES) && (USE_MARSHALING_DEFINES != NO) -# undef USE_MARSHALING_DEFINES -# define USE_MARSHALING_DEFINES YES -#else -# define USE_MARSHALING_DEFINES YES // Default: Either YES or NO -#endif - -//********************************** -// The switches in this group can only be enabled when doing debug during simulation -#if SIMULATION && DEBUG -// Enables use of the key cache. Default is YES -# if !(defined USE_RSA_KEY_CACHE) \ - || ((USE_RSA_KEY_CACHE != NO) && (USE_RSA_KEY_CACHE != YES)) -# undef USE_RSA_KEY_CACHE -# define USE_RSA_KEY_CACHE YES // Default: Either YES or NO -# endif - -// Enables use of a file to store the key cache values so that the TPM will start -// faster during debug. Default for this is YES -# if USE_RSA_KEY_CACHE -# if !(defined USE_KEY_CACHE_FILE) \ - || ((USE_KEY_CACHE_FILE != NO) && (USE_KEY_CACHE_FILE != YES)) -# undef USE_KEY_CACHE_FILE -# define USE_KEY_CACHE_FILE YES // Default: Either YES or NO -# endif -# else -# undef USE_KEY_CACHE_FILE -# define USE_KEY_CACHE_FILE NO -# endif // USE_RSA_KEY_CACHE - -// This provides fixed seeding of the RNG when doing debug on a simulator. This -// should allow consistent results on test runs as long as the input parameters -// to the functions remains the same. There is no default value. -# if !(defined USE_DEBUG_RNG) || ((USE_DEBUG_RNG != NO) && (USE_DEBUG_RNG != YES)) -# undef USE_DEBUG_RNG -# define USE_DEBUG_RNG YES // Default: Either YES or NO -# endif - -// Don't change these. They are the settings needed when not doing a simulation and -// not doing debug. Can't use the key cache except during debug. Otherwise, all of the -// key values end up being the same -#else -# define USE_RSA_KEY_CACHE NO -# define USE_RSA_KEY_CACHE_FILE NO -# define USE_DEBUG_RNG NO -#endif // DEBUG && SIMULATION - -#if DEBUG - -// In some cases, the relationship between two values may be dependent -// on things that change based on various selections like the chosen cryptographic -// libraries. It is possible that these selections will result in incompatible -// settings. These are often detectable by the compiler but it isn't always -// possible to do the check in the preprocessor code. For example, when the -// check requires use of 'sizeof()' then the preprocessor can't do the comparison. -// For these cases, we include a special macro that, depending on the compiler -// will generate a warning to indicate if the check always passes or always fails -// because it involves fixed constants. To run these checks, define COMPILER_CHECKS. -# if !(defined COMPILER_CHECKS) \ - || ((COMPILER_CHECKS != NO) && (COMPILER_CHECKS != YES)) -# undef COMPILER_CHECKS -# define COMPILER_CHECKS NO // Default: Either YES or NO -# endif - -// Some of the values (such as sizes) are the result of different options set in -// TpmProfile.h. The combination might not be consistent. A function is defined -// (TpmSizeChecks()) that is used to verify the sizes at run time. To enable the -// function, define this parameter. -# if !(defined RUNTIME_SIZE_CHECKS) \ - || ((RUNTIME_SIZE_CHECKS != NO) && (RUNTIME_SIZE_CHECKS != YES)) -# undef RUNTIME_SIZE_CHECKS -# define RUNTIME_SIZE_CHECKS NO // Default: Either YES or NO -# endif - -// If doing debug, can set the DRBG to print out the intermediate test values. -// Before enabling this, make sure that the dbgDumpMemBlock() function -// has been added someplace (preferably, somewhere in CryptRand.c) -# if !(defined DRBG_DEBUG_PRINT) \ - || ((DRBG_DEBUG_PRINT != NO) && (DRBG_DEBUG_PRINT != YES)) -# undef DRBG_DEBUG_PRINT -# define DRBG_DEBUG_PRINT NO // Default: Either YES or NO -# endif - -// If an assertion event it not going to produce any trace information (function and -// line number) then make FAIL_TRACE == NO -# if !(defined FAIL_TRACE) || ((FAIL_TRACE != NO) && (FAIL_TRACE != YES)) -# undef FAIL_TRACE -# define FAIL_TRACE YES // Default: Either YES or NO -# endif - -#endif // DEBUG - -// Indicate if the implementation is going to give lockout time credit for time up to -// the last orderly shutdown. -#if !(defined ACCUMULATE_SELF_HEAL_TIMER) \ - || ((ACCUMULATE_SELF_HEAL_TIMER != NO) && (ACCUMULATE_SELF_HEAL_TIMER != YES)) -# undef ACCUMULATE_SELF_HEAL_TIMER -# define ACCUMULATE_SELF_HEAL_TIMER YES // Default: Either YES or NO -#endif - -// Indicates if the implementation is to compute the sizes of the proof and primary -// seed size values based on the implemented algorithms. -#if !(defined USE_SPEC_COMPLIANT_PROOFS) \ - || ((USE_SPEC_COMPLIANT_PROOFS != NO) && (USE_SPEC_COMPLIANT_PROOFS != YES)) -# undef USE_SPEC_COMPLIANT_PROOFS -# define USE_SPEC_COMPLIANT_PROOFS YES // Default: Either YES or NO -#endif - -// Comment this out to allow compile to continue even though the chosen proof values -// do not match the compliant values. This is written so that someone would -// have to proactively ignore errors. -#if !(defined SKIP_PROOF_ERRORS) \ - || ((SKIP_PROOF_ERRORS != NO) && (SKIP_PROOF_ERRORS != YES)) -# undef SKIP_PROOF_ERRORS -# define SKIP_PROOF_ERRORS NO // Default: Either YES or NO -#endif - -// This define is used to eliminate the use of bit-fields. It can be enabled for big- -// or little-endian machines. For big-endian architectures that numbers bits in -// registers from left to right (MSb0) this must be enabled. Little-endian machines -// number from right to left with the least significant bit having assigned a bit -// number of 0. These are LSb0 machines (they are also little-endian so they are also -// least-significant byte 0 (LSB0) machines. Big-endian (MSB0) machines may number in -// either direction (MSb0 or LSb0). For an MSB0+MSb0 machine this value is required to -// be 'NO' -#if !(defined USE_BIT_FIELD_STRUCTURES) \ - || ((USE_BIT_FIELD_STRUCTURES != NO) && (USE_BIT_FIELD_STRUCTURES != YES)) -# undef USE_BIT_FIELD_STRUCTURES -# define USE_BIT_FIELD_STRUCTURES DEBUG // Default: Either YES or NO -#endif - -// This define is used to enable any runtime checks of the interface between the -// cryptographic library (e.g., OpenSSL) and the thunking layer. -#if !(defined LIBRARY_COMPATIBILITY_CHECK) \ - || ((LIBRARY_COMPATIBILITY_CHECK != NO) && (LIBRARY_COMPATIBILITY_CHECK != YES)) -# undef LIBRARY_COMPATIBILITY_CHECK -# define LIBRARY_COMPATIBILITY_CHECK NO // Default: Either YES or NO -#endif - -// This define is used to control the debug for the CertifyX509 command. -#if !(defined CERTIFYX509_DEBUG) \ - || ((CERTIFYX509_DEBUG != NO) && (CERTIFYX509_DEBUG != YES)) -# undef CERTIFYX509_DEBUG -# define CERTIFYX509_DEBUG YES // Default: Either YES or NO -#endif - -// Change these definitions to turn all algorithms or commands ON or OFF. That is, -// to turn all algorithms on, set ALG_NO to YES. This is mostly useful as a debug -// feature. -#define ALG_YES YES -#define ALG_NO NO -#define CC_YES YES -#define CC_NO NO - -#endif // _TPM_BUILD_SWITCHES_H_ \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h deleted file mode 100644 index e90dbcae4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _TPM_ERROR_H -#define _TPM_ERROR_H - -#define FATAL_ERROR_ALLOCATION (1) -#define FATAL_ERROR_DIVIDE_ZERO (2) -#define FATAL_ERROR_INTERNAL (3) -#define FATAL_ERROR_PARAMETER (4) -#define FATAL_ERROR_ENTROPY (5) -#define FATAL_ERROR_SELF_TEST (6) -#define FATAL_ERROR_CRYPTO (7) -#define FATAL_ERROR_NV_UNRECOVERABLE (8) -#define FATAL_ERROR_REMANUFACTURED (9) // indicates that the TPM has - // been re-manufactured after an - // unrecoverable NV error -#define FATAL_ERROR_DRBG (10) -#define FATAL_ERROR_MOVE_SIZE (11) -#define FATAL_ERROR_COUNTER_OVERFLOW (12) -#define FATAL_ERROR_SUBTRACT (13) -#define FATAL_ERROR_MATHLIBRARY (14) -#define FATAL_ERROR_FORCED (666) - -#endif // _TPM_ERROR_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h deleted file mode 100644 index 7329f79ba..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h +++ /dev/null @@ -1,789 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 10, 2019 Time: 03:21:33PM - */ - -#ifndef _TPM_PROFILE_H_ -#define _TPM_PROFILE_H_ - -// Table 2:4 - Defines for Logic Values -#undef TRUE -#define TRUE 1 -#undef FALSE -#define FALSE 0 -#undef YES -#define YES 1 -#undef NO -#define NO 0 -#undef SET -#define SET 1 -#undef CLEAR -#define CLEAR 0 - -// Table 0:1 - Defines for Processor Values -#ifndef BIG_ENDIAN_TPM -#define BIG_ENDIAN_TPM NO -#endif -#ifndef LITTLE_ENDIAN_TPM -#define LITTLE_ENDIAN_TPM !BIG_ENDIAN_TPM -#endif -#ifndef MOST_SIGNIFICANT_BIT_0 -#define MOST_SIGNIFICANT_BIT_0 NO -#endif -#ifndef LEAST_SIGNIFICANT_BIT_0 -#define LEAST_SIGNIFICANT_BIT_0 !MOST_SIGNIFICANT_BIT_0 -#endif -#ifndef AUTO_ALIGN -#define AUTO_ALIGN NO -#endif - -// Table 0:4 - Defines for Implemented Curves -#ifndef ECC_NIST_P192 -#define ECC_NIST_P192 NO -#endif -#ifndef ECC_NIST_P224 -#define ECC_NIST_P224 NO -#endif -#ifndef ECC_NIST_P256 -#define ECC_NIST_P256 YES -#endif -#ifndef ECC_NIST_P384 -#define ECC_NIST_P384 YES -#endif -#ifndef ECC_NIST_P521 -#define ECC_NIST_P521 NO -#endif -#ifndef ECC_BN_P256 -#define ECC_BN_P256 YES -#endif -#ifndef ECC_BN_P638 -#define ECC_BN_P638 NO -#endif -#ifndef ECC_SM2_P256 -#define ECC_SM2_P256 NO -#endif - -// Table 0:7 - Defines for Implementation Values -#ifndef FIELD_UPGRADE_IMPLEMENTED -#define FIELD_UPGRADE_IMPLEMENTED NO -#endif -#ifndef HASH_ALIGNMENT -#define HASH_ALIGNMENT 4 -#endif -#ifndef SYMMETRIC_ALIGNMENT -#define SYMMETRIC_ALIGNMENT 4 -#endif -#ifndef HASH_LIB -#define HASH_LIB Ossl -#endif -#ifndef SYM_LIB -#define SYM_LIB Ossl -#endif -#ifndef MATH_LIB -#define MATH_LIB Ossl -#endif -#ifndef BSIZE -#define BSIZE UINT16 -#endif -#ifndef IMPLEMENTATION_PCR -#define IMPLEMENTATION_PCR 24 -#endif -#ifndef PCR_SELECT_MAX -#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) -#endif -#ifndef PLATFORM_PCR -#define PLATFORM_PCR 24 -#endif -#ifndef PCR_SELECT_MIN -#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) -#endif -#ifndef DRTM_PCR -#define DRTM_PCR 17 -#endif -#ifndef HCRTM_PCR -#define HCRTM_PCR 0 -#endif -#ifndef NUM_LOCALITIES -#define NUM_LOCALITIES 5 -#endif -#ifndef MAX_HANDLE_NUM -#define MAX_HANDLE_NUM 3 -#endif -#ifndef MAX_ACTIVE_SESSIONS -#define MAX_ACTIVE_SESSIONS 64 -#endif -#ifndef CONTEXT_SLOT -#define CONTEXT_SLOT UINT16 -#endif -#ifndef CONTEXT_COUNTER -#define CONTEXT_COUNTER UINT64 -#endif -#ifndef MAX_LOADED_SESSIONS -#define MAX_LOADED_SESSIONS 3 -#endif -#ifndef MAX_SESSION_NUM -#define MAX_SESSION_NUM 3 -#endif -#ifndef MAX_LOADED_OBJECTS -#define MAX_LOADED_OBJECTS 3 -#endif -#ifndef MIN_EVICT_OBJECTS -#define MIN_EVICT_OBJECTS 2 -#endif -#ifndef NUM_POLICY_PCR_GROUP -#define NUM_POLICY_PCR_GROUP 1 -#endif -#ifndef NUM_AUTHVALUE_PCR_GROUP -#define NUM_AUTHVALUE_PCR_GROUP 1 -#endif -#ifndef MAX_CONTEXT_SIZE -#define MAX_CONTEXT_SIZE 1264 -#endif -#ifndef MAX_DIGEST_BUFFER -#define MAX_DIGEST_BUFFER 1024 -#endif -#ifndef MAX_NV_INDEX_SIZE -#define MAX_NV_INDEX_SIZE 2048 -#endif -#ifndef MAX_NV_BUFFER_SIZE -#define MAX_NV_BUFFER_SIZE 1024 -#endif -#ifndef MAX_CAP_BUFFER -#define MAX_CAP_BUFFER 1024 -#endif -#ifndef NV_MEMORY_SIZE -#define NV_MEMORY_SIZE 16384 -#endif -#ifndef MIN_COUNTER_INDICES -#define MIN_COUNTER_INDICES 8 -#endif -#ifndef NUM_STATIC_PCR -#define NUM_STATIC_PCR 16 -#endif -#ifndef MAX_ALG_LIST_SIZE -#define MAX_ALG_LIST_SIZE 64 -#endif -#ifndef PRIMARY_SEED_SIZE -#define PRIMARY_SEED_SIZE 32 -#endif -#ifndef CONTEXT_ENCRYPT_ALGORITHM -#define CONTEXT_ENCRYPT_ALGORITHM AES -#endif -#ifndef NV_CLOCK_UPDATE_INTERVAL -#define NV_CLOCK_UPDATE_INTERVAL 12 -#endif -#ifndef NUM_POLICY_PCR -#define NUM_POLICY_PCR 1 -#endif -#ifndef MAX_COMMAND_SIZE -#define MAX_COMMAND_SIZE 4096 -#endif -#ifndef MAX_RESPONSE_SIZE -#define MAX_RESPONSE_SIZE 4096 -#endif -#ifndef ORDERLY_BITS -#define ORDERLY_BITS 8 -#endif -#ifndef MAX_SYM_DATA -#define MAX_SYM_DATA 128 -#endif -#ifndef MAX_RNG_ENTROPY_SIZE -#define MAX_RNG_ENTROPY_SIZE 64 -#endif -#ifndef RAM_INDEX_SPACE -#define RAM_INDEX_SPACE 512 -#endif -#ifndef RSA_DEFAULT_PUBLIC_EXPONENT -#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 -#endif -#ifndef ENABLE_PCR_NO_INCREMENT -#define ENABLE_PCR_NO_INCREMENT YES -#endif -#ifndef CRT_FORMAT_RSA -#define CRT_FORMAT_RSA YES -#endif -#ifndef VENDOR_COMMAND_COUNT -#define VENDOR_COMMAND_COUNT 0 -#endif -#ifndef MAX_VENDOR_BUFFER_SIZE -#define MAX_VENDOR_BUFFER_SIZE 1024 -#endif -#ifndef TPM_MAX_DERIVATION_BITS -#define TPM_MAX_DERIVATION_BITS 8192 -#endif -#ifndef RSA_MAX_PRIME -#define RSA_MAX_PRIME (MAX_RSA_KEY_BYTES/2) -#endif -#ifndef RSA_PRIVATE_SIZE -#define RSA_PRIVATE_SIZE (RSA_MAX_PRIME*5) -#endif -#ifndef SIZE_OF_X509_SERIAL_NUMBER -#define SIZE_OF_X509_SERIAL_NUMBER 20 -#endif -#ifndef PRIVATE_VENDOR_SPECIFIC_BYTES -#define PRIVATE_VENDOR_SPECIFIC_BYTES RSA_PRIVATE_SIZE -#endif - -// Table 0:2 - Defines for Implemented Algorithms -#ifndef ALG_AES -#define ALG_AES ALG_YES -#endif -#ifndef ALG_CAMELLIA -#define ALG_CAMELLIA ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_CBC -#define ALG_CBC ALG_YES -#endif -#ifndef ALG_CFB -#define ALG_CFB ALG_YES -#endif -#ifndef ALG_CMAC -#define ALG_CMAC ALG_YES -#endif -#ifndef ALG_CTR -#define ALG_CTR ALG_YES -#endif -#ifndef ALG_ECB -#define ALG_ECB ALG_YES -#endif -#ifndef ALG_ECC -#define ALG_ECC ALG_YES -#endif -#ifndef ALG_ECDAA -#define ALG_ECDAA (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_ECDH -#define ALG_ECDH (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_ECDSA -#define ALG_ECDSA (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_ECMQV -#define ALG_ECMQV (ALG_NO && ALG_ECC) -#endif -#ifndef ALG_ECSCHNORR -#define ALG_ECSCHNORR (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_HMAC -#define ALG_HMAC ALG_YES -#endif -#ifndef ALG_KDF1_SP800_108 -#define ALG_KDF1_SP800_108 ALG_YES -#endif -#ifndef ALG_KDF1_SP800_56A -#define ALG_KDF1_SP800_56A (ALG_YES && ALG_ECC) -#endif -#ifndef ALG_KDF2 -#define ALG_KDF2 ALG_NO -#endif -#ifndef ALG_KEYEDHASH -#define ALG_KEYEDHASH ALG_YES -#endif -#ifndef ALG_MGF1 -#define ALG_MGF1 ALG_YES -#endif -#ifndef ALG_OAEP -#define ALG_OAEP (ALG_YES && ALG_RSA) -#endif -#ifndef ALG_OFB -#define ALG_OFB ALG_YES -#endif -#ifndef ALG_RSA -#define ALG_RSA ALG_YES -#endif -#ifndef ALG_RSAES -#define ALG_RSAES (ALG_YES && ALG_RSA) -#endif -#ifndef ALG_RSAPSS -#define ALG_RSAPSS (ALG_YES && ALG_RSA) -#endif -#ifndef ALG_RSASSA -#define ALG_RSASSA (ALG_YES && ALG_RSA) -#endif -#ifndef ALG_SHA -#define ALG_SHA ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_SHA1 -#define ALG_SHA1 ALG_YES -#endif -#ifndef ALG_SHA256 -#define ALG_SHA256 ALG_YES -#endif -#ifndef ALG_SHA384 -#define ALG_SHA384 ALG_YES -#endif -#ifndef ALG_SHA3_256 -#define ALG_SHA3_256 ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_SHA3_384 -#define ALG_SHA3_384 ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_SHA3_512 -#define ALG_SHA3_512 ALG_NO /* Not specified by vendor */ -#endif -#ifndef ALG_SHA512 -#define ALG_SHA512 ALG_NO -#endif -#ifndef ALG_SM2 -#define ALG_SM2 (ALG_NO && ALG_ECC) -#endif -#ifndef ALG_SM3_256 -#define ALG_SM3_256 ALG_NO -#endif -#ifndef ALG_SM4 -#define ALG_SM4 ALG_NO -#endif -#ifndef ALG_SYMCIPHER -#define ALG_SYMCIPHER ALG_YES -#endif -#ifndef ALG_TDES -#define ALG_TDES ALG_NO -#endif -#ifndef ALG_XOR -#define ALG_XOR ALG_YES -#endif - -// Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants -#ifndef RSA_1024 -#define RSA_1024 (ALG_RSA & YES) -#endif -#ifndef RSA_2048 -#define RSA_2048 (ALG_RSA & YES) -#endif -#ifndef RSA_3072 -#define RSA_3072 (ALG_RSA & NO) -#endif -#ifndef RSA_4096 -#define RSA_4096 (ALG_RSA & NO) -#endif - -// Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants -#ifndef AES_128 -#define AES_128 (ALG_AES & YES) -#endif -#ifndef AES_192 -#define AES_192 (ALG_AES & NO) -#endif -#ifndef AES_256 -#define AES_256 (ALG_AES & YES) -#endif - -// Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants -#ifndef SM4_128 -#define SM4_128 (ALG_SM4 & YES) -#endif - -// Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants -#ifndef CAMELLIA_128 -#define CAMELLIA_128 (ALG_CAMELLIA & YES) -#endif -#ifndef CAMELLIA_192 -#define CAMELLIA_192 (ALG_CAMELLIA & NO) -#endif -#ifndef CAMELLIA_256 -#define CAMELLIA_256 (ALG_CAMELLIA & NO) -#endif - -// Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants -#ifndef TDES_128 -#define TDES_128 (ALG_TDES & YES) -#endif -#ifndef TDES_192 -#define TDES_192 (ALG_TDES & YES) -#endif - -// Table 0:5 - Defines for Implemented Commands -#ifndef CC_AC_GetCapability -#define CC_AC_GetCapability CC_YES -#endif -#ifndef CC_AC_Send -#define CC_AC_Send CC_YES -#endif -#ifndef CC_ActivateCredential -#define CC_ActivateCredential CC_YES -#endif -#ifndef CC_Certify -#define CC_Certify CC_YES -#endif -#ifndef CC_CertifyCreation -#define CC_CertifyCreation CC_YES -#endif -#ifndef CC_CertifyX509 -#define CC_CertifyX509 CC_YES -#endif -#ifndef CC_ChangeEPS -#define CC_ChangeEPS CC_YES -#endif -#ifndef CC_ChangePPS -#define CC_ChangePPS CC_YES -#endif -#ifndef CC_Clear -#define CC_Clear CC_YES -#endif -#ifndef CC_ClearControl -#define CC_ClearControl CC_YES -#endif -#ifndef CC_ClockRateAdjust -#define CC_ClockRateAdjust CC_YES -#endif -#ifndef CC_ClockSet -#define CC_ClockSet CC_YES -#endif -#ifndef CC_Commit -#define CC_Commit (CC_YES && ALG_ECC) -#endif -#ifndef CC_ContextLoad -#define CC_ContextLoad CC_YES -#endif -#ifndef CC_ContextSave -#define CC_ContextSave CC_YES -#endif -#ifndef CC_Create -#define CC_Create CC_YES -#endif -#ifndef CC_CreateLoaded -#define CC_CreateLoaded CC_YES -#endif -#ifndef CC_CreatePrimary -#define CC_CreatePrimary CC_YES -#endif -#ifndef CC_DictionaryAttackLockReset -#define CC_DictionaryAttackLockReset CC_YES -#endif -#ifndef CC_DictionaryAttackParameters -#define CC_DictionaryAttackParameters CC_YES -#endif -#ifndef CC_Duplicate -#define CC_Duplicate CC_YES -#endif -#ifndef CC_ECC_Parameters -#define CC_ECC_Parameters (CC_YES && ALG_ECC) -#endif -#ifndef CC_ECDH_KeyGen -#define CC_ECDH_KeyGen (CC_YES && ALG_ECC) -#endif -#ifndef CC_ECDH_ZGen -#define CC_ECDH_ZGen (CC_YES && ALG_ECC) -#endif -#ifndef CC_EC_Ephemeral -#define CC_EC_Ephemeral (CC_YES && ALG_ECC) -#endif -#ifndef CC_EncryptDecrypt -#define CC_EncryptDecrypt CC_YES -#endif -#ifndef CC_EncryptDecrypt2 -#define CC_EncryptDecrypt2 CC_YES -#endif -#ifndef CC_EventSequenceComplete -#define CC_EventSequenceComplete CC_YES -#endif -#ifndef CC_EvictControl -#define CC_EvictControl CC_YES -#endif -#ifndef CC_FieldUpgradeData -#define CC_FieldUpgradeData CC_NO -#endif -#ifndef CC_FieldUpgradeStart -#define CC_FieldUpgradeStart CC_NO -#endif -#ifndef CC_FirmwareRead -#define CC_FirmwareRead CC_NO -#endif -#ifndef CC_FlushContext -#define CC_FlushContext CC_YES -#endif -#ifndef CC_GetCapability -#define CC_GetCapability CC_YES -#endif -#ifndef CC_GetCommandAuditDigest -#define CC_GetCommandAuditDigest CC_YES -#endif -#ifndef CC_GetRandom -#define CC_GetRandom CC_YES -#endif -#ifndef CC_GetSessionAuditDigest -#define CC_GetSessionAuditDigest CC_YES -#endif -#ifndef CC_GetTestResult -#define CC_GetTestResult CC_YES -#endif -#ifndef CC_GetTime -#define CC_GetTime CC_YES -#endif -#ifndef CC_HMAC -#define CC_HMAC (CC_YES && !ALG_CMAC) -#endif -#ifndef CC_HMAC_Start -#define CC_HMAC_Start (CC_YES && !ALG_CMAC) -#endif -#ifndef CC_Hash -#define CC_Hash CC_YES -#endif -#ifndef CC_HashSequenceStart -#define CC_HashSequenceStart CC_YES -#endif -#ifndef CC_HierarchyChangeAuth -#define CC_HierarchyChangeAuth CC_YES -#endif -#ifndef CC_HierarchyControl -#define CC_HierarchyControl CC_YES -#endif -#ifndef CC_Import -#define CC_Import CC_YES -#endif -#ifndef CC_IncrementalSelfTest -#define CC_IncrementalSelfTest CC_YES -#endif -#ifndef CC_Load -#define CC_Load CC_YES -#endif -#ifndef CC_LoadExternal -#define CC_LoadExternal CC_YES -#endif -#ifndef CC_MAC -#define CC_MAC (CC_YES && ALG_CMAC) -#endif -#ifndef CC_MAC_Start -#define CC_MAC_Start (CC_YES && ALG_CMAC) -#endif -#ifndef CC_MakeCredential -#define CC_MakeCredential CC_YES -#endif -#ifndef CC_NV_Certify -#define CC_NV_Certify CC_YES -#endif -#ifndef CC_NV_ChangeAuth -#define CC_NV_ChangeAuth CC_YES -#endif -#ifndef CC_NV_DefineSpace -#define CC_NV_DefineSpace CC_YES -#endif -#ifndef CC_NV_Extend -#define CC_NV_Extend CC_YES -#endif -#ifndef CC_NV_GlobalWriteLock -#define CC_NV_GlobalWriteLock CC_YES -#endif -#ifndef CC_NV_Increment -#define CC_NV_Increment CC_YES -#endif -#ifndef CC_NV_Read -#define CC_NV_Read CC_YES -#endif -#ifndef CC_NV_ReadLock -#define CC_NV_ReadLock CC_YES -#endif -#ifndef CC_NV_ReadPublic -#define CC_NV_ReadPublic CC_YES -#endif -#ifndef CC_NV_SetBits -#define CC_NV_SetBits CC_YES -#endif -#ifndef CC_NV_UndefineSpace -#define CC_NV_UndefineSpace CC_YES -#endif -#ifndef CC_NV_UndefineSpaceSpecial -#define CC_NV_UndefineSpaceSpecial CC_YES -#endif -#ifndef CC_NV_Write -#define CC_NV_Write CC_YES -#endif -#ifndef CC_NV_WriteLock -#define CC_NV_WriteLock CC_YES -#endif -#ifndef CC_ObjectChangeAuth -#define CC_ObjectChangeAuth CC_YES -#endif -#ifndef CC_PCR_Allocate -#define CC_PCR_Allocate CC_YES -#endif -#ifndef CC_PCR_Event -#define CC_PCR_Event CC_YES -#endif -#ifndef CC_PCR_Extend -#define CC_PCR_Extend CC_YES -#endif -#ifndef CC_PCR_Read -#define CC_PCR_Read CC_YES -#endif -#ifndef CC_PCR_Reset -#define CC_PCR_Reset CC_YES -#endif -#ifndef CC_PCR_SetAuthPolicy -#define CC_PCR_SetAuthPolicy CC_YES -#endif -#ifndef CC_PCR_SetAuthValue -#define CC_PCR_SetAuthValue CC_YES -#endif -#ifndef CC_PP_Commands -#define CC_PP_Commands CC_YES -#endif -#ifndef CC_PolicyAuthValue -#define CC_PolicyAuthValue CC_YES -#endif -#ifndef CC_PolicyAuthorize -#define CC_PolicyAuthorize CC_YES -#endif -#ifndef CC_PolicyAuthorizeNV -#define CC_PolicyAuthorizeNV CC_YES -#endif -#ifndef CC_PolicyCommandCode -#define CC_PolicyCommandCode CC_YES -#endif -#ifndef CC_PolicyCounterTimer -#define CC_PolicyCounterTimer CC_YES -#endif -#ifndef CC_PolicyCpHash -#define CC_PolicyCpHash CC_YES -#endif -#ifndef CC_PolicyDuplicationSelect -#define CC_PolicyDuplicationSelect CC_YES -#endif -#ifndef CC_PolicyGetDigest -#define CC_PolicyGetDigest CC_YES -#endif -#ifndef CC_PolicyLocality -#define CC_PolicyLocality CC_YES -#endif -#ifndef CC_PolicyNV -#define CC_PolicyNV CC_YES -#endif -#ifndef CC_PolicyNameHash -#define CC_PolicyNameHash CC_YES -#endif -#ifndef CC_PolicyNvWritten -#define CC_PolicyNvWritten CC_YES -#endif -#ifndef CC_PolicyOR -#define CC_PolicyOR CC_YES -#endif -#ifndef CC_PolicyPCR -#define CC_PolicyPCR CC_YES -#endif -#ifndef CC_PolicyPassword -#define CC_PolicyPassword CC_YES -#endif -#ifndef CC_PolicyPhysicalPresence -#define CC_PolicyPhysicalPresence CC_YES -#endif -#ifndef CC_PolicyRestart -#define CC_PolicyRestart CC_YES -#endif -#ifndef CC_PolicySecret -#define CC_PolicySecret CC_YES -#endif -#ifndef CC_PolicySigned -#define CC_PolicySigned CC_YES -#endif -#ifndef CC_PolicyTemplate -#define CC_PolicyTemplate CC_YES -#endif -#ifndef CC_PolicyTicket -#define CC_PolicyTicket CC_YES -#endif -#ifndef CC_Policy_AC_SendSelect -#define CC_Policy_AC_SendSelect CC_YES -#endif -#ifndef CC_Quote -#define CC_Quote CC_YES -#endif -#ifndef CC_RSA_Decrypt -#define CC_RSA_Decrypt (CC_YES && ALG_RSA) -#endif -#ifndef CC_RSA_Encrypt -#define CC_RSA_Encrypt (CC_YES && ALG_RSA) -#endif -#ifndef CC_ReadClock -#define CC_ReadClock CC_YES -#endif -#ifndef CC_ReadPublic -#define CC_ReadPublic CC_YES -#endif -#ifndef CC_Rewrap -#define CC_Rewrap CC_YES -#endif -#ifndef CC_SelfTest -#define CC_SelfTest CC_YES -#endif -#ifndef CC_SequenceComplete -#define CC_SequenceComplete CC_YES -#endif -#ifndef CC_SequenceUpdate -#define CC_SequenceUpdate CC_YES -#endif -#ifndef CC_SetAlgorithmSet -#define CC_SetAlgorithmSet CC_YES -#endif -#ifndef CC_SetCommandCodeAuditStatus -#define CC_SetCommandCodeAuditStatus CC_YES -#endif -#ifndef CC_SetPrimaryPolicy -#define CC_SetPrimaryPolicy CC_YES -#endif -#ifndef CC_Shutdown -#define CC_Shutdown CC_YES -#endif -#ifndef CC_Sign -#define CC_Sign CC_YES -#endif -#ifndef CC_StartAuthSession -#define CC_StartAuthSession CC_YES -#endif -#ifndef CC_Startup -#define CC_Startup CC_YES -#endif -#ifndef CC_StirRandom -#define CC_StirRandom CC_YES -#endif -#ifndef CC_TestParms -#define CC_TestParms CC_YES -#endif -#ifndef CC_Unseal -#define CC_Unseal CC_YES -#endif -#ifndef CC_Vendor_TCG_Test -#define CC_Vendor_TCG_Test CC_YES -#endif -#ifndef CC_VerifySignature -#define CC_VerifySignature CC_YES -#endif -#ifndef CC_ZGen_2Phase -#define CC_ZGen_2Phase (CC_YES && ALG_ECC) -#endif - - -#endif // _TPM_PROFILE_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h deleted file mode 100644 index aefcdf280..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h +++ /dev/null @@ -1,2374 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 10, 2019 Time: 03:21:33PM - */ - -#ifndef _TPM_TYPES_H_ -#define _TPM_TYPES_H_ - -// Table 1:2 - Definition of TPM_ALG_ID Constants -typedef UINT16 TPM_ALG_ID; -#define TYPE_OF_TPM_ALG_ID UINT16 -#define ALG_ERROR_VALUE 0x0000 -#define TPM_ALG_ERROR (TPM_ALG_ID)(ALG_ERROR_VALUE) -#define ALG_RSA_VALUE 0x0001 -#define TPM_ALG_RSA (TPM_ALG_ID)(ALG_RSA_VALUE) -#define ALG_TDES_VALUE 0x0003 -#define TPM_ALG_TDES (TPM_ALG_ID)(ALG_TDES_VALUE) -#define ALG_SHA_VALUE 0x0004 -#define TPM_ALG_SHA (TPM_ALG_ID)(ALG_SHA_VALUE) -#define ALG_SHA1_VALUE 0x0004 -#define TPM_ALG_SHA1 (TPM_ALG_ID)(ALG_SHA1_VALUE) -#define ALG_HMAC_VALUE 0x0005 -#define TPM_ALG_HMAC (TPM_ALG_ID)(ALG_HMAC_VALUE) -#define ALG_AES_VALUE 0x0006 -#define TPM_ALG_AES (TPM_ALG_ID)(ALG_AES_VALUE) -#define ALG_MGF1_VALUE 0x0007 -#define TPM_ALG_MGF1 (TPM_ALG_ID)(ALG_MGF1_VALUE) -#define ALG_KEYEDHASH_VALUE 0x0008 -#define TPM_ALG_KEYEDHASH (TPM_ALG_ID)(ALG_KEYEDHASH_VALUE) -#define ALG_XOR_VALUE 0x000A -#define TPM_ALG_XOR (TPM_ALG_ID)(ALG_XOR_VALUE) -#define ALG_SHA256_VALUE 0x000B -#define TPM_ALG_SHA256 (TPM_ALG_ID)(ALG_SHA256_VALUE) -#define ALG_SHA384_VALUE 0x000C -#define TPM_ALG_SHA384 (TPM_ALG_ID)(ALG_SHA384_VALUE) -#define ALG_SHA512_VALUE 0x000D -#define TPM_ALG_SHA512 (TPM_ALG_ID)(ALG_SHA512_VALUE) -#define ALG_NULL_VALUE 0x0010 -#define TPM_ALG_NULL (TPM_ALG_ID)(ALG_NULL_VALUE) -#define ALG_SM3_256_VALUE 0x0012 -#define TPM_ALG_SM3_256 (TPM_ALG_ID)(ALG_SM3_256_VALUE) -#define ALG_SM4_VALUE 0x0013 -#define TPM_ALG_SM4 (TPM_ALG_ID)(ALG_SM4_VALUE) -#define ALG_RSASSA_VALUE 0x0014 -#define TPM_ALG_RSASSA (TPM_ALG_ID)(ALG_RSASSA_VALUE) -#define ALG_RSAES_VALUE 0x0015 -#define TPM_ALG_RSAES (TPM_ALG_ID)(ALG_RSAES_VALUE) -#define ALG_RSAPSS_VALUE 0x0016 -#define TPM_ALG_RSAPSS (TPM_ALG_ID)(ALG_RSAPSS_VALUE) -#define ALG_OAEP_VALUE 0x0017 -#define TPM_ALG_OAEP (TPM_ALG_ID)(ALG_OAEP_VALUE) -#define ALG_ECDSA_VALUE 0x0018 -#define TPM_ALG_ECDSA (TPM_ALG_ID)(ALG_ECDSA_VALUE) -#define ALG_ECDH_VALUE 0x0019 -#define TPM_ALG_ECDH (TPM_ALG_ID)(ALG_ECDH_VALUE) -#define ALG_ECDAA_VALUE 0x001A -#define TPM_ALG_ECDAA (TPM_ALG_ID)(ALG_ECDAA_VALUE) -#define ALG_SM2_VALUE 0x001B -#define TPM_ALG_SM2 (TPM_ALG_ID)(ALG_SM2_VALUE) -#define ALG_ECSCHNORR_VALUE 0x001C -#define TPM_ALG_ECSCHNORR (TPM_ALG_ID)(ALG_ECSCHNORR_VALUE) -#define ALG_ECMQV_VALUE 0x001D -#define TPM_ALG_ECMQV (TPM_ALG_ID)(ALG_ECMQV_VALUE) -#define ALG_KDF1_SP800_56A_VALUE 0x0020 -#define TPM_ALG_KDF1_SP800_56A (TPM_ALG_ID)(ALG_KDF1_SP800_56A_VALUE) -#define ALG_KDF2_VALUE 0x0021 -#define TPM_ALG_KDF2 (TPM_ALG_ID)(ALG_KDF2_VALUE) -#define ALG_KDF1_SP800_108_VALUE 0x0022 -#define TPM_ALG_KDF1_SP800_108 (TPM_ALG_ID)(ALG_KDF1_SP800_108_VALUE) -#define ALG_ECC_VALUE 0x0023 -#define TPM_ALG_ECC (TPM_ALG_ID)(ALG_ECC_VALUE) -#define ALG_SYMCIPHER_VALUE 0x0025 -#define TPM_ALG_SYMCIPHER (TPM_ALG_ID)(ALG_SYMCIPHER_VALUE) -#define ALG_CAMELLIA_VALUE 0x0026 -#define TPM_ALG_CAMELLIA (TPM_ALG_ID)(ALG_CAMELLIA_VALUE) -#define ALG_SHA3_256_VALUE 0x0027 -#define TPM_ALG_SHA3_256 (TPM_ALG_ID)(ALG_SHA3_256_VALUE) -#define ALG_SHA3_384_VALUE 0x0028 -#define TPM_ALG_SHA3_384 (TPM_ALG_ID)(ALG_SHA3_384_VALUE) -#define ALG_SHA3_512_VALUE 0x0029 -#define TPM_ALG_SHA3_512 (TPM_ALG_ID)(ALG_SHA3_512_VALUE) -#define ALG_CMAC_VALUE 0x003F -#define TPM_ALG_CMAC (TPM_ALG_ID)(ALG_CMAC_VALUE) -#define ALG_CTR_VALUE 0x0040 -#define TPM_ALG_CTR (TPM_ALG_ID)(ALG_CTR_VALUE) -#define ALG_OFB_VALUE 0x0041 -#define TPM_ALG_OFB (TPM_ALG_ID)(ALG_OFB_VALUE) -#define ALG_CBC_VALUE 0x0042 -#define TPM_ALG_CBC (TPM_ALG_ID)(ALG_CBC_VALUE) -#define ALG_CFB_VALUE 0x0043 -#define TPM_ALG_CFB (TPM_ALG_ID)(ALG_CFB_VALUE) -#define ALG_ECB_VALUE 0x0044 -#define TPM_ALG_ECB (TPM_ALG_ID)(ALG_ECB_VALUE) -// Values derived from Table 1:2 -#define ALG_FIRST_VALUE 0x0001 -#define TPM_ALG_FIRST (TPM_ALG_ID)(ALG_FIRST_VALUE) -#define ALG_LAST_VALUE 0x0044 -#define TPM_ALG_LAST (TPM_ALG_ID)(ALG_LAST_VALUE) - -// Table 1:3 - Definition of TPM_ECC_CURVE Constants -typedef UINT16 TPM_ECC_CURVE; -#define TYPE_OF_TPM_ECC_CURVE UINT16 -#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) -#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) -#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) -#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) -#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) -#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) -#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) -#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) -#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) - -// Table 2:12 - Definition of TPM_CC Constants -typedef UINT32 TPM_CC; -#define TYPE_OF_TPM_CC UINT32 -#define TPM_CC_NV_UndefineSpaceSpecial (TPM_CC)(0x0000011F) -#define TPM_CC_EvictControl (TPM_CC)(0x00000120) -#define TPM_CC_HierarchyControl (TPM_CC)(0x00000121) -#define TPM_CC_NV_UndefineSpace (TPM_CC)(0x00000122) -#define TPM_CC_ChangeEPS (TPM_CC)(0x00000124) -#define TPM_CC_ChangePPS (TPM_CC)(0x00000125) -#define TPM_CC_Clear (TPM_CC)(0x00000126) -#define TPM_CC_ClearControl (TPM_CC)(0x00000127) -#define TPM_CC_ClockSet (TPM_CC)(0x00000128) -#define TPM_CC_HierarchyChangeAuth (TPM_CC)(0x00000129) -#define TPM_CC_NV_DefineSpace (TPM_CC)(0x0000012A) -#define TPM_CC_PCR_Allocate (TPM_CC)(0x0000012B) -#define TPM_CC_PCR_SetAuthPolicy (TPM_CC)(0x0000012C) -#define TPM_CC_PP_Commands (TPM_CC)(0x0000012D) -#define TPM_CC_SetPrimaryPolicy (TPM_CC)(0x0000012E) -#define TPM_CC_FieldUpgradeStart (TPM_CC)(0x0000012F) -#define TPM_CC_ClockRateAdjust (TPM_CC)(0x00000130) -#define TPM_CC_CreatePrimary (TPM_CC)(0x00000131) -#define TPM_CC_NV_GlobalWriteLock (TPM_CC)(0x00000132) -#define TPM_CC_GetCommandAuditDigest (TPM_CC)(0x00000133) -#define TPM_CC_NV_Increment (TPM_CC)(0x00000134) -#define TPM_CC_NV_SetBits (TPM_CC)(0x00000135) -#define TPM_CC_NV_Extend (TPM_CC)(0x00000136) -#define TPM_CC_NV_Write (TPM_CC)(0x00000137) -#define TPM_CC_NV_WriteLock (TPM_CC)(0x00000138) -#define TPM_CC_DictionaryAttackLockReset (TPM_CC)(0x00000139) -#define TPM_CC_DictionaryAttackParameters (TPM_CC)(0x0000013A) -#define TPM_CC_NV_ChangeAuth (TPM_CC)(0x0000013B) -#define TPM_CC_PCR_Event (TPM_CC)(0x0000013C) -#define TPM_CC_PCR_Reset (TPM_CC)(0x0000013D) -#define TPM_CC_SequenceComplete (TPM_CC)(0x0000013E) -#define TPM_CC_SetAlgorithmSet (TPM_CC)(0x0000013F) -#define TPM_CC_SetCommandCodeAuditStatus (TPM_CC)(0x00000140) -#define TPM_CC_FieldUpgradeData (TPM_CC)(0x00000141) -#define TPM_CC_IncrementalSelfTest (TPM_CC)(0x00000142) -#define TPM_CC_SelfTest (TPM_CC)(0x00000143) -#define TPM_CC_Startup (TPM_CC)(0x00000144) -#define TPM_CC_Shutdown (TPM_CC)(0x00000145) -#define TPM_CC_StirRandom (TPM_CC)(0x00000146) -#define TPM_CC_ActivateCredential (TPM_CC)(0x00000147) -#define TPM_CC_Certify (TPM_CC)(0x00000148) -#define TPM_CC_PolicyNV (TPM_CC)(0x00000149) -#define TPM_CC_CertifyCreation (TPM_CC)(0x0000014A) -#define TPM_CC_Duplicate (TPM_CC)(0x0000014B) -#define TPM_CC_GetTime (TPM_CC)(0x0000014C) -#define TPM_CC_GetSessionAuditDigest (TPM_CC)(0x0000014D) -#define TPM_CC_NV_Read (TPM_CC)(0x0000014E) -#define TPM_CC_NV_ReadLock (TPM_CC)(0x0000014F) -#define TPM_CC_ObjectChangeAuth (TPM_CC)(0x00000150) -#define TPM_CC_PolicySecret (TPM_CC)(0x00000151) -#define TPM_CC_Rewrap (TPM_CC)(0x00000152) -#define TPM_CC_Create (TPM_CC)(0x00000153) -#define TPM_CC_ECDH_ZGen (TPM_CC)(0x00000154) -#define TPM_CC_HMAC (TPM_CC)(0x00000155) -#define TPM_CC_MAC (TPM_CC)(0x00000155) -#define TPM_CC_Import (TPM_CC)(0x00000156) -#define TPM_CC_Load (TPM_CC)(0x00000157) -#define TPM_CC_Quote (TPM_CC)(0x00000158) -#define TPM_CC_RSA_Decrypt (TPM_CC)(0x00000159) -#define TPM_CC_HMAC_Start (TPM_CC)(0x0000015B) -#define TPM_CC_MAC_Start (TPM_CC)(0x0000015B) -#define TPM_CC_SequenceUpdate (TPM_CC)(0x0000015C) -#define TPM_CC_Sign (TPM_CC)(0x0000015D) -#define TPM_CC_Unseal (TPM_CC)(0x0000015E) -#define TPM_CC_PolicySigned (TPM_CC)(0x00000160) -#define TPM_CC_ContextLoad (TPM_CC)(0x00000161) -#define TPM_CC_ContextSave (TPM_CC)(0x00000162) -#define TPM_CC_ECDH_KeyGen (TPM_CC)(0x00000163) -#define TPM_CC_EncryptDecrypt (TPM_CC)(0x00000164) -#define TPM_CC_FlushContext (TPM_CC)(0x00000165) -#define TPM_CC_LoadExternal (TPM_CC)(0x00000167) -#define TPM_CC_MakeCredential (TPM_CC)(0x00000168) -#define TPM_CC_NV_ReadPublic (TPM_CC)(0x00000169) -#define TPM_CC_PolicyAuthorize (TPM_CC)(0x0000016A) -#define TPM_CC_PolicyAuthValue (TPM_CC)(0x0000016B) -#define TPM_CC_PolicyCommandCode (TPM_CC)(0x0000016C) -#define TPM_CC_PolicyCounterTimer (TPM_CC)(0x0000016D) -#define TPM_CC_PolicyCpHash (TPM_CC)(0x0000016E) -#define TPM_CC_PolicyLocality (TPM_CC)(0x0000016F) -#define TPM_CC_PolicyNameHash (TPM_CC)(0x00000170) -#define TPM_CC_PolicyOR (TPM_CC)(0x00000171) -#define TPM_CC_PolicyTicket (TPM_CC)(0x00000172) -#define TPM_CC_ReadPublic (TPM_CC)(0x00000173) -#define TPM_CC_RSA_Encrypt (TPM_CC)(0x00000174) -#define TPM_CC_StartAuthSession (TPM_CC)(0x00000176) -#define TPM_CC_VerifySignature (TPM_CC)(0x00000177) -#define TPM_CC_ECC_Parameters (TPM_CC)(0x00000178) -#define TPM_CC_FirmwareRead (TPM_CC)(0x00000179) -#define TPM_CC_GetCapability (TPM_CC)(0x0000017A) -#define TPM_CC_GetRandom (TPM_CC)(0x0000017B) -#define TPM_CC_GetTestResult (TPM_CC)(0x0000017C) -#define TPM_CC_Hash (TPM_CC)(0x0000017D) -#define TPM_CC_PCR_Read (TPM_CC)(0x0000017E) -#define TPM_CC_PolicyPCR (TPM_CC)(0x0000017F) -#define TPM_CC_PolicyRestart (TPM_CC)(0x00000180) -#define TPM_CC_ReadClock (TPM_CC)(0x00000181) -#define TPM_CC_PCR_Extend (TPM_CC)(0x00000182) -#define TPM_CC_PCR_SetAuthValue (TPM_CC)(0x00000183) -#define TPM_CC_NV_Certify (TPM_CC)(0x00000184) -#define TPM_CC_EventSequenceComplete (TPM_CC)(0x00000185) -#define TPM_CC_HashSequenceStart (TPM_CC)(0x00000186) -#define TPM_CC_PolicyPhysicalPresence (TPM_CC)(0x00000187) -#define TPM_CC_PolicyDuplicationSelect (TPM_CC)(0x00000188) -#define TPM_CC_PolicyGetDigest (TPM_CC)(0x00000189) -#define TPM_CC_TestParms (TPM_CC)(0x0000018A) -#define TPM_CC_Commit (TPM_CC)(0x0000018B) -#define TPM_CC_PolicyPassword (TPM_CC)(0x0000018C) -#define TPM_CC_ZGen_2Phase (TPM_CC)(0x0000018D) -#define TPM_CC_EC_Ephemeral (TPM_CC)(0x0000018E) -#define TPM_CC_PolicyNvWritten (TPM_CC)(0x0000018F) -#define TPM_CC_PolicyTemplate (TPM_CC)(0x00000190) -#define TPM_CC_CreateLoaded (TPM_CC)(0x00000191) -#define TPM_CC_PolicyAuthorizeNV (TPM_CC)(0x00000192) -#define TPM_CC_EncryptDecrypt2 (TPM_CC)(0x00000193) -#define TPM_CC_AC_GetCapability (TPM_CC)(0x00000194) -#define TPM_CC_AC_Send (TPM_CC)(0x00000195) -#define TPM_CC_Policy_AC_SendSelect (TPM_CC)(0x00000196) -#define TPM_CC_CertifyX509 (TPM_CC)(0x00000197) -#define CC_VEND 0x20000000 -#define TPM_CC_Vendor_TCG_Test (TPM_CC)(0x20000000) - -// Table 2:5 - Definition of Types for Documentation Clarity -typedef UINT32 TPM_ALGORITHM_ID; -#define TYPE_OF_TPM_ALGORITHM_ID UINT32 -typedef UINT32 TPM_MODIFIER_INDICATOR; -#define TYPE_OF_TPM_MODIFIER_INDICATOR UINT32 -typedef UINT32 TPM_AUTHORIZATION_SIZE; -#define TYPE_OF_TPM_AUTHORIZATION_SIZE UINT32 -typedef UINT32 TPM_PARAMETER_SIZE; -#define TYPE_OF_TPM_PARAMETER_SIZE UINT32 -typedef UINT16 TPM_KEY_SIZE; -#define TYPE_OF_TPM_KEY_SIZE UINT16 -typedef UINT16 TPM_KEY_BITS; -#define TYPE_OF_TPM_KEY_BITS UINT16 - -// Table 2:6 - Definition of TPM_SPEC Constants -typedef UINT32 TPM_SPEC; -#define TYPE_OF_TPM_SPEC UINT32 -#define SPEC_FAMILY 0x322E3000 -#define TPM_SPEC_FAMILY (TPM_SPEC)(SPEC_FAMILY) -#define SPEC_LEVEL 00 -#define TPM_SPEC_LEVEL (TPM_SPEC)(SPEC_LEVEL) -#define SPEC_VERSION 154 -#define TPM_SPEC_VERSION (TPM_SPEC)(SPEC_VERSION) -#define SPEC_YEAR 2019 -#define TPM_SPEC_YEAR (TPM_SPEC)(SPEC_YEAR) -#define SPEC_DAY_OF_YEAR 81 -#define TPM_SPEC_DAY_OF_YEAR (TPM_SPEC)(SPEC_DAY_OF_YEAR) - -// Table 2:7 - Definition of TPM_GENERATED Constants -typedef UINT32 TPM_GENERATED; -#define TYPE_OF_TPM_GENERATED UINT32 -#define TPM_GENERATED_VALUE (TPM_GENERATED)(0xFF544347) - -// Table 2:16 - Definition of TPM_RC Constants -typedef UINT32 TPM_RC; -#define TYPE_OF_TPM_RC UINT32 -#define TPM_RC_SUCCESS (TPM_RC)(0x000) -#define TPM_RC_BAD_TAG (TPM_RC)(0x01E) -#define RC_VER1 (TPM_RC)(0x100) -#define TPM_RC_INITIALIZE (TPM_RC)(RC_VER1+0x000) -#define TPM_RC_FAILURE (TPM_RC)(RC_VER1+0x001) -#define TPM_RC_SEQUENCE (TPM_RC)(RC_VER1+0x003) -#define TPM_RC_PRIVATE (TPM_RC)(RC_VER1+0x00B) -#define TPM_RC_HMAC (TPM_RC)(RC_VER1+0x019) -#define TPM_RC_DISABLED (TPM_RC)(RC_VER1+0x020) -#define TPM_RC_EXCLUSIVE (TPM_RC)(RC_VER1+0x021) -#define TPM_RC_AUTH_TYPE (TPM_RC)(RC_VER1+0x024) -#define TPM_RC_AUTH_MISSING (TPM_RC)(RC_VER1+0x025) -#define TPM_RC_POLICY (TPM_RC)(RC_VER1+0x026) -#define TPM_RC_PCR (TPM_RC)(RC_VER1+0x027) -#define TPM_RC_PCR_CHANGED (TPM_RC)(RC_VER1+0x028) -#define TPM_RC_UPGRADE (TPM_RC)(RC_VER1+0x02D) -#define TPM_RC_TOO_MANY_CONTEXTS (TPM_RC)(RC_VER1+0x02E) -#define TPM_RC_AUTH_UNAVAILABLE (TPM_RC)(RC_VER1+0x02F) -#define TPM_RC_REBOOT (TPM_RC)(RC_VER1+0x030) -#define TPM_RC_UNBALANCED (TPM_RC)(RC_VER1+0x031) -#define TPM_RC_COMMAND_SIZE (TPM_RC)(RC_VER1+0x042) -#define TPM_RC_COMMAND_CODE (TPM_RC)(RC_VER1+0x043) -#define TPM_RC_AUTHSIZE (TPM_RC)(RC_VER1+0x044) -#define TPM_RC_AUTH_CONTEXT (TPM_RC)(RC_VER1+0x045) -#define TPM_RC_NV_RANGE (TPM_RC)(RC_VER1+0x046) -#define TPM_RC_NV_SIZE (TPM_RC)(RC_VER1+0x047) -#define TPM_RC_NV_LOCKED (TPM_RC)(RC_VER1+0x048) -#define TPM_RC_NV_AUTHORIZATION (TPM_RC)(RC_VER1+0x049) -#define TPM_RC_NV_UNINITIALIZED (TPM_RC)(RC_VER1+0x04A) -#define TPM_RC_NV_SPACE (TPM_RC)(RC_VER1+0x04B) -#define TPM_RC_NV_DEFINED (TPM_RC)(RC_VER1+0x04C) -#define TPM_RC_BAD_CONTEXT (TPM_RC)(RC_VER1+0x050) -#define TPM_RC_CPHASH (TPM_RC)(RC_VER1+0x051) -#define TPM_RC_PARENT (TPM_RC)(RC_VER1+0x052) -#define TPM_RC_NEEDS_TEST (TPM_RC)(RC_VER1+0x053) -#define TPM_RC_NO_RESULT (TPM_RC)(RC_VER1+0x054) -#define TPM_RC_SENSITIVE (TPM_RC)(RC_VER1+0x055) -#define RC_MAX_FM0 (TPM_RC)(RC_VER1+0x07F) -#define RC_FMT1 (TPM_RC)(0x080) -#define TPM_RC_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) -#define TPM_RCS_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) -#define TPM_RC_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) -#define TPM_RCS_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) -#define TPM_RC_HASH (TPM_RC)(RC_FMT1+0x003) -#define TPM_RCS_HASH (TPM_RC)(RC_FMT1+0x003) -#define TPM_RC_VALUE (TPM_RC)(RC_FMT1+0x004) -#define TPM_RCS_VALUE (TPM_RC)(RC_FMT1+0x004) -#define TPM_RC_HIERARCHY (TPM_RC)(RC_FMT1+0x005) -#define TPM_RCS_HIERARCHY (TPM_RC)(RC_FMT1+0x005) -#define TPM_RC_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) -#define TPM_RCS_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) -#define TPM_RC_MGF (TPM_RC)(RC_FMT1+0x008) -#define TPM_RCS_MGF (TPM_RC)(RC_FMT1+0x008) -#define TPM_RC_MODE (TPM_RC)(RC_FMT1+0x009) -#define TPM_RCS_MODE (TPM_RC)(RC_FMT1+0x009) -#define TPM_RC_TYPE (TPM_RC)(RC_FMT1+0x00A) -#define TPM_RCS_TYPE (TPM_RC)(RC_FMT1+0x00A) -#define TPM_RC_HANDLE (TPM_RC)(RC_FMT1+0x00B) -#define TPM_RCS_HANDLE (TPM_RC)(RC_FMT1+0x00B) -#define TPM_RC_KDF (TPM_RC)(RC_FMT1+0x00C) -#define TPM_RCS_KDF (TPM_RC)(RC_FMT1+0x00C) -#define TPM_RC_RANGE (TPM_RC)(RC_FMT1+0x00D) -#define TPM_RCS_RANGE (TPM_RC)(RC_FMT1+0x00D) -#define TPM_RC_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) -#define TPM_RCS_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) -#define TPM_RC_NONCE (TPM_RC)(RC_FMT1+0x00F) -#define TPM_RCS_NONCE (TPM_RC)(RC_FMT1+0x00F) -#define TPM_RC_PP (TPM_RC)(RC_FMT1+0x010) -#define TPM_RCS_PP (TPM_RC)(RC_FMT1+0x010) -#define TPM_RC_SCHEME (TPM_RC)(RC_FMT1+0x012) -#define TPM_RCS_SCHEME (TPM_RC)(RC_FMT1+0x012) -#define TPM_RC_SIZE (TPM_RC)(RC_FMT1+0x015) -#define TPM_RCS_SIZE (TPM_RC)(RC_FMT1+0x015) -#define TPM_RC_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) -#define TPM_RCS_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) -#define TPM_RC_TAG (TPM_RC)(RC_FMT1+0x017) -#define TPM_RCS_TAG (TPM_RC)(RC_FMT1+0x017) -#define TPM_RC_SELECTOR (TPM_RC)(RC_FMT1+0x018) -#define TPM_RCS_SELECTOR (TPM_RC)(RC_FMT1+0x018) -#define TPM_RC_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) -#define TPM_RCS_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) -#define TPM_RC_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) -#define TPM_RCS_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) -#define TPM_RC_KEY (TPM_RC)(RC_FMT1+0x01C) -#define TPM_RCS_KEY (TPM_RC)(RC_FMT1+0x01C) -#define TPM_RC_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) -#define TPM_RCS_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) -#define TPM_RC_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) -#define TPM_RCS_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) -#define TPM_RC_TICKET (TPM_RC)(RC_FMT1+0x020) -#define TPM_RCS_TICKET (TPM_RC)(RC_FMT1+0x020) -#define TPM_RC_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) -#define TPM_RCS_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) -#define TPM_RC_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) -#define TPM_RCS_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) -#define TPM_RC_EXPIRED (TPM_RC)(RC_FMT1+0x023) -#define TPM_RCS_EXPIRED (TPM_RC)(RC_FMT1+0x023) -#define TPM_RC_POLICY_CC (TPM_RC)(RC_FMT1+0x024) -#define TPM_RCS_POLICY_CC (TPM_RC)(RC_FMT1+0x024) -#define TPM_RC_BINDING (TPM_RC)(RC_FMT1+0x025) -#define TPM_RCS_BINDING (TPM_RC)(RC_FMT1+0x025) -#define TPM_RC_CURVE (TPM_RC)(RC_FMT1+0x026) -#define TPM_RCS_CURVE (TPM_RC)(RC_FMT1+0x026) -#define TPM_RC_ECC_POINT (TPM_RC)(RC_FMT1+0x027) -#define TPM_RCS_ECC_POINT (TPM_RC)(RC_FMT1+0x027) -#define RC_WARN (TPM_RC)(0x900) -#define TPM_RC_CONTEXT_GAP (TPM_RC)(RC_WARN+0x001) -#define TPM_RC_OBJECT_MEMORY (TPM_RC)(RC_WARN+0x002) -#define TPM_RC_SESSION_MEMORY (TPM_RC)(RC_WARN+0x003) -#define TPM_RC_MEMORY (TPM_RC)(RC_WARN+0x004) -#define TPM_RC_SESSION_HANDLES (TPM_RC)(RC_WARN+0x005) -#define TPM_RC_OBJECT_HANDLES (TPM_RC)(RC_WARN+0x006) -#define TPM_RC_LOCALITY (TPM_RC)(RC_WARN+0x007) -#define TPM_RC_YIELDED (TPM_RC)(RC_WARN+0x008) -#define TPM_RC_CANCELED (TPM_RC)(RC_WARN+0x009) -#define TPM_RC_TESTING (TPM_RC)(RC_WARN+0x00A) -#define TPM_RC_REFERENCE_H0 (TPM_RC)(RC_WARN+0x010) -#define TPM_RC_REFERENCE_H1 (TPM_RC)(RC_WARN+0x011) -#define TPM_RC_REFERENCE_H2 (TPM_RC)(RC_WARN+0x012) -#define TPM_RC_REFERENCE_H3 (TPM_RC)(RC_WARN+0x013) -#define TPM_RC_REFERENCE_H4 (TPM_RC)(RC_WARN+0x014) -#define TPM_RC_REFERENCE_H5 (TPM_RC)(RC_WARN+0x015) -#define TPM_RC_REFERENCE_H6 (TPM_RC)(RC_WARN+0x016) -#define TPM_RC_REFERENCE_S0 (TPM_RC)(RC_WARN+0x018) -#define TPM_RC_REFERENCE_S1 (TPM_RC)(RC_WARN+0x019) -#define TPM_RC_REFERENCE_S2 (TPM_RC)(RC_WARN+0x01A) -#define TPM_RC_REFERENCE_S3 (TPM_RC)(RC_WARN+0x01B) -#define TPM_RC_REFERENCE_S4 (TPM_RC)(RC_WARN+0x01C) -#define TPM_RC_REFERENCE_S5 (TPM_RC)(RC_WARN+0x01D) -#define TPM_RC_REFERENCE_S6 (TPM_RC)(RC_WARN+0x01E) -#define TPM_RC_NV_RATE (TPM_RC)(RC_WARN+0x020) -#define TPM_RC_LOCKOUT (TPM_RC)(RC_WARN+0x021) -#define TPM_RC_RETRY (TPM_RC)(RC_WARN+0x022) -#define TPM_RC_NV_UNAVAILABLE (TPM_RC)(RC_WARN+0x023) -#define TPM_RC_NOT_USED (TPM_RC)(RC_WARN+0x7F) -#define TPM_RC_H (TPM_RC)(0x000) -#define TPM_RC_P (TPM_RC)(0x040) -#define TPM_RC_S (TPM_RC)(0x800) -#define TPM_RC_1 (TPM_RC)(0x100) -#define TPM_RC_2 (TPM_RC)(0x200) -#define TPM_RC_3 (TPM_RC)(0x300) -#define TPM_RC_4 (TPM_RC)(0x400) -#define TPM_RC_5 (TPM_RC)(0x500) -#define TPM_RC_6 (TPM_RC)(0x600) -#define TPM_RC_7 (TPM_RC)(0x700) -#define TPM_RC_8 (TPM_RC)(0x800) -#define TPM_RC_9 (TPM_RC)(0x900) -#define TPM_RC_A (TPM_RC)(0xA00) -#define TPM_RC_B (TPM_RC)(0xB00) -#define TPM_RC_C (TPM_RC)(0xC00) -#define TPM_RC_D (TPM_RC)(0xD00) -#define TPM_RC_E (TPM_RC)(0xE00) -#define TPM_RC_F (TPM_RC)(0xF00) -#define TPM_RC_N_MASK (TPM_RC)(0xF00) - -// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants -typedef INT8 TPM_CLOCK_ADJUST; -#define TYPE_OF_TPM_CLOCK_ADJUST UINT8 -#define TPM_CLOCK_COARSE_SLOWER (TPM_CLOCK_ADJUST)(-3) -#define TPM_CLOCK_MEDIUM_SLOWER (TPM_CLOCK_ADJUST)(-2) -#define TPM_CLOCK_FINE_SLOWER (TPM_CLOCK_ADJUST)(-1) -#define TPM_CLOCK_NO_CHANGE (TPM_CLOCK_ADJUST)(0) -#define TPM_CLOCK_FINE_FASTER (TPM_CLOCK_ADJUST)(1) -#define TPM_CLOCK_MEDIUM_FASTER (TPM_CLOCK_ADJUST)(2) -#define TPM_CLOCK_COARSE_FASTER (TPM_CLOCK_ADJUST)(3) - -// Table 2:18 - Definition of TPM_EO Constants -typedef UINT16 TPM_EO; -#define TYPE_OF_TPM_EO UINT16 -#define TPM_EO_EQ (TPM_EO)(0x0000) -#define TPM_EO_NEQ (TPM_EO)(0x0001) -#define TPM_EO_SIGNED_GT (TPM_EO)(0x0002) -#define TPM_EO_UNSIGNED_GT (TPM_EO)(0x0003) -#define TPM_EO_SIGNED_LT (TPM_EO)(0x0004) -#define TPM_EO_UNSIGNED_LT (TPM_EO)(0x0005) -#define TPM_EO_SIGNED_GE (TPM_EO)(0x0006) -#define TPM_EO_UNSIGNED_GE (TPM_EO)(0x0007) -#define TPM_EO_SIGNED_LE (TPM_EO)(0x0008) -#define TPM_EO_UNSIGNED_LE (TPM_EO)(0x0009) -#define TPM_EO_BITSET (TPM_EO)(0x000A) -#define TPM_EO_BITCLEAR (TPM_EO)(0x000B) - -// Table 2:19 - Definition of TPM_ST Constants -typedef UINT16 TPM_ST; -#define TYPE_OF_TPM_ST UINT16 -#define TPM_ST_RSP_COMMAND (TPM_ST)(0x00C4) -#define TPM_ST_NULL (TPM_ST)(0x8000) -#define TPM_ST_NO_SESSIONS (TPM_ST)(0x8001) -#define TPM_ST_SESSIONS (TPM_ST)(0x8002) -#define TPM_ST_ATTEST_NV (TPM_ST)(0x8014) -#define TPM_ST_ATTEST_COMMAND_AUDIT (TPM_ST)(0x8015) -#define TPM_ST_ATTEST_SESSION_AUDIT (TPM_ST)(0x8016) -#define TPM_ST_ATTEST_CERTIFY (TPM_ST)(0x8017) -#define TPM_ST_ATTEST_QUOTE (TPM_ST)(0x8018) -#define TPM_ST_ATTEST_TIME (TPM_ST)(0x8019) -#define TPM_ST_ATTEST_CREATION (TPM_ST)(0x801A) -#define TPM_ST_ATTEST_NV_DIGEST (TPM_ST)(0x801C) -#define TPM_ST_CREATION (TPM_ST)(0x8021) -#define TPM_ST_VERIFIED (TPM_ST)(0x8022) -#define TPM_ST_AUTH_SECRET (TPM_ST)(0x8023) -#define TPM_ST_HASHCHECK (TPM_ST)(0x8024) -#define TPM_ST_AUTH_SIGNED (TPM_ST)(0x8025) -#define TPM_ST_FU_MANIFEST (TPM_ST)(0x8029) - -// Table 2:20 - Definition of TPM_SU Constants -typedef UINT16 TPM_SU; -#define TYPE_OF_TPM_SU UINT16 -#define TPM_SU_CLEAR (TPM_SU)(0x0000) -#define TPM_SU_STATE (TPM_SU)(0x0001) - -// Table 2:21 - Definition of TPM_SE Constants -typedef UINT8 TPM_SE; -#define TYPE_OF_TPM_SE UINT8 -#define TPM_SE_HMAC (TPM_SE)(0x00) -#define TPM_SE_POLICY (TPM_SE)(0x01) -#define TPM_SE_TRIAL (TPM_SE)(0x03) - -// Table 2:22 - Definition of TPM_CAP Constants -typedef UINT32 TPM_CAP; -#define TYPE_OF_TPM_CAP UINT32 -#define TPM_CAP_FIRST (TPM_CAP)(0x00000000) -#define TPM_CAP_ALGS (TPM_CAP)(0x00000000) -#define TPM_CAP_HANDLES (TPM_CAP)(0x00000001) -#define TPM_CAP_COMMANDS (TPM_CAP)(0x00000002) -#define TPM_CAP_PP_COMMANDS (TPM_CAP)(0x00000003) -#define TPM_CAP_AUDIT_COMMANDS (TPM_CAP)(0x00000004) -#define TPM_CAP_PCRS (TPM_CAP)(0x00000005) -#define TPM_CAP_TPM_PROPERTIES (TPM_CAP)(0x00000006) -#define TPM_CAP_PCR_PROPERTIES (TPM_CAP)(0x00000007) -#define TPM_CAP_ECC_CURVES (TPM_CAP)(0x00000008) -#define TPM_CAP_AUTH_POLICIES (TPM_CAP)(0x00000009) -#define TPM_CAP_LAST (TPM_CAP)(0x00000009) -#define TPM_CAP_VENDOR_PROPERTY (TPM_CAP)(0x00000100) - -// Table 2:23 - Definition of TPM_PT Constants -typedef UINT32 TPM_PT; -#define TYPE_OF_TPM_PT UINT32 -#define TPM_PT_NONE (TPM_PT)(0x00000000) -#define PT_GROUP (TPM_PT)(0x00000100) -#define PT_FIXED (TPM_PT)(PT_GROUP*1) -#define TPM_PT_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+0) -#define TPM_PT_LEVEL (TPM_PT)(PT_FIXED+1) -#define TPM_PT_REVISION (TPM_PT)(PT_FIXED+2) -#define TPM_PT_DAY_OF_YEAR (TPM_PT)(PT_FIXED+3) -#define TPM_PT_YEAR (TPM_PT)(PT_FIXED+4) -#define TPM_PT_MANUFACTURER (TPM_PT)(PT_FIXED+5) -#define TPM_PT_VENDOR_STRING_1 (TPM_PT)(PT_FIXED+6) -#define TPM_PT_VENDOR_STRING_2 (TPM_PT)(PT_FIXED+7) -#define TPM_PT_VENDOR_STRING_3 (TPM_PT)(PT_FIXED+8) -#define TPM_PT_VENDOR_STRING_4 (TPM_PT)(PT_FIXED+9) -#define TPM_PT_VENDOR_TPM_TYPE (TPM_PT)(PT_FIXED+10) -#define TPM_PT_FIRMWARE_VERSION_1 (TPM_PT)(PT_FIXED+11) -#define TPM_PT_FIRMWARE_VERSION_2 (TPM_PT)(PT_FIXED+12) -#define TPM_PT_INPUT_BUFFER (TPM_PT)(PT_FIXED+13) -#define TPM_PT_HR_TRANSIENT_MIN (TPM_PT)(PT_FIXED+14) -#define TPM_PT_HR_PERSISTENT_MIN (TPM_PT)(PT_FIXED+15) -#define TPM_PT_HR_LOADED_MIN (TPM_PT)(PT_FIXED+16) -#define TPM_PT_ACTIVE_SESSIONS_MAX (TPM_PT)(PT_FIXED+17) -#define TPM_PT_PCR_COUNT (TPM_PT)(PT_FIXED+18) -#define TPM_PT_PCR_SELECT_MIN (TPM_PT)(PT_FIXED+19) -#define TPM_PT_CONTEXT_GAP_MAX (TPM_PT)(PT_FIXED+20) -#define TPM_PT_NV_COUNTERS_MAX (TPM_PT)(PT_FIXED+22) -#define TPM_PT_NV_INDEX_MAX (TPM_PT)(PT_FIXED+23) -#define TPM_PT_MEMORY (TPM_PT)(PT_FIXED+24) -#define TPM_PT_CLOCK_UPDATE (TPM_PT)(PT_FIXED+25) -#define TPM_PT_CONTEXT_HASH (TPM_PT)(PT_FIXED+26) -#define TPM_PT_CONTEXT_SYM (TPM_PT)(PT_FIXED+27) -#define TPM_PT_CONTEXT_SYM_SIZE (TPM_PT)(PT_FIXED+28) -#define TPM_PT_ORDERLY_COUNT (TPM_PT)(PT_FIXED+29) -#define TPM_PT_MAX_COMMAND_SIZE (TPM_PT)(PT_FIXED+30) -#define TPM_PT_MAX_RESPONSE_SIZE (TPM_PT)(PT_FIXED+31) -#define TPM_PT_MAX_DIGEST (TPM_PT)(PT_FIXED+32) -#define TPM_PT_MAX_OBJECT_CONTEXT (TPM_PT)(PT_FIXED+33) -#define TPM_PT_MAX_SESSION_CONTEXT (TPM_PT)(PT_FIXED+34) -#define TPM_PT_PS_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+35) -#define TPM_PT_PS_LEVEL (TPM_PT)(PT_FIXED+36) -#define TPM_PT_PS_REVISION (TPM_PT)(PT_FIXED+37) -#define TPM_PT_PS_DAY_OF_YEAR (TPM_PT)(PT_FIXED+38) -#define TPM_PT_PS_YEAR (TPM_PT)(PT_FIXED+39) -#define TPM_PT_SPLIT_MAX (TPM_PT)(PT_FIXED+40) -#define TPM_PT_TOTAL_COMMANDS (TPM_PT)(PT_FIXED+41) -#define TPM_PT_LIBRARY_COMMANDS (TPM_PT)(PT_FIXED+42) -#define TPM_PT_VENDOR_COMMANDS (TPM_PT)(PT_FIXED+43) -#define TPM_PT_NV_BUFFER_MAX (TPM_PT)(PT_FIXED+44) -#define TPM_PT_MODES (TPM_PT)(PT_FIXED+45) -#define TPM_PT_MAX_CAP_BUFFER (TPM_PT)(PT_FIXED+46) -#define PT_VAR (TPM_PT)(PT_GROUP*2) -#define TPM_PT_PERMANENT (TPM_PT)(PT_VAR+0) -#define TPM_PT_STARTUP_CLEAR (TPM_PT)(PT_VAR+1) -#define TPM_PT_HR_NV_INDEX (TPM_PT)(PT_VAR+2) -#define TPM_PT_HR_LOADED (TPM_PT)(PT_VAR+3) -#define TPM_PT_HR_LOADED_AVAIL (TPM_PT)(PT_VAR+4) -#define TPM_PT_HR_ACTIVE (TPM_PT)(PT_VAR+5) -#define TPM_PT_HR_ACTIVE_AVAIL (TPM_PT)(PT_VAR+6) -#define TPM_PT_HR_TRANSIENT_AVAIL (TPM_PT)(PT_VAR+7) -#define TPM_PT_HR_PERSISTENT (TPM_PT)(PT_VAR+8) -#define TPM_PT_HR_PERSISTENT_AVAIL (TPM_PT)(PT_VAR+9) -#define TPM_PT_NV_COUNTERS (TPM_PT)(PT_VAR+10) -#define TPM_PT_NV_COUNTERS_AVAIL (TPM_PT)(PT_VAR+11) -#define TPM_PT_ALGORITHM_SET (TPM_PT)(PT_VAR+12) -#define TPM_PT_LOADED_CURVES (TPM_PT)(PT_VAR+13) -#define TPM_PT_LOCKOUT_COUNTER (TPM_PT)(PT_VAR+14) -#define TPM_PT_MAX_AUTH_FAIL (TPM_PT)(PT_VAR+15) -#define TPM_PT_LOCKOUT_INTERVAL (TPM_PT)(PT_VAR+16) -#define TPM_PT_LOCKOUT_RECOVERY (TPM_PT)(PT_VAR+17) -#define TPM_PT_NV_WRITE_RECOVERY (TPM_PT)(PT_VAR+18) -#define TPM_PT_AUDIT_COUNTER_0 (TPM_PT)(PT_VAR+19) -#define TPM_PT_AUDIT_COUNTER_1 (TPM_PT)(PT_VAR+20) - -// Table 2:24 - Definition of TPM_PT_PCR Constants -typedef UINT32 TPM_PT_PCR; -#define TYPE_OF_TPM_PT_PCR UINT32 -#define TPM_PT_PCR_FIRST (TPM_PT_PCR)(0x00000000) -#define TPM_PT_PCR_SAVE (TPM_PT_PCR)(0x00000000) -#define TPM_PT_PCR_EXTEND_L0 (TPM_PT_PCR)(0x00000001) -#define TPM_PT_PCR_RESET_L0 (TPM_PT_PCR)(0x00000002) -#define TPM_PT_PCR_EXTEND_L1 (TPM_PT_PCR)(0x00000003) -#define TPM_PT_PCR_RESET_L1 (TPM_PT_PCR)(0x00000004) -#define TPM_PT_PCR_EXTEND_L2 (TPM_PT_PCR)(0x00000005) -#define TPM_PT_PCR_RESET_L2 (TPM_PT_PCR)(0x00000006) -#define TPM_PT_PCR_EXTEND_L3 (TPM_PT_PCR)(0x00000007) -#define TPM_PT_PCR_RESET_L3 (TPM_PT_PCR)(0x00000008) -#define TPM_PT_PCR_EXTEND_L4 (TPM_PT_PCR)(0x00000009) -#define TPM_PT_PCR_RESET_L4 (TPM_PT_PCR)(0x0000000A) -#define TPM_PT_PCR_NO_INCREMENT (TPM_PT_PCR)(0x00000011) -#define TPM_PT_PCR_DRTM_RESET (TPM_PT_PCR)(0x00000012) -#define TPM_PT_PCR_POLICY (TPM_PT_PCR)(0x00000013) -#define TPM_PT_PCR_AUTH (TPM_PT_PCR)(0x00000014) -#define TPM_PT_PCR_LAST (TPM_PT_PCR)(0x00000014) - -// Table 2:25 - Definition of TPM_PS Constants -typedef UINT32 TPM_PS; -#define TYPE_OF_TPM_PS UINT32 -#define TPM_PS_MAIN (TPM_PS)(0x00000000) -#define TPM_PS_PC (TPM_PS)(0x00000001) -#define TPM_PS_PDA (TPM_PS)(0x00000002) -#define TPM_PS_CELL_PHONE (TPM_PS)(0x00000003) -#define TPM_PS_SERVER (TPM_PS)(0x00000004) -#define TPM_PS_PERIPHERAL (TPM_PS)(0x00000005) -#define TPM_PS_TSS (TPM_PS)(0x00000006) -#define TPM_PS_STORAGE (TPM_PS)(0x00000007) -#define TPM_PS_AUTHENTICATION (TPM_PS)(0x00000008) -#define TPM_PS_EMBEDDED (TPM_PS)(0x00000009) -#define TPM_PS_HARDCOPY (TPM_PS)(0x0000000A) -#define TPM_PS_INFRASTRUCTURE (TPM_PS)(0x0000000B) -#define TPM_PS_VIRTUALIZATION (TPM_PS)(0x0000000C) -#define TPM_PS_TNC (TPM_PS)(0x0000000D) -#define TPM_PS_MULTI_TENANT (TPM_PS)(0x0000000E) -#define TPM_PS_TC (TPM_PS)(0x0000000F) - -// Table 2:26 - Definition of Types for Handles -typedef UINT32 TPM_HANDLE; -#define TYPE_OF_TPM_HANDLE UINT32 - -// Table 2:27 - Definition of TPM_HT Constants -typedef UINT8 TPM_HT; -#define TYPE_OF_TPM_HT UINT8 -#define TPM_HT_PCR (TPM_HT)(0x00) -#define TPM_HT_NV_INDEX (TPM_HT)(0x01) -#define TPM_HT_HMAC_SESSION (TPM_HT)(0x02) -#define TPM_HT_LOADED_SESSION (TPM_HT)(0x02) -#define TPM_HT_POLICY_SESSION (TPM_HT)(0x03) -#define TPM_HT_SAVED_SESSION (TPM_HT)(0x03) -#define TPM_HT_PERMANENT (TPM_HT)(0x40) -#define TPM_HT_TRANSIENT (TPM_HT)(0x80) -#define TPM_HT_PERSISTENT (TPM_HT)(0x81) -#define TPM_HT_AC (TPM_HT)(0x90) - -// Table 2:28 - Definition of TPM_RH Constants -typedef TPM_HANDLE TPM_RH; -#define TPM_RH_FIRST (TPM_RH)(0x40000000) -#define TPM_RH_SRK (TPM_RH)(0x40000000) -#define TPM_RH_OWNER (TPM_RH)(0x40000001) -#define TPM_RH_REVOKE (TPM_RH)(0x40000002) -#define TPM_RH_TRANSPORT (TPM_RH)(0x40000003) -#define TPM_RH_OPERATOR (TPM_RH)(0x40000004) -#define TPM_RH_ADMIN (TPM_RH)(0x40000005) -#define TPM_RH_EK (TPM_RH)(0x40000006) -#define TPM_RH_NULL (TPM_RH)(0x40000007) -#define TPM_RH_UNASSIGNED (TPM_RH)(0x40000008) -#define TPM_RS_PW (TPM_RH)(0x40000009) -#define TPM_RH_LOCKOUT (TPM_RH)(0x4000000A) -#define TPM_RH_ENDORSEMENT (TPM_RH)(0x4000000B) -#define TPM_RH_PLATFORM (TPM_RH)(0x4000000C) -#define TPM_RH_PLATFORM_NV (TPM_RH)(0x4000000D) -#define TPM_RH_AUTH_00 (TPM_RH)(0x40000010) -#define TPM_RH_AUTH_FF (TPM_RH)(0x4000010F) -#define TPM_RH_LAST (TPM_RH)(0x4000010F) - -// Table 2:29 - Definition of TPM_HC Constants -typedef TPM_HANDLE TPM_HC; -#define HR_HANDLE_MASK (TPM_HC)(0x00FFFFFF) -#define HR_RANGE_MASK (TPM_HC)(0xFF000000) -#define HR_SHIFT (TPM_HC)(24) -#define HR_PCR (TPM_HC)((TPM_HT_PCR< -#include -#include - - -//*************************************************************** -//** Links to the wolfcrypt HASH code -//*************************************************************** - -// Redefine the internal name used for each of the hash state structures to the -// name used by the library. -// These defines need to be known in all parts of the TPM so that the structure -// sizes can be properly computed when needed. - -#define tpmHashStateSHA1_t wc_Sha -#define tpmHashStateSHA256_t wc_Sha256 -#define tpmHashStateSHA384_t wc_Sha512 -#define tpmHashStateSHA512_t wc_Sha512 - -#if ALG_SM3 -# error "The version of WolfCrypt used by this code does not support SM3" -#endif - -// The defines below are only needed when compiling CryptHash.c or CryptSmac.c. -// This isolation is primarily to avoid name space collision. However, if there -// is a real collision, it will likely show up when the linker tries to put things -// together. - -#ifdef _CRYPT_HASH_C_ - -typedef BYTE *PBYTE; -typedef const BYTE *PCBYTE; - -// Define the interface between CryptHash.c to the functions provided by the -// library. For each method, define the calling parameters of the method and then -// define how the method is invoked in CryptHash.c. -// -// All hashes are required to have the same calling sequence. If they don't, create -// a simple adaptation function that converts from the "standard" form of the call -// to the form used by the specific hash (and then send a nasty letter to the -// person who wrote the hash function for the library). -// -// The macro that calls the method also defines how the -// parameters get swizzled between the default form (in CryptHash.c)and the -// library form. -// -// Initialize the hash context -#define HASH_START_METHOD_DEF void (HASH_START_METHOD)(PANY_HASH_STATE state) -#define HASH_START(hashState) \ - ((hashState)->def->method.start)(&(hashState)->state); - -// Add data to the hash -#define HASH_DATA_METHOD_DEF \ - void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ - PCBYTE buffer, \ - size_t size) -#define HASH_DATA(hashState, dInSize, dIn) \ - ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) - -// Finalize the hash and get the digest -#define HASH_END_METHOD_DEF \ - void (HASH_END_METHOD)(PANY_HASH_STATE state, BYTE *buffer) -#define HASH_END(hashState, buffer) \ - ((hashState)->def->method.end)(&(hashState)->state, buffer) - -// Copy the hash context -// Note: For import, export, and copy, memcpy() is used since there is no -// reformatting necessary between the internal and external forms. -#define HASH_STATE_COPY_METHOD_DEF \ - void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_COPY(hashStateOut, hashStateIn) \ - ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ - &(hashStateIn)->state, \ - (hashStateIn)->def->contextSize) - -// Copy (with reformatting when necessary) an internal hash structure to an -// external blob -#define HASH_STATE_EXPORT_METHOD_DEF \ - void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ - PCANY_HASH_STATE from, \ - size_t size) -#define HASH_STATE_EXPORT(to, hashStateFrom) \ - ((hashStateFrom)->def->method.copyOut) \ - (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ - &(hashStateFrom)->state, \ - (hashStateFrom)->def->contextSize) - -// Copy from an external blob to an internal formate (with reformatting when -// necessary -#define HASH_STATE_IMPORT_METHOD_DEF \ - void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ - const BYTE *from, \ - size_t size) -#define HASH_STATE_IMPORT(hashStateTo, from) \ - ((hashStateTo)->def->method.copyIn) \ - (&(hashStateTo)->state, \ - &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ - (hashStateTo)->def->contextSize) - - -// Function aliases. The code in CryptHash.c uses the internal designation for the -// functions. These need to be translated to the function names of the library. -// Internal External -// Designation Designation -#define tpmHashStart_SHA1 wc_InitSha // external name of the - // initialization method -#define tpmHashData_SHA1 wc_ShaUpdate -#define tpmHashEnd_SHA1 wc_ShaFinal -#define tpmHashStateCopy_SHA1 memcpy -#define tpmHashStateExport_SHA1 memcpy -#define tpmHashStateImport_SHA1 memcpy -#define tpmHashStart_SHA256 wc_InitSha256 -#define tpmHashData_SHA256 wc_Sha256Update -#define tpmHashEnd_SHA256 wc_Sha256Final -#define tpmHashStateCopy_SHA256 memcpy -#define tpmHashStateExport_SHA256 memcpy -#define tpmHashStateImport_SHA256 memcpy -#define tpmHashStart_SHA384 wc_InitSha384 -#define tpmHashData_SHA384 wc_Sha384Update -#define tpmHashEnd_SHA384 wc_Sha384Final -#define tpmHashStateCopy_SHA384 memcpy -#define tpmHashStateExport_SHA384 memcpy -#define tpmHashStateImport_SHA384 memcpy -#define tpmHashStart_SHA512 wc_InitSha512 -#define tpmHashData_SHA512 wc_Sha512Update -#define tpmHashEnd_SHA512 wc_Sha512Final -#define tpmHashStateCopy_SHA512 memcpy -#define tpmHashStateExport_SHA512 memcpy -#define tpmHashStateImport_SHA512 memcpy - -#endif // _CRYPT_HASH_C_ - -#define LibHashInit() -// This definition would change if there were something to report -#define HashLibSimulationEnd() - -#endif // HASH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h deleted file mode 100644 index 18b48b931..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h +++ /dev/null @@ -1,91 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// This file contains the structure definitions used for ECC in the LibTomCrypt -// version of the code. These definitions would change, based on the library. -// The ECC-related structures that cross the TPM interface are defined -// in TpmTypes.h -// - -#ifndef MATH_LIB_DEFINED -#define MATH_LIB_DEFINED - -#define MATH_LIB_WOLF - -#if ALG_ECC -#define HAVE_ECC -#endif - -#include -#include - -#define MP_VAR(name) \ - mp_int _##name; \ - mp_int *name = MpInitialize(&_##name); - -// Allocate a mp_int and initialize with the values in a mp_int* initializer -#define MP_INITIALIZED(name, initializer) \ - MP_VAR(name); \ - BnToWolf(name, initializer); - -#define POINT_CREATE(name, initializer) \ - ecc_point *name = EcPointInitialized(initializer); - -#define POINT_DELETE(name) \ - wc_ecc_del_point(name); \ - name = NULL; - -typedef ECC_CURVE_DATA bnCurve_t; - -typedef bnCurve_t *bigCurve; - -#define AccessCurveData(E) (E) - -#define CURVE_INITIALIZED(name, initializer) \ - bnCurve_t *name = (ECC_CURVE_DATA *)GetCurveData(initializer) - -#define CURVE_FREE(E) - -#include "TpmToWolfSupport_fp.h" - -#define WOLF_ENTER() - -#define WOLF_LEAVE() - -// This definition would change if there were something to report -#define MathLibSimulationEnd() - -#endif // MATH_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h deleted file mode 100644 index 54e01e3ed..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h +++ /dev/null @@ -1,115 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This header file is used to 'splice' the wolfcrypt library into the TPM code. - -#ifndef SYM_LIB_DEFINED -#define SYM_LIB_DEFINED - -#define SYM_LIB_WOLF - -#include -#include - -//*************************************************************** -//** Links to the wolfCrypt AES code -//*************************************************************** - -#if ALG_SM4 -#error "SM4 is not available" -#endif - -#if ALG_CAMELLIA -#error "Camellia is not available" -#endif - -// Define the order of parameters to the library functions that do block encryption -// and decryption. -typedef void(*TpmCryptSetSymKeyCall_t)( - void *keySchedule, - BYTE *out, - const BYTE *in - ); - -// The Crypt functions that call the block encryption function use the parameters -// in the order: -// 1) keySchedule -// 2) in buffer -// 3) out buffer -// Since wolfcrypt uses the order in encryptoCall_t above, need to swizzle the -// values to the order required by the library. -#define SWIZZLE(keySchedule, in, out) \ - (void *)(keySchedule), (BYTE *)(out), (const BYTE *)(in) - -// Macros to set up the encryption/decryption key schedules -// -// AES: -#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ - wc_AesSetKeyDirect((tpmKeyScheduleAES *)(schedule), key, BITS_TO_BYTES(keySizeInBits), 0, AES_ENCRYPTION) -#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ - wc_AesSetKeyDirect((tpmKeyScheduleAES *)(schedule), key, BITS_TO_BYTES(keySizeInBits), 0, AES_DECRYPTION) - -// TDES: -#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_setup_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) -#define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ - TDES_setup_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) - -// Macros to alias encryption calls to specific algorithms. This should be used -// sparingly. Currently, only used by CryptRand.c -// -// When using these calls, to call the AES block encryption code, the caller -// should use: -// TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)); -#define TpmCryptEncryptAES wc_AesEncryptDirect -#define TpmCryptDecryptAES wc_AesDecryptDirect -#define tpmKeyScheduleAES Aes - -#define TpmCryptEncryptTDES TDES_encrypt -#define TpmCryptDecryptTDES TDES_decrypt -#define tpmKeyScheduleTDES Des3 - -typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; - -#if ALG_TDES -#include "TpmToWolfDesSupport_fp.h" -#endif - -// This definition would change if there were something to report -#define SymLibSimulationEnd() - -#endif // SYM_LIB_DEFINED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h deleted file mode 100644 index 168fcb38c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h +++ /dev/null @@ -1,106 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - - -/* TPM specific preprocessor flags for wolfcrypt */ - - -#ifndef WOLF_CRYPT_USER_SETTINGS_H -#define WOLF_CRYPT_USER_SETTINGS_H - -/* Remove the automatic setting of the default I/O functions EmbedSend() - and EmbedReceive(). */ -#define WOLFSSL_USER_IO - -/* Avoid naming conflicts */ -#define NO_OLD_WC_NAMES - -/* Use stack based fast math for all big integer math */ -#define USE_FAST_MATH -#define TFM_TIMING_RESISTANT - -/* Expose direct encryption functions */ -#define WOLFSSL_AES_DIRECT - -/* Enable/Disable algorithm support based on TPM implementation header */ -#if ALG_SHA256 - #define WOLFSSL_SHA256 -#endif -#if ALG_SHA384 || ALG_SHA512 - #define WOLFSSL_SHA384 - #define WOLFSSL_SHA512 -#endif -#if ALG_TDES - #define WOLFSSL_DES_ECB -#endif -#if ALG_RSA - /* Turn on RSA key generation functionality */ - #define WOLFSSL_KEY_GEN -#endif -#if ALG_ECC || defined(WOLFSSL_LIB) - #define HAVE_ECC - - /* Expose additional ECC primitives */ - #define WOLFSSL_PUBLIC_ECC_ADD_DBL - #define ECC_TIMING_RESISTANT - - /* Enables Shamir calc method */ - #define ECC_SHAMIR - - /* The TPM only needs low level ECC crypto */ - #define NO_ECC_SIGN - #define NO_ECC_VERIFY - #define NO_ECC_SECP - - #undef ECC_BN_P256 - #undef ECC_SM2_P256 - #undef ECC_BN_P638 - #define ECC_BN_P256 NO - #define ECC_SM2_P256 NO - #define ECC_BN_P638 NO - -#endif - -/* Disable explicit RSA. The TPM support for RSA is dependent only on TFM */ -#define NO_RSA -#define NO_RC4 -#define NO_ASN - -/* Enable debug wolf library check */ -//#define LIBRARY_COMPATIBILITY_CHECK - -#define WOLFSSL_ - -#endif // WOLF_CRYPT_USER_SETTINGS_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h deleted file mode 100644 index ef3332c2d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h +++ /dev/null @@ -1,134 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the macro and structure definitions for the X509 commands and -// functions. - -#ifndef _X509_H_ -#define _X509_H_ - -//** Includes - -#include "Tpm.h" -#include "TpmASN1.h" - -//** Defined Constants - -//*** X509 Application-specific types -#define X509_SELECTION 0xA0 -#define X509_ISSUER_UNIQUE_ID 0xA1 -#define X509_SUBJECT_UNIQUE_ID 0xA2 -#define X509_EXTENSIONS 0xA3 - -// These defines give the order in which values appear in the TBScertificate -// of an x.509 certificate. These values are used to index into an array of -// -#define ENCODED_SIZE_REF 0 -#define VERSION_REF (ENCODED_SIZE_REF + 1) -#define SERIAL_NUMBER_REF (VERSION_REF + 1) -#define SIGNATURE_REF (SERIAL_NUMBER_REF + 1) -#define ISSUER_REF (SIGNATURE_REF + 1) -#define VALIDITY_REF (ISSUER_REF + 1) -#define SUBJECT_KEY_REF (VALIDITY_REF + 1) -#define SUBJECT_PUBLIC_KEY_REF (SUBJECT_KEY_REF + 1) -#define EXTENSIONS_REF (SUBJECT_PUBLIC_KEY_REF + 1) -#define REF_COUNT (EXTENSIONS_REF + 1) - -#undef MAKE_OID -#ifdef _X509_SPT_ -# define MAKE_OID(NAME) \ - const BYTE OID##NAME[] = {OID##NAME##_VALUE} -#else -# define MAKE_OID(NAME) \ - extern const BYTE OID##NAME[] -#endif - - -//** Structures - - -// Used to access the fields of a TBSsignature some of which are in the in_CertifyX509 -// structure and some of which are in the out_CertifyX509 structure. -typedef struct stringRef -{ - BYTE *buf; - INT16 len; -} stringRef; - - -typedef union x509KeyUsageUnion { - TPMA_X509_KEY_USAGE x509; - UINT32 integer; -} x509KeyUsageUnion; - - -//** Global X509 Constants -// These values are instanced by X509_spt.c and referenced by other X509-related -// files. - - -// This is the DER-encoded value for the Key Usage OID (2.5.29.15). This is the -// full OID, not just the numeric value -#define OID_KEY_USAGE_EXTENSTION_VALUE 0x06, 0x03, 0x55, 0x1D, 0x0F -MAKE_OID(_KEY_USAGE_EXTENSTION); - -// This is the DER-encoded value for the TCG-defined TPMA_OBJECT OID -// (2.23.133.10.1.1.1) -#define OID_TCG_TPMA_OBJECT_VALUE 0x06, 0x07, 0x67, 0x81, 0x05, 0x0a, 0x01, \ - 0x01, 0x01 -MAKE_OID(_TCG_TPMA_OBJECT); - -#ifdef _X509_SPT_ -const x509KeyUsageUnion keyUsageSign = { TPMA_X509_KEY_USAGE_INITIALIZER( - /* digitalsignature */ 1, /* nonrepudiation */ 0, - /* keyencipherment */ 0, /* dataencipherment */ 0, - /* keyagreement */ 0, /* keycertsign */ 1, - /* crlsign */ 1, /* encipheronly */ 0, - /* decipheronly */ 0, /* bits_at_9 */ 0) }; - -const x509KeyUsageUnion keyUsageDecrypt = { TPMA_X509_KEY_USAGE_INITIALIZER( - /* digitalsignature */ 0, /* nonrepudiation */ 0, - /* keyencipherment */ 1, /* dataencipherment */ 1, - /* keyagreement */ 1, /* keycertsign */ 0, - /* crlsign */ 0, /* encipheronly */ 1, - /* decipheronly */ 1, /* bits_at_9 */ 0) }; -#else -extern x509KeyUsageUnion keyUsageSign; -extern x509KeyUsageUnion keyUsageDecrypt; -#endif - -#undef MAKE_OID - -#endif // _X509_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h deleted file mode 100644 index c5998a7df..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_AC_GetCapability // Command must be enabled - -#ifndef _AC_Get_Capability_FP_H_ -#define _AC_Get_Capability_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_AC ac; - TPM_AT capability; - UINT32 count; -} AC_GetCapability_In; - -// Output structure definition -typedef struct { - TPMI_YES_NO moreData; - TPML_AC_CAPABILITIES capabilitiesData; -} AC_GetCapability_Out; - -// Response code modifiers -#define RC_AC_GetCapability_ac (TPM_RC_H + TPM_RC_1) -#define RC_AC_GetCapability_capability (TPM_RC_P + TPM_RC_1) -#define RC_AC_GetCapability_count (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_AC_GetCapability( - AC_GetCapability_In *in, - AC_GetCapability_Out *out -); - -#endif // _AC_Get_Capability_FP_H_ -#endif // CC_AC_GetCapability diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h deleted file mode 100644 index 9b7d71caf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_AC_Send // Command must be enabled - -#ifndef _AC_Send_FP_H_ -#define _AC_Send_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT sendObject; - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_AC ac; - TPM2B_MAX_BUFFER acDataIn; -} AC_Send_In; - -// Output structure definition -typedef struct { - TPMS_AC_OUTPUT acDataOut; -} AC_Send_Out; - -// Response code modifiers -#define RC_AC_Send_sendObject (TPM_RC_H + TPM_RC_1) -#define RC_AC_Send_authHandle (TPM_RC_H + TPM_RC_2) -#define RC_AC_Send_ac (TPM_RC_H + TPM_RC_3) -#define RC_AC_Send_acDataIn (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_AC_Send( - AC_Send_In *in, - AC_Send_Out *out -); - -#endif // _AC_Send_FP_H_ -#endif // CC_AC_Send diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h deleted file mode 100644 index 280eb8edd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h +++ /dev/null @@ -1,80 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _AC_SPT_FP_H_ -#define _AC_SPT_FP_H_ - -//*** AcToCapabilities() -// This function returns a pointer to a list of AC capabilities. -TPML_AC_CAPABILITIES * -AcToCapabilities( - TPMI_RH_AC component // IN: component -); - -//*** AcIsAccessible() -// Function to determine if an AC handle references an actual AC -// Return Type: BOOL -BOOL -AcIsAccessible( - TPM_HANDLE acHandle -); - -//*** AcCapabilitiesGet() -// This function returns a list of capabilities associated with an AC -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -AcCapabilitiesGet( - TPMI_RH_AC component, // IN: the component - TPM_AT type, // IN: start capability type - TPML_AC_CAPABILITIES *capabilityList // OUT: list of handle -); - -//*** AcSendObject() -// Stub to handle sending of an AC object -// Return Type: TPM_RC -TPM_RC -AcSendObject( - TPM_HANDLE acHandle, // IN: Handle of AC receiving object - OBJECT *object, // IN: object structure to send - TPMS_AC_OUTPUT *acDataOut // OUT: results of operation -); - -#endif // _AC_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h deleted file mode 100644 index 0779c7205..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ActivateCredential // Command must be enabled - -#ifndef _Activate_Credential_FP_H_ -#define _Activate_Credential_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT activateHandle; - TPMI_DH_OBJECT keyHandle; - TPM2B_ID_OBJECT credentialBlob; - TPM2B_ENCRYPTED_SECRET secret; -} ActivateCredential_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST certInfo; -} ActivateCredential_Out; - -// Response code modifiers -#define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1) -#define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2) -#define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1) -#define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_ActivateCredential( - ActivateCredential_In *in, - ActivateCredential_Out *out -); - -#endif // _Activate_Credential_FP_H_ -#endif // CC_ActivateCredential diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h deleted file mode 100644 index 32c99a1c6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _ALGORITHM_CAP_FP_H_ -#define _ALGORITHM_CAP_FP_H_ - -//** AlgorithmCapGetImplemented() -// This function is used by TPM2_GetCapability() to return a list of the -// implemented algorithms. -// Return Type: TPMI_YES_NO -// YES more algorithms to report -// NO no more algorithms to report -TPMI_YES_NO -AlgorithmCapGetImplemented( - TPM_ALG_ID algID, // IN: the starting algorithm ID - UINT32 count, // IN: count of returned algorithms - TPML_ALG_PROPERTY *algList // OUT: algorithm list -); - -//** AlgorithmGetImplementedVector() -// This function returns the bit vector of the implemented algorithms. -LIB_EXPORT -void -AlgorithmGetImplementedVector( - ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET -); - -#endif // _ALGORITHM_CAP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h deleted file mode 100644 index fbe539d6f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _ALGORITHM_TESTS_FP_H_ -#define _ALGORITHM_TESTS_FP_H_ - -#if SELF_TEST - -//*** TestAlgorithm() -// Dispatches to the correct test function for the algorithm or gets a list of -// testable algorithms. -// -// If 'toTest' is not NULL, then the test decisions are based on the algorithm -// selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in -// 'g_toTest' they will also be cleared 'toTest'. -// -// If there doesn't happen to be a test for the algorithm, its associated bit is -// quietly cleared. -// -// If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits -// for which there is no test (i.e. no tests are actually run but the vector is -// cleared). -// -// Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' -// can be anything. -// Return Type: TPM_RC -// TPM_RC_CANCELED test was canceled -LIB_EXPORT -TPM_RC -TestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest -); -#endif // SELF_TESTS - -#endif // _ALGORITHM_TESTS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h deleted file mode 100644 index dbf634480..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _ATTEST_SPT_FP_H_ -#define _ATTEST_SPT_FP_H_ - -//***FillInAttestInfo() -// Fill in common fields of TPMS_ATTEST structure. -void -FillInAttestInfo( - TPMI_DH_OBJECT signHandle, // IN: handle of signing object - TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing - TPM2B_DATA *data, // IN: qualifying data - TPMS_ATTEST *attest // OUT: attest structure -); - -//***SignAttestInfo() -// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature -// is returned. -// -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key -// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -SignAttestInfo( - OBJECT *signKey, // IN: sign object - TPMT_SIG_SCHEME *scheme, // IN: sign scheme - TPMS_ATTEST *certifyInfo, // IN: the data to be signed - TPM2B_DATA *qualifyingData, // IN: extra data for the signing - // process - TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be - // signed - TPMT_SIGNATURE *signature // OUT: signature -); - -//*** IsSigningObject() -// Checks to see if the object is OK for signing. This is here rather than in -// Object_spt.c because all the attestation commands use this file but not -// Object_spt.c. -// Return Type: BOOL -// TRUE(1) object may sign -// FALSE(0) object may not sign -BOOL -IsSigningObject( - OBJECT *object // IN: -); - -#endif // _ATTEST_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h deleted file mode 100644 index 5baaa5d9e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _BITS_FP_H_ -#define _BITS_FP_H_ - -//*** TestBit() -// This function is used to check the setting of a bit in an array of bits. -// Return Type: BOOL -// TRUE(1) bit is set -// FALSE(0) bit is not set -BOOL -TestBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' -); - -//*** SetBit() -// This function will set the indicated bit in 'bArray'. -void -SetBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' -); - -//*** ClearBit() -// This function will clear the indicated bit in 'bArray'. -void -ClearBit( - unsigned int bitNum, // IN: number of the bit in 'bArray'. - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' -); - -#endif // _BITS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h deleted file mode 100644 index 35733f48d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h +++ /dev/null @@ -1,130 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _BN_CONVERT_FP_H_ -#define _BN_CONVERT_FP_H_ - -//*** BnFromBytes() -// This function will convert a big-endian byte array to the internal number -// format. If bn is NULL, then the output is NULL. If bytes is null or the -// required size is 0, then the output is set to zero -LIB_EXPORT bigNum -BnFromBytes( - bigNum bn, - const BYTE *bytes, - NUMBYTES nBytes -); - -//*** BnFrom2B() -// Convert an TPM2B to a BIG_NUM. -// If the input value does not exist, or the output does not exist, or the input -// will not fit into the output the function returns NULL -LIB_EXPORT bigNum -BnFrom2B( - bigNum bn, // OUT: - const TPM2B *a2B // IN: number to convert -); - -//*** BnFromHex() -// Convert a hex string into a bigNum. This is primarily used in debugging. -LIB_EXPORT bigNum -BnFromHex( - bigNum bn, // OUT: - const char *hex // IN: -); - -//*** BnToBytes() -// This function converts a BIG_NUM to a byte array. It converts the bigNum to a -// big-endian byte string and sets 'size' to the normalized value. If 'size' is an -// input 0, then the receiving buffer is guaranteed to be large enough for the result -// and the size will be set to the size required for bigNum (leading zeros -// suppressed). -// -// The conversion for a little-endian machine simply requires that all significant -// bytes of the bigNum be reversed. For a big-endian machine, rather than -// unpack each word individually, the bigNum is converted to little-endian words, -// copied, and then converted back to big-endian. -LIB_EXPORT BOOL -BnToBytes( - bigConst bn, - BYTE *buffer, - NUMBYTES *size // This the number of bytes that are - // available in the buffer. The result - // should be this big. -); - -//*** BnTo2B() -// Function to convert a BIG_NUM to TPM2B. -// The TPM2B size is set to the requested 'size' which may require padding. -// If 'size' is non-zero and less than required by the value in 'bn' then an error -// is returned. If 'size' is zero, then the TPM2B is assumed to be large enough -// for the data and a2b->size will be adjusted accordingly. -LIB_EXPORT BOOL -BnTo2B( - bigConst bn, // IN: - TPM2B *a2B, // OUT: - NUMBYTES size // IN: the desired size -); -#if ALG_ECC - -//*** BnPointFrom2B() -// Function to create a BIG_POINT structure from a 2B point. -// A point is going to be two ECC values in the same buffer. The values are going -// to be the size of the modulus. They are in modular form. -LIB_EXPORT bn_point_t * -BnPointFrom2B( - bigPoint ecP, // OUT: the preallocated point structure - TPMS_ECC_POINT *p // IN: the number to convert -); - -//*** BnPointTo2B() -// This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT -// contains two TPM2B_ECC_PARAMETER values. The maximum size of the parameters -// is dependent on the maximum EC key size used in an implementation. -// The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B -// values, each as large as a MAX_ECC_PARAMETER_BYTES -LIB_EXPORT BOOL -BnPointTo2B( - TPMS_ECC_POINT *p, // OUT: the converted 2B structure - bigPoint ecP, // IN: the values to be converted - bigCurve E // IN: curve descriptor for the point -); -#endif // ALG_ECC - -#endif // _BN_CONVERT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h deleted file mode 100644 index 0b9107caa..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h +++ /dev/null @@ -1,238 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _BN_MATH_FP_H_ -#define _BN_MATH_FP_H_ - -//*** BnAdd() -// This function adds two bigNum values. This function always returns TRUE. -LIB_EXPORT BOOL -BnAdd( - bigNum result, - bigConst op1, - bigConst op2 -); - -//*** BnAddWord() -// This function adds a word value to a bigNum. This function always returns TRUE. -LIB_EXPORT BOOL -BnAddWord( - bigNum result, - bigConst op, - crypt_uword_t word -); - -//*** BnSub() -// This function does subtraction of two bigNum values and returns result = op1 - op2 -// when op1 is greater than op2. If op2 is greater than op1, then a fault is -// generated. This function always returns TRUE. -LIB_EXPORT BOOL -BnSub( - bigNum result, - bigConst op1, - bigConst op2 -); - -//*** BnSubWord() -// This function subtracts a word value from a bigNum. This function always -// returns TRUE. -LIB_EXPORT BOOL -BnSubWord( - bigNum result, - bigConst op, - crypt_uword_t word -); - -//*** BnUnsignedCmp() -// This function performs a comparison of op1 to op2. The compare is approximately -// constant time if the size of the values used in the compare is consistent -// across calls (from the same line in the calling code). -// Return Type: int -// < 0 op1 is less than op2 -// 0 op1 is equal to op2 -// > 0 op1 is greater than op2 -LIB_EXPORT int -BnUnsignedCmp( - bigConst op1, - bigConst op2 -); - -//*** BnUnsignedCmpWord() -// Compare a bigNum to a crypt_uword_t. -// Return Type: int -// -1 op1 is less that word -// 0 op1 is equal to word -// 1 op1 is greater than word -LIB_EXPORT int -BnUnsignedCmpWord( - bigConst op1, - crypt_uword_t word -); - -//*** BnModWord() -// This function does modular division of a big number when the modulus is a -// word value. -LIB_EXPORT crypt_word_t -BnModWord( - bigConst numerator, - crypt_word_t modulus -); - -//*** Msb() -// This function returns the bit number of the most significant bit of a -// crypt_uword_t. The number for the least significant bit of any bigNum value is 0. -// The maximum return value is RADIX_BITS - 1, -// Return Type: int -// -1 the word was zero -// n the bit number of the most significant bit in the word -LIB_EXPORT int -Msb( - crypt_uword_t word -); - -//*** BnMsb() -// This function returns the number of the MSb of a bigNum value. -// Return Type: int -// -1 the word was zero or 'bn' was NULL -// n the bit number of the most significant bit in the word -LIB_EXPORT int -BnMsb( - bigConst bn -); - -//*** BnSizeInBits() -// This function returns the number of bits required to hold a number. It is one -// greater than the Msb. -// -LIB_EXPORT unsigned -BnSizeInBits( - bigConst n -); - -//*** BnSetWord() -// Change the value of a bignum_t to a word value. -LIB_EXPORT bigNum -BnSetWord( - bigNum n, - crypt_uword_t w -); - -//*** BnSetBit() -// This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in -// the 0th digit_t. The function always return TRUE -LIB_EXPORT BOOL -BnSetBit( - bigNum bn, // IN/OUT: big number to modify - unsigned int bitNum // IN: Bit number to SET -); - -//*** BnTestBit() -// This function is used to check to see if a bit is SET in a bignum_t. The 0th bit -// is the LSb of d[0]. -// Return Type: BOOL -// TRUE(1) the bit is set -// FALSE(0) the bit is not set or the number is out of range -LIB_EXPORT BOOL -BnTestBit( - bigNum bn, // IN: number to check - unsigned int bitNum // IN: bit to test -); - -//***BnMaskBits() -// This function is used to mask off high order bits of a big number. -// The returned value will have no more than 'maskBit' bits -// set. -// Note: There is a requirement that unused words of a bignum_t are set to zero. -// Return Type: BOOL -// TRUE(1) result masked -// FALSE(0) the input was not as large as the mask -LIB_EXPORT BOOL -BnMaskBits( - bigNum bn, // IN/OUT: number to mask - crypt_uword_t maskBit // IN: the bit number for the mask. -); - -//*** BnShiftRight() -// This function will shift a bigNum to the right by the shiftAmount. -// This function always returns TRUE. -LIB_EXPORT BOOL -BnShiftRight( - bigNum result, - bigConst toShift, - uint32_t shiftAmount -); - -//*** BnGetRandomBits() -// This function gets random bits for use in various places. To make sure that the -// number is generated in a portable format, it is created as a TPM2B and then -// converted to the internal format. -// -// One consequence of the generation scheme is that, if the number of bits requested -// is not a multiple of 8, then the high-order bits are set to zero. This would come -// into play when generating a 521-bit ECC key. A 66-byte (528-bit) value is -// generated an the high order 7 bits are masked off (CLEAR). -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -LIB_EXPORT BOOL -BnGetRandomBits( - bigNum n, - size_t bits, - RAND_STATE *rand -); - -//*** BnGenerateRandomInRange() -// This function is used to generate a random number r in the range 1 <= r < limit. -// The function gets a random number of bits that is the size of limit. There is some -// some probability that the returned number is going to be greater than or equal -// to the limit. If it is, try again. There is no more than 50% chance that the -// next number is also greater, so try again. We keep trying until we get a -// value that meets the criteria. Since limit is very often a number with a LOT of -// high order ones, this rarely would need a second try. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure ('limit' is too small) -LIB_EXPORT BOOL -BnGenerateRandomInRange( - bigNum dest, - bigConst limit, - RAND_STATE *rand -); - -#endif // _BN_MATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h deleted file mode 100644 index 68abe86c3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h +++ /dev/null @@ -1,110 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _BN_MEMORY_FP_H_ -#define _BN_MEMORY_FP_H_ - -//*** BnSetTop() -// This function is used when the size of a bignum_t is changed. It -// makes sure that the unused words are set to zero and that any significant -// words of zeros are eliminated from the used size indicator. -LIB_EXPORT bigNum -BnSetTop( - bigNum bn, // IN/OUT: number to clean - crypt_uword_t top // IN: the new top -); - -//*** BnClearTop() -// This function will make sure that all unused words are zero. -LIB_EXPORT bigNum -BnClearTop( - bigNum bn -); - -//*** BnInitializeWord() -// This function is used to initialize an allocated bigNum with a word value. The -// bigNum does not have to be allocated with a single word. -LIB_EXPORT bigNum -BnInitializeWord( - bigNum bn, // IN: - crypt_uword_t allocated, // IN: - crypt_uword_t word // IN: -); - -//*** BnInit() -// This function initializes a stack allocated bignum_t. It initializes -// 'allocated' and 'size' and zeros the words of 'd'. -LIB_EXPORT bigNum -BnInit( - bigNum bn, - crypt_uword_t allocated -); - -//*** BnCopy() -// Function to copy a bignum_t. If the output is NULL, then -// nothing happens. If the input is NULL, the output is set -// to zero. -LIB_EXPORT BOOL -BnCopy( - bigNum out, - bigConst in -); -#if ALG_ECC - -//*** BnPointCopy() -// Function to copy a bn point. -LIB_EXPORT BOOL -BnPointCopy( - bigPoint pOut, - pointConst pIn -); - -//*** BnInitializePoint() -// This function is used to initialize a point structure with the addresses -// of the coordinates. -LIB_EXPORT bn_point_t * -BnInitializePoint( - bigPoint p, // OUT: structure to receive pointers - bigNum x, // IN: x coordinate - bigNum y, // IN: y coordinate - bigNum z // IN: x coordinate -); -#endif // ALG_ECC - -#endif // _BN_MEMORY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h deleted file mode 100644 index d40105c94..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h +++ /dev/null @@ -1,77 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_CertifyCreation // Command must be enabled - -#ifndef _Certify_Creation_FP_H_ -#define _Certify_Creation_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT signHandle; - TPMI_DH_OBJECT objectHandle; - TPM2B_DATA qualifyingData; - TPM2B_DIGEST creationHash; - TPMT_SIG_SCHEME inScheme; - TPMT_TK_CREATION creationTicket; -} CertifyCreation_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; -} CertifyCreation_Out; - -// Response code modifiers -#define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2) -#define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2) -#define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3) -#define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_CertifyCreation( - CertifyCreation_In *in, - CertifyCreation_Out *out -); - -#endif // _Certify_Creation_FP_H_ -#endif // CC_CertifyCreation diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h deleted file mode 100644 index 53aed310e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Apr 2, 2019 Time: 11:00:48AM - */ - -#if CC_CertifyX509 // Command must be enabled - -#ifndef _Certify_X509_FP_H_ -#define _Certify_X509_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; - TPM2B_MAX_BUFFER partialCertificate; -} CertifyX509_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER addedToCertificate; - TPM2B_DIGEST tbsDigest; - TPMT_SIGNATURE signature; -} CertifyX509_Out; - -// Response code modifiers -#define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_CertifyX509_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_CertifyX509( - CertifyX509_In *in, - CertifyX509_Out *out -); - -#endif // _Certify_X509_FP_H_ -#endif // CC_CertifyX509 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h deleted file mode 100644 index 64cdba21b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Certify // Command must be enabled - -#ifndef _Certify_FP_H_ -#define _Certify_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; -} Certify_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; -} Certify_Out; - -// Response code modifiers -#define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_Certify( - Certify_In *in, - Certify_Out *out -); - -#endif // _Certify_FP_H_ -#endif // CC_Certify diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h deleted file mode 100644 index 60dfc174c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ChangeEPS // Command must be enabled - -#ifndef _Change_EPS_FP_H_ -#define _Change_EPS_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; -} ChangeEPS_In; - -// Response code modifiers -#define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ChangeEPS( - ChangeEPS_In *in -); - -#endif // _Change_EPS_FP_H_ -#endif // CC_ChangeEPS diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h deleted file mode 100644 index e4e70180e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ChangePPS // Command must be enabled - -#ifndef _Change_PPS_FP_H_ -#define _Change_PPS_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; -} ChangePPS_In; - -// Response code modifiers -#define RC_ChangePPS_authHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ChangePPS( - ChangePPS_In *in -); - -#endif // _Change_PPS_FP_H_ -#endif // CC_ChangePPS diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h deleted file mode 100644 index 5a10c680b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ClearControl // Command must be enabled - -#ifndef _Clear_Control_FP_H_ -#define _Clear_Control_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_CLEAR auth; - TPMI_YES_NO disable; -} ClearControl_In; - -// Response code modifiers -#define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ClearControl( - ClearControl_In *in -); - -#endif // _Clear_Control_FP_H_ -#endif // CC_ClearControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h deleted file mode 100644 index cc9692126..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Clear // Command must be enabled - -#ifndef _Clear_FP_H_ -#define _Clear_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_CLEAR authHandle; -} Clear_In; - -// Response code modifiers -#define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Clear( - Clear_In *in -); - -#endif // _Clear_FP_H_ -#endif // CC_Clear diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h deleted file mode 100644 index f8a6376e1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ClockRateAdjust // Command must be enabled - -#ifndef _Clock_Rate_Adjust_FP_H_ -#define _Clock_Rate_Adjust_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION auth; - TPM_CLOCK_ADJUST rateAdjust; -} ClockRateAdjust_In; - -// Response code modifiers -#define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ClockRateAdjust( - ClockRateAdjust_In *in -); - -#endif // _Clock_Rate_Adjust_FP_H_ -#endif // CC_ClockRateAdjust diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h deleted file mode 100644 index f2915a96d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ClockSet // Command must be enabled - -#ifndef _Clock_Set_FP_H_ -#define _Clock_Set_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION auth; - UINT64 newTime; -} ClockSet_In; - -// Response code modifiers -#define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ClockSet( - ClockSet_In *in -); - -#endif // _Clock_Set_FP_H_ -#endif // CC_ClockSet diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h deleted file mode 100644 index a9bfa78a8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h +++ /dev/null @@ -1,131 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _COMMAND_AUDIT_FP_H_ -#define _COMMAND_AUDIT_FP_H_ - -//*** CommandAuditPreInstall_Init() -// This function initializes the command audit list. This function simulates -// the behavior of manufacturing. A function is used instead of a structure -// definition because this is easier than figuring out the initialization value -// for a bit array. -// -// This function would not be implemented outside of a manufacturing or -// simulation environment. -void -CommandAuditPreInstall_Init( - void -); - -//*** CommandAuditStartup() -// This function clears the command audit digest on a TPM Reset. -BOOL -CommandAuditStartup( - STARTUP_TYPE type // IN: start up type -); - -//*** CommandAuditSet() -// This function will SET the audit flag for a command. This function -// will not SET the audit flag for a command that is not implemented. This -// ensures that the audit status is not SET when TPM2_GetCapability() is -// used to read the list of audited commands. -// -// This function is only used by TPM2_SetCommandCodeAuditStatus(). -// -// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the -// changes to be saved to NV after it is setting and clearing bits. -// Return Type: BOOL -// TRUE(1) command code audit status was changed -// FALSE(0) command code audit status was not changed -BOOL -CommandAuditSet( - TPM_CC commandCode // IN: command code -); - -//*** CommandAuditClear() -// This function will CLEAR the audit flag for a command. It will not CLEAR the -// audit flag for TPM_CC_SetCommandCodeAuditStatus(). -// -// This function is only used by TPM2_SetCommandCodeAuditStatus(). -// -// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the -// changes to be saved to NV after it is setting and clearing bits. -// Return Type: BOOL -// TRUE(1) command code audit status was changed -// FALSE(0) command code audit status was not changed -BOOL -CommandAuditClear( - TPM_CC commandCode // IN: command code -); - -//*** CommandAuditIsRequired() -// This function indicates if the audit flag is SET for a command. -// Return Type: BOOL -// TRUE(1) command is audited -// FALSE(0) command is not audited -BOOL -CommandAuditIsRequired( - COMMAND_INDEX commandIndex // IN: command index -); - -//*** CommandAuditCapGetCCList() -// This function returns a list of commands that have their audit bit SET. -// -// The list starts at the input commandCode. -// Return Type: TPMI_YES_NO -// YES if there are more command code available -// NO all the available command code has been returned -TPMI_YES_NO -CommandAuditCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC -); - -//*** CommandAuditGetDigest -// This command is used to create a digest of the commands being audited. The -// commands are processed in ascending numeric order with a list of TPM_CC being -// added to a hash. This operates as if all the audited command codes were -// concatenated and then hashed. -void -CommandAuditGetDigest( - TPM2B_DIGEST *digest // OUT: command digest -); - -#endif // _COMMAND_AUDIT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h deleted file mode 100644 index 0e40485a2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h +++ /dev/null @@ -1,182 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _COMMAND_CODE_ATTRIBUTES_FP_H_ -#define _COMMAND_CODE_ATTRIBUTES_FP_H_ - -//*** GetClosestCommandIndex() -// This function returns the command index for the command with a value that is -// equal to or greater than the input value -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of a command -COMMAND_INDEX -GetClosestCommandIndex( - TPM_CC commandCode // IN: the command code to start at -); - -//*** CommandCodeToComandIndex() -// This function returns the index in the various attributes arrays of the -// command. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of the command -COMMAND_INDEX -CommandCodeToCommandIndex( - TPM_CC commandCode // IN: the command code to look up -); - -//*** GetNextCommandIndex() -// This function returns the index of the next implemented command. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands -// other the index of the next implemented command -COMMAND_INDEX -GetNextCommandIndex( - COMMAND_INDEX commandIndex // IN: the starting index -); - -//*** GetCommandCode() -// This function returns the commandCode associated with the command index -TPM_CC -GetCommandCode( - COMMAND_INDEX commandIndex // IN: the command index -); - -//*** CommandAuthRole() -// -// This function returns the authorization role required of a handle. -// -// Return Type: AUTH_ROLE -// AUTH_NONE no authorization is required -// AUTH_USER user role authorization is required -// AUTH_ADMIN admin role authorization is required -// AUTH_DUP duplication role authorization is required -AUTH_ROLE -CommandAuthRole( - COMMAND_INDEX commandIndex, // IN: command index - UINT32 handleIndex // IN: handle index (zero based) -); - -//*** EncryptSize() -// This function returns the size of the decrypt size field. This function returns -// 0 if encryption is not allowed -// Return Type: int -// 0 encryption not allowed -// 2 size field is two bytes -// 4 size field is four bytes -int -EncryptSize( - COMMAND_INDEX commandIndex // IN: command index -); - -//*** DecryptSize() -// This function returns the size of the decrypt size field. This function returns -// 0 if decryption is not allowed -// Return Type: int -// 0 encryption not allowed -// 2 size field is two bytes -// 4 size field is four bytes -int -DecryptSize( - COMMAND_INDEX commandIndex // IN: command index -); - -//*** IsSessionAllowed() -// -// This function indicates if the command is allowed to have sessions. -// -// This function must not be called if the command is not known to be implemented. -// -// Return Type: BOOL -// TRUE(1) session is allowed with this command -// FALSE(0) session is not allowed with this command -BOOL -IsSessionAllowed( - COMMAND_INDEX commandIndex // IN: the command to be checked -); - -//*** IsHandleInResponse() -// This function determines if a command has a handle in the response -BOOL -IsHandleInResponse( - COMMAND_INDEX commandIndex -); - -//*** IsWriteOperation() -// Checks to see if an operation will write to an NV Index and is subject to being -// blocked by read-lock -BOOL -IsWriteOperation( - COMMAND_INDEX commandIndex // IN: Command to check -); - -//*** IsReadOperation() -// Checks to see if an operation will write to an NV Index and is -// subject to being blocked by write-lock. -BOOL -IsReadOperation( - COMMAND_INDEX commandIndex // IN: Command to check -); - -//*** CommandCapGetCCList() -// This function returns a list of implemented commands and command attributes -// starting from the command in 'commandCode'. -// Return Type: TPMI_YES_NO -// YES more command attributes are available -// NO no more command attributes are available -TPMI_YES_NO -CommandCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: maximum count for number of entries in - // 'commandList' - TPML_CCA *commandList // OUT: list of TPMA_CC -); - -//*** IsVendorCommand() -// Function indicates if a command index references a vendor command. -// Return Type: BOOL -// TRUE(1) command is a vendor command -// FALSE(0) command is not a vendor command -BOOL -IsVendorCommand( - COMMAND_INDEX commandIndex // IN: command index to check -); - -#endif // _COMMAND_CODE_ATTRIBUTES_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h deleted file mode 100644 index 3c0e70f8e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h +++ /dev/null @@ -1,58 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _COMMAND_DISPATCHER_FP_H_ -#define _COMMAND_DISPATCHER_FP_H_ - -//*** ParseHandleBuffer() -// This is the table-driven version of the handle buffer unmarshaling code -TPM_RC -ParseHandleBuffer( - COMMAND *command -); - -//*** CommandDispatcher() -// Function to unmarshal the command parameters, call the selected action code, and -// marshal the response parameters. -TPM_RC -CommandDispatcher( - COMMAND *command -); - -#endif // _COMMAND_DISPATCHER_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h deleted file mode 100644 index 6bf6e9a3b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Commit // Command must be enabled - -#ifndef _Commit_FP_H_ -#define _Commit_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT signHandle; - TPM2B_ECC_POINT P1; - TPM2B_SENSITIVE_DATA s2; - TPM2B_ECC_PARAMETER y2; -} Commit_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT K; - TPM2B_ECC_POINT L; - TPM2B_ECC_POINT E; - UINT16 counter; -} Commit_Out; - -// Response code modifiers -#define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_Commit_P1 (TPM_RC_P + TPM_RC_1) -#define RC_Commit_s2 (TPM_RC_P + TPM_RC_2) -#define RC_Commit_y2 (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Commit( - Commit_In *in, - Commit_Out *out -); - -#endif // _Commit_FP_H_ -#endif // CC_Commit diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h deleted file mode 100644 index a2c4ab437..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ContextLoad // Command must be enabled - -#ifndef _Context_Load_FP_H_ -#define _Context_Load_FP_H_ - -// Input structure definition -typedef struct { - TPMS_CONTEXT context; -} ContextLoad_In; - -// Output structure definition -typedef struct { - TPMI_DH_CONTEXT loadedHandle; -} ContextLoad_Out; - -// Response code modifiers -#define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ContextLoad( - ContextLoad_In *in, - ContextLoad_Out *out -); - -#endif // _Context_Load_FP_H_ -#endif // CC_ContextLoad diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h deleted file mode 100644 index 816c36b94..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ContextSave // Command must be enabled - -#ifndef _Context_Save_FP_H_ -#define _Context_Save_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_CONTEXT saveHandle; -} ContextSave_In; - -// Output structure definition -typedef struct { - TPMS_CONTEXT context; -} ContextSave_Out; - -// Response code modifiers -#define RC_ContextSave_saveHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ContextSave( - ContextSave_In *in, - ContextSave_Out *out -); - -#endif // _Context_Save_FP_H_ -#endif // CC_ContextSave diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h deleted file mode 100644 index 3b52073c3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h +++ /dev/null @@ -1,96 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CONTEXT_SPT_FP_H_ -#define _CONTEXT_SPT_FP_H_ - -//*** ComputeContextProtectionKey() -// This function retrieves the symmetric protection key for context encryption -// It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric -// encryption key and iv -// Return Type: void -void -ComputeContextProtectionKey( - TPMS_CONTEXT *contextBlob, // IN: context blob - TPM2B_SYM_KEY *symKey, // OUT: the symmetric key - TPM2B_IV *iv // OUT: the IV. -); - -//*** ComputeContextIntegrity() -// Generate the integrity hash for a context -// It is used by TPM2_ContextSave to create an integrity hash -// and by TPM2_ContextLoad to compare an integrity hash -// Return Type: void -void -ComputeContextIntegrity( - TPMS_CONTEXT *contextBlob, // IN: context blob - TPM2B_DIGEST *integrity // OUT: integrity -); - -//*** SequenceDataExport(); -// This function is used scan through the sequence object and -// either modify the hash state data for export (contextSave) or to -// import it into the internal format (contextLoad). -// This function should only be called after the sequence object has been copied -// to the context buffer (contextSave) or from the context buffer into the sequence -// object. The presumption is that the context buffer version of the data is the -// same size as the internal representation so nothing outsize of the hash context -// area gets modified. -void -SequenceDataExport( - HASH_OBJECT *object, // IN: an internal hash object - HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer -); - -//*** SequenceDataImport(); -// This function is used scan through the sequence object and -// either modify the hash state data for export (contextSave) or to -// import it into the internal format (contextLoad). -// This function should only be called after the sequence object has been copied -// to the context buffer (contextSave) or from the context buffer into the sequence -// object. The presumption is that the context buffer version of the data is the -// same size as the internal representation so nothing outsize of the hash context -// area gets modified. -void -SequenceDataImport( - HASH_OBJECT *object, // IN/OUT: an internal hash object - HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer -); - -#endif // _CONTEXT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h deleted file mode 100644 index 7569df429..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_CreateLoaded // Command must be enabled - -#ifndef _Create_Loaded_FP_H_ -#define _Create_Loaded_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PARENT parentHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_TEMPLATE inPublic; -} CreateLoaded_In; - -// Output structure definition -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_PRIVATE outPrivate; - TPM2B_PUBLIC outPublic; - TPM2B_NAME name; -} CreateLoaded_Out; - -// Response code modifiers -#define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_CreateLoaded( - CreateLoaded_In *in, - CreateLoaded_Out *out -); - -#endif // _Create_Loaded_FP_H_ -#endif // CC_CreateLoaded diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h deleted file mode 100644 index e42cfc754..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_CreatePrimary // Command must be enabled - -#ifndef _Create_Primary_FP_H_ -#define _Create_Primary_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_HIERARCHY primaryHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_PUBLIC inPublic; - TPM2B_DATA outsideInfo; - TPML_PCR_SELECTION creationPCR; -} CreatePrimary_In; - -// Output structure definition -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_PUBLIC outPublic; - TPM2B_CREATION_DATA creationData; - TPM2B_DIGEST creationHash; - TPMT_TK_CREATION creationTicket; - TPM2B_NAME name; -} CreatePrimary_Out; - -// Response code modifiers -#define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1) -#define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3) -#define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_CreatePrimary( - CreatePrimary_In *in, - CreatePrimary_Out *out -); - -#endif // _Create_Primary_FP_H_ -#endif // CC_CreatePrimary diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h deleted file mode 100644 index 3b1e2a773..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h +++ /dev/null @@ -1,78 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Create // Command must be enabled - -#ifndef _Create_FP_H_ -#define _Create_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_PUBLIC inPublic; - TPM2B_DATA outsideInfo; - TPML_PCR_SELECTION creationPCR; -} Create_In; - -// Output structure definition -typedef struct { - TPM2B_PRIVATE outPrivate; - TPM2B_PUBLIC outPublic; - TPM2B_CREATION_DATA creationData; - TPM2B_DIGEST creationHash; - TPMT_TK_CREATION creationTicket; -} Create_Out; - -// Response code modifiers -#define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_Create_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3) -#define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_Create( - Create_In *in, - Create_Out *out -); - -#endif // _Create_FP_H_ -#endif // CC_Create diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h deleted file mode 100644 index be781014a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h +++ /dev/null @@ -1,84 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CRYPT_CMAC_FP_H_ -#define _CRYPT_CMAC_FP_H_ - -#if ALG_CMAC - -//*** CryptCmacStart() -// This is the function to start the CMAC sequence operation. It initializes the -// dispatch functions for the data and end operations for CMAC and initializes the -// parameters that are used for the processing of data, including the key, key size -// and block cipher algorithm. -UINT16 -CryptCmacStart( - SMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParms, - TPM_ALG_ID macAlg, - TPM2B *key -); - -//*** CryptCmacData() -// This function is used to add data to the CMAC sequence computation. The function -// will XOR new data into the IV. If the buffer is full, and there is additional -// input data, the data is encrypted into the IV buffer, the new data is then -// XOR into the IV. When the data runs out, the function returns without encrypting -// even if the buffer is full. The last data block of a sequence will not be -// encrypted until the call to CryptCmacEnd(). This is to allow the proper subkey -// to be computed and applied before the last block is encrypted. -void -CryptCmacData( - SMAC_STATES *state, - UINT32 size, - const BYTE *buffer -); - -//*** CryptCmacEnd() -// This is the completion function for the CMAC. It does padding, if needed, and -// selects the subkey to be applied before the last block is encrypted. -UINT16 -CryptCmacEnd( - SMAC_STATES *state, - UINT32 outSize, - BYTE *outBuffer -); -#endif - -#endif // _CRYPT_CMAC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h deleted file mode 100644 index 4f4513483..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CRYPT_DES_FP_H_ -#define _CRYPT_DES_FP_H_ - -#if ALG_TDES - -//*** CryptSetOddByteParity() -// This function sets the per byte parity of a 64-bit value. The least-significant -// bit is of each byte is replaced with the odd parity of the other 7 bits in the -// byte. With odd parity, no byte will ever be 0x00. -UINT64 -CryptSetOddByteParity( - UINT64 k -); - -//*** CryptDesValidateKey() -// Function to check to see if the input key is a valid DES key where the definition -// of valid is that none of the elements are on the list of weak, semi-weak, or -// possibly weak keys; and that for two keys, K1!=K2, and for three keys that -// K1!=K2 and K2!=K3. -BOOL -CryptDesValidateKey( - TPM2B_SYM_KEY *desKey // IN: key to validate -); - -//*** CryptGenerateKeyDes() -// This function is used to create a DES key of the appropriate size. The key will -// have odd parity in the bytes. -TPM_RC -CryptGenerateKeyDes( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template - // for the new key. - TPMT_SENSITIVE *sensitive, // OUT: sensitive area - RAND_STATE *rand // IN: the "entropy" source for -); -#endif - -#endif // _CRYPT_DES_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h deleted file mode 100644 index f566dacff..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CRYPT_ECC_KEY_EXCHANGE_FP_H_ -#define _CRYPT_ECC_KEY_EXCHANGE_FP_H_ - -#if CC_ZGen_2Phase == YES - -//*** CryptEcc2PhaseKeyExchange() -// This function is the dispatch routine for the EC key exchange functions that use -// two ephemeral and two static keys. -// Return Type: TPM_RC -// TPM_RC_SCHEME scheme is not defined -LIB_EXPORT TPM_RC -CryptEcc2PhaseKeyExchange( - TPMS_ECC_POINT *outZ1, // OUT: a computed point - TPMS_ECC_POINT *outZ2, // OUT: and optional second point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM_ALG_ID scheme, // IN: the key exchange scheme - TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsB, // IN: static public party B key - TPMS_ECC_POINT *QeB // IN: ephemeral public party B key -); -#if ALG_SM2 - -//*** SM2KeyExchange() -// This function performs the key exchange defined in SM2. -// The first step is to compute -// 'tA' = ('dsA' + 'deA' avf(Xe,A)) mod 'n' -// Then, compute the 'Z' value from -// 'outZ' = ('h' 'tA' mod 'n') ('QsA' + [avf('QeB.x')]('QeB')). -// The function will compute the ephemeral public key from the ephemeral -// private key. -// All points are required to be on the curve of 'inQsA'. The function will fail -// catastrophically if this is not the case -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the -// curve -LIB_EXPORT TPM_RC -SM2KeyExchange( - TPMS_ECC_POINT *outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER *dsAIn, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deAIn, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsBIn, // IN: static public party B key - TPMS_ECC_POINT *QeBIn // IN: ephemeral public party B key -); -#endif -#endif // CC_ZGen_2Phase - -#endif // _CRYPT_ECC_KEY_EXCHANGE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h deleted file mode 100644 index 96864b4b0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h +++ /dev/null @@ -1,374 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_ECC_MAIN_FP_H_ -#define _CRYPT_ECC_MAIN_FP_H_ - -#if ALG_ECC - -//** Functions -#if SIMULATION -void -EccSimulationEnd( - void -); -#endif // SIMULATION - -//*** CryptEccInit() -// This function is called at _TPM_Init -BOOL -CryptEccInit( - void -); - -//*** CryptEccStartup() -// This function is called at TPM2_Startup(). -BOOL -CryptEccStartup( - void -); - -//*** ClearPoint2B(generic) -// Initialize the size values of a TPMS_ECC_POINT structure. -void -ClearPoint2B( - TPMS_ECC_POINT *p // IN: the point -); - -//*** CryptEccGetParametersByCurveId() -// This function returns a pointer to the curve data that is associated with -// the indicated curveId. -// If there is no curve with the indicated ID, the function returns NULL. This -// function is in this module so that it can be called by GetCurve data. -// Return Type: const ECC_CURVE_DATA -// NULL curve with the indicated TPM_ECC_CURVE is not implemented -// != NULL pointer to the curve data -LIB_EXPORT const ECC_CURVE * -CryptEccGetParametersByCurveId( - TPM_ECC_CURVE curveId // IN: the curveID -); - -//*** CryptEccGetKeySizeForCurve() -// This function returns the key size in bits of the indicated curve. -LIB_EXPORT UINT16 -CryptEccGetKeySizeForCurve( - TPM_ECC_CURVE curveId // IN: the curve -); - -//*** GetCurveData() -// This function returns the a pointer for the parameter data -// associated with a curve. -const ECC_CURVE_DATA * -GetCurveData( - TPM_ECC_CURVE curveId // IN: the curveID -); - -//***CryptEccGetOID() -const BYTE * -CryptEccGetOID( - TPM_ECC_CURVE curveId -); - -//*** CryptEccGetCurveByIndex() -// This function returns the number of the 'i'-th implemented curve. The normal -// use would be to call this function with 'i' starting at 0. When the 'i' is greater -// than or equal to the number of implemented curves, TPM_ECC_NONE is returned. -LIB_EXPORT TPM_ECC_CURVE -CryptEccGetCurveByIndex( - UINT16 i -); - -//*** CryptEccGetParameter() -// This function returns an ECC curve parameter. The parameter is -// selected by a single character designator from the set of ""PNABXYH"". -// Return Type: BOOL -// TRUE(1) curve exists and parameter returned -// FALSE(0) curve does not exist or parameter selector -LIB_EXPORT BOOL -CryptEccGetParameter( - TPM2B_ECC_PARAMETER *out, // OUT: place to put parameter - char p, // IN: the parameter selector - TPM_ECC_CURVE curveId // IN: the curve id -); - -//*** CryptCapGetECCCurve() -// This function returns the list of implemented ECC curves. -// Return Type: TPMI_YES_NO -// YES if no more ECC curve is available -// NO if there are more ECC curves not reported -TPMI_YES_NO -CryptCapGetECCCurve( - TPM_ECC_CURVE curveID, // IN: the starting ECC curve - UINT32 maxCount, // IN: count of returned curves - TPML_ECC_CURVE *curveList // OUT: ECC curve list -); - -//*** CryptGetCurveSignScheme() -// This function will return a pointer to the scheme of the curve. -const TPMT_ECC_SCHEME * -CryptGetCurveSignScheme( - TPM_ECC_CURVE curveId // IN: The curve selector -); - -//*** CryptGenerateR() -// This function computes the commit random value for a split signing scheme. -// -// If 'c' is NULL, it indicates that 'r' is being generated -// for TPM2_Commit. -// If 'c' is not NULL, the TPM will validate that the 'gr.commitArray' -// bit associated with the input value of 'c' is SET. If not, the TPM -// returns FALSE and no 'r' value is generated. -// Return Type: BOOL -// TRUE(1) r value computed -// FALSE(0) no r value computed -BOOL -CryptGenerateR( - TPM2B_ECC_PARAMETER *r, // OUT: the generated random value - UINT16 *c, // IN/OUT: count value. - TPMI_ECC_CURVE curveID, // IN: the curve for the value - TPM2B_NAME *name // IN: optional name of a key to - // associate with 'r' -); - -//*** CryptCommit() -// This function is called when the count value is committed. The 'gr.commitArray' -// value associated with the current count value is SET and g_commitCounter is -// incremented. The low-order 16 bits of old value of the counter is returned. -UINT16 -CryptCommit( - void -); - -//*** CryptEndCommit() -// This function is called when the signing operation using the committed value -// is completed. It clears the gr.commitArray bit associated with the count -// value so that it can't be used again. -void -CryptEndCommit( - UINT16 c // IN: the counter value of the commitment -); - -//*** CryptEccGetParameters() -// This function returns the ECC parameter details of the given curve. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) unsupported ECC curve ID -BOOL -CryptEccGetParameters( - TPM_ECC_CURVE curveId, // IN: ECC curve ID - TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameters -); - -//*** BnGetCurvePrime() -// This function is used to get just the prime modulus associated with a curve. -const bignum_t * -BnGetCurvePrime( - TPM_ECC_CURVE curveId -); - -//*** BnGetCurveOrder() -// This function is used to get just the curve order -const bignum_t * -BnGetCurveOrder( - TPM_ECC_CURVE curveId -); - -//*** BnIsOnCurve() -// This function checks if a point is on the curve. -BOOL -BnIsOnCurve( - pointConst Q, - const ECC_CURVE_DATA *C -); - -//*** BnIsValidPrivateEcc() -// Checks that 0 < 'x' < 'q' -BOOL -BnIsValidPrivateEcc( - bigConst x, // IN: private key to check - bigCurve E // IN: the curve to check -); - -LIB_EXPORT BOOL -CryptEccIsValidPrivateKey( - TPM2B_ECC_PARAMETER *d, - TPM_ECC_CURVE curveId -); - -//*** BnPointMul() -// This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the -// parameters are bigNum values. If 'S' is NULL and d is not NULL, then it computes -// 'R' = ['d']'G' + ['u']'Q' or just 'R' = ['d']'G' if 'u' and 'Q' are NULL. -// If 'skipChecks' is TRUE, then the function will not verify that the inputs are -// correct for the domain. This would be the case when the values were created by the -// CryptoEngine code. -// It will return TPM_RC_NO_RESULT if the resulting point is the point at infinity. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT result of multiplication is a point at infinity -// TPM_RC_ECC_POINT 'S' or 'Q' is not on the curve -// TPM_RC_VALUE 'd' or 'u' is not < n -TPM_RC -BnPointMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point to multiply by 'd' - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: optional second point - bigConst u, // IN: optional second scalar - bigCurve E // IN: curve parameters -); - -//***BnEccGetPrivate() -// This function gets random values that are the size of the key plus 64 bits. The -// value is reduced (mod ('q' - 1)) and incremented by 1 ('q' is the order of the -// curve. This produces a value ('d') such that 1 <= 'd' < 'q'. This is the method -// of FIPS 186-4 Section B.4.1 ""Key Pair Generation Using Extra Random Bits"". -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure generating private key -BOOL -BnEccGetPrivate( - bigNum dOut, // OUT: the qualified random value - const ECC_CURVE_DATA *C, // IN: curve for which the private key - // needs to be appropriate - RAND_STATE *rand // IN: state for DRBG -); - -//*** BnEccGenerateKeyPair() -// This function gets a private scalar from the source of random bits and does -// the point multiply to get the public key. -BOOL -BnEccGenerateKeyPair( - bigNum bnD, // OUT: private scalar - bn_point_t *ecQ, // OUT: public point - bigCurve E, // IN: curve for the point - RAND_STATE *rand // IN: DRBG state to use -); - -//***CryptEccNewKeyPair(***) -// This function creates an ephemeral ECC. It is ephemeral in that -// is expected that the private part of the key will be discarded -LIB_EXPORT TPM_RC -CryptEccNewKeyPair( - TPMS_ECC_POINT *Qout, // OUT: the public point - TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar - TPM_ECC_CURVE curveId // IN: the curve for the key -); - -//*** CryptEccPointMultiply() -// This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and -// 'uIn' are scalars, 'G' and 'QIn' are points on the specified curve and 'G' is the -// default generator of the curve. -// -// The 'xOut' and 'yOut' parameters are optional and may be set to NULL if not -// used. -// -// It is not necessary to provide 'uIn' if 'QIn' is specified but one of 'uIn' and -// 'dIn' must be provided. If 'dIn' and 'QIn' are specified but 'uIn' is not -// provided, then 'R' = ['dIn']'QIn'. -// -// If the multiply produces the point at infinity, the TPM_RC_NO_RESULT is returned. -// -// The sizes of 'xOut' and yOut' will be set to be the size of the degree of -// the curve -// -// It is a fatal error if 'dIn' and 'uIn' are both unspecified (NULL) or if 'Qin' -// or 'Rout' is unspecified. -// -// Return Type: TPM_RC -// TPM_RC_ECC_POINT the point 'Pin' or 'Qin' is not on the curve -// TPM_RC_NO_RESULT the product point is at infinity -// TPM_RC_CURVE bad curve -// TPM_RC_VALUE 'dIn' or 'uIn' out of range -// -LIB_EXPORT TPM_RC -CryptEccPointMultiply( - TPMS_ECC_POINT *Rout, // OUT: the product point R - TPM_ECC_CURVE curveId, // IN: the curve to use - TPMS_ECC_POINT *Pin, // IN: first point (can be null) - TPM2B_ECC_PARAMETER *dIn, // IN: scalar value for [dIn]Qin - // the Pin - TPMS_ECC_POINT *Qin, // IN: point Q - TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier - // of Q -); - -//*** CryptEccIsPointOnCurve() -// This function is used to test if a point is on a defined curve. It does this -// by checking that 'y'^2 mod 'p' = 'x'^3 + 'a'*'x' + 'b' mod 'p'. -// -// It is a fatal error if 'Q' is not specified (is NULL). -// Return Type: BOOL -// TRUE(1) point is on curve -// FALSE(0) point is not on curve or curve is not supported -LIB_EXPORT BOOL -CryptEccIsPointOnCurve( - TPM_ECC_CURVE curveId, // IN: the curve selector - TPMS_ECC_POINT *Qin // IN: the point. -); - -//*** CryptEccGenerateKey() -// This function generates an ECC key pair based on the input parameters. -// This routine uses KDFa to produce candidate numbers. The method is according -// to FIPS 186-3, section B.1.2 "Key Pair Generation by Testing Candidates." -// According to the method in FIPS 186-3, the resulting private value 'd' should be -// 1 <= 'd' < 'n' where 'n' is the order of the base point. -// -// It is a fatal error if 'Qout', 'dOut', is not provided (is NULL). -// -// If the curve is not supported -// If 'seed' is not provided, then a random number will be used for the key -// Return Type: TPM_RC -// TPM_RC_CURVE curve is not supported -// TPM_RC_NO_RESULT could not verify key with signature (FIPS only) -LIB_EXPORT TPM_RC -CryptEccGenerateKey( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for - // the new key. The public key - // area will be replaced computed - // ECC public key - TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be - // updated to contain the private - // ECC key and the symmetric - // encryption key - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state -); -#endif // ALG_ECC - -#endif // _CRYPT_ECC_MAIN_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h deleted file mode 100644 index ede9e4f83..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h +++ /dev/null @@ -1,139 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _CRYPT_ECC_SIGNATURE_FP_H_ -#define _CRYPT_ECC_SIGNATURE_FP_H_ - -#if ALG_ECC - -//*** BnSignEcdsa() -// This function implements the ECDSA signing algorithm. The method is described -// in the comments below. -TPM_RC -BnSignEcdsa( - bigNum bnR, // OUT: 'r' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bigNum bnD, // IN: private signing key - const TPM2B_DIGEST *digest, // IN: the digest to sign - RAND_STATE *rand // IN: used in debug of signing -); - -//*** CryptEccSign() -// This function is the dispatch function for the various ECC-based -// signing schemes. -// There is a bit of ugliness to the parameter passing. In order to test this, -// we sometime would like to use a deterministic RNG so that we can get the same -// signatures during testing. The easiest way to do this for most schemes is to -// pass in a deterministic RNG and let it return canned values during testing. -// There is a competing need for a canned parameter to use in ECDAA. To accommodate -// both needs with minimal fuss, a special type of RAND_STATE is defined to carry -// the address of the commit value. The setup and handling of this is not very -// different for the caller than what was in previous versions of the code. -// Return Type: TPM_RC -// TPM_RC_SCHEME 'scheme' is not supported -LIB_EXPORT TPM_RC -CryptEccSign( - TPMT_SIGNATURE *signature, // OUT: signature - OBJECT *signKey, // IN: ECC key to sign the hash - const TPM2B_DIGEST *digest, // IN: digest to sign - TPMT_ECC_SCHEME *scheme, // IN: signing scheme - RAND_STATE *rand -); -#if ALG_ECDSA - -//*** BnValidateSignatureEcdsa() -// This function validates an ECDSA signature. rIn and sIn should have been checked -// to make sure that they are in the range 0 < 'v' < 'n' -// Return Type: TPM_RC -// TPM_RC_SIGNATURE signature not valid -TPM_RC -BnValidateSignatureEcdsa( - bigNum bnR, // IN: 'r' component of the signature - bigNum bnS, // IN: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bn_point_t *ecQ, // IN: the public point of the key - const TPM2B_DIGEST *digest // IN: the digest that was signed -); -#endif // ALG_ECDSA - -//*** CryptEccValidateSignature() -// This function validates an EcDsa or EcSchnorr signature. -// The point 'Qin' needs to have been validated to be on the curve of 'curveId'. -// Return Type: TPM_RC -// TPM_RC_SIGNATURE not a valid signature -LIB_EXPORT TPM_RC -CryptEccValidateSignature( - TPMT_SIGNATURE *signature, // IN: signature to be verified - OBJECT *signKey, // IN: ECC key signed the hash - const TPM2B_DIGEST *digest // IN: digest that was signed -); - -//***CryptEccCommitCompute() -// This function performs the point multiply operations required by TPM2_Commit. -// -// If 'B' or 'M' is provided, they must be on the curve defined by 'curveId'. This -// routine does not check that they are on the curve and results are unpredictable -// if they are not. -// -// It is a fatal error if 'r' is NULL. If 'B' is not NULL, then it is a -// fatal error if 'd' is NULL or if 'K' and 'L' are both NULL. -// If 'M' is not NULL, then it is a fatal error if 'E' is NULL. -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT if 'K', 'L' or 'E' was computed to be the point -// at infinity -// TPM_RC_CANCELED a cancel indication was asserted during this -// function -LIB_EXPORT TPM_RC -CryptEccCommitCompute( - TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q - TPMS_ECC_POINT *L, // OUT: [r]B - TPMS_ECC_POINT *E, // OUT: [r]M - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPMS_ECC_POINT *M, // IN: M (optional) - TPMS_ECC_POINT *B, // IN: B (optional) - TPM2B_ECC_PARAMETER *d, // IN: d (optional) - TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) -); -#endif // ALG_ECC - -#endif // _CRYPT_ECC_SIGNATURE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h deleted file mode 100644 index 218d9ca72..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h +++ /dev/null @@ -1,408 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_HASH_FP_H_ -#define _CRYPT_HASH_FP_H_ - -//*** CryptHashInit() -// This function is called by _TPM_Init do perform the initialization operations for -// the library. -BOOL -CryptHashInit( - void -); - -//*** CryptHashStartup() -// This function is called by TPM2_Startup() in case there is work to do at startup. -// Currently, this is a placeholder. -BOOL -CryptHashStartup( - void -); - -//*** CryptGetHashDef() -// This function accesses the hash descriptor associated with a hash a -// algorithm. The function returns a pointer to a 'null' descriptor if hashAlg is -// TPM_ALG_NULL or not a defined algorithm. -PHASH_DEF -CryptGetHashDef( - TPM_ALG_ID hashAlg -); - -//*** CryptHashIsValidAlg() -// This function tests to see if an algorithm ID is a valid hash algorithm. If -// flag is true, then TPM_ALG_NULL is a valid hash. -// Return Type: BOOL -// TRUE(1) hashAlg is a valid, implemented hash on this TPM -// FALSE(0) hashAlg is not valid for this TPM -BOOL -CryptHashIsValidAlg( - TPM_ALG_ID hashAlg, // IN: the algorithm to check - BOOL flag // IN: TRUE if TPM_ALG_NULL is to be treated - // as a valid hash -); - -//*** CryptHashGetAlgByIndex() -// This function is used to iterate through the hashes. TPM_ALG_NULL -// is returned for all indexes that are not valid hashes. -// If the TPM implements 3 hashes, then an 'index' value of 0 will -// return the first implemented hash and an 'index' of 2 will return the -// last. All other index values will return TPM_ALG_NULL. -// -// Return Type: TPM_ALG_ID -// TPM_ALG_xxx a hash algorithm -// TPM_ALG_NULL this can be used as a stop value -LIB_EXPORT TPM_ALG_ID -CryptHashGetAlgByIndex( - UINT32 index // IN: the index -); - -//*** CryptHashGetDigestSize() -// Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash -// algorithm, the TPM will FAIL. -// Return Type: UINT16 -// 0 TPM_ALG_NULL -// > 0 the digest size -// -LIB_EXPORT UINT16 -CryptHashGetDigestSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up -); - -//*** CryptHashGetBlockSize() -// Returns the size of the block used by the hash. If 'hashAlg' is not a hash -// algorithm, the TPM will FAIL. -// Return Type: UINT16 -// 0 TPM_ALG_NULL -// > 0 the digest size -// -LIB_EXPORT UINT16 -CryptHashGetBlockSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up -); - -//*** CryptHashGetOid() -// This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs -// are full OID values including the Tag (0x06) and length byte. -LIB_EXPORT const BYTE * -CryptHashGetOid( - TPM_ALG_ID hashAlg -); - -//*** CryptHashGetContextAlg() -// This function returns the hash algorithm associated with a hash context. -TPM_ALG_ID -CryptHashGetContextAlg( - PHASH_STATE state // IN: the context to check -); - -//*** CryptHashCopyState -// This function is used to clone a HASH_STATE. -LIB_EXPORT void -CryptHashCopyState( - HASH_STATE *out, // OUT: destination of the state - const HASH_STATE *in // IN: source of the state -); - -//*** CryptHashExportState() -// This function is used to export a hash or HMAC hash state. This function -// would be called when preparing to context save a sequence object. -void -CryptHashExportState( - PCHASH_STATE internalFmt, // IN: the hash state formatted for use by - // library - PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state -); - -//*** CryptHashImportState() -// This function is used to import the hash state. This function -// would be called to import a hash state when the context of a sequence object -// was being loaded. -void -CryptHashImportState( - PHASH_STATE internalFmt, // OUT: the hash state formatted for use by - // the library - PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state -); - -//*** CryptHashStart() -// Functions starts a hash stack -// Start a hash stack and returns the digest size. As a side effect, the -// value of 'stateSize' in hashState is updated to indicate the number of bytes -// of state that were saved. This function calls GetHashServer() and that function -// will put the TPM into failure mode if the hash algorithm is not supported. -// -// This function does not use the sequence parameter. If it is necessary to import -// or export context, this will start the sequence in a local state -// and export the state to the input buffer. Will need to add a flag to the state -// structure to indicate that it needs to be imported before it can be used. -// (BLEH). -// Return Type: UINT16 -// 0 hash is TPM_ALG_NULL -// >0 digest size -LIB_EXPORT UINT16 -CryptHashStart( - PHASH_STATE hashState, // OUT: the running hash state - TPM_ALG_ID hashAlg // IN: hash algorithm -); - -//*** CryptDigestUpdate() -// Add data to a hash or HMAC, SMAC stack. -// -void -CryptDigestUpdate( - PHASH_STATE hashState, // IN: the hash context information - UINT32 dataSize, // IN: the size of data to be added - const BYTE *data // IN: data to be hashed -); - -//*** CryptHashEnd() -// Complete a hash or HMAC computation. This function will place the smaller of -// 'digestSize' or the size of the digest in 'dOut'. The number of bytes in the -// placed in the buffer is returned. If there is a failure, the returned value -// is <= 0. -// Return Type: UINT16 -// 0 no data returned -// > 0 the number of bytes in the digest or dOutSize, whichever is smaller -LIB_EXPORT UINT16 -CryptHashEnd( - PHASH_STATE hashState, // IN: the state of hash stack - UINT32 dOutSize, // IN: size of digest buffer - BYTE *dOut // OUT: hash digest -); - -//*** CryptHashBlock() -// Start a hash, hash a single block, update 'digest' and return the size of -// the results. -// -// The 'digestSize' parameter can be smaller than the digest. If so, only the more -// significant bytes are returned. -// Return Type: UINT16 -// >= 0 number of bytes placed in 'dOut' -LIB_EXPORT UINT16 -CryptHashBlock( - TPM_ALG_ID hashAlg, // IN: The hash algorithm - UINT32 dataSize, // IN: size of buffer to hash - const BYTE *data, // IN: the buffer to hash - UINT32 dOutSize, // IN: size of the digest buffer - BYTE *dOut // OUT: digest buffer -); - -//*** CryptDigestUpdate2B() -// This function updates a digest (hash or HMAC) with a TPM2B. -// -// This function can be used for both HMAC and hash functions so the -// 'digestState' is void so that either state type can be passed. -LIB_EXPORT void -CryptDigestUpdate2B( - PHASH_STATE state, // IN: the digest state - const TPM2B *bIn // IN: 2B containing the data -); - -//*** CryptHashEnd2B() -// This function is the same as CryptCompleteHash() but the digest is -// placed in a TPM2B. This is the most common use and this is provided -// for specification clarity. 'digest.size' should be set to indicate the number of -// bytes to place in the buffer -// Return Type: UINT16 -// >=0 the number of bytes placed in 'digest.buffer' -LIB_EXPORT UINT16 -CryptHashEnd2B( - PHASH_STATE state, // IN: the hash state - P2B digest // IN: the size of the buffer Out: requested - // number of bytes -); - -//*** CryptDigestUpdateInt() -// This function is used to include an integer value to a hash stack. The function -// marshals the integer into its canonical form before calling CryptDigestUpdate(). -LIB_EXPORT void -CryptDigestUpdateInt( - void *state, // IN: the state of hash stack - UINT32 intSize, // IN: the size of 'intValue' in bytes - UINT64 intValue // IN: integer value to be hashed -); - -//*** CryptHmacStart() -// This function is used to start an HMAC using a temp -// hash context. The function does the initialization -// of the hash with the HMAC key XOR iPad and updates the -// HMAC key XOR oPad. -// -// The function returns the number of bytes in a digest produced by 'hashAlg'. -// Return Type: UINT16 -// >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) -// -LIB_EXPORT UINT16 -CryptHmacStart( - PHMAC_STATE state, // IN/OUT: the state buffer - TPM_ALG_ID hashAlg, // IN: the algorithm to use - UINT16 keySize, // IN: the size of the HMAC key - const BYTE *key // IN: the HMAC key -); - -//*** CryptHmacEnd() -// This function is called to complete an HMAC. It will finish the current -// digest, and start a new digest. It will then add the oPadKey and the -// completed digest and return the results in dOut. It will not return more -// than dOutSize bytes. -// Return Type: UINT16 -// >= 0 number of bytes in 'dOut' (may be zero) -LIB_EXPORT UINT16 -CryptHmacEnd( - PHMAC_STATE state, // IN: the hash state buffer - UINT32 dOutSize, // IN: size of digest buffer - BYTE *dOut // OUT: hash digest -); - -//*** CryptHmacStart2B() -// This function starts an HMAC and returns the size of the digest -// that will be produced. -// -// This function is provided to support the most common use of starting an HMAC -// with a TPM2B key. -// -// The caller must provide a block of memory in which the hash sequence state -// is kept. The caller should not alter the contents of this buffer until the -// hash sequence is completed or abandoned. -// -// Return Type: UINT16 -// > 0 the digest size of the algorithm -// = 0 the hashAlg was TPM_ALG_NULL -LIB_EXPORT UINT16 -CryptHmacStart2B( - PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used - // in HMAC update and completion - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - P2B key // IN: HMAC key -); - -//*** CryptHmacEnd2B() -// This function is the same as CryptHmacEnd() but the HMAC result -// is returned in a TPM2B which is the most common use. -// Return Type: UINT16 -// >=0 the number of bytes placed in 'digest' -LIB_EXPORT UINT16 -CryptHmacEnd2B( - PHMAC_STATE hmacState, // IN: the state of HMAC stack - P2B digest // OUT: HMAC -); - -//** Mask and Key Generation Functions -//*** CryptMGF1() -// This function performs MGF1 using the selected hash. MGF1 is -// T(n) = T(n-1) || H(seed || counter). -// This function returns the length of the mask produced which -// could be zero if the digest algorithm is not supported -// Return Type: UINT16 -// 0 hash algorithm was TPM_ALG_NULL -// > 0 should be the same as 'mSize' -LIB_EXPORT UINT16 -CryptMGF1( - UINT32 mSize, // IN: length of the mask to be produced - BYTE *mask, // OUT: buffer to receive the mask - TPM_ALG_ID hashAlg, // IN: hash to use - UINT32 seedSize, // IN: size of the seed - BYTE *seed // IN: seed size -); - -//*** CryptKDFa() -// This function performs the key generation according to Part 1 of the -// TPM specification. -// -// This function returns the number of bytes generated which may be zero. -// -// The 'key' and 'keyStream' pointers are not allowed to be NULL. The other -// pointer values may be NULL. The value of 'sizeInBits' must be no larger -// than (2^18)-1 = 256K bits (32385 bytes). -// -// The 'once' parameter is set to allow incremental generation of a large -// value. If this flag is TRUE, 'sizeInBits' will be used in the HMAC computation -// but only one iteration of the KDF is performed. This would be used for -// XOR obfuscation so that the mask value can be generated in digest-sized -// chunks rather than having to be generated all at once in an arbitrarily -// large buffer and then XORed into the result. If 'once' is TRUE, then -// 'sizeInBits' must be a multiple of 8. -// -// Any error in the processing of this command is considered fatal. -// Return Type: UINT16 -// 0 hash algorithm is not supported or is TPM_ALG_NULL -// > 0 the number of bytes in the 'keyStream' buffer -LIB_EXPORT UINT16 -CryptKDFa( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - const TPM2B *key, // IN: HMAC key - const TPM2B *label, // IN: a label for the KDF - const TPM2B *contextU, // IN: context U - const TPM2B *contextV, // IN: context V - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE *keyStream, // OUT: key buffer - UINT32 *counterInOut, // IN/OUT: caller may provide the iteration - // counter for incremental operations to - // avoid large intermediate buffers. - UINT16 blocks // IN: If non-zero, this is the maximum number - // of blocks to be returned, regardless - // of sizeInBits -); - -//*** CryptKDFe() -// This function implements KDFe() as defined in TPM specification part 1. -// -// This function returns the number of bytes generated which may be zero. -// -// The 'Z' and 'keyStream' pointers are not allowed to be NULL. The other -// pointer values may be NULL. The value of 'sizeInBits' must be no larger -// than (2^18)-1 = 256K bits (32385 bytes). -// Any error in the processing of this command is considered fatal. -// Return Type: UINT16 -// 0 hash algorithm is not supported or is TPM_ALG_NULL -// > 0 the number of bytes in the 'keyStream' buffer -// -LIB_EXPORT UINT16 -CryptKDFe( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - TPM2B *Z, // IN: Z - const TPM2B *label, // IN: a label value for the KDF - TPM2B *partyUInfo, // IN: PartyUInfo - TPM2B *partyVInfo, // IN: PartyVInfo - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE *keyStream // OUT: key buffer -); - -#endif // _CRYPT_HASH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h deleted file mode 100644 index 55a0712d7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h +++ /dev/null @@ -1,158 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:06:42PM - */ - -#ifndef _CRYPT_PRIME_SIEVE_FP_H_ -#define _CRYPT_PRIME_SIEVE_FP_H_ - -#if RSA_KEY_SIEVE - -//*** RsaAdjustPrimeLimit() -// This used during the sieve process. The iterator for getting the -// next prime (RsaNextPrime()) will return primes until it hits the -// limit (primeLimit) set up by this function. This causes the sieve -// process to stop when an appropriate number of primes have been -// sieved. -LIB_EXPORT void -RsaAdjustPrimeLimit( - uint32_t requestedPrimes -); - -//*** RsaNextPrime() -// This the iterator used during the sieve process. The input is the -// last prime returned (or any starting point) and the output is the -// next higher prime. The function returns 0 when the primeLimit is -// reached. -LIB_EXPORT uint32_t -RsaNextPrime( - uint32_t lastPrime -); - -//*** FindNthSetBit() -// This function finds the nth SET bit in a bit array. The 'n' parameter is -// between 1 and the number of bits in the array (always a multiple of 8). -// If called when the array does not have n bits set, it will return -1 -// Return Type: unsigned int -// <0 no bit is set or no bit with the requested number is set -// >=0 the number of the bit in the array that is the nth set -LIB_EXPORT int -FindNthSetBit( - const UINT16 aSize, // IN: the size of the array to check - const BYTE *a, // IN: the array to check - const UINT32 n // IN, the number of the SET bit -); - -//*** PrimeSieve() -// This function does a prime sieve over the input 'field' which has as its -// starting address the value in bnN. Since this initializes the Sieve -// using a precomputed field with the bits associated with 3, 5 and 7 already -// turned off, the value of pnN may need to be adjusted by a few counts to allow -// the precomputed field to be used without modification. -// -// To get better performance, one could address the issue of developing the -// composite numbers. When the size of the prime gets large, the time for doing -// the divisions goes up, noticeably. It could be better to develop larger composite -// numbers even if they need to be bigNum's themselves. The object would be to -// reduce the number of times that the large prime is divided into a few large -// divides and then use smaller divides to get to the final 16 bit (or smaller) -// remainders. -LIB_EXPORT UINT32 -PrimeSieve( - bigNum bnN, // IN/OUT: number to sieve - UINT32 fieldSize, // IN: size of the field area in bytes - BYTE *field // IN: field -); -#ifdef SIEVE_DEBUG - -//***SetFieldSize() -// Function to set the field size used for prime generation. Used for tuning. -LIB_EXPORT uint32_t -SetFieldSize( - uint32_t newFieldSize -); -#endif // SIEVE_DEBUG - -//*** PrimeSelectWithSieve() -// This function will sieve the field around the input prime candidate. If the -// sieve field is not empty, one of the one bits in the field is chosen for testing -// with Miller-Rabin. If the value is prime, 'pnP' is updated with this value -// and the function returns success. If this value is not prime, another -// pseudo-random candidate is chosen and tested. This process repeats until -// all values in the field have been checked. If all bits in the field have -// been checked and none is prime, the function returns FALSE and a new random -// value needs to be chosen. -// Return Type: TPM_RC -// TPM_RC_FAILURE TPM in failure mode, probably due to entropy source -// TPM_RC_SUCCESS candidate is probably prime -// TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative -// in the field -LIB_EXPORT TPM_RC -PrimeSelectWithSieve( - bigNum candidate, // IN/OUT: The candidate to filter - UINT32 e, // IN: the exponent - RAND_STATE *rand // IN: the random number generator state -); -#if RSA_INSTRUMENT - -char * -PrintTuple( - UINT32 *i -); - -void -RsaSimulationEnd( - void -); - -LIB_EXPORT void -GetSieveStats( - uint32_t *trials, - uint32_t *emptyFields, - uint32_t *averageBits -); - -#endif -#endif // RSA_KEY_SIEVE -#if !RSA_INSTRUMENT -void -RsaSimulationEnd( - void -); -#endif - -#endif // _CRYPT_PRIME_SIEVE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h deleted file mode 100644 index 019bdbc17..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h +++ /dev/null @@ -1,137 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_PRIME_FP_H_ -#define _CRYPT_PRIME_FP_H_ - -//*** IsPrimeInt() -// This will do a test of a word of up to 32-bits in size. -BOOL -IsPrimeInt( - uint32_t n -); - -//*** BnIsProbablyPrime() -// This function is used when the key sieve is not implemented. This function -// Will try to eliminate some of the obvious things before going on -// to perform MillerRabin as a final verification of primeness. -BOOL -BnIsProbablyPrime( - bigNum prime, // IN: - RAND_STATE *rand // IN: the random state just - // in case Miller-Rabin is required -); - -//*** MillerRabinRounds() -// Function returns the number of Miller-Rabin rounds necessary to give an -// error probability equal to the security strength of the prime. These values -// are from FIPS 186-3. -UINT32 -MillerRabinRounds( - UINT32 bits // IN: Number of bits in the RSA prime -); - -//*** MillerRabin() -// This function performs a Miller-Rabin test from FIPS 186-3. It does -// 'iterations' trials on the number. In all likelihood, if the number -// is not prime, the first test fails. -// Return Type: BOOL -// TRUE(1) probably prime -// FALSE(0) composite -BOOL -MillerRabin( - bigNum bnW, - RAND_STATE *rand -); -#if ALG_RSA - -//*** RsaCheckPrime() -// This will check to see if a number is prime and appropriate for an -// RSA prime. -// -// This has different functionality based on whether we are using key -// sieving or not. If not, the number checked to see if it is divisible by -// the public exponent, then the number is adjusted either up or down -// in order to make it a better candidate. It is then checked for being -// probably prime. -// -// If sieving is used, the number is used to root a sieving process. -// -TPM_RC -RsaCheckPrime( - bigNum prime, - UINT32 exponent, - RAND_STATE *rand -); - -//*** AdjustPrimeCandiate() -// This function adjusts the candidate prime so that it is odd and > root(2)/2. -// This allows the product of these two numbers to be .5, which, in fixed point -// notation means that the most significant bit is 1. -// For this routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 -// which is, in fixed point, 0.7071075439453125 or an error of 0.000108%. Just setting -// the upper two bits would give a value > 0.75 which is an error of > 6%. Given the -// amount of time all the other computations take, reducing the error is not much of -// a cost, but it isn't totally required either. -// -// The code maps the most significant crypt_uword_t in 'prime' so that a 32-/64-bit -// value of 0 to 0xB5050...0 and a value of 0xff...f to 0xff...f. It also sets the LSb -// of 'prime' to make sure that the number is odd. -// -// This code has been fixed so that it will work with a RADIX_SIZE == 64. -// -// The function also puts the number on a field boundary. -LIB_EXPORT void -RsaAdjustPrimeCandidate( - bigNum prime -); - -//***BnGeneratePrimeForRSA() -// Function to generate a prime of the desired size with the proper attributes -// for an RSA prime. -TPM_RC -BnGeneratePrimeForRSA( - bigNum prime, - UINT32 bits, - UINT32 exponent, - RAND_STATE *rand -); -#endif // ALG_RSA - -#endif // _CRYPT_PRIME_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h deleted file mode 100644 index 34e9cc6ec..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h +++ /dev/null @@ -1,204 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_RAND_FP_H_ -#define _CRYPT_RAND_FP_H_ - -//*** DRBG_GetEntropy() -// Even though this implementation never fails, it may get blocked -// indefinitely long in the call to get entropy from the platform -// (DRBG_GetEntropy32()). -// This function is only used during instantiation of the DRBG for -// manufacturing and on each start-up after an non-orderly shutdown. -// Return Type: BOOL -// TRUE(1) requested entropy returned -// FALSE(0) entropy Failure -BOOL -DRBG_GetEntropy( - UINT32 requiredEntropy, // IN: requested number of bytes of full - // entropy - BYTE *entropy // OUT: buffer to return collected entropy -); - -//*** IncrementIv() -// This function increments the IV value by 1. It is used by EncryptDRBG(). -void -IncrementIv( - DRBG_IV *iv -); - -//*** DRBG_Reseed() -// This function is used when reseeding of the DRBG is required. If -// entropy is provided, it is used in lieu of using hardware entropy. -// Note: the provided entropy must be the required size. -// Return Type: BOOL -// TRUE(1) reseed succeeded -// FALSE(0) reseed failed, probably due to the entropy generation -BOOL -DRBG_Reseed( - DRBG_STATE *drbgState, // IN: the state to update - DRBG_SEED *providedEntropy, // IN: entropy - DRBG_SEED *additionalData // IN: -); - -//*** DRBG_SelfTest() -// This is run when the DRBG is instantiated and at startup -// Return Type: BOOL -// TRUE(1) test OK -// FALSE(0) test failed -BOOL -DRBG_SelfTest( - void -); - -//*** CryptRandomStir() -// This function is used to cause a reseed. A DRBG_SEED amount of entropy is -// collected from the hardware and then additional data is added. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT failure of the entropy generator -LIB_EXPORT TPM_RC -CryptRandomStir( - UINT16 additionalDataSize, - BYTE *additionalData -); - -//*** CryptRandomGenerate() -// Generate a 'randomSize' number or random bytes. -LIB_EXPORT UINT16 -CryptRandomGenerate( - UINT16 randomSize, - BYTE *buffer -); - -//**** DRBG_InstantiateSeededKdf() -// This function is used to instantiate a KDF-based RNG. This is used for derivations. -// This function always returns TRUE. -LIB_EXPORT BOOL -DRBG_InstantiateSeededKdf( - KDF_STATE *state, // OUT: buffer to hold the state - TPM_ALG_ID hashAlg, // IN: hash algorithm - TPM_ALG_ID kdf, // IN: the KDF to use - TPM2B *seed, // IN: the seed to use - const TPM2B *label, // IN: a label for the generation process. - TPM2B *context, // IN: the context value - UINT32 limit // IN: Maximum number of bits from the KDF -); - -//**** DRBG_AdditionalData() -// Function to reseed the DRBG with additional entropy. This is normally called -// before computing the protection value of a primary key in the Endorsement -// hierarchy. -LIB_EXPORT void -DRBG_AdditionalData( - DRBG_STATE *drbgState, // IN:OUT state to update - TPM2B *additionalData // IN: value to incorporate -); - -//**** DRBG_InstantiateSeeded() -// This function is used to instantiate a random number generator from seed values. -// The nominal use of this generator is to create sequences of pseudo-random -// numbers from a seed value. This function always returns TRUE. -LIB_EXPORT TPM_RC -DRBG_InstantiateSeeded( - DRBG_STATE *drbgState, // IN/OUT: buffer to hold the state - const TPM2B *seed, // IN: the seed to use - const TPM2B *purpose, // IN: a label for the generation process. - const TPM2B *name, // IN: name of the object - const TPM2B *additional // IN: additional data -); - -//**** CryptRandStartup() -// This function is called when TPM_Startup is executed. This function always returns -// TRUE. -LIB_EXPORT BOOL -CryptRandStartup( - void -); - -//**** CryptRandInit() -// This function is called when _TPM_Init is being processed. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -LIB_EXPORT BOOL -CryptRandInit( - void -); - -//*** DRBG_Generate() -// This function generates a random sequence according SP800-90A. -// If 'random' is not NULL, then 'randomSize' bytes of random values are generated. -// If 'random' is NULL or 'randomSize' is zero, then the function returns -// TRUE without generating any bits or updating the reseed counter. -// This function returns 0 if a reseed is required. Otherwise, it returns the -// number of bytes produced which could be less than the number requested if the -// request is too large. -LIB_EXPORT UINT16 -DRBG_Generate( - RAND_STATE *state, - BYTE *random, // OUT: buffer to receive the random values - UINT16 randomSize // IN: the number of bytes to generate -); - -//*** DRBG_Instantiate() -// This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. -// This is called when a the TPM DRBG is to be instantiated. This is -// called to instantiate a DRBG used by the TPM for normal -// operations. -// Return Type: BOOL -// TRUE(1) instantiation succeeded -// FALSE(0) instantiation failed -LIB_EXPORT BOOL -DRBG_Instantiate( - DRBG_STATE *drbgState, // OUT: the instantiated value - UINT16 pSize, // IN: Size of personalization string - BYTE *personalization // IN: The personalization string -); - -//*** DRBG_Uninstantiate() -// This is Uninstantiate_function() from [SP 800-90A 9.4]. -// -// Return Type: TPM_RC -// TPM_RC_VALUE not a valid state -LIB_EXPORT TPM_RC -DRBG_Uninstantiate( - DRBG_STATE *drbgState // IN/OUT: working state to erase -); - -#endif // _CRYPT_RAND_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h deleted file mode 100644 index 8af477f6c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h +++ /dev/null @@ -1,210 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_RSA_FP_H_ -#define _CRYPT_RSA_FP_H_ - -#if ALG_RSA - -//*** CryptRsaInit() -// Function called at _TPM_Init(). -BOOL -CryptRsaInit( - void -); - -//*** CryptRsaStartup() -// Function called at TPM2_Startup() -BOOL -CryptRsaStartup( - void -); - -//*** CryptRsaPssSaltSize() -// This function computes the salt size used in PSS. It is broken out so that -// the X509 code can get the same value that is used by the encoding function in this -// module. -INT16 -CryptRsaPssSaltSize( - INT16 hashSize, - INT16 outSize -); - -//*** MakeDerTag() -// Construct the DER value that is used in RSASSA -// Return Type: INT16 -// > 0 size of value -// <= 0 no hash exists -INT16 -MakeDerTag( - TPM_ALG_ID hashAlg, - INT16 sizeOfBuffer, - BYTE *buffer -); - -//*** CryptRsaSelectScheme() -// This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up -// the rules to select a scheme between input and object default. -// This function assume the RSA object is loaded. -// If a default scheme is defined in object, the default scheme should be chosen, -// otherwise, the input scheme should be chosen. -// In the case that both the object and 'scheme' are not TPM_ALG_NULL, then -// if the schemes are the same, the input scheme will be chosen. -// if the scheme are not compatible, a NULL pointer will be returned. -// -// The return pointer may point to a TPM_ALG_NULL scheme. -TPMT_RSA_DECRYPT* -CryptRsaSelectScheme( - TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key - TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme -); - -//*** CryptRsaLoadPrivateExponent() -// This function is called to generate the private exponent of an RSA key. -// Return Type: TPM_RC -// TPM_RC_BINDING public and private parts of 'rsaKey' are not matched -TPM_RC -CryptRsaLoadPrivateExponent( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive -); - -//*** CryptRsaEncrypt() -// This is the entry point for encryption using RSA. Encryption is -// use of the public exponent. The padding parameter determines what -// padding will be used. -// -// The 'cOutSize' parameter must be at least as large as the size of the key. -// -// If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be -// lower in value than the key modulus. -// NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to -// dIn to make it the size of the RSA key for the call to RSAEP. This is -// because the high order bytes of dIn might have a numeric value that is -// greater than the value of the key modulus. If this had low-order zeros -// added, it would have a numeric value larger than the modulus even though -// it started out with a lower numeric value. -// -// Return Type: TPM_RC -// TPM_RC_VALUE 'cOutSize' is too small (must be the size -// of the modulus) -// TPM_RC_SCHEME 'padType' is not a supported scheme -// -LIB_EXPORT TPM_RC -CryptRsaEncrypt( - TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data - TPM2B *dIn, // IN: the data to encrypt - OBJECT *key, // IN: the key used for encryption - TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash - // if needed - const TPM2B *label, // IN: in case it is needed - RAND_STATE *rand // IN: random number generator - // state (mostly for testing) -); - -//*** CryptRsaDecrypt() -// This is the entry point for decryption using RSA. Decryption is -// use of the private exponent. The 'padType' parameter determines what -// padding was used. -// -// Return Type: TPM_RC -// TPM_RC_SIZE 'cInSize' is not the same as the size of the public -// modulus of 'key'; or numeric value of the encrypted -// data is greater than the modulus -// TPM_RC_VALUE 'dOutSize' is not large enough for the result -// TPM_RC_SCHEME 'padType' is not supported -// -LIB_EXPORT TPM_RC -CryptRsaDecrypt( - TPM2B *dOut, // OUT: the decrypted data - TPM2B *cIn, // IN: the data to decrypt - OBJECT *key, // IN: the key to use for decryption - TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme - const TPM2B *label // IN: in case it is needed for the scheme -); - -//*** CryptRsaSign() -// This function is used to generate an RSA signature of the type indicated in -// 'scheme'. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported -// TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) -// -LIB_EXPORT TPM_RC -CryptRsaSign( - TPMT_SIGNATURE *sigOut, - OBJECT *key, // IN: key to use - TPM2B_DIGEST *hIn, // IN: the digest to sign - RAND_STATE *rand // IN: the random number generator - // to use (mostly for testing) -); - -//*** CryptRsaValidateSignature() -// This function is used to validate an RSA signature. If the signature is valid -// TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is -// returned. Other return codes indicate either parameter problems or fatal errors. -// -// Return Type: TPM_RC -// TPM_RC_SIGNATURE the signature does not check -// TPM_RC_SCHEME unsupported scheme or hash algorithm -// -LIB_EXPORT TPM_RC -CryptRsaValidateSignature( - TPMT_SIGNATURE *sig, // IN: signature - OBJECT *key, // IN: public modulus - TPM2B_DIGEST *digest // IN: The digest being validated -); - -//*** CryptRsaGenerateKey() -// Generate an RSA key from a provided seed -// Return Type: TPM_RC -// TPM_RC_CANCELED operation was canceled -// TPM_RC_RANGE public exponent is not supported -// TPM_RC_VALUE could not find a prime using the provided parameters -LIB_EXPORT TPM_RC -CryptRsaGenerateKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state -); -#endif // ALG_RSA - -#endif // _CRYPT_RSA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h deleted file mode 100644 index 49c537537..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h +++ /dev/null @@ -1,108 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _CRYPT_SELF_TEST_FP_H_ -#define _CRYPT_SELF_TEST_FP_H_ - -//*** CryptSelfTest() -// This function is called to start/complete a full self-test. -// If 'fullTest' is NO, then only the untested algorithms will be run. If -// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then -// all tests are run. -// This implementation of the reference design does not support processing outside -// the framework of a TPM command. As a consequence, this command does not -// complete until all tests are done. Since this can take a long time, the TPM -// will check after each test to see if the command is canceled. If so, then the -// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call -// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. -// Return Type: TPM_RC -// TPM_RC_CANCELED if the command is canceled -LIB_EXPORT -TPM_RC -CryptSelfTest( - TPMI_YES_NO fullTest // IN: if full test is required -); - -//*** CryptIncrementalSelfTest() -// This function is used to perform an incremental self-test. This implementation -// will perform the toTest values before returning. That is, it assumes that the -// TPM cannot perform background tasks between commands. -// -// This command may be canceled. If it is, then there is no return result. -// However, this command can be run again and the incremental progress will not -// be lost. -// Return Type: TPM_RC -// TPM_RC_CANCELED processing of this command was canceled -// TPM_RC_TESTING if toTest list is not empty -// TPM_RC_VALUE an algorithm in the toTest list is not implemented -TPM_RC -CryptIncrementalSelfTest( - TPML_ALG *toTest, // IN: list of algorithms to be tested - TPML_ALG *toDoList // OUT: list of algorithms needing test -); - -//*** CryptInitializeToTest() -// This function will initialize the data structures for testing all the -// algorithms. This should not be called unless CryptAlgsSetImplemented() has -// been called -void -CryptInitializeToTest( - void -); - -//*** CryptTestAlgorithm() -// Only point of contact with the actual self tests. If a self-test fails, there -// is no return and the TPM goes into failure mode. -// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the -// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If -// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. -// There is a special case for the call to TestAlgorithm(). When 'alg' is -// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has -// no test. This allows the knowledge about which algorithms have test to be -// accessed through the interface that provides the test. -// Return Type: TPM_RC -// TPM_RC_CANCELED test was canceled -LIB_EXPORT -TPM_RC -CryptTestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest -); - -#endif // _CRYPT_SELF_TEST_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h deleted file mode 100644 index 1c1f6aff5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h +++ /dev/null @@ -1,84 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _CRYPT_SMAC_FP_H_ -#define _CRYPT_SMAC_FP_H_ - -#if SMAC_IMPLEMENTED - -//*** CryptSmacStart() -// Function to start an SMAC. -UINT16 -CryptSmacStart( - HASH_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key -); - -//*** CryptMacStart() -// Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart -// function because of the difference in number of parameters. -UINT16 -CryptMacStart( - HMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key -); - -//*** CryptMacEnd() -// Dispatch to the MAC end function using a size and buffer pointer. -UINT16 -CryptMacEnd( - HMAC_STATE *state, - UINT32 size, - BYTE *buffer -); - -//*** CryptMacEnd2B() -// Dispatch to the MAC end function using a 2B. -UINT16 -CryptMacEnd2B ( - HMAC_STATE *state, - TPM2B *data -); -#endif // SMAC_IMPLEMENTED - -#endif // _CRYPT_SMAC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h deleted file mode 100644 index d02634e65..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h +++ /dev/null @@ -1,126 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _CRYPT_SYM_FP_H_ -#define _CRYPT_SYM_FP_H_ - -//** Initialization and Data Access Functions -// -//*** CryptSymInit() -// This function is called to do _TPM_Init processing -BOOL -CryptSymInit( - void -); - -//*** CryptSymStartup() -// This function is called to do TPM2_Startup() processing -BOOL -CryptSymStartup( - void -); - -//*** CryptGetSymmetricBlockSize() -// This function returns the block size of the algorithm. The table of bit sizes has -// an entry for each allowed key size. The entry for a key size is 0 if the TPM does -// not implement that key size. The key size table is delimited with a negative number -// (-1). After the delimiter is a list of block sizes with each entry corresponding -// to the key bit size. For most symmetric algorithms, the block size is the same -// regardless of the key size but this arrangement allows them to be different. -// Return Type: INT16 -// <= 0 cipher not supported -// > 0 the cipher block size in bytes -LIB_EXPORT INT16 -CryptGetSymmetricBlockSize( - TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm - UINT16 keySizeInBits // IN: the key size -); - -//** Symmetric Encryption -// This function performs symmetric encryption based on the mode. -// Return Type: TPM_RC -// TPM_RC_SIZE 'dSize' is not a multiple of the block size for an -// algorithm that requires it -// TPM_RC_FAILURE Fatal error -LIB_EXPORT TPM_RC -CryptSymmetricEncrypt( - BYTE *dOut, // OUT: - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer -); - -//*** CryptSymmetricDecrypt() -// This function performs symmetric decryption based on the mode. -// Return Type: TPM_RC -// TPM_RC_FAILURE A fatal error -// TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an -// algorithm that requires it -LIB_EXPORT TPM_RC -CryptSymmetricDecrypt( - BYTE *dOut, // OUT: decrypted data - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer -); - -//*** CryptSymKeyValidate() -// Validate that a provided symmetric key meets the requirements of the TPM -// Return Type: TPM_RC -// TPM_RC_KEY_SIZE Key size specifiers do not match -// TPM_RC_KEY Key is not allowed -TPM_RC -CryptSymKeyValidate( - TPMT_SYM_DEF_OBJECT *symDef, - TPM2B_SYM_KEY *key -); - -#endif // _CRYPT_SYM_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h deleted file mode 100644 index c7367a26d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h +++ /dev/null @@ -1,488 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _CRYPT_UTIL_FP_H_ -#define _CRYPT_UTIL_FP_H_ - -//*** CryptIsSchemeAnonymous() -// This function is used to test a scheme to see if it is an anonymous scheme -// The only anonymous scheme is ECDAA. ECDAA can be used to do things -// like U-Prove. -BOOL -CryptIsSchemeAnonymous( - TPM_ALG_ID scheme // IN: the scheme algorithm to test -); - -//*** ParmDecryptSym() -// This function performs parameter decryption using symmetric block cipher. -void -ParmDecryptSym( - TPM_ALG_ID symAlg, // IN: the symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: the key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be decrypted -); - -//*** ParmEncryptSym() -// This function performs parameter encryption using symmetric block cipher. -void -ParmEncryptSym( - TPM_ALG_ID symAlg, // IN: symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: symmetric key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be encrypted -); - -//*** CryptXORObfuscation() -// This function implements XOR obfuscation. It should not be called if the -// hash algorithm is not implemented. The only return value from this function -// is TPM_RC_SUCCESS. -void -CryptXORObfuscation( - TPM_ALG_ID hash, // IN: hash algorithm for KDF - TPM2B *key, // IN: KDF key - TPM2B *contextU, // IN: contextU - TPM2B *contextV, // IN: contextV - UINT32 dataSize, // IN: size of data buffer - BYTE *data // IN/OUT: data to be XORed in place -); - -//*** CryptInit() -// This function is called when the TPM receives a _TPM_Init indication. -// -// NOTE: The hash algorithms do not have to be tested, they just need to be -// available. They have to be tested before the TPM can accept HMAC authorization -// or return any result that relies on a hash algorithm. -// Return Type: BOOL -// TRUE(1) initializations succeeded -// FALSE(0) initialization failed and caller should place the TPM into -// Failure Mode -BOOL -CryptInit( - void -); - -//*** CryptStartup() -// This function is called by TPM2_Startup() to initialize the functions in -// this cryptographic library and in the provided CryptoLibrary. This function -// and CryptUtilInit() are both provided so that the implementation may move the -// initialization around to get the best interaction. -// Return Type: BOOL -// TRUE(1) startup succeeded -// FALSE(0) startup failed and caller should place the TPM into -// Failure Mode -BOOL -CryptStartup( - STARTUP_TYPE type // IN: the startup type -); - -//**************************************************************************** -//** Algorithm-Independent Functions -//**************************************************************************** -//*** Introduction -// These functions are used generically when a function of a general type -// (e.g., symmetric encryption) is required. The functions will modify the -// parameters as required to interface to the indicated algorithms. -// -//*** CryptIsAsymAlgorithm() -// This function indicates if an algorithm is an asymmetric algorithm. -// Return Type: BOOL -// TRUE(1) if it is an asymmetric algorithm -// FALSE(0) if it is not an asymmetric algorithm -BOOL -CryptIsAsymAlgorithm( - TPM_ALG_ID algID // IN: algorithm ID -); - -//*** CryptSecretEncrypt() -// This function creates a secret value and its associated secret structure using -// an asymmetric algorithm. -// -// This function is used by TPM2_Rewrap() TPM2_MakeCredential(), -// and TPM2_Duplicate(). -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key -// TPM_RC_KEY invalid ECC key (public point is not on the curve) -// TPM_RC_SCHEME RSA key with an unsupported padding scheme -// TPM_RC_VALUE numeric value of the data to be decrypted is greater -// than the RSA key modulus -TPM_RC -CryptSecretEncrypt( - OBJECT *encryptKey, // IN: encryption key object - const TPM2B *label, // IN: a null-terminated string as L - TPM2B_DATA *data, // OUT: secret value - TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure -); - -//*** CryptSecretDecrypt() -// Decrypt a secret value by asymmetric (or symmetric) algorithm -// This function is used for ActivateCredential and Import for asymmetric -// decryption, and StartAuthSession for both asymmetric and symmetric -// decryption process -// -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES RSA key is not a decryption key -// TPM_RC_BINDING Invalid RSA key (public and private parts are not -// cryptographically bound. -// TPM_RC_ECC_POINT ECC point in the secret is not on the curve -// TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret -// TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity -// TPM_RC_SIZE data to decrypt is not of the same size as RSA key -// TPM_RC_VALUE For RSA key, numeric value of the encrypted data is -// greater than the modulus, or the recovered data is -// larger than the output buffer. -// For keyedHash or symmetric key, the secret is -// larger than the size of the digest produced by -// the name algorithm. -// TPM_RC_FAILURE internal error -TPM_RC -CryptSecretDecrypt( - OBJECT *decryptKey, // IN: decrypt key - TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for - // symmetric decryption. For - // asymmetric decryption, this - // parameter is NULL - const TPM2B *label, // IN: a value for L - TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret - TPM2B_DATA *data // OUT: decrypted secret value -); - -//*** CryptParameterEncryption() -// This function does in-place encryption of a response parameter. -void -CryptParameterEncryption( - TPM_HANDLE handle, // IN: encrypt session handle - TPM2B *nonceCaller, // IN: nonce caller - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // bytes - TPM2B_AUTH *extraKey, // IN: additional key material other than - // sessionAuth - BYTE *buffer // IN/OUT: parameter buffer to be encrypted -); - -//*** CryptParameterDecryption() -// This function does in-place decryption of a command parameter. -// Return Type: TPM_RC -// TPM_RC_SIZE The number of bytes in the input buffer is less than -// the number of bytes to be decrypted. -TPM_RC -CryptParameterDecryption( - TPM_HANDLE handle, // IN: encrypted session handle - TPM2B *nonceCaller, // IN: nonce caller - UINT32 bufferSize, // IN: size of parameter buffer - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // byte - TPM2B_AUTH *extraKey, // IN: the authValue - BYTE *buffer // IN/OUT: parameter buffer to be decrypted -); - -//*** CryptComputeSymmetricUnique() -// This function computes the unique field in public area for symmetric objects. -void -CryptComputeSymmetricUnique( - TPMT_PUBLIC *publicArea, // IN: the object's public area - TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area - TPM2B_DIGEST *unique // OUT: unique buffer -); - -//*** CryptCreateObject() -// This function creates an object. -// For an asymmetric key, it will create a key pair and, for a parent key, a seed -// value for child protections. -// -// For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will -// create a secret key if the caller did not provide one. It will create a random -// secret seed value that is hashed with the secret value to create the public -// unique value. -// -// 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters -// and are the only ones that are used by TPM2_Create(). The other parameters -// are optional and are used when the generated Object needs to be deterministic. -// This is the case for both Primary Objects and Derived Objects. -// -// When a seed value is provided, a RAND_STATE will be populated and used for -// all operations in the object generation that require a random number. In the -// simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with -// context being the hash of the template. If the Primary Object is in -// the Endorsement hierarchy, it will also populate 'proof' with ehProof. -// -// For derived keys, 'seed' will be the secret value from the parent, 'label' and -// 'context' will be set according to the parameters of TPM2_CreateLoaded() and -// 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. -// -// Return Type: TPM_RC -// TPM_RC_KEY a provided key is not an allowed value -// TPM_RC_KEY_SIZE key size in the public area does not match the size -// in the sensitive creation area for a symmetric key -// TPM_RC_NO_RESULT unable to get random values (only in derivation) -// TPM_RC_RANGE for an RSA key, the exponent is not supported -// TPM_RC_SIZE sensitive data size is larger than allowed for the -// scheme for a keyed hash object -// TPM_RC_VALUE exponent is not prime or could not find a prime using -// the provided parameters for an RSA key; -// unsupported name algorithm for an ECC key -TPM_RC -CryptCreateObject( - OBJECT *object, // IN: new object structure pointer - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation - RAND_STATE *rand // IN: the random number generator - // to use -); - -//*** CryptGetSignHashAlg() -// Get the hash algorithm of signature from a TPMT_SIGNATURE structure. -// It assumes the signature is not NULL -// This is a function for easy access -TPMI_ALG_HASH -CryptGetSignHashAlg( - TPMT_SIGNATURE *auth // IN: signature -); - -//*** CryptIsSplitSign() -// This function us used to determine if the signing operation is a split -// signing operation that required a TPM2_Commit(). -// -BOOL -CryptIsSplitSign( - TPM_ALG_ID scheme // IN: the algorithm selector -); - -//*** CryptIsAsymSignScheme() -// This function indicates if a scheme algorithm is a sign algorithm. -BOOL -CryptIsAsymSignScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme -); - -//*** CryptIsAsymDecryptScheme() -// This function indicate if a scheme algorithm is a decrypt algorithm. -BOOL -CryptIsAsymDecryptScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme -); - -//*** CryptSelectSignScheme() -// This function is used by the attestation and signing commands. It implements -// the rules for selecting the signature scheme to use in signing. This function -// requires that the signing key either be TPM_RH_NULL or be loaded. -// -// If a default scheme is defined in object, the default scheme should be chosen, -// otherwise, the input scheme should be chosen. -// In the case that both object and input scheme has a non-NULL scheme -// algorithm, if the schemes are compatible, the input scheme will be chosen. -// -// This function should not be called if 'signObject->publicArea.type' == -// ALG_SYMCIPHER. -// -// Return Type: BOOL -// TRUE(1) scheme selected -// FALSE(0) both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -BOOL -CryptSelectSignScheme( - OBJECT *signObject, // IN: signing key - TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme -); - -//*** CryptSign() -// Sign a digest with asymmetric key or HMAC. -// This function is called by attestation commands and the generic TPM2_Sign -// command. -// This function checks the key scheme and digest size. It does not -// check if the sign operation is allowed for restricted key. It should be -// checked before the function is called. -// The function will assert if the key is not a signing key. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type -// TPM_RC_VALUE 'digest' value is greater than the modulus of -// 'signHandle' or size of 'hashData' does not match hash -// algorithm in'signScheme' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -CryptSign( - OBJECT *signKey, // IN: signing key - TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. - TPM2B_DIGEST *digest, // IN: The digest being signed - TPMT_SIGNATURE *signature // OUT: signature -); - -//*** CryptValidateSignature() -// This function is used to verify a signature. It is called by -// TPM2_VerifySignature() and TPM2_PolicySigned. -// -// Since this operation only requires use of a public key, no consistency -// checks are necessary for the key to signature type because a caller can load -// any public key that they like with any scheme that they like. This routine -// simply makes sure that the signature is correct, whatever the type. -// -// Return Type: TPM_RC -// TPM_RC_SIGNATURE the signature is not genuine -// TPM_RC_SCHEME the scheme is not supported -// TPM_RC_HANDLE an HMAC key was selected but the -// private part of the key is not loaded -TPM_RC -CryptValidateSignature( - TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key - TPM2B_DIGEST *digest, // IN: The digest being validated - TPMT_SIGNATURE *signature // IN: signature -); - -//*** CryptGetTestResult -// This function returns the results of a self-test function. -// Note: the behavior in this function is NOT the correct behavior for a real -// TPM implementation. An artificial behavior is placed here due to the -// limitation of a software simulation environment. For the correct behavior, -// consult the part 3 specification for TPM2_GetTestResult(). -TPM_RC -CryptGetTestResult( - TPM2B_MAX_BUFFER *outData // OUT: test result data -); - -//*** CryptIsUniqueSizeValid() -// This function validates that the unique values are consistent. -// NOTE: This is not a comprehensive test of the public key. -// Return Type: BOOL -// TRUE(1) sizes are consistent -// FALSE(0) sizes are not consistent -BOOL -CryptIsUniqueSizeValid( - TPMT_PUBLIC *publicArea // IN: the public area to check -); - -//*** CryptIsSensitiveSizeValid() -// This function is used by TPM2_LoadExternal() to validate that the sensitive area -// contains a 'sensitive' value that is consistent with the values in the public -// area. -BOOL -CryptIsSensitiveSizeValid( - TPMT_PUBLIC *publicArea, // IN: the object's public part - TPMT_SENSITIVE *sensitiveArea // IN: the object's sensitive part -); - -//*** CryptValidateKeys() -// This function is used to verify that the key material of and object is valid. -// For a 'publicOnly' object, the key is verified for size and, if it is an ECC -// key, it is verified to be on the specified curve. For a key with a sensitive -// area, the binding between the public and private parts of the key are verified. -// If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area -// is verified but the public portion is not verified, unless the key is an RSA key. -// For an RSA key, the reason for loading the sensitive area is to use it. The -// only way to use a private RSA key is to compute the private exponent. To compute -// the private exponent, the public modulus is used. -// Return Type: TPM_RC -// TPM_RC_BINDING the public and private parts are not cryptographically -// bound -// TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL -// TPM_RC_KEY the public unique is not valid -// TPM_RC_KEY_SIZE the private area key is not valid -// TPM_RC_TYPE the types of the sensitive and private parts do not match -TPM_RC -CryptValidateKeys( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - TPM_RC blamePublic, - TPM_RC blameSensitive -); - -//*** CryptAlgSetImplemented() -// This function initializes the bit vector with one bit for each implemented -// algorithm. This function is called from _TPM_Init(). The vector of implemented -// algorithms should be generated by the part 2 parser so that the -// 'g_implementedAlgorithms' vector can be a constant. That's not how it is now -void -CryptAlgsSetImplemented( - void -); - -//*** CryptSelectMac() -// This function is used to set the MAC scheme based on the key parameters and -// the input scheme. -// Return Type: TPM_RC -// TPM_RC_SCHEME the scheme is not a valid mac scheme -// TPM_RC_TYPE the input key is not a type that supports a mac -// TPM_RC_VALUE the input scheme and the key scheme are not compatible -TPM_RC -CryptSelectMac( - TPMT_PUBLIC *publicArea, - TPMI_ALG_MAC_SCHEME *inMac -); - -//*** CryptMacIsValidForKey() -// Check to see if the key type is compatible with the mac type -BOOL -CryptMacIsValidForKey( - TPM_ALG_ID keyType, - TPM_ALG_ID macAlg, - BOOL flag -); - -//*** CryptSmacIsValidAlg() -// This function is used to test if an algorithm is a supported SMAC algorithm. It -// needs to be updated as new algorithms are added. -BOOL -CryptSmacIsValidAlg( - TPM_ALG_ID alg, - BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid -); - -//*** CryptSymModeIsValid() -// Function checks to see if an algorithm ID is a valid, symmetric block cipher -// mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. -// not include the modes used for SMAC -BOOL -CryptSymModeIsValid( - TPM_ALG_ID mode, - BOOL flag -); - -#endif // _CRYPT_UTIL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h deleted file mode 100644 index 88b50282e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _DA_FP_H_ -#define _DA_FP_H_ - -//*** DAPreInstall_Init() -// This function initializes the DA parameters to their manufacturer-default -// values. The default values are determined by a platform-specific specification. -// -// This function should not be called outside of a manufacturing or simulation -// environment. -// -// The DA parameters will be restored to these initial values by TPM2_Clear(). -void -DAPreInstall_Init( - void -); - -//*** DAStartup() -// This function is called by TPM2_Startup() to initialize the DA parameters. -// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the -// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until -// the TPM has been continuously powered for the lockoutRecovery time. -// -// This function requires that NV be available and not rate limiting. -BOOL -DAStartup( - STARTUP_TYPE type // IN: startup type -); - -//*** DARegisterFailure() -// This function is called when a authorization failure occurs on an entity -// that is subject to dictionary-attack protection. When a DA failure is -// triggered, register the failure by resetting the relevant self-healing -// timer to the current time. -void -DARegisterFailure( - TPM_HANDLE handle // IN: handle for failure -); - -//*** DASelfHeal() -// This function is called to check if sufficient time has passed to allow -// decrement of failedTries or to re-enable use of lockoutAuth. -// -// This function should be called when the time interval is updated. -void -DASelfHeal( - void -); - -#endif // _DA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h deleted file mode 100644 index e8be2fc9c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_DictionaryAttackLockReset // Command must be enabled - -#ifndef _Dictionary_Attack_Lock_Reset_FP_H_ -#define _Dictionary_Attack_Lock_Reset_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_LOCKOUT lockHandle; -} DictionaryAttackLockReset_In; - -// Response code modifiers -#define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_DictionaryAttackLockReset( - DictionaryAttackLockReset_In *in -); - -#endif // _Dictionary_Attack_Lock_Reset_FP_H_ -#endif // CC_DictionaryAttackLockReset diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h deleted file mode 100644 index 787a9e22f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_DictionaryAttackParameters // Command must be enabled - -#ifndef _Dictionary_Attack_Parameters_FP_H_ -#define _Dictionary_Attack_Parameters_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_LOCKOUT lockHandle; - UINT32 newMaxTries; - UINT32 newRecoveryTime; - UINT32 lockoutRecovery; -} DictionaryAttackParameters_In; - -// Response code modifiers -#define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) -#define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) -#define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) -#define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_DictionaryAttackParameters( - DictionaryAttackParameters_In *in -); - -#endif // _Dictionary_Attack_Parameters_FP_H_ -#endif // CC_DictionaryAttackParameters diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h deleted file mode 100644 index 74f064c6e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h +++ /dev/null @@ -1,74 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Duplicate // Command must be enabled - -#ifndef _Duplicate_FP_H_ -#define _Duplicate_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT newParentHandle; - TPM2B_DATA encryptionKeyIn; - TPMT_SYM_DEF_OBJECT symmetricAlg; -} Duplicate_In; - -// Output structure definition -typedef struct { - TPM2B_DATA encryptionKeyOut; - TPM2B_PRIVATE duplicate; - TPM2B_ENCRYPTED_SECRET outSymSeed; -} Duplicate_Out; - -// Response code modifiers -#define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) -#define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) -#define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_Duplicate( - Duplicate_In *in, - Duplicate_Out *out -); - -#endif // _Duplicate_FP_H_ -#endif // CC_Duplicate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h deleted file mode 100644 index c38b14cb3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ECC_Parameters // Command must be enabled - -#ifndef _ECC_Parameters_FP_H_ -#define _ECC_Parameters_FP_H_ - -// Input structure definition -typedef struct { - TPMI_ECC_CURVE curveID; -} ECC_Parameters_In; - -// Output structure definition -typedef struct { - TPMS_ALGORITHM_DETAIL_ECC parameters; -} ECC_Parameters_Out; - -// Response code modifiers -#define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ECC_Parameters( - ECC_Parameters_In *in, - ECC_Parameters_Out *out -); - -#endif // _ECC_Parameters_FP_H_ -#endif // CC_ECC_Parameters diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h deleted file mode 100644 index f86e16f93..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ECDH_KeyGen // Command must be enabled - -#ifndef _ECDH_Key_Gen_FP_H_ -#define _ECDH_Key_Gen_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; -} ECDH_KeyGen_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT zPoint; - TPM2B_ECC_POINT pubPoint; -} ECDH_KeyGen_Out; - -// Response code modifiers -#define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ECDH_KeyGen( - ECDH_KeyGen_In *in, - ECDH_KeyGen_Out *out -); - -#endif // _ECDH_Key_Gen_FP_H_ -#endif // CC_ECDH_KeyGen diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h deleted file mode 100644 index ba77f5f31..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ECDH_ZGen // Command must be enabled - -#ifndef _ECDH_ZGen_FP_H_ -#define _ECDH_ZGen_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_ECC_POINT inPoint; -} ECDH_ZGen_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT outPoint; -} ECDH_ZGen_Out; - -// Response code modifiers -#define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ECDH_ZGen( - ECDH_ZGen_In *in, - ECDH_ZGen_Out *out -); - -#endif // _ECDH_ZGen_FP_H_ -#endif // CC_ECDH_ZGen diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h deleted file mode 100644 index 7b0ba0fec..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EC_Ephemeral // Command must be enabled - -#ifndef _EC_Ephemeral_FP_H_ -#define _EC_Ephemeral_FP_H_ - -// Input structure definition -typedef struct { - TPMI_ECC_CURVE curveID; -} EC_Ephemeral_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT Q; - UINT16 counter; -} EC_Ephemeral_Out; - -// Response code modifiers -#define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_EC_Ephemeral( - EC_Ephemeral_In *in, - EC_Ephemeral_Out *out -); - -#endif // _EC_Ephemeral_FP_H_ -#endif // CC_EC_Ephemeral diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h deleted file mode 100644 index 20e717ede..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EncryptDecrypt2 // Command must be enabled - -#ifndef _Encrypt_Decrypt2_FP_H_ -#define _Encrypt_Decrypt2_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_MAX_BUFFER inData; - TPMI_YES_NO decrypt; - TPMI_ALG_CIPHER_MODE mode; - TPM2B_IV ivIn; -} EncryptDecrypt2_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER outData; - TPM2B_IV ivOut; -} EncryptDecrypt2_Out; - -// Response code modifiers -#define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1) -#define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2) -#define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3) -#define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_EncryptDecrypt2( - EncryptDecrypt2_In *in, - EncryptDecrypt2_Out *out -); - -#endif // _Encrypt_Decrypt2_FP_H_ -#endif // CC_EncryptDecrypt2 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h deleted file mode 100644 index 689d2688e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EncryptDecrypt // Command must be enabled - -#ifndef _Encrypt_Decrypt_FP_H_ -#define _Encrypt_Decrypt_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPMI_YES_NO decrypt; - TPMI_ALG_CIPHER_MODE mode; - TPM2B_IV ivIn; - TPM2B_MAX_BUFFER inData; -} EncryptDecrypt_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER outData; - TPM2B_IV ivOut; -} EncryptDecrypt_Out; - -// Response code modifiers -#define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1) -#define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2) -#define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3) -#define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_EncryptDecrypt( - EncryptDecrypt_In *in, - EncryptDecrypt_Out *out -); - -#endif // _Encrypt_Decrypt_FP_H_ -#endif // CC_EncryptDecrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h deleted file mode 100644 index b1e7c39ef..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _ENCRYPT_DECRYPT_SPT_FP_H_ -#define _ENCRYPT_DECRYPT_SPT_FP_H_ - -#if CC_EncryptDecrypt2 - -// Return Type: TPM_RC -// TPM_RC_KEY is not a symmetric decryption key with both -// public and private portions loaded -// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; -// or 'inData' size is not an even multiple of the block -// size for CBC or ECB mode -// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does -// not match the key's mode -TPM_RC -EncryptDecryptShared( - TPMI_DH_OBJECT keyHandleIn, - TPMI_YES_NO decryptIn, - TPMI_ALG_SYM_MODE modeIn, - TPM2B_IV *ivIn, - TPM2B_MAX_BUFFER *inData, - EncryptDecrypt_Out *out -); -#endif // CC_EncryptDecrypt - -#endif // _ENCRYPT_DECRYPT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h deleted file mode 100644 index 4bb2a1b55..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h +++ /dev/null @@ -1,108 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _ENTITY_FP_H_ -#define _ENTITY_FP_H_ - -//** Functions -//*** EntityGetLoadStatus() -// This function will check that all the handles access loaded entities. -// Return Type: TPM_RC -// TPM_RC_HANDLE handle type does not match -// TPM_RC_REFERENCE_Hx entity is not present -// TPM_RC_HIERARCHY entity belongs to a disabled hierarchy -// TPM_RC_OBJECT_MEMORY handle is an evict object but there is no -// space to load it to RAM -TPM_RC -EntityGetLoadStatus( - COMMAND *command // IN/OUT: command parsing structure -); - -//*** EntityGetAuthValue() -// This function is used to access the 'authValue' associated with a handle. -// This function assumes that the handle references an entity that is accessible -// and the handle is not for a persistent objects. That is EntityGetLoadStatus() -// should have been called. Also, the accessibility of the authValue should have -// been verified by IsAuthValueAvailable(). -// -// This function copies the authorization value of the entity to 'auth'. -// Return Type: UINT16 -// count number of bytes in the authValue with 0's stripped -UINT16 -EntityGetAuthValue( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_AUTH *auth // OUT: authValue of the entity -); - -//*** EntityGetAuthPolicy() -// This function is used to access the 'authPolicy' associated with a handle. -// This function assumes that the handle references an entity that is accessible -// and the handle is not for a persistent objects. That is EntityGetLoadStatus() -// should have been called. Also, the accessibility of the authPolicy should have -// been verified by IsAuthPolicyAvailable(). -// -// This function copies the authorization policy of the entity to 'authPolicy'. -// -// The return value is the hash algorithm for the policy. -TPMI_ALG_HASH -EntityGetAuthPolicy( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity -); - -//*** EntityGetName() -// This function returns the Name associated with a handle. -TPM2B_NAME * -EntityGetName( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_NAME *name // OUT: name of entity -); - -//*** EntityGetHierarchy() -// This function returns the hierarchy handle associated with an entity. -// 1. A handle that is a hierarchy handle is associated with itself. -// 2. An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, -// is SET, otherwise it belongs to TPM_RH_OWNER -// 3. An object handle belongs to its hierarchy. -TPMI_RH_HIERARCHY -EntityGetHierarchy( - TPMI_DH_ENTITY handle // IN :handle of entity -); - -#endif // _ENTITY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h deleted file mode 100644 index ec346f370..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EventSequenceComplete // Command must be enabled - -#ifndef _Event_Sequence_Complete_FP_H_ -#define _Event_Sequence_Complete_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; -} EventSequenceComplete_In; - -// Output structure definition -typedef struct { - TPML_DIGEST_VALUES results; -} EventSequenceComplete_Out; - -// Response code modifiers -#define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2) -#define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_EventSequenceComplete( - EventSequenceComplete_In *in, - EventSequenceComplete_Out *out -); - -#endif // _Event_Sequence_Complete_FP_H_ -#endif // CC_EventSequenceComplete diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h deleted file mode 100644 index 340eb8c97..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_EvictControl // Command must be enabled - -#ifndef _Evict_Control_FP_H_ -#define _Evict_Control_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION auth; - TPMI_DH_OBJECT objectHandle; - TPMI_DH_PERSISTENT persistentHandle; -} EvictControl_In; - -// Response code modifiers -#define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) -#define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) -#define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_EvictControl( - EvictControl_In *in -); - -#endif // _Evict_Control_FP_H_ -#endif // CC_EvictControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h deleted file mode 100644 index 7d2e5fdaf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _EXEC_COMMAND_FP_H_ -#define _EXEC_COMMAND_FP_H_ - -//** ExecuteCommand() -// -// The function performs the following steps. -// -// a) Parses the command header from input buffer. -// b) Calls ParseHandleBuffer() to parse the handle area of the command. -// c) Validates that each of the handles references a loaded entity. -// d) Calls ParseSessionBuffer () to: -// 1) unmarshal and parse the session area; -// 2) check the authorizations; and -// 3) when necessary, decrypt a parameter. -// e) Calls CommandDispatcher() to: -// 1) unmarshal the command parameters from the command buffer; -// 2) call the routine that performs the command actions; and -// 3) marshal the responses into the response buffer. -// f) If any error occurs in any of the steps above create the error response -// and return. -// g) Calls BuildResponseSessions() to: -// 1) when necessary, encrypt a parameter -// 2) build the response authorization sessions -// 3) update the audit sessions and nonces -// h) Calls BuildResponseHeader() to complete the construction of the response. -// -// 'responseSize' is set by the caller to the maximum number of bytes available in -// the output buffer. ExecuteCommand will adjust the value and return the number -// of bytes placed in the buffer. -// -// 'response' is also set by the caller to indicate the buffer into which -// ExecuteCommand is to place the response. -// -// 'request' and 'response' may point to the same buffer -// -// Note: As of February, 2016, the failure processing has been moved to the -// platform-specific code. When the TPM code encounters an unrecoverable failure, it -// will SET g_inFailureMode and call _plat__Fail(). That function should not return -// but may call ExecuteCommand(). -// -LIB_EXPORT void -ExecuteCommand( - uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer -); - -#endif // _EXEC_COMMAND_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h deleted file mode 100644 index dba27ce31..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_FieldUpgradeData // Command must be enabled - -#ifndef _Field_Upgrade_Data_FP_H_ -#define _Field_Upgrade_Data_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_MAX_BUFFER fuData; -} FieldUpgradeData_In; - -// Output structure definition -typedef struct { - TPMT_HA nextDigest; - TPMT_HA firstDigest; -} FieldUpgradeData_Out; - -// Response code modifiers -#define RC_FieldUpgradeData_fuData (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_FieldUpgradeData( - FieldUpgradeData_In *in, - FieldUpgradeData_Out *out -); - -#endif // _Field_Upgrade_Data_FP_H_ -#endif // CC_FieldUpgradeData diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h deleted file mode 100644 index 0047e3558..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_FieldUpgradeStart // Command must be enabled - -#ifndef _Field_Upgrade_Start_FP_H_ -#define _Field_Upgrade_Start_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authorization; - TPMI_DH_OBJECT keyHandle; - TPM2B_DIGEST fuDigest; - TPMT_SIGNATURE manifestSignature; -} FieldUpgradeStart_In; - -// Response code modifiers -#define RC_FieldUpgradeStart_authorization (TPM_RC_H + TPM_RC_1) -#define RC_FieldUpgradeStart_keyHandle (TPM_RC_H + TPM_RC_2) -#define RC_FieldUpgradeStart_fuDigest (TPM_RC_P + TPM_RC_1) -#define RC_FieldUpgradeStart_manifestSignature (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_FieldUpgradeStart( - FieldUpgradeStart_In *in -); - -#endif // _Field_Upgrade_Start_FP_H_ -#endif // CC_FieldUpgradeStart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h deleted file mode 100644 index bc991ffa5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_FirmwareRead // Command must be enabled - -#ifndef _Firmware_Read_FP_H_ -#define _Firmware_Read_FP_H_ - -// Input structure definition -typedef struct { - UINT32 sequenceNumber; -} FirmwareRead_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER fuData; -} FirmwareRead_Out; - -// Response code modifiers -#define RC_FirmwareRead_sequenceNumber (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_FirmwareRead( - FirmwareRead_In *in, - FirmwareRead_Out *out -); - -#endif // _Firmware_Read_FP_H_ -#endif // CC_FirmwareRead diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h deleted file mode 100644 index 8b0c7ffe8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_FlushContext // Command must be enabled - -#ifndef _Flush_Context_FP_H_ -#define _Flush_Context_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_CONTEXT flushHandle; -} FlushContext_In; - -// Response code modifiers -#define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_FlushContext( - FlushContext_In *in -); - -#endif // _Flush_Context_FP_H_ -#endif // CC_FlushContext diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h deleted file mode 100644 index 83ad53cfa..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetCapability // Command must be enabled - -#ifndef _Get_Capability_FP_H_ -#define _Get_Capability_FP_H_ - -// Input structure definition -typedef struct { - TPM_CAP capability; - UINT32 property; - UINT32 propertyCount; -} GetCapability_In; - -// Output structure definition -typedef struct { - TPMI_YES_NO moreData; - TPMS_CAPABILITY_DATA capabilityData; -} GetCapability_Out; - -// Response code modifiers -#define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1) -#define RC_GetCapability_property (TPM_RC_P + TPM_RC_2) -#define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_GetCapability( - GetCapability_In *in, - GetCapability_Out *out -); - -#endif // _Get_Capability_FP_H_ -#endif // CC_GetCapability diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h deleted file mode 100644 index 193250e9a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetCommandAuditDigest // Command must be enabled - -#ifndef _Get_Command_Audit_Digest_FP_H_ -#define _Get_Command_Audit_Digest_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_ENDORSEMENT privacyHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; -} GetCommandAuditDigest_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST auditInfo; - TPMT_SIGNATURE signature; -} GetCommandAuditDigest_Out; - -// Response code modifiers -#define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_GetCommandAuditDigest( - GetCommandAuditDigest_In *in, - GetCommandAuditDigest_Out *out -); - -#endif // _Get_Command_Audit_Digest_FP_H_ -#endif // CC_GetCommandAuditDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h deleted file mode 100644 index 1d82cef61..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetRandom // Command must be enabled - -#ifndef _Get_Random_FP_H_ -#define _Get_Random_FP_H_ - -// Input structure definition -typedef struct { - UINT16 bytesRequested; -} GetRandom_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST randomBytes; -} GetRandom_Out; - -// Response code modifiers -#define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_GetRandom( - GetRandom_In *in, - GetRandom_Out *out -); - -#endif // _Get_Random_FP_H_ -#endif // CC_GetRandom diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h deleted file mode 100644 index e3ef9f651..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetSessionAuditDigest // Command must be enabled - -#ifndef _Get_Session_Audit_Digest_FP_H_ -#define _Get_Session_Audit_Digest_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_ENDORSEMENT privacyAdminHandle; - TPMI_DH_OBJECT signHandle; - TPMI_SH_HMAC sessionHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; -} GetSessionAuditDigest_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST auditInfo; - TPMT_SIGNATURE signature; -} GetSessionAuditDigest_Out; - -// Response code modifiers -#define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3) -#define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_GetSessionAuditDigest( - GetSessionAuditDigest_In *in, - GetSessionAuditDigest_Out *out -); - -#endif // _Get_Session_Audit_Digest_FP_H_ -#endif // CC_GetSessionAuditDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h deleted file mode 100644 index 22fdc00db..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h +++ /dev/null @@ -1,59 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetTestResult // Command must be enabled - -#ifndef _Get_Test_Result_FP_H_ -#define _Get_Test_Result_FP_H_ - -// Output structure definition -typedef struct { - TPM2B_MAX_BUFFER outData; - TPM_RC testResult; -} GetTestResult_Out; - - -// Function prototype -TPM_RC -TPM2_GetTestResult( - GetTestResult_Out *out -); - -#endif // _Get_Test_Result_FP_H_ -#endif // CC_GetTestResult diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h deleted file mode 100644 index 2ef55ac5f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_GetTime // Command must be enabled - -#ifndef _Get_Time_FP_H_ -#define _Get_Time_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_ENDORSEMENT privacyAdminHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; -} GetTime_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST timeInfo; - TPMT_SIGNATURE signature; -} GetTime_Out; - -// Response code modifiers -#define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_GetTime( - GetTime_In *in, - GetTime_Out *out -); - -#endif // _Get_Time_FP_H_ -#endif // CC_GetTime diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h deleted file mode 100644 index 79f4a96cb..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HMAC_Start // Command must be enabled - -#ifndef _HMAC_Start_FP_H_ -#define _HMAC_Start_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_AUTH auth; - TPMI_ALG_HASH hashAlg; -} HMAC_Start_In; - -// Output structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; -} HMAC_Start_Out; - -// Response code modifiers -#define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) -#define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) -#define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_HMAC_Start( - HMAC_Start_In *in, - HMAC_Start_Out *out -); - -#endif // _HMAC_Start_FP_H_ -#endif // CC_HMAC_Start diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h deleted file mode 100644 index 63a6d0fbd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HMAC // Command must be enabled - -#ifndef _HMAC_FP_H_ -#define _HMAC_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_MAX_BUFFER buffer; - TPMI_ALG_HASH hashAlg; -} HMAC_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST outHMAC; -} HMAC_Out; - -// Response code modifiers -#define RC_HMAC_handle (TPM_RC_H + TPM_RC_1) -#define RC_HMAC_buffer (TPM_RC_P + TPM_RC_1) -#define RC_HMAC_hashAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_HMAC( - HMAC_In *in, - HMAC_Out *out -); - -#endif // _HMAC_FP_H_ -#endif // CC_HMAC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h deleted file mode 100644 index 8ada3d356..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h +++ /dev/null @@ -1,87 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _HANDLE_FP_H_ -#define _HANDLE_FP_H_ - -//*** HandleGetType() -// This function returns the type of a handle which is the MSO of the handle. -TPM_HT -HandleGetType( - TPM_HANDLE handle // IN: a handle to be checked -); - -//*** NextPermanentHandle() -// This function returns the permanent handle that is equal to the input value or -// is the next higher value. If there is no handle with the input value and there -// is no next higher value, it returns 0: -TPM_HANDLE -NextPermanentHandle( - TPM_HANDLE inHandle // IN: the handle to check -); - -//*** PermanentCapGetHandles() -// This function returns a list of the permanent handles of PCR, started from -// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list -// will be returned with 'more' set to NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PermanentCapGetHandles( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** PermanentHandleGetPolicy() -// This function returns a list of the permanent handles of PCR, started from -// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list -// will be returned with 'more' set to NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PermanentHandleGetPolicy( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: max count of returned handles - TPML_TAGGED_POLICY *policyList // OUT: list of handle -); - -#endif // _HANDLE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h deleted file mode 100644 index a3abb2219..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HashSequenceStart // Command must be enabled - -#ifndef _Hash_Sequence_Start_FP_H_ -#define _Hash_Sequence_Start_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_AUTH auth; - TPMI_ALG_HASH hashAlg; -} HashSequenceStart_In; - -// Output structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; -} HashSequenceStart_Out; - -// Response code modifiers -#define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1) -#define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_HashSequenceStart( - HashSequenceStart_In *in, - HashSequenceStart_Out *out -); - -#endif // _Hash_Sequence_Start_FP_H_ -#endif // CC_HashSequenceStart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h deleted file mode 100644 index c59a4ab6f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Hash // Command must be enabled - -#ifndef _Hash_FP_H_ -#define _Hash_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_MAX_BUFFER data; - TPMI_ALG_HASH hashAlg; - TPMI_RH_HIERARCHY hierarchy; -} Hash_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST outHash; - TPMT_TK_HASHCHECK validation; -} Hash_Out; - -// Response code modifiers -#define RC_Hash_data (TPM_RC_P + TPM_RC_1) -#define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2) -#define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Hash( - Hash_In *in, - Hash_Out *out -); - -#endif // _Hash_FP_H_ -#endif // CC_Hash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h deleted file mode 100644 index 2538a7053..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HierarchyChangeAuth // Command must be enabled - -#ifndef _Hierarchy_Change_Auth_FP_H_ -#define _Hierarchy_Change_Auth_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_HIERARCHY_AUTH authHandle; - TPM2B_AUTH newAuth; -} HierarchyChangeAuth_In; - -// Response code modifiers -#define RC_HierarchyChangeAuth_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_HierarchyChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_HierarchyChangeAuth( - HierarchyChangeAuth_In *in -); - -#endif // _Hierarchy_Change_Auth_FP_H_ -#endif // CC_HierarchyChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h deleted file mode 100644 index 8431ff51d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_HierarchyControl // Command must be enabled - -#ifndef _Hierarchy_Control_FP_H_ -#define _Hierarchy_Control_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_HIERARCHY authHandle; - TPMI_RH_ENABLES enable; - TPMI_YES_NO state; -} HierarchyControl_In; - -// Response code modifiers -#define RC_HierarchyControl_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_HierarchyControl_enable (TPM_RC_P + TPM_RC_1) -#define RC_HierarchyControl_state (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_HierarchyControl( - HierarchyControl_In *in -); - -#endif // _Hierarchy_Control_FP_H_ -#endif // CC_HierarchyControl diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h deleted file mode 100644 index dc55a9439..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h +++ /dev/null @@ -1,87 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _HIERARCHY_FP_H_ -#define _HIERARCHY_FP_H_ - -//*** HierarchyPreInstall() -// This function performs the initialization functions for the hierarchy -// when the TPM is simulated. This function should not be called if the -// TPM is not in a manufacturing mode at the manufacturer, or in a simulated -// environment. -void -HierarchyPreInstall_Init( - void -); - -//*** HierarchyStartup() -// This function is called at TPM2_Startup() to initialize the hierarchy -// related values. -BOOL -HierarchyStartup( - STARTUP_TYPE type // IN: start up type -); - -//*** HierarchyGetProof() -// This function finds the proof value associated with a hierarchy.It returns a -// pointer to the proof value. -TPM2B_PROOF * -HierarchyGetProof( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant -); - -//*** HierarchyGetPrimarySeed() -// This function returns the primary seed of a hierarchy. -TPM2B_SEED * -HierarchyGetPrimarySeed( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy -); - -//*** HierarchyIsEnabled() -// This function checks to see if a hierarchy is enabled. -// NOTE: The TPM_RH_NULL hierarchy is always enabled. -// Return Type: BOOL -// TRUE(1) hierarchy is enabled -// FALSE(0) hierarchy is disabled -BOOL -HierarchyIsEnabled( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy -); - -#endif // _HIERARCHY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h deleted file mode 100644 index d997754f9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Import // Command must be enabled - -#ifndef _Import_FP_H_ -#define _Import_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_DATA encryptionKey; - TPM2B_PUBLIC objectPublic; - TPM2B_PRIVATE duplicate; - TPM2B_ENCRYPTED_SECRET inSymSeed; - TPMT_SYM_DEF_OBJECT symmetricAlg; -} Import_In; - -// Output structure definition -typedef struct { - TPM2B_PRIVATE outPrivate; -} Import_Out; - -// Response code modifiers -#define RC_Import_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Import_encryptionKey (TPM_RC_P + TPM_RC_1) -#define RC_Import_objectPublic (TPM_RC_P + TPM_RC_2) -#define RC_Import_duplicate (TPM_RC_P + TPM_RC_3) -#define RC_Import_inSymSeed (TPM_RC_P + TPM_RC_4) -#define RC_Import_symmetricAlg (TPM_RC_P + TPM_RC_5) - -// Function prototype -TPM_RC -TPM2_Import( - Import_In *in, - Import_Out *out -); - -#endif // _Import_FP_H_ -#endif // CC_Import diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h deleted file mode 100644 index cd384cb50..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_IncrementalSelfTest // Command must be enabled - -#ifndef _Incremental_Self_Test_FP_H_ -#define _Incremental_Self_Test_FP_H_ - -// Input structure definition -typedef struct { - TPML_ALG toTest; -} IncrementalSelfTest_In; - -// Output structure definition -typedef struct { - TPML_ALG toDoList; -} IncrementalSelfTest_Out; - -// Response code modifiers -#define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_IncrementalSelfTest( - IncrementalSelfTest_In *in, - IncrementalSelfTest_Out *out -); - -#endif // _Incremental_Self_Test_FP_H_ -#endif // CC_IncrementalSelfTest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h deleted file mode 100644 index dd74dad60..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h +++ /dev/null @@ -1,87 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _IO_BUFFERS_FP_H_ -#define _IO_BUFFERS_FP_H_ - -//*** MemoryIoBufferAllocationReset() -// This function is used to reset the allocation of buffers. -void -MemoryIoBufferAllocationReset( - void -); - -//*** MemoryIoBufferZero() -// Function zeros the action I/O buffer at the end of a command. Calling this is -// not mandatory for proper functionality. -void -MemoryIoBufferZero( - void -); - -//*** MemoryGetInBuffer() -// This function returns the address of the buffer into which the -// command parameters will be unmarshaled in preparation for calling -// the command actions. -BYTE * -MemoryGetInBuffer( - UINT32 size // Size, in bytes, required for the input - // unmarshaling -); - -//*** MemoryGetOutBuffer() -// This function returns the address of the buffer into which the command -// action code places its output values. -BYTE * -MemoryGetOutBuffer( - UINT32 size // required size of the buffer -); - -//*** IsLabelProperlyFormatted() -// This function checks that a label is a null-terminated string. -// NOTE: this function is here because there was no better place for it. -// Return Type: BOOL -// TRUE(1) string is null terminated -// FALSE(0) string is not null terminated -BOOL -IsLabelProperlyFormatted( - TPM2B *x -); - -#endif // _IO_BUFFERS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h deleted file mode 100644 index d1691bac4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_LoadExternal // Command must be enabled - -#ifndef _Load_External_FP_H_ -#define _Load_External_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_SENSITIVE inPrivate; - TPM2B_PUBLIC inPublic; - TPMI_RH_HIERARCHY hierarchy; -} LoadExternal_In; - -// Output structure definition -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_NAME name; -} LoadExternal_Out; - -// Response code modifiers -#define RC_LoadExternal_inPrivate (TPM_RC_P + TPM_RC_1) -#define RC_LoadExternal_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_LoadExternal_hierarchy (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_LoadExternal( - LoadExternal_In *in, - LoadExternal_Out *out -); - -#endif // _Load_External_FP_H_ -#endif // CC_LoadExternal diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h deleted file mode 100644 index 3a61c5394..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Load // Command must be enabled - -#ifndef _Load_FP_H_ -#define _Load_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_PRIVATE inPrivate; - TPM2B_PUBLIC inPublic; -} Load_In; - -// Output structure definition -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_NAME name; -} Load_Out; - -// Response code modifiers -#define RC_Load_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Load_inPrivate (TPM_RC_P + TPM_RC_1) -#define RC_Load_inPublic (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_Load( - Load_In *in, - Load_Out *out -); - -#endif // _Load_FP_H_ -#endif // CC_Load diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h deleted file mode 100644 index c3298b1db..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h +++ /dev/null @@ -1,53 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _LOCALITY_FP_H_ -#define _LOCALITY_FP_H_ - -//** LocalityGetAttributes() -// This function will convert a locality expressed as an integer into -// TPMA_LOCALITY form. -// -// The function returns the locality attribute. -TPMA_LOCALITY -LocalityGetAttributes( - UINT8 locality // IN: locality value -); - -#endif // _LOCALITY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h deleted file mode 100644 index aeec79cc0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_MAC_Start // Command must be enabled - -#ifndef _MAC_Start_FP_H_ -#define _MAC_Start_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_AUTH auth; - TPMI_ALG_MAC_SCHEME inScheme; -} MAC_Start_In; - -// Output structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; -} MAC_Start_Out; - -// Response code modifiers -#define RC_MAC_Start_handle (TPM_RC_H + TPM_RC_1) -#define RC_MAC_Start_auth (TPM_RC_P + TPM_RC_1) -#define RC_MAC_Start_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_MAC_Start( - MAC_Start_In *in, - MAC_Start_Out *out -); - -#endif // _MAC_Start_FP_H_ -#endif // CC_MAC_Start diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h deleted file mode 100644 index fe9bf102e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_MAC // Command must be enabled - -#ifndef _MAC_FP_H_ -#define _MAC_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_MAX_BUFFER buffer; - TPMI_ALG_MAC_SCHEME inScheme; -} MAC_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST outMAC; -} MAC_Out; - -// Response code modifiers -#define RC_MAC_handle (TPM_RC_H + TPM_RC_1) -#define RC_MAC_buffer (TPM_RC_P + TPM_RC_1) -#define RC_MAC_inScheme (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_MAC( - MAC_In *in, - MAC_Out *out -); - -#endif // _MAC_FP_H_ -#endif // CC_MAC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h deleted file mode 100644 index f34b5b2ac..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_MakeCredential // Command must be enabled - -#ifndef _Make_Credential_FP_H_ -#define _Make_Credential_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_DIGEST credential; - TPM2B_NAME objectName; -} MakeCredential_In; - -// Output structure definition -typedef struct { - TPM2B_ID_OBJECT credentialBlob; - TPM2B_ENCRYPTED_SECRET secret; -} MakeCredential_Out; - -// Response code modifiers -#define RC_MakeCredential_handle (TPM_RC_H + TPM_RC_1) -#define RC_MakeCredential_credential (TPM_RC_P + TPM_RC_1) -#define RC_MakeCredential_objectName (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_MakeCredential( - MakeCredential_In *in, - MakeCredential_Out *out -); - -#endif // _Make_Credential_FP_H_ -#endif // CC_MakeCredential diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h deleted file mode 100644 index d3fd77ffc..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _MANUFACTURE_FP_H_ -#define _MANUFACTURE_FP_H_ - -//*** TPM_Manufacture() -// This function initializes the TPM values in preparation for the TPM's first -// use. This function will fail if previously called. The TPM can be re-manufactured -// by calling TPM_Teardown() first and then calling this function again. -// Return Type: int -// 0 success -// 1 manufacturing process previously performed -LIB_EXPORT int -TPM_Manufacture( - int firstTime // IN: indicates if this is the first call from - // main() -); - -//*** TPM_TearDown() -// This function prepares the TPM for re-manufacture. It should not be implemented -// in anything other than a simulated TPM. -// -// In this implementation, all that is needs is to stop the cryptographic units -// and set a flag to indicate that the TPM can be re-manufactured. This should -// be all that is necessary to start the manufacturing process again. -// Return Type: int -// 0 success -// 1 TPM not previously manufactured -LIB_EXPORT int -TPM_TearDown( - void -); - -//*** TpmEndSimulation() -// This function is called at the end of the simulation run. It is used to provoke -// printing of any statistics that might be needed. -LIB_EXPORT void -TpmEndSimulation( - void -); - -#endif // _MANUFACTURE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h deleted file mode 100644 index c0328a92a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h +++ /dev/null @@ -1,2408 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmMarshal; Version 4.1 Dec 10, 2018 - * Date: Apr 2, 2019 Time: 11:00:48AM - */ - -#ifndef _MARSHAL_FP_H_ -#define _MARSHAL_FP_H_ - -// Table 2:3 - Definition of Base Types -// UINT8 definition from table 2:3 -TPM_RC -UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size); -UINT16 -UINT8_Marshal(UINT8 *source, BYTE **buffer, INT32 *size); - -// BYTE definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -BYTE_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size); -#else -#define BYTE_Unmarshal(target, buffer, size) \ - UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -BYTE_Marshal(BYTE *source, BYTE **buffer, INT32 *size); -#else -#define BYTE_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// INT8 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size); -#else -#define INT8_Unmarshal(target, buffer, size) \ - UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -INT8_Marshal(INT8 *source, BYTE **buffer, INT32 *size); -#else -#define INT8_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// UINT16 definition from table 2:3 -TPM_RC -UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size); -UINT16 -UINT16_Marshal(UINT16 *source, BYTE **buffer, INT32 *size); - -// INT16 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT16_Unmarshal(INT16 *target, BYTE **buffer, INT32 *size); -#else -#define INT16_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -INT16_Marshal(INT16 *source, BYTE **buffer, INT32 *size); -#else -#define INT16_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// UINT32 definition from table 2:3 -TPM_RC -UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size); -UINT16 -UINT32_Marshal(UINT32 *source, BYTE **buffer, INT32 *size); - -// INT32 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size); -#else -#define INT32_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -INT32_Marshal(INT32 *source, BYTE **buffer, INT32 *size); -#else -#define INT32_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// UINT64 definition from table 2:3 -TPM_RC -UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size); -UINT16 -UINT64_Marshal(UINT64 *source, BYTE **buffer, INT32 *size); - -// INT64 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT64_Unmarshal(INT64 *target, BYTE **buffer, INT32 *size); -#else -#define INT64_Unmarshal(target, buffer, size) \ - UINT64_Unmarshal((UINT64 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -INT64_Marshal(INT64 *source, BYTE **buffer, INT32 *size); -#else -#define INT64_Marshal(source, buffer, size) \ - UINT64_Marshal((UINT64 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:4 - Defines for Logic Values -// Table 2:5 - Definition of Types for Documentation Clarity -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ALGORITHM_ID_Unmarshal(TPM_ALGORITHM_ID *target, BYTE **buffer, INT32 *size); -#else -#define TPM_ALGORITHM_ID_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ALGORITHM_ID_Marshal(TPM_ALGORITHM_ID *source, BYTE **buffer, INT32 *size); -#else -#define TPM_ALGORITHM_ID_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_MODIFIER_INDICATOR_Unmarshal(TPM_MODIFIER_INDICATOR *target, - BYTE **buffer, INT32 *size); -#else -#define TPM_MODIFIER_INDICATOR_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_MODIFIER_INDICATOR_Marshal(TPM_MODIFIER_INDICATOR *source, - BYTE **buffer, INT32 *size); -#else -#define TPM_MODIFIER_INDICATOR_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_AUTHORIZATION_SIZE_Unmarshal(TPM_AUTHORIZATION_SIZE *target, - BYTE **buffer, INT32 *size); -#else -#define TPM_AUTHORIZATION_SIZE_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AUTHORIZATION_SIZE_Marshal(TPM_AUTHORIZATION_SIZE *source, - BYTE **buffer, INT32 *size); -#else -#define TPM_AUTHORIZATION_SIZE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PARAMETER_SIZE_Unmarshal(TPM_PARAMETER_SIZE *target, - BYTE **buffer, INT32 *size); -#else -#define TPM_PARAMETER_SIZE_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PARAMETER_SIZE_Marshal(TPM_PARAMETER_SIZE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_PARAMETER_SIZE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_KEY_SIZE_Unmarshal(TPM_KEY_SIZE *target, BYTE **buffer, INT32 *size); -#else -#define TPM_KEY_SIZE_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_KEY_SIZE_Marshal(TPM_KEY_SIZE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_KEY_SIZE_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size); -#else -#define TPM_KEY_BITS_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPM_KEY_BITS_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:6 - Definition of TPM_SPEC Constants -// Table 2:7 - Definition of TPM_GENERATED Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_GENERATED_Marshal(TPM_GENERATED *source, BYTE **buffer, INT32 *size); -#else -#define TPM_GENERATED_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:9 - Definition of TPM_ALG_ID Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size); -#else -#define TPM_ALG_ID_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ALG_ID_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size); -#else -#define TPM_ALG_ID_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:10 - Definition of TPM_ECC_CURVE Constants -#if ALG_ECC -TPM_RC -TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ECC_CURVE_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_ECC_CURVE_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:12 - Definition of TPM_CC Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_CC_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size); -#else -#define TPM_CC_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_CC_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size); -#else -#define TPM_CC_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:16 - Definition of TPM_RC Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_RC_Marshal(TPM_RC *source, BYTE **buffer, INT32 *size); -#else -#define TPM_RC_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants -TPM_RC -TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size); - -// Table 2:18 - Definition of TPM_EO Constants -TPM_RC -TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_EO_Marshal(TPM_EO *source, BYTE **buffer, INT32 *size); -#else -#define TPM_EO_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:19 - Definition of TPM_ST Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size); -#else -#define TPM_ST_Unmarshal(target, buffer, size) \ - UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ST_Marshal(TPM_ST *source, BYTE **buffer, INT32 *size); -#else -#define TPM_ST_Marshal(source, buffer, size) \ - UINT16_Marshal((UINT16 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:20 - Definition of TPM_SU Constants -TPM_RC -TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size); - -// Table 2:21 - Definition of TPM_SE Constants -TPM_RC -TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size); - -// Table 2:22 - Definition of TPM_CAP Constants -TPM_RC -TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_CAP_Marshal(TPM_CAP *source, BYTE **buffer, INT32 *size); -#else -#define TPM_CAP_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:23 - Definition of TPM_PT Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PT_Unmarshal(TPM_PT *target, BYTE **buffer, INT32 *size); -#else -#define TPM_PT_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PT_Marshal(TPM_PT *source, BYTE **buffer, INT32 *size); -#else -#define TPM_PT_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:24 - Definition of TPM_PT_PCR Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size); -#else -#define TPM_PT_PCR_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PT_PCR_Marshal(TPM_PT_PCR *source, BYTE **buffer, INT32 *size); -#else -#define TPM_PT_PCR_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:25 - Definition of TPM_PS Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PS_Marshal(TPM_PS *source, BYTE **buffer, INT32 *size); -#else -#define TPM_PS_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:26 - Definition of Types for Handles -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size); -#else -#define TPM_HANDLE_Unmarshal(target, buffer, size) \ - UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_HANDLE_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_HANDLE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:27 - Definition of TPM_HT Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HT_Unmarshal(TPM_HT *target, BYTE **buffer, INT32 *size); -#else -#define TPM_HT_Unmarshal(target, buffer, size) \ - UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_HT_Marshal(TPM_HT *source, BYTE **buffer, INT32 *size); -#else -#define TPM_HT_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:28 - Definition of TPM_RH Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_RH_Unmarshal(TPM_RH *target, BYTE **buffer, INT32 *size); -#else -#define TPM_RH_Unmarshal(target, buffer, size) \ - TPM_HANDLE_Unmarshal((TPM_HANDLE *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_RH_Marshal(TPM_RH *source, BYTE **buffer, INT32 *size); -#else -#define TPM_RH_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:29 - Definition of TPM_HC Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HC_Unmarshal(TPM_HC *target, BYTE **buffer, INT32 *size); -#else -#define TPM_HC_Unmarshal(target, buffer, size) \ - TPM_HANDLE_Unmarshal((TPM_HANDLE *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_HC_Marshal(TPM_HC *source, BYTE **buffer, INT32 *size); -#else -#define TPM_HC_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:30 - Definition of TPMA_ALGORITHM Bits -TPM_RC -TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size); - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_ALGORITHM_Marshal(TPMA_ALGORITHM *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_ALGORITHM_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:31 - Definition of TPMA_OBJECT Bits -TPM_RC -TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size); - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_OBJECT_Marshal(TPMA_OBJECT *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_OBJECT_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:32 - Definition of TPMA_SESSION Bits -TPM_RC -TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size); - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_SESSION_Marshal(TPMA_SESSION *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_SESSION_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:33 - Definition of TPMA_LOCALITY Bits -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size); -#else -#define TPMA_LOCALITY_Unmarshal(target, buffer, size) \ - UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_LOCALITY_Marshal(TPMA_LOCALITY *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_LOCALITY_Marshal(source, buffer, size) \ - UINT8_Marshal((UINT8 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:34 - Definition of TPMA_PERMANENT Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_PERMANENT_Marshal(TPMA_PERMANENT *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_PERMANENT_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:35 - Definition of TPMA_STARTUP_CLEAR Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_STARTUP_CLEAR_Marshal(TPMA_STARTUP_CLEAR *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_STARTUP_CLEAR_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:36 - Definition of TPMA_MEMORY Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_MEMORY_Marshal(TPMA_MEMORY *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_MEMORY_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:37 - Definition of TPMA_CC Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_CC_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_CC_Marshal(source, buffer, size) \ - TPM_CC_Marshal((TPM_CC *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:38 - Definition of TPMA_MODES Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_MODES_Marshal(TPMA_MODES *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_MODES_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:39 - Definition of TPMA_X509_KEY_USAGE Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_X509_KEY_USAGE_Marshal(TPMA_X509_KEY_USAGE *source, - BYTE **buffer, INT32 *size); -#else -#define TPMA_X509_KEY_USAGE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:40 - Definition of TPMI_YES_NO Type -TPM_RC -TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_YES_NO_Marshal(TPMI_YES_NO *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_YES_NO_Marshal(source, buffer, size) \ - BYTE_Marshal((BYTE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:41 - Definition of TPMI_DH_OBJECT Type -TPM_RC -TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_OBJECT_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:42 - Definition of TPMI_DH_PARENT Type -TPM_RC -TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_PARENT_Marshal(TPMI_DH_PARENT *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_PARENT_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:43 - Definition of TPMI_DH_PERSISTENT Type -TPM_RC -TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, - BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_PERSISTENT_Marshal(TPMI_DH_PERSISTENT *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_PERSISTENT_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:44 - Definition of TPMI_DH_ENTITY Type -TPM_RC -TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, - BYTE **buffer, INT32 *size, BOOL flag); - -// Table 2:45 - Definition of TPMI_DH_PCR Type -TPM_RC -TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL flag); - -// Table 2:46 - Definition of TPMI_SH_AUTH_SESSION Type -TPM_RC -TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_AUTH_SESSION_Marshal(TPMI_SH_AUTH_SESSION *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_SH_AUTH_SESSION_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:47 - Definition of TPMI_SH_HMAC Type -TPM_RC -TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_HMAC_Marshal(TPMI_SH_HMAC *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_SH_HMAC_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:48 - Definition of TPMI_SH_POLICY Type -TPM_RC -TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_POLICY_Marshal(TPMI_SH_POLICY *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_SH_POLICY_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:49 - Definition of TPMI_DH_CONTEXT Type -TPM_RC -TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_CONTEXT_Marshal(TPMI_DH_CONTEXT *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_CONTEXT_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:50 - Definition of TPMI_DH_SAVED Type -TPM_RC -TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_SAVED_Marshal(TPMI_DH_SAVED *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_DH_SAVED_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:51 - Definition of TPMI_RH_HIERARCHY Type -TPM_RC -TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_HIERARCHY_Marshal(TPMI_RH_HIERARCHY *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_RH_HIERARCHY_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:52 - Definition of TPMI_RH_ENABLES Type -TPM_RC -TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_ENABLES_Marshal(TPMI_RH_ENABLES *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_RH_ENABLES_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:53 - Definition of TPMI_RH_HIERARCHY_AUTH Type -TPM_RC -TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, - BYTE **buffer, INT32 *size); - -// Table 2:54 - Definition of TPMI_RH_PLATFORM Type -TPM_RC -TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size); - -// Table 2:55 - Definition of TPMI_RH_OWNER Type -TPM_RC -TPMI_RH_OWNER_Unmarshal(TPMI_RH_OWNER *target, - BYTE **buffer, INT32 *size, BOOL flag); - -// Table 2:56 - Definition of TPMI_RH_ENDORSEMENT Type -TPM_RC -TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, - BYTE **buffer, INT32 *size, BOOL flag); - -// Table 2:57 - Definition of TPMI_RH_PROVISION Type -TPM_RC -TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size); - -// Table 2:58 - Definition of TPMI_RH_CLEAR Type -TPM_RC -TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size); - -// Table 2:59 - Definition of TPMI_RH_NV_AUTH Type -TPM_RC -TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size); - -// Table 2:60 - Definition of TPMI_RH_LOCKOUT Type -TPM_RC -TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size); - -// Table 2:61 - Definition of TPMI_RH_NV_INDEX Type -TPM_RC -TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_NV_INDEX_Marshal(TPMI_RH_NV_INDEX *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_RH_NV_INDEX_Marshal(source, buffer, size) \ - TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:62 - Definition of TPMI_RH_AC Type -TPM_RC -TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size); - -// Table 2:63 - Definition of TPMI_ALG_HASH Type -TPM_RC -TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_HASH_Marshal(TPMI_ALG_HASH *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_HASH_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:64 - Definition of TPMI_ALG_ASYM Type -TPM_RC -TPMI_ALG_ASYM_Unmarshal(TPMI_ALG_ASYM *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ASYM_Marshal(TPMI_ALG_ASYM *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_ASYM_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:65 - Definition of TPMI_ALG_SYM Type -TPM_RC -TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_Marshal(TPMI_ALG_SYM *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_SYM_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:66 - Definition of TPMI_ALG_SYM_OBJECT Type -TPM_RC -TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_OBJECT_Marshal(TPMI_ALG_SYM_OBJECT *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_SYM_OBJECT_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:67 - Definition of TPMI_ALG_SYM_MODE Type -TPM_RC -TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_MODE_Marshal(TPMI_ALG_SYM_MODE *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_SYM_MODE_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:68 - Definition of TPMI_ALG_KDF Type -TPM_RC -TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_KDF_Marshal(TPMI_ALG_KDF *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_KDF_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:69 - Definition of TPMI_ALG_SIG_SCHEME Type -TPM_RC -TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SIG_SCHEME_Marshal(TPMI_ALG_SIG_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_SIG_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:70 - Definition of TPMI_ECC_KEY_EXCHANGE Type -#if ALG_ECC -TPM_RC -TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ECC_KEY_EXCHANGE_Marshal(TPMI_ECC_KEY_EXCHANGE *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ECC_KEY_EXCHANGE_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:71 - Definition of TPMI_ST_COMMAND_TAG Type -TPM_RC -TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, - BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ST_COMMAND_TAG_Marshal(TPMI_ST_COMMAND_TAG *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ST_COMMAND_TAG_Marshal(source, buffer, size) \ - TPM_ST_Marshal((TPM_ST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:72 - Definition of TPMI_ALG_MAC_SCHEME Type -TPM_RC -TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_MAC_SCHEME_Marshal(TPMI_ALG_MAC_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_MAC_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:73 - Definition of TPMI_ALG_CIPHER_MODE Type -TPM_RC -TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_CIPHER_MODE_Marshal(TPMI_ALG_CIPHER_MODE *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_CIPHER_MODE_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:74 - Definition of TPMS_EMPTY Structure -TPM_RC -TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_EMPTY_Marshal(TPMS_EMPTY *source, BYTE **buffer, INT32 *size); - -// Table 2:75 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure -UINT16 -TPMS_ALGORITHM_DESCRIPTION_Marshal(TPMS_ALGORITHM_DESCRIPTION *source, - BYTE **buffer, INT32 *size); - -// Table 2:76 - Definition of TPMU_HA Union -TPM_RC -TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_HA_Marshal(TPMU_HA *source, BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:77 - Definition of TPMT_HA Structure -TPM_RC -TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_HA_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size); - -// Table 2:78 - Definition of TPM2B_DIGEST Structure -TPM_RC -TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size); - -// Table 2:79 - Definition of TPM2B_DATA Structure -TPM_RC -TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size); - -// Table 2:80 - Definition of Types for TPM2B_NONCE -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size); -#else -#define TPM2B_NONCE_Unmarshal(target, buffer, size) \ - TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM2B_NONCE_Marshal(TPM2B_NONCE *source, BYTE **buffer, INT32 *size); -#else -#define TPM2B_NONCE_Marshal(source, buffer, size) \ - TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:81 - Definition of Types for TPM2B_AUTH -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size); -#else -#define TPM2B_AUTH_Unmarshal(target, buffer, size) \ - TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM2B_AUTH_Marshal(TPM2B_AUTH *source, BYTE **buffer, INT32 *size); -#else -#define TPM2B_AUTH_Marshal(source, buffer, size) \ - TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:82 - Definition of Types for TPM2B_OPERAND -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size); -#else -#define TPM2B_OPERAND_Unmarshal(target, buffer, size) \ - TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPM2B_OPERAND_Marshal(TPM2B_OPERAND *source, BYTE **buffer, INT32 *size); -#else -#define TPM2B_OPERAND_Marshal(source, buffer, size) \ - TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:83 - Definition of TPM2B_EVENT Structure -TPM_RC -TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_EVENT_Marshal(TPM2B_EVENT *source, BYTE **buffer, INT32 *size); - -// Table 2:84 - Definition of TPM2B_MAX_BUFFER Structure -TPM_RC -TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size); - -// Table 2:85 - Definition of TPM2B_MAX_NV_BUFFER Structure -TPM_RC -TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, - BYTE **buffer, INT32 *size); - -// Table 2:86 - Definition of TPM2B_TIMEOUT Structure -TPM_RC -TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size); - -// Table 2:87 - Definition of TPM2B_IV Structure -TPM_RC -TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size); - -// Table 2:88 - Definition of TPMU_NAME Union -// Table 2:89 - Definition of TPM2B_NAME Structure -TPM_RC -TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size); - -// Table 2:90 - Definition of TPMS_PCR_SELECT Structure -TPM_RC -TPMS_PCR_SELECT_Unmarshal(TPMS_PCR_SELECT *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_PCR_SELECT_Marshal(TPMS_PCR_SELECT *source, BYTE **buffer, INT32 *size); - -// Table 2:91 - Definition of TPMS_PCR_SELECTION Structure -TPM_RC -TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_PCR_SELECTION_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size); - -// Table 2:94 - Definition of TPMT_TK_CREATION Structure -TPM_RC -TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_TK_CREATION_Marshal(TPMT_TK_CREATION *source, BYTE **buffer, INT32 *size); - -// Table 2:95 - Definition of TPMT_TK_VERIFIED Structure -TPM_RC -TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_TK_VERIFIED_Marshal(TPMT_TK_VERIFIED *source, BYTE **buffer, INT32 *size); - -// Table 2:96 - Definition of TPMT_TK_AUTH Structure -TPM_RC -TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_TK_AUTH_Marshal(TPMT_TK_AUTH *source, BYTE **buffer, INT32 *size); - -// Table 2:97 - Definition of TPMT_TK_HASHCHECK Structure -TPM_RC -TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_TK_HASHCHECK_Marshal(TPMT_TK_HASHCHECK *source, BYTE **buffer, INT32 *size); - -// Table 2:98 - Definition of TPMS_ALG_PROPERTY Structure -UINT16 -TPMS_ALG_PROPERTY_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size); - -// Table 2:99 - Definition of TPMS_TAGGED_PROPERTY Structure -UINT16 -TPMS_TAGGED_PROPERTY_Marshal(TPMS_TAGGED_PROPERTY *source, - BYTE **buffer, INT32 *size); - -// Table 2:100 - Definition of TPMS_TAGGED_PCR_SELECT Structure -UINT16 -TPMS_TAGGED_PCR_SELECT_Marshal(TPMS_TAGGED_PCR_SELECT *source, - BYTE **buffer, INT32 *size); - -// Table 2:101 - Definition of TPMS_TAGGED_POLICY Structure -UINT16 -TPMS_TAGGED_POLICY_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size); - -// Table 2:102 - Definition of TPML_CC Structure -TPM_RC -TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size); -UINT16 -TPML_CC_Marshal(TPML_CC *source, BYTE **buffer, INT32 *size); - -// Table 2:103 - Definition of TPML_CCA Structure -UINT16 -TPML_CCA_Marshal(TPML_CCA *source, BYTE **buffer, INT32 *size); - -// Table 2:104 - Definition of TPML_ALG Structure -TPM_RC -TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size); -UINT16 -TPML_ALG_Marshal(TPML_ALG *source, BYTE **buffer, INT32 *size); - -// Table 2:105 - Definition of TPML_HANDLE Structure -UINT16 -TPML_HANDLE_Marshal(TPML_HANDLE *source, BYTE **buffer, INT32 *size); - -// Table 2:106 - Definition of TPML_DIGEST Structure -TPM_RC -TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size); -UINT16 -TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size); - -// Table 2:107 - Definition of TPML_DIGEST_VALUES Structure -TPM_RC -TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, - BYTE **buffer, INT32 *size); -UINT16 -TPML_DIGEST_VALUES_Marshal(TPML_DIGEST_VALUES *source, BYTE **buffer, INT32 *size); - -// Table 2:108 - Definition of TPML_PCR_SELECTION Structure -TPM_RC -TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, - BYTE **buffer, INT32 *size); -UINT16 -TPML_PCR_SELECTION_Marshal(TPML_PCR_SELECTION *source, BYTE **buffer, INT32 *size); - -// Table 2:109 - Definition of TPML_ALG_PROPERTY Structure -UINT16 -TPML_ALG_PROPERTY_Marshal(TPML_ALG_PROPERTY *source, BYTE **buffer, INT32 *size); - -// Table 2:110 - Definition of TPML_TAGGED_TPM_PROPERTY Structure -UINT16 -TPML_TAGGED_TPM_PROPERTY_Marshal(TPML_TAGGED_TPM_PROPERTY *source, - BYTE **buffer, INT32 *size); - -// Table 2:111 - Definition of TPML_TAGGED_PCR_PROPERTY Structure -UINT16 -TPML_TAGGED_PCR_PROPERTY_Marshal(TPML_TAGGED_PCR_PROPERTY *source, - BYTE **buffer, INT32 *size); - -// Table 2:112 - Definition of TPML_ECC_CURVE Structure -#if ALG_ECC -UINT16 -TPML_ECC_CURVE_Marshal(TPML_ECC_CURVE *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:113 - Definition of TPML_TAGGED_POLICY Structure -UINT16 -TPML_TAGGED_POLICY_Marshal(TPML_TAGGED_POLICY *source, BYTE **buffer, INT32 *size); - -// Table 2:114 - Definition of TPMU_CAPABILITIES Union -UINT16 -TPMU_CAPABILITIES_Marshal(TPMU_CAPABILITIES *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:115 - Definition of TPMS_CAPABILITY_DATA Structure -UINT16 -TPMS_CAPABILITY_DATA_Marshal(TPMS_CAPABILITY_DATA *source, - BYTE **buffer, INT32 *size); - -// Table 2:116 - Definition of TPMS_CLOCK_INFO Structure -TPM_RC -TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_CLOCK_INFO_Marshal(TPMS_CLOCK_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:117 - Definition of TPMS_TIME_INFO Structure -TPM_RC -TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_TIME_INFO_Marshal(TPMS_TIME_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:118 - Definition of TPMS_TIME_ATTEST_INFO Structure -UINT16 -TPMS_TIME_ATTEST_INFO_Marshal(TPMS_TIME_ATTEST_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:119 - Definition of TPMS_CERTIFY_INFO Structure -UINT16 -TPMS_CERTIFY_INFO_Marshal(TPMS_CERTIFY_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:120 - Definition of TPMS_QUOTE_INFO Structure -UINT16 -TPMS_QUOTE_INFO_Marshal(TPMS_QUOTE_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:121 - Definition of TPMS_COMMAND_AUDIT_INFO Structure -UINT16 -TPMS_COMMAND_AUDIT_INFO_Marshal(TPMS_COMMAND_AUDIT_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:122 - Definition of TPMS_SESSION_AUDIT_INFO Structure -UINT16 -TPMS_SESSION_AUDIT_INFO_Marshal(TPMS_SESSION_AUDIT_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:123 - Definition of TPMS_CREATION_INFO Structure -UINT16 -TPMS_CREATION_INFO_Marshal(TPMS_CREATION_INFO *source, BYTE **buffer, INT32 *size); - -// Table 2:124 - Definition of TPMS_NV_CERTIFY_INFO Structure -UINT16 -TPMS_NV_CERTIFY_INFO_Marshal(TPMS_NV_CERTIFY_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure -UINT16 -TPMS_NV_DIGEST_CERTIFY_INFO_Marshal(TPMS_NV_DIGEST_CERTIFY_INFO *source, - BYTE **buffer, INT32 *size); - -// Table 2:126 - Definition of TPMI_ST_ATTEST Type -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ST_ATTEST_Marshal(TPMI_ST_ATTEST *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ST_ATTEST_Marshal(source, buffer, size) \ - TPM_ST_Marshal((TPM_ST *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:127 - Definition of TPMU_ATTEST Union -UINT16 -TPMU_ATTEST_Marshal(TPMU_ATTEST *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:128 - Definition of TPMS_ATTEST Structure -UINT16 -TPMS_ATTEST_Marshal(TPMS_ATTEST *source, BYTE **buffer, INT32 *size); - -// Table 2:129 - Definition of TPM2B_ATTEST Structure -UINT16 -TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size); - -// Table 2:130 - Definition of TPMS_AUTH_COMMAND Structure -TPM_RC -TPMS_AUTH_COMMAND_Unmarshal(TPMS_AUTH_COMMAND *target, BYTE **buffer, INT32 *size); - -// Table 2:131 - Definition of TPMS_AUTH_RESPONSE Structure -UINT16 -TPMS_AUTH_RESPONSE_Marshal(TPMS_AUTH_RESPONSE *source, BYTE **buffer, INT32 *size); - -// Table 2:132 - Definition of TPMI_TDES_KEY_BITS Type -#if ALG_TDES -TPM_RC -TPMI_TDES_KEY_BITS_Unmarshal(TPMI_TDES_KEY_BITS *target, - BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_TDES_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_TDES - -// Table 2:132 - Definition of TPMI_AES_KEY_BITS Type -#if ALG_AES -TPM_RC -TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_AES_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_AES - -// Table 2:132 - Definition of TPMI_SM4_KEY_BITS Type -#if ALG_SM4 -TPM_RC -TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_SM4_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_SM4 - -// Table 2:132 - Definition of TPMI_CAMELLIA_KEY_BITS Type -#if ALG_CAMELLIA -TPM_RC -TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, - BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_CAMELLIA_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_CAMELLIA - -// Table 2:133 - Definition of TPMU_SYM_KEY_BITS Union -TPM_RC -TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SYM_KEY_BITS_Marshal(TPMU_SYM_KEY_BITS *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:134 - Definition of TPMU_SYM_MODE Union -TPM_RC -TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SYM_MODE_Marshal(TPMU_SYM_MODE *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:136 - Definition of TPMT_SYM_DEF Structure -TPM_RC -TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_SYM_DEF_Marshal(TPMT_SYM_DEF *source, BYTE **buffer, INT32 *size); - -// Table 2:137 - Definition of TPMT_SYM_DEF_OBJECT Structure -TPM_RC -TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_SYM_DEF_OBJECT_Marshal(TPMT_SYM_DEF_OBJECT *source, - BYTE **buffer, INT32 *size); - -// Table 2:138 - Definition of TPM2B_SYM_KEY Structure -TPM_RC -TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size); - -// Table 2:139 - Definition of TPMS_SYMCIPHER_PARMS Structure -TPM_RC -TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_SYMCIPHER_PARMS_Marshal(TPMS_SYMCIPHER_PARMS *source, - BYTE **buffer, INT32 *size); - -// Table 2:140 - Definition of TPM2B_LABEL Structure -TPM_RC -TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_LABEL_Marshal(TPM2B_LABEL *source, BYTE **buffer, INT32 *size); - -// Table 2:141 - Definition of TPMS_DERIVE Structure -TPM_RC -TPMS_DERIVE_Unmarshal(TPMS_DERIVE *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_DERIVE_Marshal(TPMS_DERIVE *source, BYTE **buffer, INT32 *size); - -// Table 2:142 - Definition of TPM2B_DERIVE Structure -TPM_RC -TPM2B_DERIVE_Unmarshal(TPM2B_DERIVE *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_DERIVE_Marshal(TPM2B_DERIVE *source, BYTE **buffer, INT32 *size); - -// Table 2:143 - Definition of TPMU_SENSITIVE_CREATE Union -// Table 2:144 - Definition of TPM2B_SENSITIVE_DATA Structure -TPM_RC -TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, - BYTE **buffer, INT32 *size); - -// Table 2:145 - Definition of TPMS_SENSITIVE_CREATE Structure -TPM_RC -TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, - BYTE **buffer, INT32 *size); - -// Table 2:146 - Definition of TPM2B_SENSITIVE_CREATE Structure -TPM_RC -TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, - BYTE **buffer, INT32 *size); - -// Table 2:147 - Definition of TPMS_SCHEME_HASH Structure -TPM_RC -TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_SCHEME_HASH_Marshal(TPMS_SCHEME_HASH *source, BYTE **buffer, INT32 *size); - -// Table 2:148 - Definition of TPMS_SCHEME_ECDAA Structure -#if ALG_ECC -TPM_RC -TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_SCHEME_ECDAA_Marshal(TPMS_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:149 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type -TPM_RC -TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_KEYEDHASH_SCHEME_Marshal(TPMI_ALG_KEYEDHASH_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_KEYEDHASH_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:150 - Definition of Types for HMAC_SIG_SCHEME -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_HMAC_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_HMAC_Marshal(TPMS_SCHEME_HMAC *source, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_HMAC_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:151 - Definition of TPMS_SCHEME_XOR Structure -TPM_RC -TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_SCHEME_XOR_Marshal(TPMS_SCHEME_XOR *source, BYTE **buffer, INT32 *size); - -// Table 2:152 - Definition of TPMU_SCHEME_KEYEDHASH Union -TPM_RC -TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SCHEME_KEYEDHASH_Marshal(TPMU_SCHEME_KEYEDHASH *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:153 - Definition of TPMT_KEYEDHASH_SCHEME Structure -TPM_RC -TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_KEYEDHASH_SCHEME_Marshal(TPMT_KEYEDHASH_SCHEME *source, - BYTE **buffer, INT32 *size); - -// Table 2:154 - Definition of Types for RSA Signature Schemes -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_RSASSA_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_RSASSA_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_RSAPSS_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_RSAPSS_Marshal(TPMS_SIG_SCHEME_RSAPSS *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_RSAPSS_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:155 - Definition of Types for ECC Signature Schemes -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECDSA_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_ECDSA_Marshal(TPMS_SIG_SCHEME_ECDSA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECDSA_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_SM2_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_SM2_Marshal(TPMS_SIG_SCHEME_SM2 *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_SM2_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_ECSCHNORR_Marshal(TPMS_SIG_SCHEME_ECSCHNORR *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECSCHNORR_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECDAA_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_ECDAA_Unmarshal((TPMS_SCHEME_ECDAA *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIG_SCHEME_ECDAA_Marshal(TPMS_SIG_SCHEME_ECDAA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIG_SCHEME_ECDAA_Marshal(source, buffer, size) \ - TPMS_SCHEME_ECDAA_Marshal((TPMS_SCHEME_ECDAA *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:156 - Definition of TPMU_SIG_SCHEME Union -TPM_RC -TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SIG_SCHEME_Marshal(TPMU_SIG_SCHEME *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:157 - Definition of TPMT_SIG_SCHEME Structure -TPM_RC -TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_SIG_SCHEME_Marshal(TPMT_SIG_SCHEME *source, BYTE **buffer, INT32 *size); - -// Table 2:158 - Definition of Types for Encryption Schemes -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_ENC_SCHEME_OAEP_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_ENC_SCHEME_OAEP_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_ENC_SCHEME_RSAES_Unmarshal(target, buffer, size) \ - TPMS_EMPTY_Unmarshal((TPMS_EMPTY *)(target), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_ENC_SCHEME_RSAES_Marshal(TPMS_ENC_SCHEME_RSAES *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_ENC_SCHEME_RSAES_Marshal(source, buffer, size) \ - TPMS_EMPTY_Marshal((TPMS_EMPTY *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:159 - Definition of Types for ECC Key Exchange -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_KEY_SCHEME_ECDH_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_KEY_SCHEME_ECDH_Marshal(TPMS_KEY_SCHEME_ECDH *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_KEY_SCHEME_ECDH_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_KEY_SCHEME_ECMQV_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_KEY_SCHEME_ECMQV_Marshal(TPMS_KEY_SCHEME_ECMQV *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_KEY_SCHEME_ECMQV_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:160 - Definition of Types for KDF Schemes -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_MGF1_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_MGF1_Marshal(TPMS_SCHEME_MGF1 *source, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_MGF1_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_KDF1_SP800_56A_Marshal(TPMS_SCHEME_KDF1_SP800_56A *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF1_SP800_56A_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF2_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_KDF2_Marshal(TPMS_SCHEME_KDF2 *source, BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF2_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF1_SP800_108_Unmarshal(target, buffer, size) \ - TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SCHEME_KDF1_SP800_108_Marshal(TPMS_SCHEME_KDF1_SP800_108 *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SCHEME_KDF1_SP800_108_Marshal(source, buffer, size) \ - TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:161 - Definition of TPMU_KDF_SCHEME Union -TPM_RC -TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_KDF_SCHEME_Marshal(TPMU_KDF_SCHEME *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:162 - Definition of TPMT_KDF_SCHEME Structure -TPM_RC -TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_KDF_SCHEME_Marshal(TPMT_KDF_SCHEME *source, BYTE **buffer, INT32 *size); - -// Table 2:163 - Definition of TPMI_ALG_ASYM_SCHEME Type -TPM_RC -TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ASYM_SCHEME_Marshal(TPMI_ALG_ASYM_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_ASYM_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:164 - Definition of TPMU_ASYM_SCHEME Union -TPM_RC -TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_ASYM_SCHEME_Marshal(TPMU_ASYM_SCHEME *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:165 - Definition of TPMT_ASYM_SCHEME Structure -// Table 2:166 - Definition of TPMI_ALG_RSA_SCHEME Type -#if ALG_RSA -TPM_RC -TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_RSA_SCHEME_Marshal(TPMI_ALG_RSA_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_RSA_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:167 - Definition of TPMT_RSA_SCHEME Structure -#if ALG_RSA -TPM_RC -TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_RSA_SCHEME_Marshal(TPMT_RSA_SCHEME *source, BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:168 - Definition of TPMI_ALG_RSA_DECRYPT Type -#if ALG_RSA -TPM_RC -TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_RSA_DECRYPT_Marshal(TPMI_ALG_RSA_DECRYPT *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_RSA_DECRYPT_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:169 - Definition of TPMT_RSA_DECRYPT Structure -#if ALG_RSA -TPM_RC -TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_RSA_DECRYPT_Marshal(TPMT_RSA_DECRYPT *source, BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:170 - Definition of TPM2B_PUBLIC_KEY_RSA Structure -#if ALG_RSA -TPM_RC -TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, - BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:171 - Definition of TPMI_RSA_KEY_BITS Type -#if ALG_RSA -TPM_RC -TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RSA_KEY_BITS_Marshal(TPMI_RSA_KEY_BITS *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_RSA_KEY_BITS_Marshal(source, buffer, size) \ - TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:172 - Definition of TPM2B_PRIVATE_KEY_RSA Structure -#if ALG_RSA -TPM_RC -TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, - BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:173 - Definition of TPM2B_ECC_PARAMETER Structure -TPM_RC -TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, - BYTE **buffer, INT32 *size); - -// Table 2:174 - Definition of TPMS_ECC_POINT Structure -#if ALG_ECC -TPM_RC -TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_ECC_POINT_Marshal(TPMS_ECC_POINT *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:175 - Definition of TPM2B_ECC_POINT Structure -#if ALG_ECC -TPM_RC -TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_ECC_POINT_Marshal(TPM2B_ECC_POINT *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:176 - Definition of TPMI_ALG_ECC_SCHEME Type -#if ALG_ECC -TPM_RC -TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ECC_SCHEME_Marshal(TPMI_ALG_ECC_SCHEME *source, - BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_ECC_SCHEME_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:177 - Definition of TPMI_ECC_CURVE Type -#if ALG_ECC -TPM_RC -TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ECC_CURVE_Marshal(TPMI_ECC_CURVE *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ECC_CURVE_Marshal(source, buffer, size) \ - TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:178 - Definition of TPMT_ECC_SCHEME Structure -#if ALG_ECC -TPM_RC -TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_ECC_SCHEME_Marshal(TPMT_ECC_SCHEME *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:179 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure -#if ALG_ECC -UINT16 -TPMS_ALGORITHM_DETAIL_ECC_Marshal(TPMS_ALGORITHM_DETAIL_ECC *source, - BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:180 - Definition of TPMS_SIGNATURE_RSA Structure -#if ALG_RSA -TPM_RC -TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_SIGNATURE_RSA_Marshal(TPMS_SIGNATURE_RSA *source, BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:181 - Definition of Types for Signature -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_RSASSA_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_RSASSA_Marshal(TPMS_SIGNATURE_RSASSA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_RSASSA_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_RSAPSS_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_RSAPSS_Marshal(TPMS_SIGNATURE_RSAPSS *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_RSAPSS_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:182 - Definition of TPMS_SIGNATURE_ECC Structure -#if ALG_ECC -TPM_RC -TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_SIGNATURE_ECC_Marshal(TPMS_SIGNATURE_ECC *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:183 - Definition of Types for TPMS_SIGNATURE_ECC -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECDAA_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_ECDAA_Marshal(TPMS_SIGNATURE_ECDAA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECDAA_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECDSA_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_ECDSA_Marshal(TPMS_SIGNATURE_ECDSA *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECDSA_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_SM2_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_SM2_Marshal(TPMS_SIGNATURE_SM2 *source, BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_SM2_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECSCHNORR_Unmarshal(target, buffer, size) \ - TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#if !USE_MARSHALING_DEFINES -UINT16 -TPMS_SIGNATURE_ECSCHNORR_Marshal(TPMS_SIGNATURE_ECSCHNORR *source, - BYTE **buffer, INT32 *size); -#else -#define TPMS_SIGNATURE_ECSCHNORR_Marshal(source, buffer, size) \ - TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ - (buffer), \ - (size)) -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:184 - Definition of TPMU_SIGNATURE Union -TPM_RC -TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SIGNATURE_Marshal(TPMU_SIGNATURE *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:185 - Definition of TPMT_SIGNATURE Structure -TPM_RC -TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, - BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_SIGNATURE_Marshal(TPMT_SIGNATURE *source, BYTE **buffer, INT32 *size); - -// Table 2:186 - Definition of TPMU_ENCRYPTED_SECRET Union -TPM_RC -TPMU_ENCRYPTED_SECRET_Unmarshal(TPMU_ENCRYPTED_SECRET *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_ENCRYPTED_SECRET_Marshal(TPMU_ENCRYPTED_SECRET *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:187 - Definition of TPM2B_ENCRYPTED_SECRET Structure -TPM_RC -TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, - BYTE **buffer, INT32 *size); - -// Table 2:188 - Definition of TPMI_ALG_PUBLIC Type -TPM_RC -TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_PUBLIC_Marshal(TPMI_ALG_PUBLIC *source, BYTE **buffer, INT32 *size); -#else -#define TPMI_ALG_PUBLIC_Marshal(source, buffer, size) \ - TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:189 - Definition of TPMU_PUBLIC_ID Union -TPM_RC -TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_PUBLIC_ID_Marshal(TPMU_PUBLIC_ID *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:190 - Definition of TPMS_KEYEDHASH_PARMS Structure -TPM_RC -TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_KEYEDHASH_PARMS_Marshal(TPMS_KEYEDHASH_PARMS *source, - BYTE **buffer, INT32 *size); - -// Table 2:191 - Definition of TPMS_ASYM_PARMS Structure -// Table 2:192 - Definition of TPMS_RSA_PARMS Structure -#if ALG_RSA -TPM_RC -TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_RSA_PARMS_Marshal(TPMS_RSA_PARMS *source, BYTE **buffer, INT32 *size); -#endif // ALG_RSA - -// Table 2:193 - Definition of TPMS_ECC_PARMS Structure -#if ALG_ECC -TPM_RC -TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_ECC_PARMS_Marshal(TPMS_ECC_PARMS *source, BYTE **buffer, INT32 *size); -#endif // ALG_ECC - -// Table 2:194 - Definition of TPMU_PUBLIC_PARMS Union -TPM_RC -TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:195 - Definition of TPMT_PUBLIC_PARMS Structure -TPM_RC -TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_PUBLIC_PARMS_Marshal(TPMT_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size); - -// Table 2:196 - Definition of TPMT_PUBLIC Structure -TPM_RC -TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size); - -// Table 2:197 - Definition of TPM2B_PUBLIC Structure -TPM_RC -TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag); -UINT16 -TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size); - -// Table 2:198 - Definition of TPM2B_TEMPLATE Structure -TPM_RC -TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_TEMPLATE_Marshal(TPM2B_TEMPLATE *source, BYTE **buffer, INT32 *size); - -// Table 2:199 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure -TPM_RC -TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_PRIVATE_VENDOR_SPECIFIC_Marshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *source, - BYTE **buffer, INT32 *size); - -// Table 2:200 - Definition of TPMU_SENSITIVE_COMPOSITE Union -TPM_RC -TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, - BYTE **buffer, INT32 *size, UINT32 selector); -UINT16 -TPMU_SENSITIVE_COMPOSITE_Marshal(TPMU_SENSITIVE_COMPOSITE *source, - BYTE **buffer, INT32 *size, UINT32 selector); - -// Table 2:201 - Definition of TPMT_SENSITIVE Structure -TPM_RC -TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size); -UINT16 -TPMT_SENSITIVE_Marshal(TPMT_SENSITIVE *source, BYTE **buffer, INT32 *size); - -// Table 2:202 - Definition of TPM2B_SENSITIVE Structure -TPM_RC -TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_SENSITIVE_Marshal(TPM2B_SENSITIVE *source, BYTE **buffer, INT32 *size); - -// Table 2:203 - Definition of _PRIVATE Structure -// Table 2:204 - Definition of TPM2B_PRIVATE Structure -TPM_RC -TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size); - -// Table 2:205 - Definition of TPMS_ID_OBJECT Structure -// Table 2:206 - Definition of TPM2B_ID_OBJECT Structure -TPM_RC -TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size); - -// Table 2:207 - Definition of TPM_NV_INDEX Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_NV_INDEX_Marshal(TPM_NV_INDEX *source, BYTE **buffer, INT32 *size); -#else -#define TPM_NV_INDEX_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:208 - Definition of TPM_NT Constants -// Table 2:209 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure -TPM_RC -TPMS_NV_PIN_COUNTER_PARAMETERS_Unmarshal(TPMS_NV_PIN_COUNTER_PARAMETERS *target, - BYTE **buffer, INT32 *size); -UINT16 -TPMS_NV_PIN_COUNTER_PARAMETERS_Marshal(TPMS_NV_PIN_COUNTER_PARAMETERS *source, - BYTE **buffer, INT32 *size); - -// Table 2:210 - Definition of TPMA_NV Bits -TPM_RC -TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size); - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_NV_Marshal(TPMA_NV *source, BYTE **buffer, INT32 *size); -#else -#define TPMA_NV_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:211 - Definition of TPMS_NV_PUBLIC Structure -TPM_RC -TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_NV_PUBLIC_Marshal(TPMS_NV_PUBLIC *source, BYTE **buffer, INT32 *size); - -// Table 2:212 - Definition of TPM2B_NV_PUBLIC Structure -TPM_RC -TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size); -UINT16 -TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size); - -// Table 2:213 - Definition of TPM2B_CONTEXT_SENSITIVE Structure -TPM_RC -TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_CONTEXT_SENSITIVE_Marshal(TPM2B_CONTEXT_SENSITIVE *source, - BYTE **buffer, INT32 *size); - -// Table 2:214 - Definition of TPMS_CONTEXT_DATA Structure -TPM_RC -TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_CONTEXT_DATA_Marshal(TPMS_CONTEXT_DATA *source, BYTE **buffer, INT32 *size); - -// Table 2:215 - Definition of TPM2B_CONTEXT_DATA Structure -TPM_RC -TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, - BYTE **buffer, INT32 *size); -UINT16 -TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size); - -// Table 2:216 - Definition of TPMS_CONTEXT Structure -TPM_RC -TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size); -UINT16 -TPMS_CONTEXT_Marshal(TPMS_CONTEXT *source, BYTE **buffer, INT32 *size); - -// Table 2:218 - Definition of TPMS_CREATION_DATA Structure -UINT16 -TPMS_CREATION_DATA_Marshal(TPMS_CREATION_DATA *source, BYTE **buffer, INT32 *size); - -// Table 2:219 - Definition of TPM2B_CREATION_DATA Structure -UINT16 -TPM2B_CREATION_DATA_Marshal(TPM2B_CREATION_DATA *source, - BYTE **buffer, INT32 *size); - -// Table 2:220 - Definition of TPM_AT Constants -TPM_RC -TPM_AT_Unmarshal(TPM_AT *target, BYTE **buffer, INT32 *size); -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AT_Marshal(TPM_AT *source, BYTE **buffer, INT32 *size); -#else -#define TPM_AT_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:221 - Definition of TPM_AE Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AE_Marshal(TPM_AE *source, BYTE **buffer, INT32 *size); -#else -#define TPM_AE_Marshal(source, buffer, size) \ - UINT32_Marshal((UINT32 *)(source), (buffer), (size)) -#endif // !USE_MARSHALING_DEFINES - -// Table 2:222 - Definition of TPMS_AC_OUTPUT Structure -UINT16 -TPMS_AC_OUTPUT_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size); - -// Table 2:223 - Definition of TPML_AC_CAPABILITIES Structure -UINT16 -TPML_AC_CAPABILITIES_Marshal(TPML_AC_CAPABILITIES *source, - BYTE **buffer, INT32 *size); - -// Array Marshal/Unmarshal for BYTE -TPM_RC -BYTE_Array_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size, INT32 count); -UINT16 -BYTE_Array_Marshal(BYTE *source, BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPM2B_DIGEST -TPM_RC -TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM2B_DIGEST_Array_Marshal(TPM2B_DIGEST *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMA_CC -UINT16 -TPMA_CC_Array_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_AC_OUTPUT -UINT16 -TPMS_AC_OUTPUT_Array_Marshal(TPMS_AC_OUTPUT *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_ALG_PROPERTY -UINT16 -TPMS_ALG_PROPERTY_Array_Marshal(TPMS_ALG_PROPERTY *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPMS_PCR_SELECTION -TPM_RC -TPMS_PCR_SELECTION_Array_Unmarshal(TPMS_PCR_SELECTION *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPMS_PCR_SELECTION_Array_Marshal(TPMS_PCR_SELECTION *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_TAGGED_PCR_SELECT -UINT16 -TPMS_TAGGED_PCR_SELECT_Array_Marshal(TPMS_TAGGED_PCR_SELECT *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_TAGGED_POLICY -UINT16 -TPMS_TAGGED_POLICY_Array_Marshal(TPMS_TAGGED_POLICY *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal for TPMS_TAGGED_PROPERTY -UINT16 -TPMS_TAGGED_PROPERTY_Array_Marshal(TPMS_TAGGED_PROPERTY *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPMT_HA -TPM_RC -TPMT_HA_Array_Unmarshal(TPMT_HA *target, - BYTE **buffer, INT32 *size, BOOL flag, INT32 count); -UINT16 -TPMT_HA_Array_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPM_ALG_ID -TPM_RC -TPM_ALG_ID_Array_Unmarshal(TPM_ALG_ID *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM_ALG_ID_Array_Marshal(TPM_ALG_ID *source, - BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPM_CC -TPM_RC -TPM_CC_Array_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM_CC_Array_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size, INT32 count); - -// Array Marshal/Unmarshal for TPM_ECC_CURVE -#if ALG_ECC -TPM_RC -TPM_ECC_CURVE_Array_Unmarshal(TPM_ECC_CURVE *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM_ECC_CURVE_Array_Marshal(TPM_ECC_CURVE *source, - BYTE **buffer, INT32 *size, INT32 count); -#endif // ALG_ECC - -// Array Marshal/Unmarshal for TPM_HANDLE -TPM_RC -TPM_HANDLE_Array_Unmarshal(TPM_HANDLE *target, - BYTE **buffer, INT32 *size, INT32 count); -UINT16 -TPM_HANDLE_Array_Marshal(TPM_HANDLE *source, - BYTE **buffer, INT32 *size, INT32 count); -#endif // _MARSHAL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h deleted file mode 100644 index 57e58b3e0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h +++ /dev/null @@ -1,147 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _MATH_ON_BYTE_BUFFERS_FP_H_ -#define _MATH_ON_BYTE_BUFFERS_FP_H_ - -//*** UnsignedCmpB -// This function compare two unsigned values. The values are byte-aligned, -// big-endian numbers (e.g, a hash). -// Return Type: int -// 1 if (a > b) -// 0 if (a = b) -// -1 if (a < b) -LIB_EXPORT int -UnsignedCompareB( - UINT32 aSize, // IN: size of a - const BYTE *a, // IN: a - UINT32 bSize, // IN: size of b - const BYTE *b // IN: b -); - -//***SignedCompareB() -// Compare two signed integers: -// Return Type: int -// 1 if a > b -// 0 if a = b -// -1 if a < b -int -SignedCompareB( - const UINT32 aSize, // IN: size of a - const BYTE *a, // IN: a buffer - const UINT32 bSize, // IN: size of b - const BYTE *b // IN: b buffer -); - -//*** ModExpB -// This function is used to do modular exponentiation in support of RSA. -// The most typical uses are: 'c' = 'm'^'e' mod 'n' (RSA encrypt) and -// 'm' = 'c'^'d' mod 'n' (RSA decrypt). When doing decryption, the 'e' parameter -// of the function will contain the private exponent 'd' instead of the public -// exponent 'e'. -// -// If the results will not fit in the provided buffer, -// an error is returned (CRYPT_ERROR_UNDERFLOW). If the results is smaller -// than the buffer, the results is de-normalized. -// -// This version is intended for use with RSA and requires that 'm' be -// less than 'n'. -// -// Return Type: TPM_RC -// TPM_RC_SIZE number to exponentiate is larger than the modulus -// TPM_RC_NO_RESULT result will not fit into the provided buffer -// -TPM_RC -ModExpB( - UINT32 cSize, // IN: the size of the output buffer. It will - // need to be the same size as the modulus - BYTE *c, // OUT: the buffer to receive the results - // (c->size must be set to the maximum size - // for the returned value) - const UINT32 mSize, - const BYTE *m, // IN: number to exponentiate - const UINT32 eSize, - const BYTE *e, // IN: power - const UINT32 nSize, - const BYTE *n // IN: modulus -); - -//*** DivideB() -// Divide an integer ('n') by an integer ('d') producing a quotient ('q') and -// a remainder ('r'). If 'q' or 'r' is not needed, then the pointer to them -// may be set to NULL. -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result -// -LIB_EXPORT TPM_RC -DivideB( - const TPM2B *n, // IN: numerator - const TPM2B *d, // IN: denominator - TPM2B *q, // OUT: quotient - TPM2B *r // OUT: remainder -); - -//*** AdjustNumberB() -// Remove/add leading zeros from a number in a TPM2B. Will try to make the number -// by adding or removing leading zeros. If the number is larger than the requested -// size, it will make the number as small as possible. Setting 'requestedSize' to -// zero is equivalent to requesting that the number be normalized. -UINT16 -AdjustNumberB( - TPM2B *num, - UINT16 requestedSize -); - -//*** ShiftLeft() -// This function shifts a byte buffer (a TPM2B) one byte to the left. That is, -// the most significant bit of the most significant byte is lost. -TPM2B * -ShiftLeft( - TPM2B *value // IN/OUT: value to shift and shifted value out -); - -//*** IsNumeric() -// Verifies that all the characters are simple numeric (0-9) -BOOL -IsNumeric( - TPM2B *value -); - -#endif // _MATH_ON_BYTE_BUFFERS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h deleted file mode 100644 index 42f4c5845..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h +++ /dev/null @@ -1,179 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 7, 2019 Time: 06:58:58PM - */ - -#ifndef _MEMORY_FP_H_ -#define _MEMORY_FP_H_ - -//*** MemoryCopy() -// This is an alias for memmove. This is used in place of memcpy because -// some of the moves may overlap and rather than try to make sure that -// memmove is used when necessary, it is always used. -void -MemoryCopy( - void *dest, - const void *src, - int sSize -); - -//*** MemoryEqual() -// This function indicates if two buffers have the same values in the indicated -// number of bytes. -// Return Type: BOOL -// TRUE(1) all octets are the same -// FALSE(0) all octets are not the same -BOOL -MemoryEqual( - const void *buffer1, // IN: compare buffer1 - const void *buffer2, // IN: compare buffer2 - unsigned int size // IN: size of bytes being compared -); - -//*** MemoryCopy2B() -// This function copies a TPM2B. This can be used when the TPM2B types are -// the same or different. -// -// This function returns the number of octets in the data buffer of the TPM2B. -LIB_EXPORT INT16 -MemoryCopy2B( - TPM2B *dest, // OUT: receiving TPM2B - const TPM2B *source, // IN: source TPM2B - unsigned int dSize // IN: size of the receiving buffer -); - -//*** MemoryConcat2B() -// This function will concatenate the buffer contents of a TPM2B to an -// the buffer contents of another TPM2B and adjust the size accordingly -// ('a' := ('a' | 'b')). -void -MemoryConcat2B( - TPM2B *aInOut, // IN/OUT: destination 2B - TPM2B *bIn, // IN: second 2B - unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for - // aInOut.size) -); - -//*** MemoryEqual2B() -// This function will compare two TPM2B structures. To be equal, they -// need to be the same size and the buffer contexts need to be the same -// in all octets. -// Return Type: BOOL -// TRUE(1) size and buffer contents are the same -// FALSE(0) size or buffer contents are not the same -BOOL -MemoryEqual2B( - const TPM2B *aIn, // IN: compare value - const TPM2B *bIn // IN: compare value -); - -//*** MemorySet() -// This function will set all the octets in the specified memory range to -// the specified octet value. -// Note: A previous version had an additional parameter (dSize) that was -// intended to make sure that the destination would not be overrun. The -// problem is that, in use, all that was happening was that the value of -// size was used for dSize so there was no benefit in the extra parameter. -void -MemorySet( - void *dest, - int value, - size_t size -); - -//*** MemoryPad2B() -// Function to pad a TPM2B with zeros and adjust the size. -void -MemoryPad2B( - TPM2B *b, - UINT16 newSize -); - -//*** Uint16ToByteArray() -// Function to write an integer to a byte array -void -Uint16ToByteArray( - UINT16 i, - BYTE *a -); - -//*** Uint32ToByteArray() -// Function to write an integer to a byte array -void -Uint32ToByteArray( - UINT32 i, - BYTE *a -); - -//*** Uint64ToByteArray() -// Function to write an integer to a byte array -void -Uint64ToByteArray( - UINT64 i, - BYTE *a -); - -//*** ByteArrayToUint8() -// Function to write a UINT8 to a byte array. This is included for completeness -// and to allow certain macro expansions -UINT8 -ByteArrayToUint8( - BYTE *a -); - -//*** ByteArrayToUint16() -// Function to write an integer to a byte array -UINT16 -ByteArrayToUint16( - BYTE *a -); - -//*** ByteArrayToUint32() -// Function to write an integer to a byte array -UINT32 -ByteArrayToUint32( - BYTE *a -); - -//*** ByteArrayToUint64() -// Function to write an integer to a byte array -UINT64 -ByteArrayToUint64( - BYTE *a -); - -#endif // _MEMORY_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h deleted file mode 100644 index 764e15e1a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Certify // Command must be enabled - -#ifndef _NV_Certify_FP_H_ -#define _NV_Certify_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT signHandle; - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; - UINT16 size; - UINT16 offset; -} NV_Certify_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; -} NV_Certify_Out; - -// Response code modifiers -#define RC_NV_Certify_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Certify_authHandle (TPM_RC_H + TPM_RC_2) -#define RC_NV_Certify_nvIndex (TPM_RC_H + TPM_RC_3) -#define RC_NV_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_NV_Certify_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_NV_Certify_size (TPM_RC_P + TPM_RC_3) -#define RC_NV_Certify_offset (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_NV_Certify( - NV_Certify_In *in, - NV_Certify_Out *out -); - -#endif // _NV_Certify_FP_H_ -#endif // CC_NV_Certify diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h deleted file mode 100644 index d0620d416..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_ChangeAuth // Command must be enabled - -#ifndef _NV_Change_Auth_FP_H_ -#define _NV_Change_Auth_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_INDEX nvIndex; - TPM2B_AUTH newAuth; -} NV_ChangeAuth_In; - -// Response code modifiers -#define RC_NV_ChangeAuth_nvIndex (TPM_RC_H + TPM_RC_1) -#define RC_NV_ChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_ChangeAuth( - NV_ChangeAuth_In *in -); - -#endif // _NV_Change_Auth_FP_H_ -#endif // CC_NV_ChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h deleted file mode 100644 index 742702fdd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_DefineSpace // Command must be enabled - -#ifndef _NV_Define_Space_FP_H_ -#define _NV_Define_Space_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION authHandle; - TPM2B_AUTH auth; - TPM2B_NV_PUBLIC publicInfo; -} NV_DefineSpace_In; - -// Response code modifiers -#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) -#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_DefineSpace( - NV_DefineSpace_In *in -); - -#endif // _NV_Define_Space_FP_H_ -#endif // CC_NV_DefineSpace diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h deleted file mode 100644 index 6913fcd99..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Extend // Command must be enabled - -#ifndef _NV_Extend_FP_H_ -#define _NV_Extend_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_MAX_NV_BUFFER data; -} NV_Extend_In; - -// Response code modifiers -#define RC_NV_Extend_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Extend_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Extend_data (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_Extend( - NV_Extend_In *in -); - -#endif // _NV_Extend_FP_H_ -#endif // CC_NV_Extend diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h deleted file mode 100644 index cd11e9320..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_GlobalWriteLock // Command must be enabled - -#ifndef _NV_Global_Write_Lock_FP_H_ -#define _NV_Global_Write_Lock_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION authHandle; -} NV_GlobalWriteLock_In; - -// Response code modifiers -#define RC_NV_GlobalWriteLock_authHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_GlobalWriteLock( - NV_GlobalWriteLock_In *in -); - -#endif // _NV_Global_Write_Lock_FP_H_ -#endif // CC_NV_GlobalWriteLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h deleted file mode 100644 index 51441befc..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Increment // Command must be enabled - -#ifndef _NV_Increment_FP_H_ -#define _NV_Increment_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_Increment_In; - -// Response code modifiers -#define RC_NV_Increment_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Increment_nvIndex (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_Increment( - NV_Increment_In *in -); - -#endif // _NV_Increment_FP_H_ -#endif // CC_NV_Increment diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h deleted file mode 100644 index 8687f6ac4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_ReadLock // Command must be enabled - -#ifndef _NV_Read_Lock_FP_H_ -#define _NV_Read_Lock_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_ReadLock_In; - -// Response code modifiers -#define RC_NV_ReadLock_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_ReadLock_nvIndex (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_ReadLock( - NV_ReadLock_In *in -); - -#endif // _NV_Read_Lock_FP_H_ -#endif // CC_NV_ReadLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h deleted file mode 100644 index 90e439677..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_ReadPublic // Command must be enabled - -#ifndef _NV_Read_Public_FP_H_ -#define _NV_Read_Public_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_INDEX nvIndex; -} NV_ReadPublic_In; - -// Output structure definition -typedef struct { - TPM2B_NV_PUBLIC nvPublic; - TPM2B_NAME nvName; -} NV_ReadPublic_Out; - -// Response code modifiers -#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_ReadPublic( - NV_ReadPublic_In *in, - NV_ReadPublic_Out *out -); - -#endif // _NV_Read_Public_FP_H_ -#endif // CC_NV_ReadPublic diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h deleted file mode 100644 index 384eecff0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Read // Command must be enabled - -#ifndef _NV_Read_FP_H_ -#define _NV_Read_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - UINT16 size; - UINT16 offset; -} NV_Read_In; - -// Output structure definition -typedef struct { - TPM2B_MAX_NV_BUFFER data; -} NV_Read_Out; - -// Response code modifiers -#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) -#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_Read( - NV_Read_In *in, - NV_Read_Out *out -); - -#endif // _NV_Read_FP_H_ -#endif // CC_NV_Read diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h deleted file mode 100644 index fee30fbea..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_SetBits // Command must be enabled - -#ifndef _NV_Set_Bits_FP_H_ -#define _NV_Set_Bits_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - UINT64 bits; -} NV_SetBits_In; - -// Response code modifiers -#define RC_NV_SetBits_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_SetBits_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_SetBits_bits (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_NV_SetBits( - NV_SetBits_In *in -); - -#endif // _NV_Set_Bits_FP_H_ -#endif // CC_NV_SetBits diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h deleted file mode 100644 index d99b64033..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_UndefineSpaceSpecial // Command must be enabled - -#ifndef _NV_Undefine_Space_Special_FP_H_ -#define _NV_Undefine_Space_Special_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_INDEX nvIndex; - TPMI_RH_PLATFORM platform; -} NV_UndefineSpaceSpecial_In; - -// Response code modifiers -#define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) -#define RC_NV_UndefineSpaceSpecial_platform (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_UndefineSpaceSpecial( - NV_UndefineSpaceSpecial_In *in -); - -#endif // _NV_Undefine_Space_Special_FP_H_ -#endif // CC_NV_UndefineSpaceSpecial diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h deleted file mode 100644 index 217d17c84..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_UndefineSpace // Command must be enabled - -#ifndef _NV_Undefine_Space_FP_H_ -#define _NV_Undefine_Space_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_UndefineSpace_In; - -// Response code modifiers -#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_UndefineSpace( - NV_UndefineSpace_In *in -); - -#endif // _NV_Undefine_Space_FP_H_ -#endif // CC_NV_UndefineSpace diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h deleted file mode 100644 index af640c838..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_WriteLock // Command must be enabled - -#ifndef _NV_Write_Lock_FP_H_ -#define _NV_Write_Lock_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_WriteLock_In; - -// Response code modifiers -#define RC_NV_WriteLock_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_WriteLock_nvIndex (TPM_RC_H + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_WriteLock( - NV_WriteLock_In *in -); - -#endif // _NV_Write_Lock_FP_H_ -#endif // CC_NV_WriteLock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h deleted file mode 100644 index c4bfb28d8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_NV_Write // Command must be enabled - -#ifndef _NV_Write_FP_H_ -#define _NV_Write_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_MAX_NV_BUFFER data; - UINT16 offset; -} NV_Write_In; - -// Response code modifiers -#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) -#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_NV_Write( - NV_Write_In *in -); - -#endif // _NV_Write_FP_H_ -#endif // CC_NV_Write diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h deleted file mode 100644 index 0844f2dad..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h +++ /dev/null @@ -1,93 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _NV_SPT_FP_H_ -#define _NV_SPT_FP_H_ - -//*** NvReadAccessChecks() -// Common routine for validating a read -// Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read -// of the index -// TPM_RC_NV_LOCKED Read locked -// TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index -// -TPM_RC -NvReadAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read - TPMA_NV attributes // IN: the attributes of 'nvHandle' -); - -//*** NvWriteAccessChecks() -// Common routine for validating a write -// Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION Authorization fails -// TPM_RC_NV_LOCKED Write locked -// -TPM_RC -NvWriteAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written - TPMA_NV attributes // IN: the attributes of 'nvHandle' -); - -//*** NvClearOrderly() -// This function is used to cause gp.orderlyState to be cleared to the -// non-orderly state. -TPM_RC -NvClearOrderly( - void -); - -//*** NvIsPinPassIndex() -// Function to check to see if an NV index is a PIN Pass Index -// Return Type: BOOL -// TRUE(1) is pin pass -// FALSE(0) is not pin pass -BOOL -NvIsPinPassIndex( - TPM_HANDLE index // IN: Handle to check -); - -#endif // _NV_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h deleted file mode 100644 index 8c9b34e9b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h +++ /dev/null @@ -1,474 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 7, 2019 Time: 06:58:58PM - */ - -#ifndef _NV_DYNAMIC_FP_H_ -#define _NV_DYNAMIC_FP_H_ - -//*** NvWriteNvListEnd() -// Function to write the list terminator. -NV_REF -NvWriteNvListEnd( - NV_REF end -); - -//*** NvUpdateIndexOrderlyData() -// This function is used to cause an update of the orderly data to the NV backing -// store. -void -NvUpdateIndexOrderlyData( - void -); - -//*** NvReadIndex() -// This function is used to read the NV Index NV_INDEX. This is used so that the -// index information can be compressed and only this function would be needed -// to decompress it. Mostly, compression would only be able to save the space -// needed by the policy. -void -NvReadNvIndexInfo( - NV_REF ref, // IN: points to NV where index is located - NV_INDEX *nvIndex // OUT: place to receive index data -); - -//*** NvReadObject() -// This function is used to read a persistent object. This is used so that the -// object information can be compressed and only this function would be needed -// to uncompress it. -void -NvReadObject( - NV_REF ref, // IN: points to NV where index is located - OBJECT *object // OUT: place to receive the object data -); - -//*** NvIndexIsDefined() -// See if an index is already defined -BOOL -NvIndexIsDefined( - TPM_HANDLE nvHandle // IN: Index to look for -); - -//*** NvIsPlatformPersistentHandle() -// This function indicates if a handle references a persistent object in the -// range belonging to the platform. -// Return Type: BOOL -// TRUE(1) handle references a platform persistent object -// and may reference an owner persistent object either -// FALSE(0) handle does not reference platform persistent object -BOOL -NvIsPlatformPersistentHandle( - TPM_HANDLE handle // IN: handle -); - -//*** NvIsOwnerPersistentHandle() -// This function indicates if a handle references a persistent object in the -// range belonging to the owner. -// Return Type: BOOL -// TRUE(1) handle is owner persistent handle -// FALSE(0) handle is not owner persistent handle and may not be -// a persistent handle at all -BOOL -NvIsOwnerPersistentHandle( - TPM_HANDLE handle // IN: handle -); - -//*** NvIndexIsAccessible() -// -// This function validates that a handle references a defined NV Index and -// that the Index is currently accessible. -// Return Type: TPM_RC -// TPM_RC_HANDLE the handle points to an undefined NV Index -// If shEnable is CLEAR, this would include an index -// created using ownerAuth. If phEnableNV is CLEAR, -// this would include and index created using -// platformAuth -// TPM_RC_NV_READLOCKED Index is present but locked for reading and command -// does not write to the index -// TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command -// writes to the index -TPM_RC -NvIndexIsAccessible( - TPMI_RH_NV_INDEX handle // IN: handle -); - -//*** NvGetEvictObject() -// This function is used to dereference an evict object handle and get a pointer -// to the object. -// Return Type: TPM_RC -// TPM_RC_HANDLE the handle does not point to an existing -// persistent object -TPM_RC -NvGetEvictObject( - TPM_HANDLE handle, // IN: handle - OBJECT *object // OUT: object data -); - -//*** NvIndexCacheInit() -// Function to initialize the Index cache -void -NvIndexCacheInit( - void -); - -//*** NvGetIndexData() -// This function is used to access the data in an NV Index. The data is returned -// as a byte sequence. -// -// This function requires that the NV Index be defined, and that the -// required data is within the data range. It also requires that TPMA_NV_WRITTEN -// of the Index is SET. -void -NvGetIndexData( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: offset of NV data - UINT16 size, // IN: number of octets of NV data to read - void *data // OUT: data buffer -); - -//*** NvHashIndexData() -// This function adds Index data to a hash. It does this in parts to avoid large stack -// buffers. -void -NvHashIndexData( - HASH_STATE *hashState, // IN: Initialized hash state - NV_INDEX *nvIndex, // IN: Index - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: starting offset - UINT16 size // IN: amount to hash -); - -//*** NvGetUINT64Data() -// Get data in integer format of a bit or counter NV Index. -// -// This function requires that the NV Index is defined and that the NV Index -// previously has been written. -UINT64 -NvGetUINT64Data( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator // IN: where index exists in NV -); - -//*** NvWriteIndexAttributes() -// This function is used to write just the attributes of an index. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexAttributes( - TPM_HANDLE handle, - NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write -); - -//*** NvWriteIndexAuth() -// This function is used to write the authValue of an index. It is used by -// TPM2_NV_ChangeAuth() -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexAuth( - NV_REF locator, // IN: location of the index - TPM2B_AUTH *authValue // IN: the authValue to write -); - -//*** NvGetIndexInfo() -// This function loads the nvIndex Info into the NV cache and returns a pointer -// to the NV_INDEX. If the returned value is zero, the index was not found. -// The 'locator' parameter, if not NULL, will be set to the offset in NV of the -// Index (the location of the handle of the Index). -// -// This function will set the index cache. If the index is orderly, the attributes -// from RAM are substituted for the attributes in the cached index -NV_INDEX * -NvGetIndexInfo( - TPM_HANDLE nvHandle, // IN: the index handle - NV_REF *locator // OUT: location of the index -); - -//*** NvWriteIndexData() -// This function is used to write NV index data. It is intended to be used to -// update the data associated with the default index. -// -// This function requires that the NV Index is defined, and the data is -// within the defined data range for the index. -// -// Index data is only written due to a command that modifies the data in a single -// index. There is no case where changes are made to multiple indexes data at the -// same time. Multiple attributes may be change but not multiple index data. This -// is important because we will normally be handling the index for which we have -// the cached pointer values. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexData( - NV_INDEX *nvIndex, // IN: the description of the index - UINT32 offset, // IN: offset of NV data - UINT32 size, // IN: size of NV data - void *data // IN: data buffer -); - -//*** NvWriteUINT64Data() -// This function to write back a UINT64 value. The various UINT64 values (bits, -// counters, and PINs) are kept in canonical format but manipulate in native -// format. This takes a native format value converts it and saves it back as -// in canonical format. -// -// This function will return the value from NV or RAM depending on the type of the -// index (orderly or not) -// -TPM_RC -NvWriteUINT64Data( - NV_INDEX *nvIndex, // IN: the description of the index - UINT64 intValue // IN: the value to write -); - -//*** NvGetIndexName() -// This function computes the Name of an index -// The 'name' buffer receives the bytes of the Name and the return value -// is the number of octets in the Name. -// -// This function requires that the NV Index is defined. -TPM2B_NAME * -NvGetIndexName( - NV_INDEX *nvIndex, // IN: the index over which the name is to be - // computed - TPM2B_NAME *name // OUT: name of the index -); - -//*** NvGetNameByIndexHandle() -// This function is used to compute the Name of an NV Index referenced by handle. -// -// The 'name' buffer receives the bytes of the Name and the return value -// is the number of octets in the Name. -// -// This function requires that the NV Index is defined. -TPM2B_NAME * -NvGetNameByIndexHandle( - TPMI_RH_NV_INDEX handle, // IN: handle of the index - TPM2B_NAME *name // OUT: name of the index -); - -//*** NvDefineIndex() -// This function is used to assign NV memory to an NV Index. -// -// Return Type: TPM_RC -// TPM_RC_NV_SPACE insufficient NV space -TPM_RC -NvDefineIndex( - TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. - TPM2B_AUTH *authValue // IN: The initial authorization value -); - -//*** NvAddEvictObject() -// This function is used to assign NV memory to a persistent object. -// Return Type: TPM_RC -// TPM_RC_NV_HANDLE the requested handle is already in use -// TPM_RC_NV_SPACE insufficient NV space -TPM_RC -NvAddEvictObject( - TPMI_DH_OBJECT evictHandle, // IN: new evict handle - OBJECT *object // IN: object to be added -); - -//*** NvDeleteIndex() -// This function is used to delete an NV Index. -// Return Type: TPM_RC -// TPM_RC_NV_UNAVAILABLE NV is not accessible -// TPM_RC_NV_RATE NV is rate limiting -TPM_RC -NvDeleteIndex( - NV_INDEX *nvIndex, // IN: an in RAM index descriptor - NV_REF entityAddr // IN: location in NV -); - -TPM_RC -NvDeleteEvict( - TPM_HANDLE handle // IN: handle of entity to be deleted -); - -//*** NvFlushHierarchy() -// This function will delete persistent objects belonging to the indicated hierarchy. -// If the storage hierarchy is selected, the function will also delete any -// NV Index defined using ownerAuth. -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -TPM_RC -NvFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. -); - -//*** NvSetGlobalLock() -// This function is used to SET the TPMA_NV_WRITELOCKED attribute for all -// NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by -// TPM2_NV_GlobalWriteLock(). -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -TPM_RC -NvSetGlobalLock( - void -); - -//*** NvCapGetPersistent() -// This function is used to get a list of handles of the persistent objects, -// starting at 'handle'. -// -// 'Handle' must be in valid persistent object handle range, but does not -// have to reference an existing persistent object. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -NvCapGetPersistent( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: maximum number of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** NvCapGetIndex() -// This function returns a list of handles of NV indexes, starting from 'handle'. -// 'Handle' must be in the range of NV indexes, but does not have to reference -// an existing NV Index. -// Return Type: TPMI_YES_NO -// YES if there are more handles to report -// NO all the available handles has been reported -TPMI_YES_NO -NvCapGetIndex( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: max number of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** NvCapGetIndexNumber() -// This function returns the count of NV Indexes currently defined. -UINT32 -NvCapGetIndexNumber( - void -); - -//*** NvCapGetPersistentNumber() -// Function returns the count of persistent objects currently in NV memory. -UINT32 -NvCapGetPersistentNumber( - void -); - -//*** NvCapGetPersistentAvail() -// This function returns an estimate of the number of additional persistent -// objects that could be loaded into NV memory. -UINT32 -NvCapGetPersistentAvail( - void -); - -//*** NvCapGetCounterNumber() -// Get the number of defined NV Indexes that are counter indexes. -UINT32 -NvCapGetCounterNumber( - void -); - -//*** NvEntityStartup() -// This function is called at TPM_Startup(). If the startup completes -// a TPM Resume cycle, no action is taken. If the startup is a TPM Reset -// or a TPM Restart, then this function will: -// 1. clear read/write lock; -// 2. reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and -// 3. set the lower bits in orderly counters to 1 for a non-orderly startup -// -// It is a prerequisite that NV be available for writing before this -// function is called. -BOOL -NvEntityStartup( - STARTUP_TYPE type // IN: start up type -); - -//*** NvCapGetCounterAvail() -// This function returns an estimate of the number of additional counter type -// NV indexes that can be defined. -UINT32 -NvCapGetCounterAvail( - void -); - -//*** NvFindHandle() -// this function returns the offset in NV memory of the entity associated -// with the input handle. A value of zero indicates that handle does not -// exist reference an existing persistent object or defined NV Index. -NV_REF -NvFindHandle( - TPM_HANDLE handle -); - -//*** NvReadMaxCount() -// This function returns the max NV counter value. -// -UINT64 -NvReadMaxCount( - void -); - -//*** NvUpdateMaxCount() -// This function updates the max counter value to NV memory. This is just staging -// for the actual write that will occur when the NV index memory is modified. -// -void -NvUpdateMaxCount( - UINT64 count -); - -//*** NvSetMaxCount() -// This function is used at NV initialization time to set the initial value of -// the maximum counter. -void -NvSetMaxCount( - UINT64 value -); - -//*** NvGetMaxCount() -// Function to get the NV max counter value from the end-of-list marker -UINT64 -NvGetMaxCount( - void -); - -#endif // _NV_DYNAMIC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h deleted file mode 100644 index 5d912abea..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h +++ /dev/null @@ -1,130 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _NV_RESERVED_FP_H_ -#define _NV_RESERVED_FP_H_ - -//*** NvCheckState() -// Function to check the NV state by accessing the platform-specific function -// to get the NV state. The result state is registered in s_NvIsAvailable -// that will be reported by NvIsAvailable. -// -// This function is called at the beginning of ExecuteCommand before any potential -// check of g_NvStatus. -void -NvCheckState( - void -); - -//*** NvCommit -// This is a wrapper for the platform function to commit pending NV writes. -BOOL -NvCommit( - void -); - -//*** NvPowerOn() -// This function is called at _TPM_Init to initialize the NV environment. -// Return Type: BOOL -// TRUE(1) all NV was initialized -// FALSE(0) the NV containing saved state had an error and -// TPM2_Startup(CLEAR) is required -BOOL -NvPowerOn( - void -); - -//*** NvManufacture() -// This function initializes the NV system at pre-install time. -// -// This function should only be called in a manufacturing environment or in a -// simulation. -// -// The layout of NV memory space is an implementation choice. -void -NvManufacture( - void -); - -//*** NvRead() -// This function is used to move reserved data from NV memory to RAM. -void -NvRead( - void *outBuffer, // OUT: buffer to receive data - UINT32 nvOffset, // IN: offset in NV of value - UINT32 size // IN: size of the value to read -); - -//*** NvWrite() -// This function is used to post reserved data for writing to NV memory. Before -// the TPM completes the operation, the value will be written. -BOOL -NvWrite( - UINT32 nvOffset, // IN: location in NV to receive data - UINT32 size, // IN: size of the data to move - void *inBuffer // IN: location containing data to write -); - -//*** NvUpdatePersistent() -// This function is used to update a value in the PERSISTENT_DATA structure and -// commits the value to NV. -void -NvUpdatePersistent( - UINT32 offset, // IN: location in PERMANENT_DATA to be updated - UINT32 size, // IN: size of the value - void *buffer // IN: the new data -); - -//*** NvClearPersistent() -// This function is used to clear a persistent data entry and commit it to NV -void -NvClearPersistent( - UINT32 offset, // IN: the offset in the PERMANENT_DATA - // structure to be cleared (zeroed) - UINT32 size // IN: number of bytes to clear -); - -//*** NvReadPersistent() -// This function reads persistent data to the RAM copy of the 'gp' structure. -void -NvReadPersistent( - void -); - -#endif // _NV_RESERVED_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h deleted file mode 100644 index 6e8b6f8ca..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ObjectChangeAuth // Command must be enabled - -#ifndef _Object_Change_Auth_FP_H_ -#define _Object_Change_Auth_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT parentHandle; - TPM2B_AUTH newAuth; -} ObjectChangeAuth_In; - -// Output structure definition -typedef struct { - TPM2B_PRIVATE outPrivate; -} ObjectChangeAuth_Out; - -// Response code modifiers -#define RC_ObjectChangeAuth_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_ObjectChangeAuth_parentHandle (TPM_RC_H + TPM_RC_2) -#define RC_ObjectChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ObjectChangeAuth( - ObjectChangeAuth_In *in, - ObjectChangeAuth_Out *out -); - -#endif // _Object_Change_Auth_FP_H_ -#endif // CC_ObjectChangeAuth diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h deleted file mode 100644 index 9574ab6c7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h +++ /dev/null @@ -1,355 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _OBJECT_FP_H_ -#define _OBJECT_FP_H_ - -//*** ObjectFlush() -// This function marks an object slot as available. -// Since there is no checking of the input parameters, it should be used -// judiciously. -// Note: This could be converted to a macro. -void -ObjectFlush( - OBJECT *object -); - -//*** ObjectSetInUse() -// This access function sets the occupied attribute of an object slot. -void -ObjectSetInUse( - OBJECT *object -); - -//*** ObjectStartup() -// This function is called at TPM2_Startup() to initialize the object subsystem. -BOOL -ObjectStartup( - void -); - -//*** ObjectCleanupEvict() -// -// In this implementation, a persistent object is moved from NV into an object slot -// for processing. It is flushed after command execution. This function is called -// from ExecuteCommand(). -void -ObjectCleanupEvict( - void -); - -//*** IsObjectPresent() -// This function checks to see if a transient handle references a loaded -// object. This routine should not be called if the handle is not a -// transient handle. The function validates that the handle is in the -// implementation-dependent allowed in range for loaded transient objects. -// Return Type: BOOL -// TRUE(1) handle references a loaded object -// FALSE(0) handle is not an object handle, or it does not -// reference to a loaded object -BOOL -IsObjectPresent( - TPMI_DH_OBJECT handle // IN: handle to be checked -); - -//*** ObjectIsSequence() -// This function is used to check if the object is a sequence object. This function -// should not be called if the handle does not reference a loaded object. -// Return Type: BOOL -// TRUE(1) object is an HMAC, hash, or event sequence object -// FALSE(0) object is not an HMAC, hash, or event sequence object -BOOL -ObjectIsSequence( - OBJECT *object // IN: handle to be checked -); - -//*** HandleToObject() -// This function is used to find the object structure associated with a handle. -// -// This function requires that 'handle' references a loaded object or a permanent -// handle. -OBJECT* -HandleToObject( - TPMI_DH_OBJECT handle // IN: handle of the object -); - -//*** GetQualifiedName() -// This function returns the Qualified Name of the object. In this implementation, -// the Qualified Name is computed when the object is loaded and is saved in the -// internal representation of the object. The alternative would be to retain the -// Name of the parent and compute the QN when needed. This would take the same -// amount of space so it is not recommended that the alternate be used. -// -// This function requires that 'handle' references a loaded object. -void -GetQualifiedName( - TPMI_DH_OBJECT handle, // IN: handle of the object - TPM2B_NAME *qualifiedName // OUT: qualified name of the object -); - -//*** ObjectGetHierarchy() -// This function returns the handle for the hierarchy of an object. -TPMI_RH_HIERARCHY -ObjectGetHierarchy( - OBJECT *object // IN :object -); - -//*** GetHeriarchy() -// This function returns the handle of the hierarchy to which a handle belongs. -// This function is similar to ObjectGetHierarchy() but this routine takes -// a handle but ObjectGetHierarchy() takes an pointer to an object. -// -// This function requires that 'handle' references a loaded object. -TPMI_RH_HIERARCHY -GetHeriarchy( - TPMI_DH_OBJECT handle // IN :object handle -); - -//*** FindEmptyObjectSlot() -// This function finds an open object slot, if any. It will clear the attributes -// but will not set the occupied attribute. This is so that a slot may be used -// and discarded if everything does not go as planned. -// Return Type: OBJECT * -// NULL no open slot found -// != NULL pointer to available slot -OBJECT * -FindEmptyObjectSlot( - TPMI_DH_OBJECT *handle // OUT: (optional) -); - -//*** ObjectAllocateSlot() -// This function is used to allocate a slot in internal object array. -OBJECT * -ObjectAllocateSlot( - TPMI_DH_OBJECT *handle // OUT: handle of allocated object -); - -//*** ObjectSetLoadedAttributes() -// This function sets the internal attributes for a loaded object. It is called to -// finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded -// object. -void -ObjectSetLoadedAttributes( - OBJECT *object, // IN: object attributes to finalize - TPM_HANDLE parentHandle // IN: the parent handle -); - -//*** ObjectLoad() -// Common function to load an object. A loaded object has its public area validated -// (unless its 'nameAlg' is TPM_ALG_NULL). If a sensitive part is loaded, it is -// verified to be correct and if both public and sensitive parts are loaded, then -// the cryptographic binding between the objects is validated. This function does -// not cause the allocated slot to be marked as in use. -TPM_RC -ObjectLoad( - OBJECT *object, // IN: pointer to object slot - // object - OBJECT *parent, // IN: (optional) the parent object - TPMT_PUBLIC *publicArea, // IN: public area to be installed in the object - TPMT_SENSITIVE *sensitive, // IN: (optional) sensitive area to be - // installed in the object - TPM_RC blamePublic, // IN: parameter number to associate with the - // publicArea errors - TPM_RC blameSensitive,// IN: parameter number to associate with the - // sensitive area errors - TPM2B_NAME *name // IN: (optional) -); - -#if CC_HMAC_Start || CC_MAC_Start -//*** ObjectCreateHMACSequence() -// This function creates an internal HMAC sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateHMACSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - OBJECT *keyObject, // IN: the object containing the HMAC key - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle -); -#endif - -//*** ObjectCreateHashSequence() -// This function creates a hash sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateHashSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: sequence object handle -); - -//*** ObjectCreateEventSequence() -// This function creates an event sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateEventSequence( - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: sequence object handle -); - -//*** ObjectTerminateEvent() -// This function is called to close out the event sequence and clean up the hash -// context states. -void -ObjectTerminateEvent( - void -); - -//*** ObjectContextLoad() -// This function loads an object from a saved object context. -// Return Type: OBJECT * -// NULL if there is no free slot for an object -// != NULL points to the loaded object -OBJECT * -ObjectContextLoad( - ANY_OBJECT_BUFFER *object, // IN: pointer to object structure in saved - // context - TPMI_DH_OBJECT *handle // OUT: object handle -); - -//*** FlushObject() -// This function frees an object slot. -// -// This function requires that the object is loaded. -void -FlushObject( - TPMI_DH_OBJECT handle // IN: handle to be freed -); - -//*** ObjectFlushHierarchy() -// This function is called to flush all the loaded transient objects associated -// with a hierarchy when the hierarchy is disabled. -void -ObjectFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush -); - -//*** ObjectLoadEvict() -// This function loads a persistent object into a transient object slot. -// -// This function requires that 'handle' is associated with a persistent object. -// Return Type: TPM_RC -// TPM_RC_HANDLE the persistent object does not exist -// or the associated hierarchy is disabled. -// TPM_RC_OBJECT_MEMORY no object slot -TPM_RC -ObjectLoadEvict( - TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it - // will be replace by the loaded object handle - COMMAND_INDEX commandIndex // IN: the command being processed -); - -//*** ObjectComputeName() -// This does the name computation from a public area (can be marshaled or not). -TPM2B_NAME * -ObjectComputeName( - UINT32 size, // IN: the size of the area to digest - BYTE *publicArea, // IN: the public area to digest - TPM_ALG_ID nameAlg, // IN: the hash algorithm to use - TPM2B_NAME *name // OUT: Computed name -); - -//*** PublicMarshalAndComputeName() -// This function computes the Name of an object from its public area. -TPM2B_NAME * -PublicMarshalAndComputeName( - TPMT_PUBLIC *publicArea, // IN: public area of an object - TPM2B_NAME *name // OUT: name of the object -); - -//*** ComputeQualifiedName() -// This function computes the qualified name of an object. -void -ComputeQualifiedName( - TPM_HANDLE parentHandle, // IN: parent's handle - TPM_ALG_ID nameAlg, // IN: name hash - TPM2B_NAME *name, // IN: name of the object - TPM2B_NAME *qualifiedName // OUT: qualified name of the object -); - -//*** ObjectIsStorage() -// This function determines if an object has the attributes associated -// with a parent. A parent is an asymmetric or symmetric block cipher key -// that has its 'restricted' and 'decrypt' attributes SET, and 'sign' CLEAR. -// Return Type: BOOL -// TRUE(1) object is a storage key -// FALSE(0) object is not a storage key -BOOL -ObjectIsStorage( - TPMI_DH_OBJECT handle // IN: object handle -); - -//*** ObjectCapGetLoaded() -// This function returns a a list of handles of loaded object, starting from -// 'handle'. 'Handle' must be in the range of valid transient object handles, -// but does not have to be the handle of a loaded transient object. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -ObjectCapGetLoaded( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** ObjectCapGetTransientAvail() -// This function returns an estimate of the number of additional transient -// objects that could be loaded into the TPM. -UINT32 -ObjectCapGetTransientAvail( - void -); - -//*** ObjectGetPublicAttributes() -// Returns the attributes associated with an object handles. -TPMA_OBJECT -ObjectGetPublicAttributes( - TPM_HANDLE handle -); - -OBJECT_ATTRIBUTES -ObjectGetProperties( - TPM_HANDLE handle -); - -#endif // _OBJECT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h deleted file mode 100644 index 3dbd2e3ec..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h +++ /dev/null @@ -1,393 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _OBJECT_SPT_FP_H_ -#define _OBJECT_SPT_FP_H_ - -//*** AdjustAuthSize() -// This function will validate that the input authValue is no larger than the -// digestSize for the nameAlg. It will then pad with zeros to the size of the -// digest. -BOOL -AdjustAuthSize( - TPM2B_AUTH *auth, // IN/OUT: value to adjust - TPMI_ALG_HASH nameAlg // IN: -); - -//*** AreAttributesForParent() -// This function is called by create, load, and import functions. -// Note: The 'isParent' attribute is SET when an object is loaded and it has -// attributes that are suitable for a parent object. -// Return Type: BOOL -// TRUE(1) properties are those of a parent -// FALSE(0) properties are not those of a parent -BOOL -ObjectIsParent( - OBJECT *parentObject // IN: parent handle -); - -//*** CreateChecks() -// Attribute checks that are unique to creation. -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the -// object type -// other returns from PublicAttributesValidation() -TPM_RC -CreateChecks( - OBJECT *parentObject, - TPMT_PUBLIC *publicArea, - UINT16 sensitiveDataSize -); - -//*** SchemeChecks -// This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). -// This function validates the schemes in the public area of an object. -// Return Type: TPM_RC -// TPM_RC_HASH non-duplicable storage key and its parent have different -// name algorithm -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object -// TPM_RC_KEY invalid key size values in an asymmetric key public area -// TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted' -// and key's scheme ID; or hash algorithm is inconsistent -// with the scheme ID for keyed hash object -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or -// non-storage key with symmetric algorithm different from -// ALG_NULL -TPM_RC -SchemeChecks( - OBJECT *parentObject, // IN: parent (null if primary seed) - TPMT_PUBLIC *publicArea // IN: public area of the object -); - -//*** PublicAttributesValidation() -// This function validates the values in the public area of an object. -// This function is used in the processing of TPM2_Create, TPM2_CreatePrimary, -// TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal(). -// For TPM2_Import() this is only used if the new parent has fixedTPM SET. For -// TPM2_LoadExternal(), this is not used for a public-only key -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication' -// attributes are inconsistent between themselves or with -// those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes; -// attempt to inject sensitive data for an asymmetric key; -// attempt to create a symmetric cipher key that is not -// a decryption key -// TPM_RC_HASH nameAlg is TPM_ALG_NULL -// TPM_RC_SIZE 'authPolicy' size does not match digest size of the name -// algorithm in 'publicArea' -// other returns from SchemeChecks() -TPM_RC -PublicAttributesValidation( - OBJECT *parentObject, // IN: input parent object - TPMT_PUBLIC *publicArea // IN: public area of the object -); - -//*** FillInCreationData() -// Fill in creation data for an object. -// Return Type: void -void -FillInCreationData( - TPMI_DH_OBJECT parentHandle, // IN: handle of parent - TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm - TPML_PCR_SELECTION *creationPCR, // IN: PCR selection - TPM2B_DATA *outsideData, // IN: outside data - TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output - TPM2B_DIGEST *creationDigest // OUT: creation digest -); - -//*** GetSeedForKDF() -// Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. -const TPM2B * -GetSeedForKDF( - OBJECT *protector // IN: the protector handle -); - -//*** ProduceOuterWrap() -// This function produce outer wrap for a buffer containing the sensitive data. -// It requires the sensitive data being marshaled to the outerBuffer, with the -// leading bytes reserved for integrity hash. If iv is used, iv space should -// be reserved at the beginning of the buffer. It assumes the sensitive data -// starts at address (outerBuffer + integrity size @). -// This function performs: -// 1. Add IV before sensitive area if required -// 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise, -// encrypted by a NULL iv -// 3. add HMAC integrity at the beginning of the buffer -// It returns the total size of blob with outer wrap -UINT16 -ProduceOuterWrap( - OBJECT *protector, // IN: The handle of the object that provides - // protection. For object, it is parent - // handle. For credential, it is the handle - // of encrypt object. - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B *seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - BOOL useIV, // IN: indicate if an IV is used - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size or the - // optional iv size - BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in - // it -); - -//*** UnwrapOuter() -// This function remove the outer wrap of a blob containing sensitive data -// This function performs: -// 1. check integrity of outer blob -// 2. decrypt outer blob -// -// Return Type: TPM_RC -// TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling -// TPM_RCS_INTEGRITY sensitive data integrity is broken -// TPM_RCS_SIZE error during sensitive data unmarshaling -// TPM_RCS_VALUE IV size for CFB does not match the encryption -// algorithm block size -TPM_RC -UnwrapOuter( - OBJECT *protector, // IN: The object that provides - // protection. For object, it is parent - // handle. For credential, it is the - // encrypt object. - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B *seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL. - BOOL useIV, // IN: indicates if an IV is used - UINT16 dataSize, // IN: size of sensitive data in outerBuffer, - // including the leading integrity buffer - // size, and an optional iv area - BYTE *outerBuffer // IN/OUT: sensitive data -); - -//*** SensitiveToPrivate() -// This function prepare the private blob for off the chip storage -// The operations in this function: -// 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE -// 2. apply encryption to the sensitive area. -// 3. apply outer integrity computation. -void -SensitiveToPrivate( - TPMT_SENSITIVE *sensitive, // IN: sensitive structure - TPM2B_NAME *name, // IN: the name of the object - OBJECT *parent, // IN: The parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This - // parameter is used when parentHandle is - // NULL, in which case the object is - // temporary. - TPM2B_PRIVATE *outPrivate // OUT: output private structure -); - -//*** PrivateToSensitive() -// Unwrap a input private area. Check the integrity, decrypt and retrieve data -// to a sensitive structure. -// The operations in this function: -// 1. check the integrity HMAC of the input private area -// 2. decrypt the private buffer -// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE -// Return Type: TPM_RC -// TPM_RCS_INTEGRITY if the private area integrity is bad -// TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT -// from input private -// TPM_RCS_SIZE error during sensitive data unmarshaling -// TPM_RCS_VALUE outer wrapper does not have an iV of the correct -// size -TPM_RC -PrivateToSensitive( - TPM2B *inPrivate, // IN: input private structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is - // passed separately because we only pass - // name, rather than the whole public area - // of the object. This parameter is used in - // the following two cases: 1. primary - // objects. 2. duplication blob with inner - // wrap. In other cases, this parameter - // will be ignored - TPMT_SENSITIVE *sensitive // OUT: sensitive structure -); - -//*** SensitiveToDuplicate() -// This function prepare the duplication blob from the sensitive area. -// The operations in this function: -// 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE -// 2. apply inner wrap to the sensitive area if required -// 3. apply outer wrap if required -void -SensitiveToDuplicate( - TPMT_SENSITIVE *sensitive, // IN: sensitive structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: The new parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It - // is passed separately because we - // only pass name, rather than the - // whole public area of the object. - TPM2B *seed, // IN: the external seed. If external - // seed is provided with size of 0, - // no outer wrap should be applied - // to duplication blob. - TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap should be applied. - TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be - // provided to encrypt the inner - // wrap of a duplication blob. May - // be generated here if needed. - TPM2B_PRIVATE *outPrivate // OUT: output private structure -); - -//*** DuplicateToSensitive() -// Unwrap a duplication blob. Check the integrity, decrypt and retrieve data -// to a sensitive structure. -// The operations in this function: -// 1. check the integrity HMAC of the input private area -// 2. decrypt the private buffer -// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE -// -// Return Type: TPM_RC -// TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed -// TPM_RC_INTEGRITY 'inPrivate' data integrity is broken -// TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed -TPM_RC -DuplicateToSensitive( - TPM2B *inPrivate, // IN: input private structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: the parent - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. - TPM2B *seed, // IN: an external seed may be provided. - // If external seed is provided with - // size of 0, no outer wrap is - // applied - TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap is applied - TPM2B *innerSymKey, // IN: a symmetric key may be provided - // to decrypt the inner wrap of a - // duplication blob. - TPMT_SENSITIVE *sensitive // OUT: sensitive structure -); - -//*** SecretToCredential() -// This function prepare the credential blob from a secret (a TPM2B_DIGEST) -// The operations in this function: -// 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT -// 2. encrypt the private buffer, excluding the leading integrity HMAC area -// 3. compute integrity HMAC and append to the beginning of the buffer. -// 4. Set the total size of TPM2B_ID_OBJECT buffer -void -SecretToCredential( - TPM2B_DIGEST *secret, // IN: secret information - TPM2B *name, // IN: the name of the object - TPM2B *seed, // IN: an external seed. - OBJECT *protector, // IN: the protector - TPM2B_ID_OBJECT *outIDObject // OUT: output credential -); - -//*** CredentialToSecret() -// Unwrap a credential. Check the integrity, decrypt and retrieve data -// to a TPM2B_DIGEST structure. -// The operations in this function: -// 1. check the integrity HMAC of the input credential area -// 2. decrypt the credential buffer -// 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST -// -// Return Type: TPM_RC -// TPM_RC_INSUFFICIENT error during credential unmarshaling -// TPM_RC_INTEGRITY credential integrity is broken -// TPM_RC_SIZE error during credential unmarshaling -// TPM_RC_VALUE IV size does not match the encryption algorithm -// block size -TPM_RC -CredentialToSecret( - TPM2B *inIDObject, // IN: input credential blob - TPM2B *name, // IN: the name of the object - TPM2B *seed, // IN: an external seed. - OBJECT *protector, // IN: the protector - TPM2B_DIGEST *secret // OUT: secret information -); - -//*** MemoryRemoveTrailingZeros() -// This function is used to adjust the length of an authorization value. -// It adjusts the size of the TPM2B so that it does not include octets -// at the end of the buffer that contain zero. -// The function returns the number of non-zero octets in the buffer. -UINT16 -MemoryRemoveTrailingZeros( - TPM2B_AUTH *auth // IN/OUT: value to adjust -); - -//*** SetLabelAndContext() -// This function sets the label and context for a derived key. It is possible -// that 'label' or 'context' can end up being an Empty Buffer. -TPM_RC -SetLabelAndContext( - TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and - // context - TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data -); - -//*** UnmarshalToPublic() -// Support function to unmarshal the template. This is used because the -// Input may be a TPMT_TEMPLATE and that structure does not have the same -// size as a TPMT_PUBLIC because of the difference between the 'unique' and -// 'seed' fields. -// If 'derive' is not NULL, then the 'seed' field is assumed to contain -// a 'label' and 'context' that are unmarshaled into 'derive'. -TPM_RC -UnmarshalToPublic( - TPMT_PUBLIC *tOut, // OUT: output - TPM2B_TEMPLATE *tIn, // IN: - BOOL derivation, // IN: indicates if this is for a derivation - TPMS_DERIVE *labelContext// OUT: label and context if derivation -); - -//*** ObjectSetExternal() -// Set the external attributes for an object. -void -ObjectSetExternal( - OBJECT *object -); - -#endif // _OBJECT_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h deleted file mode 100644 index 0af3dae51..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Allocate // Command must be enabled - -#ifndef _PCR_Allocate_FP_H_ -#define _PCR_Allocate_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; - TPML_PCR_SELECTION pcrAllocation; -} PCR_Allocate_In; - -// Output structure definition -typedef struct { - TPMI_YES_NO allocationSuccess; - UINT32 maxPCR; - UINT32 sizeNeeded; - UINT32 sizeAvailable; -} PCR_Allocate_Out; - -// Response code modifiers -#define RC_PCR_Allocate_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Allocate_pcrAllocation (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Allocate( - PCR_Allocate_In *in, - PCR_Allocate_Out *out -); - -#endif // _PCR_Allocate_FP_H_ -#endif // CC_PCR_Allocate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h deleted file mode 100644 index 33e3fc341..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Event // Command must be enabled - -#ifndef _PCR_Event_FP_H_ -#define _PCR_Event_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; - TPM2B_EVENT eventData; -} PCR_Event_In; - -// Output structure definition -typedef struct { - TPML_DIGEST_VALUES digests; -} PCR_Event_Out; - -// Response code modifiers -#define RC_PCR_Event_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Event_eventData (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Event( - PCR_Event_In *in, - PCR_Event_Out *out -); - -#endif // _PCR_Event_FP_H_ -#endif // CC_PCR_Event diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h deleted file mode 100644 index cc9e6a924..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Extend // Command must be enabled - -#ifndef _PCR_Extend_FP_H_ -#define _PCR_Extend_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; - TPML_DIGEST_VALUES digests; -} PCR_Extend_In; - -// Response code modifiers -#define RC_PCR_Extend_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Extend_digests (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Extend( - PCR_Extend_In *in -); - -#endif // _PCR_Extend_FP_H_ -#endif // CC_PCR_Extend diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h deleted file mode 100644 index 5a72fab5f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Read // Command must be enabled - -#ifndef _PCR_Read_FP_H_ -#define _PCR_Read_FP_H_ - -// Input structure definition -typedef struct { - TPML_PCR_SELECTION pcrSelectionIn; -} PCR_Read_In; - -// Output structure definition -typedef struct { - UINT32 pcrUpdateCounter; - TPML_PCR_SELECTION pcrSelectionOut; - TPML_DIGEST pcrValues; -} PCR_Read_Out; - -// Response code modifiers -#define RC_PCR_Read_pcrSelectionIn (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Read( - PCR_Read_In *in, - PCR_Read_Out *out -); - -#endif // _PCR_Read_FP_H_ -#endif // CC_PCR_Read diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h deleted file mode 100644 index e47433f57..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_Reset // Command must be enabled - -#ifndef _PCR_Reset_FP_H_ -#define _PCR_Reset_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; -} PCR_Reset_In; - -// Response code modifiers -#define RC_PCR_Reset_pcrHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_Reset( - PCR_Reset_In *in -); - -#endif // _PCR_Reset_FP_H_ -#endif // CC_PCR_Reset diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h deleted file mode 100644 index 8cf671c45..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_SetAuthPolicy // Command must be enabled - -#ifndef _PCR_Set_Auth_Policy_FP_H_ -#define _PCR_Set_Auth_Policy_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; - TPM2B_DIGEST authPolicy; - TPMI_ALG_HASH hashAlg; - TPMI_DH_PCR pcrNum; -} PCR_SetAuthPolicy_In; - -// Response code modifiers -#define RC_PCR_SetAuthPolicy_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1) -#define RC_PCR_SetAuthPolicy_hashAlg (TPM_RC_P + TPM_RC_2) -#define RC_PCR_SetAuthPolicy_pcrNum (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PCR_SetAuthPolicy( - PCR_SetAuthPolicy_In *in -); - -#endif // _PCR_Set_Auth_Policy_FP_H_ -#endif // CC_PCR_SetAuthPolicy diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h deleted file mode 100644 index 30d3db5d4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PCR_SetAuthValue // Command must be enabled - -#ifndef _PCR_Set_Auth_Value_FP_H_ -#define _PCR_Set_Auth_Value_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_PCR pcrHandle; - TPM2B_DIGEST auth; -} PCR_SetAuthValue_In; - -// Response code modifiers -#define RC_PCR_SetAuthValue_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_SetAuthValue_auth (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PCR_SetAuthValue( - PCR_SetAuthValue_In *in -); - -#endif // _PCR_Set_Auth_Value_FP_H_ -#endif // CC_PCR_SetAuthValue diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h deleted file mode 100644 index 002607bf1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h +++ /dev/null @@ -1,318 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _PCR_FP_H_ -#define _PCR_FP_H_ - -//*** PCRBelongsAuthGroup() -// This function indicates if a PCR belongs to a group that requires an authValue -// in order to modify the PCR. If it does, 'groupIndex' is set to value of -// the group index. This feature of PCR is decided by the platform specification. -// Return Type: BOOL -// TRUE(1) PCR belongs an authorization group -// FALSE(0) PCR does not belong an authorization group -BOOL -PCRBelongsAuthGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32 *groupIndex // OUT: group index if PCR belongs a - // group that allows authValue. If PCR - // does not belong to an authorization - // group, the value in this parameter is - // invalid -); - -//*** PCRBelongsPolicyGroup() -// This function indicates if a PCR belongs to a group that requires a policy -// authorization in order to modify the PCR. If it does, 'groupIndex' is set -// to value of the group index. This feature of PCR is decided by the platform -// specification. -// Return Type: BOOL -// TRUE(1) PCR belongs a policy group -// FALSE(0) PCR does not belong a policy group -BOOL -PCRBelongsPolicyGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32 *groupIndex // OUT: group index if PCR belongs a group that - // allows policy. If PCR does not belong to - // a policy group, the value in this - // parameter is invalid -); - -//*** PCRPolicyIsAvailable() -// This function indicates if a policy is available for a PCR. -// Return Type: BOOL -// TRUE(1) the PCR should be authorized by policy -// FALSE(0) the PCR does not allow policy -BOOL -PCRPolicyIsAvailable( - TPMI_DH_PCR handle // IN: PCR handle -); - -//*** PCRGetAuthValue() -// This function is used to access the authValue of a PCR. If PCR does not -// belong to an authValue group, an EmptyAuth will be returned. -TPM2B_AUTH * -PCRGetAuthValue( - TPMI_DH_PCR handle // IN: PCR handle -); - -//*** PCRGetAuthPolicy() -// This function is used to access the authorization policy of a PCR. It sets -// 'policy' to the authorization policy and returns the hash algorithm for policy -// If the PCR does not allow a policy, TPM_ALG_NULL is returned. -TPMI_ALG_HASH -PCRGetAuthPolicy( - TPMI_DH_PCR handle, // IN: PCR handle - TPM2B_DIGEST *policy // OUT: policy of PCR -); - -//*** PCRSimStart() -// This function is used to initialize the policies when a TPM is manufactured. -// This function would only be called in a manufacturing environment or in -// a TPM simulator. -void -PCRSimStart( - void -); - -//*** PcrIsAllocated() -// This function indicates if a PCR number for the particular hash algorithm -// is allocated. -// Return Type: BOOL -// TRUE(1) PCR is allocated -// FALSE(0) PCR is not allocated -BOOL -PcrIsAllocated( - UINT32 pcr, // IN: The number of the PCR - TPMI_ALG_HASH hashAlg // IN: The PCR algorithm -); - -//*** PcrDrtm() -// This function does the DRTM and H-CRTM processing it is called from -// _TPM_Hash_End. -void -PcrDrtm( - const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be - // modified - const TPMI_ALG_HASH hash, // IN: the bank identifier - const TPM2B_DIGEST *digest // IN: the digest to modify the PCR -); - -//*** PCR_ClearAuth() -// This function is used to reset the PCR authorization values. It is called -// on TPM2_Startup(CLEAR) and TPM2_Clear(). -void -PCR_ClearAuth( - void -); - -//*** PCRStartup() -// This function initializes the PCR subsystem at TPM2_Startup(). -BOOL -PCRStartup( - STARTUP_TYPE type, // IN: startup type - BYTE locality // IN: startup locality -); - -//*** PCRStateSave() -// This function is used to save the PCR values that will be restored on TPM Resume. -void -PCRStateSave( - TPM_SU type // IN: startup type -); - -//*** PCRIsStateSaved() -// This function indicates if the selected PCR is a PCR that is state saved -// on TPM2_Shutdown(STATE). The return value is based on PCR attributes. -// Return Type: BOOL -// TRUE(1) PCR is state saved -// FALSE(0) PCR is not state saved -BOOL -PCRIsStateSaved( - TPMI_DH_PCR handle // IN: PCR handle to be extended -); - -//*** PCRIsResetAllowed() -// This function indicates if a PCR may be reset by the current command locality. -// The return value is based on PCR attributes, and not the PCR allocation. -// Return Type: BOOL -// TRUE(1) TPM2_PCR_Reset is allowed -// FALSE(0) TPM2_PCR_Reset is not allowed -BOOL -PCRIsResetAllowed( - TPMI_DH_PCR handle // IN: PCR handle to be extended -); - -//*** PCRChanged() -// This function checks a PCR handle to see if the attributes for the PCR are set -// so that any change to the PCR causes an increment of the pcrCounter. If it does, -// then the function increments the counter. Will also bump the counter if the -// handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero -// is used by TPM2_Clear(). -void -PCRChanged( - TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. -); - -//*** PCRIsExtendAllowed() -// This function indicates a PCR may be extended at the current command locality. -// The return value is based on PCR attributes, and not the PCR allocation. -// Return Type: BOOL -// TRUE(1) extend is allowed -// FALSE(0) extend is not allowed -BOOL -PCRIsExtendAllowed( - TPMI_DH_PCR handle // IN: PCR handle to be extended -); - -//*** PCRExtend() -// This function is used to extend a PCR in a specific bank. -void -PCRExtend( - TPMI_DH_PCR handle, // IN: PCR handle to be extended - TPMI_ALG_HASH hash, // IN: hash algorithm of PCR - UINT32 size, // IN: size of data to be extended - BYTE *data // IN: data to be extended -); - -//*** PCRComputeCurrentDigest() -// This function computes the digest of the selected PCR. -// -// As a side-effect, 'selection' is modified so that only the implemented PCR -// will have their bits still set. -void -PCRComputeCurrentDigest( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest - TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on - // output) - TPM2B_DIGEST *digest // OUT: digest -); - -//*** PCRRead() -// This function is used to read a list of selected PCR. If the requested PCR -// number exceeds the maximum number that can be output, the 'selection' is -// adjusted to reflect the actual output PCR. -void -PCRRead( - TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on - // output) - TPML_DIGEST *digest, // OUT: digest - UINT32 *pcrCounter // OUT: the current value of PCR generation - // number -); - -//*** PcrWrite() -// This function is used by _TPM_Hash_End to set a PCR to the computed hash -// of the H-CRTM event. -void -PcrWrite( - TPMI_DH_PCR handle, // IN: PCR handle to be extended - TPMI_ALG_HASH hash, // IN: hash algorithm of PCR - TPM2B_DIGEST *digest // IN: the new value -); - -//*** PCRAllocate() -// This function is used to change the PCR allocation. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT allocate failed -// TPM_RC_PCR improper allocation -TPM_RC -PCRAllocate( - TPML_PCR_SELECTION *allocate, // IN: required allocation - UINT32 *maxPCR, // OUT: Maximum number of PCR - UINT32 *sizeNeeded, // OUT: required space - UINT32 *sizeAvailable // OUT: available space -); - -//*** PCRSetValue() -// This function is used to set the designated PCR in all banks to an initial value. -// The initial value is signed and will be sign extended into the entire PCR. -// -void -PCRSetValue( - TPM_HANDLE handle, // IN: the handle of the PCR to set - INT8 initialValue // IN: the value to set -); - -//*** PCRResetDynamics -// This function is used to reset a dynamic PCR to 0. This function is used in -// DRTM sequence. -void -PCRResetDynamics( - void -); - -//*** PCRCapGetAllocation() -// This function is used to get the current allocation of PCR banks. -// Return Type: TPMI_YES_NO -// YES if the return count is 0 -// NO if the return count is not 0 -TPMI_YES_NO -PCRCapGetAllocation( - UINT32 count, // IN: count of return - TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list -); - -//*** PCRCapGetProperties() -// This function returns a list of PCR properties starting at 'property'. -// Return Type: TPMI_YES_NO -// YES if no more property is available -// NO if there are more properties not reported -TPMI_YES_NO -PCRCapGetProperties( - TPM_PT_PCR property, // IN: the starting PCR property - UINT32 count, // IN: count of returned properties - TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select -); - -//*** PCRCapGetHandles() -// This function is used to get a list of handles of PCR, started from 'handle'. -// If 'handle' exceeds the maximum PCR handle range, an empty list will be -// returned and the return value will be NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PCRCapGetHandles( - TPMI_DH_PCR handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -#endif // _PCR_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h deleted file mode 100644 index 3b67af02c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PP_Commands // Command must be enabled - -#ifndef _PP_Commands_FP_H_ -#define _PP_Commands_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM auth; - TPML_CC setList; - TPML_CC clearList; -} PP_Commands_In; - -// Response code modifiers -#define RC_PP_Commands_auth (TPM_RC_H + TPM_RC_1) -#define RC_PP_Commands_setList (TPM_RC_P + TPM_RC_1) -#define RC_PP_Commands_clearList (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_PP_Commands( - PP_Commands_In *in -); - -#endif // _PP_Commands_FP_H_ -#endif // CC_PP_Commands diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h deleted file mode 100644 index 9cf046c35..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h +++ /dev/null @@ -1,98 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _PP_FP_H_ -#define _PP_FP_H_ - -//*** PhysicalPresencePreInstall_Init() -// This function is used to initialize the array of commands that always require -// confirmation with physical presence. The array is an array of bits that -// has a correspondence with the command code. -// -// This command should only ever be executable in a manufacturing setting or in -// a simulation. -// -// When set, these cannot be cleared. -// -void -PhysicalPresencePreInstall_Init( - void -); - -//*** PhysicalPresenceCommandSet() -// This function is used to set the indicator that a command requires -// PP confirmation. -void -PhysicalPresenceCommandSet( - TPM_CC commandCode // IN: command code -); - -//*** PhysicalPresenceCommandClear() -// This function is used to clear the indicator that a command requires PP -// confirmation. -void -PhysicalPresenceCommandClear( - TPM_CC commandCode // IN: command code -); - -//*** PhysicalPresenceIsRequired() -// This function indicates if PP confirmation is required for a command. -// Return Type: BOOL -// TRUE(1) physical presence is required -// FALSE(0) physical presence is not required -BOOL -PhysicalPresenceIsRequired( - COMMAND_INDEX commandIndex // IN: command index -); - -//*** PhysicalPresenceCapGetCCList() -// This function returns a list of commands that require PP confirmation. The -// list starts from the first implemented command that has a command code that -// the same or greater than 'commandCode'. -// Return Type: TPMI_YES_NO -// YES if there are more command codes available -// NO all the available command codes have been returned -TPMI_YES_NO -PhysicalPresenceCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC -); - -#endif // _PP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h deleted file mode 100644 index c78db8f2e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyAuthValue // Command must be enabled - -#ifndef _Policy_Auth_Value_FP_H_ -#define _Policy_Auth_Value_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; -} PolicyAuthValue_In; - -// Response code modifiers -#define RC_PolicyAuthValue_policySession (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyAuthValue( - PolicyAuthValue_In *in -); - -#endif // _Policy_Auth_Value_FP_H_ -#endif // CC_PolicyAuthValue diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h deleted file mode 100644 index 77b2fa4c7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyAuthorizeNV // Command must be enabled - -#ifndef _Policy_Authorize_NV_FP_H_ -#define _Policy_Authorize_NV_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPMI_SH_POLICY policySession; -} PolicyAuthorizeNV_In; - -// Response code modifiers -#define RC_PolicyAuthorizeNV_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicyAuthorizeNV_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_PolicyAuthorizeNV_policySession (TPM_RC_H + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PolicyAuthorizeNV( - PolicyAuthorizeNV_In *in -); - -#endif // _Policy_Authorize_NV_FP_H_ -#endif // CC_PolicyAuthorizeNV diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h deleted file mode 100644 index 3f3a9ffd3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyAuthorize // Command must be enabled - -#ifndef _Policy_Authorize_FP_H_ -#define _Policy_Authorize_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST approvedPolicy; - TPM2B_NONCE policyRef; - TPM2B_NAME keySign; - TPMT_TK_VERIFIED checkTicket; -} PolicyAuthorize_In; - -// Response code modifiers -#define RC_PolicyAuthorize_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyAuthorize_approvedPolicy (TPM_RC_P + TPM_RC_1) -#define RC_PolicyAuthorize_policyRef (TPM_RC_P + TPM_RC_2) -#define RC_PolicyAuthorize_keySign (TPM_RC_P + TPM_RC_3) -#define RC_PolicyAuthorize_checkTicket (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_PolicyAuthorize( - PolicyAuthorize_In *in -); - -#endif // _Policy_Authorize_FP_H_ -#endif // CC_PolicyAuthorize diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h deleted file mode 100644 index 565fb6455..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyCommandCode // Command must be enabled - -#ifndef _Policy_Command_Code_FP_H_ -#define _Policy_Command_Code_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM_CC code; -} PolicyCommandCode_In; - -// Response code modifiers -#define RC_PolicyCommandCode_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCommandCode_code (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyCommandCode( - PolicyCommandCode_In *in -); - -#endif // _Policy_Command_Code_FP_H_ -#endif // CC_PolicyCommandCode diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h deleted file mode 100644 index 060a07105..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyCounterTimer // Command must be enabled - -#ifndef _Policy_Counter_Timer_FP_H_ -#define _Policy_Counter_Timer_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_OPERAND operandB; - UINT16 offset; - TPM_EO operation; -} PolicyCounterTimer_In; - -// Response code modifiers -#define RC_PolicyCounterTimer_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCounterTimer_operandB (TPM_RC_P + TPM_RC_1) -#define RC_PolicyCounterTimer_offset (TPM_RC_P + TPM_RC_2) -#define RC_PolicyCounterTimer_operation (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PolicyCounterTimer( - PolicyCounterTimer_In *in -); - -#endif // _Policy_Counter_Timer_FP_H_ -#endif // CC_PolicyCounterTimer diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h deleted file mode 100644 index 788fb429e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyCpHash // Command must be enabled - -#ifndef _Policy_Cp_Hash_FP_H_ -#define _Policy_Cp_Hash_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST cpHashA; -} PolicyCpHash_In; - -// Response code modifiers -#define RC_PolicyCpHash_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCpHash_cpHashA (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyCpHash( - PolicyCpHash_In *in -); - -#endif // _Policy_Cp_Hash_FP_H_ -#endif // CC_PolicyCpHash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h deleted file mode 100644 index 17e161c29..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyDuplicationSelect // Command must be enabled - -#ifndef _Policy_Duplication_Select_FP_H_ -#define _Policy_Duplication_Select_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_NAME objectName; - TPM2B_NAME newParentName; - TPMI_YES_NO includeObject; -} PolicyDuplicationSelect_In; - -// Response code modifiers -#define RC_PolicyDuplicationSelect_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyDuplicationSelect_objectName (TPM_RC_P + TPM_RC_1) -#define RC_PolicyDuplicationSelect_newParentName (TPM_RC_P + TPM_RC_2) -#define RC_PolicyDuplicationSelect_includeObject (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PolicyDuplicationSelect( - PolicyDuplicationSelect_In *in -); - -#endif // _Policy_Duplication_Select_FP_H_ -#endif // CC_PolicyDuplicationSelect diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h deleted file mode 100644 index 848bd2fe7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyGetDigest // Command must be enabled - -#ifndef _Policy_Get_Digest_FP_H_ -#define _Policy_Get_Digest_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; -} PolicyGetDigest_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST policyDigest; -} PolicyGetDigest_Out; - -// Response code modifiers -#define RC_PolicyGetDigest_policySession (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyGetDigest( - PolicyGetDigest_In *in, - PolicyGetDigest_Out *out -); - -#endif // _Policy_Get_Digest_FP_H_ -#endif // CC_PolicyGetDigest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h deleted file mode 100644 index ef45ed684..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyLocality // Command must be enabled - -#ifndef _Policy_Locality_FP_H_ -#define _Policy_Locality_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPMA_LOCALITY locality; -} PolicyLocality_In; - -// Response code modifiers -#define RC_PolicyLocality_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyLocality_locality (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyLocality( - PolicyLocality_In *in -); - -#endif // _Policy_Locality_FP_H_ -#endif // CC_PolicyLocality diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h deleted file mode 100644 index b16beda8f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyNV // Command must be enabled - -#ifndef _Policy_NV_FP_H_ -#define _Policy_NV_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPMI_SH_POLICY policySession; - TPM2B_OPERAND operandB; - UINT16 offset; - TPM_EO operation; -} PolicyNV_In; - -// Response code modifiers -#define RC_PolicyNV_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNV_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_PolicyNV_policySession (TPM_RC_H + TPM_RC_3) -#define RC_PolicyNV_operandB (TPM_RC_P + TPM_RC_1) -#define RC_PolicyNV_offset (TPM_RC_P + TPM_RC_2) -#define RC_PolicyNV_operation (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_PolicyNV( - PolicyNV_In *in -); - -#endif // _Policy_NV_FP_H_ -#endif // CC_PolicyNV diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h deleted file mode 100644 index 3e3ae8d8c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyNameHash // Command must be enabled - -#ifndef _Policy_Name_Hash_FP_H_ -#define _Policy_Name_Hash_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST nameHash; -} PolicyNameHash_In; - -// Response code modifiers -#define RC_PolicyNameHash_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNameHash_nameHash (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyNameHash( - PolicyNameHash_In *in -); - -#endif // _Policy_Name_Hash_FP_H_ -#endif // CC_PolicyNameHash diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h deleted file mode 100644 index 2f5ba18f4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyNvWritten // Command must be enabled - -#ifndef _Policy_Nv_Written_FP_H_ -#define _Policy_Nv_Written_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPMI_YES_NO writtenSet; -} PolicyNvWritten_In; - -// Response code modifiers -#define RC_PolicyNvWritten_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNvWritten_writtenSet (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyNvWritten( - PolicyNvWritten_In *in -); - -#endif // _Policy_Nv_Written_FP_H_ -#endif // CC_PolicyNvWritten diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h deleted file mode 100644 index 9db3808c2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyOR // Command must be enabled - -#ifndef _Policy_OR_FP_H_ -#define _Policy_OR_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPML_DIGEST pHashList; -} PolicyOR_In; - -// Response code modifiers -#define RC_PolicyOR_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyOR_pHashList (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyOR( - PolicyOR_In *in -); - -#endif // _Policy_OR_FP_H_ -#endif // CC_PolicyOR diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h deleted file mode 100644 index c5f2940f7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyPCR // Command must be enabled - -#ifndef _Policy_PCR_FP_H_ -#define _Policy_PCR_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST pcrDigest; - TPML_PCR_SELECTION pcrs; -} PolicyPCR_In; - -// Response code modifiers -#define RC_PolicyPCR_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyPCR_pcrDigest (TPM_RC_P + TPM_RC_1) -#define RC_PolicyPCR_pcrs (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_PolicyPCR( - PolicyPCR_In *in -); - -#endif // _Policy_PCR_FP_H_ -#endif // CC_PolicyPCR diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h deleted file mode 100644 index 712d051e3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyPassword // Command must be enabled - -#ifndef _Policy_Password_FP_H_ -#define _Policy_Password_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; -} PolicyPassword_In; - -// Response code modifiers -#define RC_PolicyPassword_policySession (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyPassword( - PolicyPassword_In *in -); - -#endif // _Policy_Password_FP_H_ -#endif // CC_PolicyPassword diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h deleted file mode 100644 index 54d5b4004..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyPhysicalPresence // Command must be enabled - -#ifndef _Policy_Physical_Presence_FP_H_ -#define _Policy_Physical_Presence_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; -} PolicyPhysicalPresence_In; - -// Response code modifiers -#define RC_PolicyPhysicalPresence_policySession (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyPhysicalPresence( - PolicyPhysicalPresence_In *in -); - -#endif // _Policy_Physical_Presence_FP_H_ -#endif // CC_PolicyPhysicalPresence diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h deleted file mode 100644 index 5716be52a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyRestart // Command must be enabled - -#ifndef _Policy_Restart_FP_H_ -#define _Policy_Restart_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY sessionHandle; -} PolicyRestart_In; - -// Response code modifiers -#define RC_PolicyRestart_sessionHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyRestart( - PolicyRestart_In *in -); - -#endif // _Policy_Restart_FP_H_ -#endif // CC_PolicyRestart diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h deleted file mode 100644 index fb944da09..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h +++ /dev/null @@ -1,77 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicySecret // Command must be enabled - -#ifndef _Policy_Secret_FP_H_ -#define _Policy_Secret_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_ENTITY authHandle; - TPMI_SH_POLICY policySession; - TPM2B_NONCE nonceTPM; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - INT32 expiration; -} PolicySecret_In; - -// Output structure definition -typedef struct { - TPM2B_TIMEOUT timeout; - TPMT_TK_AUTH policyTicket; -} PolicySecret_Out; - -// Response code modifiers -#define RC_PolicySecret_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicySecret_policySession (TPM_RC_H + TPM_RC_2) -#define RC_PolicySecret_nonceTPM (TPM_RC_P + TPM_RC_1) -#define RC_PolicySecret_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicySecret_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicySecret_expiration (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_PolicySecret( - PolicySecret_In *in, - PolicySecret_Out *out -); - -#endif // _Policy_Secret_FP_H_ -#endif // CC_PolicySecret diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h deleted file mode 100644 index f25ca6ee9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicySigned // Command must be enabled - -#ifndef _Policy_Signed_FP_H_ -#define _Policy_Signed_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT authObject; - TPMI_SH_POLICY policySession; - TPM2B_NONCE nonceTPM; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - INT32 expiration; - TPMT_SIGNATURE auth; -} PolicySigned_In; - -// Output structure definition -typedef struct { - TPM2B_TIMEOUT timeout; - TPMT_TK_AUTH policyTicket; -} PolicySigned_Out; - -// Response code modifiers -#define RC_PolicySigned_authObject (TPM_RC_H + TPM_RC_1) -#define RC_PolicySigned_policySession (TPM_RC_H + TPM_RC_2) -#define RC_PolicySigned_nonceTPM (TPM_RC_P + TPM_RC_1) -#define RC_PolicySigned_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicySigned_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicySigned_expiration (TPM_RC_P + TPM_RC_4) -#define RC_PolicySigned_auth (TPM_RC_P + TPM_RC_5) - -// Function prototype -TPM_RC -TPM2_PolicySigned( - PolicySigned_In *in, - PolicySigned_Out *out -); - -#endif // _Policy_Signed_FP_H_ -#endif // CC_PolicySigned diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h deleted file mode 100644 index 2e724d78c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyTemplate // Command must be enabled - -#ifndef _Policy_Template_FP_H_ -#define _Policy_Template_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST templateHash; -} PolicyTemplate_In; - -// Response code modifiers -#define RC_PolicyTemplate_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyTemplate_templateHash (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_PolicyTemplate( - PolicyTemplate_In *in -); - -#endif // _Policy_Template_FP_H_ -#endif // CC_PolicyTemplate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h deleted file mode 100644 index 74dfccb5a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_PolicyTicket // Command must be enabled - -#ifndef _Policy_Ticket_FP_H_ -#define _Policy_Ticket_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_TIMEOUT timeout; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - TPM2B_NAME authName; - TPMT_TK_AUTH ticket; -} PolicyTicket_In; - -// Response code modifiers -#define RC_PolicyTicket_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyTicket_timeout (TPM_RC_P + TPM_RC_1) -#define RC_PolicyTicket_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicyTicket_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicyTicket_authName (TPM_RC_P + TPM_RC_4) -#define RC_PolicyTicket_ticket (TPM_RC_P + TPM_RC_5) - -// Function prototype -TPM_RC -TPM2_PolicyTicket( - PolicyTicket_In *in -); - -#endif // _Policy_Ticket_FP_H_ -#endif // CC_PolicyTicket diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h deleted file mode 100644 index 316ee7a3b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Policy_AC_SendSelect // Command must be enabled - -#ifndef _Policy_AC_Send_Select_FP_H_ -#define _Policy_AC_Send_Select_FP_H_ - -// Input structure definition -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_NAME objectName; - TPM2B_NAME authHandleName; - TPM2B_NAME acName; - TPMI_YES_NO includeObject; -} Policy_AC_SendSelect_In; - -// Response code modifiers -#define RC_Policy_AC_SendSelect_policySession (TPM_RC_H + TPM_RC_1) -#define RC_Policy_AC_SendSelect_objectName (TPM_RC_P + TPM_RC_1) -#define RC_Policy_AC_SendSelect_authHandleName (TPM_RC_P + TPM_RC_2) -#define RC_Policy_AC_SendSelect_acName (TPM_RC_P + TPM_RC_3) -#define RC_Policy_AC_SendSelect_includeObject (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_Policy_AC_SendSelect( - Policy_AC_SendSelect_In *in -); - -#endif // _Policy_AC_Send_Select_FP_H_ -#endif // CC_Policy_AC_SendSelect diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h deleted file mode 100644 index 21717a68d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:18PM - */ - -#ifndef _POLICY_SPT_FP_H_ -#define _POLICY_SPT_FP_H_ - -//** Functions -//*** PolicyParameterChecks() -// This function validates the common parameters of TPM2_PolicySiged() -// and TPM2_PolicySecret(). The common parameters are 'nonceTPM', -// 'expiration', and 'cpHashA'. -TPM_RC -PolicyParameterChecks( - SESSION *session, - UINT64 authTimeout, - TPM2B_DIGEST *cpHashA, - TPM2B_NONCE *nonce, - TPM_RC blameNonce, - TPM_RC blameCpHash, - TPM_RC blameExpiration -); - -//*** PolicyContextUpdate() -// Update policy hash -// Update the policyDigest in policy session by extending policyRef and -// objectName to it. This will also update the cpHash if it is present. -// Return Type: void -void -PolicyContextUpdate( - TPM_CC commandCode, // IN: command code - TPM2B_NAME *name, // IN: name of entity - TPM2B_NONCE *ref, // IN: the reference data - TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) - UINT64 policyTimeout, // IN: the timeout value for the policy - SESSION *session // IN/OUT: policy session to be updated -); - -//*** ComputeAuthTimeout() -// This function is used to determine what the authorization timeout value for -// the session should be. -UINT64 -ComputeAuthTimeout( - SESSION *session, // IN: the session containing the time - // values - INT32 expiration, // IN: either the number of seconds from - // the start of the session or the - // time in g_timer; - TPM2B_NONCE *nonce // IN: indicator of the time base -); - -//*** PolicyDigestClear() -// Function to reset the policyDigest of a session -void -PolicyDigestClear( - SESSION *session -); - -BOOL -PolicySptCheckCondition( - TPM_EO operation, - BYTE *opA, - BYTE *opB, - UINT16 size -); - -#endif // _POLICY_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h deleted file mode 100644 index e6941a062..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h +++ /dev/null @@ -1,69 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _POWER_FP_H_ -#define _POWER_FP_H_ - -//*** TPMInit() -// This function is used to process a power on event. -void -TPMInit( - void -); - -//*** TPMRegisterStartup() -// This function registers the fact that the TPM has been initialized -// (a TPM2_Startup() has completed successfully). -BOOL -TPMRegisterStartup( - void -); - -//*** TPMIsStarted() -// Indicates if the TPM has been initialized (a TPM2_Startup() has completed -// successfully after a _TPM_Init). -// Return Type: BOOL -// TRUE(1) TPM has been initialized -// FALSE(0) TPM has not been initialized -BOOL -TPMIsStarted( - void -); - -#endif // _POWER_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h deleted file mode 100644 index 20e6ff8f5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h +++ /dev/null @@ -1,59 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _PROPERTY_CAP_FP_H_ -#define _PROPERTY_CAP_FP_H_ - -//*** TPMCapGetProperties() -// This function is used to get the TPM_PT values. The search of properties will -// start at 'property' and continue until 'propertyList' has as many values as -// will fit, or the last property has been reported, or the list has as many -// values as requested in 'count'. -// Return Type: TPMI_YES_NO -// YES more properties are available -// NO no more properties to be reported -TPMI_YES_NO -TPMCapGetProperties( - TPM_PT property, // IN: the starting TPM property - UINT32 count, // IN: maximum number of returned - // properties - TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list -); - -#endif // _PROPERTY_CAP_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h deleted file mode 100644 index 3d9e49c2e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Quote // Command must be enabled - -#ifndef _Quote_FP_H_ -#define _Quote_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; - TPML_PCR_SELECTION PCRselect; -} Quote_In; - -// Output structure definition -typedef struct { - TPM2B_ATTEST quoted; - TPMT_SIGNATURE signature; -} Quote_Out; - -// Response code modifiers -#define RC_Quote_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_Quote_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_Quote_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_Quote_PCRselect (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Quote( - Quote_In *in, - Quote_Out *out -); - -#endif // _Quote_FP_H_ -#endif // CC_Quote diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h deleted file mode 100644 index edcc718f9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_RSA_Decrypt // Command must be enabled - -#ifndef _RSA_Decrypt_FP_H_ -#define _RSA_Decrypt_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_PUBLIC_KEY_RSA cipherText; - TPMT_RSA_DECRYPT inScheme; - TPM2B_DATA label; -} RSA_Decrypt_In; - -// Output structure definition -typedef struct { - TPM2B_PUBLIC_KEY_RSA message; -} RSA_Decrypt_Out; - -// Response code modifiers -#define RC_RSA_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_RSA_Decrypt_cipherText (TPM_RC_P + TPM_RC_1) -#define RC_RSA_Decrypt_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_RSA_Decrypt_label (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_RSA_Decrypt( - RSA_Decrypt_In *in, - RSA_Decrypt_Out *out -); - -#endif // _RSA_Decrypt_FP_H_ -#endif // CC_RSA_Decrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h deleted file mode 100644 index 807cc8a9a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_RSA_Encrypt // Command must be enabled - -#ifndef _RSA_Encrypt_FP_H_ -#define _RSA_Encrypt_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_PUBLIC_KEY_RSA message; - TPMT_RSA_DECRYPT inScheme; - TPM2B_DATA label; -} RSA_Encrypt_In; - -// Output structure definition -typedef struct { - TPM2B_PUBLIC_KEY_RSA outData; -} RSA_Encrypt_Out; - -// Response code modifiers -#define RC_RSA_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_RSA_Encrypt_message (TPM_RC_P + TPM_RC_1) -#define RC_RSA_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_RSA_Encrypt_label (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_RSA_Encrypt( - RSA_Encrypt_In *in, - RSA_Encrypt_Out *out -); - -#endif // _RSA_Encrypt_FP_H_ -#endif // CC_RSA_Encrypt diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h deleted file mode 100644 index 101f7c187..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h +++ /dev/null @@ -1,58 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ReadClock // Command must be enabled - -#ifndef _Read_Clock_FP_H_ -#define _Read_Clock_FP_H_ - -// Output structure definition -typedef struct { - TPMS_TIME_INFO currentTime; -} ReadClock_Out; - - -// Function prototype -TPM_RC -TPM2_ReadClock( - ReadClock_Out *out -); - -#endif // _Read_Clock_FP_H_ -#endif // CC_ReadClock diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h deleted file mode 100644 index 8d3a9930b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ReadPublic // Command must be enabled - -#ifndef _Read_Public_FP_H_ -#define _Read_Public_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT objectHandle; -} ReadPublic_In; - -// Output structure definition -typedef struct { - TPM2B_PUBLIC outPublic; - TPM2B_NAME name; - TPM2B_NAME qualifiedName; -} ReadPublic_Out; - -// Response code modifiers -#define RC_ReadPublic_objectHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_ReadPublic( - ReadPublic_In *in, - ReadPublic_Out *out -); - -#endif // _Read_Public_FP_H_ -#endif // CC_ReadPublic diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h deleted file mode 100644 index 1beb94983..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h +++ /dev/null @@ -1,52 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _RESPONSE_CODE_PROCESSING_FP_H_ -#define _RESPONSE_CODE_PROCESSING_FP_H_ - -//** RcSafeAddToResult() -// Adds a modifier to a response code as long as the response code allows a modifier -// and no modifier has already been added. -TPM_RC -RcSafeAddToResult( - TPM_RC responseCode, - TPM_RC modifier -); - -#endif // _RESPONSE_CODE_PROCESSING_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h deleted file mode 100644 index 551c2e13b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h +++ /dev/null @@ -1,53 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _RESPONSE_FP_H_ -#define _RESPONSE_FP_H_ - -//** BuildResponseHeader() -// Adds the response header to the response. It will update command->parameterSize -// to indicate the total size of the response. -void -BuildResponseHeader( - COMMAND *command, // IN: main control structure - BYTE *buffer, // OUT: the output buffer - TPM_RC result // IN: the response code -); - -#endif // _RESPONSE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h deleted file mode 100644 index 03942d3b6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Rewrap // Command must be enabled - -#ifndef _Rewrap_FP_H_ -#define _Rewrap_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT oldParent; - TPMI_DH_OBJECT newParent; - TPM2B_PRIVATE inDuplicate; - TPM2B_NAME name; - TPM2B_ENCRYPTED_SECRET inSymSeed; -} Rewrap_In; - -// Output structure definition -typedef struct { - TPM2B_PRIVATE outDuplicate; - TPM2B_ENCRYPTED_SECRET outSymSeed; -} Rewrap_Out; - -// Response code modifiers -#define RC_Rewrap_oldParent (TPM_RC_H + TPM_RC_1) -#define RC_Rewrap_newParent (TPM_RC_H + TPM_RC_2) -#define RC_Rewrap_inDuplicate (TPM_RC_P + TPM_RC_1) -#define RC_Rewrap_name (TPM_RC_P + TPM_RC_2) -#define RC_Rewrap_inSymSeed (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Rewrap( - Rewrap_In *in, - Rewrap_Out *out -); - -#endif // _Rewrap_FP_H_ -#endif // CC_Rewrap diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h deleted file mode 100644 index 9d21ac99e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h +++ /dev/null @@ -1,65 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _RSA_KEY_CACHE_FP_H_ -#define _RSA_KEY_CACHE_FP_H_ - -#if USE_RSA_KEY_CACHE - -//*** RsaKeyCacheControl() -// Used to enable and disable the RSA key cache. -LIB_EXPORT void -RsaKeyCacheControl( - int state -); - -//*** GetCachedRsaKey() -// Return Type: BOOL -// TRUE(1) key loaded -// FALSE(0) key not loaded -BOOL -GetCachedRsaKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state -); -#endif // defined SIMULATION && defined USE_RSA_KEY_CACHE - -#endif // _RSA_KEY_CACHE_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h deleted file mode 100644 index 9557e1bf5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SelfTest // Command must be enabled - -#ifndef _Self_Test_FP_H_ -#define _Self_Test_FP_H_ - -// Input structure definition -typedef struct { - TPMI_YES_NO fullTest; -} SelfTest_In; - -// Response code modifiers -#define RC_SelfTest_fullTest (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_SelfTest( - SelfTest_In *in -); - -#endif // _Self_Test_FP_H_ -#endif // CC_SelfTest diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h deleted file mode 100644 index 48d73e72a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SequenceComplete // Command must be enabled - -#ifndef _Sequence_Complete_FP_H_ -#define _Sequence_Complete_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; - TPMI_RH_HIERARCHY hierarchy; -} SequenceComplete_In; - -// Output structure definition -typedef struct { - TPM2B_DIGEST result; - TPMT_TK_HASHCHECK validation; -} SequenceComplete_Out; - -// Response code modifiers -#define RC_SequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_1) -#define RC_SequenceComplete_buffer (TPM_RC_P + TPM_RC_1) -#define RC_SequenceComplete_hierarchy (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_SequenceComplete( - SequenceComplete_In *in, - SequenceComplete_Out *out -); - -#endif // _Sequence_Complete_FP_H_ -#endif // CC_SequenceComplete diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h deleted file mode 100644 index 6a31cc6e7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SequenceUpdate // Command must be enabled - -#ifndef _Sequence_Update_FP_H_ -#define _Sequence_Update_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; -} SequenceUpdate_In; - -// Response code modifiers -#define RC_SequenceUpdate_sequenceHandle (TPM_RC_H + TPM_RC_1) -#define RC_SequenceUpdate_buffer (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_SequenceUpdate( - SequenceUpdate_In *in -); - -#endif // _Sequence_Update_FP_H_ -#endif // CC_SequenceUpdate diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h deleted file mode 100644 index afaa64dab..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h +++ /dev/null @@ -1,123 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _SESSION_PROCESS_FP_H_ -#define _SESSION_PROCESS_FP_H_ - -//*** IsDAExempted() -// This function indicates if a handle is exempted from DA logic. -// A handle is exempted if it is -// 1. a primary seed handle, -// 2. an object with noDA bit SET, -// 3. an NV Index with TPMA_NV_NO_DA bit SET, or -// 4. a PCR handle. -// -// Return Type: BOOL -// TRUE(1) handle is exempted from DA logic -// FALSE(0) handle is not exempted from DA logic -BOOL -IsDAExempted( - TPM_HANDLE handle // IN: entity handle -); - -//*** ClearCpRpHashes() -void -ClearCpRpHashes( - COMMAND *command -); - -//*** CompareNameHash() -// This function computes the name hash and compares it to the nameHash in the -// session data. -BOOL -CompareNameHash( - COMMAND *command, // IN: main parsing structure - SESSION *session // IN: session structure with nameHash -); - -//*** ParseSessionBuffer() -// This function is the entry function for command session processing. -// It iterates sessions in session area and reports if the required authorization -// has been properly provided. It also processes audit session and passes the -// information of encryption sessions to parameter encryption module. -// -// Return Type: TPM_RC -// various parsing failure or authorization failure -// -TPM_RC -ParseSessionBuffer( - COMMAND *command // IN: the structure that contains -); - -//*** CheckAuthNoSession() -// Function to process a command with no session associated. -// The function makes sure all the handles in the command require no authorization. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_MISSING failure - one or more handles require -// authorization -TPM_RC -CheckAuthNoSession( - COMMAND *command // IN: command parsing structure -); - -//*** BuildResponseSession() -// Function to build Session buffer in a response. The authorization data is added -// to the end of command->responseBuffer. The size of the authorization area is -// accumulated in command->authSize. -// When this is called, command->responseBuffer is pointing at the next location -// in the response buffer to be filled. This is where the authorization sessions -// will go, if any. command->parameterSize is the number of bytes that have been -// marshaled as parameters in the output buffer. -void -BuildResponseSession( - COMMAND *command // IN: structure that has relevant command - // information -); - -//*** SessionRemoveAssociationToHandle() -// This function deals with the case where an entity associated with an authorization -// is deleted during command processing. The primary use of this is to support -// UndefineSpaceSpecial(). -void -SessionRemoveAssociationToHandle( - TPM_HANDLE handle -); - -#endif // _SESSION_PROCESS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h deleted file mode 100644 index 3c8227a2c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h +++ /dev/null @@ -1,287 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:06:42PM - */ - -#ifndef _SESSION_FP_H_ -#define _SESSION_FP_H_ - -//** Startup Function -- SessionStartup() -// This function initializes the session subsystem on TPM2_Startup(). -BOOL -SessionStartup( - STARTUP_TYPE type -); - -//*** SessionIsLoaded() -// This function test a session handle references a loaded session. The handle -// must have previously been checked to make sure that it is a valid handle for -// an authorization session. -// NOTE: A PWAP authorization does not have a session. -// -// Return Type: BOOL -// TRUE(1) session is loaded -// FALSE(0) session is not loaded -// -BOOL -SessionIsLoaded( - TPM_HANDLE handle // IN: session handle -); - -//*** SessionIsSaved() -// This function test a session handle references a saved session. The handle -// must have previously been checked to make sure that it is a valid handle for -// an authorization session. -// NOTE: An password authorization does not have a session. -// -// This function requires that the handle be a valid session handle. -// -// Return Type: BOOL -// TRUE(1) session is saved -// FALSE(0) session is not saved -// -BOOL -SessionIsSaved( - TPM_HANDLE handle // IN: session handle -); - -//*** SequenceNumberForSavedContextIsValid() -// This function validates that the sequence number and handle value within a -// saved context are valid. -BOOL -SequenceNumberForSavedContextIsValid( - TPMS_CONTEXT *context // IN: pointer to a context structure to be - // validated -); - -//*** SessionPCRValueIsCurrent() -// -// This function is used to check if PCR values have been updated since the -// last time they were checked in a policy session. -// -// This function requires the session is loaded. -// Return Type: BOOL -// TRUE(1) PCR value is current -// FALSE(0) PCR value is not current -BOOL -SessionPCRValueIsCurrent( - SESSION *session // IN: session structure -); - -//*** SessionGet() -// This function returns a pointer to the session object associated with a -// session handle. -// -// The function requires that the session is loaded. -SESSION * -SessionGet( - TPM_HANDLE handle // IN: session handle -); - -//*** SessionCreate() -// -// This function does the detailed work for starting an authorization session. -// This is done in a support routine rather than in the action code because -// the session management may differ in implementations. This implementation -// uses a fixed memory allocation to hold sessions and a fixed allocation -// to hold the contextID for the saved contexts. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP need to recycle sessions -// TPM_RC_SESSION_HANDLE active session space is full -// TPM_RC_SESSION_MEMORY loaded session space is full -TPM_RC -SessionCreate( - TPM_SE sessionType, // IN: the session type - TPMI_ALG_HASH authHash, // IN: the hash algorithm - TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller - TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm - TPMI_DH_ENTITY bind, // IN: the bind object - TPM2B_DATA *seed, // IN: seed data - TPM_HANDLE *sessionHandle, // OUT: the session handle - TPM2B_NONCE *nonceTpm // OUT: the session nonce -); - -//*** SessionContextSave() -// This function is called when a session context is to be saved. The -// contextID of the saved session is returned. If no contextID can be -// assigned, then the routine returns TPM_RC_CONTEXT_GAP. -// If the function completes normally, the session slot will be freed. -// -// This function requires that 'handle' references a loaded session. -// Otherwise, it should not be called at the first place. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP a contextID could not be assigned. -// TPM_RC_TOO_MANY_CONTEXTSthe counter maxed out -// -TPM_RC -SessionContextSave( - TPM_HANDLE handle, // IN: session handle - CONTEXT_COUNTER *contextID // OUT: assigned contextID -); - -//*** SessionContextLoad() -// This function is used to load a session from saved context. The session -// handle must be for a saved context. -// -// If the gap is at a maximum, then the only session that can be loaded is -// the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. -/// -// This function requires that 'handle' references a valid saved session. -// -// Return Type: TPM_RC -// TPM_RC_SESSION_MEMORY no free session slots -// TPM_RC_CONTEXT_GAP the gap count is maximum and this -// is not the oldest saved context -// -TPM_RC -SessionContextLoad( - SESSION_BUF *session, // IN: session structure from saved context - TPM_HANDLE *handle // IN/OUT: session handle -); - -//*** SessionFlush() -// This function is used to flush a session referenced by its handle. If the -// session associated with 'handle' is loaded, the session array entry is -// marked as available. -// -// This function requires that 'handle' be a valid active session. -// -void -SessionFlush( - TPM_HANDLE handle // IN: loaded or saved session handle -); - -//*** SessionComputeBoundEntity() -// This function computes the binding value for a session. The binding value -// for a reserved handle is the handle itself. For all the other entities, -// the authValue at the time of binding is included to prevent squatting. -// For those values, the Name and the authValue are concatenated -// into the bind buffer. If they will not both fit, the will be overlapped -// by XORing bytes. If XOR is required, the bind value will be full. -void -SessionComputeBoundEntity( - TPMI_DH_ENTITY entityHandle, // IN: handle of entity - TPM2B_NAME *bind // OUT: binding value -); - -//*** SessionSetStartTime() -// This function is used to initialize the session timing -void -SessionSetStartTime( - SESSION *session // IN: the session to update -); - -//*** SessionResetPolicyData() -// This function is used to reset the policy data without changing the nonce -// or the start time of the session. -void -SessionResetPolicyData( - SESSION *session // IN: the session to reset -); - -//*** SessionCapGetLoaded() -// This function returns a list of handles of loaded session, started -// from input 'handle' -// -// 'Handle' must be in valid loaded session handle range, but does not -// have to point to a loaded session. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -SessionCapGetLoaded( - TPMI_SH_POLICY handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** SessionCapGetSaved() -// This function returns a list of handles for saved session, starting at -// 'handle'. -// -// 'Handle' must be in a valid handle range, but does not have to point to a -// saved session -// -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -SessionCapGetSaved( - TPMI_SH_HMAC handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle -); - -//*** SessionCapGetLoadedNumber() -// This function return the number of authorization sessions currently -// loaded into TPM RAM. -UINT32 -SessionCapGetLoadedNumber( - void -); - -//*** SessionCapGetLoadedAvail() -// This function returns the number of additional authorization sessions, of -// any type, that could be loaded into TPM RAM. -// NOTE: In other implementations, this number may just be an estimate. The only -// requirement for the estimate is, if it is one or more, then at least one -// session must be loadable. -UINT32 -SessionCapGetLoadedAvail( - void -); - -//*** SessionCapGetActiveNumber() -// This function returns the number of active authorization sessions currently -// being tracked by the TPM. -UINT32 -SessionCapGetActiveNumber( - void -); - -//*** SessionCapGetActiveAvail() -// This function returns the number of additional authorization sessions, of any -// type, that could be created. This not the number of slots for sessions, but -// the number of additional sessions that the TPM is capable of tracking. -UINT32 -SessionCapGetActiveAvail( - void -); - -#endif // _SESSION_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h deleted file mode 100644 index ac1e3bdc1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SetAlgorithmSet // Command must be enabled - -#ifndef _Set_Algorithm_Set_FP_H_ -#define _Set_Algorithm_Set_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PLATFORM authHandle; - UINT32 algorithmSet; -} SetAlgorithmSet_In; - -// Response code modifiers -#define RC_SetAlgorithmSet_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_SetAlgorithmSet_algorithmSet (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_SetAlgorithmSet( - SetAlgorithmSet_In *in -); - -#endif // _Set_Algorithm_Set_FP_H_ -#endif // CC_SetAlgorithmSet diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h deleted file mode 100644 index 916aec6b4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SetCommandCodeAuditStatus // Command must be enabled - -#ifndef _Set_Command_Code_Audit_Status_FP_H_ -#define _Set_Command_Code_Audit_Status_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_PROVISION auth; - TPMI_ALG_HASH auditAlg; - TPML_CC setList; - TPML_CC clearList; -} SetCommandCodeAuditStatus_In; - -// Response code modifiers -#define RC_SetCommandCodeAuditStatus_auth (TPM_RC_H + TPM_RC_1) -#define RC_SetCommandCodeAuditStatus_auditAlg (TPM_RC_P + TPM_RC_1) -#define RC_SetCommandCodeAuditStatus_setList (TPM_RC_P + TPM_RC_2) -#define RC_SetCommandCodeAuditStatus_clearList (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_SetCommandCodeAuditStatus( - SetCommandCodeAuditStatus_In *in -); - -#endif // _Set_Command_Code_Audit_Status_FP_H_ -#endif // CC_SetCommandCodeAuditStatus diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h deleted file mode 100644 index c0d23e0a4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_SetPrimaryPolicy // Command must be enabled - -#ifndef _Set_Primary_Policy_FP_H_ -#define _Set_Primary_Policy_FP_H_ - -// Input structure definition -typedef struct { - TPMI_RH_HIERARCHY_AUTH authHandle; - TPM2B_DIGEST authPolicy; - TPMI_ALG_HASH hashAlg; -} SetPrimaryPolicy_In; - -// Response code modifiers -#define RC_SetPrimaryPolicy_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_SetPrimaryPolicy_authPolicy (TPM_RC_P + TPM_RC_1) -#define RC_SetPrimaryPolicy_hashAlg (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_SetPrimaryPolicy( - SetPrimaryPolicy_In *in -); - -#endif // _Set_Primary_Policy_FP_H_ -#endif // CC_SetPrimaryPolicy diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h deleted file mode 100644 index 4bb93d716..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Shutdown // Command must be enabled - -#ifndef _Shutdown_FP_H_ -#define _Shutdown_FP_H_ - -// Input structure definition -typedef struct { - TPM_SU shutdownType; -} Shutdown_In; - -// Response code modifiers -#define RC_Shutdown_shutdownType (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Shutdown( - Shutdown_In *in -); - -#endif // _Shutdown_FP_H_ -#endif // CC_Shutdown diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h deleted file mode 100644 index 0acab7ddd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Sign // Command must be enabled - -#ifndef _Sign_FP_H_ -#define _Sign_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_DIGEST digest; - TPMT_SIG_SCHEME inScheme; - TPMT_TK_HASHCHECK validation; -} Sign_In; - -// Output structure definition -typedef struct { - TPMT_SIGNATURE signature; -} Sign_Out; - -// Response code modifiers -#define RC_Sign_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_Sign_digest (TPM_RC_P + TPM_RC_1) -#define RC_Sign_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_Sign_validation (TPM_RC_P + TPM_RC_3) - -// Function prototype -TPM_RC -TPM2_Sign( - Sign_In *in, - Sign_Out *out -); - -#endif // _Sign_FP_H_ -#endif // CC_Sign diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h deleted file mode 100644 index b1c9c778f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_StartAuthSession // Command must be enabled - -#ifndef _Start_Auth_Session_FP_H_ -#define _Start_Auth_Session_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT tpmKey; - TPMI_DH_ENTITY bind; - TPM2B_NONCE nonceCaller; - TPM2B_ENCRYPTED_SECRET encryptedSalt; - TPM_SE sessionType; - TPMT_SYM_DEF symmetric; - TPMI_ALG_HASH authHash; -} StartAuthSession_In; - -// Output structure definition -typedef struct { - TPMI_SH_AUTH_SESSION sessionHandle; - TPM2B_NONCE nonceTPM; -} StartAuthSession_Out; - -// Response code modifiers -#define RC_StartAuthSession_tpmKey (TPM_RC_H + TPM_RC_1) -#define RC_StartAuthSession_bind (TPM_RC_H + TPM_RC_2) -#define RC_StartAuthSession_nonceCaller (TPM_RC_P + TPM_RC_1) -#define RC_StartAuthSession_encryptedSalt (TPM_RC_P + TPM_RC_2) -#define RC_StartAuthSession_sessionType (TPM_RC_P + TPM_RC_3) -#define RC_StartAuthSession_symmetric (TPM_RC_P + TPM_RC_4) -#define RC_StartAuthSession_authHash (TPM_RC_P + TPM_RC_5) - -// Function prototype -TPM_RC -TPM2_StartAuthSession( - StartAuthSession_In *in, - StartAuthSession_Out *out -); - -#endif // _Start_Auth_Session_FP_H_ -#endif // CC_StartAuthSession diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h deleted file mode 100644 index 96f03e584..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Startup // Command must be enabled - -#ifndef _Startup_FP_H_ -#define _Startup_FP_H_ - -// Input structure definition -typedef struct { - TPM_SU startupType; -} Startup_In; - -// Response code modifiers -#define RC_Startup_startupType (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Startup( - Startup_In *in -); - -#endif // _Startup_FP_H_ -#endif // CC_Startup diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h deleted file mode 100644 index 33b610a38..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_StirRandom // Command must be enabled - -#ifndef _Stir_Random_FP_H_ -#define _Stir_Random_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_SENSITIVE_DATA inData; -} StirRandom_In; - -// Response code modifiers -#define RC_StirRandom_inData (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_StirRandom( - StirRandom_In *in -); - -#endif // _Stir_Random_FP_H_ -#endif // CC_StirRandom diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h deleted file mode 100644 index 78a66b82d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_TestParms // Command must be enabled - -#ifndef _Test_Parms_FP_H_ -#define _Test_Parms_FP_H_ - -// Input structure definition -typedef struct { - TPMT_PUBLIC_PARMS parameters; -} TestParms_In; - -// Response code modifiers -#define RC_TestParms_parameters (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_TestParms( - TestParms_In *in -); - -#endif // _Test_Parms_FP_H_ -#endif // CC_TestParms diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h deleted file mode 100644 index c18de287d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h +++ /dev/null @@ -1,101 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _TICKET_FP_H_ -#define _TICKET_FP_H_ - -//*** TicketIsSafe() -// This function indicates if producing a ticket is safe. -// It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE -// or its substring of canonical form. If so, it is not safe to produce ticket -// for an input buffer claiming to be TPM generated buffer -// Return Type: BOOL -// TRUE(1) safe to produce ticket -// FALSE(0) not safe to produce ticket -BOOL -TicketIsSafe( - TPM2B *buffer -); - -//*** TicketComputeVerified() -// This function creates a TPMT_TK_VERIFIED ticket. -void -TicketComputeVerified( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM2B_DIGEST *digest, // IN: digest - TPM2B_NAME *keyName, // IN: name of key that signed the values - TPMT_TK_VERIFIED *ticket // OUT: verified ticket -); - -//*** TicketComputeAuth() -// This function creates a TPMT_TK_AUTH ticket. -void -TicketComputeAuth( - TPM_ST type, // IN: the type of ticket. - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - UINT64 timeout, // IN: timeout - BOOL expiresOnReset,// IN: flag to indicate if ticket expires on - // TPM Reset - TPM2B_DIGEST *cpHashA, // IN: input cpHashA - TPM2B_NONCE *policyRef, // IN: input policyRef - TPM2B_NAME *entityName, // IN: name of entity - TPMT_TK_AUTH *ticket // OUT: Created ticket -); - -//*** TicketComputeHashCheck() -// This function creates a TPMT_TK_HASHCHECK ticket. -void -TicketComputeHashCheck( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' - TPM2B_DIGEST *digest, // IN: input digest - TPMT_TK_HASHCHECK *ticket // OUT: Created ticket -); - -//*** TicketComputeCreation() -// This function creates a TPMT_TK_CREATION ticket. -void -TicketComputeCreation( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket - TPM2B_NAME *name, // IN: object name - TPM2B_DIGEST *creation, // IN: creation hash - TPMT_TK_CREATION *ticket // OUT: created ticket -); - -#endif // _TICKET_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h deleted file mode 100644 index 81c2ea953..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h +++ /dev/null @@ -1,139 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 04:23:27PM - */ - -#ifndef _TIME_FP_H_ -#define _TIME_FP_H_ - -//*** TimePowerOn() -// This function initialize time info at _TPM_Init(). -// -// This function is called at _TPM_Init() so that the TPM time can start counting -// as soon as the TPM comes out of reset and doesn't have to wait until -// TPM2_Startup() in order to begin the new time epoch. This could be significant -// for systems that could get powered up but not run any TPM commands for some -// period of time. -// -void -TimePowerOn( - void -); - -//*** TimeStartup() -// This function updates the resetCount and restartCount components of -// TPMS_CLOCK_INFO structure at TPM2_Startup(). -// -// This function will deal with the deferred creation of a new epoch. -// TimeUpdateToCurrent() will not start a new epoch even if one is due when -// TPM_Startup() has not been run. This is because the state of NV is not known -// until startup completes. When Startup is done, then it will create the epoch -// nonce to complete the initializations by calling this function. -BOOL -TimeStartup( - STARTUP_TYPE type // IN: start up type -); - -//*** TimeClockUpdate() -// This function updates go.clock. If 'newTime' requires an update of NV, then -// NV is checked for availability. If it is not available or is rate limiting, then -// go.clock is not updated and the function returns an error. If 'newTime' would -// not cause an NV write, then go.clock is updated. If an NV write occurs, then -// go.safe is SET. -void -TimeClockUpdate( - UINT64 newTime // IN: New time value in mS. -); - -//*** TimeUpdate() -// This function is used to update the time and clock values. If the TPM -// has run TPM2_Startup(), this function is called at the start of each command. -// If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to -// get the clock values initialized. It is not called on command entry because, in -// this implementation, the go structure is not read from NV until TPM2_Startup(). -// The reason for this is that the initialization code (_TPM_Init()) may run before -// NV is accessible. -void -TimeUpdate( - void -); - -//*** TimeUpdateToCurrent() -// This function updates the 'Time' and 'Clock' in the global -// TPMS_TIME_INFO structure. -// -// In this implementation, 'Time' and 'Clock' are updated at the beginning -// of each command and the values are unchanged for the duration of the -// command. -// -// Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock' -// are not allowed to advance if NV is not available. When clock is not advancing, -// any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or -// TPM_RC_NV_RATE. -// -// This implementation does not do rate limiting. If the implementation does do -// rate limiting, then the 'Clock' update should not be inhibited even when doing -// rate limiting. -void -TimeUpdateToCurrent( - void -); - -//*** TimeSetAdjustRate() -// This function is used to perform rate adjustment on 'Time' and 'Clock'. -void -TimeSetAdjustRate( - TPM_CLOCK_ADJUST adjust // IN: adjust constant -); - -//*** TimeGetMarshaled() -// This function is used to access TPMS_TIME_INFO in canonical form. -// The function collects the time information and marshals it into 'dataBuffer' -// and returns the marshaled size -UINT16 -TimeGetMarshaled( - TIME_INFO *dataBuffer // OUT: result buffer -); - -//*** TimeFillInfo -// This function gathers information to fill in a TPMS_CLOCK_INFO structure. -void -TimeFillInfo( - TPMS_CLOCK_INFO *clockInfo -); - -#endif // _TIME_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h deleted file mode 100644 index 9f78d7bb0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h +++ /dev/null @@ -1,234 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _TPM_ASN1_FP_H_ -#define _TPM_ASN1_FP_H_ - -//*** ASN1UnmarshalContextInitialize() -// Function does standard initialization of a context. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -BOOL -ASN1UnmarshalContextInitialize( - ASN1UnmarshalContext *ctx, - INT16 size, - BYTE *buffer -); - -//***ASN1DecodeLength() -// This function extracts the length of an element from 'buffer' starting at 'offset'. -// Return Type: UINT16 -// >=0 the extracted length -// <0 an error -INT16 -ASN1DecodeLength( - ASN1UnmarshalContext *ctx -); - -//***ASN1NextTag() -// This function extracts the next type from 'buffer' starting at 'offset'. -// It advances 'offset' as it parses the type and the length of the type. It returns -// the length of the type. On return, the 'length' octets starting at 'offset' are the -// octets of the type. -// Return Type: UINT -// >=0 the number of octets in 'type' -// <0 an error -INT16 -ASN1NextTag( - ASN1UnmarshalContext *ctx -); - -//*** ASN1GetBitStringValue() -// Try to parse a bit string of up to 32 bits from a value that is expected to be -// a bit string. -// If there is a general parsing error, the context->size is set to -1. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -BOOL -ASN1GetBitStringValue( - ASN1UnmarshalContext *ctx, - UINT32 *val -); - -//*** ASN1InitialializeMarshalContext() -// This creates a structure for handling marshaling of an ASN.1 formatted data -// structure. -void -ASN1InitialializeMarshalContext( - ASN1MarshalContext *ctx, - INT16 length, - BYTE *buffer -); - -//*** ASN1StartMarshalContext() -// This starts a new constructed element. It is constructed on 'top' of the value -// that was previously placed in the structure. -void -ASN1StartMarshalContext( - ASN1MarshalContext *ctx -); - -//*** ASN1EndMarshalContext() -// This function restores the end pointer for an encapsulating structure. -// Return Type: INT16 -// > 0 the size of the encapsulated structure that was just ended -// <= 0 an error -INT16 -ASN1EndMarshalContext( - ASN1MarshalContext *ctx -); - -//***ASN1EndEncapsulation() -// This function puts a tag and length in the buffer. In this function, an embedded -// BIT_STRING is assumed to be a collection of octets. To indicate that all bits -// are used, a byte of zero is prepended. If a raw bit-string is needed, a new -// function like ASN1PushInteger() would be needed. -// Return Type: INT16 -// > 0 number of octets in the encapsulation -// == 0 failure -UINT16 -ASN1EndEncapsulation( - ASN1MarshalContext *ctx, - BYTE tag -); - -//*** ASN1PushByte() -BOOL -ASN1PushByte( - ASN1MarshalContext *ctx, - BYTE b -); - -//*** ASN1PushBytes() -// Push some raw bytes onto the buffer. 'count' cannot be zero. -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushBytes( - ASN1MarshalContext *ctx, - INT16 count, - const BYTE *buffer -); - -//*** ASN1PushNull() -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushNull( - ASN1MarshalContext *ctx -); - -//*** ASN1PushLength() -// Push a length value. This will only handle length values that fit in an INT16. -// Return Type: UINT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushLength( - ASN1MarshalContext *ctx, - INT16 len -); - -//*** ASN1PushTagAndLength() -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushTagAndLength( - ASN1MarshalContext *ctx, - BYTE tag, - INT16 length -); - -//*** ASN1PushTaggedOctetString() -// This function will push a random octet string. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushTaggedOctetString( - ASN1MarshalContext *ctx, - INT16 size, - const BYTE *string, - BYTE tag -); - -//*** ASN1PushUINT() -// This function pushes an native-endian integer value. This just changes a -// native-endian integer into a big-endian byte string and calls ASN1PushInteger(). -// That function will remove leading zeros and make sure that the number is positive. -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushUINT( - ASN1MarshalContext *ctx, - UINT32 integer -); - -//*** ASN1PushInteger -// Push a big-endian integer on the end of the buffer -// Return Type: UINT16 -// > 0 the number of bytes marshaled for the integer -// == 0 failure -INT16 -ASN1PushInteger( - ASN1MarshalContext *ctx, // IN/OUT: buffer context - INT16 iLen, // IN: octets of the integer - BYTE *integer // IN: big-endian integer -); - -//*** ASN1PushOID() -// This function is used to add an OID. An OID is 0x06 followed by a byte of size -// followed by size bytes. This is used to avoid having to do anything special in the -// definition of an OID. -// Return Type: UINT16 -// > 0 the number of bytes marshaled for the integer -// == 0 failure -INT16 -ASN1PushOID( - ASN1MarshalContext *ctx, - const BYTE *OID -); - -#endif // _TPM_ASN1_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h deleted file mode 100644 index 998d16b12..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h +++ /dev/null @@ -1,98 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _TPM_FAIL_FP_H_ -#define _TPM_FAIL_FP_H_ - -//*** SetForceFailureMode() -// This function is called by the simulator to enable failure mode testing. -#if SIMULATION -LIB_EXPORT void -SetForceFailureMode( - void -); -#endif - -//*** TpmLogFailure() -// This function saves the failure values when the code will continue to operate. It -// if similar to TpmFail() but returns to the caller. The assumption is that the -// caller will propagate a failure back up the stack. -void -TpmLogFailure( -#if FAIL_TRACE - const char *function, - int line, -#endif - int code -); - -//*** TpmFail() -// This function is called by TPM.lib when a failure occurs. It will set up the -// failure values to be returned on TPM2_GetTestResult(). -NORETURN void -TpmFail( -#if FAIL_TRACE - const char *function, - int line, -#endif - int code -); - -//*** TpmFailureMode( -// This function is called by the interface code when the platform is in failure -// mode. -void -TpmFailureMode( - unsigned int inRequestSize, // IN: command buffer size - unsigned char *inRequest, // IN: command buffer - unsigned int *outResponseSize, // OUT: response buffer size - unsigned char **outResponse // OUT: response buffer -); - -//*** UnmarshalFail() -// This is a stub that is used to catch an attempt to unmarshal an entry -// that is not defined. Don't ever expect this to be called but... -void -UnmarshalFail( - void *type, - BYTE **buffer, - INT32 *size -); - -#endif // _TPM_FAIL_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h deleted file mode 100644 index 236f9d0d0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _TPM_SIZE_CHECKS_FP_H_ -#define _TPM_SIZE_CHECKS_FP_H_ - -#if RUNTIME_SIZE_CHECKS - -//** TpmSizeChecks() -// This function is used during the development process to make sure that the -// vendor-specific values result in a consistent implementation. When possible, -// the code contains #if to do compile-time checks. However, in some cases, the -// values require the use of "sizeof()" and that can't be used in an #if. -void -TpmSizeChecks( - void -); -#endif // RUNTIME_SIZE_CHECKS - -#endif // _TPM_SIZE_CHECKS_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h deleted file mode 100644 index 53aef9517..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h +++ /dev/null @@ -1,58 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOLTCDESSUPPORT_FP_H_ -#define _TPMTOLTCDESSUPPORT_FP_H_ - -#if SYM_LIB == LTC && defined TPM_ALG_TDES -//** TDES_setup -// This function calls the LTC function to generate a TDES key schedule. If the -// key is one DES key (8 bytes), then it is replicated two more times to create a -// 24-byte TDES key. If the key is two key (16 bytes), then the first DES key is -// replicated to the third key position. -void TDES_setup( - const BYTE *key, - UINT32 keyBits, - symmetric_key *skey - ); -#endif - - -#endif // _TPMTOLTCDESSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h deleted file mode 100644 index 2e6577cd4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h +++ /dev/null @@ -1,150 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Mar 23, 2017 Time: 03:31:51 PM -*/ - -#ifndef _TPMTOLTCMATH_FP_H_ -#define _TPMTOLTCMATH_FP_H_ - -#if MATH_LIB == LTC -//*** BnModMult() -// Does multiply and divide returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ); - -//*** BnMult() -// Multiplies two numbers -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ); - -//*** BnDiv() -// This function divides two BIGNUM values. The function always returns TRUE. -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ); - -#ifdef TPM_ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ); - -//***BnModExp() -// Do modular exponentiation using BIGNUM values. The conversion from a bignum_t -// to a BIGNUM is trivial as they are based on the same structure -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ); - -//*** BnModInverse() -// Modular multiplicative inverse -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ); -#endif // TPM_ALG_RSA - -#ifdef TPM_ALG_ECC -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - bigConst d, // IN: scalar for [d]S - bigCurve E - ); - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]S + [u]Q -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: first point (optional) - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ); - -//*** BnEccAdd() -// This function does addition of two points. Since this is not implemented -// in LibTomCrypt() will try to trick it by doing multiply with scalar of 1. -// I have no idea if this will work and it's not needed unless MQV or the SM2 -// variant is enabled. -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ); -#endif // TPM_ALG_ECC -#endif // MATH_LIB == LTC - - -#endif // _TPMTOLTCMATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h deleted file mode 100644 index f0d482c70..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOLTCSUPPORT_FP_H_ -#define _TPMTOLTCSUPPORT_FP_H_ - -#if MATH_LIB == LTC -//*** LtcRand() -// This is a stub function that is called from the LibTomCrypt or libmpa code -// to get a random number. In turn, this will call the random RandGenerate -// function that was passed in LibraryInit(). This function will pass the pointer -// to the current rand state along with the random byte request. -uint32_t LtcRand( - void *buf, - size_t blen - ); - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ); - -//*** LtcPoolInit() -// Function to initialize a pool. **** -LIB_EXPORT mpa_scratch_mem -LtcPoolInit( - mpa_word_t *poolAddress, - int vars, - int bits - ); -#endif // MATH_LIB == LTC - - -#endif // _TPMTOLTCSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h deleted file mode 100644 index e8d45f23b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h +++ /dev/null @@ -1,78 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _TPM_TO_OSSL_DES_SUPPORT_FP_H_ -#define _TPM_TO_OSSL_DES_SUPPORT_FP_H_ - -#if (defined SYM_LIB_OSSL) && ALG_TDES - -//**Functions -//*** TDES_set_encyrpt_key() -// This function makes creation of a TDES key look like the creation of a key for -// any of the other OpenSSL block ciphers. It will create three key schedules, -// one for each of the DES keys. If there are only two keys, then the third schedule -// is a copy of the first. -void -TDES_set_encrypt_key( - const BYTE *key, - UINT16 keySizeInBits, - tpmKeyScheduleTDES *keySchedule -); - -//*** TDES_encyrpt() -// The TPM code uses one key schedule. For TDES, the schedule contains three -// schedules. OpenSSL wants the schedules referenced separately. This function -// does that. -void TDES_encrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks -); - -//*** TDES_decrypt() -// As with TDES_encypt() this function bridges between the TPM single schedule -// model and the OpenSSL three schedule model. -void TDES_decrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks -); -#endif // SYM_LIB_OSSL - -#endif // _TPM_TO_OSSL_DES_SUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h deleted file mode 100644 index 81cbc972f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h +++ /dev/null @@ -1,223 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 03:18:00PM - */ - -#ifndef _TPM_TO_OSSL_MATH_FP_H_ -#define _TPM_TO_OSSL_MATH_FP_H_ - -#ifdef MATH_LIB_OSSL - -//*** OsslToTpmBn() -// This function converts an OpenSSL BIGNUM to a TPM bignum. In this implementation -// it is assumed that OpenSSL uses a different control structure but the same data -// layout -- an array of native-endian words in little-endian order. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure because value will not fit or OpenSSL variable doesn't -// exist -BOOL -OsslToTpmBn( - bigNum bn, - BIGNUM *osslBn -); - -//*** BigInitialized() -// This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for -// values that are passed to OpenSLL when they are not declared as const in the -// function prototype. Instead, use BnNewVariable(). -BIGNUM * -BigInitialized( - BIGNUM *toInit, - bigConst initializer -); -#if LIBRARY_COMPATIBILITY_CHECK - -//*** MathLibraryCompatibilityCheck() -void -MathLibraryCompatibilityCheck( - void -); -#endif - -//*** BnModMult() -// This function does a modular multiply. It first does a multiply and then a divide -// and returns the remainder of the divide. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus -); - -//*** BnMult() -// Multiplies two numbers -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier -); - -//*** BnDiv() -// This function divides two bigNum values. The function returns FALSE if -// there is an error in the operation. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor -); - -#if ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: -); - -//***BnModExp() -// Do modular exponentiation using bigNum values. The conversion from a bignum_t to -// a bigNum is trivial as they are based on the same structure -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: -); - -//*** BnModInverse() -// Modular multiplicative inverse -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus -); -#endif // ALG_RSA -#if ALG_ECC - -//*** BnCurveInitialize() -// This function initializes the OpenSSL curve information structure. This -// structure points to the TPM-defined values for the curve, to the context for the -// number values in the frame, and to the OpenSSL-defined group values. -// Return Type: bigCurve * -// NULL the TPM_ECC_CURVE is not valid or there was a problem in -// in initializing the curve data -// non-NULL points to 'E' -LIB_EXPORT bigCurve -BnCurveInitialize( - bigCurve E, // IN: curve structure to initialize - TPM_ECC_CURVE curveId // IN: curve identifier -); - -//*** BnCurveFree() -// This function will free the allocated components of the curve and end the -// frame in which the curve data exists -LIB_EXPORT void -BnCurveFree( - bigCurve E -); - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - bigCurve E -); - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]G + [u]Q -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve -); - -//** BnEccAdd() -// This function does addition of two points. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve -); -#endif // ALG_ECC -#endif // MATHLIB OSSL - -#endif // _TPM_TO_OSSL_MATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h deleted file mode 100644 index b787cce0c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h +++ /dev/null @@ -1,84 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef _TPM_TO_OSSL_SUPPORT_FP_H_ -#define _TPM_TO_OSSL_SUPPORT_FP_H_ - -#ifdef MATH_LIB_OSSL - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void -); - -//*** OsslContextEnter() -// This function is used to initialize an OpenSSL context at the start of a function -// that will call to an OpenSSL math function. -BN_CTX * -OsslContextEnter( - void -); - -//*** OsslContextLeave() -// This is the companion function to OsslContextEnter(). -void -OsslContextLeave( - BN_CTX *CTX -); - -//*** OsslPushContext() -// This function is used to create a frame in a context. All values allocated within -// this context after the frame is started will be automatically freed when the -// context (OsslPopContext() -BN_CTX * -OsslPushContext( - BN_CTX *CTX -); - -//*** OsslPopContext() -// This is the companion function to OsslPushContext(). -void -OsslPopContext( - BN_CTX *CTX -); -#endif // MATH_LIB_OSSL - -#endif // _TPM_TO_OSSL_SUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h deleted file mode 100644 index e7b8ff794..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h +++ /dev/null @@ -1,90 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOWOLFDESSUPPORT_FP_H_ -#define _TPMTOWOLFDESSUPPORT_FP_H_ - -#if SYM_LIB == WOLF && defined TPM_ALG_TDES -//**Functions - -//** TDES_setup -// This function calls the wolfcrypt function to generate a TDES key schedule. If the -// If the key is two key (16 bytes), then the first DES key is replicated to the third -// key position. -int TDES_setup( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey, - int dir - ); - -//** TDES_setup_encrypt_key -// This function calls into TDES_setup(), specifically for an encryption key. -int TDES_setup_encrypt_key( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey - ); - -//** TDES_setup_decrypt_key -// This function calls into TDES_setup(), specifically for an decryption key. -int TDES_setup_decrypt_key( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey - ); - -//*** TDES_encyrpt() -void TDES_encrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ); - -//*** TDES_decrypt() -void TDES_decrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ); -#endif // SYM_LIB == WOLF - - -#endif // _TPMTOWOLFDESSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h deleted file mode 100644 index 2ee6c0445..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h +++ /dev/null @@ -1,209 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOWOLFMATH_FP_H_ -#define _TPMTOWOLFMATH_FP_H_ - -#if MATH_LIB == WOLF -//**Functions - -//*** BnFromWolf() -// This function converts a wolfcrypt mp_int to a TPM bignum. In this implementation -// it is assumed that wolfcrypt used the same format for a big number as does the -// TPM -- an array of native-endian words in little-endian order. -void -BnFromWolf( - bigNum bn, - mp_int *wolfBn - ); - -//*** BnToWolf() -// This function converts a TPM bignum to a wolfcrypt mp_init, and has the same -// assumptions as made by BnFromWolf() -void -BnToWolf( - mp_int *toInit, - bigConst initializer - ); - -//*** MpInitialize() -// This function initializes an wolfcrypt mp_int. -mp_int * -MpInitialize( - mp_int *toInit - ); - -//** MathLibraryCompatibililtyCheck() -// This function is only used during development to make sure that the library -// that is being referenced is using the same size of data structures as the TPM. -void -MathLibraryCompatibilityCheck( - void - ); - -//*** BnModMult() -// Does multiply and divide returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ); - -//*** BnMult() -// Multiplies two numbers -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ); - -//*** BnDiv() -// This function divides two bigNum values. The function returns FALSE if -// there is an error in the operation. -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ); - -#ifdef TPM_ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ); - -//***BnModExp() -// Do modular exponentiation using bigNum values. The conversion from a mp_int to -// a bigNum is trivial as they are based on the same structure -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ); - -//*** BnModInverse() -// Modular multiplicative inverse -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ); -#endif // TPM_ALG_RSA - -#ifdef TPM_ALG_ECC - -//*** PointFromWolf() -// Function to copy the point result from a wolf ecc_point to a bigNum -void -PointFromWolf( - bigPoint pOut, // OUT: resulting point - ecc_point *pIn // IN: the point to return - ); - -//*** PointToWolf() -// Function to copy the point result from a bigNum to a wolf ecc_point -void -PointToWolf( - ecc_point *pOut, // OUT: resulting point - pointConst pIn // IN: the point to return - ); - -//*** EcPointInitialized() -// Allocate and initialize a point. -static ecc_point * -EcPointInitialized( - pointConst initializer - ); - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - bigCurve E - ); - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]G + [u]Q -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ); - -//** BnEccAdd() -// This function does addition of two points. -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ); -#endif // TPM_ALG_ECC - -#endif // MATH_LIB == WOLF - - -#endif // _TPMTOWOLFMATH_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h deleted file mode 100644 index ee0887a33..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/*(Auto) - Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 - Date: Sep 9, 2016 Time: 01:03:57 PM -*/ - -#ifndef _TPMTOWOLFSUPPORT_FP_H_ -#define _TPMTOWOLFSUPPORT_FP_H_ - -#ifdef MATH_LIB_WOLF -//**Functions - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ); -#endif // MATH_LIB == WOLF - - -#endif // _TPMTOWOLFSUPPORT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h deleted file mode 100644 index c32ff2278..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Unseal // Command must be enabled - -#ifndef _Unseal_FP_H_ -#define _Unseal_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT itemHandle; -} Unseal_In; - -// Output structure definition -typedef struct { - TPM2B_SENSITIVE_DATA outData; -} Unseal_Out; - -// Response code modifiers -#define RC_Unseal_itemHandle (TPM_RC_H + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Unseal( - Unseal_In *in, - Unseal_Out *out -); - -#endif // _Unseal_FP_H_ -#endif // CC_Unseal diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h deleted file mode 100644 index 105d71766..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_Vendor_TCG_Test // Command must be enabled - -#ifndef _Vendor_TCG_Test_FP_H_ -#define _Vendor_TCG_Test_FP_H_ - -// Input structure definition -typedef struct { - TPM2B_DATA inputData; -} Vendor_TCG_Test_In; - -// Output structure definition -typedef struct { - TPM2B_DATA outputData; -} Vendor_TCG_Test_Out; - -// Response code modifiers -#define RC_Vendor_TCG_Test_inputData (TPM_RC_P + TPM_RC_1) - -// Function prototype -TPM_RC -TPM2_Vendor_TCG_Test( - Vendor_TCG_Test_In *in, - Vendor_TCG_Test_Out *out -); - -#endif // _Vendor_TCG_Test_FP_H_ -#endif // CC_Vendor_TCG_Test diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h deleted file mode 100644 index 44961907a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_VerifySignature // Command must be enabled - -#ifndef _Verify_Signature_FP_H_ -#define _Verify_Signature_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_DIGEST digest; - TPMT_SIGNATURE signature; -} VerifySignature_In; - -// Output structure definition -typedef struct { - TPMT_TK_VERIFIED validation; -} VerifySignature_Out; - -// Response code modifiers -#define RC_VerifySignature_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_VerifySignature_digest (TPM_RC_P + TPM_RC_1) -#define RC_VerifySignature_signature (TPM_RC_P + TPM_RC_2) - -// Function prototype -TPM_RC -TPM2_VerifySignature( - VerifySignature_In *in, - VerifySignature_Out *out -); - -#endif // _Verify_Signature_FP_H_ -#endif // CC_VerifySignature diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h deleted file mode 100644 index b994b1208..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h +++ /dev/null @@ -1,79 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _X509_ECC_FP_H_ -#define _X509_ECC_FP_H_ - -//*** X509PushPoint() -// This seems like it might be used more than once so... -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509PushPoint( - ASN1MarshalContext *ctx, - TPMS_ECC_POINT *p -); - -//*** X509AddSigningAlgorithmECC() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddSigningAlgorithmECC( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx -); - -//*** X509AddPublicECC() -// This function will add the publicKey description to the DER data. If ctx is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddPublicECC( - OBJECT *object, - ASN1MarshalContext *ctx -); - -#endif // _X509_ECC_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h deleted file mode 100644 index 8fb05e672..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _X509_RSA_FP_H_ -#define _X509_RSA_FP_H_ - -#if ALG_RSA - -//*** X509AddSigningAlgorithmRSA() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddSigningAlgorithmRSA( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx -); - -//*** X509AddPublicRSA() -// This function will add the publicKey description to the DER data. If fillPtr is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddPublicRSA( - OBJECT *object, - ASN1MarshalContext *ctx -); -#endif // ALG_RSA - -#endif // _X509_RSA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h deleted file mode 100644 index 1670e78b4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h +++ /dev/null @@ -1,118 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Apr 2, 2019 Time: 11:00:49AM - */ - -#ifndef _X509_SPT_FP_H_ -#define _X509_SPT_FP_H_ - -//*** X509FindExtensionOID() -// This will search a list of X508 extensions to find an extension with the -// requested OID. If the extension is found, the output context ('ctx') is set up -// to point to the OID in the extension. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure (could be catastrophic) -BOOL -X509FindExtensionByOID( - ASN1UnmarshalContext *ctxIn, // IN: the context to search - ASN1UnmarshalContext *ctx, // OUT: the extension context - const BYTE *OID // IN: oid to search for -); - -//*** X509GetExtensionBits() -// This function will extract a bit field from an extension. If the extension doesn't -// contain a bit string, it will fail. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -UINT32 -X509GetExtensionBits( - ASN1UnmarshalContext *ctx, - UINT32 *value -); - -//***X509ProcessExtensions() -// This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not -// in the CertifyX509.c code because it makes the code harder to follow. -// Return Type: TPM_RC -// TPM_RCS_ATTRIBUTES the attributes of object are not consistent with -// the extension setting -// TPM_RC_VALUE problem parsing the extensions -TPM_RC -X509ProcessExtensions( - OBJECT *object, // IN: The object with the attributes to - // check - stringRef *extension // IN: The start and length of the extensions -); - -//*** X509AddSigningAlgorithm() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of octets added -// <= 0 failure -INT16 -X509AddSigningAlgorithm( - ASN1MarshalContext *ctx, - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme -); - -//*** X509AddPublicKey() -// This function will add the publicKey description to the DER data. If fillPtr is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of octets added -// == 0 failure -INT16 -X509AddPublicKey( - ASN1MarshalContext *ctx, - OBJECT *object -); - -//*** X509PushAlgorithmIdentifierSequence() -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509PushAlgorithmIdentifierSequence( - ASN1MarshalContext *ctx, - const BYTE *OID -); - -#endif // _X509_SPT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h deleted file mode 100644 index 1fc708632..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.4 Mar 26, 2019 - * Date: Mar 28, 2019 Time: 08:25:17PM - */ - -#if CC_ZGen_2Phase // Command must be enabled - -#ifndef _ZGen_2Phase_FP_H_ -#define _ZGen_2Phase_FP_H_ - -// Input structure definition -typedef struct { - TPMI_DH_OBJECT keyA; - TPM2B_ECC_POINT inQsB; - TPM2B_ECC_POINT inQeB; - TPMI_ECC_KEY_EXCHANGE inScheme; - UINT16 counter; -} ZGen_2Phase_In; - -// Output structure definition -typedef struct { - TPM2B_ECC_POINT outZ1; - TPM2B_ECC_POINT outZ2; -} ZGen_2Phase_Out; - -// Response code modifiers -#define RC_ZGen_2Phase_keyA (TPM_RC_H + TPM_RC_1) -#define RC_ZGen_2Phase_inQsB (TPM_RC_P + TPM_RC_1) -#define RC_ZGen_2Phase_inQeB (TPM_RC_P + TPM_RC_2) -#define RC_ZGen_2Phase_inScheme (TPM_RC_P + TPM_RC_3) -#define RC_ZGen_2Phase_counter (TPM_RC_P + TPM_RC_4) - -// Function prototype -TPM_RC -TPM2_ZGen_2Phase( - ZGen_2Phase_In *in, - ZGen_2Phase_Out *out -); - -#endif // _ZGen_2Phase_FP_H_ -#endif // CC_ZGen_2Phase diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h deleted file mode 100644 index 8ac5c2074..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h +++ /dev/null @@ -1,50 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef __TPM_HASH_DATA_FP_H_ -#define __TPM_HASH_DATA_FP_H_ - -// This function is called to process a _TPM_Hash_Data indication. -LIB_EXPORT void -_TPM_Hash_Data( - uint32_t dataSize, // IN: size of data to be extend - unsigned char *data // IN: data buffer -); - -#endif // __TPM_HASH_DATA_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h deleted file mode 100644 index 45ee7dff0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef __TPM_HASH_END_FP_H_ -#define __TPM_HASH_END_FP_H_ - -// This function is called to process a _TPM_Hash_End indication. -LIB_EXPORT void -_TPM_Hash_End( - void -); - -#endif // __TPM_HASH_END_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h deleted file mode 100644 index 5ae53fb4f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef __TPM_HASH_START_FP_H_ -#define __TPM_HASH_START_FP_H_ - -// This function is called to process a _TPM_Hash_Start indication. -LIB_EXPORT void -_TPM_Hash_Start( - void -); - -#endif // __TPM_HASH_START_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h deleted file mode 100644 index aabb43a2e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmPrototypes; Version 3.0 July 18, 2017 - * Date: Mar 28, 2019 Time: 08:25:19PM - */ - -#ifndef __TPM_INIT_FP_H_ -#define __TPM_INIT_FP_H_ - -// This function is used to process a _TPM_Init indication. -LIB_EXPORT void -_TPM_Init( - void -); - -#endif // __TPM_INIT_FP_H_ diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h deleted file mode 100644 index 01216f740..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h +++ /dev/null @@ -1,106 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _SWAP_H -#define _SWAP_H - -#if LITTLE_ENDIAN_TPM -#define TO_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) -#define FROM_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) -#define TO_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) -#define FROM_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) -#define TO_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) -#define FROM_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) -#else -#define TO_BIG_ENDIAN_UINT16(i) (i) -#define FROM_BIG_ENDIAN_UINT16(i) (i) -#define TO_BIG_ENDIAN_UINT32(i) (i) -#define FROM_BIG_ENDIAN_UINT32(i) (i) -#define TO_BIG_ENDIAN_UINT64(i) (i) -#define FROM_BIG_ENDIAN_UINT64(i) (i) -#endif - -#if AUTO_ALIGN == NO - -// The aggregation macros for machines that do not allow unaligned access or for -// little-endian machines. - -// Aggregate bytes into an UINT - -#define BYTE_ARRAY_TO_UINT8(b) (uint8_t)((b)[0]) -#define BYTE_ARRAY_TO_UINT16(b) ByteArrayToUint16((BYTE *)(b)) -#define BYTE_ARRAY_TO_UINT32(b) ByteArrayToUint32((BYTE *)(b)) -#define BYTE_ARRAY_TO_UINT64(b) ByteArrayToUint64((BYTE *)(b)) -#define UINT8_TO_BYTE_ARRAY(i, b) ((b)[0] = (uint8_t)(i)) -#define UINT16_TO_BYTE_ARRAY(i, b) Uint16ToByteArray((i), (BYTE *)(b)) -#define UINT32_TO_BYTE_ARRAY(i, b) Uint32ToByteArray((i), (BYTE *)(b)) -#define UINT64_TO_BYTE_ARRAY(i, b) Uint64ToByteArray((i), (BYTE *)(b)) - - -#else // AUTO_ALIGN - -#if BIG_ENDIAN_TPM -// the big-endian macros for machines that allow unaligned memory access -// Aggregate a byte array into a UINT -#define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) -#define BYTE_ARRAY_TO_UINT16(b) *((uint16_t *)(b)) -#define BYTE_ARRAY_TO_UINT32(b) *((uint32_t *)(b)) -#define BYTE_ARRAY_TO_UINT64(b) *((uint64_t *)(b)) - -// Disaggregate a UINT into a byte array - -#define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} -#define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = (i);} -#define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = (i);} -#define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = (i);} -#else -// the little endian macros for machines that allow unaligned memory access -// the big-endian macros for machines that allow unaligned memory access -// Aggregate a byte array into a UINT -#define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) -#define BYTE_ARRAY_TO_UINT16(b) REVERSE_ENDIAN_16(*((uint16_t *)(b))) -#define BYTE_ARRAY_TO_UINT32(b) REVERSE_ENDIAN_32(*((uint32_t *)(b))) -#define BYTE_ARRAY_TO_UINT64(b) REVERSE_ENDIAN_64(*((uint64_t *)(b))) - -// Disaggregate a UINT into a byte array - -#define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} -#define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = REVERSE_ENDIAN_16(i);} -#define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = REVERSE_ENDIAN_32(i);} -#define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = REVERSE_ENDIAN_64(i);} -#endif // BIG_ENDIAN_TPM - -#endif // AUTO_ALIGN == NO - -#endif // _SWAP_H diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c deleted file mode 100644 index f275c5801..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c +++ /dev/null @@ -1,514 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" - -#define _OIDS_ -#include "OIDs.h" - -#include "TpmASN1.h" -#include "TpmASN1_fp.h" - -//** Unmarshaling Functions - -//*** ASN1UnmarshalContextInitialize() -// Function does standard initialization of a context. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -BOOL -ASN1UnmarshalContextInitialize( - ASN1UnmarshalContext *ctx, - INT16 size, - BYTE *buffer -) -{ - VERIFY(buffer != NULL); - VERIFY(size > 0); - ctx->buffer = buffer; - ctx->size = size; - ctx->offset = 0; - ctx->tag = 0xFF; - return TRUE; -Error: - return FALSE; -} - -//***ASN1DecodeLength() -// This function extracts the length of an element from 'buffer' starting at 'offset'. -// Return Type: UINT16 -// >=0 the extracted length -// <0 an error -INT16 -ASN1DecodeLength( - ASN1UnmarshalContext *ctx -) -{ - BYTE first; // Next octet in buffer - INT16 value; -// - VERIFY(ctx->offset < ctx->size); - first = NEXT_OCTET(ctx); - // If the number of octets of the entity is larger than 127, then the first octet - // is the number of octets in the length specifier. - if(first >= 0x80) - { - // Make sure that this length field is contained with the structure being - // parsed - CHECK_SIZE(ctx, (first & 0x7F)); - if(first == 0x82) - { - // Two octets of size - // get the next value - value = (INT16)NEXT_OCTET(ctx); - // Make sure that the result will fit in an INT16 - VERIFY(value < 0x0080); - // Shift up and add next octet - value = (value << 8) + NEXT_OCTET(ctx); - } - else if(first == 0x81) - value = NEXT_OCTET(ctx); - // Sizes larger than will fit in a INT16 are an error - else - goto Error; - } - else - value = first; - // Make sure that the size defined something within the current context - CHECK_SIZE(ctx, value); - return value; -Error: - ctx->size = -1; // Makes everything fail from now on. - return -1; -} - -//***ASN1NextTag() -// This function extracts the next type from 'buffer' starting at 'offset'. -// It advances 'offset' as it parses the type and the length of the type. It returns -// the length of the type. On return, the 'length' octets starting at 'offset' are the -// octets of the type. -// Return Type: UINT -// >=0 the number of octets in 'type' -// <0 an error -INT16 -ASN1NextTag( - ASN1UnmarshalContext *ctx -) -{ - // A tag to get? - VERIFY(ctx->offset < ctx->size); - // Get it - ctx->tag = NEXT_OCTET(ctx); - // Make sure that it is not an extended tag - VERIFY((ctx->tag & 0x1F) != 0x1F); - // Get the length field and return that - return ASN1DecodeLength(ctx); - -Error: - // Attempt to read beyond the end of the context or an illegal tag - ctx->size = -1; // Persistent failure - ctx->tag = 0xFF; - return -1; -} - - -//*** ASN1GetBitStringValue() -// Try to parse a bit string of up to 32 bits from a value that is expected to be -// a bit string. -// If there is a general parsing error, the context->size is set to -1. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -BOOL -ASN1GetBitStringValue( - ASN1UnmarshalContext *ctx, - UINT32 *val -) -{ - int shift; - INT16 length; - UINT32 value = 0; -// - - VERIFY((length = ASN1NextTag(ctx)) >= 1); - VERIFY(ctx->tag == ASN1_BITSTRING); - // Get the shift value for the bit field (how many bits to loop off of the end) - shift = NEXT_OCTET(ctx); - length--; - // the shift count has to make sense - VERIFY((shift < 8) && ((length > 0) || (shift == 0))); - // if there are any bytes left - for(; length > 0; length--) - { - if(length > 1) - { - // for all but the last octet, just shift and add the new octet - VERIFY((value & 0xFF000000) == 0); // can't loose significant bits - value = (value << 8) + NEXT_OCTET(ctx); - } - else - { - // for the last octet, just shift the accumulated value enough to - // accept the significant bits in the last octet and shift the last - // octet down - VERIFY(((value & (0xFF000000 << (8 - shift)))) == 0); - value = (value << (8 - shift)) + (NEXT_OCTET(ctx) >> shift); - } - } - *val = value; - return TRUE; -Error: - ctx->size = -1; - return FALSE; -} - -//******************************************************************* -//** Marshaling Functions -//******************************************************************* - -//*** Introduction -// Marshaling of an ASN.1 structure is accomplished from the bottom up. That is, -// the things that will be at the end of the structure are added last. To manage the -// collecting of the relative sizes, start a context for the outermost container, if -// there is one, and then placing items in from the bottom up. If the bottom-most -// item is also within a structure, create a nested context by calling -// ASN1StartMarshalingContext(). -// -// The context control structure contains a 'buffer' pointer, an 'offset', an 'end' -// and a stack. 'offset' is the offset from the start of the buffer of the last added -// byte. When 'offset' reaches 0, the buffer is full. 'offset' is a signed value so -// that, when it becomes negative, there is an overflow. Only two functions are -// allowed to move bytes into the buffer: ASN1PushByte() and ASN1PushBytes(). These -// functions make sure that no data is written beyond the end of the buffer. -// -// When a new context is started, the current value of 'end' is pushed -// on the stack and 'end' is set to 'offset. As bytes are added, offset gets smaller. -// At any time, the count of bytes in the current context is simply 'end' - 'offset'. -// -// Since starting a new context involves setting 'end' = 'offset', the number of bytes -// in the context starts at 0. The nominal way of ending a context is to use -// 'end' - 'offset' to set the length value, and then a tag is added to the buffer. -// Then the previous 'end' value is popped meaning that the context just ended -// becomes a member of the now current context. -// -// The nominal strategy for building a completed ASN.1 structure is to push everything -// into the buffer and then move everything to the start of the buffer. The move is -// simple as the size of the move is the initial 'end' value minus the final 'offset' -// value. The destination is 'buffer' and the source is 'buffer' + 'offset'. As Skippy -// would say "Easy peasy, Joe." -// -// It is not necessary to provide a buffer into which the data is placed. If no buffer -// is provided, then the marshaling process will return values needed for marshaling. -// On strategy for filling the buffer would be to execute the process for building -// the structure without using a buffer. This would return the overall size of the -// structure. Then that amount of data could be allocated for the buffer and the fill -// process executed again with the data going into the buffer. At the end, the data -// would be in its final resting place. - -//*** ASN1InitialializeMarshalContext() -// This creates a structure for handling marshaling of an ASN.1 formatted data -// structure. -void -ASN1InitialializeMarshalContext( - ASN1MarshalContext *ctx, - INT16 length, - BYTE *buffer -) -{ - ctx->buffer = buffer; - if(buffer) - ctx->offset = length; - else - ctx->offset = INT16_MAX; - ctx->end = ctx->offset; - ctx->depth = -1; -} - -//*** ASN1StartMarshalContext() -// This starts a new constructed element. It is constructed on 'top' of the value -// that was previously placed in the structure. -void -ASN1StartMarshalContext( - ASN1MarshalContext *ctx -) -{ - pAssert((ctx->depth + 1) < MAX_DEPTH); - ctx->depth++; - ctx->ends[ctx->depth] = ctx->end; - ctx->end = ctx->offset; -} - -//*** ASN1EndMarshalContext() -// This function restores the end pointer for an encapsulating structure. -// Return Type: INT16 -// > 0 the size of the encapsulated structure that was just ended -// <= 0 an error -INT16 -ASN1EndMarshalContext( - ASN1MarshalContext *ctx -) -{ - INT16 length; - pAssert(ctx->depth >= 0); - length = ctx->end - ctx->offset; - ctx->end = ctx->ends[ctx->depth--]; - if((ctx->depth == -1) && (ctx->buffer)) - { - MemoryCopy(ctx->buffer, ctx->buffer + ctx->offset, ctx->end - ctx->offset); - } - return length; -} - - -//***ASN1EndEncapsulation() -// This function puts a tag and length in the buffer. In this function, an embedded -// BIT_STRING is assumed to be a collection of octets. To indicate that all bits -// are used, a byte of zero is prepended. If a raw bit-string is needed, a new -// function like ASN1PushInteger() would be needed. -// Return Type: INT16 -// > 0 number of octets in the encapsulation -// == 0 failure -UINT16 -ASN1EndEncapsulation( - ASN1MarshalContext *ctx, - BYTE tag -) -{ - // only add a leading zero for an encapsulated BIT STRING - if (tag == ASN1_BITSTRING) - ASN1PushByte(ctx, 0); - ASN1PushTagAndLength(ctx, tag, ctx->end - ctx->offset); - return ASN1EndMarshalContext(ctx); -} - -//*** ASN1PushByte() -BOOL -ASN1PushByte( - ASN1MarshalContext *ctx, - BYTE b -) -{ - if(ctx->offset > 0) - { - ctx->offset -= 1; - if(ctx->buffer) - ctx->buffer[ctx->offset] = b; - return TRUE; - } - ctx->offset = -1; - return FALSE; -} - -//*** ASN1PushBytes() -// Push some raw bytes onto the buffer. 'count' cannot be zero. -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushBytes( - ASN1MarshalContext *ctx, - INT16 count, - const BYTE *buffer -) -{ - // make sure that count is not negative which would mess up the math; and that - // if there is a count, there is a buffer - VERIFY((count >= 0) && ((buffer != NULL) || (count == 0))); - // back up the offset to determine where the new octets will get pushed - ctx->offset -= count; - // can't go negative - VERIFY(ctx->offset >= 0); - // if there are buffers, move the data, otherwise, assume that this is just a - // test. - if(count && buffer && ctx->buffer) - MemoryCopy(&ctx->buffer[ctx->offset], buffer, count); - return count; -Error: - ctx->offset = -1; - return 0; -} - -//*** ASN1PushNull() -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushNull( - ASN1MarshalContext *ctx -) -{ - ASN1PushByte(ctx, 0); - ASN1PushByte(ctx, ASN1_NULL); - return (ctx->offset >= 0) ? 2 : 0; -} - -//*** ASN1PushLength() -// Push a length value. This will only handle length values that fit in an INT16. -// Return Type: UINT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushLength( - ASN1MarshalContext *ctx, - INT16 len -) -{ - UINT16 start = ctx->offset; - VERIFY(len >= 0); - if(len <= 127) - ASN1PushByte(ctx, (BYTE)len); - else - { - ASN1PushByte(ctx, (BYTE)(len & 0xFF)); - len >>= 8; - if(len == 0) - ASN1PushByte(ctx, 0x81); - else - { - ASN1PushByte(ctx, (BYTE)(len)); - ASN1PushByte(ctx, 0x82); - } - } - goto Exit; -Error: - ctx->offset = -1; -Exit: - return (ctx->offset > 0) ? start - ctx->offset : 0; -} - -//*** ASN1PushTagAndLength() -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushTagAndLength( - ASN1MarshalContext *ctx, - BYTE tag, - INT16 length -) -{ - INT16 bytes; - bytes = ASN1PushLength(ctx, length); - bytes += (INT16)ASN1PushByte(ctx, tag); - return (ctx->offset < 0) ? 0 : bytes; -} - - -//*** ASN1PushTaggedOctetString() -// This function will push a random octet string. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -ASN1PushTaggedOctetString( - ASN1MarshalContext *ctx, - INT16 size, - const BYTE *string, - BYTE tag -) -{ - ASN1PushBytes(ctx, size, string); - // PushTagAndLenght just tells how many octets it added so the total size of this - // element is the sum of those octets and input size. - size += ASN1PushTagAndLength(ctx, tag, size); - return size; -} - -//*** ASN1PushUINT() -// This function pushes an native-endian integer value. This just changes a -// native-endian integer into a big-endian byte string and calls ASN1PushInteger(). -// That function will remove leading zeros and make sure that the number is positive. -// Return Type: IN16 -// > 0 count bytes -// == 0 failure unless count was zero -INT16 -ASN1PushUINT( - ASN1MarshalContext *ctx, - UINT32 integer -) -{ - BYTE marshaled[4]; - UINT32_TO_BYTE_ARRAY(integer, marshaled); - return ASN1PushInteger(ctx, 4, marshaled); -} - -//*** ASN1PushInteger -// Push a big-endian integer on the end of the buffer -// Return Type: UINT16 -// > 0 the number of bytes marshaled for the integer -// == 0 failure -INT16 -ASN1PushInteger( - ASN1MarshalContext *ctx, // IN/OUT: buffer context - INT16 iLen, // IN: octets of the integer - BYTE *integer // IN: big-endian integer -) -{ - // no leading 0's - while((*integer == 0) && (--iLen > 0)) - integer++; - // Move the bytes to the buffer - ASN1PushBytes(ctx, iLen, integer); - // if needed, add a leading byte of 0 to make the number positive - if(*integer & 0x80) - iLen += (INT16)ASN1PushByte(ctx, 0); - // PushTagAndLenght just tells how many octets it added so the total size of this - // element is the sum of those octets and the adjusted input size. - iLen += ASN1PushTagAndLength(ctx, ASN1_INTEGER, iLen); - return iLen; -} - -//*** ASN1PushOID() -// This function is used to add an OID. An OID is 0x06 followed by a byte of size -// followed by size bytes. This is used to avoid having to do anything special in the -// definition of an OID. -// Return Type: UINT16 -// > 0 the number of bytes marshaled for the integer -// == 0 failure -INT16 -ASN1PushOID( - ASN1MarshalContext *ctx, - const BYTE *OID -) -{ - if((*OID == ASN1_OBJECT_IDENTIFIER) && ((OID[1] & 0x80) == 0)) - { - return ASN1PushBytes(ctx, OID[1] + 2, OID); - } - ctx->offset = -1; - return 0; -} - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c deleted file mode 100644 index 29a8d5940..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c +++ /dev/null @@ -1,146 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "X509.h" -#include "OIDs.h" -#include "TpmASN1_fp.h" -#include "X509_spt_fp.h" -#include "CryptHash_fp.h" - -//** Functions - -//*** X509PushPoint() -// This seems like it might be used more than once so... -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509PushPoint( - ASN1MarshalContext *ctx, - TPMS_ECC_POINT *p -) -{ - // Push a bit string containing the public key. For now, push the x, and y - // coordinates of the public point, bottom up - ASN1StartMarshalContext(ctx); // BIT STRING - { - ASN1PushBytes(ctx, p->y.t.size, p->y.t.buffer); - ASN1PushBytes(ctx, p->x.t.size, p->x.t.buffer); - ASN1PushByte(ctx, 0x04); - } - return ASN1EndEncapsulation(ctx, ASN1_BITSTRING); // Ends BIT STRING -} - -//*** X509AddSigningAlgorithmECC() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddSigningAlgorithmECC( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx -) -{ - PHASH_DEF hashDef = CryptGetHashDef(scheme->details.any.hashAlg); -// - NOT_REFERENCED(signKey); - // If the desired hashAlg definition wasn't found... - if(hashDef->hashAlg != scheme->details.any.hashAlg) - return 0; - - switch(scheme->scheme) - { - case ALG_ECDSA_VALUE: - // Make sure that we have an OID for this hash and ECC - if((hashDef->ECDSA)[0] != ASN1_OBJECT_IDENTIFIER) - break; - // if this is just an implementation check, indicate that this - // combination is supported - if(!ctx) - return 1; - ASN1StartMarshalContext(ctx); - ASN1PushOID(ctx, hashDef->ECDSA); - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - default: - break; - } - return 0; -} - - -//*** X509AddPublicECC() -// This function will add the publicKey description to the DER data. If ctx is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddPublicECC( - OBJECT *object, - ASN1MarshalContext *ctx -) -{ - const BYTE *curveOid = - CryptEccGetOID(object->publicArea.parameters.eccDetail.curveID); - if((curveOid == NULL) || (*curveOid != ASN1_OBJECT_IDENTIFIER)) - return 0; -// -// -// SEQUENCE (2 elem) 1st -// SEQUENCE (2 elem) 2nd -// OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type) -// OBJECT IDENTIFIER 1.2.840.10045.3.1.7 prime256v1 (ANSI X9.62 named curve) -// BIT STRING (520 bit) 000001001010000111010101010111001001101101000100000010... -// - // If this is a check to see if the key can be encoded, it can. - // Need to mark the end sequence - if(ctx == NULL) - return 1; - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st - { - X509PushPoint(ctx, &object->publicArea.unique.ecc); // BIT STRING - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 2nd - { - ASN1PushOID(ctx, curveOid); // curve dependent - ASN1PushOID(ctx, OID_ECC_PUBLIC); // (1.2.840.10045.2.1) - } - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 2nd - } - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 1st -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c deleted file mode 100644 index 77b827bdf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c +++ /dev/null @@ -1,234 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "X509.h" -#include "TpmASN1_fp.h" -#include "X509_spt_fp.h" -#include "CryptHash_fp.h" -#include "CryptRsa_fp.h" - -//** Functions - -#if ALG_RSA - -//*** X509AddSigningAlgorithmRSA() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddSigningAlgorithmRSA( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx -) -{ - TPM_ALG_ID hashAlg = scheme->details.any.hashAlg; - PHASH_DEF hashDef = CryptGetHashDef(hashAlg); -// - NOT_REFERENCED(signKey); - // return failure if hash isn't implemented - if(hashDef->hashAlg != hashAlg) - return 0; - switch(scheme->scheme) - { - case ALG_RSASSA_VALUE: - { - // if the hash is implemented but there is no PKCS1 OID defined - // then this is not a valid signing combination. - if(hashDef->PKCS1[0] != ASN1_OBJECT_IDENTIFIER) - break; - if(ctx == NULL) - return 1; - ASN1StartMarshalContext(ctx); - ASN1PushOID(ctx, hashDef->PKCS1); - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - } - case ALG_RSAPSS_VALUE: - // leave if this is just an implementation check - if(ctx == NULL) - return 1; - // In the case of SHA1, everything is default and RFC4055 says that - // implementations that do signature generation MUST omit the parameter - // when defaults are used. )-: - if(hashDef->hashAlg == ALG_SHA1_VALUE) - { - return X509PushAlgorithmIdentifierSequence(ctx, OID_RSAPSS); - } - else - { - // Going to build something that looks like: - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) - // SEQUENCE (3 elem) - // [0] (1 elem) - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - // [1] (1 elem) - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - // [2] (1 elem) salt length - // INTEGER 32 - - // The indentation is just to keep track of where we are in the - // structure - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elements) - { - ASN1StartMarshalContext(ctx); // SEQUENCE (3 elements) - { - // [2] (1 elem) salt length - // INTEGER 32 - ASN1StartMarshalContext(ctx); - { - INT16 saltSize = - CryptRsaPssSaltSize((INT16)hashDef->digestSize, - (INT16)signKey->publicArea.unique.rsa.t.size); - ASN1PushUINT(ctx, saltSize); - } - ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 2); - - // Add the mask generation algorithm - // [1] (1 elem) - // SEQUENCE (2 elem) 1st - // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF - // SEQUENCE (2 elem) 2nd - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - ASN1StartMarshalContext(ctx); // mask context [1] (1 elem) - { - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st - // Handle the 2nd Sequence (sequence (object, null)) - { - X509PushAlgorithmIdentifierSequence(ctx, - hashDef->OID); - // add the pkcs1-MGF OID - ASN1PushOID(ctx, OID_MGF1); - } - // End outer sequence - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - } - // End the [1] - ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 1); - - // Add the hash algorithm - // [0] (1 elem) - // SEQUENCE (2 elem) (done by - // X509PushAlgorithmIdentifierSequence) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST) - // NULL - ASN1StartMarshalContext(ctx); // [0] (1 elem) - { - X509PushAlgorithmIdentifierSequence(ctx, hashDef->OID); - } - ASN1EndEncapsulation(ctx, (ASN1_APPLICAIION_SPECIFIC + 0)); - } - // SEQUENCE (3 elements) end - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - - // RSA PSS OID - // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) - ASN1PushOID(ctx, OID_RSAPSS); - } - // End Sequence (2 elements) - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - } - default: - break; - } - return 0; -} - -//*** X509AddPublicRSA() -// This function will add the publicKey description to the DER data. If fillPtr is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509AddPublicRSA( - OBJECT *object, - ASN1MarshalContext *ctx -) -{ - UINT32 exp = object->publicArea.parameters.rsaDetail.exponent; -// -/* - SEQUENCE (2 elem) 1st - SEQUENCE (2 elem) 2nd - OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1) - NULL - BIT STRING (1 elem) - SEQUENCE (2 elem) 3rd - INTEGER (2048 bit) 2197304513741227955725834199357401… - INTEGER 65537 -*/ - // If this is a check to see if the key can be encoded, it can. - // Need to mark the end sequence - if(ctx == NULL) - return 1; - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st - ASN1StartMarshalContext(ctx); // BIT STRING - ASN1StartMarshalContext(ctx); // SEQUENCE *(2 elem) 3rd - - // Get public exponent in big-endian byte order. - if(exp == 0) - exp = RSA_DEFAULT_PUBLIC_EXPONENT; - - // Push a 4 byte integer. This might get reduced if there are leading zeros or - // extended if the high order byte is negative. - ASN1PushUINT(ctx, exp); - // Push the public key as an integer - ASN1PushInteger(ctx, object->publicArea.unique.rsa.t.size, - object->publicArea.unique.rsa.t.buffer); - // Embed this in a SEQUENCE tag and length in for the key, exponent sequence - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // SEQUENCE (3rd) - - // Embed this in a BIT STRING - ASN1EndEncapsulation(ctx, ASN1_BITSTRING); - - // Now add the formatted SEQUENCE for the RSA public key OID. This is a - // fully constructed value so it doesn't need to have a context started - X509PushAlgorithmIdentifierSequence(ctx, OID_PKCS1_PUB); - - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); -} - -#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c deleted file mode 100644 index 77fd96ba9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c +++ /dev/null @@ -1,295 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "TpmASN1.h" -#include "TpmASN1_fp.h" -#define _X509_SPT_ -#include "X509.h" -#include "X509_spt_fp.h" -#if ALG_RSA -# include "X509_RSA_fp.h" -#endif // ALG_RSA -#if ALG_ECC -# include "X509_ECC_fp.h" -#endif // ALG_ECC -#if ALG_SM2 -//# include "X509_SM2_fp.h" -#endif // ALG_RSA - - - -//** Unmarshaling Functions - -//*** X509FindExtensionOID() -// This will search a list of X508 extensions to find an extension with the -// requested OID. If the extension is found, the output context ('ctx') is set up -// to point to the OID in the extension. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure (could be catastrophic) -BOOL -X509FindExtensionByOID( - ASN1UnmarshalContext *ctxIn, // IN: the context to search - ASN1UnmarshalContext *ctx, // OUT: the extension context - const BYTE *OID // IN: oid to search for -) -{ - INT16 length; -// - pAssert(ctxIn != NULL); - // Make the search non-destructive of the input if ctx provided. Otherwise, use - // the provided context. - if (ctx == NULL) - ctx = ctxIn; - else if(ctx != ctxIn) - *ctx = *ctxIn; - for(;ctx->size > ctx->offset; ctx->offset += length) - { - VERIFY((length = ASN1NextTag(ctx)) >= 0); - // If this is not a constructed sequence, then it doesn't belong - // in the extensions. - VERIFY(ctx->tag == ASN1_CONSTRUCTED_SEQUENCE); - // Make sure that this entry could hold the OID - if (length >= OID_SIZE(OID)) - { - // See if this is a match for the provided object identifier. - if (MemoryEqual(OID, &(ctx->buffer[ctx->offset]), OID_SIZE(OID))) - { - // Return with ' ctx' set to point to the start of the OID with the size - // set to be the size of the SEQUENCE - ctx->buffer += ctx->offset; - ctx->offset = 0; - ctx->size = length; - return TRUE; - } - } - } - VERIFY(ctx->offset == ctx->size); - return FALSE; -Error: - ctxIn->size = -1; - ctx->size = -1; - return FALSE; -} - -//*** X509GetExtensionBits() -// This function will extract a bit field from an extension. If the extension doesn't -// contain a bit string, it will fail. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -UINT32 -X509GetExtensionBits( - ASN1UnmarshalContext *ctx, - UINT32 *value -) -{ - INT16 length; -// - while (((length = ASN1NextTag(ctx)) > 0) && (ctx->size > ctx->offset)) - { - // Since this is an extension, the extension value will be in an OCTET STRING - if (ctx->tag == ASN1_OCTET_STRING) - { - return ASN1GetBitStringValue(ctx, value); - } - ctx->offset += length; - } - ctx->size = -1; - return FALSE; -} - -//***X509ProcessExtensions() -// This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not -// in the CertifyX509.c code because it makes the code harder to follow. -// Return Type: TPM_RC -// TPM_RCS_ATTRIBUTES the attributes of object are not consistent with -// the extension setting -// TPM_RC_VALUE problem parsing the extensions -TPM_RC -X509ProcessExtensions( - OBJECT *object, // IN: The object with the attributes to - // check - stringRef *extension // IN: The start and length of the extensions -) -{ - ASN1UnmarshalContext ctx; - ASN1UnmarshalContext extensionCtx; - INT16 length; - UINT32 value; -// - if(!ASN1UnmarshalContextInitialize(&ctx, extension->len, extension->buf) - || ((length = ASN1NextTag(&ctx)) < 0) - || (ctx.tag != X509_EXTENSIONS)) - return TPM_RCS_VALUE; - if( ((length = ASN1NextTag(&ctx)) < 0) - || (ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE))) - return TPM_RCS_VALUE; - - // Get the extension for the TPMA_OBJECT if there is one - if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_TCG_TPMA_OBJECT) && - X509GetExtensionBits(&extensionCtx, &value)) - { - // If an keyAttributes extension was found, it must be exactly the same as the - // attributes of the object. - // This cast will work because we know that a TPMA_OBJECT is in a UINT32. - // Set RUNTIME_SIZE_CHECKS to YES to force a check to verify this assumption - // during debug. Doing this is lot easier than having to revisit the code - // any time a new attribute is added. - // NOTE: MemoryEqual() is used to avoid type-punned pointer warning/error. - if(!MemoryEqual(&value, &object->publicArea.objectAttributes, sizeof(value))) - return TPM_RCS_ATTRIBUTES; - } - // Make sure the failure to find the value wasn't because of a fatal error - else if(extensionCtx.size < 0) - return TPM_RCS_VALUE; - - // Get the keyUsage extension. This one is required - if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_KEY_USAGE_EXTENSTION) && - X509GetExtensionBits(&extensionCtx, &value)) - { - x509KeyUsageUnion keyUsage; - TPMA_OBJECT attributes = object->publicArea.objectAttributes; - // - keyUsage.integer = value; - // For KeyUsage: - // the 'sign' attribute is SET if Key Usage includes signing - if( ( (keyUsageSign.integer & keyUsage.integer) != 0 - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) - // OR the 'decrypt' attribute is Set if Key Usage includes decryption uses - || ( (keyUsageDecrypt.integer & keyUsage.integer) != 0 - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - // OR that 'fixedTPM' is SET if Key Usage is non-repudiation - || ( IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, nonrepudiation) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - // OR that 'restricted' is SET if Key Usage is key agreement - || ( IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, keyAgreement) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - ) - return TPM_RCS_ATTRIBUTES; - } - else - // The KeyUsage extension is required - return TPM_RCS_VALUE; - - return TPM_RC_SUCCESS; -} - -//** Marshaling Functions - -//*** X509AddSigningAlgorithm() -// This creates the singing algorithm data. -// Return Type: INT16 -// > 0 number of octets added -// <= 0 failure -INT16 -X509AddSigningAlgorithm( - ASN1MarshalContext *ctx, - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme -) -{ - switch(signKey->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - return X509AddSigningAlgorithmRSA(signKey, scheme, ctx); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return X509AddSigningAlgorithmECC(signKey, scheme, ctx); -#endif // ALG_ECC -#if ALG_SM2 - case ALG_SM2: - return X509AddSigningAlgorithmSM2(signKey, scheme,ctx); -#endif // ALG_SM2 - default: - break; - } - return 0; -} - -//*** X509AddPublicKey() -// This function will add the publicKey description to the DER data. If fillPtr is -// NULL, then no data is transferred and this function will indicate if the TPM -// has the values for DER-encoding of the public key. -// Return Type: INT16 -// > 0 number of octets added -// == 0 failure -INT16 -X509AddPublicKey( - ASN1MarshalContext *ctx, - OBJECT *object -) -{ - switch(object->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - return X509AddPublicRSA(object, ctx); -#endif -#if ALG_ECC - case ALG_ECC_VALUE: - return X509AddPublicECC(object, ctx); -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: - break; -#endif - default: - break; - } - return FALSE; -} - - -//*** X509PushAlgorithmIdentifierSequence() -// Return Type: INT16 -// > 0 number of bytes added -// == 0 failure -INT16 -X509PushAlgorithmIdentifierSequence( - ASN1MarshalContext *ctx, - const BYTE *OID - ) -{ - ASN1StartMarshalContext(ctx); // hash algorithm - ASN1PushNull(ctx); - ASN1PushOID(ctx, OID); - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); -} - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c deleted file mode 100644 index c03476879..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c +++ /dev/null @@ -1,61 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ECC_Parameters_fp.h" - -#if CC_ECC_Parameters // Conditional expansion of this file - -/*(See part 3 specification) -// This command returns the parameters of an ECC curve identified by its TCG -// assigned curveID -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE Unsupported ECC curve ID -TPM_RC -TPM2_ECC_Parameters( - ECC_Parameters_In *in, // IN: input parameter list - ECC_Parameters_Out *out // OUT: output parameter list - ) -{ -// Command Output - - // Get ECC curve parameters - if(CryptEccGetParameters(in->curveID, &out->parameters)) - return TPM_RC_SUCCESS; - else - return TPM_RCS_VALUE + RC_ECC_Parameters_curveID; -} - -#endif // CC_ECC_Parameters \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c deleted file mode 100644 index 9c7ac3341..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ECDH_KeyGen_fp.h" - -#if CC_ECDH_KeyGen // Conditional expansion of this file - -/*(See part 3 specification) -// This command uses the TPM to generate an ephemeral public key and the product -// of the ephemeral private key and the public portion of an ECC key. -*/ -// Return Type: TPM_RC -// TPM_RC_KEY 'keyHandle' does not reference an ECC key -TPM_RC -TPM2_ECDH_KeyGen( - ECDH_KeyGen_In *in, // IN: input parameter list - ECDH_KeyGen_Out *out // OUT: output parameter list - ) -{ - OBJECT *eccKey; - TPM2B_ECC_PARAMETER sensitive; - TPM_RC result; - -// Input Validation - - eccKey = HandleToObject(in->keyHandle); - - // Referenced key must be an ECC key - if(eccKey->publicArea.type != TPM_ALG_ECC) - return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle; - -// Command Output - do - { - TPMT_PUBLIC *keyPublic = &eccKey->publicArea; - // Create ephemeral ECC key - result = CryptEccNewKeyPair(&out->pubPoint.point, &sensitive, - keyPublic->parameters.eccDetail.curveID); - if(result == TPM_RC_SUCCESS) - { - // Compute Z - result = CryptEccPointMultiply(&out->zPoint.point, - keyPublic->parameters.eccDetail.curveID, - &keyPublic->unique.ecc, - &sensitive, - NULL, NULL); - // The point in the key is not on the curve. Indicate - // that the key is bad. - if(result == TPM_RC_ECC_POINT) - return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle; - // The other possible error from CryptEccPointMultiply is - // TPM_RC_NO_RESULT indicating that the multiplication resulted in - // the point at infinity, so get a new random key and start over - // BTW, this never happens. - } - } while(result == TPM_RC_NO_RESULT); - return result; -} - -#endif // CC_ECDH_KeyGen \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c deleted file mode 100644 index f2a6135b1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c +++ /dev/null @@ -1,86 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ECDH_ZGen_fp.h" - -#if CC_ECDH_ZGen // Conditional expansion of this file - -/*(See part 3 specification) -// This command uses the TPM to recover the Z value from a public point -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'keyA' is restricted or -// not a decrypt key -// TPM_RC_KEY key referenced by 'keyA' is not an ECC key -// TPM_RC_NO_RESULT multiplying 'inPoint' resulted in a -// point at infinity -// TPM_RC_SCHEME the scheme of the key referenced by 'keyA' -// is not TPM_ALG_NULL, TPM_ALG_ECDH, -TPM_RC -TPM2_ECDH_ZGen( - ECDH_ZGen_In *in, // IN: input parameter list - ECDH_ZGen_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *eccKey; - -// Input Validation - eccKey = HandleToObject(in->keyHandle); - - // Selected key must be a non-restricted, decrypt ECC key - if(eccKey->publicArea.type != TPM_ALG_ECC) - return TPM_RCS_KEY + RC_ECDH_ZGen_keyHandle; - // Selected key needs to be unrestricted with the 'decrypt' attribute - if(IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_ECDH_ZGen_keyHandle; - // Make sure the scheme allows this use - if(eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_ECDH - && eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME + RC_ECDH_ZGen_keyHandle; -// Command Output - // Compute Z. TPM_RC_ECC_POINT or TPM_RC_NO_RESULT may be returned here. - result = CryptEccPointMultiply(&out->outPoint.point, - eccKey->publicArea.parameters.eccDetail.curveID, - &in->inPoint.point, - &eccKey->sensitive.sensitive.ecc, - NULL, NULL); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_ECDH_ZGen_inPoint); - return result; -} - -#endif // CC_ECDH_ZGen \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c deleted file mode 100644 index 6125e586b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EC_Ephemeral_fp.h" - -#if CC_EC_Ephemeral // Conditional expansion of this file - -/*(See part 3 specification) -// This command creates an ephemeral key using the commit mechanism -*/ -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the TPM is not able to generate an 'r' value -TPM_RC -TPM2_EC_Ephemeral( - EC_Ephemeral_In *in, // IN: input parameter list - EC_Ephemeral_Out *out // OUT: output parameter list - ) -{ - TPM2B_ECC_PARAMETER r; - TPM_RC result; -// - do - { - // Get the random value that will be used in the point multiplications - // Note: this does not commit the count. - if(!CryptGenerateR(&r, NULL, in->curveID, NULL)) - return TPM_RC_NO_RESULT; - // do a point multiply - result = CryptEccPointMultiply(&out->Q.point, in->curveID, NULL, &r, - NULL, NULL); - // commit the count value if either the r value results in the point at - // infinity or if the value is good. The commit on the r value for infinity - // is so that the r value will be skipped. - if((result == TPM_RC_SUCCESS) || (result == TPM_RC_NO_RESULT)) - out->counter = CryptCommit(); - } while(result == TPM_RC_NO_RESULT); - - return TPM_RC_SUCCESS; -} - -#endif // CC_EC_Ephemeral \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c deleted file mode 100644 index 0e41fa4e0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c +++ /dev/null @@ -1,106 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "RSA_Decrypt_fp.h" - -#if CC_RSA_Decrypt // Conditional expansion of this file - -/*(See part 3 specification) -// decrypts the provided data block and removes the padding if applicable -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'decrypt' is not SET or if 'restricted' is SET in -// the key referenced by 'keyHandle' -// TPM_RC_BINDING The public an private parts of the key are not -// properly bound -// TPM_RC_KEY 'keyHandle' does not reference an unrestricted -// decrypt key -// TPM_RC_SCHEME incorrect input scheme, or the chosen -// 'scheme' is not a valid RSA decrypt scheme -// TPM_RC_SIZE 'cipherText' is not the size of the modulus -// of key referenced by 'keyHandle' -// TPM_RC_VALUE 'label' is not a null terminated string or the value -// of 'cipherText' is greater that the modulus of -// 'keyHandle' or the encoding of the data is not -// valid - -TPM_RC -TPM2_RSA_Decrypt( - RSA_Decrypt_In *in, // IN: input parameter list - RSA_Decrypt_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *rsaKey; - TPMT_RSA_DECRYPT *scheme; - -// Input Validation - - rsaKey = HandleToObject(in->keyHandle); - - // The selected key must be an RSA key - if(rsaKey->publicArea.type != TPM_ALG_RSA) - return TPM_RCS_KEY + RC_RSA_Decrypt_keyHandle; - - // The selected key must be an unrestricted decryption key - if(IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_RSA_Decrypt_keyHandle; - - // NOTE: Proper operation of this command requires that the sensitive area - // of the key is loaded. This is assured because authorization is required - // to use the sensitive area of the key. In order to check the authorization, - // the sensitive area has to be loaded, even if authorization is with policy. - - // If label is present, make sure that it is a NULL-terminated string - if(!IsLabelProperlyFormatted(&in->label.b)) - return TPM_RCS_VALUE + RC_RSA_Decrypt_label; -// Command Output - // Select a scheme for decrypt. - scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme); - if(scheme == NULL) - return TPM_RCS_SCHEME + RC_RSA_Decrypt_inScheme; - - // Decryption. TPM_RC_VALUE, TPM_RC_SIZE, and TPM_RC_KEY error may be - // returned by CryptRsaDecrypt. - // NOTE: CryptRsaDecrypt can also return TPM_RC_ATTRIBUTES or TPM_RC_BINDING - // when the key is not a decryption key but that was checked above. - out->message.t.size = sizeof(out->message.t.buffer); - result = CryptRsaDecrypt(&out->message.b, &in->cipherText.b, rsaKey, - scheme, &in->label.b); - return result; -} - -#endif // CC_RSA_Decrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c deleted file mode 100644 index 3ba397c90..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c +++ /dev/null @@ -1,90 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "RSA_Encrypt_fp.h" - -#if CC_RSA_Encrypt // Conditional expansion of this file - -/*(See part 3 specification) -// This command performs the padding and encryption of a data block -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'decrypt' attribute is not SET in key referenced -// by 'keyHandle' -// TPM_RC_KEY 'keyHandle' does not reference an RSA key -// TPM_RC_SCHEME incorrect input scheme, or the chosen -// scheme is not a valid RSA decrypt scheme -// TPM_RC_VALUE the numeric value of 'message' is greater than -// the public modulus of the key referenced by -// 'keyHandle', or 'label' is not a null-terminated -// string -TPM_RC -TPM2_RSA_Encrypt( - RSA_Encrypt_In *in, // IN: input parameter list - RSA_Encrypt_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *rsaKey; - TPMT_RSA_DECRYPT *scheme; -// Input Validation - rsaKey = HandleToObject(in->keyHandle); - - // selected key must be an RSA key - if(rsaKey->publicArea.type != TPM_ALG_RSA) - return TPM_RCS_KEY + RC_RSA_Encrypt_keyHandle; - // selected key must have the decryption attribute - if(!IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_RSA_Encrypt_keyHandle; - - // Is there a label? - if(!IsLabelProperlyFormatted(&in->label.b)) - return TPM_RCS_VALUE + RC_RSA_Encrypt_label; -// Command Output - // Select a scheme for encryption - scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme); - if(scheme == NULL) - return TPM_RCS_SCHEME + RC_RSA_Encrypt_inScheme; - - // Encryption. TPM_RC_VALUE, or TPM_RC_SCHEME errors my be returned buy - // CryptEncyptRSA. - out->outData.t.size = sizeof(out->outData.t.buffer); - - result = CryptRsaEncrypt(&out->outData, &in->message.b, rsaKey, scheme, - &in->label.b, NULL); - return result; -} - -#endif // CC_RSA_Encrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c deleted file mode 100644 index 955ba0b56..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c +++ /dev/null @@ -1,121 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ZGen_2Phase_fp.h" - -#if CC_ZGen_2Phase // Conditional expansion of this file - -// This command uses the TPM to recover one or two Z values in a two phase key -// exchange protocol -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'keyA' is restricted or -// not a decrypt key -// TPM_RC_ECC_POINT 'inQsB' or 'inQeB' is not on the curve of -// the key reference by 'keyA' -// TPM_RC_KEY key referenced by 'keyA' is not an ECC key -// TPM_RC_SCHEME the scheme of the key referenced by 'keyA' -// is not TPM_ALG_NULL, TPM_ALG_ECDH, -// ALG_ECMQV or TPM_ALG_SM2 -TPM_RC -TPM2_ZGen_2Phase( - ZGen_2Phase_In *in, // IN: input parameter list - ZGen_2Phase_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *eccKey; - TPM2B_ECC_PARAMETER r; - TPM_ALG_ID scheme; - -// Input Validation - - eccKey = HandleToObject(in->keyA); - - // keyA must be an ECC key - if(eccKey->publicArea.type != TPM_ALG_ECC) - return TPM_RCS_KEY + RC_ZGen_2Phase_keyA; - - // keyA must not be restricted and must be a decrypt key - if(IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_ZGen_2Phase_keyA; - - // if the scheme of keyA is TPM_ALG_NULL, then use the input scheme; otherwise - // the input scheme must be the same as the scheme of keyA - scheme = eccKey->publicArea.parameters.asymDetail.scheme.scheme; - if(scheme != TPM_ALG_NULL) - { - if(scheme != in->inScheme) - return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; - } - else - scheme = in->inScheme; - if(scheme == TPM_ALG_NULL) - return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; - - // Input points must be on the curve of keyA - if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID, - &in->inQsB.point)) - return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQsB; - - if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID, - &in->inQeB.point)) - return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQeB; - - if(!CryptGenerateR(&r, &in->counter, - eccKey->publicArea.parameters.eccDetail.curveID, - NULL)) - return TPM_RCS_VALUE + RC_ZGen_2Phase_counter; - -// Command Output - - result = - CryptEcc2PhaseKeyExchange(&out->outZ1.point, - &out->outZ2.point, - eccKey->publicArea.parameters.eccDetail.curveID, - scheme, - &eccKey->sensitive.sensitive.ecc, - &r, - &in->inQsB.point, - &in->inQeB.point); - if(result == TPM_RC_SCHEME) - return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; - - if(result == TPM_RC_SUCCESS) - CryptEndCommit(in->counter); - - return result; -} -#endif // CC_ZGen_2Phase \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c deleted file mode 100644 index 18106eaaf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "AC_GetCapability_fp.h" -#include "AC_spt_fp.h" - -#if CC_AC_GetCapability // Conditional expansion of this file - -/*(See part 3 specification) -// This command returns various information regarding Attached Components -*/ -TPM_RC -TPM2_AC_GetCapability( - AC_GetCapability_In *in, // IN: input parameter list - AC_GetCapability_Out *out // OUT: output parameter list - ) -{ -// Command Output - out->moreData = AcCapabilitiesGet(in->ac, in->count, &out->capabilitiesData); - - return TPM_RC_SUCCESS; -} - -#endif // CC_AC_GetCapability \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c deleted file mode 100644 index 1477c7f24..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "AC_Send_fp.h" -#include "AC_spt_fp.h" - - -#if CC_AC_Send // Conditional expansion of this file - -/*(See part 3 specification) -// Duplicate a loaded object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key to duplicate has 'fixedParent' SET -// TPM_RC_HASH for an RSA key, the nameAlg digest size for the -// newParent is not compatible with the key size -// TPM_RC_HIERARCHY 'encryptedDuplication' is SET and 'newParentHandle' -// specifies Null Hierarchy -// TPM_RC_KEY 'newParentHandle' references invalid ECC key (public -// point not on the curve) -// TPM_RC_SIZE input encryption key size does not match the -// size specified in symmetric algorithm -// TPM_RC_SYMMETRIC 'encryptedDuplication' is SET but no symmetric -// algorithm is provided -// TPM_RC_TYPE 'newParentHandle' is neither a storage key nor -// TPM_RH_NULL; or the object has a NULL nameAlg -// TPM_RC_VALUE for an RSA newParent, the sizes of the digest and -// the encryption key are too large to be OAEP encoded -TPM_RC -TPM2_AC_Send( - AC_Send_In *in, // IN: input parameter list - AC_Send_Out *out // OUT: output parameter list -) -{ - NV_REF locator; - TPM_HANDLE nvAlias = ((in->ac - AC_FIRST) + NV_AC_FIRST); - NV_INDEX *nvIndex = NvGetIndexInfo(nvAlias, &locator); - OBJECT *object = HandleToObject(in->sendObject); - TPM_RC result; -// Input validation - // If there is an NV alias, then the index must allow the authorization provided - if(nvIndex != NULL) - { - // Common access checks, NvWriteAccessCheck() may return - // TPM_RC_NV_AUTHORIZATION or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, nvAlias, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - } - // If 'ac' did not have an alias then the authorization had to be with either - // platform or owner authorization. The type of TPMI_RH_NV_AUTH only allows - // owner or platform or an NV index. If it was a valid index, it would have had - // an alias and be processed above, so only success here is if this is a - // permanent handle. - else if(HandleGetType(in->authHandle) != TPM_HT_PERMANENT) - return TPM_RCS_HANDLE + RC_AC_Send_authHandle; - // Make sure that the object to be duplicated has the right attributes - if(IS_ATTRIBUTE(object->publicArea.objectAttributes, - TPMA_OBJECT, encryptedDuplication) - || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, - fixedParent) - || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES + RC_AC_Send_sendObject; -// Command output - // Do the implementation dependent send - return AcSendObject(in->ac, object, &out->acDataOut); -} - -#endif // TPM_CC_AC_Send \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c deleted file mode 100644 index b938bee30..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c +++ /dev/null @@ -1,149 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "AC_spt_fp.h" - - -#if 1 // This is the simulated AC data. - -typedef struct { - TPMI_RH_AC ac; - TPML_AC_CAPABILITIES *acData; - -} acCapabilities; - - -TPML_AC_CAPABILITIES acData0001 = {1, - {{TPM_AT_PV1, 0x01234567}}}; - -acCapabilities ac[1] = { {0x0001, &acData0001} }; - -#define NUM_AC (sizeof(ac) / sizeof(acCapabilities)) - -#endif // 1 The simulated AC data - -//*** AcToCapabilities() -// This function returns a pointer to a list of AC capabilities. -TPML_AC_CAPABILITIES * -AcToCapabilities( - TPMI_RH_AC component // IN: component -) -{ - UINT32 index; -// - for(index = 0; index < NUM_AC; index++) - { - if(ac[index].ac == component) - return ac[index].acData; - } - return NULL; -} - -//*** AcIsAccessible() -// Function to determine if an AC handle references an actual AC -// Return Type: BOOL -BOOL -AcIsAccessible( - TPM_HANDLE acHandle - ) -{ - // In this implementation, the AC exists if there are some capabilities to go - // with the handle - return AcToCapabilities(acHandle) != NULL; -} - -//*** AcCapabilitiesGet() -// This function returns a list of capabilities associated with an AC -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -AcCapabilitiesGet( - TPMI_RH_AC component, // IN: the component - TPM_AT type, // IN: start capability type - TPML_AC_CAPABILITIES *capabilityList // OUT: list of handle -) -{ - TPMI_YES_NO more = NO; - UINT32 i; - TPML_AC_CAPABILITIES *capabilities = AcToCapabilities(component); - - pAssert(HandleGetType(component) == TPM_HT_AC); - - // Initialize output handle list - capabilityList->count = 0; - - if(capabilities != NULL) - { - // Find the first capability less than or equal to type - for(i = 0; i < capabilities->count; i++) - { - if(capabilities->acCapabilities[i].tag >= type) - { - // copy the capabilities until we run out or fill the list - for(; (capabilityList->count < MAX_AC_CAPABILITIES) - && (i < capabilities->count); i++) - { - capabilityList->acCapabilities[capabilityList->count] - = capabilities->acCapabilities[i]; - capabilityList->count++; - } - more = i < capabilities->count; - } - } - } - return more; -} - - -//*** AcSendObject() -// Stub to handle sending of an AC object -// Return Type: TPM_RC -TPM_RC -AcSendObject( - TPM_HANDLE acHandle, // IN: Handle of AC receiving object - OBJECT *object, // IN: object structure to send - TPMS_AC_OUTPUT *acDataOut // OUT: results of operation -) -{ - NOT_REFERENCED(object); - NOT_REFERENCED(acHandle); - acDataOut->tag = TPM_AT_ERROR; // indicate that the response contains an - // error code - acDataOut->data = TPM_AE_NONE; // but there is no error. - - return TPM_RC_SUCCESS; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c deleted file mode 100644 index 8973e1911..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c +++ /dev/null @@ -1,115 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Policy_AC_SendSelect_fp.h" - -#if CC_Policy_AC_SendSelect // Conditional expansion of this file - -/*(See part 3 specification) -// allows qualification of attached component and object to be sent. -*/ -// Return Type: TPM_RC -// TPM_RC_COMMAND_CODE 'commandCode' of 'policySession; is not empty -// TPM_RC_CPHASH 'cpHash' of 'policySession' is not empty -TPM_RC -TPM2_Policy_AC_SendSelect( - Policy_AC_SendSelect_In *in // IN: input parameter list - ) -{ - SESSION *session; - HASH_STATE hashState; - TPM_CC commandCode = TPM_CC_Policy_AC_SendSelect; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // cpHash in session context must be empty - if(session->u1.cpHash.t.size != 0) - return TPM_RC_CPHASH; - // commandCode in session context must be empty - if(session->commandCode != 0) - return TPM_RC_COMMAND_CODE; -// Internal Data Update - // Update name hash - session->u1.cpHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - - // add objectName - CryptDigestUpdate2B(&hashState, &in->objectName.b); - - // add authHandleName - CryptDigestUpdate2B(&hashState, &in->authHandleName.b); - - // add ac name - CryptDigestUpdate2B(&hashState, &in->acName.b); - - // complete hash - CryptHashEnd2B(&hashState, &session->u1.cpHash.b); - - // update policy hash - // Old policyDigest size should be the same as the new policyDigest size since - // they are using the same hash algorithm - session->u2.policyDigest.t.size - = CryptHashStart(&hashState, session->authHashAlg); -// add old policy - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add command code - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add objectName - if(in->includeObject == YES) - CryptDigestUpdate2B(&hashState, &in->objectName.b); - - // add authHandleName - CryptDigestUpdate2B(&hashState, &in->authHandleName.b); - - // add acName - CryptDigestUpdate2B(&hashState, &in->acName.b); - - // add includeObject - CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->includeObject); - - // complete digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // set commandCode in session context - session->commandCode = TPM_CC_AC_Send; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyDuplicationSelect \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c deleted file mode 100644 index 2715c38f7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c +++ /dev/null @@ -1,198 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "Attest_spt_fp.h" - -//** Functions - -//***FillInAttestInfo() -// Fill in common fields of TPMS_ATTEST structure. -void -FillInAttestInfo( - TPMI_DH_OBJECT signHandle, // IN: handle of signing object - TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing - TPM2B_DATA *data, // IN: qualifying data - TPMS_ATTEST *attest // OUT: attest structure - ) -{ - OBJECT *signObject = HandleToObject(signHandle); - - // Magic number - attest->magic = TPM_GENERATED_VALUE; - - if(signObject == NULL) - { - // The name for a null handle is TPM_RH_NULL - // This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the - // size of the cast is smaller than a constant, the compiler warns - // about the truncation of a constant value. - TPM_HANDLE nullHandle = TPM_RH_NULL; - attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE); - UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name); - } - else - { - // Certifying object qualified name - // if the scheme is anonymous, this is an empty buffer - if(CryptIsSchemeAnonymous(scheme->scheme)) - attest->qualifiedSigner.t.size = 0; - else - attest->qualifiedSigner = signObject->qualifiedName; - } - // current clock in plain text - TimeFillInfo(&attest->clockInfo); - - // Firmware version in plain text - attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8)); - attest->firmwareVersion += gp.firmwareV2; - - // Check the hierarchy of sign object. For NULL sign handle, the hierarchy - // will be TPM_RH_NULL - if((signObject == NULL) - || (!signObject->attributes.epsHierarchy - && !signObject->attributes.ppsHierarchy)) - { - // For signing key that is not in platform or endorsement hierarchy, - // obfuscate the reset, restart and firmware version information - UINT64 obfuscation[2]; - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gp.shProof.b, OBFUSCATE_STRING, - &attest->qualifiedSigner.b, NULL, 128, - (BYTE *)&obfuscation[0], NULL, FALSE); - // Obfuscate data - attest->firmwareVersion += obfuscation[0]; - attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32); - attest->clockInfo.restartCount += (UINT32)obfuscation[1]; - } - // External data - if(CryptIsSchemeAnonymous(scheme->scheme)) - attest->extraData.t.size = 0; - else - { - // If we move the data to the attestation structure, then it is not - // used in the signing operation except as part of the signed data - attest->extraData = *data; - data->t.size = 0; - } -} - -//***SignAttestInfo() -// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature -// is returned. -// -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key -// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -SignAttestInfo( - OBJECT *signKey, // IN: sign object - TPMT_SIG_SCHEME *scheme, // IN: sign scheme - TPMS_ATTEST *certifyInfo, // IN: the data to be signed - TPM2B_DATA *qualifyingData, // IN: extra data for the signing - // process - TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be - // signed - TPMT_SIGNATURE *signature // OUT: signature - ) -{ - BYTE *buffer; - HASH_STATE hashState; - TPM2B_DIGEST digest; - TPM_RC result; - - // Marshal TPMS_ATTEST structure for hash - buffer = attest->t.attestationData; - attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL); - - if(signKey == NULL) - { - signature->sigAlg = TPM_ALG_NULL; - result = TPM_RC_SUCCESS; - } - else - { - TPMI_ALG_HASH hashAlg; - // Compute hash - hashAlg = scheme->details.any.hashAlg; - // need to set the receive buffer to get something put in it - digest.t.size = sizeof(digest.t.buffer); - digest.t.size = CryptHashBlock(hashAlg, attest->t.size, - attest->t.attestationData, - digest.t.size, digest.t.buffer); - // If there is qualifying data, need to rehash the data - // hash(qualifyingData || hash(attestationData)) - if(qualifyingData->t.size != 0) - { - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate2B(&hashState, &qualifyingData->b); - CryptDigestUpdate2B(&hashState, &digest.b); - CryptHashEnd2B(&hashState, &digest.b); - } - // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or - // TPM_RC_ATTRIBUTES error may be returned at this point - result = CryptSign(signKey, scheme, &digest, signature); - - // Since the clock is used in an attestation, the state in NV is no longer - // "orderly" with respect to the data in RAM if the signature is valid - if(result == TPM_RC_SUCCESS) - { - // Command uses the clock so need to clear the orderly state if it is - // set. - result = NvClearOrderly(); - } - } - return result; -} - -//*** IsSigningObject() -// Checks to see if the object is OK for signing. This is here rather than in -// Object_spt.c because all the attestation commands use this file but not -// Object_spt.c. -// Return Type: BOOL -// TRUE(1) object may sign -// FALSE(0) object may not sign -BOOL -IsSigningObject( - OBJECT *object // IN: - ) -{ - return ((object == NULL) - || ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) - && object->publicArea.type != TPM_ALG_SYMCIPHER))); -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c deleted file mode 100644 index 0bdc22361..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c +++ /dev/null @@ -1,94 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "Certify_fp.h" - -#if CC_Certify // Conditional expansion of this file - -/*(See part 3 specification) -// prove an object with a specific Name is loaded in the TPM -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is not compatible with 'signHandle' -// TPM_RC_VALUE digest generated for 'inScheme' is greater or has larger -// size than the modulus of 'signHandle', or the buffer for -// the result in 'signature' is too small (for an RSA key); -// invalid commit status (for an ECC key with a split scheme) -TPM_RC -TPM2_Certify( - Certify_In *in, // IN: input parameter list - Certify_Out *out // OUT: output parameter list - ) -{ - TPMS_ATTEST certifyInfo; - OBJECT *signObject = HandleToObject(in->signHandle); - OBJECT *certifiedObject = HandleToObject(in->objectHandle); -// Input validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_Certify_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_Certify_inScheme; - -// Command Output - // Filling in attest information - // Common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &certifyInfo); - - // Certify specific fields - certifyInfo.type = TPM_ST_ATTEST_CERTIFY; - // NOTE: the certified object is not allowed to be TPM_ALG_NULL so - // 'certifiedObject' will never be NULL - certifyInfo.attested.certify.name = certifiedObject->name; - - // When using an anonymous signing scheme, need to set the qualified Name to the - // empty buffer to avoid correlation between keys - if(CryptIsSchemeAnonymous(in->inScheme.scheme)) - certifyInfo.attested.certify.qualifiedName.t.size = 0; - else - certifyInfo.attested.certify.qualifiedName = certifiedObject->qualifiedName; - - - // Sign attestation structure. A NULL signature will be returned if - // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, - // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned - // by SignAttestInfo() - return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, - &in->qualifyingData, &out->certifyInfo, &out->signature); -} - -#endif // CC_Certify \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c deleted file mode 100644 index 2cb7f1837..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c +++ /dev/null @@ -1,98 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "CertifyCreation_fp.h" - -#if CC_CertifyCreation // Conditional expansion of this file - -/*(See part 3 specification) -// Prove the association between an object and its creation data -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is not compatible with 'signHandle' -// TPM_RC_TICKET 'creationTicket' does not match 'objectHandle' -// TPM_RC_VALUE digest generated for 'inScheme' is greater or has larger -// size than the modulus of 'signHandle', or the buffer for -// the result in 'signature' is too small (for an RSA key); -// invalid commit status (for an ECC key with a split scheme). -TPM_RC -TPM2_CertifyCreation( - CertifyCreation_In *in, // IN: input parameter list - CertifyCreation_Out *out // OUT: output parameter list - ) -{ - TPMT_TK_CREATION ticket; - TPMS_ATTEST certifyInfo; - OBJECT *certified = HandleToObject(in->objectHandle); - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_CertifyCreation_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_CertifyCreation_inScheme; - - // CertifyCreation specific input validation - // Re-compute ticket - TicketComputeCreation(in->creationTicket.hierarchy, &certified->name, - &in->creationHash, &ticket); - // Compare ticket - if(!MemoryEqual2B(&ticket.digest.b, &in->creationTicket.digest.b)) - return TPM_RCS_TICKET + RC_CertifyCreation_creationTicket; - -// Command Output - // Common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &certifyInfo); - - // CertifyCreation specific fields - // Attestation type - certifyInfo.type = TPM_ST_ATTEST_CREATION; - certifyInfo.attested.creation.objectName = certified->name; - - // Copy the creationHash - certifyInfo.attested.creation.creationHash = in->creationHash; - - // Sign attestation structure. A NULL signature will be returned if - // signObject is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, - // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at - // this point - return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, - &in->qualifyingData, &out->certifyInfo, - &out->signature); -} - -#endif // CC_CertifyCreation \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c deleted file mode 100644 index 961ed47d7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c +++ /dev/null @@ -1,276 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "CertifyX509_fp.h" -#include "X509.h" -#include "TpmASN1_fp.h" -#include "X509_spt_fp.h" -#include "Attest_spt_fp.h" - -#if CC_CertifyX509 // Conditional expansion of this file - -/*(See part 3 specification) -// Certify -*/ -// return type: TPM_RC -// TPM_RC_ATTRIBUTES the attributes of 'objectHandle' are not compatible -// with the KeyUsage or TPMA_OBJECT values in the -// extensions fields -// TPM_RC_BINDING the public and private portions of the key are not -// properly bound. -// TPM_RC_HASH the hash algorithm in the scheme is not supported -// TPM_RC_KEY 'signHandle' does not reference a signing key; -// TPM_RC_SCHEME the scheme is not compatible with sign key type, -// or input scheme is not compatible with default -// scheme, or the chosen scheme is not a valid -// sign scheme -// TPM_RC_VALUE most likely a problem with the format of -// 'partialCertificate' -TPM_RC -TPM2_CertifyX509( - CertifyX509_In *in, // IN: input parameter list - CertifyX509_Out *out // OUT: output parameter list -) -{ - TPM_RC result; - OBJECT *signKey = HandleToObject(in->signHandle); - OBJECT *object = HandleToObject(in->objectHandle); - HASH_STATE hash; - INT16 length; // length for a tagged element - ASN1UnmarshalContext ctx; - ASN1MarshalContext ctxOut; - // certTBS holds an array of pointers and lengths. Each entry references the - // corresponding value in a TBSCertificate structure. For example, the 1th - // element references the version number - stringRef certTBS[REF_COUNT] = {{0}}; -#define ALLOWED_SEQUENCES (SUBJECT_PUBLIC_KEY_REF - SIGNATURE_REF) - stringRef partial[ALLOWED_SEQUENCES] = {{0}}; - INT16 countOfSequences = 0; - INT16 i; - // -#if CERTIFYX509_DEBUG - DebugFileOpen(); - DebugDumpBuffer(in->partialCertificate.t.size, in->partialCertificate.t.buffer, - "partialCertificate"); -#endif - - // Input Validation - // signing key must be able to sign - if(!IsSigningObject(signKey)) - return TPM_RCS_KEY + RC_CertifyX509_signHandle; - // Pick a scheme for sign. If the input sign scheme is not compatible with - // the default scheme, return an error. - if(!CryptSelectSignScheme(signKey, &in->inScheme)) - return TPM_RCS_SCHEME + RC_CertifyX509_inScheme; - // Make sure that the public Key encoding is known - if(X509AddPublicKey(NULL, object) == 0) - return TPM_RCS_ASYMMETRIC + RC_CertifyX509_objectHandle; - // Unbundle 'partialCertificate'. - // Initialize the unmarshaling context - if(!ASN1UnmarshalContextInitialize(&ctx, in->partialCertificate.t.size, - in->partialCertificate.t.buffer)) - return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; - // Make sure that this is a constructed SEQUENCE - length = ASN1NextTag(&ctx); - // Must be a constructed SEQUENCE that uses all of the input parameter - if((ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE)) - || ((ctx.offset + length) != in->partialCertificate.t.size)) - return TPM_RCS_SIZE + RC_CertifyX509_partialCertificate; - - // This scans through the contents of the outermost SEQUENCE. This would be the - // 'issuer', 'validity', 'subject', 'issuerUniqueID' (optional), - // 'subjectUniqueID' (optional), and 'extensions.' - while(ctx.offset < ctx.size) - { - INT16 startOfElement = ctx.offset; - // - // Read the next tag and length field. - length = ASN1NextTag(&ctx); - if(length < 0) - break; - if(ctx.tag == ASN1_CONSTRUCTED_SEQUENCE) - { - partial[countOfSequences].buf = &ctx.buffer[startOfElement]; - ctx.offset += length; - partial[countOfSequences].len = (INT16)ctx.offset - startOfElement; - if(++countOfSequences > ALLOWED_SEQUENCES) - break; - } - else if(ctx.tag == X509_EXTENSIONS) - { - if(certTBS[EXTENSIONS_REF].len != 0) - return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; - certTBS[EXTENSIONS_REF].buf = &ctx.buffer[startOfElement]; - ctx.offset += length; - certTBS[EXTENSIONS_REF].len = - (INT16)ctx.offset - startOfElement; - } - else - return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; - } - // Make sure that we used all of the data and found at least the required - // number of elements. - if((ctx.offset != ctx.size) || (countOfSequences < 3) - || (countOfSequences > 4) - || (certTBS[EXTENSIONS_REF].buf == NULL)) - return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; - // Now that we know how many sequences there were, we can put them where they - // belong - for(i = 0; i < countOfSequences; i++) - certTBS[SUBJECT_KEY_REF - i] = partial[countOfSequences - 1 - i]; - - // If only three SEQUENCES, then the TPM needs to produce the signature algorithm. - // See if it can - if((countOfSequences == 3) && - (X509AddSigningAlgorithm(NULL, signKey, &in->inScheme) == 0)) - return TPM_RCS_SCHEME + RC_CertifyX509_signHandle; - - // Process the extensions - result = X509ProcessExtensions(object, &certTBS[EXTENSIONS_REF]); - if(result != TPM_RC_SUCCESS) - // If the extension has the TPMA_OBJECT extension and the attributes don't - // match, then the error code will be TPM_RCS_ATTRIBUTES. Otherwise, the error - // indicates a malformed partialCertificate. - return result + ((result == TPM_RCS_ATTRIBUTES) - ? RC_CertifyX509_objectHandle - : RC_CertifyX509_partialCertificate); -// Command Output -// Create the addedToCertificate values - - // Build the addedToCertificate from the bottom up. - // Initialize the context structure - ASN1InitialializeMarshalContext(&ctxOut, sizeof(out->addedToCertificate.t.buffer), - out->addedToCertificate.t.buffer); - // Place a marker for the overall context - ASN1StartMarshalContext(&ctxOut); // SEQUENCE for addedToCertificate - - // Add the subject public key descriptor - certTBS[SUBJECT_PUBLIC_KEY_REF].len = X509AddPublicKey(&ctxOut, object); - certTBS[SUBJECT_PUBLIC_KEY_REF].buf = ctxOut.buffer + ctxOut.offset; - // If the caller didn't provide the algorithm identifier, create it - if(certTBS[SIGNATURE_REF].len == 0) - { - certTBS[SIGNATURE_REF].len = X509AddSigningAlgorithm(&ctxOut, signKey, - &in->inScheme); - certTBS[SIGNATURE_REF].buf = ctxOut.buffer + ctxOut.offset; - } - // Create the serial number value. Use the out->tbsDigest as scratch. - { - TPM2B *digest = &out->tbsDigest.b; - // - digest->size = (INT16)CryptHashStart(&hash, signKey->publicArea.nameAlg); - pAssert(digest->size != 0); - - // The serial number size is the smaller of the digest and the vendor-defined - // value - digest->size = MIN(digest->size, SIZE_OF_X509_SERIAL_NUMBER); - // Add all the parts of the certificate other than the serial number - // and version number - for(i = SIGNATURE_REF; i < REF_COUNT; i++) - CryptDigestUpdate(&hash, certTBS[i].len, certTBS[i].buf); - // throw in the Name of the signing key... - CryptDigestUpdate2B(&hash, &signKey->name.b); - // ...and the Name of the signed key. - CryptDigestUpdate2B(&hash, &object->name.b); - // Done - CryptHashEnd2B(&hash, digest); - } - - // Add the serial number - certTBS[SERIAL_NUMBER_REF].len = - ASN1PushInteger(&ctxOut, out->tbsDigest.t.size, out->tbsDigest.t.buffer); - certTBS[SERIAL_NUMBER_REF].buf = ctxOut.buffer + ctxOut.offset; - - // Add the static version number - ASN1StartMarshalContext(&ctxOut); - ASN1PushUINT(&ctxOut, 2); - certTBS[VERSION_REF].len = - ASN1EndEncapsulation(&ctxOut, ASN1_APPLICAIION_SPECIFIC); - certTBS[VERSION_REF].buf = ctxOut.buffer + ctxOut.offset; - - // Create a fake tag and length for the TBS in the space used for - // 'addedToCertificate' - { - for(length = 0, i = 0; i < REF_COUNT; i++) - length += certTBS[i].len; - // Put a fake tag and length into the buffer for use in the tbsDigest - certTBS[ENCODED_SIZE_REF].len = - ASN1PushTagAndLength(&ctxOut, ASN1_CONSTRUCTED_SEQUENCE, length); - certTBS[ENCODED_SIZE_REF].buf = ctxOut.buffer + ctxOut.offset; - // Restore the buffer pointer to add back the number of octets used for the - // tag and length - ctxOut.offset += certTBS[ENCODED_SIZE_REF].len; - } - // sanity check - if(ctxOut.offset < 0) - return TPM_RC_FAILURE; - // Create the tbsDigest to sign - out->tbsDigest.t.size = CryptHashStart(&hash, in->inScheme.details.any.hashAlg); - for(i = 0; i < REF_COUNT; i++) - CryptDigestUpdate(&hash, certTBS[i].len, certTBS[i].buf); - CryptHashEnd2B(&hash, &out->tbsDigest.b); - -#if CERTIFYX509_DEBUG - { - BYTE fullTBS[4096]; - BYTE *fill = fullTBS; - int j; - for (j = 0; j < REF_COUNT; j++) - { - MemoryCopy(fill, certTBS[j].buf, certTBS[j].len); - fill += certTBS[j].len; - } - DebugDumpBuffer((int)(fill - &fullTBS[0]), fullTBS, "\nfull TBS"); - } -#endif - -// Finish up the processing of addedToCertificate - // Create the actual tag and length for the addedToCertificate structure - out->addedToCertificate.t.size = - ASN1EndEncapsulation(&ctxOut, ASN1_CONSTRUCTED_SEQUENCE); - // Now move all the addedToContext to the start of the buffer - MemoryCopy(out->addedToCertificate.t.buffer, ctxOut.buffer + ctxOut.offset, - out->addedToCertificate.t.size); -#if CERTIFYX509_DEBUG - DebugDumpBuffer(out->addedToCertificate.t.size, out->addedToCertificate.t.buffer, - "\naddedToCertificate"); -#endif - // only thing missing is the signature - result = CryptSign(signKey, &in->inScheme, &out->tbsDigest, &out->signature); - - return result; -} - -#endif // CC_CertifyX509 diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c deleted file mode 100644 index 5ecc90153..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c +++ /dev/null @@ -1,99 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "GetCommandAuditDigest_fp.h" - -#if CC_GetCommandAuditDigest // Conditional expansion of this file - -/*(See part 3 specification) -// Get current value of command audit log -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or -// both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -TPM2_GetCommandAuditDigest( - GetCommandAuditDigest_In *in, // IN: input parameter list - GetCommandAuditDigest_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - TPMS_ATTEST auditInfo; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_GetCommandAuditDigest_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_GetCommandAuditDigest_inScheme; - -// Command Output - // Fill in attest information common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &auditInfo); - - // CommandAuditDigest specific fields - auditInfo.type = TPM_ST_ATTEST_COMMAND_AUDIT; - auditInfo.attested.commandAudit.digestAlg = gp.auditHashAlg; - auditInfo.attested.commandAudit.auditCounter = gp.auditCounter; - - // Copy command audit log - auditInfo.attested.commandAudit.auditDigest = gr.commandAuditDigest; - CommandAuditGetDigest(&auditInfo.attested.commandAudit.commandDigest); - - // Sign attestation structure. A NULL signature will be returned if - // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, - // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at - // this point - result = SignAttestInfo(signObject, &in->inScheme, &auditInfo, - &in->qualifyingData, &out->auditInfo, - &out->signature); - // Internal Data Update - if(result == TPM_RC_SUCCESS && in->signHandle != TPM_RH_NULL) - // Reset log - gr.commandAuditDigest.t.size = 0; - - return result; -} - -#endif // CC_GetCommandAuditDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c deleted file mode 100644 index e9ed0470d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c +++ /dev/null @@ -1,95 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "GetSessionAuditDigest_fp.h" - -#if CC_GetSessionAuditDigest // Conditional expansion of this file - -/*(See part 3 specification) -// Get audit session digest -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or -// both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -// TPM_RC_TYPE 'sessionHandle' does not reference an audit session -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -TPM2_GetSessionAuditDigest( - GetSessionAuditDigest_In *in, // IN: input parameter list - GetSessionAuditDigest_Out *out // OUT: output parameter list - ) -{ - SESSION *session = SessionGet(in->sessionHandle); - TPMS_ATTEST auditInfo; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_GetSessionAuditDigest_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_GetSessionAuditDigest_inScheme; - - // session must be an audit session - if(session->attributes.isAudit == CLEAR) - return TPM_RCS_TYPE + RC_GetSessionAuditDigest_sessionHandle; - -// Command Output - // Fill in attest information common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &auditInfo); - - // SessionAuditDigest specific fields - auditInfo.type = TPM_ST_ATTEST_SESSION_AUDIT; - auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest; - - // Exclusive audit session - auditInfo.attested.sessionAudit.exclusiveSession - = (g_exclusiveAuditSession == in->sessionHandle); - - // Sign attestation structure. A NULL signature will be returned if - // signObject is NULL. - return SignAttestInfo(signObject, &in->inScheme, &auditInfo, - &in->qualifyingData, &out->auditInfo, - &out->signature); -} - -#endif // CC_GetSessionAuditDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c deleted file mode 100644 index fe24c7e6a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "GetTime_fp.h" - -#if CC_GetTime // Conditional expansion of this file - -/*(See part 3 specification) -// Applies a time stamp to the passed blob (qualifyingData). -*/ -// Return Type: TPM_RC -// TPM_RC_KEY key referenced by 'signHandle' is not a signing key -// TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or -// both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -// TPM_RC_VALUE digest generated for the given 'scheme' is greater than -// the modulus of 'signHandle' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -TPM2_GetTime( - GetTime_In *in, // IN: input parameter list - GetTime_Out *out // OUT: output parameter list - ) -{ - TPMS_ATTEST timeInfo; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_GetTime_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_GetTime_inScheme; - -// Command Output - // Fill in attest common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &timeInfo); - - // GetClock specific fields - timeInfo.type = TPM_ST_ATTEST_TIME; - timeInfo.attested.time.time.time = g_time; - TimeFillInfo(&timeInfo.attested.time.time.clockInfo); - - // Firmware version in plain text - timeInfo.attested.time.firmwareVersion - = (((UINT64)gp.firmwareV1) << 32) + gp.firmwareV2; - - // Sign attestation structure. A NULL signature will be returned if - // signObject is NULL. - return SignAttestInfo(signObject, &in->inScheme, &timeInfo, &in->qualifyingData, - &out->timeInfo, &out->signature); -} - -#endif // CC_GetTime \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c deleted file mode 100644 index f22e3cde2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c +++ /dev/null @@ -1,98 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "Quote_fp.h" - -#if CC_Quote // Conditional expansion of this file - -/*(See part 3 specification) -// quote PCR values -*/ -// Return Type: TPM_RC -// TPM_RC_KEY 'signHandle' does not reference a signing key; -// TPM_RC_SCHEME the scheme is not compatible with sign key type, -// or input scheme is not compatible with default -// scheme, or the chosen scheme is not a valid -// sign scheme -TPM_RC -TPM2_Quote( - Quote_In *in, // IN: input parameter list - Quote_Out *out // OUT: output parameter list - ) -{ - TPMI_ALG_HASH hashAlg; - TPMS_ATTEST quoted; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_Quote_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_Quote_inScheme; - -// Command Output - - // Filling in attest information - // Common fields - // FillInAttestInfo may return TPM_RC_SCHEME or TPM_RC_KEY - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, "ed); - - // Quote specific fields - // Attestation type - quoted.type = TPM_ST_ATTEST_QUOTE; - - // Get hash algorithm in sign scheme. This hash algorithm is used to - // compute PCR digest. If there is no algorithm, then the PCR cannot - // be digested and this command returns TPM_RC_SCHEME - hashAlg = in->inScheme.details.any.hashAlg; - - if(hashAlg == TPM_ALG_NULL) - return TPM_RCS_SCHEME + RC_Quote_inScheme; - - // Compute PCR digest - PCRComputeCurrentDigest(hashAlg, &in->PCRselect, - "ed.attested.quote.pcrDigest); - - // Copy PCR select. "PCRselect" is modified in PCRComputeCurrentDigest - // function - quoted.attested.quote.pcrSelect = in->PCRselect; - - // Sign attestation structure. A NULL signature will be returned if - // signObject is NULL. - return SignAttestInfo(signObject, &in->inScheme, "ed, &in->qualifyingData, - &out->quoted, &out->signature); -} - -#endif // CC_Quote \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c deleted file mode 100644 index a3c5cf7e4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c +++ /dev/null @@ -1,180 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "GetCapability_fp.h" - -#if CC_GetCapability // Conditional expansion of this file - -/*(See part 3 specification) -// This command returns various information regarding the TPM and its current -// state -*/ -// Return Type: TPM_RC -// TPM_RC_HANDLE value of 'property' is in an unsupported handle range -// for the TPM_CAP_HANDLES 'capability' value -// TPM_RC_VALUE invalid 'capability'; or 'property' is not 0 for the -// TPM_CAP_PCRS 'capability' value -TPM_RC -TPM2_GetCapability( - GetCapability_In *in, // IN: input parameter list - GetCapability_Out *out // OUT: output parameter list - ) -{ - TPMU_CAPABILITIES *data = &out->capabilityData.data; -// Command Output - - // Set output capability type the same as input type - out->capabilityData.capability = in->capability; - - switch(in->capability) - { - case TPM_CAP_ALGS: - out->moreData = AlgorithmCapGetImplemented((TPM_ALG_ID)in->property, - in->propertyCount, - &data->algorithms); - break; - case TPM_CAP_HANDLES: - switch(HandleGetType((TPM_HANDLE)in->property)) - { - case TPM_HT_TRANSIENT: - // Get list of handles of loaded transient objects - out->moreData = ObjectCapGetLoaded((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_PERSISTENT: - // Get list of handles of persistent objects - out->moreData = NvCapGetPersistent((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_NV_INDEX: - // Get list of defined NV index - out->moreData = NvCapGetIndex((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_LOADED_SESSION: - // Get list of handles of loaded sessions - out->moreData = SessionCapGetLoaded((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; -#ifdef TPM_HT_SAVED_SESSION - case TPM_HT_SAVED_SESSION: -#else - case TPM_HT_ACTIVE_SESSION: -#endif - // Get list of handles of - out->moreData = SessionCapGetSaved((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_PCR: - // Get list of handles of PCR - out->moreData = PCRCapGetHandles((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - case TPM_HT_PERMANENT: - // Get list of permanent handles - out->moreData = PermanentCapGetHandles((TPM_HANDLE)in->property, - in->propertyCount, - &data->handles); - break; - default: - // Unsupported input handle type - return TPM_RCS_HANDLE + RC_GetCapability_property; - break; - } - break; - case TPM_CAP_COMMANDS: - out->moreData = CommandCapGetCCList((TPM_CC)in->property, - in->propertyCount, - &data->command); - break; - case TPM_CAP_PP_COMMANDS: - out->moreData = PhysicalPresenceCapGetCCList((TPM_CC)in->property, - in->propertyCount, - &data->ppCommands); - break; - case TPM_CAP_AUDIT_COMMANDS: - out->moreData = CommandAuditCapGetCCList((TPM_CC)in->property, - in->propertyCount, - &data->auditCommands); - break; - case TPM_CAP_PCRS: - // Input property must be 0 - if(in->property != 0) - return TPM_RCS_VALUE + RC_GetCapability_property; - out->moreData = PCRCapGetAllocation(in->propertyCount, - &data->assignedPCR); - break; - case TPM_CAP_PCR_PROPERTIES: - out->moreData = PCRCapGetProperties((TPM_PT_PCR)in->property, - in->propertyCount, - &data->pcrProperties); - break; - case TPM_CAP_TPM_PROPERTIES: - out->moreData = TPMCapGetProperties((TPM_PT)in->property, - in->propertyCount, - &data->tpmProperties); - break; -#if ALG_ECC - case TPM_CAP_ECC_CURVES: - out->moreData = CryptCapGetECCCurve((TPM_ECC_CURVE)in->property, - in->propertyCount, - &data->eccCurves); - break; -#endif // ALG_ECC - case TPM_CAP_AUTH_POLICIES: - if(HandleGetType((TPM_HANDLE)in->property) != TPM_HT_PERMANENT) - return TPM_RCS_VALUE + RC_GetCapability_property; - out->moreData = PermanentHandleGetPolicy((TPM_HANDLE)in->property, - in->propertyCount, - &data->authPolicies); - break; - case TPM_CAP_VENDOR_PROPERTY: - // vendor property is not implemented - default: - // Unsupported TPM_CAP value - return TPM_RCS_VALUE + RC_GetCapability_capability; - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_GetCapability \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c deleted file mode 100644 index 3e5435e4a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "TestParms_fp.h" - -#if CC_TestParms // Conditional expansion of this file - -/*(See part 3 specification) -// TestParms -*/ -TPM_RC -TPM2_TestParms( - TestParms_In *in // IN: input parameter list - ) -{ - // Input parameter is not reference in command action - NOT_REFERENCED(in); - - // The parameters are tested at unmarshal process. We do nothing in command - // action - return TPM_RC_SUCCESS; -} - -#endif // CC_TestParms \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c deleted file mode 100644 index 59148af03..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c +++ /dev/null @@ -1,55 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ClockRateAdjust_fp.h" - -#if CC_ClockRateAdjust // Conditional expansion of this file - -/*(See part 3 specification) -// adjusts the rate of advance of Clock and Timer to provide a better -// approximation to real time. -*/ -TPM_RC -TPM2_ClockRateAdjust( - ClockRateAdjust_In *in // IN: input parameter list - ) -{ -// Internal Data Update - TimeSetAdjustRate(in->rateAdjust); - - return TPM_RC_SUCCESS; -} - -#endif // CC_ClockRateAdjust \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c deleted file mode 100644 index 9e0a8d34d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c +++ /dev/null @@ -1,66 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ClockSet_fp.h" - -#if CC_ClockSet // Conditional expansion of this file - -// Read the current TPMS_TIMER_INFO structure settings -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -// TPM_RC_VALUE invalid new clock - -TPM_RC -TPM2_ClockSet( - ClockSet_In *in // IN: input parameter list - ) -{ -// Input Validation - // new time can not be bigger than 0xFFFF000000000000 or smaller than - // current clock - if(in->newTime > 0xFFFF000000000000ULL - || in->newTime < go.clock) - return TPM_RCS_VALUE + RC_ClockSet_newTime; - -// Internal Data Update - // Can't modify the clock if NV is not available. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - TimeClockUpdate(in->newTime); - return TPM_RC_SUCCESS; -} - -#endif // CC_ClockSet \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c deleted file mode 100644 index f405d057e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c +++ /dev/null @@ -1,56 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ReadClock_fp.h" - -#if CC_ReadClock // Conditional expansion of this file - -/*(See part 3 specification) -// read the current TPMS_TIMER_INFO structure settings -*/ -TPM_RC -TPM2_ReadClock( - ReadClock_Out *out // OUT: output parameter list - ) -{ -// Command Output - - out->currentTime.time = g_time; - TimeFillInfo(&out->currentTime.clockInfo); - - return TPM_RC_SUCCESS; -} - -#endif // CC_ReadClock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c deleted file mode 100644 index b7f52e8c1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c +++ /dev/null @@ -1,103 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SetCommandCodeAuditStatus_fp.h" - -#if CC_SetCommandCodeAuditStatus // Conditional expansion of this file - -/*(See part 3 specification) -// change the audit status of a command or to set the hash algorithm used for -// the audit digest. -*/ -TPM_RC -TPM2_SetCommandCodeAuditStatus( - SetCommandCodeAuditStatus_In *in // IN: input parameter list - ) -{ - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Update hash algorithm - if(in->auditAlg != TPM_ALG_NULL && in->auditAlg != gp.auditHashAlg) - { - // Can't change the algorithm and command list at the same time - if(in->setList.count != 0 || in->clearList.count != 0) - return TPM_RCS_VALUE + RC_SetCommandCodeAuditStatus_auditAlg; - - // Change the hash algorithm for audit - gp.auditHashAlg = in->auditAlg; - - // Set the digest size to a unique value that indicates that the digest - // algorithm has been changed. The size will be cleared to zero in the - // command audit processing on exit. - gr.commandAuditDigest.t.size = 1; - - // Save the change of command audit data (this sets g_updateNV so that NV - // will be updated on exit.) - NV_SYNC_PERSISTENT(auditHashAlg); - } - else - { - UINT32 i; - BOOL changed = FALSE; - - // Process set list - for(i = 0; i < in->setList.count; i++) - - // If change is made in CommandAuditSet, set changed flag - if(CommandAuditSet(in->setList.commandCodes[i])) - changed = TRUE; - - // Process clear list - for(i = 0; i < in->clearList.count; i++) - // If change is made in CommandAuditClear, set changed flag - if(CommandAuditClear(in->clearList.commandCodes[i])) - changed = TRUE; - - // if change was made to command list, update NV - if(changed) - // this sets g_updateNV so that NV will be updated on exit. - NV_SYNC_PERSISTENT(auditCommands); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_SetCommandCodeAuditStatus \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c deleted file mode 100644 index 4977f9827..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c +++ /dev/null @@ -1,193 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ContextLoad_fp.h" - -#if CC_ContextLoad // Conditional expansion of this file - -#include "Context_spt_fp.h" - -/*(See part 3 specification) -// Load context -*/ - -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP there is only one available slot and this is not -// the oldest saved session context -// TPM_RC_HANDLE context.savedHandle' does not reference a saved -// session -// TPM_RC_HIERARCHY 'context.hierarchy' is disabled -// TPM_RC_INTEGRITY 'context' integrity check fail -// TPM_RC_OBJECT_MEMORY no free slot for an object -// TPM_RC_SESSION_MEMORY no free session slots -// TPM_RC_SIZE incorrect context blob size -TPM_RC -TPM2_ContextLoad( - ContextLoad_In *in, // IN: input parameter list - ContextLoad_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - TPM2B_DIGEST integrityToCompare; - TPM2B_DIGEST integrity; - BYTE *buffer; // defined to save some typing - INT32 size; // defined to save some typing - TPM_HT handleType; - TPM2B_SYM_KEY symKey; - TPM2B_IV iv; - -// Input Validation - -// See discussion about the context format in TPM2_ContextSave Detailed Actions - - // IF this is a session context, make sure that the sequence number is - // consistent with the version in the slot - - // Check context blob size - handleType = HandleGetType(in->context.savedHandle); - - // Get integrity from context blob - buffer = in->context.contextBlob.t.buffer; - size = (INT32)in->context.contextBlob.t.size; - result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); - if(result != TPM_RC_SUCCESS) - return result; - - // the size of the integrity value has to match the size of digest produced - // by the integrity hash - if(integrity.t.size != CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG)) - return TPM_RCS_SIZE + RC_ContextLoad_context; - - // Make sure that the context blob has enough space for the fingerprint. This - // is elastic pants to go with the belt and suspenders we already have to make - // sure that the context is complete and untampered. - if((unsigned)size < sizeof(in->context.sequence)) - return TPM_RCS_SIZE + RC_ContextLoad_context; - - // After unmarshaling the integrity value, 'buffer' is pointing at the first - // byte of the integrity protected and encrypted buffer and 'size' is the number - // of integrity protected and encrypted bytes. - - // Compute context integrity - ComputeContextIntegrity(&in->context, &integrityToCompare); - - // Compare integrity - if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) - return TPM_RCS_INTEGRITY + RC_ContextLoad_context; - // Compute context encryption key - ComputeContextProtectionKey(&in->context, &symKey, &iv); - - // Decrypt context data in place - CryptSymmetricDecrypt(buffer, CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS, - symKey.t.buffer, &iv, ALG_CFB_VALUE, size, buffer); - // See if the fingerprint value matches. If not, it is symptomatic of either - // a broken TPM or that the TPM is under attack so go into failure mode. - if(!MemoryEqual(buffer, &in->context.sequence, sizeof(in->context.sequence))) - FAIL(FATAL_ERROR_INTERNAL); - - // step over fingerprint - buffer += sizeof(in->context.sequence); - - // set the remaining size of the context - size -= sizeof(in->context.sequence); - - // Perform object or session specific input check - switch(handleType) - { - case TPM_HT_TRANSIENT: - { - OBJECT *outObject; - - if(size > (INT32)sizeof(OBJECT)) - FAIL(FATAL_ERROR_INTERNAL); - - // Discard any changes to the handle that the TRM might have made - in->context.savedHandle = TRANSIENT_FIRST; - - // If hierarchy is disabled, no object context can be loaded in this - // hierarchy - if(!HierarchyIsEnabled(in->context.hierarchy)) - return TPM_RCS_HIERARCHY + RC_ContextLoad_context; - - // Restore object. If there is no empty space, indicate as much - outObject = ObjectContextLoad((ANY_OBJECT_BUFFER *)buffer, - &out->loadedHandle); - if(outObject == NULL) - return TPM_RC_OBJECT_MEMORY; - - break; - } - case TPM_HT_POLICY_SESSION: - case TPM_HT_HMAC_SESSION: - { - if(size != sizeof(SESSION)) - FAIL(FATAL_ERROR_INTERNAL); - - // This command may cause the orderlyState to be cleared due to - // the update of state reset data. If this is the case, check if NV is - // available first - RETURN_IF_ORDERLY; - - // Check if input handle points to a valid saved session and that the - // sequence number makes sense - if(!SequenceNumberForSavedContextIsValid(&in->context)) - return TPM_RCS_HANDLE + RC_ContextLoad_context; - - // Restore session. A TPM_RC_SESSION_MEMORY, TPM_RC_CONTEXT_GAP error - // may be returned at this point - result = SessionContextLoad((SESSION_BUF *)buffer, - &in->context.savedHandle); - if(result != TPM_RC_SUCCESS) - return result; - - out->loadedHandle = in->context.savedHandle; - - // orderly state should be cleared because of the update of state - // reset and state clear data - g_clearOrderly = TRUE; - - break; - } - default: - // Context blob may only have an object handle or a session handle. - // All the other handle type should be filtered out at unmarshal - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_ContextLoad \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c deleted file mode 100644 index ff3c4cdf8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c +++ /dev/null @@ -1,232 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ContextSave_fp.h" - -#if CC_ContextSave // Conditional expansion of this file - -#include "Context_spt_fp.h" - -/*(See part 3 specification) - Save context -*/ -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP a contextID could not be assigned for a session -// context save -// TPM_RC_TOO_MANY_CONTEXTS no more contexts can be saved as the counter has -// maxed out -TPM_RC -TPM2_ContextSave( - ContextSave_In *in, // IN: input parameter list - ContextSave_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - UINT16 fingerprintSize; // The size of fingerprint in context - // blob. - UINT64 contextID = 0; // session context ID - TPM2B_SYM_KEY symKey; - TPM2B_IV iv; - - TPM2B_DIGEST integrity; - UINT16 integritySize; - BYTE *buffer; - - // This command may cause the orderlyState to be cleared due to - // the update of state reset data. If the state is orderly and - // cannot be changed, exit early. - RETURN_IF_ORDERLY; - -// Internal Data Update - -// This implementation does not do things in quite the same way as described in -// Part 2 of the specification. In Part 2, it indicates that the -// TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is -// implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to -// determine the amount of data in the encrypted data. That part is not -// independently sized. This makes the actual size 2 bytes smaller than -// calculated using Part 2. Since this is opaque to the caller, it is not -// necessary to fix. The actual size is returned by TPM2_GetCapabilties(). - - // Initialize output handle. At the end of command action, the output - // handle of an object will be replaced, while the output handle - // for a session will be the same as input - out->context.savedHandle = in->saveHandle; - - // Get the size of fingerprint in context blob. The sequence value in - // TPMS_CONTEXT structure is used as the fingerprint - fingerprintSize = sizeof(out->context.sequence); - - // Compute the integrity size at the beginning of context blob - integritySize = sizeof(integrity.t.size) - + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - -// Perform object or session specific context save - switch(HandleGetType(in->saveHandle)) - { - case TPM_HT_TRANSIENT: - { - OBJECT *object = HandleToObject(in->saveHandle); - ANY_OBJECT_BUFFER *outObject; - UINT16 objectSize = ObjectIsSequence(object) - ? sizeof(HASH_OBJECT) : sizeof(OBJECT); - - outObject = (ANY_OBJECT_BUFFER *)(out->context.contextBlob.t.buffer - + integritySize + fingerprintSize); - - // Set size of the context data. The contents of context blob is vendor - // defined. In this implementation, the size is size of integrity - // plus fingerprint plus the whole internal OBJECT structure - out->context.contextBlob.t.size = integritySize + - fingerprintSize + objectSize; -#if ALG_RSA - // For an RSA key, make sure that the key has had the private exponent - // computed before saving. - if(object->publicArea.type == TPM_ALG_RSA && - !(object->attributes.publicOnly)) - CryptRsaLoadPrivateExponent(&object->publicArea, &object->sensitive); -#endif - // Make sure things fit - pAssert(out->context.contextBlob.t.size - <= sizeof(out->context.contextBlob.t.buffer)); - // Copy the whole internal OBJECT structure to context blob - MemoryCopy(outObject, object, objectSize); - - // Increment object context ID - gr.objectContextID++; - // If object context ID overflows, TPM should be put in failure mode - if(gr.objectContextID == 0) - FAIL(FATAL_ERROR_INTERNAL); - - // Fill in other return values for an object. - out->context.sequence = gr.objectContextID; - // For regular object, savedHandle is 0x80000000. For sequence object, - // savedHandle is 0x80000001. For object with stClear, savedHandle - // is 0x80000002 - if(ObjectIsSequence(object)) - { - out->context.savedHandle = 0x80000001; - SequenceDataExport((HASH_OBJECT *)object, - (HASH_OBJECT_BUFFER *)outObject); - } - else - out->context.savedHandle = (object->attributes.stClear == SET) - ? 0x80000002 : 0x80000000; -// Get object hierarchy - out->context.hierarchy = ObjectGetHierarchy(object); - - break; - } - case TPM_HT_HMAC_SESSION: - case TPM_HT_POLICY_SESSION: - { - SESSION *session = SessionGet(in->saveHandle); - - // Set size of the context data. The contents of context blob is vendor - // defined. In this implementation, the size of context blob is the - // size of a internal session structure plus the size of - // fingerprint plus the size of integrity - out->context.contextBlob.t.size = integritySize + - fingerprintSize + sizeof(*session); - - // Make sure things fit - pAssert(out->context.contextBlob.t.size - < sizeof(out->context.contextBlob.t.buffer)); - - // Copy the whole internal SESSION structure to context blob. - // Save space for fingerprint at the beginning of the buffer - // This is done before anything else so that the actual context - // can be reclaimed after this call - pAssert(sizeof(*session) <= sizeof(out->context.contextBlob.t.buffer) - - integritySize - fingerprintSize); - MemoryCopy(out->context.contextBlob.t.buffer + integritySize - + fingerprintSize, session, sizeof(*session)); - // Fill in the other return parameters for a session - // Get a context ID and set the session tracking values appropriately - // TPM_RC_CONTEXT_GAP is a possible error. - // SessionContextSave() will flush the in-memory context - // so no additional errors may occur after this call. - result = SessionContextSave(out->context.savedHandle, &contextID); - if(result != TPM_RC_SUCCESS) - return result; - // sequence number is the current session contextID - out->context.sequence = contextID; - - // use TPM_RH_NULL as hierarchy for session context - out->context.hierarchy = TPM_RH_NULL; - - break; - } - default: - // SaveContext may only take an object handle or a session handle. - // All the other handle type should be filtered out at unmarshal - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - // Save fingerprint at the beginning of encrypted area of context blob. - // Reserve the integrity space - pAssert(sizeof(out->context.sequence) <= - sizeof(out->context.contextBlob.t.buffer) - integritySize); - MemoryCopy(out->context.contextBlob.t.buffer + integritySize, - &out->context.sequence, sizeof(out->context.sequence)); - - // Compute context encryption key - ComputeContextProtectionKey(&out->context, &symKey, &iv); - - // Encrypt context blob - CryptSymmetricEncrypt(out->context.contextBlob.t.buffer + integritySize, - CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS, - symKey.t.buffer, &iv, ALG_CFB_VALUE, - out->context.contextBlob.t.size - integritySize, - out->context.contextBlob.t.buffer + integritySize); - - // Compute integrity hash for the object - // In this implementation, the same routine is used for both sessions - // and objects. - ComputeContextIntegrity(&out->context, &integrity); - - // add integrity at the beginning of context blob - buffer = out->context.contextBlob.t.buffer; - TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); - - // orderly state should be cleared because of the update of state reset and - // state clear data - g_clearOrderly = TRUE; - - return result; -} - -#endif // CC_ContextSave \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c deleted file mode 100644 index 7a5fea817..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c +++ /dev/null @@ -1,244 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes - -#include "Tpm.h" -#include "Context_spt_fp.h" - -//** Functions - -//*** ComputeContextProtectionKey() -// This function retrieves the symmetric protection key for context encryption -// It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric -// encryption key and iv -/*(See part 1 specification) - KDFa is used to generate the symmetric encryption key and IV. The parameters - of the call are: - Symkey = KDFa(hashAlg, hProof, vendorString, sequence, handle, bits) - where - hashAlg a vendor-defined hash algorithm - hProof the hierarchy proof as selected by the hierarchy parameter - of the TPMS_CONTEXT - vendorString a value used to differentiate the uses of the KDF - sequence the sequence parameter of the TPMS_CONTEXT - handle the handle parameter of the TPMS_CONTEXT - bits the number of bits needed for a symmetric key and IV for - the context encryption -*/ -// Return Type: void -void -ComputeContextProtectionKey( - TPMS_CONTEXT *contextBlob, // IN: context blob - TPM2B_SYM_KEY *symKey, // OUT: the symmetric key - TPM2B_IV *iv // OUT: the IV. - ) -{ - UINT16 symKeyBits; // number of bits in the parent's - // symmetric key - TPM2B_PROOF *proof = NULL; // the proof value to use. Is null for - // everything but a primary object in - // the Endorsement Hierarchy - - BYTE kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF - - TPM2B_DATA sequence2B, handle2B; - - // Get proof value - proof = HierarchyGetProof(contextBlob->hierarchy); - - // Get sequence value in 2B format - sequence2B.t.size = sizeof(contextBlob->sequence); - cAssert(sizeof(contextBlob->sequence) <= sizeof(sequence2B.t.buffer)); - MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence, - sizeof(contextBlob->sequence)); - - // Get handle value in 2B format - handle2B.t.size = sizeof(contextBlob->savedHandle); - cAssert(sizeof(contextBlob->savedHandle) <= sizeof(handle2B.t.buffer)); - MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle, - sizeof(contextBlob->savedHandle)); - - // Get the symmetric encryption key size - symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; - symKeyBits = CONTEXT_ENCRYPT_KEY_BITS; - // Get the size of the IV for the algorithm - iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits); - - // KDFa to generate symmetric key and IV value - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, CONTEXT_KEY, &sequence2B.b, - &handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL, - FALSE); - - // Copy part of the returned value as the key - pAssert(symKey->t.size <= sizeof(symKey->t.buffer)); - MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size); - - // Copy the rest as the IV - pAssert(iv->t.size <= sizeof(iv->t.buffer)); - MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size); - - return; -} - -//*** ComputeContextIntegrity() -// Generate the integrity hash for a context -// It is used by TPM2_ContextSave to create an integrity hash -// and by TPM2_ContextLoad to compare an integrity hash -/*(See part 1 specification) - The HMAC integrity computation for a saved context is: - HMACvendorAlg(hProof, resetValue {|| clearCount} || sequence || handle || - encContext) - where - HMACvendorAlg HMAC using a vendor-defined hash algorithm - hProof the hierarchy proof as selected by the hierarchy - parameter of the TPMS_CONTEXT - resetValue either a counter value that increments on each TPM Reset - and is not reset over the lifetime of the TPM or a random - value that changes on each TPM Reset and has the size of - the digest produced by vendorAlg - clearCount a counter value that is incremented on each TPM Reset - or TPM Restart. This value is only included if the handle - value is 0x80000002. - sequence the sequence parameter of the TPMS_CONTEXT - handle the handle parameter of the TPMS_CONTEXT - encContext the encrypted context blob -*/ -// Return Type: void -void -ComputeContextIntegrity( - TPMS_CONTEXT *contextBlob, // IN: context blob - TPM2B_DIGEST *integrity // OUT: integrity - ) -{ - HMAC_STATE hmacState; - TPM2B_PROOF *proof; - UINT16 integritySize; - - // Get proof value - proof = HierarchyGetProof(contextBlob->hierarchy); - - // Start HMAC - integrity->t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - - // Compute integrity size at the beginning of context blob - integritySize = sizeof(integrity->t.size) + integrity->t.size; - - // Adding total reset counter so that the context cannot be - // used after a TPM Reset - CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount), - gp.totalResetCount); - - // If this is a ST_CLEAR object, add the clear count - // so that this contest cannot be loaded after a TPM Restart - if(contextBlob->savedHandle == 0x80000002) - CryptDigestUpdateInt(&hmacState.hashState, sizeof(gr.clearCount), - gr.clearCount); - - // Adding sequence number to the HMAC to make sure that it doesn't - // get changed - CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->sequence), - contextBlob->sequence); - - // Protect the handle - CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->savedHandle), - contextBlob->savedHandle); - - // Adding sensitive contextData, skip the leading integrity area - CryptDigestUpdate(&hmacState.hashState, - contextBlob->contextBlob.t.size - integritySize, - contextBlob->contextBlob.t.buffer + integritySize); - - // Complete HMAC - CryptHmacEnd2B(&hmacState, &integrity->b); - - return; -} - -//*** SequenceDataExport(); -// This function is used scan through the sequence object and -// either modify the hash state data for export (contextSave) or to -// import it into the internal format (contextLoad). -// This function should only be called after the sequence object has been copied -// to the context buffer (contextSave) or from the context buffer into the sequence -// object. The presumption is that the context buffer version of the data is the -// same size as the internal representation so nothing outsize of the hash context -// area gets modified. -void -SequenceDataExport( - HASH_OBJECT *object, // IN: an internal hash object - HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer - ) -{ - // If the hash object is not an event, then only one hash context is needed - int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; - - for(count--; count >= 0; count--) - { - HASH_STATE *hash = &object->state.hashState[count]; - size_t offset = (BYTE *)hash - (BYTE *)object; - BYTE *exportHash = &((BYTE *)exportObject)[offset]; - - CryptHashExportState(hash, (EXPORT_HASH_STATE *)exportHash); - } -} - -//*** SequenceDataImport(); -// This function is used scan through the sequence object and -// either modify the hash state data for export (contextSave) or to -// import it into the internal format (contextLoad). -// This function should only be called after the sequence object has been copied -// to the context buffer (contextSave) or from the context buffer into the sequence -// object. The presumption is that the context buffer version of the data is the -// same size as the internal representation so nothing outsize of the hash context -// area gets modified. -void -SequenceDataImport( - HASH_OBJECT *object, // IN/OUT: an internal hash object - HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer - ) -{ - // If the hash object is not an event, then only one hash context is needed - int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; - - for(count--; count >= 0; count--) - { - HASH_STATE *hash = &object->state.hashState[count]; - size_t offset = (BYTE *)hash - (BYTE *)object; - BYTE *importHash = &((BYTE *)exportObject)[offset]; -// - CryptHashImportState(hash, (EXPORT_HASH_STATE *)importHash); - } -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c deleted file mode 100644 index e4ed13489..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c +++ /dev/null @@ -1,131 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EvictControl_fp.h" - -#if CC_EvictControl // Conditional expansion of this file - -/*(See part 3 specification) -// Make a transient object persistent or evict a persistent object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES an object with 'temporary', 'stClear' or 'publicOnly' -// attribute SET cannot be made persistent -// TPM_RC_HIERARCHY 'auth' cannot authorize the operation in the hierarchy -// of 'evictObject' -// TPM_RC_HANDLE 'evictHandle' of the persistent object to be evicted is -// not the same as the 'persistentHandle' argument -// TPM_RC_NV_HANDLE 'persistentHandle' is unavailable -// TPM_RC_NV_SPACE no space in NV to make 'evictHandle' persistent -// TPM_RC_RANGE 'persistentHandle' is not in the range corresponding to -// the hierarchy of 'evictObject' -TPM_RC -TPM2_EvictControl( - EvictControl_In *in // IN: input parameter list - ) -{ - TPM_RC result; - OBJECT *evictObject; - -// Input Validation - - // Get internal object pointer - evictObject = HandleToObject(in->objectHandle); - - // Temporary, stClear or public only objects can not be made persistent - if(evictObject->attributes.temporary == SET - || evictObject->attributes.stClear == SET - || evictObject->attributes.publicOnly == SET) - return TPM_RCS_ATTRIBUTES + RC_EvictControl_objectHandle; - - // If objectHandle refers to a persistent object, it should be the same as - // input persistentHandle - if(evictObject->attributes.evict == SET - && evictObject->evictHandle != in->persistentHandle) - return TPM_RCS_HANDLE + RC_EvictControl_objectHandle; - - // Additional authorization validation - if(in->auth == TPM_RH_PLATFORM) - { - // To make persistent - if(evictObject->attributes.evict == CLEAR) - { - // PlatformAuth can not set evict object in storage or endorsement - // hierarchy - if(evictObject->attributes.ppsHierarchy == CLEAR) - return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle; - // Platform cannot use a handle outside of platform persistent range. - if(!NvIsPlatformPersistentHandle(in->persistentHandle)) - return TPM_RCS_RANGE + RC_EvictControl_persistentHandle; - } - // PlatformAuth can delete any persistent object - } - else if(in->auth == TPM_RH_OWNER) - { - // OwnerAuth can not set or clear evict object in platform hierarchy - if(evictObject->attributes.ppsHierarchy == SET) - return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle; - - // Owner cannot use a handle outside of owner persistent range. - if(evictObject->attributes.evict == CLEAR - && !NvIsOwnerPersistentHandle(in->persistentHandle)) - return TPM_RCS_RANGE + RC_EvictControl_persistentHandle; - } - else - { - // Other authorization is not allowed in this command and should have been - // filtered out in unmarshal process - FAIL(FATAL_ERROR_INTERNAL); - } -// Internal Data Update - // Change evict state - if(evictObject->attributes.evict == CLEAR) - { - // Make object persistent - if(NvFindHandle(in->persistentHandle) != 0) - return TPM_RC_NV_DEFINED; - // A TPM_RC_NV_HANDLE or TPM_RC_NV_SPACE error may be returned at this - // point - result = NvAddEvictObject(in->persistentHandle, evictObject); - } - else - { - // Delete the persistent object in NV - result = NvDeleteEvict(evictObject->evictHandle); - } - return result; -} - -#endif // CC_EvictControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c deleted file mode 100644 index 87982850b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c +++ /dev/null @@ -1,86 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "FlushContext_fp.h" - -#if CC_FlushContext // Conditional expansion of this file - -/*(See part 3 specification) -// Flush a specific object or session -*/ -// Return Type: TPM_RC -// TPM_RC_HANDLE 'flushHandle' does not reference a loaded object or session -TPM_RC -TPM2_FlushContext( - FlushContext_In *in // IN: input parameter list - ) -{ -// Internal Data Update - - // Call object or session specific routine to flush - switch(HandleGetType(in->flushHandle)) - { - case TPM_HT_TRANSIENT: - if(!IsObjectPresent(in->flushHandle)) - return TPM_RCS_HANDLE + RC_FlushContext_flushHandle; - // Flush object - FlushObject(in->flushHandle); - break; - case TPM_HT_HMAC_SESSION: - case TPM_HT_POLICY_SESSION: - if(!SessionIsLoaded(in->flushHandle) - && !SessionIsSaved(in->flushHandle) - ) - return TPM_RCS_HANDLE + RC_FlushContext_flushHandle; - - // If the session to be flushed is the exclusive audit session, then - // indicate that there is no exclusive audit session any longer. - if(in->flushHandle == g_exclusiveAuditSession) - g_exclusiveAuditSession = TPM_RH_UNASSIGNED; - - // Flush session - SessionFlush(in->flushHandle); - break; - default: - // This command only takes object or session handle. Other handles - // should be filtered out at handle unmarshal - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_FlushContext \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c deleted file mode 100644 index 78ceafc27..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "DictionaryAttackLockReset_fp.h" - -#if CC_DictionaryAttackLockReset // Conditional expansion of this file - -/*(See part 3 specification) -// This command cancels the effect of a TPM lockout due to a number of -// successive authorization failures. If this command is properly authorized, -// the lockout counter is set to 0. -*/ -TPM_RC -TPM2_DictionaryAttackLockReset( - DictionaryAttackLockReset_In *in // IN: input parameter list - ) -{ - // Input parameter is not reference in command action - NOT_REFERENCED(in); - - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Set failed tries to 0 - gp.failedTries = 0; - - // Record the changes to NV - NV_SYNC_PERSISTENT(failedTries); - - return TPM_RC_SUCCESS; -} - -#endif // CC_DictionaryAttackLockReset \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c deleted file mode 100644 index e5f98da37..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "DictionaryAttackParameters_fp.h" - -#if CC_DictionaryAttackParameters // Conditional expansion of this file - -/*(See part 3 specification) -// change the lockout parameters -*/ -TPM_RC -TPM2_DictionaryAttackParameters( - DictionaryAttackParameters_In *in // IN: input parameter list - ) -{ - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Set dictionary attack parameters - gp.maxTries = in->newMaxTries; - gp.recoveryTime = in->newRecoveryTime; - gp.lockoutRecovery = in->lockoutRecovery; - -#if 0 // Errata eliminates this code - // This functionality has been disabled. The preferred implementation is now - // to leave failedTries unchanged when the parameters are changed. This could - // have the effect of putting the TPM into DA lockout if in->newMaxTries is - // not greater than the current value of gp.failedTries. - // Set failed tries to 0 - gp.failedTries = 0; -#endif - - // Record the changes to NV - NV_SYNC_PERSISTENT(failedTries); - NV_SYNC_PERSISTENT(maxTries); - NV_SYNC_PERSISTENT(recoveryTime); - NV_SYNC_PERSISTENT(lockoutRecovery); - - return TPM_RC_SUCCESS; -} - -#endif // CC_DictionaryAttackParameters \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c deleted file mode 100644 index 9e9164f5d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c +++ /dev/null @@ -1,160 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Duplicate_fp.h" - -#if CC_Duplicate // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Duplicate a loaded object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key to duplicate has 'fixedParent' SET -// TPM_RC_HASH for an RSA key, the nameAlg digest size for the -// newParent is not compatible with the key size -// TPM_RC_HIERARCHY 'encryptedDuplication' is SET and 'newParentHandle' -// specifies Null Hierarchy -// TPM_RC_KEY 'newParentHandle' references invalid ECC key (public -// point not on the curve) -// TPM_RC_SIZE input encryption key size does not match the -// size specified in symmetric algorithm -// TPM_RC_SYMMETRIC 'encryptedDuplication' is SET but no symmetric -// algorithm is provided -// TPM_RC_TYPE 'newParentHandle' is neither a storage key nor -// TPM_RH_NULL; or the object has a NULL nameAlg -// TPM_RC_VALUE for an RSA newParent, the sizes of the digest and -// the encryption key are too large to be OAEP encoded -TPM_RC -TPM2_Duplicate( - Duplicate_In *in, // IN: input parameter list - Duplicate_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - TPMT_SENSITIVE sensitive; - - UINT16 innerKeySize = 0; // encrypt key size for inner wrap - - OBJECT *object; - OBJECT *newParent; - TPM2B_DATA data; - -// Input Validation - - // Get duplicate object pointer - object = HandleToObject(in->objectHandle); - // Get new parent - newParent = HandleToObject(in->newParentHandle); - - // duplicate key must have fixParent bit CLEAR. - if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedParent)) - return TPM_RCS_ATTRIBUTES + RC_Duplicate_objectHandle; - - // Do not duplicate object with NULL nameAlg - if(object->publicArea.nameAlg == TPM_ALG_NULL) - return TPM_RCS_TYPE + RC_Duplicate_objectHandle; - - // new parent key must be a storage object or TPM_RH_NULL - if(in->newParentHandle != TPM_RH_NULL - && !ObjectIsStorage(in->newParentHandle)) - return TPM_RCS_TYPE + RC_Duplicate_newParentHandle; - - // If the duplicated object has encryptedDuplication SET, then there must be - // an inner wrapper and the new parent may not be TPM_RH_NULL - if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, - encryptedDuplication)) - { - if(in->symmetricAlg.algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC + RC_Duplicate_symmetricAlg; - if(in->newParentHandle == TPM_RH_NULL) - return TPM_RCS_HIERARCHY + RC_Duplicate_newParentHandle; - } - - if(in->symmetricAlg.algorithm == TPM_ALG_NULL) - { - // if algorithm is TPM_ALG_NULL, input key size must be 0 - if(in->encryptionKeyIn.t.size != 0) - return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn; - } - else - { - // Get inner wrap key size - innerKeySize = in->symmetricAlg.keyBits.sym; - - // If provided the input symmetric key must match the size of the algorithm - if(in->encryptionKeyIn.t.size != 0 - && in->encryptionKeyIn.t.size != (innerKeySize + 7) / 8) - return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn; - } - -// Command Output - - if(in->newParentHandle != TPM_RH_NULL) - { - // Make encrypt key and its associated secret structure. A TPM_RC_KEY - // error may be returned at this point - out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret); - result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data, - &out->outSymSeed); - if(result != TPM_RC_SUCCESS) - return result; - } - else - { - // Do not apply outer wrapper - data.t.size = 0; - out->outSymSeed.t.size = 0; - } - - // Copy sensitive area - sensitive = object->sensitive; - - // Prepare output private data from sensitive. - // Note: If there is no encryption key, one will be provided by - // SensitiveToDuplicate(). This is why the assignment of encryptionKeyIn to - // encryptionKeyOut will work properly and is not conditional. - SensitiveToDuplicate(&sensitive, &object->name.b, newParent, - object->publicArea.nameAlg, &data.b, - &in->symmetricAlg, &in->encryptionKeyIn, - &out->duplicate); - - out->encryptionKeyOut = in->encryptionKeyIn; - - return TPM_RC_SUCCESS; -} - -#endif // CC_Duplicate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c deleted file mode 100644 index 2ed53ccb6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c +++ /dev/null @@ -1,209 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Import_fp.h" - -#if CC_Import // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// This command allows an asymmetrically encrypted blob, containing a duplicated -// object to be re-encrypted using the group symmetric key associated with the -// parent. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'FixedTPM' and 'fixedParent' of 'objectPublic' are not -// both CLEAR; or 'inSymSeed' is nonempty and -// 'parentHandle' does not reference a decryption key; or -// 'objectPublic' and 'parentHandle' have incompatible -// or inconsistent attributes; or -// encrytpedDuplication is SET in 'objectPublic' but the -// inner or outer wrapper is missing. -// Note that if the TPM provides parameter values, the -// parameter number will indicate 'symmetricKey' (missing -// inner wrapper) or 'inSymSeed' (missing outer wrapper) -// TPM_RC_BINDING 'duplicate' and 'objectPublic' are not -// cryptographically bound -// TPM_RC_ECC_POINT 'inSymSeed' is nonempty and ECC point in 'inSymSeed' -// is not on the curve -// TPM_RC_HASH 'objectPublic' does not have a valid nameAlg -// TPM_RC_INSUFFICIENT 'inSymSeed' is nonempty and failed to retrieve ECC -// point from the secret; or unmarshaling sensitive value -// from 'duplicate' failed the result of 'inSymSeed' -// decryption -// TPM_RC_INTEGRITY 'duplicate' integrity is broken -// TPM_RC_KDF 'objectPublic' representing decrypting keyed hash -// object specifies invalid KDF -// TPM_RC_KEY inconsistent parameters of 'objectPublic'; or -// 'inSymSeed' is nonempty and 'parentHandle' does not -// reference a key of supported type; or -// invalid key size in 'objectPublic' representing an -// asymmetric key -// TPM_RC_NO_RESULT 'inSymSeed' is nonempty and multiplication resulted in -// ECC point at infinity -// TPM_RC_OBJECT_MEMORY no available object slot -// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', -// 'restricted' and key's scheme ID in 'objectPublic'; -// or hash algorithm is inconsistent with the scheme ID -// for keyed hash object -// TPM_RC_SIZE 'authPolicy' size does not match digest size of the -// name algorithm in 'objectPublic'; or -// 'symmetricAlg' and 'encryptionKey' have different -// sizes; or -// 'inSymSeed' is nonempty and it size is not -// consistent with the type of 'parentHandle'; or -// unmarshaling sensitive value from 'duplicate' failed -// TPM_RC_SYMMETRIC 'objectPublic' is either a storage key with no -// symmetric algorithm or a non-storage key with -// symmetric algorithm different from TPM_ALG_NULL -// TPM_RC_TYPE unsupported type of 'objectPublic'; or -// 'parentHandle' is not a storage key; or -// only the public portion of 'parentHandle' is loaded; -// or 'objectPublic' and 'duplicate' are of different -// types -// TPM_RC_VALUE nonempty 'inSymSeed' and its numeric value is -// greater than the modulus of the key referenced by -// 'parentHandle' or 'inSymSeed' is larger than the -// size of the digest produced by the name algorithm of -// the symmetric key referenced by 'parentHandle' -TPM_RC -TPM2_Import( - Import_In *in, // IN: input parameter list - Import_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *parentObject; - TPM2B_DATA data; // symmetric key - TPMT_SENSITIVE sensitive; - TPM2B_NAME name; - TPMA_OBJECT attributes; - UINT16 innerKeySize = 0; // encrypt key size for inner - // wrapper - -// Input Validation - // to save typing - attributes = in->objectPublic.publicArea.objectAttributes; - // FixedTPM and fixedParent must be CLEAR - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) - || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) - return TPM_RCS_ATTRIBUTES + RC_Import_objectPublic; - - // Get parent pointer - parentObject = HandleToObject(in->parentHandle); - - if(!ObjectIsParent(parentObject)) - return TPM_RCS_TYPE + RC_Import_parentHandle; - - if(in->symmetricAlg.algorithm != TPM_ALG_NULL) - { - // Get inner wrap key size - innerKeySize = in->symmetricAlg.keyBits.sym; - // Input symmetric key must match the size of algorithm. - if(in->encryptionKey.t.size != (innerKeySize + 7) / 8) - return TPM_RCS_SIZE + RC_Import_encryptionKey; - } - else - { - // If input symmetric algorithm is NULL, input symmetric key size must - // be 0 as well - if(in->encryptionKey.t.size != 0) - return TPM_RCS_SIZE + RC_Import_encryptionKey; - // If encryptedDuplication is SET, then the object must have an inner - // wrapper - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES + RC_Import_encryptionKey; - } - // See if there is an outer wrapper - if(in->inSymSeed.t.size != 0) - { - // in->inParentHandle is a parent, but in order to decrypt an outer wrapper, - // it must be able to do key exchange and a symmetric key can't do that. - if(parentObject->publicArea.type == TPM_ALG_SYMCIPHER) - return TPM_RCS_TYPE + RC_Import_parentHandle; - - // Decrypt input secret data via asymmetric decryption. TPM_RC_ATTRIBUTES, - // TPM_RC_ECC_POINT, TPM_RC_INSUFFICIENT, TPM_RC_KEY, TPM_RC_NO_RESULT, - // TPM_RC_SIZE, TPM_RC_VALUE may be returned at this point - result = CryptSecretDecrypt(parentObject, NULL, DUPLICATE_STRING, - &in->inSymSeed, &data); - pAssert(result != TPM_RC_BINDING); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Import_inSymSeed); - } - else - { - // If encrytpedDuplication is set, then the object must have an outer - // wrapper - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES + RC_Import_inSymSeed; - data.t.size = 0; - } - // Compute name of object - PublicMarshalAndComputeName(&(in->objectPublic.publicArea), &name); - if(name.t.size == 0) - return TPM_RCS_HASH + RC_Import_objectPublic; - - // Retrieve sensitive from private. - // TPM_RC_INSUFFICIENT, TPM_RC_INTEGRITY, TPM_RC_SIZE may be returned here. - result = DuplicateToSensitive(&in->duplicate.b, &name.b, parentObject, - in->objectPublic.publicArea.nameAlg, - &data.b, &in->symmetricAlg, - &in->encryptionKey.b, &sensitive); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Import_duplicate); - - // If the parent of this object has fixedTPM SET, then validate this - // object as if it were being loaded so that validation can be skipped - // when it is actually loaded. - if(IS_ATTRIBUTE(parentObject->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) - { - result = ObjectLoad(NULL, NULL, &in->objectPublic.publicArea, - &sensitive, RC_Import_objectPublic, RC_Import_duplicate, - NULL); - } -// Command output - if(result == TPM_RC_SUCCESS) - { - // Prepare output private data from sensitive - SensitiveToPrivate(&sensitive, &name, parentObject, - in->objectPublic.publicArea.nameAlg, - &out->outPrivate); - } - return result; -} - -#endif // CC_Import \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c deleted file mode 100644 index ed29e4e1d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c +++ /dev/null @@ -1,160 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Rewrap_fp.h" - -#if CC_Rewrap // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// This command allows the TPM to serve in the role as an MA. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'newParent' is not a decryption key -// TPM_RC_HANDLE 'oldParent' does not consistent with inSymSeed -// TPM_RC_INTEGRITY the integrity check of 'inDuplicate' failed -// TPM_RC_KEY for an ECC key, the public key is not on the curve -// of the curve ID -// TPM_RC_KEY_SIZE the decrypted input symmetric key size -// does not matches the symmetric algorithm -// key size of 'oldParent' -// TPM_RC_TYPE 'oldParent' is not a storage key, or 'newParent -// is not a storage key -// TPM_RC_VALUE for an 'oldParent; RSA key, the data to be decrypted -// is greater than the public exponent -// Unmarshal errors errors during unmarshaling the input -// encrypted buffer to a ECC public key, or -// unmarshal the private buffer to sensitive -TPM_RC -TPM2_Rewrap( - Rewrap_In *in, // IN: input parameter list - Rewrap_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - TPM2B_DATA data; // symmetric key - UINT16 hashSize = 0; - TPM2B_PRIVATE privateBlob; // A temporary private blob - // to transit between old - // and new wrappers -// Input Validation - if((in->inSymSeed.t.size == 0 && in->oldParent != TPM_RH_NULL) - || (in->inSymSeed.t.size != 0 && in->oldParent == TPM_RH_NULL)) - return TPM_RCS_HANDLE + RC_Rewrap_oldParent; - if(in->oldParent != TPM_RH_NULL) - { - OBJECT *oldParent = HandleToObject(in->oldParent); - - // old parent key must be a storage object - if(!ObjectIsStorage(in->oldParent)) - return TPM_RCS_TYPE + RC_Rewrap_oldParent; - // Decrypt input secret data via asymmetric decryption. A - // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this - // point - result = CryptSecretDecrypt(oldParent, NULL, DUPLICATE_STRING, - &in->inSymSeed, &data); - if(result != TPM_RC_SUCCESS) - return TPM_RCS_VALUE + RC_Rewrap_inSymSeed; - // Unwrap Outer - result = UnwrapOuter(oldParent, &in->name.b, - oldParent->publicArea.nameAlg, &data.b, - FALSE, - in->inDuplicate.t.size, in->inDuplicate.t.buffer); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Rewrap_inDuplicate); - // Copy unwrapped data to temporary variable, remove the integrity field - hashSize = sizeof(UINT16) + - CryptHashGetDigestSize(oldParent->publicArea.nameAlg); - privateBlob.t.size = in->inDuplicate.t.size - hashSize; - pAssert(privateBlob.t.size <= sizeof(privateBlob.t.buffer)); - MemoryCopy(privateBlob.t.buffer, in->inDuplicate.t.buffer + hashSize, - privateBlob.t.size); - } - else - { - // No outer wrap from input blob. Direct copy. - privateBlob = in->inDuplicate; - } - if(in->newParent != TPM_RH_NULL) - { - OBJECT *newParent; - newParent = HandleToObject(in->newParent); - - // New parent must be a storage object - if(!ObjectIsStorage(in->newParent)) - return TPM_RCS_TYPE + RC_Rewrap_newParent; - // Make new encrypt key and its associated secret structure. A - // TPM_RC_VALUE error may be returned at this point if RSA algorithm is - // enabled in TPM - out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret); - result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data, - &out->outSymSeed); - if(result != TPM_RC_SUCCESS) - return result; - // Copy temporary variable to output, reserve the space for integrity - hashSize = sizeof(UINT16) + - CryptHashGetDigestSize(newParent->publicArea.nameAlg); - // Make sure that everything fits into the output buffer - // Note: this is mostly only an issue if there was no outer wrapper on - // 'inDuplicate'. It could be as large as a TPM2B_PRIVATE buffer. If we add - // a digest for an outer wrapper, it won't fit anymore. - if((privateBlob.t.size + hashSize) > sizeof(out->outDuplicate.t.buffer)) - return TPM_RCS_VALUE + RC_Rewrap_inDuplicate; -// Command output - out->outDuplicate.t.size = privateBlob.t.size; - pAssert(privateBlob.t.size - <= sizeof(out->outDuplicate.t.buffer) - hashSize); - MemoryCopy(out->outDuplicate.t.buffer + hashSize, privateBlob.t.buffer, - privateBlob.t.size); - // Produce outer wrapper for output - out->outDuplicate.t.size = ProduceOuterWrap(newParent, &in->name.b, - newParent->publicArea.nameAlg, - &data.b, - FALSE, - out->outDuplicate.t.size, - out->outDuplicate.t.buffer); - } - else // New parent is a null key so there is no seed - { - out->outSymSeed.t.size = 0; - - // Copy privateBlob directly - out->outDuplicate = privateBlob; - } - return TPM_RC_SUCCESS; -} - -#endif // CC_Rewrap \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c deleted file mode 100644 index 8f395d842..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c +++ /dev/null @@ -1,81 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyAuthValue_fp.h" - -#if CC_PolicyAuthValue // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// allows a policy to be bound to the authorization value of the authorized -// object -*/ -TPM_RC -TPM2_PolicyAuthValue( - PolicyAuthValue_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyAuthValue; - HASH_STATE hashState; - -// Internal Data Update - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // complete the hash and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update isAuthValueNeeded bit in the session context - session->attributes.isAuthValueNeeded = SET; - session->attributes.isPasswordNeeded = CLEAR; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyAuthValue \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c deleted file mode 100644 index a3b35aba6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c +++ /dev/null @@ -1,125 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyAuthorize_fp.h" - -#if CC_PolicyAuthorize // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Change policy by a signature from authority -*/ -// Return Type: TPM_RC -// TPM_RC_HASH hash algorithm in 'keyName' is not supported -// TPM_RC_SIZE 'keyName' is not the correct size for its hash algorithm -// TPM_RC_VALUE the current policyDigest of 'policySession' does not -// match 'approvedPolicy'; or 'checkTicket' doesn't match -// the provided values -TPM_RC -TPM2_PolicyAuthorize( - PolicyAuthorize_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM2B_DIGEST authHash; - HASH_STATE hashState; - TPMT_TK_VERIFIED ticket; - TPM_ALG_ID hashAlg; - UINT16 digestSize; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Extract from the Name of the key, the algorithm used to compute it's Name - hashAlg = BYTE_ARRAY_TO_UINT16(in->keySign.t.name); - - // 'keySign' parameter needs to use a supported hash algorithm, otherwise - // can't tell how large the digest should be - if(!CryptHashIsValidAlg(hashAlg, FALSE)) - return TPM_RCS_HASH + RC_PolicyAuthorize_keySign; - - digestSize = CryptHashGetDigestSize(hashAlg); - if(digestSize != (in->keySign.t.size - 2)) - return TPM_RCS_SIZE + RC_PolicyAuthorize_keySign; - - //If this is a trial policy, skip all validations - if(session->attributes.isTrialPolicy == CLEAR) - { - // Check that "approvedPolicy" matches the current value of the - // policyDigest in policy session - if(!MemoryEqual2B(&session->u2.policyDigest.b, - &in->approvedPolicy.b)) - return TPM_RCS_VALUE + RC_PolicyAuthorize_approvedPolicy; - - // Validate ticket TPMT_TK_VERIFIED - // Compute aHash. The authorizing object sign a digest - // aHash := hash(approvedPolicy || policyRef). - // Start hash - authHash.t.size = CryptHashStart(&hashState, hashAlg); - - // add approvedPolicy - CryptDigestUpdate2B(&hashState, &in->approvedPolicy.b); - - // add policyRef - CryptDigestUpdate2B(&hashState, &in->policyRef.b); - - // complete hash - CryptHashEnd2B(&hashState, &authHash.b); - - // re-compute TPMT_TK_VERIFIED - TicketComputeVerified(in->checkTicket.hierarchy, &authHash, - &in->keySign, &ticket); - - // Compare ticket digest. If not match, return error - if(!MemoryEqual2B(&in->checkTicket.digest.b, &ticket.digest.b)) - return TPM_RCS_VALUE + RC_PolicyAuthorize_checkTicket; - } - -// Internal Data Update - - // Set policyDigest to zero digest - PolicyDigestClear(session); - - // Update policyDigest - PolicyContextUpdate(TPM_CC_PolicyAuthorize, &in->keySign, &in->policyRef, - NULL, 0, session); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyAuthorize \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c deleted file mode 100644 index 019548a40..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c +++ /dev/null @@ -1,117 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -#if CC_PolicyAuthorizeNV // Conditional expansion of this file -#include "PolicyAuthorizeNV_fp.h" -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Change policy by a signature from authority -*/ -// Return Type: TPM_RC -// TPM_RC_HASH hash algorithm in 'keyName' is not supported or is not -// the same as the hash algorithm of the policy session -// TPM_RC_SIZE 'keyName' is not the correct size for its hash algorithm -// TPM_RC_VALUE the current policyDigest of 'policySession' does not -// match 'approvedPolicy'; or 'checkTicket' doesn't match -// the provided values -TPM_RC -TPM2_PolicyAuthorizeNV( - PolicyAuthorizeNV_In *in - ) -{ - SESSION *session; - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPM2B_NAME name; - TPMT_HA policyInNv; - BYTE nvTemp[sizeof(TPMT_HA)]; - BYTE *buffer = nvTemp; - INT32 size; - -// Input Validation - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Skip checks if this is a trial policy - if(!session->attributes.isTrialPolicy) - { - // Check the authorizations for reading - // Common read access checks. NvReadAccessChecks() returns - // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED - // error may be returned at this point - result = NvReadAccessChecks(in->authHandle, in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Read the contents of the index into a temp buffer - size = MIN(nvIndex->publicArea.dataSize, sizeof(TPMT_HA)); - NvGetIndexData(nvIndex, locator, 0, (UINT16)size, nvTemp); - - // Unmarshal the contents of the buffer into the internal format of a - // TPMT_HA so that the hash and digest elements can be accessed from the - // structure rather than the byte array that is in the Index (written by - // user of the Index). - result = TPMT_HA_Unmarshal(&policyInNv, &buffer, &size, FALSE); - if(result != TPM_RC_SUCCESS) - return result; - - // Verify that the hash is the same - if(policyInNv.hashAlg != session->authHashAlg) - return TPM_RC_HASH; - - // See if the contents of the digest in the Index matches the value - // in the policy - if(!MemoryEqual(&policyInNv.digest, &session->u2.policyDigest.t.buffer, - session->u2.policyDigest.t.size)) - return TPM_RC_VALUE; - } - -// Internal Data Update - - // Set policyDigest to zero digest - PolicyDigestClear(session); - - // Update policyDigest - PolicyContextUpdate(TPM_CC_PolicyAuthorizeNV, EntityGetName(in->nvIndex, &name), - NULL, NULL, 0, session); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyAuthorize \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c deleted file mode 100644 index dcd7f54dd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c +++ /dev/null @@ -1,90 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyCommandCode_fp.h" - -#if CC_PolicyCommandCode // Conditional expansion of this file - -/*(See part 3 specification) -// Add a Command Code restriction to the policyDigest -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE 'commandCode' of 'policySession' previously set to -// a different value - -TPM_RC -TPM2_PolicyCommandCode( - PolicyCommandCode_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyCommandCode; - HASH_STATE hashState; - -// Input validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - if(session->commandCode != 0 && session->commandCode != in->code) - return TPM_RCS_VALUE + RC_PolicyCommandCode_code; - if(CommandCodeToCommandIndex(in->code) == UNIMPLEMENTED_COMMAND_INDEX) - return TPM_RCS_POLICY_CC + RC_PolicyCommandCode_code; - -// Internal Data Update - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCommandCode || code) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add input commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), in->code); - - // complete the hash and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update commandCode value in session context - session->commandCode = in->code; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyCommandCode \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c deleted file mode 100644 index 1c447071f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c +++ /dev/null @@ -1,129 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyCounterTimer_fp.h" - -#if CC_PolicyCounterTimer // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Add a conditional gating of a policy based on the contents of the -// TPMS_TIME_INFO structure. -*/ -// Return Type: TPM_RC -// TPM_RC_POLICY the comparison of the selected portion of the -// TPMS_TIME_INFO with 'operandB' failed -// TPM_RC_RANGE 'offset' + 'size' exceed size of TPMS_TIME_INFO -// structure -TPM_RC -TPM2_PolicyCounterTimer( - PolicyCounterTimer_In *in // IN: input parameter list - ) -{ - SESSION *session; - TIME_INFO infoData; // data buffer of TPMS_TIME_INFO - BYTE *pInfoData = (BYTE *)&infoData; - UINT16 infoDataSize; - TPM_CC commandCode = TPM_CC_PolicyCounterTimer; - HASH_STATE hashState; - TPM2B_DIGEST argHash; - -// Input Validation - // Get a marshaled time structure - infoDataSize = TimeGetMarshaled(&infoData); - // Make sure that the referenced stays within the bounds of the structure. - // NOTE: the offset checks are made even for a trial policy because the policy - // will not make any sense if the references are out of bounds of the timer - // structure. - if(in->offset > infoDataSize) - return TPM_RCS_VALUE + RC_PolicyCounterTimer_offset; - if((UINT32)in->offset + (UINT32)in->operandB.t.size > infoDataSize) - return TPM_RCS_RANGE; - // Get pointer to the session structure - session = SessionGet(in->policySession); - - //If this is a trial policy, skip the check to see if the condition is met. - if(session->attributes.isTrialPolicy == CLEAR) - { - // If the command is going to use any part of the counter or timer, need - // to verify that time is advancing. - // The time and clock vales are the first two 64-bit values in the clock - if(in->offset < sizeof(UINT64) + sizeof(UINT64)) - { - // Using Clock or Time so see if clock is running. Clock doesn't - // run while NV is unavailable. - // TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned here. - RETURN_IF_NV_IS_NOT_AVAILABLE; - } - // offset to the starting position - pInfoData = (BYTE *)infoData; - // Check to see if the condition is valid - if(!PolicySptCheckCondition(in->operation, pInfoData + in->offset, - in->operandB.t.buffer, in->operandB.t.size)) - return TPM_RC_POLICY; - } -// Internal Data Update - // Start argument list hash - argHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - // add operandB - CryptDigestUpdate2B(&hashState, &in->operandB.b); - // add offset - CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset); - // add operation - CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation); - // complete argument hash - CryptHashEnd2B(&hashState, &argHash.b); - - // update policyDigest - // start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add argument digest - CryptDigestUpdate2B(&hashState, &argHash.b); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyCounterTimer \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c deleted file mode 100644 index cdcfcb7ee..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c +++ /dev/null @@ -1,103 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyCpHash_fp.h" - -#if CC_PolicyCpHash // Conditional expansion of this file - -/*(See part 3 specification) -// Add a cpHash restriction to the policyDigest -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH cpHash of 'policySession' has previously been set -// to a different value -// TPM_RC_SIZE 'cpHashA' is not the size of a digest produced -// by the hash algorithm associated with -// 'policySession' -TPM_RC -TPM2_PolicyCpHash( - PolicyCpHash_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyCpHash; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // A valid cpHash must have the same size as session hash digest - // NOTE: the size of the digest can't be zero because TPM_ALG_NULL - // can't be used for the authHashAlg. - if(in->cpHashA.t.size != CryptHashGetDigestSize(session->authHashAlg)) - return TPM_RCS_SIZE + RC_PolicyCpHash_cpHashA; - - // error if the cpHash in session context is not empty and is not the same - // as the input or is not a cpHash - if((session->u1.cpHash.t.size != 0) - && (!session->attributes.isCpHashDefined - || !MemoryEqual2B(&in->cpHashA.b, &session->u1.cpHash.b))) - return TPM_RC_CPHASH; - - -// Internal Data Update - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCpHash || cpHashA) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add cpHashA - CryptDigestUpdate2B(&hashState, &in->cpHashA.b); - - // complete the digest and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update cpHash in session context - session->u1.cpHash = in->cpHashA; - session->attributes.isCpHashDefined = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyCpHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c deleted file mode 100644 index 6eec4a773..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c +++ /dev/null @@ -1,113 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyDuplicationSelect_fp.h" - -#if CC_PolicyDuplicationSelect // Conditional expansion of this file - -/*(See part 3 specification) -// allows qualification of duplication so that it a specific new parent may be -// selected or a new parent selected for a specific object. -*/ -// Return Type: TPM_RC -// TPM_RC_COMMAND_CODE 'commandCode' of 'policySession; is not empty -// TPM_RC_CPHASH 'cpHash' of 'policySession' is not empty -TPM_RC -TPM2_PolicyDuplicationSelect( - PolicyDuplicationSelect_In *in // IN: input parameter list - ) -{ - SESSION *session; - HASH_STATE hashState; - TPM_CC commandCode = TPM_CC_PolicyDuplicationSelect; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // cpHash in session context must be empty - if(session->u1.cpHash.t.size != 0) - return TPM_RC_CPHASH; - - // commandCode in session context must be empty - if(session->commandCode != 0) - return TPM_RC_COMMAND_CODE; - -// Internal Data Update - - // Update name hash - session->u1.cpHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - - // add objectName - CryptDigestUpdate2B(&hashState, &in->objectName.b); - - // add new parent name - CryptDigestUpdate2B(&hashState, &in->newParentName.b); - - // complete hash - CryptHashEnd2B(&hashState, &session->u1.cpHash.b); - - // update policy hash - // Old policyDigest size should be the same as the new policyDigest size since - // they are using the same hash algorithm - session->u2.policyDigest.t.size - = CryptHashStart(&hashState, session->authHashAlg); -// add old policy - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add command code - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add objectName - if(in->includeObject == YES) - CryptDigestUpdate2B(&hashState, &in->objectName.b); - - // add new parent name - CryptDigestUpdate2B(&hashState, &in->newParentName.b); - - // add includeObject - CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->includeObject); - - // complete digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // set commandCode in session context - session->commandCode = TPM_CC_Duplicate; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyDuplicationSelect \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c deleted file mode 100644 index decadfc03..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c +++ /dev/null @@ -1,61 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyGetDigest_fp.h" - -#if CC_PolicyGetDigest // Conditional expansion of this file - -/*(See part 3 specification) -// returns the current policyDigest of the session -*/ -TPM_RC -TPM2_PolicyGetDigest( - PolicyGetDigest_In *in, // IN: input parameter list - PolicyGetDigest_Out *out // OUT: output parameter list - ) -{ - SESSION *session; - -// Command Output - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - out->policyDigest = session->u2.policyDigest; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyGetDigest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c deleted file mode 100644 index cff6c77a8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c +++ /dev/null @@ -1,138 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyLocality_fp.h" - - -#if CC_PolicyLocality // Conditional expansion of this file - -// Return Type: TPM_RC -// TPM_RC_RANGE all the locality values selected by -// 'locality' have been disabled -// by previous TPM2_PolicyLocality() calls. -TPM_RC -TPM2_PolicyLocality( - PolicyLocality_In *in // IN: input parameter list - ) -{ - SESSION *session; - BYTE marshalBuffer[sizeof(TPMA_LOCALITY)]; - BYTE prevSetting[sizeof(TPMA_LOCALITY)]; - UINT32 marshalSize; - BYTE *buffer; - TPM_CC commandCode = TPM_CC_PolicyLocality; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Get new locality setting in canonical form - marshalBuffer[0] = 0; // Code analysis says that this is not initialized - buffer = marshalBuffer; - marshalSize = TPMA_LOCALITY_Marshal(&in->locality, &buffer, NULL); - - // Its an error if the locality parameter is zero - if(marshalBuffer[0] == 0) - return TPM_RCS_RANGE + RC_PolicyLocality_locality; - - // Get existing locality setting in canonical form - prevSetting[0] = 0; // Code analysis says that this is not initialized - buffer = prevSetting; - TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); - - // If the locality has previously been set - if(prevSetting[0] != 0 - // then the current locality setting and the requested have to be the same - // type (that is, either both normal or both extended - && ((prevSetting[0] < 32) != (marshalBuffer[0] < 32))) - return TPM_RCS_RANGE + RC_PolicyLocality_locality; - - // See if the input is a regular or extended locality - if(marshalBuffer[0] < 32) - { - // if there was no previous setting, start with all normal localities - // enabled - if(prevSetting[0] == 0) - prevSetting[0] = 0x1F; - - // AND the new setting with the previous setting and store it in prevSetting - prevSetting[0] &= marshalBuffer[0]; - - // The result setting can not be 0 - if(prevSetting[0] == 0) - return TPM_RCS_RANGE + RC_PolicyLocality_locality; - } - else - { - // for extended locality - // if the locality has already been set, then it must match the - if(prevSetting[0] != 0 && prevSetting[0] != marshalBuffer[0]) - return TPM_RCS_RANGE + RC_PolicyLocality_locality; - - // Setting is OK - prevSetting[0] = marshalBuffer[0]; - } - -// Internal Data Update - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyLocality || locality) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add input locality - CryptDigestUpdate(&hashState, marshalSize, marshalBuffer); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update session locality by unmarshal function. The function must succeed - // because both input and existing locality setting have been validated. - buffer = prevSetting; - TPMA_LOCALITY_Unmarshal(&session->commandLocality, &buffer, - (INT32 *)&marshalSize); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyLocality \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c deleted file mode 100644 index 65e7a91f0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c +++ /dev/null @@ -1,143 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyNV_fp.h" - -#if CC_PolicyNV // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Do comparison to NV location -*/ -// Return Type: TPM_RC -// TPM_RC_AUTH_TYPE NV index authorization type is not correct -// TPM_RC_NV_LOCKED NV index read locked -// TPM_RC_NV_UNINITIALIZED the NV index has not been initialized -// TPM_RC_POLICY the comparison to the NV contents failed -// TPM_RC_SIZE the size of 'nvIndex' data starting at 'offset' -// is less than the size of 'operandB' -// TPM_RC_VALUE 'offset' is too large -TPM_RC -TPM2_PolicyNV( - PolicyNV_In *in // IN: input parameter list - ) -{ - TPM_RC result; - SESSION *session; - NV_REF locator; - NV_INDEX *nvIndex; - BYTE nvBuffer[sizeof(in->operandB.t.buffer)]; - TPM2B_NAME nvName; - TPM_CC commandCode = TPM_CC_PolicyNV; - HASH_STATE hashState; - TPM2B_DIGEST argHash; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - //If this is a trial policy, skip all validations and the operation - if(session->attributes.isTrialPolicy == CLEAR) - { - // No need to access the actual NV index information for a trial policy. - nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - - // Common read access checks. NvReadAccessChecks() may return - // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED - result = NvReadAccessChecks(in->authHandle, - in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure that offset is withing range - if(in->offset > nvIndex->publicArea.dataSize) - return TPM_RCS_VALUE + RC_PolicyNV_offset; - - // Valid NV data size should not be smaller than input operandB size - if((nvIndex->publicArea.dataSize - in->offset) < in->operandB.t.size) - return TPM_RCS_SIZE + RC_PolicyNV_operandB; - - - // Get NV data. The size of NV data equals the input operand B size - NvGetIndexData(nvIndex, locator, in->offset, in->operandB.t.size, nvBuffer); - - // Check to see if the condition is valid - if(!PolicySptCheckCondition(in->operation, nvBuffer, - in->operandB.t.buffer, in->operandB.t.size)) - return TPM_RC_POLICY; - } -// Internal Data Update - - // Start argument hash - argHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - - // add operandB - CryptDigestUpdate2B(&hashState, &in->operandB.b); - - // add offset - CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset); - - // add operation - CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation); - - // complete argument digest - CryptHashEnd2B(&hashState, &argHash.b); - - // Update policyDigest - // Start digest - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add argument digest - CryptDigestUpdate2B(&hashState, &argHash.b); - - // Adding nvName - CryptDigestUpdate2B(&hashState, &EntityGetName(in->nvIndex, &nvName)->b); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyNV \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c deleted file mode 100644 index fc9e28e4d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c +++ /dev/null @@ -1,99 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyNameHash_fp.h" - -#if CC_PolicyNameHash // Conditional expansion of this file - -/*(See part 3 specification) -// Add a nameHash restriction to the policyDigest -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH 'nameHash' has been previously set to a different value -// TPM_RC_SIZE 'nameHash' is not the size of the digest produced by the -// hash algorithm associated with 'policySession' -TPM_RC -TPM2_PolicyNameHash( - PolicyNameHash_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyNameHash; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // A valid nameHash must have the same size as session hash digest - // Since the authHashAlg for a session cannot be TPM_ALG_NULL, the digest size - // is always non-zero. - if(in->nameHash.t.size != CryptHashGetDigestSize(session->authHashAlg)) - return TPM_RCS_SIZE + RC_PolicyNameHash_nameHash; - - // u1 in the policy session context cannot otherwise be occupied - if(session->u1.cpHash.b.size != 0 - || session->attributes.isBound - || session->attributes.isCpHashDefined - || session->attributes.isTemplateSet) - return TPM_RC_CPHASH; - -// Internal Data Update - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyNameHash || nameHash) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add nameHash - CryptDigestUpdate2B(&hashState, &in->nameHash.b); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update nameHash in session context - session->u1.cpHash = in->nameHash; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyNameHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c deleted file mode 100644 index d71af6c0a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c +++ /dev/null @@ -1,95 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyNvWritten_fp.h" - -#if CC_PolicyNvWritten // Conditional expansion of this file - -// Make an NV Index policy dependent on the state of the TPMA_NV_WRITTEN -// attribute of the index. -// Return Type: TPM_RC -// TPM_RC_VALUE a conflicting request for the attribute has -// already been processed -TPM_RC -TPM2_PolicyNvWritten( - PolicyNvWritten_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyNvWritten; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // If already set is this a duplicate (the same setting)? If it - // is a conflicting setting, it is an error - if(session->attributes.checkNvWritten == SET) - { - if(((session->attributes.nvWrittenState == SET) - != (in->writtenSet == YES))) - return TPM_RCS_VALUE + RC_PolicyNvWritten_writtenSet; - } - -// Internal Data Update - - // Set session attributes so that the NV Index needs to be checked - session->attributes.checkNvWritten = SET; - session->attributes.nvWrittenState = (in->writtenSet == YES); - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyNvWritten - // || writtenSet) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add the byte of writtenState - CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->writtenSet); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyNvWritten \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c deleted file mode 100644 index 8d0553628..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c +++ /dev/null @@ -1,99 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyOR_fp.h" - -#if CC_PolicyOR // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// PolicyOR command -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE no digest in 'pHashList' matched the current -// value of policyDigest for 'policySession' -TPM_RC -TPM2_PolicyOR( - PolicyOR_In *in // IN: input parameter list - ) -{ - SESSION *session; - UINT32 i; - -// Input Validation and Update - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Compare and Update Internal Session policy if match - for(i = 0; i < in->pHashList.count; i++) - { - if(session->attributes.isTrialPolicy == SET - || (MemoryEqual2B(&session->u2.policyDigest.b, - &in->pHashList.digests[i].b))) - { - // Found a match - HASH_STATE hashState; - TPM_CC commandCode = TPM_CC_PolicyOR; - - // Start hash - session->u2.policyDigest.t.size - = CryptHashStart(&hashState, session->authHashAlg); - // Set policyDigest to 0 string and add it to hash - MemorySet(session->u2.policyDigest.t.buffer, 0, - session->u2.policyDigest.t.size); - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add command code - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // Add each of the hashes in the list - for(i = 0; i < in->pHashList.count; i++) - { - // Extend policyDigest - CryptDigestUpdate2B(&hashState, &in->pHashList.digests[i].b); - } - // Complete digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - return TPM_RC_SUCCESS; - } - } - // None of the values in the list matched the current policyDigest - return TPM_RCS_VALUE + RC_PolicyOR_pHashList; -} - -#endif // CC_PolicyOR \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c deleted file mode 100644 index 53248f202..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c +++ /dev/null @@ -1,125 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyPCR_fp.h" - -#if CC_PolicyPCR // Conditional expansion of this file - -/*(See part 3 specification) -// Add a PCR gate for a policy session -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE if provided, 'pcrDigest' does not match the -// current PCR settings -// TPM_RC_PCR_CHANGED a previous TPM2_PolicyPCR() set -// pcrCounter and it has changed -TPM_RC -TPM2_PolicyPCR( - PolicyPCR_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM2B_DIGEST pcrDigest; - BYTE pcrs[sizeof(TPML_PCR_SELECTION)]; - UINT32 pcrSize; - BYTE *buffer; - TPM_CC commandCode = TPM_CC_PolicyPCR; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Compute current PCR digest - PCRComputeCurrentDigest(session->authHashAlg, &in->pcrs, &pcrDigest); - - // Do validation for non trial session - if(session->attributes.isTrialPolicy == CLEAR) - { - // Make sure that this is not going to invalidate a previous PCR check - if(session->pcrCounter != 0 && session->pcrCounter != gr.pcrCounter) - return TPM_RC_PCR_CHANGED; - - // If the caller specified the PCR digest and it does not - // match the current PCR settings, return an error.. - if(in->pcrDigest.t.size != 0) - { - if(!MemoryEqual2B(&in->pcrDigest.b, &pcrDigest.b)) - return TPM_RCS_VALUE + RC_PolicyPCR_pcrDigest; - } - } - else - { - // For trial session, just use the input PCR digest if one provided - // Note: It can't be too big because it is a TPM2B_DIGEST and the size - // would have been checked during unmarshaling - if(in->pcrDigest.t.size != 0) - pcrDigest = in->pcrDigest; - } -// Internal Data Update - // Update policy hash - // policyDigestnew = hash( policyDigestold || TPM_CC_PolicyPCR - // || PCRS || pcrDigest) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add PCRS - buffer = pcrs; - pcrSize = TPML_PCR_SELECTION_Marshal(&in->pcrs, &buffer, NULL); - CryptDigestUpdate(&hashState, pcrSize, pcrs); - - // add PCR digest - CryptDigestUpdate2B(&hashState, &pcrDigest.b); - - // complete the hash and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update pcrCounter in session context for non trial session - if(session->attributes.isTrialPolicy == CLEAR) - { - session->pcrCounter = gr.pcrCounter; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyPCR \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c deleted file mode 100644 index 310df5e31..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c +++ /dev/null @@ -1,81 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyPassword_fp.h" - -#if CC_PolicyPassword // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// allows a policy to be bound to the authorization value of the authorized -// object -*/ -TPM_RC -TPM2_PolicyPassword( - PolicyPassword_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyAuthValue; - HASH_STATE hashState; - -// Internal Data Update - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // Update isPasswordNeeded bit - session->attributes.isPasswordNeeded = SET; - session->attributes.isAuthValueNeeded = CLEAR; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyPassword \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c deleted file mode 100644 index 23af572cd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c +++ /dev/null @@ -1,78 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyPhysicalPresence_fp.h" - -#if CC_PolicyPhysicalPresence // Conditional expansion of this file - -/*(See part 3 specification) -// indicate that physical presence will need to be asserted at the time the -// authorization is performed -*/ -TPM_RC -TPM2_PolicyPhysicalPresence( - PolicyPhysicalPresence_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyPhysicalPresence; - HASH_STATE hashState; - -// Internal Data Update - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyPhysicalPresence) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // complete the digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update session attribute - session->attributes.isPPRequired = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyPhysicalPresence \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c deleted file mode 100644 index da6583eda..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c +++ /dev/null @@ -1,128 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicySecret_fp.h" - -#if CC_PolicySecret // Conditional expansion of this file - -#include "Policy_spt_fp.h" -#include "NV_spt_fp.h" - -/*(See part 3 specification) -// Add a secret-based authorization to the policy evaluation -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH cpHash for policy was previously set to a -// value that is not the same as 'cpHashA' -// TPM_RC_EXPIRED 'expiration' indicates a time in the past -// TPM_RC_NONCE 'nonceTPM' does not match the nonce associated -// with 'policySession' -// TPM_RC_SIZE 'cpHashA' is not the size of a digest for the -// hash associated with 'policySession' -TPM_RC -TPM2_PolicySecret( - PolicySecret_In *in, // IN: input parameter list - PolicySecret_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - SESSION *session; - TPM2B_NAME entityName; - UINT64 authTimeout = 0; -// Input Validation - // Get pointer to the session structure - session = SessionGet(in->policySession); - - //Only do input validation if this is not a trial policy session - if(session->attributes.isTrialPolicy == CLEAR) - { - authTimeout = ComputeAuthTimeout(session, in->expiration, &in->nonceTPM); - - result = PolicyParameterChecks(session, authTimeout, - &in->cpHashA, &in->nonceTPM, - RC_PolicySecret_nonceTPM, - RC_PolicySecret_cpHashA, - RC_PolicySecret_expiration); - if(result != TPM_RC_SUCCESS) - return result; - } -// Internal Data Update - // Update policy context with input policyRef and name of authorizing key - // This value is computed even for trial sessions. Possibly update the cpHash - PolicyContextUpdate(TPM_CC_PolicySecret, - EntityGetName(in->authHandle, &entityName), &in->policyRef, - &in->cpHashA, authTimeout, session); -// Command Output - // Create ticket and timeout buffer if in->expiration < 0 and this is not - // a trial session. - // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present - // when expiration is non-zero. - if(in->expiration < 0 - && session->attributes.isTrialPolicy == CLEAR - && !NvIsPinPassIndex(in->authHandle)) - { - BOOL expiresOnReset = (in->nonceTPM.t.size == 0); - // Compute policy ticket - authTimeout &= ~EXPIRATION_BIT; - TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle), - authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, - &entityName, &out->policyTicket); - // Generate timeout buffer. The format of output timeout buffer is - // TPM-specific. - // Note: In this implementation, the timeout buffer value is computed after - // the ticket is produced so, when the ticket is checked, the expiration - // flag needs to be extracted before the ticket is checked. - out->timeout.t.size = sizeof(authTimeout); - // In the Windows compatible version, the least-significant bit of the - // timeout value is used as a flag to indicate if the authorization expires - // on reset. The flag is the MSb. - if(expiresOnReset) - authTimeout |= EXPIRATION_BIT; - UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); - } - else - { - // timeout buffer is null - out->timeout.t.size = 0; - - // authorization ticket is null - out->policyTicket.tag = TPM_ST_AUTH_SECRET; - out->policyTicket.hierarchy = TPM_RH_NULL; - out->policyTicket.digest.t.size = 0; - } - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicySecret \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c deleted file mode 100644 index 1928da6d9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c +++ /dev/null @@ -1,180 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Policy_spt_fp.h" -#include "PolicySigned_fp.h" - -#if CC_PolicySigned // Conditional expansion of this file - -/*(See part 3 specification) -// Include an asymmetrically signed authorization to the policy evaluation -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH cpHash was previously set to a different value -// TPM_RC_EXPIRED 'expiration' indicates a time in the past or -// 'expiration' is non-zero but no nonceTPM is present -// TPM_RC_NONCE 'nonceTPM' is not the nonce associated with the -// 'policySession' -// TPM_RC_SCHEME the signing scheme of 'auth' is not supported by the -// TPM -// TPM_RC_SIGNATURE the signature is not genuine -// TPM_RC_SIZE input cpHash has wrong size -TPM_RC -TPM2_PolicySigned( - PolicySigned_In *in, // IN: input parameter list - PolicySigned_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - SESSION *session; - TPM2B_NAME entityName; - TPM2B_DIGEST authHash; - HASH_STATE hashState; - UINT64 authTimeout = 0; -// Input Validation - // Set up local pointers - session = SessionGet(in->policySession); // the session structure - - // Only do input validation if this is not a trial policy session - if(session->attributes.isTrialPolicy == CLEAR) - { - authTimeout = ComputeAuthTimeout(session, in->expiration, &in->nonceTPM); - - result = PolicyParameterChecks(session, authTimeout, - &in->cpHashA, &in->nonceTPM, - RC_PolicySigned_nonceTPM, - RC_PolicySigned_cpHashA, - RC_PolicySigned_expiration); - if(result != TPM_RC_SUCCESS) - return result; - // Re-compute the digest being signed - /*(See part 3 specification) - // The digest is computed as: - // aHash := hash ( nonceTPM | expiration | cpHashA | policyRef) - // where: - // hash() the hash associated with the signed authorization - // nonceTPM the nonceTPM value from the TPM2_StartAuthSession . - // response If the authorization is not limited to this - // session, the size of this value is zero. - // expiration time limit on authorization set by authorizing object. - // This 32-bit value is set to zero if the expiration - // time is not being set. - // cpHashA hash of the command parameters for the command being - // approved using the hash algorithm of the PSAP session. - // Set to NULLauth if the authorization is not limited - // to a specific command. - // policyRef hash of an opaque value determined by the authorizing - // object. Set to the NULLdigest if no hash is present. - */ - // Start hash - authHash.t.size = CryptHashStart(&hashState, - CryptGetSignHashAlg(&in->auth)); - // If there is no digest size, then we don't have a verification function - // for this algorithm (e.g. TPM_ALG_ECDAA) so indicate that it is a - // bad scheme. - if(authHash.t.size == 0) - return TPM_RCS_SCHEME + RC_PolicySigned_auth; - - // nonceTPM - CryptDigestUpdate2B(&hashState, &in->nonceTPM.b); - - // expiration - CryptDigestUpdateInt(&hashState, sizeof(UINT32), in->expiration); - - // cpHashA - CryptDigestUpdate2B(&hashState, &in->cpHashA.b); - - // policyRef - CryptDigestUpdate2B(&hashState, &in->policyRef.b); - - // Complete digest - CryptHashEnd2B(&hashState, &authHash.b); - - // Validate Signature. A TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE - // error may be returned at this point - result = CryptValidateSignature(in->authObject, &authHash, &in->auth); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_PolicySigned_auth); - } -// Internal Data Update - // Update policy with input policyRef and name of authorization key - // These values are updated even if the session is a trial session - PolicyContextUpdate(TPM_CC_PolicySigned, - EntityGetName(in->authObject, &entityName), - &in->policyRef, - &in->cpHashA, authTimeout, session); -// Command Output - // Create ticket and timeout buffer if in->expiration < 0 and this is not - // a trial session. - // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present - // when expiration is non-zero. - if(in->expiration < 0 - && session->attributes.isTrialPolicy == CLEAR) - { - BOOL expiresOnReset = (in->nonceTPM.t.size == 0); - // Compute policy ticket - authTimeout &= ~EXPIRATION_BIT; - - TicketComputeAuth(TPM_ST_AUTH_SIGNED, EntityGetHierarchy(in->authObject), - authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, - &entityName, &out->policyTicket); - // Generate timeout buffer. The format of output timeout buffer is - // TPM-specific. - // Note: In this implementation, the timeout buffer value is computed after - // the ticket is produced so, when the ticket is checked, the expiration - // flag needs to be extracted before the ticket is checked. - // In the Windows compatible version, the least-significant bit of the - // timeout value is used as a flag to indicate if the authorization expires - // on reset. The flag is the MSb. - out->timeout.t.size = sizeof(authTimeout); - if(expiresOnReset) - authTimeout |= EXPIRATION_BIT; - UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); - } - else - { - // Generate a null ticket. - // timeout buffer is null - out->timeout.t.size = 0; - - // authorization ticket is null - out->policyTicket.tag = TPM_ST_AUTH_SIGNED; - out->policyTicket.hierarchy = TPM_RH_NULL; - out->policyTicket.digest.t.size = 0; - } - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicySigned \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c deleted file mode 100644 index 38be244e0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c +++ /dev/null @@ -1,103 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyTemplate_fp.h" - -#if CC_PolicyTemplate // Conditional expansion of this file - -/*(See part 3 specification) -// Add a cpHash restriction to the policyDigest -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH cpHash of 'policySession' has previously been set -// to a different value -// TPM_RC_SIZE 'templateHash' is not the size of a digest produced -// by the hash algorithm associated with -// 'policySession' -TPM_RC -TPM2_PolicyTemplate( - PolicyTemplate_In *in // IN: input parameter list - ) -{ - SESSION *session; - TPM_CC commandCode = TPM_CC_PolicyTemplate; - HASH_STATE hashState; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // If the template is set, make sure that it is the same as the input value - if(session->attributes.isTemplateSet) - { - if(!MemoryEqual2B(&in->templateHash.b, &session->u1.cpHash.b)) - return TPM_RCS_VALUE + RC_PolicyTemplate_templateHash; - } - // error if cpHash contains something that is not a template - else if(session->u1.templateHash.t.size != 0) - return TPM_RC_CPHASH; - - // A valid templateHash must have the same size as session hash digest - if(in->templateHash.t.size != CryptHashGetDigestSize(session->authHashAlg)) - return TPM_RCS_SIZE + RC_PolicyTemplate_templateHash; - -// Internal Data Update - // Update policy hash - // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCpHash - // || cpHashA.buffer) - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); - - // add cpHashA - CryptDigestUpdate2B(&hashState, &in->templateHash.b); - - // complete the digest and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // update cpHash in session context - session->u1.templateHash = in->templateHash; - session->attributes.isTemplateSet = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyTemplateHash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c deleted file mode 100644 index b19aec4e0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c +++ /dev/null @@ -1,128 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyTicket_fp.h" - -#if CC_PolicyTicket // Conditional expansion of this file - -#include "Policy_spt_fp.h" - -/*(See part 3 specification) -// Include ticket to the policy evaluation -*/ -// Return Type: TPM_RC -// TPM_RC_CPHASH policy's cpHash was previously set to a different -// value -// TPM_RC_EXPIRED 'timeout' value in the ticket is in the past and the -// ticket has expired -// TPM_RC_SIZE 'timeout' or 'cpHash' has invalid size for the -// TPM_RC_TICKET 'ticket' is not valid -TPM_RC -TPM2_PolicyTicket( - PolicyTicket_In *in // IN: input parameter list - ) -{ - TPM_RC result; - SESSION *session; - UINT64 authTimeout; - TPMT_TK_AUTH ticketToCompare; - TPM_CC commandCode = TPM_CC_PolicySecret; - BOOL expiresOnReset; - -// Input Validation - - // Get pointer to the session structure - session = SessionGet(in->policySession); - - // NOTE: A trial policy session is not allowed to use this command. - // A ticket is used in place of a previously given authorization. Since - // a trial policy doesn't actually authenticate, the validated - // ticket is not necessary and, in place of using a ticket, one - // should use the intended authorization for which the ticket - // would be a substitute. - if(session->attributes.isTrialPolicy) - return TPM_RCS_ATTRIBUTES + RC_PolicyTicket_policySession; - // Restore timeout data. The format of timeout buffer is TPM-specific. - // In this implementation, the most significant bit of the timeout value is - // used as the flag to indicate that the ticket expires on TPM Reset or - // TPM Restart. The flag has to be removed before the parameters and ticket - // are checked. - if(in->timeout.t.size != sizeof(UINT64)) - return TPM_RCS_SIZE + RC_PolicyTicket_timeout; - authTimeout = BYTE_ARRAY_TO_UINT64(in->timeout.t.buffer); - - // extract the flag - expiresOnReset = (authTimeout & EXPIRATION_BIT) != 0; - authTimeout &= ~EXPIRATION_BIT; - - // Do the normal checks on the cpHashA and timeout values - result = PolicyParameterChecks(session, authTimeout, - &in->cpHashA, - NULL, // no nonce - 0, // no bad nonce return - RC_PolicyTicket_cpHashA, - RC_PolicyTicket_timeout); - if(result != TPM_RC_SUCCESS) - return result; - // Validate Ticket - // Re-generate policy ticket by input parameters - TicketComputeAuth(in->ticket.tag, in->ticket.hierarchy, - authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, - &in->authName, &ticketToCompare); - // Compare generated digest with input ticket digest - if(!MemoryEqual2B(&in->ticket.digest.b, &ticketToCompare.digest.b)) - return TPM_RCS_TICKET + RC_PolicyTicket_ticket; - -// Internal Data Update - - // Is this ticket to take the place of a TPM2_PolicySigned() or - // a TPM2_PolicySecret()? - if(in->ticket.tag == TPM_ST_AUTH_SIGNED) - commandCode = TPM_CC_PolicySigned; - else if(in->ticket.tag == TPM_ST_AUTH_SECRET) - commandCode = TPM_CC_PolicySecret; - else - // There could only be two possible tag values. Any other value should - // be caught by the ticket validation process. - FAIL(FATAL_ERROR_INTERNAL); - - // Update policy context - PolicyContextUpdate(commandCode, &in->authName, &in->policyRef, - &in->cpHashA, authTimeout, session); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyTicket \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c deleted file mode 100644 index 255dc7ead..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c +++ /dev/null @@ -1,290 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "Policy_spt_fp.h" -#include "PolicySigned_fp.h" -#include "PolicySecret_fp.h" -#include "PolicyTicket_fp.h" - -//** Functions -//*** PolicyParameterChecks() -// This function validates the common parameters of TPM2_PolicySiged() -// and TPM2_PolicySecret(). The common parameters are 'nonceTPM', -// 'expiration', and 'cpHashA'. -TPM_RC -PolicyParameterChecks( - SESSION *session, - UINT64 authTimeout, - TPM2B_DIGEST *cpHashA, - TPM2B_NONCE *nonce, - TPM_RC blameNonce, - TPM_RC blameCpHash, - TPM_RC blameExpiration - ) -{ - // Validate that input nonceTPM is correct if present - if(nonce != NULL && nonce->t.size != 0) - { - if(!MemoryEqual2B(&nonce->b, &session->nonceTPM.b)) - return TPM_RCS_NONCE + blameNonce; - } - // If authTimeout is set (expiration != 0... - if(authTimeout != 0) - { - // Validate input expiration. - // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE - // or TPM_RC_NV_RATE error may be returned here. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // if the time has already passed or the time epoch has changed then the - // time value is no longer good. - if((authTimeout < g_time) - || (session->epoch != g_timeEpoch)) - return TPM_RCS_EXPIRED + blameExpiration; - } - // If the cpHash is present, then check it - if(cpHashA != NULL && cpHashA->t.size != 0) - { - // The cpHash input has to have the correct size - if(cpHashA->t.size != session->u2.policyDigest.t.size) - return TPM_RCS_SIZE + blameCpHash; - - // If the cpHash has already been set, then this input value - // must match the current value. - if(session->u1.cpHash.b.size != 0 - && !MemoryEqual2B(&cpHashA->b, &session->u1.cpHash.b)) - return TPM_RC_CPHASH; - } - return TPM_RC_SUCCESS; -} - -//*** PolicyContextUpdate() -// Update policy hash -// Update the policyDigest in policy session by extending policyRef and -// objectName to it. This will also update the cpHash if it is present. -// Return Type: void -void -PolicyContextUpdate( - TPM_CC commandCode, // IN: command code - TPM2B_NAME *name, // IN: name of entity - TPM2B_NONCE *ref, // IN: the reference data - TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) - UINT64 policyTimeout, // IN: the timeout value for the policy - SESSION *session // IN/OUT: policy session to be updated - ) -{ - HASH_STATE hashState; - - // Start hash - CryptHashStart(&hashState, session->authHashAlg); - - - // policyDigest size should always be the digest size of session hash algorithm. - pAssert(session->u2.policyDigest.t.size - == CryptHashGetDigestSize(session->authHashAlg)); - - // add old digest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add commandCode - CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); - - // add name if applicable - if(name != NULL) - CryptDigestUpdate2B(&hashState, &name->b); - - // Complete the digest and get the results - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - - // If the policy reference is not null, do a second update to the digest. - if(ref != NULL) - { - - // Start second hash computation - CryptHashStart(&hashState, session->authHashAlg); - - // add policyDigest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - - // add policyRef - CryptDigestUpdate2B(&hashState, &ref->b); - - // Complete second digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - } - // Deal with the cpHash. If the cpHash value is present - // then it would have already been checked to make sure that - // it is compatible with the current value so all we need - // to do here is copy it and set the isCpHashDefined attribute - if(cpHash != NULL && cpHash->t.size != 0) - { - session->u1.cpHash = *cpHash; - session->attributes.isCpHashDefined = SET; - } - - // update the timeout if it is specified - if(policyTimeout != 0) - { - // If the timeout has not been set, then set it to the new value - // than the current timeout then set it to the new value - if(session->timeout == 0 || session->timeout > policyTimeout) - session->timeout = policyTimeout; - } - return; -} -//*** ComputeAuthTimeout() -// This function is used to determine what the authorization timeout value for -// the session should be. -UINT64 -ComputeAuthTimeout( - SESSION *session, // IN: the session containing the time - // values - INT32 expiration, // IN: either the number of seconds from - // the start of the session or the - // time in g_timer; - TPM2B_NONCE *nonce // IN: indicator of the time base - ) -{ - UINT64 policyTime; - // If no expiration, policy time is 0 - if(expiration == 0) - policyTime = 0; - else - { - if(expiration < 0) - expiration = -expiration; - if(nonce->t.size == 0) - // The input time is absolute Time (not Clock), but it is expressed - // in seconds. To make sure that we don't time out too early, take the - // current value of milliseconds in g_time and add that to the input - // seconds value. - policyTime = (((UINT64)expiration) * 1000) + g_time % 1000; - else - // The policy timeout is the absolute value of the expiration in seconds - // added to the start time of the policy. - policyTime = session->startTime + (((UINT64)expiration) * 1000); - - } - return policyTime; -} - -//*** PolicyDigestClear() -// Function to reset the policyDigest of a session -void -PolicyDigestClear( - SESSION *session - ) -{ - session->u2.policyDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); - MemorySet(session->u2.policyDigest.t.buffer, 0, - session->u2.policyDigest.t.size); -} - -BOOL -PolicySptCheckCondition( - TPM_EO operation, - BYTE *opA, - BYTE *opB, - UINT16 size - ) -{ - // Arithmetic Comparison - switch(operation) - { - case TPM_EO_EQ: - // compare A = B - return (UnsignedCompareB(size, opA, size, opB) == 0); - break; - case TPM_EO_NEQ: - // compare A != B - return (UnsignedCompareB(size, opA, size, opB) != 0); - break; - case TPM_EO_SIGNED_GT: - // compare A > B signed - return (SignedCompareB(size, opA, size, opB) > 0); - break; - case TPM_EO_UNSIGNED_GT: - // compare A > B unsigned - return (UnsignedCompareB(size, opA, size, opB) > 0); - break; - case TPM_EO_SIGNED_LT: - // compare A < B signed - return (SignedCompareB(size, opA, size, opB) < 0); - break; - case TPM_EO_UNSIGNED_LT: - // compare A < B unsigned - return (UnsignedCompareB(size, opA, size, opB) < 0); - break; - case TPM_EO_SIGNED_GE: - // compare A >= B signed - return (SignedCompareB(size, opA, size, opB) >= 0); - break; - case TPM_EO_UNSIGNED_GE: - // compare A >= B unsigned - return (UnsignedCompareB(size, opA, size, opB) >= 0); - break; - case TPM_EO_SIGNED_LE: - // compare A <= B signed - return (SignedCompareB(size, opA, size, opB) <= 0); - break; - case TPM_EO_UNSIGNED_LE: - // compare A <= B unsigned - return (UnsignedCompareB(size, opA, size, opB) <= 0); - break; - case TPM_EO_BITSET: - // All bits SET in B are SET in A. ((A&B)=B) - { - UINT32 i; - for(i = 0; i < size; i++) - if((opA[i] & opB[i]) != opB[i]) - return FALSE; - } - break; - case TPM_EO_BITCLEAR: - // All bits SET in B are CLEAR in A. ((A&B)=0) - { - UINT32 i; - for(i = 0; i < size; i++) - if((opA[i] & opB[i]) != 0) - return FALSE; - } - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return TRUE; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c deleted file mode 100644 index 40203c2cf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c +++ /dev/null @@ -1,169 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Commit_fp.h" - -#if CC_Commit // Conditional expansion of this file - -/*(See part 3 specification) -// This command performs the point multiply operations for anonymous signing -// scheme. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' references a restricted key that is not a -// signing key -// TPM_RC_ECC_POINT either 'P1' or the point derived from 's2' is not on -// the curve of 'keyHandle' -// TPM_RC_HASH invalid name algorithm in 'keyHandle' -// TPM_RC_KEY 'keyHandle' does not reference an ECC key -// TPM_RC_SCHEME the scheme of 'keyHandle' is not an anonymous scheme -// TPM_RC_NO_RESULT 'K', 'L' or 'E' was a point at infinity; or -// failed to generate "r" value -// TPM_RC_SIZE 's2' is empty but 'y2' is not or 's2' provided but -// 'y2' is not -TPM_RC -TPM2_Commit( - Commit_In *in, // IN: input parameter list - Commit_Out *out // OUT: output parameter list - ) -{ - OBJECT *eccKey; - TPMS_ECC_POINT P2; - TPMS_ECC_POINT *pP2 = NULL; - TPMS_ECC_POINT *pP1 = NULL; - TPM2B_ECC_PARAMETER r; - TPM2B_ECC_PARAMETER p; - TPM_RC result; - TPMS_ECC_PARMS *parms; - -// Input Validation - - eccKey = HandleToObject(in->signHandle); - parms = &eccKey->publicArea.parameters.eccDetail; - - // Input key must be an ECC key - if(eccKey->publicArea.type != TPM_ALG_ECC) - return TPM_RCS_KEY + RC_Commit_signHandle; - - // This command may only be used with a sign-only key using an anonymous - // scheme. - // NOTE: a sign + decrypt key has no scheme so it will not be an anonymous one - // and an unrestricted sign key might no have a signing scheme but it can't - // be use in Commit() - if(!CryptIsSchemeAnonymous(parms->scheme.scheme)) - return TPM_RCS_SCHEME + RC_Commit_signHandle; - -// Make sure that both parts of P2 are present if either is present - if((in->s2.t.size == 0) != (in->y2.t.size == 0)) - return TPM_RCS_SIZE + RC_Commit_y2; - - // Get prime modulus for the curve. This is needed later but getting this now - // allows confirmation that the curve exists. - if(!CryptEccGetParameter(&p, 'p', parms->curveID)) - return TPM_RCS_KEY + RC_Commit_signHandle; - - // Get the random value that will be used in the point multiplications - // Note: this does not commit the count. - if(!CryptGenerateR(&r, NULL, parms->curveID, &eccKey->name)) - return TPM_RC_NO_RESULT; - - // Set up P2 if s2 and Y2 are provided - if(in->s2.t.size != 0) - { - TPM2B_DIGEST x2; - - pP2 = &P2; - - // copy y2 for P2 - P2.y = in->y2; - - // Compute x2 HnameAlg(s2) mod p - // do the hash operation on s2 with the size of curve 'p' - x2.t.size = CryptHashBlock(eccKey->publicArea.nameAlg, - in->s2.t.size, - in->s2.t.buffer, - sizeof(x2.t.buffer), - x2.t.buffer); - - // If there were error returns in the hash routine, indicate a problem - // with the hash algorithm selection - if(x2.t.size == 0) - return TPM_RCS_HASH + RC_Commit_signHandle; - // The size of the remainder will be same as the size of p. DivideB() will - // pad the results (leading zeros) if necessary to make the size the same - P2.x.t.size = p.t.size; - // set p2.x = hash(s2) mod p - if(DivideB(&x2.b, &p.b, NULL, &P2.x.b) != TPM_RC_SUCCESS) - return TPM_RC_NO_RESULT; - - if(!CryptEccIsPointOnCurve(parms->curveID, pP2)) - return TPM_RCS_ECC_POINT + RC_Commit_s2; - - if(eccKey->attributes.publicOnly == SET) - return TPM_RCS_KEY + RC_Commit_signHandle; - } - // If there is a P1, make sure that it is on the curve - // NOTE: an "empty" point has two UINT16 values which are the size values - // for each of the coordinates. - if(in->P1.size > 4) - { - pP1 = &in->P1.point; - if(!CryptEccIsPointOnCurve(parms->curveID, pP1)) - return TPM_RCS_ECC_POINT + RC_Commit_P1; - } - - // Pass the parameters to CryptCommit. - // The work is not done in-line because it does several point multiplies - // with the same curve. It saves work by not having to reload the curve - // parameters multiple times. - result = CryptEccCommitCompute(&out->K.point, - &out->L.point, - &out->E.point, - parms->curveID, - pP1, - pP2, - &eccKey->sensitive.sensitive.ecc, - &r); - if(result != TPM_RC_SUCCESS) - return result; - - // The commit computation was successful so complete the commit by setting - // the bit - out->counter = CryptCommit(); - - return TPM_RC_SUCCESS; -} - -#endif // CC_Commit \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c deleted file mode 100644 index 18f537da8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c +++ /dev/null @@ -1,53 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "FieldUpgradeData_fp.h" -#if CC_FieldUpgradeData // Conditional expansion of this file - -/*(See part 3 specification) -// FieldUpgradeData -*/ -TPM_RC -TPM2_FieldUpgradeData( - FieldUpgradeData_In *in, // IN: input parameter list - FieldUpgradeData_Out *out // OUT: output parameter list - ) -{ - // Not implemented - UNUSED_PARAMETER(in); - UNUSED_PARAMETER(out); - return TPM_RC_SUCCESS; -} -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c deleted file mode 100644 index f4f89b14a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c +++ /dev/null @@ -1,51 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "FieldUpgradeStart_fp.h" -#if CC_FieldUpgradeStart // Conditional expansion of this file - -/*(See part 3 specification) -// FieldUpgradeStart -*/ -TPM_RC -TPM2_FieldUpgradeStart( - FieldUpgradeStart_In *in // IN: input parameter list - ) -{ - // Not implemented - UNUSED_PARAMETER(in); - return TPM_RC_SUCCESS; -} -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c deleted file mode 100644 index 810483dba..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c +++ /dev/null @@ -1,55 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "FirmwareRead_fp.h" - -#if CC_FirmwareRead // Conditional expansion of this file - -/*(See part 3 specification) -// FirmwareRead -*/ -TPM_RC -TPM2_FirmwareRead( - FirmwareRead_In *in, // IN: input parameter list - FirmwareRead_Out *out // OUT: output parameter list - ) -{ - // Not implemented - UNUSED_PARAMETER(in); - UNUSED_PARAMETER(out); - return TPM_RC_SUCCESS; -} - -#endif // CC_FirmwareRead \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c deleted file mode 100644 index 5a1e79017..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c +++ /dev/null @@ -1,109 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EventSequenceComplete_fp.h" - -#if CC_EventSequenceComplete // Conditional expansion of this file - -/*(See part 3 specification) - Complete an event sequence and flush the object. -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY PCR extension is not allowed at the current locality -// TPM_RC_MODE input handle is not a valid event sequence object -TPM_RC -TPM2_EventSequenceComplete( - EventSequenceComplete_In *in, // IN: input parameter list - EventSequenceComplete_Out *out // OUT: output parameter list - ) -{ - HASH_OBJECT *hashObject; - UINT32 i; - TPM_ALG_ID hashAlg; -// Input validation - // get the event sequence object pointer - hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle); - - // input handle must reference an event sequence object - if(hashObject->attributes.eventSeq != SET) - return TPM_RCS_MODE + RC_EventSequenceComplete_sequenceHandle; - - // see if a PCR extend is requested in call - if(in->pcrHandle != TPM_RH_NULL) - { - // see if extend of the PCR is allowed at the locality of the command, - if(!PCRIsExtendAllowed(in->pcrHandle)) - return TPM_RC_LOCALITY; - // if an extend is going to take place, then check to see if there has - // been an orderly shutdown. If so, and the selected PCR is one of the - // state saved PCR, then the orderly state has to change. The orderly state - // does not change for PCR that are not preserved. - // NOTE: This doesn't just check for Shutdown(STATE) because the orderly - // state will have to change if this is a state-saved PCR regardless - // of the current state. This is because a subsequent Shutdown(STATE) will - // check to see if there was an orderly shutdown and not do anything if - // there was. So, this must indicate that a future Shutdown(STATE) has - // something to do. - if(PCRIsStateSaved(in->pcrHandle)) - RETURN_IF_ORDERLY; - } -// Command Output - out->results.count = 0; - - for(i = 0; i < HASH_COUNT; i++) - { - hashAlg = CryptHashGetAlgByIndex(i); - // Update last piece of data - CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b); - // Complete hash - out->results.digests[out->results.count].hashAlg = hashAlg; - CryptHashEnd(&hashObject->state.hashState[i], - CryptHashGetDigestSize(hashAlg), - (BYTE *)&out->results.digests[out->results.count].digest); - // Extend PCR - if(in->pcrHandle != TPM_RH_NULL) - PCRExtend(in->pcrHandle, hashAlg, - CryptHashGetDigestSize(hashAlg), - (BYTE *)&out->results.digests[out->results.count].digest); - out->results.count++; - } -// Internal Data Update - // mark sequence object as evict so it will be flushed on the way out - hashObject->attributes.evict = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_EventSequenceComplete \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c deleted file mode 100644 index 518348dd9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c +++ /dev/null @@ -1,105 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HMAC_Start_fp.h" - -#if CC_HMAC_Start // Conditional expansion of this file - -/*(See part 3 specification) -// Initialize a HMAC sequence and create a sequence object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'handle' is not a signing key -// or is restricted -// TPM_RC_OBJECT_MEMORY no space to create an internal object -// TPM_RC_KEY key referenced by 'handle' is not an HMAC key -// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm -// of the scheme of the object referenced by 'handle' -TPM_RC -TPM2_HMAC_Start( - HMAC_Start_In *in, // IN: input parameter list - HMAC_Start_Out *out // OUT: output parameter list - ) -{ - OBJECT *keyObject; - TPMT_PUBLIC *publicArea; - TPM_ALG_ID hashAlg; - -// Input Validation - - // Get HMAC key object and public area pointers - keyObject = HandleToObject(in->handle); - publicArea = &keyObject->publicArea; - - // Make sure that the key is an HMAC key - if(publicArea->type != TPM_ALG_KEYEDHASH) - return TPM_RCS_TYPE + RC_HMAC_Start_handle; - - // and that it is unrestricted - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_HMAC_Start_handle; - - // and that it is a signing key - if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_KEY + RC_HMAC_Start_handle; - - // See if the key has a default - if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL) - // it doesn't so use the input value - hashAlg = in->hashAlg; - else - { - // key has a default so use it - hashAlg - = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg; - // and verify that the input was either the TPM_ALG_NULL or the default - if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg) - hashAlg = TPM_ALG_NULL; - } - // if we ended up without a hash algorithm then return an error - if(hashAlg == TPM_ALG_NULL) - return TPM_RCS_VALUE + RC_HMAC_Start_hashAlg; - -// Internal Data Update - - // Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be - // returned at this point - return ObjectCreateHMACSequence(hashAlg, - keyObject, - &in->auth, - &out->sequenceHandle); -} - -#endif // CC_HMAC_Start \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c deleted file mode 100644 index 296363231..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c +++ /dev/null @@ -1,63 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HashSequenceStart_fp.h" - -#if CC_HashSequenceStart // Conditional expansion of this file - -/*(See part 3 specification) -// Start a hash or an event sequence -*/ -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY no space to create an internal object -TPM_RC -TPM2_HashSequenceStart( - HashSequenceStart_In *in, // IN: input parameter list - HashSequenceStart_Out *out // OUT: output parameter list - ) -{ -// Internal Data Update - - if(in->hashAlg == TPM_ALG_NULL) - // Start a event sequence. A TPM_RC_OBJECT_MEMORY error may be - // returned at this point - return ObjectCreateEventSequence(&in->auth, &out->sequenceHandle); - - // Start a hash sequence. A TPM_RC_OBJECT_MEMORY error may be - // returned at this point - return ObjectCreateHashSequence(in->hashAlg, &in->auth, &out->sequenceHandle); -} - -#endif // CC_HashSequenceStart \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c deleted file mode 100644 index 42abe1fee..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "MAC_Start_fp.h" - -#if CC_MAC_Start // Conditional expansion of this file - -/*(See part 3 specification) -// Initialize a HMAC sequence and create a sequence object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'handle' is not a signing key -// or is restricted -// TPM_RC_OBJECT_MEMORY no space to create an internal object -// TPM_RC_KEY key referenced by 'handle' is not an HMAC key -// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm -// of the scheme of the object referenced by 'handle' -TPM_RC -TPM2_MAC_Start( - MAC_Start_In *in, // IN: input parameter list - MAC_Start_Out *out // OUT: output parameter list - ) -{ - OBJECT *keyObject; - TPMT_PUBLIC *publicArea; - TPM_RC result; - -// Input Validation - - // Get HMAC key object and public area pointers - keyObject = HandleToObject(in->handle); - publicArea = &keyObject->publicArea; - - // Make sure that the key can do what is required - result = CryptSelectMac(publicArea, &in->inScheme); - // If the key is not able to do a MAC, indicate that the handle selects an - // object that can't do a MAC - if(result == TPM_RCS_TYPE) - return TPM_RCS_TYPE + RC_MAC_Start_handle; - // If there is another error type, indicate that the scheme and key are not - // compatible - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_MAC_Start_inScheme); - // Make sure that the key is not restricted - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_MAC_Start_handle; - // and that it is a signing key - if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_KEY + RC_MAC_Start_handle; - -// Internal Data Update - // Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be - // returned at this point - return ObjectCreateHMACSequence(in->inScheme, - keyObject, - &in->auth, - &out->sequenceHandle); -} - -#endif // CC_MAC_Start \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c deleted file mode 100644 index d342ed85e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c +++ /dev/null @@ -1,131 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SequenceComplete_fp.h" - -#if CC_SequenceComplete // Conditional expansion of this file - -/*(See part 3 specification) -// Complete a sequence and flush the object. -*/ -// Return Type: TPM_RC -// TPM_RC_MODE 'sequenceHandle' does not reference a hash or HMAC -// sequence object -TPM_RC -TPM2_SequenceComplete( - SequenceComplete_In *in, // IN: input parameter list - SequenceComplete_Out *out // OUT: output parameter list - ) -{ - HASH_OBJECT *hashObject; -// Input validation - // Get hash object pointer - hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle); - - // input handle must be a hash or HMAC sequence object. - if(hashObject->attributes.hashSeq == CLEAR - && hashObject->attributes.hmacSeq == CLEAR) - return TPM_RCS_MODE + RC_SequenceComplete_sequenceHandle; -// Command Output - if(hashObject->attributes.hashSeq == SET) // sequence object for hash - { - // Get the hash algorithm before the algorithm is lost in CryptHashEnd - TPM_ALG_ID hashAlg = hashObject->state.hashState[0].hashAlg; - - // Update last piece of the data - CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b); - - // Complete hash - out->result.t.size = CryptHashEnd(&hashObject->state.hashState[0], - sizeof(out->result.t.buffer), - out->result.t.buffer); - // Check if the first block of the sequence has been received - if(hashObject->attributes.firstBlock == CLEAR) - { - // If not, then this is the first block so see if it is 'safe' - // to sign. - if(TicketIsSafe(&in->buffer.b)) - hashObject->attributes.ticketSafe = SET; - } - // Output ticket - out->validation.tag = TPM_ST_HASHCHECK; - out->validation.hierarchy = in->hierarchy; - - if(in->hierarchy == TPM_RH_NULL) - { - // Ticket is not required - out->validation.digest.t.size = 0; - } - else if(hashObject->attributes.ticketSafe == CLEAR) - { - // Ticket is not safe to generate - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } - else - { - // Compute ticket - TicketComputeHashCheck(out->validation.hierarchy, hashAlg, - &out->result, &out->validation); - } - } - else - { - // Update last piece of data - CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, &in->buffer.b); -#if !SMAC_IMPLEMENTED - // Complete HMAC - out->result.t.size = CryptHmacEnd(&(hashObject->state.hmacState), - sizeof(out->result.t.buffer), - out->result.t.buffer); -#else - // Complete the MAC - out->result.t.size = CryptMacEnd(&hashObject->state.hmacState, - sizeof(out->result.t.buffer), - out->result.t.buffer); -#endif - // No ticket is generated for HMAC sequence - out->validation.tag = TPM_ST_HASHCHECK; - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } -// Internal Data Update - // mark sequence object as evict so it will be flushed on the way out - hashObject->attributes.evict = SET; - - return TPM_RC_SUCCESS; -} - -#endif // CC_SequenceComplete \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c deleted file mode 100644 index a02264704..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c +++ /dev/null @@ -1,106 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SequenceUpdate_fp.h" - -#if CC_SequenceUpdate // Conditional expansion of this file - -/*(See part 3 specification) -// This function is used to add data to a sequence object. -*/ -// Return Type: TPM_RC -// TPM_RC_MODE 'sequenceHandle' does not reference a hash or HMAC -// sequence object -TPM_RC -TPM2_SequenceUpdate( - SequenceUpdate_In *in // IN: input parameter list - ) -{ - OBJECT *object; - HASH_OBJECT *hashObject; - -// Input Validation - - // Get sequence object pointer - object = HandleToObject(in->sequenceHandle); - hashObject = (HASH_OBJECT *)object; - - // Check that referenced object is a sequence object. - if(!ObjectIsSequence(object)) - return TPM_RCS_MODE + RC_SequenceUpdate_sequenceHandle; - -// Internal Data Update - - if(object->attributes.eventSeq == SET) - { - // Update event sequence object - UINT32 i; - for(i = 0; i < HASH_COUNT; i++) - { - // Update sequence object - CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b); - } - } - else - { - // Update hash/HMAC sequence object - if(hashObject->attributes.hashSeq == SET) - { - // Is this the first block of the sequence - if(hashObject->attributes.firstBlock == CLEAR) - { - // If so, indicate that first block was received - hashObject->attributes.firstBlock = SET; - - // Check the first block to see if the first block can contain - // the TPM_GENERATED_VALUE. If it does, it is not safe for - // a ticket. - if(TicketIsSafe(&in->buffer.b)) - hashObject->attributes.ticketSafe = SET; - } - // Update sequence object hash/HMAC stack - CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b); - } - else if(object->attributes.hmacSeq == SET) - { - // Update sequence object HMAC stack - CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, - &in->buffer.b); - } - } - return TPM_RC_SUCCESS; -} - -#endif // CC_SequenceUpdate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c deleted file mode 100644 index 2735e1118..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c +++ /dev/null @@ -1,95 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ChangeEPS_fp.h" - -#if CC_ChangeEPS // Conditional expansion of this file - -/*(See part 3 specification) -// Reset current EPS value -*/ -TPM_RC -TPM2_ChangeEPS( - ChangeEPS_In *in // IN: input parameter list - ) -{ - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Input parameter is not reference in command action - NOT_REFERENCED(in); - -// Internal Data Update - - // Reset endorsement hierarchy seed from RNG - CryptRandomGenerate(sizeof(gp.EPSeed.t.buffer), gp.EPSeed.t.buffer); - - // Create new ehProof value from RNG - CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer); - - // Enable endorsement hierarchy - gc.ehEnable = TRUE; - - // set authValue buffer to zeros - MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size); - // Set endorsement authValue to null - gp.endorsementAuth.t.size = 0; - - // Set endorsement authPolicy to null - gp.endorsementAlg = TPM_ALG_NULL; - gp.endorsementPolicy.t.size = 0; - - // Flush loaded object in endorsement hierarchy - ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); - - // Flush evict object of endorsement hierarchy stored in NV - NvFlushHierarchy(TPM_RH_ENDORSEMENT); - - // Save hierarchy changes to NV - NV_SYNC_PERSISTENT(EPSeed); - NV_SYNC_PERSISTENT(ehProof); - NV_SYNC_PERSISTENT(endorsementAuth); - NV_SYNC_PERSISTENT(endorsementAlg); - NV_SYNC_PERSISTENT(endorsementPolicy); - - // orderly state should be cleared because of the update to state clear data - g_clearOrderly = TRUE; - - return TPM_RC_SUCCESS; -} - -#endif // CC_ChangeEPS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c deleted file mode 100644 index 5637a8847..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c +++ /dev/null @@ -1,96 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ChangePPS_fp.h" - -#if CC_ChangePPS // Conditional expansion of this file - -/*(See part 3 specification) -// Reset current PPS value -*/ -TPM_RC -TPM2_ChangePPS( - ChangePPS_In *in // IN: input parameter list - ) -{ - UINT32 i; - - // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE - // error may be returned at this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Input parameter is not reference in command action - NOT_REFERENCED(in); - -// Internal Data Update - - // Reset platform hierarchy seed from RNG - CryptRandomGenerate(sizeof(gp.PPSeed.t.buffer), gp.PPSeed.t.buffer); - - // Create a new phProof value from RNG to prevent the saved platform - // hierarchy contexts being loaded - CryptRandomGenerate(sizeof(gp.phProof.t.buffer), gp.phProof.t.buffer); - - // Set platform authPolicy to null - gc.platformAlg = TPM_ALG_NULL; - gc.platformPolicy.t.size = 0; - - // Flush loaded object in platform hierarchy - ObjectFlushHierarchy(TPM_RH_PLATFORM); - - // Flush platform evict object and index in NV - NvFlushHierarchy(TPM_RH_PLATFORM); - - // Save hierarchy changes to NV - NV_SYNC_PERSISTENT(PPSeed); - NV_SYNC_PERSISTENT(phProof); - - // Re-initialize PCR policies -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) - { - gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; - gp.pcrPolicies.policy[i].t.size = 0; - } - NV_SYNC_PERSISTENT(pcrPolicies); -#endif - - // orderly state should be cleared because of the update to state clear data - g_clearOrderly = TRUE; - - return TPM_RC_SUCCESS; -} - -#endif // CC_ChangePPS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c deleted file mode 100644 index b38932a85..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c +++ /dev/null @@ -1,125 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Clear_fp.h" - -#if CC_Clear // Conditional expansion of this file - -/*(See part 3 specification) -// Clear owner -*/ -// Return Type: TPM_RC -// TPM_RC_DISABLED Clear command has been disabled -TPM_RC -TPM2_Clear( - Clear_In *in // IN: input parameter list - ) -{ - // Input parameter is not reference in command action - NOT_REFERENCED(in); - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Input Validation - - // If Clear command is disabled, return an error - if(gp.disableClear) - return TPM_RC_DISABLED; - -// Internal Data Update - - // Reset storage hierarchy seed from RNG - CryptRandomGenerate(sizeof(gp.SPSeed.t.buffer), gp.SPSeed.t.buffer); - - // Create new shProof and ehProof value from RNG - CryptRandomGenerate(sizeof(gp.shProof.t.buffer), gp.shProof.t.buffer); - CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer); - - // Enable storage and endorsement hierarchy - gc.shEnable = gc.ehEnable = TRUE; - - // set the authValue buffers to zero - MemorySet(&gp.ownerAuth, 0, sizeof(gp.ownerAuth)); - MemorySet(&gp.endorsementAuth, 0, sizeof(gp.endorsementAuth)); - MemorySet(&gp.lockoutAuth, 0, sizeof(gp.lockoutAuth)); - - // Set storage, endorsement, and lockout authPolicy to null - gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL; - MemorySet(&gp.ownerPolicy, 0, sizeof(gp.ownerPolicy)); - MemorySet(&gp.endorsementPolicy, 0, sizeof(gp.endorsementPolicy)); - MemorySet(&gp.lockoutPolicy, 0, sizeof(gp.lockoutPolicy)); - - // Flush loaded object in storage and endorsement hierarchy - ObjectFlushHierarchy(TPM_RH_OWNER); - ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); - - // Flush owner and endorsement object and owner index in NV - NvFlushHierarchy(TPM_RH_OWNER); - NvFlushHierarchy(TPM_RH_ENDORSEMENT); - - // Initialize dictionary attack parameters - DAPreInstall_Init(); - - // Reset clock - go.clock = 0; - go.clockSafe = YES; - NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); - - // Reset counters - gp.resetCount = gr.restartCount = gr.clearCount = 0; - gp.auditCounter = 0; - - // Save persistent data changes to NV - // Note: since there are so many changes to the persistent data structure, the - // entire PERSISTENT_DATA structure is written as a unit - NvWrite(NV_PERSISTENT_DATA, sizeof(PERSISTENT_DATA), &gp); - - // Reset the PCR authValues (this does not change the PCRs) - PCR_ClearAuth(); - - // Bump the PCR counter - PCRChanged(0); - - - // orderly state should be cleared because of the update to state clear data - g_clearOrderly = TRUE; - - return TPM_RC_SUCCESS; -} - -#endif // CC_Clear \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c deleted file mode 100644 index 4bf2407e7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c +++ /dev/null @@ -1,72 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ClearControl_fp.h" - -#if CC_ClearControl // Conditional expansion of this file - -/*(See part 3 specification) -// Enable or disable the execution of TPM2_Clear command -*/ -// Return Type: TPM_RC -// TPM_RC_AUTH_FAIL authorization is not properly given -TPM_RC -TPM2_ClearControl( - ClearControl_In *in // IN: input parameter list - ) -{ - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Input Validation - - // LockoutAuth may be used to set disableLockoutClear to TRUE but not to FALSE - if(in->auth == TPM_RH_LOCKOUT && in->disable == NO) - return TPM_RC_AUTH_FAIL; - -// Internal Data Update - - if(in->disable == YES) - gp.disableClear = TRUE; - else - gp.disableClear = FALSE; - - // Record the change to NV - NV_SYNC_PERSISTENT(disableClear); - - return TPM_RC_SUCCESS; -} - -#endif // CC_ClearControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c deleted file mode 100644 index b0c3c6d8c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c +++ /dev/null @@ -1,143 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "CreatePrimary_fp.h" - -#if CC_CreatePrimary // Conditional expansion of this file - -/*(See part 3 specification) -// Creates a primary or temporary object from a primary seed. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES sensitiveDataOrigin is CLEAR when sensitive.data is an -// Empty Buffer 'fixedTPM', 'fixedParent', or -// 'encryptedDuplication' attributes are inconsistent -// between themselves or with those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes -// attempt to inject sensitive data for an asymmetric -// key; -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash -// object -// TPM_RC_KEY a provided symmetric key value is not allowed -// TPM_RC_OBJECT_MEMORY there is no free slot for the object -// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', -// 'restricted' and key's scheme ID; or hash algorithm is -// inconsistent with the scheme ID for keyed hash object -// TPM_RC_SIZE size of public authorization policy or sensitive -// authorization value does not match digest size of the -// name algorithm; or sensitive data size for the keyed -// hash object is larger than is allowed for the scheme -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; -// or non-storage key with symmetric algorithm different -// from TPM_ALG_NULL -// TPM_RC_TYPE unknown object type -TPM_RC -TPM2_CreatePrimary( - CreatePrimary_In *in, // IN: input parameter list - CreatePrimary_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - TPMT_PUBLIC *publicArea; - DRBG_STATE rand; - OBJECT *newObject; - TPM2B_NAME name; - -// Input Validation - // Will need a place to put the result - newObject = FindEmptyObjectSlot(&out->objectHandle); - if(newObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // Get the address of the public area in the new object - // (this is just to save typing) - publicArea = &newObject->publicArea; - - *publicArea = in->inPublic.publicArea; - - // Check attributes in input public area. CreateChecks() checks the things that - // are unique to creation and then validates the attributes and values that are - // common to create and load. - result = CreateChecks(NULL, publicArea, - in->inSensitive.sensitive.data.t.size); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_CreatePrimary_inPublic); - // Validate the sensitive area values - if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, - publicArea->nameAlg)) - return TPM_RCS_SIZE + RC_CreatePrimary_inSensitive; -// Command output - // Compute the name using out->name as a scratch area (this is not the value - // that ultimately will be returned, then instantiate the state that will be - // used as a random number generator during the object creation. - // The caller does not know the seed values so the actual name does not have - // to be over the input, it can be over the unmarshaled structure. - result = DRBG_InstantiateSeeded(&rand, - &HierarchyGetPrimarySeed(in->primaryHandle)->b, - PRIMARY_OBJECT_CREATION, - (TPM2B *)PublicMarshalAndComputeName(publicArea, &name), - &in->inSensitive.sensitive.data.b); - if(result == TPM_RC_SUCCESS) - { - newObject->attributes.primary = SET; - if(in->primaryHandle == TPM_RH_ENDORSEMENT) - newObject->attributes.epsHierarchy = SET; - - // Create the primary object. - result = CryptCreateObject(newObject, &in->inSensitive.sensitive, - (RAND_STATE *)&rand); - } - if(result != TPM_RC_SUCCESS) - return result; - - // Set the publicArea and name from the computed values - out->outPublic.publicArea = newObject->publicArea; - out->name = newObject->name; - - // Fill in creation data - FillInCreationData(in->primaryHandle, publicArea->nameAlg, - &in->creationPCR, &in->outsideInfo, &out->creationData, - &out->creationHash); - - // Compute creation ticket - TicketComputeCreation(EntityGetHierarchy(in->primaryHandle), &out->name, - &out->creationHash, &out->creationTicket); - - // Set the remaining attributes for a loaded object - ObjectSetLoadedAttributes(newObject, in->primaryHandle); - return result; -} - -#endif // CC_CreatePrimary \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c deleted file mode 100644 index db398f531..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c +++ /dev/null @@ -1,91 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HierarchyChangeAuth_fp.h" - -#if CC_HierarchyChangeAuth // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Set a hierarchy authValue -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE 'newAuth' size is greater than that of integrity hash -// digest -TPM_RC -TPM2_HierarchyChangeAuth( - HierarchyChangeAuth_In *in // IN: input parameter list - ) -{ - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Make sure that the authorization value is a reasonable size (not larger than - // the size of the digest produced by the integrity hash. The integrity - // hash is assumed to produce the longest digest of any hash implemented - // on the TPM. This will also remove trailing zeros from the authValue. - if(MemoryRemoveTrailingZeros(&in->newAuth) > CONTEXT_INTEGRITY_HASH_SIZE) - return TPM_RCS_SIZE + RC_HierarchyChangeAuth_newAuth; - - // Set hierarchy authValue - switch(in->authHandle) - { - case TPM_RH_OWNER: - gp.ownerAuth = in->newAuth; - NV_SYNC_PERSISTENT(ownerAuth); - break; - case TPM_RH_ENDORSEMENT: - gp.endorsementAuth = in->newAuth; - NV_SYNC_PERSISTENT(endorsementAuth); - break; - case TPM_RH_PLATFORM: - gc.platformAuth = in->newAuth; - // orderly state should be cleared - g_clearOrderly = TRUE; - break; - case TPM_RH_LOCKOUT: - gp.lockoutAuth = in->newAuth; - NV_SYNC_PERSISTENT(lockoutAuth); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_HierarchyChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c deleted file mode 100644 index 5e1b527d4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c +++ /dev/null @@ -1,144 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HierarchyControl_fp.h" - -#if CC_HierarchyControl // Conditional expansion of this file - -/*(See part 3 specification) -// Enable or disable use of a hierarchy -*/ -// Return Type: TPM_RC -// TPM_RC_AUTH_TYPE 'authHandle' is not applicable to 'hierarchy' in its -// current state -TPM_RC -TPM2_HierarchyControl( - HierarchyControl_In *in // IN: input parameter list - ) -{ - BOOL select = (in->state == YES); - BOOL *selected = NULL; - -// Input Validation - switch(in->enable) - { - // Platform hierarchy has to be disabled by PlatformAuth - // If the platform hierarchy has already been disabled, only a reboot - // can enable it again - case TPM_RH_PLATFORM: - case TPM_RH_PLATFORM_NV: - if(in->authHandle != TPM_RH_PLATFORM) - return TPM_RC_AUTH_TYPE; - break; - - // ShEnable may be disabled if PlatformAuth/PlatformPolicy or - // OwnerAuth/OwnerPolicy is provided. If ShEnable is disabled, then it - // may only be enabled if PlatformAuth/PlatformPolicy is provided. - case TPM_RH_OWNER: - if(in->authHandle != TPM_RH_PLATFORM - && in->authHandle != TPM_RH_OWNER) - return TPM_RC_AUTH_TYPE; - if(gc.shEnable == FALSE && in->state == YES - && in->authHandle != TPM_RH_PLATFORM) - return TPM_RC_AUTH_TYPE; - break; - - // EhEnable may be disabled if either PlatformAuth/PlatformPolicy or - // EndosementAuth/EndorsementPolicy is provided. If EhEnable is disabled, - // then it may only be enabled if PlatformAuth/PlatformPolicy is - // provided. - case TPM_RH_ENDORSEMENT: - if(in->authHandle != TPM_RH_PLATFORM - && in->authHandle != TPM_RH_ENDORSEMENT) - return TPM_RC_AUTH_TYPE; - if(gc.ehEnable == FALSE && in->state == YES - && in->authHandle != TPM_RH_PLATFORM) - return TPM_RC_AUTH_TYPE; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - -// Internal Data Update - - // Enable or disable the selected hierarchy - // Note: the authorization processing for this command may keep these - // command actions from being executed. For example, if phEnable is - // CLEAR, then platformAuth cannot be used for authorization. This - // means that would not be possible to use platformAuth to change the - // state of phEnable from CLEAR to SET. - // If it is decided that platformPolicy can still be used when phEnable - // is CLEAR, then this code could SET phEnable when proper platform - // policy is provided. - switch(in->enable) - { - case TPM_RH_OWNER: - selected = &gc.shEnable; - break; - case TPM_RH_ENDORSEMENT: - selected = &gc.ehEnable; - break; - case TPM_RH_PLATFORM: - selected = &g_phEnable; - break; - case TPM_RH_PLATFORM_NV: - selected = &gc.phEnableNV; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - if(selected != NULL && *selected != select) - { - // Before changing the internal state, make sure that NV is available. - // Only need to update NV if changing the orderly state - RETURN_IF_ORDERLY; - - // state is changing and NV is available so modify - *selected = select; - // If a hierarchy was just disabled, flush it - if(select == CLEAR && in->enable != TPM_RH_PLATFORM_NV) - // Flush hierarchy - ObjectFlushHierarchy(in->enable); - - // orderly state should be cleared because of the update to state clear data - // This gets processed in ExecuteCommand() on the way out. - g_clearOrderly = TRUE; - } - return TPM_RC_SUCCESS; -} - -#endif // CC_HierarchyControl \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c deleted file mode 100644 index e51fe1501..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SetPrimaryPolicy_fp.h" - -#if CC_SetPrimaryPolicy // Conditional expansion of this file - -/*(See part 3 specification) -// Set a hierarchy policy -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE size of input authPolicy is not consistent with -// input hash algorithm -TPM_RC -TPM2_SetPrimaryPolicy( - SetPrimaryPolicy_In *in // IN: input parameter list - ) -{ -// Input Validation - - // Check the authPolicy consistent with hash algorithm. If the policy size is - // zero, then the algorithm is required to be TPM_ALG_NULL - if(in->authPolicy.t.size != CryptHashGetDigestSize(in->hashAlg)) - return TPM_RCS_SIZE + RC_SetPrimaryPolicy_authPolicy; - - // The command need NV update for OWNER and ENDORSEMENT hierarchy, and - // might need orderlyState update for PLATFROM hierarchy. - // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE - // error may be returned at this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Set hierarchy policy - switch(in->authHandle) - { - case TPM_RH_OWNER: - gp.ownerAlg = in->hashAlg; - gp.ownerPolicy = in->authPolicy; - NV_SYNC_PERSISTENT(ownerAlg); - NV_SYNC_PERSISTENT(ownerPolicy); - break; - case TPM_RH_ENDORSEMENT: - gp.endorsementAlg = in->hashAlg; - gp.endorsementPolicy = in->authPolicy; - NV_SYNC_PERSISTENT(endorsementAlg); - NV_SYNC_PERSISTENT(endorsementPolicy); - break; - case TPM_RH_PLATFORM: - gc.platformAlg = in->hashAlg; - gc.platformPolicy = in->authPolicy; - // need to update orderly state - g_clearOrderly = TRUE; - break; - case TPM_RH_LOCKOUT: - gp.lockoutAlg = in->hashAlg; - gp.lockoutPolicy = in->authPolicy; - NV_SYNC_PERSISTENT(lockoutAlg); - NV_SYNC_PERSISTENT(lockoutPolicy); - break; - - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_SetPrimaryPolicy \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c deleted file mode 100644 index 6365bf7a9..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c +++ /dev/null @@ -1,80 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PP_Commands_fp.h" - -#if CC_PP_Commands // Conditional expansion of this file - -/*(See part 3 specification) -// This command is used to determine which commands require assertion of -// Physical Presence in addition to platformAuth/platformPolicy. -*/ -TPM_RC -TPM2_PP_Commands( - PP_Commands_In *in // IN: input parameter list - ) -{ - UINT32 i; - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - - // Process set list - for(i = 0; i < in->setList.count; i++) - // If command is implemented, set it as PP required. If the input - // command is not a PP command, it will be ignored at - // PhysicalPresenceCommandSet(). - // Note: PhysicalPresenceCommandSet() checks if the command is implemented. - PhysicalPresenceCommandSet(in->setList.commandCodes[i]); - - // Process clear list - for(i = 0; i < in->clearList.count; i++) - // If command is implemented, clear it as PP required. If the input - // command is not a PP command, it will be ignored at - // PhysicalPresenceCommandClear(). If the input command is - // TPM2_PP_Commands, it will be ignored as well - PhysicalPresenceCommandClear(in->clearList.commandCodes[i]); - - // Save the change of PP list - NV_SYNC_PERSISTENT(ppList); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PP_Commands \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c deleted file mode 100644 index 5df8ebe5c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SetAlgorithmSet_fp.h" - -#if CC_SetAlgorithmSet // Conditional expansion of this file - -/*(See part 3 specification) -// This command allows the platform to change the algorithm set setting of the TPM -*/ -TPM_RC -TPM2_SetAlgorithmSet( - SetAlgorithmSet_In *in // IN: input parameter list - ) -{ - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Internal Data Update - gp.algorithmSet = in->algorithmSet; - - // Write the algorithm set changes to NV - NV_SYNC_PERSISTENT(algorithmSet); - - return TPM_RC_SUCCESS; -} - -#endif // CC_SetAlgorithmSet \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c deleted file mode 100644 index 6bd424766..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c +++ /dev/null @@ -1,141 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Attest_spt_fp.h" -#include "NV_Certify_fp.h" - -#if CC_NV_Certify // Conditional expansion of this file - -/*(See part 3 specification) -// certify the contents of an NV index or portion of an NV index -*/ -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to read from the Index -// referenced by 'nvIndex' -// TPM_RC_KEY 'signHandle' does not reference a signing -// key -// TPM_RC_NV_LOCKED Index referenced by 'nvIndex' is locked -// for reading -// TPM_RC_NV_RANGE 'offset' plus 'size' extends outside of the -// data range of the Index referenced by -// 'nvIndex' -// TPM_RC_NV_UNINITIALIZED Index referenced by 'nvIndex' has not been -// written -// TPM_RC_SCHEME 'inScheme' is not an allowed value for the -// key definition -TPM_RC -TPM2_NV_Certify( - NV_Certify_In *in, // IN: input parameter list - NV_Certify_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPMS_ATTEST certifyInfo; - OBJECT *signObject = HandleToObject(in->signHandle); -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_NV_Certify_signHandle; - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_NV_Certify_inScheme; - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvReadAccessChecks(in->authHandle, in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // make sure that the selection is within the range of the Index (cast to avoid - // any wrap issues with addition) - if((UINT32)in->size + (UINT32)in->offset > (UINT32)nvIndex->publicArea.dataSize) - return TPM_RC_NV_RANGE; - // Make sure the data will fit the return buffer. - // NOTE: This check may be modified if the output buffer will not hold the - // maximum sized NV buffer as part of the certified data. The difference in - // size could be substantial if the signature scheme was produced a large - // signature (e.g., RSA 4096). - if(in->size > MAX_NV_BUFFER_SIZE) - return TPM_RCS_VALUE + RC_NV_Certify_size; - -// Command Output - - // Fill in attest information common fields - FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, - &certifyInfo); - - // Get the name of the index - NvGetIndexName(nvIndex, &certifyInfo.attested.nv.indexName); - - // See if this is old format or new format - if ((in->size != 0) || (in->offset != 0)) - { - // NV certify specific fields - // Attestation type - certifyInfo.type = TPM_ST_ATTEST_NV; - - // Set the return size - certifyInfo.attested.nv.nvContents.t.size = in->size; - - // Set the offset - certifyInfo.attested.nv.offset = in->offset; - - // Perform the read - NvGetIndexData(nvIndex, locator, in->offset, in->size, - certifyInfo.attested.nv.nvContents.t.buffer); - } - else - { - HASH_STATE hashState; - // This is to sign a digest of the data - certifyInfo.type = TPM_ST_ATTEST_NV_DIGEST; - // Initialize the hash before calling the function to add the Index data to - // the hash. - certifyInfo.attested.nvDigest.nvDigest.t.size = - CryptHashStart(&hashState, in->inScheme.details.any.hashAlg); - NvHashIndexData(&hashState, nvIndex, locator, 0, - nvIndex->publicArea.dataSize); - CryptHashEnd2B(&hashState, &certifyInfo.attested.nvDigest.nvDigest.b); - } - // Sign attestation structure. A NULL signature will be returned if - // signObject is NULL. - return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, - &in->qualifyingData, &out->certifyInfo, &out->signature); -} - -#endif // CC_NV_Certify \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c deleted file mode 100644 index 5cb2a69e6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c +++ /dev/null @@ -1,68 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_ChangeAuth_fp.h" - -#if CC_NV_ChangeAuth // Conditional expansion of this file - -/*(See part 3 specification) -// change authorization value of a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE 'newAuth' size is larger than the digest -// size of the Name algorithm for the Index -// referenced by 'nvIndex -TPM_RC -TPM2_NV_ChangeAuth( - NV_ChangeAuth_In *in // IN: input parameter list - ) -{ - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - -// Input Validation - - // Remove trailing zeros and make sure that the result is not larger than the - // digest of the nameAlg. - if(MemoryRemoveTrailingZeros(&in->newAuth) - > CryptHashGetDigestSize(nvIndex->publicArea.nameAlg)) - return TPM_RCS_SIZE + RC_NV_ChangeAuth_newAuth; - -// Internal Data Update - // Change authValue - return NvWriteIndexAuth(locator, &in->newAuth); -} - -#endif // CC_NV_ChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c deleted file mode 100644 index 45e1dc107..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c +++ /dev/null @@ -1,226 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_DefineSpace_fp.h" - -#if CC_NV_DefineSpace // Conditional expansion of this file - -/*(See part 3 specification) -// Define a NV index space -*/ -// Return Type: TPM_RC -// TPM_RC_HIERARCHY for authorizations using TPM_RH_PLATFORM -// phEnable_NV is clear preventing access to NV -// data in the platform hierarchy. -// TPM_RC_ATTRIBUTES attributes of the index are not consistent -// TPM_RC_NV_DEFINED index already exists -// TPM_RC_NV_SPACE insufficient space for the index -// TPM_RC_SIZE 'auth->size' or 'publicInfo->authPolicy.size' is -// larger than the digest size of -// 'publicInfo->nameAlg'; or 'publicInfo->dataSize' -// is not consistent with 'publicInfo->attributes' -// (this includes the case when the index is -// larger than a MAX_NV_BUFFER_SIZE but the -// TPMA_NV_WRITEALL attribute is SET) -TPM_RC -TPM2_NV_DefineSpace( - NV_DefineSpace_In *in // IN: input parameter list - ) -{ - TPMA_NV attributes = in->publicInfo.nvPublic.attributes; - UINT16 nameSize; - - nameSize = CryptHashGetDigestSize(in->publicInfo.nvPublic.nameAlg); - -// Input Validation - - // Checks not specific to type - - // If the UndefineSpaceSpecial command is not implemented, then can't have - // an index that can only be deleted with policy -#if CC_NV_UndefineSpaceSpecial == NO - if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; -#endif - - // check that the authPolicy consistent with hash algorithm - - if(in->publicInfo.nvPublic.authPolicy.t.size != 0 - && in->publicInfo.nvPublic.authPolicy.t.size != nameSize) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - - // make sure that the authValue is not too large - if(MemoryRemoveTrailingZeros(&in->auth) - > CryptHashGetDigestSize(in->publicInfo.nvPublic.nameAlg)) - return TPM_RCS_SIZE + RC_NV_DefineSpace_auth; - - // If an index is being created by the owner and shEnable is - // clear, then we would not reach this point because ownerAuth - // can't be given when shEnable is CLEAR. However, if phEnable - // is SET but phEnableNV is CLEAR, we have to check here - if(in->authHandle == TPM_RH_PLATFORM && gc.phEnableNV == CLEAR) - return TPM_RCS_HIERARCHY + RC_NV_DefineSpace_authHandle; - - // Attribute checks - // Eliminate the unsupported types - switch(GET_TPM_NT(attributes)) - { -#if CC_NV_Increment == YES - case TPM_NT_COUNTER: -#endif -#if CC_NV_SetBits == YES - case TPM_NT_BITS: -#endif -#if CC_NV_Extend == YES - case TPM_NT_EXTEND: -#endif -#if CC_PolicySecret == YES && defined TPM_NT_PIN_PASS - case TPM_NT_PIN_PASS: - case TPM_NT_PIN_FAIL: -#endif - case TPM_NT_ORDINARY: - break; - default: - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - break; - } - // Check that the sizes are OK based on the type - switch(GET_TPM_NT(attributes)) - { - case TPM_NT_ORDINARY: - // Can't exceed the allowed size for the implementation - if(in->publicInfo.nvPublic.dataSize > MAX_NV_INDEX_SIZE) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - break; - case TPM_NT_EXTEND: - if(in->publicInfo.nvPublic.dataSize != nameSize) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - break; - default: - // Everything else needs a size of 8 - if(in->publicInfo.nvPublic.dataSize != 8) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - break; - } - // Handle other specifics - switch(GET_TPM_NT(attributes)) - { - case TPM_NT_COUNTER: - // Counter can't have TPMA_NV_CLEAR_STCLEAR SET (don't clear counters) - if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - break; -#ifdef TPM_NT_PIN_FAIL - case TPM_NT_PIN_FAIL: - // NV_NO_DA must be SET and AUTHWRITE must be CLEAR - // NOTE: As with a PIN_PASS index, the authValue of the index is not - // available until the index is written. If AUTHWRITE is the only way to - // write then index, it could never be written. Rather than go through - // all of the other possible ways to write the Index, it is simply - // prohibited to write the index with the authValue. Other checks - // below will insure that there seems to be a way to write the index - // (i.e., with platform authorization , owner authorization, - // or with policyAuth.) - // It is not allowed to create a PIN Index that can't be modified. - if(!IS_ATTRIBUTE(attributes, TPMA_NV, NO_DA)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; -#endif -#ifdef TPM_NT_PIN_PASS - case TPM_NT_PIN_PASS: - // AUTHWRITE must be CLEAR (see note above to TPM_NT_PIN_FAIL) - if(IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) - || IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK) - || IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; -#endif // this comes before break because PIN_FAIL falls through - break; - default: - break; - } - - // Locks may not be SET and written cannot be SET - if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) - || IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED) - || IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // There must be a way to read the index. - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD) - && !IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD) - && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHREAD) - && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYREAD)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // There must be a way to write the index - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE) - && !IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE) - && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) - && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYWRITE)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // An index with TPMA_NV_CLEAR_STCLEAR can't have TPMA_NV_WRITEDEFINE SET - if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) - && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // Make sure that the creator of the index can delete the index - if((IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) - && in->authHandle == TPM_RH_OWNER) - || (!IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) - && in->authHandle == TPM_RH_PLATFORM)) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_authHandle; - - // If TPMA_NV_POLICY_DELETE is SET, then the index must be defined by - // the platform - if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE) - && TPM_RH_PLATFORM != in->authHandle) - return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; - - // Make sure that the TPMA_NV_WRITEALL is not set if the index size is larger - // than the allowed NV buffer size. - if(in->publicInfo.nvPublic.dataSize > MAX_NV_BUFFER_SIZE - && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL)) - return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; - - // And finally, see if the index is already defined. - if(NvIndexIsDefined(in->publicInfo.nvPublic.nvIndex)) - return TPM_RC_NV_DEFINED; - -// Internal Data Update - // define the space. A TPM_RC_NV_SPACE error may be returned at this point - return NvDefineIndex(&in->publicInfo.nvPublic, &in->auth); -} - -#endif // CC_NV_DefineSpace \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c deleted file mode 100644 index 682d8d89f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c +++ /dev/null @@ -1,109 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_Extend_fp.h" - -#if CC_NV_Extend // Conditional expansion of this file - -/*(See part 3 specification) -// Write to a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES the TPMA_NV_EXTEND attribute is not SET in -// the Index referenced by 'nvIndex' -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to write to the Index -// referenced by 'nvIndex' -// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is locked -// for writing -TPM_RC -TPM2_NV_Extend( - NV_Extend_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - - TPM2B_DIGEST oldDigest; - TPM2B_DIGEST newDigest; - HASH_STATE hashState; - -// Input Validation - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, - in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure that this is an extend index - if(!IsNvExtendIndex(nvIndex->publicArea.attributes)) - return TPM_RCS_ATTRIBUTES + RC_NV_Extend_nvIndex; - -// Internal Data Update - - // Perform the write. - oldDigest.t.size = CryptHashGetDigestSize(nvIndex->publicArea.nameAlg); - pAssert(oldDigest.t.size <= sizeof(oldDigest.t.buffer)); - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - { - NvGetIndexData(nvIndex, locator, 0, oldDigest.t.size, oldDigest.t.buffer); - } - else - { - MemorySet(oldDigest.t.buffer, 0, oldDigest.t.size); - } - // Start hash - newDigest.t.size = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); - - // Adding old digest - CryptDigestUpdate2B(&hashState, &oldDigest.b); - - // Adding new data - CryptDigestUpdate2B(&hashState, &in->data.b); - - // Complete hash - CryptHashEnd2B(&hashState, &newDigest.b); - - // Write extended hash back. - // Note, this routine will SET the TPMA_NV_WRITTEN attribute if necessary - return NvWriteIndexData(nvIndex, 0, newDigest.t.size, newDigest.t.buffer); -} - -#endif // CC_NV_Extend \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c deleted file mode 100644 index 53f983d8f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c +++ /dev/null @@ -1,57 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_GlobalWriteLock_fp.h" - -#if CC_NV_GlobalWriteLock // Conditional expansion of this file - -/*(See part 3 specification) -// Set global write lock for NV index -*/ -TPM_RC -TPM2_NV_GlobalWriteLock( - NV_GlobalWriteLock_In *in // IN: input parameter list - ) -{ - // Input parameter (the authorization handle) is not reference in command action. - NOT_REFERENCED(in); - -// Internal Data Update - - // Implementation dependent method of setting the global lock - return NvSetGlobalLock(); -} - -#endif // CC_NV_GlobalWriteLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c deleted file mode 100644 index a42d11715..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_Increment_fp.h" - -#if CC_NV_Increment // Conditional expansion of this file - -/*(See part 3 specification) -// Increment a NV counter -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES NV index is not a counter -// TPM_RC_NV_AUTHORIZATION authorization failure -// TPM_RC_NV_LOCKED Index is write locked -TPM_RC -TPM2_NV_Increment( - NV_Increment_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - UINT64 countValue; - -// Input Validation - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, - in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure that this is a counter - if(!IsNvCounterIndex(nvIndex->publicArea.attributes)) - return TPM_RCS_ATTRIBUTES + RC_NV_Increment_nvIndex; - -// Internal Data Update - - // If counter index is not been written, initialize it - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - countValue = NvReadMaxCount(); - else - // Read NV data in native format for TPM CPU. - countValue = NvGetUINT64Data(nvIndex, locator); - - // Do the increment - countValue++; - - // Write NV data back. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may - // be returned at this point. If necessary, this function will set the - // TPMA_NV_WRITTEN attribute - result = NvWriteUINT64Data(nvIndex, countValue); - if(result == TPM_RC_SUCCESS) - { - // If a counter just rolled over, then force the NV update. - // Note, if this is an orderly counter, then the write-back needs to be - // forced, for other counters, the write-back will happen anyway - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY) - && (countValue & MAX_ORDERLY_COUNT) == 0 ) - { - // Need to force an NV update of orderly data - SET_NV_UPDATE(UT_ORDERLY); - } - } - return result; -} - -#endif // CC_NV_Increment \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c deleted file mode 100644 index 745a7c666..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c +++ /dev/null @@ -1,97 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_Read_fp.h" - -#if CC_NV_Read // Conditional expansion of this file - -/*(See part 3 specification) -// Read of an NV index -*/ -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to read from the Index -// referenced by 'nvIndex' -// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is -// read locked -// TPM_RC_NV_RANGE read range defined by 'size' and 'offset' -// is outside the range of the Index referenced -// by 'nvIndex' -// TPM_RC_NV_UNINITIALIZED the Index referenced by 'nvIndex' has -// not been initialized (written) -// TPM_RC_VALUE the read size is larger than the -// MAX_NV_BUFFER_SIZE -TPM_RC -TPM2_NV_Read( - NV_Read_In *in, // IN: input parameter list - NV_Read_Out *out // OUT: output parameter list - ) -{ - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPM_RC result; - -// Input Validation - // Common read access checks. NvReadAccessChecks() may return - // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED - result = NvReadAccessChecks(in->authHandle, in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure the data will fit the return buffer - if(in->size > MAX_NV_BUFFER_SIZE) - return TPM_RCS_VALUE + RC_NV_Read_size; - - // Verify that the offset is not too large - if(in->offset > nvIndex->publicArea.dataSize) - return TPM_RCS_VALUE + RC_NV_Read_offset; - - // Make sure that the selection is within the range of the Index - if(in->size > (nvIndex->publicArea.dataSize - in->offset)) - return TPM_RC_NV_RANGE; - -// Command Output - // Set the return size - out->data.t.size = in->size; - - // Perform the read - NvGetIndexData(nvIndex, locator, in->offset, in->size, out->data.t.buffer); - - return TPM_RC_SUCCESS; -} - -#endif // CC_NV_Read \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c deleted file mode 100644 index 776300f36..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c +++ /dev/null @@ -1,93 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_ReadLock_fp.h" - -#if CC_NV_ReadLock // Conditional expansion of this file - -/*(See part 3 specification) -// Set read lock on a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES TPMA_NV_READ_STCLEAR is not SET so -// Index referenced by 'nvIndex' may not be -// write locked -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to read from the Index -// referenced by 'nvIndex' -TPM_RC -TPM2_NV_ReadLock( - NV_ReadLock_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - // The referenced index has been checked multiple times before this is called - // so it must be present and will be loaded into cache - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPMA_NV nvAttributes = nvIndex->publicArea.attributes; - -// Input Validation - // Common read access checks. NvReadAccessChecks() may return - // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED - result = NvReadAccessChecks(in->authHandle, - in->nvIndex, - nvAttributes); - if(result == TPM_RC_NV_AUTHORIZATION) - return TPM_RC_NV_AUTHORIZATION; - // Index is already locked for write - else if(result == TPM_RC_NV_LOCKED) - return TPM_RC_SUCCESS; - - // If NvReadAccessChecks return TPM_RC_NV_UNINITALIZED, then continue. - // It is not an error to read lock an uninitialized Index. - - // if TPMA_NV_READ_STCLEAR is not set, the index can not be read-locked - if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, READ_STCLEAR)) - return TPM_RCS_ATTRIBUTES + RC_NV_ReadLock_nvIndex; - -// Internal Data Update - - // Set the READLOCK attribute - SET_ATTRIBUTE(nvAttributes, TPMA_NV, READLOCKED); - - // Write NV info back - return NvWriteIndexAttributes(nvIndex->publicArea.nvIndex, - locator, - nvAttributes); -} - -#endif // CC_NV_ReadLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c deleted file mode 100644 index 4f9ce320c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c +++ /dev/null @@ -1,62 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_ReadPublic_fp.h" - -#if CC_NV_ReadPublic // Conditional expansion of this file - -/*(See part 3 specification) -// Read the public information of a NV index -*/ -TPM_RC -TPM2_NV_ReadPublic( - NV_ReadPublic_In *in, // IN: input parameter list - NV_ReadPublic_Out *out // OUT: output parameter list - ) -{ - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, NULL); - -// Command Output - - // Copy index public data to output - out->nvPublic.nvPublic = nvIndex->publicArea; - - // Compute NV name - NvGetIndexName(nvIndex, &out->nvName); - - return TPM_RC_SUCCESS; -} - -#endif // CC_NV_ReadPublic \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c deleted file mode 100644 index 045872f9f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c +++ /dev/null @@ -1,91 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_SetBits_fp.h" - -#if CC_NV_SetBits // Conditional expansion of this file - -/*(See part 3 specification) -// Set bits in a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES the TPMA_NV_BITS attribute is not SET in the -// Index referenced by 'nvIndex' -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to write to the Index -// referenced by 'nvIndex' -// TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is locked -// for writing -TPM_RC -TPM2_NV_SetBits( - NV_SetBits_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - UINT64 oldValue; - UINT64 newValue; - -// Input Validation - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, - in->nvIndex, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Make sure that this is a bit field - if(!IsNvBitsIndex(nvIndex->publicArea.attributes)) - return TPM_RCS_ATTRIBUTES + RC_NV_SetBits_nvIndex; - - // If index is not been written, initialize it - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - oldValue = 0; - else - // Read index data - oldValue = NvGetUINT64Data(nvIndex, locator); - - // Figure out what the new value is going to be - newValue = oldValue | in->bits; - -// Internal Data Update - return NvWriteUINT64Data(nvIndex, newValue); -} - -#endif // CC_NV_SetBits \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c deleted file mode 100644 index bfe3fa866..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c +++ /dev/null @@ -1,76 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_UndefineSpace_fp.h" - -#if CC_NV_UndefineSpace // Conditional expansion of this file - -/*(See part 3 specification) -// Delete an NV Index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES TPMA_NV_POLICY_DELETE is SET in the Index -// referenced by 'nvIndex' so this command may -// not be used to delete this Index (see -// TPM2_NV_UndefineSpaceSpecial()) -// TPM_RC_NV_AUTHORIZATION attempt to use ownerAuth to delete an index -// created by the platform -// -TPM_RC -TPM2_NV_UndefineSpace( - NV_UndefineSpace_In *in // IN: input parameter list - ) -{ - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - -// Input Validation - // This command can't be used to delete an index with TPMA_NV_POLICY_DELETE SET - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, POLICY_DELETE)) - return TPM_RCS_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex; - - // The owner may only delete an index that was defined with ownerAuth. The - // platform may delete an index that was created with either authorization. - if(in->authHandle == TPM_RH_OWNER - && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) - return TPM_RC_NV_AUTHORIZATION; - -// Internal Data Update - - // Call implementation dependent internal routine to delete NV index - return NvDeleteIndex(nvIndex, locator); -} - -#endif // CC_NV_UndefineSpace \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c deleted file mode 100644 index b672a8cfe..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c +++ /dev/null @@ -1,71 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_UndefineSpaceSpecial_fp.h" -#include "SessionProcess_fp.h" - -#if CC_NV_UndefineSpaceSpecial // Conditional expansion of this file - -/*(See part 3 specification) -// Delete a NV index that requires policy to delete. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES TPMA_NV_POLICY_DELETE is not SET in the -// Index referenced by 'nvIndex' -TPM_RC -TPM2_NV_UndefineSpaceSpecial( - NV_UndefineSpaceSpecial_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); -// Input Validation - // This operation only applies when the TPMA_NV_POLICY_DELETE attribute is SET - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, POLICY_DELETE)) - return TPM_RCS_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex; -// Internal Data Update - // Call implementation dependent internal routine to delete NV index - result = NvDeleteIndex(nvIndex, locator); - - // If we just removed the index providing the authorization, make sure that the - // authorization session computation is modified so that it doesn't try to - // access the authValue of the just deleted index - if(result == TPM_RC_SUCCESS) - SessionRemoveAssociationToHandle(in->nvIndex); - return result; -} - -#endif // CC_NV_UndefineSpaceSpecial \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c deleted file mode 100644 index 673868ad4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c +++ /dev/null @@ -1,109 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_Write_fp.h" - -#if CC_NV_Write // Conditional expansion of this file - -/*(See part 3 specification) -// Write to a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES Index referenced by 'nvIndex' has either -// TPMA_NV_BITS, TPMA_NV_COUNTER, or -// TPMA_NV_EVENT attribute SET -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to write to the Index -// referenced by 'nvIndex' -// TPM_RC_NV_LOCKED Index referenced by 'nvIndex' is write -// locked -// TPM_RC_NV_RANGE if TPMA_NV_WRITEALL is SET then the write -// is not the size of the Index referenced by -// 'nvIndex'; otherwise, the write extends -// beyond the limits of the Index -// -TPM_RC -TPM2_NV_Write( - NV_Write_In *in // IN: input parameter list - ) -{ - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, NULL); - TPMA_NV attributes = nvIndex->publicArea.attributes; - TPM_RC result; - -// Input Validation - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, - in->nvIndex, - attributes); - if(result != TPM_RC_SUCCESS) - return result; - - // Bits index, extend index or counter index may not be updated by - // TPM2_NV_Write - if(IsNvCounterIndex(attributes) - || IsNvBitsIndex(attributes) - || IsNvExtendIndex(attributes)) - return TPM_RC_ATTRIBUTES; - - // Make sure that the offset is not too large - if(in->offset > nvIndex->publicArea.dataSize) - return TPM_RCS_VALUE + RC_NV_Write_offset; - - // Make sure that the selection is within the range of the Index - if(in->data.t.size > (nvIndex->publicArea.dataSize - in->offset)) - return TPM_RC_NV_RANGE; - - // If this index requires a full sized write, make sure that input range is - // full sized. - // Note: if the requested size is the same as the Index data size, then offset - // will have to be zero. Otherwise, the range check above would have failed. - if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL) - && in->data.t.size < nvIndex->publicArea.dataSize) - return TPM_RC_NV_RANGE; - -// Internal Data Update - - // Perform the write. This called routine will SET the TPMA_NV_WRITTEN - // attribute if it has not already been SET. If NV isn't available, an error - // will be returned. - return NvWriteIndexData(nvIndex, in->offset, in->data.t.size, - in->data.t.buffer); -} - -#endif // CC_NV_Write \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c deleted file mode 100644 index ec8d201de..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c +++ /dev/null @@ -1,91 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "NV_WriteLock_fp.h" - -#if CC_NV_WriteLock // Conditional expansion of this file - -/*(See part 3 specification) -// Set write lock on a NV index -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES neither TPMA_NV_WRITEDEFINE nor -// TPMA_NV_WRITE_STCLEAR is SET in Index -// referenced by 'nvIndex' -// TPM_RC_NV_AUTHORIZATION the authorization was valid but the -// authorizing entity ('authHandle') -// is not allowed to write to the Index -// referenced by 'nvIndex' -// -TPM_RC -TPM2_NV_WriteLock( - NV_WriteLock_In *in // IN: input parameter list - ) -{ - TPM_RC result; - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); - TPMA_NV nvAttributes = nvIndex->publicArea.attributes; - -// Input Validation: - - // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION - // or TPM_RC_NV_LOCKED - result = NvWriteAccessChecks(in->authHandle, in->nvIndex, nvAttributes); - if(result != TPM_RC_SUCCESS) - { - if(result == TPM_RC_NV_AUTHORIZATION) - return result; - // If write access failed because the index is already locked, then it is - // no error. - return TPM_RC_SUCCESS; - } - // if neither TPMA_NV_WRITEDEFINE nor TPMA_NV_WRITE_STCLEAR is set, the index - // can not be write-locked - if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITEDEFINE) - && !IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITE_STCLEAR)) - return TPM_RCS_ATTRIBUTES + RC_NV_WriteLock_nvIndex; -// Internal Data Update - // Set the WRITELOCK attribute. - // Note: if TPMA_NV_WRITELOCKED were already SET, then the write access check - // above would have failed and this code isn't executed. - SET_ATTRIBUTE(nvAttributes, TPMA_NV, WRITELOCKED); - - // Write index info back - return NvWriteIndexAttributes(nvIndex->publicArea.nvIndex, locator, - nvAttributes); -} - -#endif // CC_NV_WriteLock \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c deleted file mode 100644 index 605c343e3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c +++ /dev/null @@ -1,163 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "NV_spt_fp.h" - -//** Functions - -//*** NvReadAccessChecks() -// Common routine for validating a read -// Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read -// of the index -// TPM_RC_NV_LOCKED Read locked -// TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index -// -TPM_RC -NvReadAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read - TPMA_NV attributes // IN: the attributes of 'nvHandle' - ) -{ - // If data is read locked, returns an error - if(IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) - return TPM_RC_NV_LOCKED; - // If the authorization was provided by the owner or platform, then check - // that the attributes allow the read. If the authorization handle - // is the same as the index, then the checks were made when the authorization - // was checked.. - if(authHandle == TPM_RH_OWNER) - { - // If Owner provided authorization then ONWERWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD)) - return TPM_RC_NV_AUTHORIZATION; - } - else if(authHandle == TPM_RH_PLATFORM) - { - // If Platform provided authorization then PPWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD)) - return TPM_RC_NV_AUTHORIZATION; - } - // If neither Owner nor Platform provided authorization, make sure that it was - // provided by this index. - else if(authHandle != nvHandle) - return TPM_RC_NV_AUTHORIZATION; - -// If the index has not been written, then the value cannot be read -// NOTE: This has to come after other access checks to make sure that -// the proper authorization is given to TPM2_NV_ReadLock() - if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN)) - return TPM_RC_NV_UNINITIALIZED; - - return TPM_RC_SUCCESS; -} - -//*** NvWriteAccessChecks() -// Common routine for validating a write -// Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock -// Return Type: TPM_RC -// TPM_RC_NV_AUTHORIZATION Authorization fails -// TPM_RC_NV_LOCKED Write locked -// -TPM_RC -NvWriteAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written - TPMA_NV attributes // IN: the attributes of 'nvHandle' - ) -{ - // If data is write locked, returns an error - if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED)) - return TPM_RC_NV_LOCKED; - // If the authorization was provided by the owner or platform, then check - // that the attributes allow the write. If the authorization handle - // is the same as the index, then the checks were made when the authorization - // was checked.. - if(authHandle == TPM_RH_OWNER) - { - // If Owner provided authorization then ONWERWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE)) - return TPM_RC_NV_AUTHORIZATION; - } - else if(authHandle == TPM_RH_PLATFORM) - { - // If Platform provided authorization then PPWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE)) - return TPM_RC_NV_AUTHORIZATION; - } - // If neither Owner nor Platform provided authorization, make sure that it was - // provided by this index. - else if(authHandle != nvHandle) - return TPM_RC_NV_AUTHORIZATION; - return TPM_RC_SUCCESS; -} - -//*** NvClearOrderly() -// This function is used to cause gp.orderlyState to be cleared to the -// non-orderly state. -TPM_RC -NvClearOrderly( - void - ) -{ - if(gp.orderlyState < SU_DA_USED_VALUE) - RETURN_IF_NV_IS_NOT_AVAILABLE; - g_clearOrderly = TRUE; - return TPM_RC_SUCCESS; -} - -//*** NvIsPinPassIndex() -// Function to check to see if an NV index is a PIN Pass Index -// Return Type: BOOL -// TRUE(1) is pin pass -// FALSE(0) is not pin pass -BOOL -NvIsPinPassIndex( - TPM_HANDLE index // IN: Handle to check - ) -{ - if(HandleGetType(index) == TPM_HT_NV_INDEX) - { - NV_INDEX *nvIndex = NvGetIndexInfo(index, NULL); - - return IsNvPinPassIndex(nvIndex->publicArea.attributes); - } - return FALSE; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c deleted file mode 100644 index ae644ce02..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c +++ /dev/null @@ -1,107 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ActivateCredential_fp.h" - -#if CC_ActivateCredential // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Activate Credential with an object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a decryption key -// TPM_RC_ECC_POINT 'secret' is invalid (when 'keyHandle' is an ECC key) -// TPM_RC_INSUFFICIENT 'secret' is invalid (when 'keyHandle' is an ECC key) -// TPM_RC_INTEGRITY 'credentialBlob' fails integrity test -// TPM_RC_NO_RESULT 'secret' is invalid (when 'keyHandle' is an ECC key) -// TPM_RC_SIZE 'secret' size is invalid or the 'credentialBlob' -// does not unmarshal correctly -// TPM_RC_TYPE 'keyHandle' does not reference an asymmetric key. -// TPM_RC_VALUE 'secret' is invalid (when 'keyHandle' is an RSA key) -TPM_RC -TPM2_ActivateCredential( - ActivateCredential_In *in, // IN: input parameter list - ActivateCredential_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *object; // decrypt key - OBJECT *activateObject; // key associated with credential - TPM2B_DATA data; // credential data - -// Input Validation - - // Get decrypt key pointer - object = HandleToObject(in->keyHandle); - - // Get certificated object pointer - activateObject = HandleToObject(in->activateHandle); - - // input decrypt key must be an asymmetric, restricted decryption key - if(!CryptIsAsymAlgorithm(object->publicArea.type) - || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) - || !IS_ATTRIBUTE(object->publicArea.objectAttributes, - TPMA_OBJECT, restricted)) - return TPM_RCS_TYPE + RC_ActivateCredential_keyHandle; - -// Command output - - // Decrypt input credential data via asymmetric decryption. A - // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this - // point - result = CryptSecretDecrypt(object, NULL, IDENTITY_STRING, &in->secret, &data); - if(result != TPM_RC_SUCCESS) - { - if(result == TPM_RC_KEY) - return TPM_RC_FAILURE; - return RcSafeAddToResult(result, RC_ActivateCredential_secret); - } - - // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal - // errors may be returned at this point - result = CredentialToSecret(&in->credentialBlob.b, - &activateObject->name.b, - &data.b, - object, - &out->certInfo); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_ActivateCredential_credentialBlob); - - return TPM_RC_SUCCESS; -} - -#endif // CC_ActivateCredential \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c deleted file mode 100644 index 392ec7863..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c +++ /dev/null @@ -1,155 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Object_spt_fp.h" -#include "Create_fp.h" - -#if CC_Create // Conditional expansion of this file - -/*(See part 3 specification) -// Create a regular object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'sensitiveDataOrigin' is CLEAR when 'sensitive.data' -// is an Empty Buffer, or is SET when 'sensitive.data' is -// not empty; -// 'fixedTPM', 'fixedParent', or 'encryptedDuplication' -// attributes are inconsistent between themselves or with -// those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes; -// attempt to inject sensitive data for an asymmetric -// key; -// TPM_RC_HASH non-duplicable storage key and its parent have -// different name algorithm -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash -// object -// TPM_RC_KEY invalid key size values in an asymmetric key public -// area or a provided symmetric key has a value that is -// not allowed -// TPM_RC_KEY_SIZE key size in public area for symmetric key differs from -// the size in the sensitive creation area; may also be -// returned if the TPM does not allow the key size to be -// used for a Storage Key -// TPM_RC_OBJECT_MEMORY a free slot is not available as scratch memory for -// object creation -// TPM_RC_RANGE the exponent value of an RSA key is not supported. -// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', or -// 'restricted' and key's scheme ID; or hash algorithm is -// inconsistent with the scheme ID for keyed hash object -// TPM_RC_SIZE size of public authPolicy or sensitive authValue does -// not match digest size of the name algorithm -// sensitive data size for the keyed hash object is -// larger than is allowed for the scheme -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; -// or non-storage key with symmetric algorithm different -// from ALG_NULL -// TPM_RC_TYPE unknown object type; -// 'parentHandle' does not reference a restricted -// decryption key in the storage hierarchy with both -// public and sensitive portion loaded -// TPM_RC_VALUE exponent is not prime or could not find a prime using -// the provided parameters for an RSA key; -// unsupported name algorithm for an ECC key -// TPM_RC_OBJECT_MEMORY there is no free slot for the object -TPM_RC -TPM2_Create( - Create_In *in, // IN: input parameter list - Create_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *parentObject; - OBJECT *newObject; - TPMT_PUBLIC *publicArea; - -// Input Validation - parentObject = HandleToObject(in->parentHandle); - pAssert(parentObject != NULL); - - // Does parent have the proper attributes? - if(!ObjectIsParent(parentObject)) - return TPM_RCS_TYPE + RC_Create_parentHandle; - - // Get a slot for the creation - newObject = FindEmptyObjectSlot(NULL); - if(newObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // If the TPM2B_PUBLIC was passed as a structure, marshal it into is canonical - // form for processing - - // to save typing. - publicArea = &newObject->publicArea; - - // Copy the input structure to the allocated structure - *publicArea = in->inPublic.publicArea; - - // Check attributes in input public area. CreateChecks() checks the things that - // are unique to creation and then validates the attributes and values that are - // common to create and load. - result = CreateChecks(parentObject, publicArea, - in->inSensitive.sensitive.data.t.size); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Create_inPublic); - // Clean up the authValue if necessary - if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) - return TPM_RCS_SIZE + RC_Create_inSensitive; - -// Command Output - // Create the object using the default TPM random-number generator - result = CryptCreateObject(newObject, &in->inSensitive.sensitive, NULL); - if(result != TPM_RC_SUCCESS) - return result; - // Fill in creation data - FillInCreationData(in->parentHandle, publicArea->nameAlg, - &in->creationPCR, &in->outsideInfo, - &out->creationData, &out->creationHash); - - // Compute creation ticket - TicketComputeCreation(EntityGetHierarchy(in->parentHandle), &newObject->name, - &out->creationHash, &out->creationTicket); - - // Prepare output private data from sensitive - SensitiveToPrivate(&newObject->sensitive, &newObject->name, parentObject, - publicArea->nameAlg, - &out->outPrivate); - - // Finish by copying the remaining return values - out->outPublic.publicArea = newObject->publicArea; - - return TPM_RC_SUCCESS; -} - -#endif // CC_Create \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c deleted file mode 100644 index d58a3cd78..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c +++ /dev/null @@ -1,221 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "CreateLoaded_fp.h" - -#if CC_CreateLoaded // Conditional expansion of this file - -/*(See part 3 of specification) - * Create and load any type of key, including a temporary key. - * The input template is an marshaled public area rather than an unmarshaled one as - * used in Create and CreatePrimary. This is so that the label and context that - * could be in the template can be processed without changing the formats for the - * calls to Create and CreatePrimary. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'sensitiveDataOrigin' is CLEAR when 'sensitive.data' -// is an Empty Buffer; -// 'fixedTPM', 'fixedParent', or 'encryptedDuplication' -// attributes are inconsistent between themselves or with -// those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes; -// attempt to inject sensitive data for an asymmetric -// key; -// attempt to create a symmetric cipher key that is not -// a decryption key -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash -// object -// TPM_RC_KEY the value of a provided symmetric key is not allowed -// TPM_RC_OBJECT_MEMORY there is no free slot for the object -// TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', -// 'restricted' and key's scheme ID; or hash algorithm is -// inconsistent with the scheme ID for keyed hash object -// TPM_RC_SIZE size of public authorization policy or sensitive -// authorization value does not match digest size of the -// name algorithm sensitive data size for the keyed hash -// object is larger than is allowed for the scheme -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; -// or non-storage key with symmetric algorithm different -// from TPM_ALG_NULL -// TPM_RC_TYPE cannot create the object of the indicated type -// (usually only occurs if trying to derive an RSA key). -TPM_RC -TPM2_CreateLoaded( - CreateLoaded_In *in, // IN: input parameter list - CreateLoaded_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *parent = HandleToObject(in->parentHandle); - OBJECT *newObject; - BOOL derivation; - TPMT_PUBLIC *publicArea; - RAND_STATE randState; - RAND_STATE *rand = &randState; - TPMS_DERIVE labelContext; - -// Input Validation - - // How the public area is unmarshaled is determined by the parent, so - // see if parent is a derivation parent - derivation = (parent != NULL && parent->attributes.derivation); - - // If the parent is an object, then make sure that it is either a parent or - // derivation parent - if(parent != NULL && !parent->attributes.isParent && !derivation) - return TPM_RCS_TYPE + RC_CreateLoaded_parentHandle; - - // Get a spot in which to create the newObject - newObject = FindEmptyObjectSlot(&out->objectHandle); - if(newObject == NULL) - return TPM_RC_OBJECT_MEMORY; - - // Do this to save typing - publicArea = &newObject->publicArea; - - // Unmarshal the template into the object space. TPM2_Create() and - // TPM2_CreatePrimary() have the publicArea unmarshaled by CommandDispatcher. - // This command is different because of an unfortunate property of the - // unique field of an ECC key. It is a structure rather than a single TPM2B. If - // if had been a TPM2B, then the label and context could be within a TPM2B and - // unmarshaled like other public areas. Since it is not, this command needs its - // on template that is a TPM2B that is unmarshaled as a BYTE array with a - // its own unmarshal function. - result = UnmarshalToPublic(publicArea, &in->inPublic, derivation, - &labelContext); - if(result != TPM_RC_SUCCESS) - return result + RC_CreateLoaded_inPublic; - - // Validate that the authorization size is appropriate - if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) - return TPM_RCS_SIZE + RC_CreateLoaded_inSensitive; - - // Command output - if(derivation) - { - TPMT_KEYEDHASH_SCHEME *scheme; - scheme = &parent->publicArea.parameters.keyedHashDetail.scheme; - - // SP800-108 is the only KDF supported by this implementation and there is - // no default hash algorithm. - pAssert(scheme->details.xor.hashAlg != TPM_ALG_NULL - && scheme->details.xor.kdf == TPM_ALG_KDF1_SP800_108); - // Don't derive RSA keys - if(publicArea->type == ALG_RSA_VALUE) - return TPM_RCS_TYPE + RC_CreateLoaded_inPublic; - // sensitiveDataOrigin has to be CLEAR in a derived object. Since this - // is specific to a derived object, it is checked here. - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, - sensitiveDataOrigin)) - return TPM_RCS_ATTRIBUTES; - // Check the reset of the attributes - result = PublicAttributesValidation(parent, publicArea); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_CreateLoaded_inPublic); - // Process the template and sensitive areas to get the actual 'label' and - // 'context' values to be used for this derivation. - result = SetLabelAndContext(&labelContext, &in->inSensitive.sensitive.data); - if(result != TPM_RC_SUCCESS) - return result; - // Set up the KDF for object generation - DRBG_InstantiateSeededKdf((KDF_STATE *)rand, - scheme->details.xor.hashAlg, - scheme->details.xor.kdf, - &parent->sensitive.sensitive.bits.b, - &labelContext.label.b, - &labelContext.context.b, - TPM_MAX_DERIVATION_BITS); - // Clear the sensitive size so that the creation functions will not try - // to use this value. - in->inSensitive.sensitive.data.t.size = 0; - } - else - { - // Check attributes in input public area. CreateChecks() checks the things - // that are unique to creation and then validates the attributes and values - // that are common to create and load. - result = CreateChecks(parent, publicArea, - in->inSensitive.sensitive.data.t.size); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_CreateLoaded_inPublic); - // Creating a primary object - if(parent == NULL) - { - TPM2B_NAME name; - newObject->attributes.primary = SET; - if(in->parentHandle == TPM_RH_ENDORSEMENT) - newObject->attributes.epsHierarchy = SET; - // If so, use the primary seed and the digest of the template - // to seed the DRBG - result = DRBG_InstantiateSeeded((DRBG_STATE *)rand, - &HierarchyGetPrimarySeed(in->parentHandle)->b, - PRIMARY_OBJECT_CREATION, - (TPM2B *)PublicMarshalAndComputeName(publicArea, - &name), - &in->inSensitive.sensitive.data.b); - if(result != TPM_RC_SUCCESS) - return result; - } - else - { - // This is an ordinary object so use the normal random number generator - rand = NULL; - } - } -// Internal data update - // Create the object - result = CryptCreateObject(newObject, &in->inSensitive.sensitive, rand); - if(result != TPM_RC_SUCCESS) - return result; - // if this is not a Primary key and not a derived key, then return the sensitive - // area - if(parent != NULL && !derivation) - // Prepare output private data from sensitive - SensitiveToPrivate(&newObject->sensitive, &newObject->name, - parent, newObject->publicArea.nameAlg, - &out->outPrivate); - else - out->outPrivate.t.size = 0; - // Set the remaining return values - out->outPublic.publicArea = newObject->publicArea; - out->name = newObject->name; - // Set the remaining attributes for a loaded object - ObjectSetLoadedAttributes(newObject, in->parentHandle); - - return result; -} - -#endif // CC_CreateLoaded \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c deleted file mode 100644 index 86cea9685..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c +++ /dev/null @@ -1,121 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Load_fp.h" - -#if CC_Load // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Load an ordinary or temporary object -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'inPulblic' attributes are not allowed with selected -// parent -// TPM_RC_BINDING 'inPrivate' and 'inPublic' are not -// cryptographically bound -// TPM_RC_HASH incorrect hash selection for signing key or -// the 'nameAlg' for 'inPubic is not valid -// TPM_RC_INTEGRITY HMAC on 'inPrivate' was not valid -// TPM_RC_KDF KDF selection not allowed -// TPM_RC_KEY the size of the object's 'unique' field is not -// consistent with the indicated size in the object's -// parameters -// TPM_RC_OBJECT_MEMORY no available object slot -// TPM_RC_SCHEME the signing scheme is not valid for the key -// TPM_RC_SENSITIVE the 'inPrivate' did not unmarshal correctly -// TPM_RC_SIZE 'inPrivate' missing, or 'authPolicy' size for -// 'inPublic' or is not valid -// TPM_RC_SYMMETRIC symmetric algorithm not provided when required -// TPM_RC_TYPE 'parentHandle' is not a storage key, or the object -// to load is a storage key but its parameters do not -// match the parameters of the parent. -// TPM_RC_VALUE decryption failure -TPM_RC -TPM2_Load( - Load_In *in, // IN: input parameter list - Load_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - TPMT_SENSITIVE sensitive; - OBJECT *parentObject; - OBJECT *newObject; - -// Input Validation - // Don't get invested in loading if there is no place to put it. - newObject = FindEmptyObjectSlot(&out->objectHandle); - if(newObject == NULL) - return TPM_RC_OBJECT_MEMORY; - - if(in->inPrivate.t.size == 0) - return TPM_RCS_SIZE + RC_Load_inPrivate; - - parentObject = HandleToObject(in->parentHandle); - pAssert(parentObject != NULL); - // Is the object that is being used as the parent actually a parent. - if(!ObjectIsParent(parentObject)) - return TPM_RCS_TYPE + RC_Load_parentHandle; - - // Compute the name of object. If there isn't one, it is because the nameAlg is - // not valid. - PublicMarshalAndComputeName(&in->inPublic.publicArea, &out->name); - if(out->name.t.size == 0) - return TPM_RCS_HASH + RC_Load_inPublic; - - // Retrieve sensitive data. - result = PrivateToSensitive(&in->inPrivate.b, &out->name.b, parentObject, - in->inPublic.publicArea.nameAlg, - &sensitive); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_Load_inPrivate); - -// Internal Data Update - // Load and validate object - result = ObjectLoad(newObject, parentObject, - &in->inPublic.publicArea, &sensitive, - RC_Load_inPublic, RC_Load_inPrivate, - &out->name); - if(result == TPM_RC_SUCCESS) - { - // Set the common OBJECT attributes for a loaded object. - ObjectSetLoadedAttributes(newObject, in->parentHandle); - } - return result; - -} - -#endif // CC_Load \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c deleted file mode 100644 index 61d59b2b1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c +++ /dev/null @@ -1,132 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "LoadExternal_fp.h" - -#if CC_LoadExternal // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// to load an object that is not a Protected Object into the public portion -// of an object into the TPM. The command allows loading of a public area or -// both a public and sensitive area -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'fixedParent", 'fixedTPM', and 'restricted' must -// be CLEAR if sensitive portion of an object is loaded -// TPM_RC_BINDING the 'inPublic' and 'inPrivate' structures are not -// cryptographically bound -// TPM_RC_HASH incorrect hash selection for signing key -// TPM_RC_HIERARCHY 'hierarchy' is turned off, or only NULL hierarchy -// is allowed when loading public and private parts -// of an object -// TPM_RC_KDF incorrect KDF selection for decrypting -// keyedHash object -// TPM_RC_KEY the size of the object's 'unique' field is not -// consistent with the indicated size in the object's -// parameters -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -// TPM_RC_ECC_POINT for a public-only ECC key, the ECC point is not -// on the curve -// TPM_RC_SCHEME the signing scheme is not valid for the key -// TPM_RC_SIZE 'authPolicy' is not zero and is not the size of a -// digest produced by the object's 'nameAlg' -// TPM_RH_NULL hierarchy -// TPM_RC_SYMMETRIC symmetric algorithm not provided when required -// TPM_RC_TYPE 'inPublic' and 'inPrivate' are not the same type -TPM_RC -TPM2_LoadExternal( - LoadExternal_In *in, // IN: input parameter list - LoadExternal_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *object; - TPMT_SENSITIVE *sensitive = NULL; - -// Input Validation - // Don't get invested in loading if there is no place to put it. - object = FindEmptyObjectSlot(&out->objectHandle); - if(object == NULL) - return TPM_RC_OBJECT_MEMORY; - - - // If the hierarchy to be associated with this object is turned off, the object - // cannot be loaded. - if(!HierarchyIsEnabled(in->hierarchy)) - return TPM_RCS_HIERARCHY + RC_LoadExternal_hierarchy; - - // For loading an object with both public and sensitive - if(in->inPrivate.size != 0) - { - // An external object with a sensitive area can only be loaded in the - // NULL hierarchy - if(in->hierarchy != TPM_RH_NULL) - return TPM_RCS_HIERARCHY + RC_LoadExternal_hierarchy; - // An external object with a sensitive area must have fixedTPM == CLEAR - // fixedParent == CLEAR so that it does not appear to be a key created by - // this TPM. - if(IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, - fixedTPM) - || IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, - fixedParent) - || IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, - restricted)) - return TPM_RCS_ATTRIBUTES + RC_LoadExternal_inPublic; - - // Have sensitive point to something other than NULL so that object - // initialization will load the sensitive part too - sensitive = &in->inPrivate.sensitiveArea; - } - - // Need the name to initialize the object structure - PublicMarshalAndComputeName(&in->inPublic.publicArea, &out->name); - - // Load and validate key - result = ObjectLoad(object, NULL, - &in->inPublic.publicArea, sensitive, - RC_LoadExternal_inPublic, RC_LoadExternal_inPrivate, - &out->name); - if(result == TPM_RC_SUCCESS) - { - object->attributes.external = SET; - // Set the common OBJECT attributes for a loaded object. - ObjectSetLoadedAttributes(object, in->hierarchy); - } - return result; -} - -#endif // CC_LoadExternal \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c deleted file mode 100644 index 44e5e99ab..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c +++ /dev/null @@ -1,96 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "MakeCredential_fp.h" - -#if CC_MakeCredential // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Make Credential with an object -*/ -// Return Type: TPM_RC -// TPM_RC_KEY 'handle' referenced an ECC key that has a unique -// field that is not a point on the curve of the key -// TPM_RC_SIZE 'credential' is larger than the digest size of -// Name algorithm of 'handle' -// TPM_RC_TYPE 'handle' does not reference an asymmetric -// decryption key -TPM_RC -TPM2_MakeCredential( - MakeCredential_In *in, // IN: input parameter list - MakeCredential_Out *out // OUT: output parameter list - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - - OBJECT *object; - TPM2B_DATA data; - -// Input Validation - - // Get object pointer - object = HandleToObject(in->handle); - - // input key must be an asymmetric, restricted decryption key - // NOTE: Needs to be restricted to have a symmetric value. - if(!CryptIsAsymAlgorithm(object->publicArea.type) - || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) - || !IS_ATTRIBUTE(object->publicArea.objectAttributes, - TPMA_OBJECT, restricted)) - return TPM_RCS_TYPE + RC_MakeCredential_handle; - - // The credential information may not be larger than the digest size used for - // the Name of the key associated with handle. - if(in->credential.t.size > CryptHashGetDigestSize(object->publicArea.nameAlg)) - return TPM_RCS_SIZE + RC_MakeCredential_credential; - -// Command Output - - // Make encrypt key and its associated secret structure. - out->secret.t.size = sizeof(out->secret.t.secret); - result = CryptSecretEncrypt(object, IDENTITY_STRING, &data, &out->secret); - if(result != TPM_RC_SUCCESS) - return result; - - // Prepare output credential data from secret - SecretToCredential(&in->credential, &in->objectName.b, &data.b, - object, &out->credentialBlob); - - return TPM_RC_SUCCESS; -} - -#endif // CC_MakeCredential \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c deleted file mode 100644 index d339b83fd..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c +++ /dev/null @@ -1,93 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ObjectChangeAuth_fp.h" - -#if CC_ObjectChangeAuth // Conditional expansion of this file - -#include "Object_spt_fp.h" - -/*(See part 3 specification) -// Create an object -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE 'newAuth' is larger than the size of the digest -// of the Name algorithm of 'objectHandle' -// TPM_RC_TYPE the key referenced by 'parentHandle' is not the -// parent of the object referenced by 'objectHandle'; -// or 'objectHandle' is a sequence object. -TPM_RC -TPM2_ObjectChangeAuth( - ObjectChangeAuth_In *in, // IN: input parameter list - ObjectChangeAuth_Out *out // OUT: output parameter list - ) -{ - TPMT_SENSITIVE sensitive; - - OBJECT *object = HandleToObject(in->objectHandle); - TPM2B_NAME QNCompare; - -// Input Validation - - // Can not change authorization on sequence object - if(ObjectIsSequence(object)) - return TPM_RCS_TYPE + RC_ObjectChangeAuth_objectHandle; - - // Make sure that the authorization value is consistent with the nameAlg - if(!AdjustAuthSize(&in->newAuth, object->publicArea.nameAlg)) - return TPM_RCS_SIZE + RC_ObjectChangeAuth_newAuth; - - // Parent handle should be the parent of object handle. In this - // implementation we verify this by checking the QN of object. Other - // implementation may choose different method to verify this attribute. - ComputeQualifiedName(in->parentHandle, - object->publicArea.nameAlg, - &object->name, &QNCompare); - if(!MemoryEqual2B(&object->qualifiedName.b, &QNCompare.b)) - return TPM_RCS_TYPE + RC_ObjectChangeAuth_parentHandle; - -// Command Output - // Prepare the sensitive area with the new authorization value - sensitive = object->sensitive; - sensitive.authValue = in->newAuth; - - // Protect the sensitive area - SensitiveToPrivate(&sensitive, &object->name, HandleToObject(in->parentHandle), - object->publicArea.nameAlg, - &out->outPrivate); - return TPM_RC_SUCCESS; -} - -#endif // CC_ObjectChangeAuth \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c deleted file mode 100644 index 3de47904b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c +++ /dev/null @@ -1,1584 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" -#include "Object_spt_fp.h" - -//** Local Functions - -//*** GetIV2BSize() -// Get the size of TPM2B_IV in canonical form that will be append to the start of -// the sensitive data. It includes both size of size field and size of iv data -static UINT16 -GetIV2BSize( - OBJECT *protector // IN: the protector handle - ) -{ - TPM_ALG_ID symAlg; - UINT16 keyBits; - - // Determine the symmetric algorithm and size of key - if(protector == NULL) - { - // Use the context encryption algorithm and key size - symAlg = CONTEXT_ENCRYPT_ALG; - keyBits = CONTEXT_ENCRYPT_KEY_BITS; - } - else - { - symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; - keyBits = protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; - } - - // The IV size is a UINT16 size field plus the block size of the symmetric - // algorithm - return sizeof(UINT16) + CryptGetSymmetricBlockSize(symAlg, keyBits); -} - -//*** ComputeProtectionKeyParms() -// This function retrieves the symmetric protection key parameters for -// the sensitive data -// The parameters retrieved from this function include encryption algorithm, -// key size in bit, and a TPM2B_SYM_KEY containing the key material as well as -// the key size in bytes -// This function is used for any action that requires encrypting or decrypting of -// the sensitive area of an object or a credential blob -// -/*(See part 1 specification) - KDF for generating the protection key material: - KDFa(hashAlg, seed, "STORAGE", Name, NULL , bits) -where - hashAlg for a Primary Object, an algorithm chosen by the TPM vendor - for derivations from Primary Seeds. For all other objects, - the nameAlg of the object's parent. - seed for a Primary Object in the Platform Hierarchy, the PPS. - For Primary Objects in either Storage or Endorsement Hierarchy, - the SPS. For Temporary Objects, the context encryption seed. - For all other objects, the symmetric seed value in the - sensitive area of the object's parent. - STORAGE label to differentiate use of KDFa() (see 4.7) - Name the Name of the object being encrypted - bits the number of bits required for a symmetric key and IV -*/ -// Return Type: void -static void -ComputeProtectionKeyParms( - OBJECT *protector, // IN: the protector object - TPM_ALG_ID hashAlg, // IN: hash algorithm for KDFa - TPM2B *name, // IN: name of the object - TPM2B *seedIn, // IN: optional seed for duplication blob. - // For non duplication blob, this - // parameter should be NULL - TPM_ALG_ID *symAlg, // OUT: the symmetric algorithm - UINT16 *keyBits, // OUT: the symmetric key size in bits - TPM2B_SYM_KEY *symKey // OUT: the symmetric key - ) -{ - const TPM2B *seed = seedIn; - - // Determine the algorithms for the KDF and the encryption/decryption - // For TPM_RH_NULL, using context settings - if(protector == NULL) - { - // Use the context encryption algorithm and key size - *symAlg = CONTEXT_ENCRYPT_ALG; - symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; - *keyBits = CONTEXT_ENCRYPT_KEY_BITS; - } - else - { - TPMT_SYM_DEF_OBJECT *symDef; - symDef = &protector->publicArea.parameters.asymDetail.symmetric; - *symAlg = symDef->algorithm; - *keyBits = symDef->keyBits.sym; - symKey->t.size = (*keyBits + 7) / 8; - } - // Get seed for KDF - if(seed == NULL) - seed = GetSeedForKDF(protector); - // KDFa to generate symmetric key and IV value - CryptKDFa(hashAlg, seed, STORAGE_KEY, name, NULL, - symKey->t.size * 8, symKey->t.buffer, NULL, FALSE); - return; -} - -//*** ComputeOuterIntegrity() -// The sensitive area parameter is a buffer that holds a space for -// the integrity value and the marshaled sensitive area. The caller should -// skip over the area set aside for the integrity value -// and compute the hash of the remainder of the object. -// The size field of sensitive is in unmarshaled form and the -// sensitive area contents is an array of bytes. -/*(See part 1 specification) - KDFa(hashAlg, seed, "INTEGRITY", NULL, NULL , bits) (38) -where - hashAlg for a Primary Object, the nameAlg of the object. For all other - objects the nameAlg of the object's parent. - seed for a Primary Object in the Platform Hierarchy, the PPS. For - Primary Objects in either Storage or Endorsement Hierarchy, - the SPS. For a Temporary Object, the context encryption key. - For all other objects, the symmetric seed value in the sensitive - area of the object's parent. - "INTEGRITY" a value used to differentiate the uses of the KDF. - bits the number of bits in the digest produced by hashAlg. -Key is then used in the integrity computation. - HMACnameAlg(HMACkey, encSensitive || Name ) -where - HMACnameAlg() the HMAC function using nameAlg of the object's parent - HMACkey value derived from the parent symmetric protection value - encSensitive symmetrically encrypted sensitive area - Name the Name of the object being protected -*/ -// Return Type: void -static void -ComputeOuterIntegrity( - TPM2B *name, // IN: the name of the object - OBJECT *protector, // IN: the object that - // provides protection. For an object, - // it is a parent. For a credential, it - // is the encrypt object. For - // a Temporary Object, it is NULL - TPMI_ALG_HASH hashAlg, // IN: algorithm to use for integrity - TPM2B *seedIn, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - UINT32 sensitiveSize, // IN: size of the marshaled sensitive data - BYTE *sensitiveData, // IN: sensitive area - TPM2B_DIGEST *integrity // OUT: integrity - ) -{ - HMAC_STATE hmacState; - TPM2B_DIGEST hmacKey; - const TPM2B *seed = seedIn; -// - // Get seed for KDF - if(seed == NULL) - seed = GetSeedForKDF(protector); - // Determine the HMAC key bits - hmacKey.t.size = CryptHashGetDigestSize(hashAlg); - - // KDFa to generate HMAC key - CryptKDFa(hashAlg, seed, INTEGRITY_KEY, NULL, NULL, - hmacKey.t.size * 8, hmacKey.t.buffer, NULL, FALSE); - // Start HMAC and get the size of the digest which will become the integrity - integrity->t.size = CryptHmacStart2B(&hmacState, hashAlg, &hmacKey.b); - - // Adding the marshaled sensitive area to the integrity value - CryptDigestUpdate(&hmacState.hashState, sensitiveSize, sensitiveData); - - // Adding name - CryptDigestUpdate2B(&hmacState.hashState, name); - - // Compute HMAC - CryptHmacEnd2B(&hmacState, &integrity->b); - - return; -} - -//*** ComputeInnerIntegrity() -// This function computes the integrity of an inner wrap -static void -ComputeInnerIntegrity( - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - TPM2B *name, // IN: the name of the object - UINT16 dataSize, // IN: the size of sensitive data - BYTE *sensitiveData, // IN: sensitive data - TPM2B_DIGEST *integrity // OUT: inner integrity - ) -{ - HASH_STATE hashState; -// - // Start hash and get the size of the digest which will become the integrity - integrity->t.size = CryptHashStart(&hashState, hashAlg); - - // Adding the marshaled sensitive area to the integrity value - CryptDigestUpdate(&hashState, dataSize, sensitiveData); - - // Adding name - CryptDigestUpdate2B(&hashState, name); - - // Compute hash - CryptHashEnd2B(&hashState, &integrity->b); - - return; -} - -//*** ProduceInnerIntegrity() -// This function produces an inner integrity for regular private, credential or -// duplication blob -// It requires the sensitive data being marshaled to the innerBuffer, with the -// leading bytes reserved for integrity hash. It assume the sensitive data -// starts at address (innerBuffer + integrity size). -// This function integrity at the beginning of the inner buffer -// It returns the total size of buffer with the inner wrap -static UINT16 -ProduceInnerIntegrity( - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size - BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in - // it. At input, the leading bytes of this - // buffer is reserved for integrity - ) -{ - BYTE *sensitiveData; // pointer to the sensitive data - TPM2B_DIGEST integrity; - UINT16 integritySize; - BYTE *buffer; // Auxiliary buffer pointer -// - // sensitiveData points to the beginning of sensitive data in innerBuffer - integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); - sensitiveData = innerBuffer + integritySize; - - ComputeInnerIntegrity(hashAlg, name, dataSize, sensitiveData, &integrity); - - // Add integrity at the beginning of inner buffer - buffer = innerBuffer; - TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); - - return dataSize + integritySize; -} - -//*** CheckInnerIntegrity() -// This function check integrity of inner blob -// Return Type: TPM_RC -// TPM_RC_INTEGRITY if the outer blob integrity is bad -// unmarshal errors unmarshal errors while unmarshaling integrity -static TPM_RC -CheckInnerIntegrity( - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - UINT16 dataSize, // IN: the size of sensitive data, including the - // leading integrity buffer size - BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in - // it - ) -{ - TPM_RC result; - TPM2B_DIGEST integrity; - TPM2B_DIGEST integrityToCompare; - BYTE *buffer; // Auxiliary buffer pointer - INT32 size; -// - // Unmarshal integrity - buffer = innerBuffer; - size = (INT32)dataSize; - result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - // Compute integrity to compare - ComputeInnerIntegrity(hashAlg, name, (UINT16)size, buffer, - &integrityToCompare); - // Compare outer blob integrity - if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) - result = TPM_RC_INTEGRITY; - } - return result; -} - -//** Public Functions - -//*** AdjustAuthSize() -// This function will validate that the input authValue is no larger than the -// digestSize for the nameAlg. It will then pad with zeros to the size of the -// digest. -BOOL -AdjustAuthSize( - TPM2B_AUTH *auth, // IN/OUT: value to adjust - TPMI_ALG_HASH nameAlg // IN: - ) -{ - UINT16 digestSize; -// - // If there is no nameAlg, then this is a LoadExternal and the authVale can - // be any size up to the maximum allowed by the - digestSize = (nameAlg == TPM_ALG_NULL) ? sizeof(TPMU_HA) - : CryptHashGetDigestSize(nameAlg); - if(digestSize < MemoryRemoveTrailingZeros(auth)) - return FALSE; - else if(digestSize > auth->t.size) - MemoryPad2B(&auth->b, digestSize); - auth->t.size = digestSize; - - return TRUE; -} - -//*** AreAttributesForParent() -// This function is called by create, load, and import functions. -// Note: The 'isParent' attribute is SET when an object is loaded and it has -// attributes that are suitable for a parent object. -// Return Type: BOOL -// TRUE(1) properties are those of a parent -// FALSE(0) properties are not those of a parent -BOOL -ObjectIsParent( - OBJECT *parentObject // IN: parent handle - ) -{ - return parentObject->attributes.isParent; -} - -//*** CreateChecks() -// Attribute checks that are unique to creation. -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the -// object type -// other returns from PublicAttributesValidation() -TPM_RC -CreateChecks( - OBJECT *parentObject, - TPMT_PUBLIC *publicArea, - UINT16 sensitiveDataSize - ) -{ - TPMA_OBJECT attributes = publicArea->objectAttributes; - TPM_RC result = TPM_RC_SUCCESS; -// - // If the caller indicates that they have provided the data, then make sure that - // they have provided some data. - if((!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - && (sensitiveDataSize == 0)) - return TPM_RCS_ATTRIBUTES; - // For an ordinary object, data can only be provided when sensitiveDataOrigin - // is CLEAR - if((parentObject != NULL) - && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - && (sensitiveDataSize != 0)) - return TPM_RCS_ATTRIBUTES; - switch(publicArea->type) - { - case ALG_KEYEDHASH_VALUE: - // if this is a data object (sign == decrypt == CLEAR) then the - // TPM cannot be the data source. - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - result = TPM_RC_ATTRIBUTES; - // comment out the next line in order to prevent a fixedTPM derivation - // parent -// break; - case ALG_SYMCIPHER_VALUE: - // A restricted key symmetric key (SYMCIPHER and KEYEDHASH) - // must have sensitiveDataOrigin SET unless it has fixedParent and - // fixedTPM CLEAR. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - result = TPM_RCS_ATTRIBUTES; - break; - default: // Asymmetric keys cannot have the sensitive portion provided - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - result = TPM_RCS_ATTRIBUTES; - break; - } - if(TPM_RC_SUCCESS == result) - { - result = PublicAttributesValidation(parentObject, publicArea); - } - return result; -} -//*** SchemeChecks -// This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). -// This function validates the schemes in the public area of an object. -// Return Type: TPM_RC -// TPM_RC_HASH non-duplicable storage key and its parent have different -// name algorithm -// TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object -// TPM_RC_KEY invalid key size values in an asymmetric key public area -// TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted' -// and key's scheme ID; or hash algorithm is inconsistent -// with the scheme ID for keyed hash object -// TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or -// non-storage key with symmetric algorithm different from -// ALG_NULL -TPM_RC -SchemeChecks( - OBJECT *parentObject, // IN: parent (null if primary seed) - TPMT_PUBLIC *publicArea // IN: public area of the object - ) -{ - TPMT_SYM_DEF_OBJECT *symAlgs = NULL; - TPM_ALG_ID scheme = TPM_ALG_NULL; - TPMA_OBJECT attributes = publicArea->objectAttributes; - TPMU_PUBLIC_PARMS *parms = &publicArea->parameters; -// - switch(publicArea->type) - { - case ALG_SYMCIPHER_VALUE: - symAlgs = &parms->symDetail.sym; - // If this is a decrypt key, then only the block cipher modes (not - // SMAC) are valid. TPM_ALG_NULL is OK too. If this is a 'sign' key, - // then any mode that got through the unmarshaling is OK. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) - && !CryptSymModeIsValid(symAlgs->mode.sym, TRUE)) - return TPM_RCS_SCHEME; - break; - case ALG_KEYEDHASH_VALUE: - scheme = parms->keyedHashDetail.scheme.scheme; - // if both sign and decrypt - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // if both sign and decrypt are set or clear, then need - // ALG_NULL as scheme - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - && scheme != TPM_ALG_HMAC) - return TPM_RCS_SCHEME; - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(scheme != TPM_ALG_XOR) - return TPM_RCS_SCHEME; - // If this is a derivation parent, then the KDF needs to be - // SP800-108 for this implementation. This is the only derivation - // supported by this implementation. Other implementations could - // support additional schemes. There is no default. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - { - if(parms->keyedHashDetail.scheme.details.xor.kdf - != TPM_ALG_KDF1_SP800_108) - return TPM_RCS_SCHEME; - // Must select a digest. - if(CryptHashGetDigestSize( - parms->keyedHashDetail.scheme.details.xor.hashAlg) == 0) - return TPM_RCS_HASH; - } - } - break; - default: // handling for asymmetric - scheme = parms->asymDetail.scheme.scheme; - symAlgs = &parms->asymDetail.symmetric; - // if the key is both sign and decrypt, then the scheme must be - // ALG_NULL because there is no way to specify both a sign and a - // decrypt scheme in the key. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // scheme must be TPM_ALG_NULL - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) - { - // If this is a signing key, see if it has a signing scheme - if(CryptIsAsymSignScheme(publicArea->type, scheme)) - { - // if proper signing scheme then it needs a proper hash - if(parms->asymDetail.scheme.details.anySig.hashAlg - == TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else - { - // signing key that does not have a proper signing scheme. - // This is OK if the key is not restricted and its scheme - // is TPM_ALG_NULL - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - || scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - } - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - { - // for a restricted decryption key (a parent), scheme - // is required to be TPM_ALG_NULL - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else - { - // For an unrestricted decryption key, the scheme has to - // be a valid scheme or TPM_ALG_NULL - if(scheme != TPM_ALG_NULL && - !CryptIsAsymDecryptScheme(publicArea->type, scheme)) - return TPM_RCS_SCHEME; - } - } - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // For an asymmetric key that is not a parent, the symmetric - // algorithms must be TPM_ALG_NULL - if(symAlgs->algorithm != TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC; - } - // Special checks for an ECC key -#if ALG_ECC - if(publicArea->type == TPM_ALG_ECC) - { - TPM_ECC_CURVE curveID; - const TPMT_ECC_SCHEME *curveScheme; - - curveID = publicArea->parameters.eccDetail.curveID; - curveScheme = CryptGetCurveSignScheme(curveID); - // The curveId must be valid or the unmarshaling is busted. - pAssert(curveScheme != NULL); - - // If the curveID requires a specific scheme, then the key must - // select the same scheme - if(curveScheme->scheme != TPM_ALG_NULL) - { - TPMS_ECC_PARMS *ecc = &publicArea->parameters.eccDetail; - if(scheme != curveScheme->scheme) - return TPM_RCS_SCHEME; - // The scheme can allow any hash, or not... - if(curveScheme->details.anySig.hashAlg != TPM_ALG_NULL - && (ecc->scheme.details.anySig.hashAlg - != curveScheme->details.anySig.hashAlg)) - return TPM_RCS_SCHEME; - } - // For now, the KDF must be TPM_ALG_NULL - if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) - return TPM_RCS_KDF; - } -#endif - break; - } - // If this is a restricted decryption key with symmetric algorithms, then it - // is an ordinary parent (not a derivation parent). It needs to specific - // symmetric algorithms other than TPM_ALG_NULL - if(symAlgs != NULL - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(symAlgs->algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC; -#if 0 //?? -// This next check is under investigation. Need to see if it will break Windows -// before it is enabled. If it does not, then it should be default because a -// the mode used with a parent is always CFB and Part 2 indicates as much. - if(symAlgs->mode.sym != TPM_ALG_CFB) - return TPM_RCS_MODE; -#endif - // If this parent is not duplicable, then the symmetric algorithms - // (encryption and hash) must match those of its parent - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - && (parentObject != NULL)) - { - if(publicArea->nameAlg != parentObject->publicArea.nameAlg) - return TPM_RCS_HASH; - if(!MemoryEqual(symAlgs, &parentObject->publicArea.parameters, - sizeof(TPMT_SYM_DEF_OBJECT))) - return TPM_RCS_SYMMETRIC; - } - } - return TPM_RC_SUCCESS; -} - -//*** PublicAttributesValidation() -// This function validates the values in the public area of an object. -// This function is used in the processing of TPM2_Create, TPM2_CreatePrimary, -// TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal(). -// For TPM2_Import() this is only used if the new parent has fixedTPM SET. For -// TPM2_LoadExternal(), this is not used for a public-only key -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication' -// attributes are inconsistent between themselves or with -// those of the parent object; -// inconsistent 'restricted', 'decrypt' and 'sign' -// attributes; -// attempt to inject sensitive data for an asymmetric key; -// attempt to create a symmetric cipher key that is not -// a decryption key -// TPM_RC_HASH nameAlg is TPM_ALG_NULL -// TPM_RC_SIZE 'authPolicy' size does not match digest size of the name -// algorithm in 'publicArea' -// other returns from SchemeChecks() -TPM_RC -PublicAttributesValidation( - OBJECT *parentObject, // IN: input parent object - TPMT_PUBLIC *publicArea // IN: public area of the object - ) -{ - TPMA_OBJECT attributes = publicArea->objectAttributes; - TPMA_OBJECT parentAttributes = TPMA_ZERO_INITIALIZER(); -// - if(parentObject != NULL) - parentAttributes = parentObject->publicArea.objectAttributes; - if(publicArea->nameAlg == TPM_ALG_NULL) - return TPM_RCS_HASH; - // If there is an authPolicy, it needs to be the size of the digest produced - // by the nameAlg of the object - if((publicArea->authPolicy.t.size != 0 - && (publicArea->authPolicy.t.size - != CryptHashGetDigestSize(publicArea->nameAlg)))) - return TPM_RCS_SIZE; - // If the parent is fixedTPM (including a Primary Object) the object must have - // the same value for fixedTPM and fixedParent - if(parentObject == NULL - || IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - != IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - } - else - { - // The parent is not fixedTPM so the object can't be fixedTPM - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - } - // See if sign and decrypt are the same - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // a restricted key cannot have both SET or both CLEAR - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - return TPM_RC_ATTRIBUTES; - // only a data object may have both sign and decrypt CLEAR - // BTW, since we know that decrypt==sign, no need to check both - if(publicArea->type != TPM_ALG_KEYEDHASH - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) - return TPM_RC_ATTRIBUTES; - } - // If the object can't be duplicated (directly or indirectly) then there - // is no justification for having encryptedDuplication SET - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES; - // If a parent object has fixedTPM CLEAR, the child must have the - // same encryptedDuplication value as its parent. - // Primary objects are considered to have a fixedTPM parent (the seeds). - if(parentObject != NULL - && !IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication) - != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES; - } - // Special checks for derived objects - if((parentObject != NULL) && (parentObject->attributes.derivation == SET)) - { - // A derived object has the same settings for fixedTPM as its parent - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) - != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - // A derived object is required to be fixedParent - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) - return TPM_RCS_ATTRIBUTES; - } - return SchemeChecks(parentObject, publicArea); -} - -//*** FillInCreationData() -// Fill in creation data for an object. -// Return Type: void -void -FillInCreationData( - TPMI_DH_OBJECT parentHandle, // IN: handle of parent - TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm - TPML_PCR_SELECTION *creationPCR, // IN: PCR selection - TPM2B_DATA *outsideData, // IN: outside data - TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output - TPM2B_DIGEST *creationDigest // OUT: creation digest - ) -{ - BYTE creationBuffer[sizeof(TPMS_CREATION_DATA)]; - BYTE *buffer; - HASH_STATE hashState; -// - // Fill in TPMS_CREATION_DATA in outCreation - - // Compute PCR digest - PCRComputeCurrentDigest(nameHashAlg, creationPCR, - &outCreation->creationData.pcrDigest); - - // Put back PCR selection list - outCreation->creationData.pcrSelect = *creationPCR; - - // Get locality - outCreation->creationData.locality - = LocalityGetAttributes(_plat__LocalityGet()); - outCreation->creationData.parentNameAlg = TPM_ALG_NULL; - - // If the parent is either a primary seed or TPM_ALG_NULL, then the Name - // and QN of the parent are the parent's handle. - if(HandleGetType(parentHandle) == TPM_HT_PERMANENT) - { - buffer = &outCreation->creationData.parentName.t.name[0]; - outCreation->creationData.parentName.t.size = - TPM_HANDLE_Marshal(&parentHandle, &buffer, NULL); - // For a primary or temporary object, the parent name (a handle) and the - // parent's QN are the same - outCreation->creationData.parentQualifiedName - = outCreation->creationData.parentName; - } - else // Regular object - { - OBJECT *parentObject = HandleToObject(parentHandle); -// - // Set name algorithm - outCreation->creationData.parentNameAlg = parentObject->publicArea.nameAlg; - - // Copy parent name - outCreation->creationData.parentName = parentObject->name; - - // Copy parent qualified name - outCreation->creationData.parentQualifiedName = parentObject->qualifiedName; - } - // Copy outside information - outCreation->creationData.outsideInfo = *outsideData; - - // Marshal creation data to canonical form - buffer = creationBuffer; - outCreation->size = TPMS_CREATION_DATA_Marshal(&outCreation->creationData, - &buffer, NULL); - // Compute hash for creation field in public template - creationDigest->t.size = CryptHashStart(&hashState, nameHashAlg); - CryptDigestUpdate(&hashState, outCreation->size, creationBuffer); - CryptHashEnd2B(&hashState, &creationDigest->b); - - return; -} - -//*** GetSeedForKDF() -// Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. -const TPM2B * -GetSeedForKDF( - OBJECT *protector // IN: the protector handle - ) -{ - // Get seed for encryption key. Use input seed if provided. - // Otherwise, using protector object's seedValue. TPM_RH_NULL is the only - // exception that we may not have a loaded object as protector. In such a - // case, use nullProof as seed. - if(protector == NULL) - return &gr.nullProof.b; - else - return &protector->sensitive.seedValue.b; -} - -//*** ProduceOuterWrap() -// This function produce outer wrap for a buffer containing the sensitive data. -// It requires the sensitive data being marshaled to the outerBuffer, with the -// leading bytes reserved for integrity hash. If iv is used, iv space should -// be reserved at the beginning of the buffer. It assumes the sensitive data -// starts at address (outerBuffer + integrity size {+ iv size}). -// This function performs: -// 1. Add IV before sensitive area if required -// 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise, -// encrypted by a NULL iv -// 3. add HMAC integrity at the beginning of the buffer -// It returns the total size of blob with outer wrap -UINT16 -ProduceOuterWrap( - OBJECT *protector, // IN: The handle of the object that provides - // protection. For object, it is parent - // handle. For credential, it is the handle - // of encrypt object. - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B *seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - BOOL useIV, // IN: indicate if an IV is used - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size or the - // optional iv size - BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in - // it - ) -{ - TPM_ALG_ID symAlg; - UINT16 keyBits; - TPM2B_SYM_KEY symKey; - TPM2B_IV ivRNG; // IV from RNG - TPM2B_IV *iv = NULL; - UINT16 ivSize = 0; // size of iv area, including the size field - BYTE *sensitiveData; // pointer to the sensitive data - TPM2B_DIGEST integrity; - UINT16 integritySize; - BYTE *buffer; // Auxiliary buffer pointer -// - // Compute the beginning of sensitive data. The outer integrity should - // always exist if this function is called to make an outer wrap - integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); - sensitiveData = outerBuffer + integritySize; - - // If iv is used, adjust the pointer of sensitive data and add iv before it - if(useIV) - { - ivSize = GetIV2BSize(protector); - - // Generate IV from RNG. The iv data size should be the total IV area - // size minus the size of size field - ivRNG.t.size = ivSize - sizeof(UINT16); - CryptRandomGenerate(ivRNG.t.size, ivRNG.t.buffer); - - // Marshal IV to buffer - buffer = sensitiveData; - TPM2B_IV_Marshal(&ivRNG, &buffer, NULL); - - // adjust sensitive data starting after IV area - sensitiveData += ivSize; - - // Use iv for encryption - iv = &ivRNG; - } - // Compute symmetric key parameters for outer buffer encryption - ComputeProtectionKeyParms(protector, hashAlg, name, seed, - &symAlg, &keyBits, &symKey); - // Encrypt inner buffer in place - CryptSymmetricEncrypt(sensitiveData, symAlg, keyBits, - symKey.t.buffer, iv, TPM_ALG_CFB, dataSize, - sensitiveData); - // Compute outer integrity. Integrity computation includes the optional IV - // area - ComputeOuterIntegrity(name, protector, hashAlg, seed, dataSize + ivSize, - outerBuffer + integritySize, &integrity); - // Add integrity at the beginning of outer buffer - buffer = outerBuffer; - TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); - - // return the total size in outer wrap - return dataSize + integritySize + ivSize; -} - -//*** UnwrapOuter() -// This function remove the outer wrap of a blob containing sensitive data -// This function performs: -// 1. check integrity of outer blob -// 2. decrypt outer blob -// -// Return Type: TPM_RC -// TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling -// TPM_RCS_INTEGRITY sensitive data integrity is broken -// TPM_RCS_SIZE error during sensitive data unmarshaling -// TPM_RCS_VALUE IV size for CFB does not match the encryption -// algorithm block size -TPM_RC -UnwrapOuter( - OBJECT *protector, // IN: The object that provides - // protection. For object, it is parent - // handle. For credential, it is the - // encrypt object. - TPM2B *name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B *seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL. - BOOL useIV, // IN: indicates if an IV is used - UINT16 dataSize, // IN: size of sensitive data in outerBuffer, - // including the leading integrity buffer - // size, and an optional iv area - BYTE *outerBuffer // IN/OUT: sensitive data - ) -{ - TPM_RC result; - TPM_ALG_ID symAlg = TPM_ALG_NULL; - TPM2B_SYM_KEY symKey; - UINT16 keyBits = 0; - TPM2B_IV ivIn; // input IV retrieved from input buffer - TPM2B_IV *iv = NULL; - BYTE *sensitiveData; // pointer to the sensitive data - TPM2B_DIGEST integrityToCompare; - TPM2B_DIGEST integrity; - INT32 size; -// - // Unmarshal integrity - sensitiveData = outerBuffer; - size = (INT32)dataSize; - result = TPM2B_DIGEST_Unmarshal(&integrity, &sensitiveData, &size); - if(result == TPM_RC_SUCCESS) - { - // Compute integrity to compare - ComputeOuterIntegrity(name, protector, hashAlg, seed, - (UINT16)size, sensitiveData, - &integrityToCompare); - // Compare outer blob integrity - if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) - return TPM_RCS_INTEGRITY; - // Get the symmetric algorithm parameters used for encryption - ComputeProtectionKeyParms(protector, hashAlg, name, seed, - &symAlg, &keyBits, &symKey); - // Retrieve IV if it is used - if(useIV) - { - result = TPM2B_IV_Unmarshal(&ivIn, &sensitiveData, &size); - if(result == TPM_RC_SUCCESS) - { - // The input iv size for CFB must match the encryption algorithm - // block size - if(ivIn.t.size != CryptGetSymmetricBlockSize(symAlg, keyBits)) - result = TPM_RC_VALUE; - else - iv = &ivIn; - } - } - } - // If no errors, decrypt private in place. Since this function uses CFB, - // CryptSymmetricDecrypt() will not return any errors. It may fail but it will - // not return an error. - if(result == TPM_RC_SUCCESS) - CryptSymmetricDecrypt(sensitiveData, symAlg, keyBits, - symKey.t.buffer, iv, TPM_ALG_CFB, - (UINT16)size, sensitiveData); - return result; -} - -//*** MarshalSensitive() -// This function is used to marshal a sensitive area. Among other things, it -// adjusts the size of the authValue to be no smaller than the digest of -// 'nameAlg'. It will also make sure that the RSA sensitive contains the right number -// of values. -// Returns the size of the marshaled area. -static UINT16 -MarshalSensitive( - OBJECT *parent, // IN: the object parent (optional) - BYTE *buffer, // OUT: receiving buffer - TPMT_SENSITIVE *sensitive, // IN: the sensitive area to marshal - TPMI_ALG_HASH nameAlg // IN: - ) -{ - BYTE *sizeField = buffer; // saved so that size can be - // marshaled after it is known - UINT16 retVal; -// - // Pad the authValue if needed - MemoryPad2B(&sensitive->authValue.b, CryptHashGetDigestSize(nameAlg)); - buffer += 2; - - // Marshal the structure -#if ALG_RSA - // If the sensitive size is the special case for a prime in the type - if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) > 0) - { - UINT16 sizeSave = sensitive->sensitive.rsa.t.size; - // - // Turn off the flag that indicates that the sensitive->sensitive contains - // the CRT form of the exponent. - sensitive->sensitive.rsa.t.size &= ~(RSA_prime_flag); - // If the parent isn't fixedTPM, then truncate the sensitive data to be - // the size of the prime. Otherwise, leave it at the current size which - // is the full CRT size. - if(parent == NULL - || !IS_ATTRIBUTE(parent->publicArea.objectAttributes, - TPMA_OBJECT, fixedTPM)) - sensitive->sensitive.rsa.t.size /= 5; - retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); - // Restore the flag and the size. - sensitive->sensitive.rsa.t.size = sizeSave; - } - else -#endif - retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); - - // Marshal the size - retVal = (UINT16)(retVal + UINT16_Marshal(&retVal, &sizeField, NULL)); - - return retVal; -} - -//*** SensitiveToPrivate() -// This function prepare the private blob for off the chip storage -// The operations in this function: -// 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE -// 2. apply encryption to the sensitive area. -// 3. apply outer integrity computation. -void -SensitiveToPrivate( - TPMT_SENSITIVE *sensitive, // IN: sensitive structure - TPM2B_NAME *name, // IN: the name of the object - OBJECT *parent, // IN: The parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This - // parameter is used when parentHandle is - // NULL, in which case the object is - // temporary. - TPM2B_PRIVATE *outPrivate // OUT: output private structure - ) -{ - BYTE *sensitiveData; // pointer to the sensitive data - UINT16 dataSize; // data blob size - TPMI_ALG_HASH hashAlg; // hash algorithm for integrity - UINT16 integritySize; - UINT16 ivSize; -// - pAssert(name != NULL && name->t.size != 0); - - // Find the hash algorithm for integrity computation - if(parent == NULL) - { - // For Temporary Object, using self name algorithm - hashAlg = nameAlg; - } - else - { - // Otherwise, using parent's name algorithm - hashAlg = parent->publicArea.nameAlg; - } - // Starting of sensitive data without wrappers - sensitiveData = outPrivate->t.buffer; - - // Compute the integrity size - integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); - - // Reserve space for integrity - sensitiveData += integritySize; - - // Get iv size - ivSize = GetIV2BSize(parent); - - // Reserve space for iv - sensitiveData += ivSize; - - // Marshal the sensitive area including authValue size adjustments. - dataSize = MarshalSensitive(parent, sensitiveData, sensitive, nameAlg); - - //Produce outer wrap, including encryption and HMAC - outPrivate->t.size = ProduceOuterWrap(parent, &name->b, hashAlg, NULL, - TRUE, dataSize, outPrivate->t.buffer); - return; -} - -//*** PrivateToSensitive() -// Unwrap a input private area. Check the integrity, decrypt and retrieve data -// to a sensitive structure. -// The operations in this function: -// 1. check the integrity HMAC of the input private area -// 2. decrypt the private buffer -// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE -// Return Type: TPM_RC -// TPM_RCS_INTEGRITY if the private area integrity is bad -// TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT -// from input private -// TPM_RCS_SIZE error during sensitive data unmarshaling -// TPM_RCS_VALUE outer wrapper does not have an iV of the correct -// size -TPM_RC -PrivateToSensitive( - TPM2B *inPrivate, // IN: input private structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is - // passed separately because we only pass - // name, rather than the whole public area - // of the object. This parameter is used in - // the following two cases: 1. primary - // objects. 2. duplication blob with inner - // wrap. In other cases, this parameter - // will be ignored - TPMT_SENSITIVE *sensitive // OUT: sensitive structure - ) -{ - TPM_RC result; - BYTE *buffer; - INT32 size; - BYTE *sensitiveData; // pointer to the sensitive data - UINT16 dataSize; - UINT16 dataSizeInput; - TPMI_ALG_HASH hashAlg; // hash algorithm for integrity - UINT16 integritySize; - UINT16 ivSize; -// - // Make sure that name is provided - pAssert(name != NULL && name->size != 0); - - // Find the hash algorithm for integrity computation - // For Temporary Object (parent == NULL) use self name algorithm; - // Otherwise, using parent's name algorithm - hashAlg = (parent == NULL) ? nameAlg : parent->publicArea.nameAlg; - - // unwrap outer - result = UnwrapOuter(parent, name, hashAlg, NULL, TRUE, - inPrivate->size, inPrivate->buffer); - if(result != TPM_RC_SUCCESS) - return result; - // Compute the inner integrity size. - integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); - - // Get iv size - ivSize = GetIV2BSize(parent); - - // The starting of sensitive data and data size without outer wrapper - sensitiveData = inPrivate->buffer + integritySize + ivSize; - dataSize = inPrivate->size - integritySize - ivSize; - - // Unmarshal input data size - buffer = sensitiveData; - size = (INT32)dataSize; - result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - if((dataSizeInput + sizeof(UINT16)) != dataSize) - result = TPM_RC_SENSITIVE; - else - { - // Unmarshal sensitive buffer to sensitive structure - result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); - if(result != TPM_RC_SUCCESS || size != 0) - { - result = TPM_RC_SENSITIVE; - } - } - } - return result; -} - -//*** SensitiveToDuplicate() -// This function prepare the duplication blob from the sensitive area. -// The operations in this function: -// 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE -// 2. apply inner wrap to the sensitive area if required -// 3. apply outer wrap if required -void -SensitiveToDuplicate( - TPMT_SENSITIVE *sensitive, // IN: sensitive structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: The new parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It - // is passed separately because we - // only pass name, rather than the - // whole public area of the object. - TPM2B *seed, // IN: the external seed. If external - // seed is provided with size of 0, - // no outer wrap should be applied - // to duplication blob. - TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap should be applied. - TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be - // provided to encrypt the inner - // wrap of a duplication blob. May - // be generated here if needed. - TPM2B_PRIVATE *outPrivate // OUT: output private structure - ) -{ - BYTE *sensitiveData; // pointer to the sensitive data - TPMI_ALG_HASH outerHash = TPM_ALG_NULL;// The hash algorithm for outer wrap - TPMI_ALG_HASH innerHash = TPM_ALG_NULL;// The hash algorithm for inner wrap - UINT16 dataSize; // data blob size - BOOL doInnerWrap = FALSE; - BOOL doOuterWrap = FALSE; -// - // Make sure that name is provided - pAssert(name != NULL && name->size != 0); - - // Make sure symDef and innerSymKey are not NULL - pAssert(symDef != NULL && innerSymKey != NULL); - - // Starting of sensitive data without wrappers - sensitiveData = outPrivate->t.buffer; - - // Find out if inner wrap is required - if(symDef->algorithm != TPM_ALG_NULL) - { - doInnerWrap = TRUE; - - // Use self nameAlg as inner hash algorithm - innerHash = nameAlg; - - // Adjust sensitive data pointer - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(innerHash); - } - // Find out if outer wrap is required - if(seed->size != 0) - { - doOuterWrap = TRUE; - - // Use parent nameAlg as outer hash algorithm - outerHash = parent->publicArea.nameAlg; - - // Adjust sensitive data pointer - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - } - // Marshal sensitive area - dataSize = MarshalSensitive(NULL, sensitiveData, sensitive, nameAlg); - - // Apply inner wrap for duplication blob. It includes both integrity and - // encryption - if(doInnerWrap) - { - BYTE *innerBuffer = NULL; - BOOL symKeyInput = TRUE; - innerBuffer = outPrivate->t.buffer; - // Skip outer integrity space - if(doOuterWrap) - innerBuffer += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize = ProduceInnerIntegrity(name, innerHash, dataSize, - innerBuffer); - // Generate inner encryption key if needed - if(innerSymKey->t.size == 0) - { - innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; - CryptRandomGenerate(innerSymKey->t.size, innerSymKey->t.buffer); - - // TPM generates symmetric encryption. Set the flag to FALSE - symKeyInput = FALSE; - } - else - { - // assume the input key size should matches the symmetric definition - pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); - } - - // Encrypt inner buffer in place - CryptSymmetricEncrypt(innerBuffer, symDef->algorithm, - symDef->keyBits.sym, innerSymKey->t.buffer, NULL, - TPM_ALG_CFB, dataSize, innerBuffer); - - // If the symmetric encryption key is imported, clear the buffer for - // output - if(symKeyInput) - innerSymKey->t.size = 0; - } - // Apply outer wrap for duplication blob. It includes both integrity and - // encryption - if(doOuterWrap) - { - dataSize = ProduceOuterWrap(parent, name, outerHash, seed, FALSE, - dataSize, outPrivate->t.buffer); - } - // Data size for output - outPrivate->t.size = dataSize; - - return; -} - -//*** DuplicateToSensitive() -// Unwrap a duplication blob. Check the integrity, decrypt and retrieve data -// to a sensitive structure. -// The operations in this function: -// 1. check the integrity HMAC of the input private area -// 2. decrypt the private buffer -// 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE -// -// Return Type: TPM_RC -// TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed -// TPM_RC_INTEGRITY 'inPrivate' data integrity is broken -// TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed -TPM_RC -DuplicateToSensitive( - TPM2B *inPrivate, // IN: input private structure - TPM2B *name, // IN: the name of the object - OBJECT *parent, // IN: the parent - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. - TPM2B *seed, // IN: an external seed may be provided. - // If external seed is provided with - // size of 0, no outer wrap is - // applied - TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap is applied - TPM2B *innerSymKey, // IN: a symmetric key may be provided - // to decrypt the inner wrap of a - // duplication blob. - TPMT_SENSITIVE *sensitive // OUT: sensitive structure - ) -{ - TPM_RC result; - BYTE *buffer; - INT32 size; - BYTE *sensitiveData; // pointer to the sensitive data - UINT16 dataSize; - UINT16 dataSizeInput; -// - // Make sure that name is provided - pAssert(name != NULL && name->size != 0); - - // Make sure symDef and innerSymKey are not NULL - pAssert(symDef != NULL && innerSymKey != NULL); - - // Starting of sensitive data - sensitiveData = inPrivate->buffer; - dataSize = inPrivate->size; - - // Find out if outer wrap is applied - if(seed->size != 0) - { - // Use parent nameAlg as outer hash algorithm - TPMI_ALG_HASH outerHash = parent->publicArea.nameAlg; - - result = UnwrapOuter(parent, name, outerHash, seed, FALSE, - dataSize, sensitiveData); - if(result != TPM_RC_SUCCESS) - return result; - // Adjust sensitive data pointer and size - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - } - // Find out if inner wrap is applied - if(symDef->algorithm != TPM_ALG_NULL) - { - // assume the input key size matches the symmetric definition - pAssert(innerSymKey->size == (symDef->keyBits.sym + 7) / 8); - - // Decrypt inner buffer in place - CryptSymmetricDecrypt(sensitiveData, symDef->algorithm, - symDef->keyBits.sym, innerSymKey->buffer, NULL, - TPM_ALG_CFB, dataSize, sensitiveData); - // Check inner integrity - result = CheckInnerIntegrity(name, nameAlg, dataSize, sensitiveData); - if(result != TPM_RC_SUCCESS) - return result; - // Adjust sensitive data pointer and size - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); - dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); - } - // Unmarshal input data size - buffer = sensitiveData; - size = (INT32)dataSize; - result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - if((dataSizeInput + sizeof(UINT16)) != dataSize) - result = TPM_RC_SIZE; - else - { - // Unmarshal sensitive buffer to sensitive structure - result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); - - // if the results is OK make sure that all the data was unmarshaled - if(result == TPM_RC_SUCCESS && size != 0) - result = TPM_RC_SIZE; - } - } - return result; -} - -//*** SecretToCredential() -// This function prepare the credential blob from a secret (a TPM2B_DIGEST) -// The operations in this function: -// 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT -// 2. encrypt the private buffer, excluding the leading integrity HMAC area -// 3. compute integrity HMAC and append to the beginning of the buffer. -// 4. Set the total size of TPM2B_ID_OBJECT buffer -void -SecretToCredential( - TPM2B_DIGEST *secret, // IN: secret information - TPM2B *name, // IN: the name of the object - TPM2B *seed, // IN: an external seed. - OBJECT *protector, // IN: the protector - TPM2B_ID_OBJECT *outIDObject // OUT: output credential - ) -{ - BYTE *buffer; // Auxiliary buffer pointer - BYTE *sensitiveData; // pointer to the sensitive data - TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap - UINT16 dataSize; // data blob size -// - pAssert(secret != NULL && outIDObject != NULL); - - // use protector's name algorithm as outer hash ???? - outerHash = protector->publicArea.nameAlg; - - // Marshal secret area to credential buffer, leave space for integrity - sensitiveData = outIDObject->t.credential - + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); -// Marshal secret area - buffer = sensitiveData; - dataSize = TPM2B_DIGEST_Marshal(secret, &buffer, NULL); - - // Apply outer wrap - outIDObject->t.size = ProduceOuterWrap(protector, name, outerHash, seed, FALSE, - dataSize, outIDObject->t.credential); - return; -} - -//*** CredentialToSecret() -// Unwrap a credential. Check the integrity, decrypt and retrieve data -// to a TPM2B_DIGEST structure. -// The operations in this function: -// 1. check the integrity HMAC of the input credential area -// 2. decrypt the credential buffer -// 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST -// -// Return Type: TPM_RC -// TPM_RC_INSUFFICIENT error during credential unmarshaling -// TPM_RC_INTEGRITY credential integrity is broken -// TPM_RC_SIZE error during credential unmarshaling -// TPM_RC_VALUE IV size does not match the encryption algorithm -// block size -TPM_RC -CredentialToSecret( - TPM2B *inIDObject, // IN: input credential blob - TPM2B *name, // IN: the name of the object - TPM2B *seed, // IN: an external seed. - OBJECT *protector, // IN: the protector - TPM2B_DIGEST *secret // OUT: secret information - ) -{ - TPM_RC result; - BYTE *buffer; - INT32 size; - TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap - BYTE *sensitiveData; // pointer to the sensitive data - UINT16 dataSize; -// - // use protector's name algorithm as outer hash - outerHash = protector->publicArea.nameAlg; - - // Unwrap outer, a TPM_RC_INTEGRITY error may be returned at this point - result = UnwrapOuter(protector, name, outerHash, seed, FALSE, - inIDObject->size, inIDObject->buffer); - if(result == TPM_RC_SUCCESS) - { - // Compute the beginning of sensitive data - sensitiveData = inIDObject->buffer - + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize = inIDObject->size - - (sizeof(UINT16) + CryptHashGetDigestSize(outerHash)); - // Unmarshal secret buffer to TPM2B_DIGEST structure - buffer = sensitiveData; - size = (INT32)dataSize; - result = TPM2B_DIGEST_Unmarshal(secret, &buffer, &size); - - // If there were no other unmarshaling errors, make sure that the - // expected amount of data was recovered - if(result == TPM_RC_SUCCESS && size != 0) - return TPM_RC_SIZE; - } - return result; -} - -//*** MemoryRemoveTrailingZeros() -// This function is used to adjust the length of an authorization value. -// It adjusts the size of the TPM2B so that it does not include octets -// at the end of the buffer that contain zero. -// The function returns the number of non-zero octets in the buffer. -UINT16 -MemoryRemoveTrailingZeros( - TPM2B_AUTH *auth // IN/OUT: value to adjust - ) -{ - while((auth->t.size > 0) && (auth->t.buffer[auth->t.size - 1] == 0)) - auth->t.size--; - return auth->t.size; -} - -//*** SetLabelAndContext() -// This function sets the label and context for a derived key. It is possible -// that 'label' or 'context' can end up being an Empty Buffer. -TPM_RC -SetLabelAndContext( - TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and - // context - TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data - ) -{ - TPMS_DERIVE sensitiveValue; - TPM_RC result; - INT32 size; - BYTE *buff; -// - // Unmarshal a TPMS_DERIVE from the TPM2B_SENSITIVE_DATA buffer - // If there is something to unmarshal... - if(sensitive->t.size != 0) - { - size = sensitive->t.size; - buff = sensitive->t.buffer; - result = TPMS_DERIVE_Unmarshal(&sensitiveValue, &buff, &size); - if(result != TPM_RC_SUCCESS) - return result; - // If there was a label in the public area leave it there, otherwise, copy - // the new value - if(labelContext->label.t.size == 0) - MemoryCopy2B(&labelContext->label.b, &sensitiveValue.label.b, - sizeof(labelContext->label.t.buffer)); - // if there was a context string in publicArea, it overrides - if(labelContext->context.t.size == 0) - MemoryCopy2B(&labelContext->context.b, &sensitiveValue.context.b, - sizeof(labelContext->label.t.buffer)); - } - return TPM_RC_SUCCESS; -} - -//*** UnmarshalToPublic() -// Support function to unmarshal the template. This is used because the -// Input may be a TPMT_TEMPLATE and that structure does not have the same -// size as a TPMT_PUBLIC because of the difference between the 'unique' and -// 'seed' fields. -// If 'derive' is not NULL, then the 'seed' field is assumed to contain -// a 'label' and 'context' that are unmarshaled into 'derive'. -TPM_RC -UnmarshalToPublic( - TPMT_PUBLIC *tOut, // OUT: output - TPM2B_TEMPLATE *tIn, // IN: - BOOL derivation, // IN: indicates if this is for a derivation - TPMS_DERIVE *labelContext// OUT: label and context if derivation - ) -{ - BYTE *buffer = tIn->t.buffer; - INT32 size = tIn->t.size; - TPM_RC result; -// - // make sure that tOut is zeroed so that there are no remnants from previous - // uses - MemorySet(tOut, 0, sizeof(TPMT_PUBLIC)); - // Unmarshal the components of the TPMT_PUBLIC up to the unique field - result = TPMI_ALG_PUBLIC_Unmarshal(&tOut->type, &buffer, &size); - if(result != TPM_RC_SUCCESS) - return result; - result = TPMI_ALG_HASH_Unmarshal(&tOut->nameAlg, &buffer, &size, FALSE); - if(result != TPM_RC_SUCCESS) - return result; - result = TPMA_OBJECT_Unmarshal(&tOut->objectAttributes, &buffer, &size); - if(result != TPM_RC_SUCCESS) - return result; - result = TPM2B_DIGEST_Unmarshal(&tOut->authPolicy, &buffer, &size); - if(result != TPM_RC_SUCCESS) - return result; - result = TPMU_PUBLIC_PARMS_Unmarshal(&tOut->parameters, &buffer, &size, - tOut->type); - if(result != TPM_RC_SUCCESS) - return result; - // Now unmarshal a TPMS_DERIVE if this is for derivation - if(derivation) - result = TPMS_DERIVE_Unmarshal(labelContext, &buffer, &size); - else - // otherwise, unmarshal a TPMU_PUBLIC_ID - result = TPMU_PUBLIC_ID_Unmarshal(&tOut->unique, &buffer, &size, - tOut->type); - // Make sure the template was used up - if((result == TPM_RC_SUCCESS) && (size != 0)) - result = TPM_RC_SIZE; - return result; -} - - -//*** ObjectSetExternal() -// Set the external attributes for an object. -void -ObjectSetExternal( - OBJECT *object - ) -{ - object->attributes.external = SET; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c deleted file mode 100644 index a8e9ea27e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c +++ /dev/null @@ -1,67 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "ReadPublic_fp.h" - -#if CC_ReadPublic // Conditional expansion of this file - -/*(See part 3 specification) -// read public area of a loaded object -*/ -// Return Type: TPM_RC -// TPM_RC_SEQUENCE can not read the public area of a sequence -// object -TPM_RC -TPM2_ReadPublic( - ReadPublic_In *in, // IN: input parameter list - ReadPublic_Out *out // OUT: output parameter list - ) -{ - OBJECT *object = HandleToObject(in->objectHandle); - -// Input Validation - // Can not read public area of a sequence object - if(ObjectIsSequence(object)) - return TPM_RC_SEQUENCE; - -// Command Output - out->outPublic.publicArea = object->publicArea; - out->name = object->name; - out->qualifiedName = object->qualifiedName; - - return TPM_RC_SUCCESS; -} - -#endif // CC_ReadPublic \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c deleted file mode 100644 index f7a9d6edf..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Unseal_fp.h" - -#if CC_Unseal // Conditional expansion of this file - -/*(See part 3 specification) -// return data in a sealed data blob -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'itemHandle' has wrong attributes -// TPM_RC_TYPE 'itemHandle' is not a KEYEDHASH data object -TPM_RC -TPM2_Unseal( - Unseal_In *in, - Unseal_Out *out - ) -{ - OBJECT *object; -// Input Validation - // Get pointer to loaded object - object = HandleToObject(in->itemHandle); - - // Input handle must be a data object - if(object->publicArea.type != TPM_ALG_KEYEDHASH) - return TPM_RCS_TYPE + RC_Unseal_itemHandle; - if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) - || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) - || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_Unseal_itemHandle; -// Command Output - // Copy data - out->outData = object->sensitive.sensitive.bits; - return TPM_RC_SUCCESS; -} - -#endif // CC_Unseal \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c deleted file mode 100644 index e9cfacb7f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c +++ /dev/null @@ -1,83 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Allocate_fp.h" - -#if CC_PCR_Allocate // Conditional expansion of this file - -/*(See part 3 specification) -// Allocate PCR banks -*/ -// Return Type: TPM_RC -// TPM_RC_PCR the allocation did not have required PCR -// TPM_RC_NV_UNAVAILABLE NV is not accessible -// TPM_RC_NV_RATE NV is in a rate-limiting mode -TPM_RC -TPM2_PCR_Allocate( - PCR_Allocate_In *in, // IN: input parameter list - PCR_Allocate_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point. - // Note: These codes are not listed in the return values above because it is - // an implementation choice to check in this routine rather than in a common - // function that is called before these actions are called. These return values - // are described in the Response Code section of Part 3. - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Command Output - - // Call PCR Allocation function. - result = PCRAllocate(&in->pcrAllocation, &out->maxPCR, - &out->sizeNeeded, &out->sizeAvailable); - if(result == TPM_RC_PCR) - return result; - - // - out->allocationSuccess = (result == TPM_RC_SUCCESS); - - // if re-configuration succeeds, set the flag to indicate PCR configuration is - // going to be changed in next boot - if(out->allocationSuccess == YES) - g_pcrReConfig = TRUE; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Allocate \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c deleted file mode 100644 index 0cf39aa3a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Event_fp.h" - -#if CC_PCR_Event // Conditional expansion of this file - -/*(See part 3 specification) -// Update PCR -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY current command locality is not allowed to -// extend the PCR referenced by 'pcrHandle' -TPM_RC -TPM2_PCR_Event( - PCR_Event_In *in, // IN: input parameter list - PCR_Event_Out *out // OUT: output parameter list - ) -{ - HASH_STATE hashState; - UINT32 i; - UINT16 size; - -// Input Validation - - // If a PCR extend is required - if(in->pcrHandle != TPM_RH_NULL) - { - // If the PCR is not allow to extend, return error - if(!PCRIsExtendAllowed(in->pcrHandle)) - return TPM_RC_LOCALITY; - - // If PCR is state saved and we need to update orderlyState, check NV - // availability - if(PCRIsStateSaved(in->pcrHandle)) - RETURN_IF_ORDERLY; - } - -// Internal Data Update - - out->digests.count = HASH_COUNT; - - // Iterate supported PCR bank algorithms to extend - for(i = 0; i < HASH_COUNT; i++) - { - TPM_ALG_ID hash = CryptHashGetAlgByIndex(i); - out->digests.digests[i].hashAlg = hash; - size = CryptHashStart(&hashState, hash); - CryptDigestUpdate2B(&hashState, &in->eventData.b); - CryptHashEnd(&hashState, size, - (BYTE *)&out->digests.digests[i].digest); - if(in->pcrHandle != TPM_RH_NULL) - PCRExtend(in->pcrHandle, hash, size, - (BYTE *)&out->digests.digests[i].digest); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Event \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c deleted file mode 100644 index d789e7408..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c +++ /dev/null @@ -1,89 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Extend_fp.h" - -#if CC_PCR_Extend // Conditional expansion of this file - -/*(See part 3 specification) -// Update PCR -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY current command locality is not allowed to -// extend the PCR referenced by 'pcrHandle' -TPM_RC -TPM2_PCR_Extend( - PCR_Extend_In *in // IN: input parameter list - ) -{ - UINT32 i; - -// Input Validation - - // NOTE: This function assumes that the unmarshaling function for 'digests' will - // have validated that all of the indicated hash algorithms are valid. If the - // hash algorithms are correct, the unmarshaling code will unmarshal a digest - // of the size indicated by the hash algorithm. If the overall size is not - // consistent, the unmarshaling code will run out of input data or have input - // data left over. In either case, it will cause an unmarshaling error and this - // function will not be called. - - // For NULL handle, do nothing and return success - if(in->pcrHandle == TPM_RH_NULL) - return TPM_RC_SUCCESS; - - // Check if the extend operation is allowed by the current command locality - if(!PCRIsExtendAllowed(in->pcrHandle)) - return TPM_RC_LOCALITY; - - // If PCR is state saved and we need to update orderlyState, check NV - // availability - if(PCRIsStateSaved(in->pcrHandle)) - RETURN_IF_ORDERLY; - -// Internal Data Update - - // Iterate input digest list to extend - for(i = 0; i < in->digests.count; i++) - { - PCRExtend(in->pcrHandle, in->digests.digests[i].hashAlg, - CryptHashGetDigestSize(in->digests.digests[i].hashAlg), - (BYTE *)&in->digests.digests[i].digest); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Extend \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c deleted file mode 100644 index f4dd6bf71..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Read_fp.h" - -#if CC_PCR_Read // Conditional expansion of this file - -/*(See part 3 specification) -// Read a set of PCR -*/ -TPM_RC -TPM2_PCR_Read( - PCR_Read_In *in, // IN: input parameter list - PCR_Read_Out *out // OUT: output parameter list - ) -{ -// Command Output - - // Call PCR read function. input pcrSelectionIn parameter could be changed - // to reflect the actual PCR being returned - PCRRead(&in->pcrSelectionIn, &out->pcrValues, &out->pcrUpdateCounter); - - out->pcrSelectionOut = in->pcrSelectionIn; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Read \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c deleted file mode 100644 index de2daab58..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c +++ /dev/null @@ -1,74 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_Reset_fp.h" - -#if CC_PCR_Reset // Conditional expansion of this file - -/*(See part 3 specification) -// Reset PCR -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY current command locality is not allowed to -// reset the PCR referenced by 'pcrHandle' -TPM_RC -TPM2_PCR_Reset( - PCR_Reset_In *in // IN: input parameter list - ) -{ -// Input Validation - - // Check if the reset operation is allowed by the current command locality - if(!PCRIsResetAllowed(in->pcrHandle)) - return TPM_RC_LOCALITY; - - // If PCR is state saved and we need to update orderlyState, check NV - // availability - if(PCRIsStateSaved(in->pcrHandle)) - RETURN_IF_ORDERLY; - -// Internal Data Update - - // Reset selected PCR in all banks to 0 - PCRSetValue(in->pcrHandle, 0); - - // Indicate that the PCR changed so that pcrCounter will be incremented if - // necessary. - PCRChanged(in->pcrHandle); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_Reset \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c deleted file mode 100644 index b749de4be..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c +++ /dev/null @@ -1,82 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_SetAuthPolicy_fp.h" - -#if CC_PCR_SetAuthPolicy // Conditional expansion of this file - -/*(See part 3 specification) -// Set authPolicy to a group of PCR -*/ -// Return Type: TPM_RC -// TPM_RC_SIZE size of 'authPolicy' is not the size of a digest -// produced by 'policyDigest' -// TPM_RC_VALUE PCR referenced by 'pcrNum' is not a member -// of a PCR policy group -TPM_RC -TPM2_PCR_SetAuthPolicy( - PCR_SetAuthPolicy_In *in // IN: input parameter list - ) -{ - UINT32 groupIndex; - - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Input Validation: - - // Check the authPolicy consistent with hash algorithm - if(in->authPolicy.t.size != CryptHashGetDigestSize(in->hashAlg)) - return TPM_RCS_SIZE + RC_PCR_SetAuthPolicy_authPolicy; - - // If PCR does not belong to a policy group, return TPM_RC_VALUE - if(!PCRBelongsPolicyGroup(in->pcrNum, &groupIndex)) - return TPM_RCS_VALUE + RC_PCR_SetAuthPolicy_pcrNum; - -// Internal Data Update - - // Set PCR policy - gp.pcrPolicies.hashAlg[groupIndex] = in->hashAlg; - gp.pcrPolicies.policy[groupIndex] = in->authPolicy; - - // Save new policy to NV - NV_SYNC_PERSISTENT(pcrPolicies); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_SetAuthPolicy \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c deleted file mode 100644 index cee6d156a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c +++ /dev/null @@ -1,73 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PCR_SetAuthValue_fp.h" - -#if CC_PCR_SetAuthValue // Conditional expansion of this file - -/*(See part 3 specification) -// Set authValue to a group of PCR -*/ -// Return Type: TPM_RC -// TPM_RC_VALUE PCR referenced by 'pcrHandle' is not a member -// of a PCR authorization group -TPM_RC -TPM2_PCR_SetAuthValue( - PCR_SetAuthValue_In *in // IN: input parameter list - ) -{ - UINT32 groupIndex; -// Input Validation: - - // If PCR does not belong to an auth group, return TPM_RC_VALUE - if(!PCRBelongsAuthGroup(in->pcrHandle, &groupIndex)) - return TPM_RC_VALUE; - - // The command may cause the orderlyState to be cleared due to the update of - // state clear data. If this is the case, Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_ORDERLY; - -// Internal Data Update - - // Set PCR authValue - MemoryRemoveTrailingZeros(&in->auth); - gc.pcrAuthValues.auth[groupIndex] = in->auth; - - return TPM_RC_SUCCESS; -} - -#endif // CC_PCR_SetAuthValue \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c deleted file mode 100644 index 9e69818ee..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c +++ /dev/null @@ -1,63 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "GetRandom_fp.h" - -#if CC_GetRandom // Conditional expansion of this file - -/*(See part 3 specification) -// random number generator -*/ -TPM_RC -TPM2_GetRandom( - GetRandom_In *in, // IN: input parameter list - GetRandom_Out *out // OUT: output parameter list - ) -{ -// Command Output - - // if the requested bytes exceed the output buffer size, generates the - // maximum bytes that the output buffer allows - if(in->bytesRequested > sizeof(TPMU_HA)) - out->randomBytes.t.size = sizeof(TPMU_HA); - else - out->randomBytes.t.size = in->bytesRequested; - - CryptRandomGenerate(out->randomBytes.t.size, out->randomBytes.t.buffer); - - return TPM_RC_SUCCESS; -} - -#endif // CC_GetRandom \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c deleted file mode 100644 index befa55b32..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c +++ /dev/null @@ -1,54 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "StirRandom_fp.h" - -#if CC_StirRandom // Conditional expansion of this file - -/*(See part 3 specification) -// add entropy to the RNG state -*/ -TPM_RC -TPM2_StirRandom( - StirRandom_In *in // IN: input parameter list - ) -{ -// Internal Data Update - CryptRandomStir(in->inData.t.size, in->inData.t.buffer); - - return TPM_RC_SUCCESS; -} - -#endif // CC_StirRandom \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c deleted file mode 100644 index f4af4458c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c +++ /dev/null @@ -1,54 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "PolicyRestart_fp.h" - -#if CC_PolicyRestart // Conditional expansion of this file - -/*(See part 3 specification) -// Restore a policy session to its initial state -*/ -TPM_RC -TPM2_PolicyRestart( - PolicyRestart_In *in // IN: input parameter list - ) -{ - // Initialize policy session data - SessionResetPolicyData(SessionGet(in->sessionHandle)); - - return TPM_RC_SUCCESS; -} - -#endif // CC_PolicyRestart \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c deleted file mode 100644 index 56eca7fe0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c +++ /dev/null @@ -1,165 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "StartAuthSession_fp.h" - -#if CC_StartAuthSession // Conditional expansion of this file - -/*(See part 3 specification) -// Start an authorization session -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'tpmKey' does not reference a decrypt key -// TPM_RC_CONTEXT_GAP the difference between the most recently created -// active context and the oldest active context is at -// the limits of the TPM -// TPM_RC_HANDLE input decrypt key handle only has public portion -// loaded -// TPM_RC_MODE 'symmetric' specifies a block cipher but the mode -// is not TPM_ALG_CFB. -// TPM_RC_SESSION_HANDLES no session handle is available -// TPM_RC_SESSION_MEMORY no more slots for loading a session -// TPM_RC_SIZE nonce less than 16 octets or greater than the size -// of the digest produced by 'authHash' -// TPM_RC_VALUE secret size does not match decrypt key type; or the -// recovered secret is larger than the digest size of -// the nameAlg of 'tpmKey'; or, for an RSA decrypt key, -// if 'encryptedSecret' is greater than the -// public modulus of 'tpmKey'. -TPM_RC -TPM2_StartAuthSession( - StartAuthSession_In *in, // IN: input parameter buffer - StartAuthSession_Out *out // OUT: output parameter buffer - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - OBJECT *tpmKey; // TPM key for decrypt salt - TPM2B_DATA salt; - -// Input Validation - - // Check input nonce size. IT should be at least 16 bytes but not larger - // than the digest size of session hash. - if(in->nonceCaller.t.size < 16 - || in->nonceCaller.t.size > CryptHashGetDigestSize(in->authHash)) - return TPM_RCS_SIZE + RC_StartAuthSession_nonceCaller; - - // If an decrypt key is passed in, check its validation - if(in->tpmKey != TPM_RH_NULL) - { - // Get pointer to loaded decrypt key - tpmKey = HandleToObject(in->tpmKey); - - // key must be asymmetric with its sensitive area loaded. Since this - // command does not require authorization, the presence of the sensitive - // area was not already checked as it is with most other commands that - // use the sensitive are so check it here - if(!CryptIsAsymAlgorithm(tpmKey->publicArea.type)) - return TPM_RCS_KEY + RC_StartAuthSession_tpmKey; - // secret size cannot be 0 - if(in->encryptedSalt.t.size == 0) - return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; - // Decrypting salt requires accessing the private portion of a key. - // Therefore, tmpKey can not be a key with only public portion loaded - if(tpmKey->attributes.publicOnly) - return TPM_RCS_HANDLE + RC_StartAuthSession_tpmKey; - // HMAC session input handle check. - // tpmKey should be a decryption key - if(!IS_ATTRIBUTE(tpmKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RCS_ATTRIBUTES + RC_StartAuthSession_tpmKey; - // Secret Decryption. A TPM_RC_VALUE, TPM_RC_KEY or Unmarshal errors - // may be returned at this point - result = CryptSecretDecrypt(tpmKey, &in->nonceCaller, SECRET_KEY, - &in->encryptedSalt, &salt); - if(result != TPM_RC_SUCCESS) - return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; - } - else - { - // secret size must be 0 - if(in->encryptedSalt.t.size != 0) - return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; - salt.t.size = 0; - } - switch(HandleGetType(in->bind)) - { - case TPM_HT_TRANSIENT: - { - OBJECT *object = HandleToObject(in->bind); - // If the bind handle references a transient object, make sure that we - // can get to the authorization value. Also, make sure that the object - // has a proper Name (nameAlg != TPM_ALG_NULL). If it doesn't, then - // it might be possible to bind to an object where the authValue is - // known. This does not create a real issue in that, if you know the - // authorization value, you can actually bind to the object. However, - // there is a potential - if(object->attributes.publicOnly == SET) - return TPM_RCS_HANDLE + RC_StartAuthSession_bind; - break; - } - case TPM_HT_NV_INDEX: - // a PIN index can't be a bind object - { - NV_INDEX *nvIndex = NvGetIndexInfo(in->bind, NULL); - if(IsNvPinPassIndex(nvIndex->publicArea.attributes) - || IsNvPinFailIndex(nvIndex->publicArea.attributes)) - return TPM_RCS_HANDLE + RC_StartAuthSession_bind; - break; - } - default: - break; - } - // If 'symmetric' is a symmetric block cipher (not TPM_ALG_NULL or TPM_ALG_XOR) - // then the mode must be CFB. - if(in->symmetric.algorithm != TPM_ALG_NULL - && in->symmetric.algorithm != TPM_ALG_XOR - && in->symmetric.mode.sym != TPM_ALG_CFB) - return TPM_RCS_MODE + RC_StartAuthSession_symmetric; - -// Internal Data Update and command output - - // Create internal session structure. TPM_RC_CONTEXT_GAP, TPM_RC_NO_HANDLES - // or TPM_RC_SESSION_MEMORY errors may be returned at this point. - // - // The detailed actions for creating the session context are not shown here - // as the details are implementation dependent - // SessionCreate sets the output handle and nonceTPM - result = SessionCreate(in->sessionType, in->authHash, &in->nonceCaller, - &in->symmetric, in->bind, &salt, &out->sessionHandle, - &out->nonceTPM); - return result; -} - -#endif // CC_StartAuthSession \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c deleted file mode 100644 index 286ac853a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c +++ /dev/null @@ -1,112 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Sign_fp.h" - -#if CC_Sign // Conditional expansion of this file - -#include "Attest_spt_fp.h" - -/*(See part 3 specification) -// sign an externally provided hash using an asymmetric signing key -*/ -// Return Type: TPM_RC -// TPM_RC_BINDING The public and private portions of the key are not -// properly bound. -// TPM_RC_KEY 'signHandle' does not reference a signing key; -// TPM_RC_SCHEME the scheme is not compatible with sign key type, -// or input scheme is not compatible with default -// scheme, or the chosen scheme is not a valid -// sign scheme -// TPM_RC_TICKET 'validation' is not a valid ticket -// TPM_RC_VALUE the value to sign is larger than allowed for the -// type of 'keyHandle' - -TPM_RC -TPM2_Sign( - Sign_In *in, // IN: input parameter list - Sign_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - TPMT_TK_HASHCHECK ticket; - OBJECT *signObject = HandleToObject(in->keyHandle); -// -// Input Validation - if(!IsSigningObject(signObject)) - return TPM_RCS_KEY + RC_Sign_keyHandle; - - // A key that will be used for x.509 signatures can't be used in TPM2_Sign(). - if(IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, x509sign)) - return TPM_RCS_ATTRIBUTES + RC_Sign_keyHandle; - - // pick a scheme for sign. If the input sign scheme is not compatible with - // the default scheme, return an error. - if(!CryptSelectSignScheme(signObject, &in->inScheme)) - return TPM_RCS_SCHEME + RC_Sign_inScheme; - - // If validation is provided, or the key is restricted, check the ticket - if(in->validation.digest.t.size != 0 - || IS_ATTRIBUTE(signObject->publicArea.objectAttributes, - TPMA_OBJECT, restricted)) - { - // Compute and compare ticket - TicketComputeHashCheck(in->validation.hierarchy, - in->inScheme.details.any.hashAlg, - &in->digest, &ticket); - - if(!MemoryEqual2B(&in->validation.digest.b, &ticket.digest.b)) - return TPM_RCS_TICKET + RC_Sign_validation; - } - else - // If we don't have a ticket, at least verify that the provided 'digest' - // is the size of the scheme hashAlg digest. - // NOTE: this does not guarantee that the 'digest' is actually produced using - // the indicated hash algorithm, but at least it might be. - { - if(in->digest.t.size - != CryptHashGetDigestSize(in->inScheme.details.any.hashAlg)) - return TPM_RCS_SIZE + RC_Sign_digest; - } - -// Command Output - // Sign the hash. A TPM_RC_VALUE or TPM_RC_SCHEME - // error may be returned at this point - result = CryptSign(signObject, &in->inScheme, &in->digest, &out->signature); - - return result; -} - -#endif // CC_Sign \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c deleted file mode 100644 index 52e7d3013..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c +++ /dev/null @@ -1,93 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "VerifySignature_fp.h" - -#if CC_VerifySignature // Conditional expansion of this file - -/*(See part 3 specification) -// This command uses loaded key to validate an asymmetric signature on a message -// with the message digest passed to the TPM. -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a signing key -// TPM_RC_SIGNATURE signature is not genuine -// TPM_RC_SCHEME CryptValidateSignature() -// TPM_RC_HANDLE the input handle is references an HMAC key but -// the private portion is not loaded -TPM_RC -TPM2_VerifySignature( - VerifySignature_In *in, // IN: input parameter list - VerifySignature_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - OBJECT *signObject = HandleToObject(in->keyHandle); - TPMI_RH_HIERARCHY hierarchy; - -// Input Validation - // The object to validate the signature must be a signing key. - if(!IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_ATTRIBUTES + RC_VerifySignature_keyHandle; - - // Validate Signature. TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE - // error may be returned by CryptCVerifySignatrue() - result = CryptValidateSignature(in->keyHandle, &in->digest, &in->signature); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_VerifySignature_signature); - -// Command Output - - hierarchy = GetHeriarchy(in->keyHandle); - if(hierarchy == TPM_RH_NULL - || signObject->publicArea.nameAlg == TPM_ALG_NULL) - { - // produce empty ticket if hierarchy is TPM_RH_NULL or nameAlg is - // ALG_NULL - out->validation.tag = TPM_ST_VERIFIED; - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } - else - { - // Compute ticket - TicketComputeVerified(hierarchy, &in->digest, &signObject->name, - &out->validation); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_VerifySignature \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c deleted file mode 100644 index faa4b9e9e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c +++ /dev/null @@ -1,101 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Shutdown_fp.h" - -#if CC_Shutdown // Conditional expansion of this file - -/*(See part 3 specification) -// Shut down TPM for power off -*/ -// Return Type: TPM_RC -// TPM_RC_TYPE if PCR bank has been re-configured, a -// CLEAR StateSave is required -TPM_RC -TPM2_Shutdown( - Shutdown_In *in // IN: input parameter list - ) -{ - // The command needs NV update. Check if NV is available. - // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at - // this point - RETURN_IF_NV_IS_NOT_AVAILABLE; - -// Input Validation - - // If PCR bank has been reconfigured, a CLEAR state save is required - if(g_pcrReConfig && in->shutdownType == TPM_SU_STATE) - return TPM_RCS_TYPE + RC_Shutdown_shutdownType; - -// Internal Data Update - - gp.orderlyState = in->shutdownType; - - // PCR private date state save - PCRStateSave(in->shutdownType); - - // Save RAM backed NV index data - NvUpdateIndexOrderlyData(); - -#if ACCUMULATE_SELF_HEAL_TIMER - // Save the current time value - go.time = g_time; -#endif - - // Save all orderly data - NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); - - if(in->shutdownType == TPM_SU_STATE) - { - // Save STATE_RESET and STATE_CLEAR data - NvWrite(NV_STATE_CLEAR_DATA, sizeof(STATE_CLEAR_DATA), &gc); - NvWrite(NV_STATE_RESET_DATA, sizeof(STATE_RESET_DATA), &gr); - - // Save the startup flags for resume - if(g_DrtmPreStartup) - gp.orderlyState = TPM_SU_STATE | PRE_STARTUP_FLAG; - else if(g_StartupLocality3) - gp.orderlyState = TPM_SU_STATE | STARTUP_LOCALITY_3; - } - // only two shutdown options. - else if(in->shutdownType != TPM_SU_CLEAR) - return TPM_RCS_VALUE + RC_Shutdown_shutdownType; - - NV_SYNC_PERSISTENT(orderlyState); - - return TPM_RC_SUCCESS; -} - -#endif // CC_Shutdown \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c deleted file mode 100644 index 1039e95aa..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c +++ /dev/null @@ -1,244 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Startup_fp.h" - -#if CC_Startup // Conditional expansion of this file - -/*(See part 3 specification) -// Initialize TPM because a system-wide reset -*/ -// Return Type: TPM_RC -// TPM_RC_LOCALITY a Startup(STATE) does not have the same H-CRTM -// state as the previous Startup() or the locality -// of the startup is not 0 pr 3 -// TPM_RC_NV_UNINITIALIZED the saved state cannot be recovered and a -// Startup(CLEAR) is required. -// TPM_RC_VALUE start up type is not compatible with previous -// shutdown sequence - -TPM_RC -TPM2_Startup( - Startup_In *in // IN: input parameter list - ) -{ - STARTUP_TYPE startup; - BYTE locality = _plat__LocalityGet(); - BOOL OK = TRUE; -// - // The command needs NV update. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Get the flags for the current startup locality and the H-CRTM. - // Rather than generalizing the locality setting, this code takes advantage - // of the fact that the PC Client specification only allows Startup() - // from locality 0 and 3. To generalize this probably would require a - // redo of the NV space and since this is a feature that is hardly ever used - // outside of the PC Client, this code just support the PC Client needs. - -// Input Validation - // Check that the locality is a supported value - if(locality != 0 && locality != 3) - return TPM_RC_LOCALITY; - // If there was a H-CRTM, then treat the locality as being 3 - // regardless of what the Startup() was. This is done to preserve the - // H-CRTM PCR so that they don't get overwritten with the normal - // PCR startup initialization. This basically means that g_StartupLocality3 - // and g_DrtmPreStartup can't both be SET at the same time. - if(g_DrtmPreStartup) - locality = 0; - g_StartupLocality3 = (locality == 3); - -#if USE_DA_USED - // If there was no orderly shutdown, then their might have been a write to - // failedTries that didn't get recorded but only if g_daUsed was SET in the - // shutdown state - g_daUsed = (gp.orderlyState == SU_DA_USED_VALUE); - if(g_daUsed) - gp.orderlyState = SU_NONE_VALUE; -#endif - - g_prevOrderlyState = gp.orderlyState; - - // If there was a proper shutdown, then the startup modifiers are in the - // orderlyState. Turn them off in the copy. - if(IS_ORDERLY(g_prevOrderlyState)) - g_prevOrderlyState &= ~(PRE_STARTUP_FLAG | STARTUP_LOCALITY_3); - // If this is a Resume, - if(in->startupType == TPM_SU_STATE) - { - // then there must have been a prior TPM2_ShutdownState(STATE) - if(g_prevOrderlyState != TPM_SU_STATE) - return TPM_RCS_VALUE + RC_Startup_startupType; - // and the part of NV used for state save must have been recovered - // correctly. - // NOTE: if this fails, then the caller will need to do Startup(CLEAR). The - // code for Startup(Clear) cannot fail if the NV can't be read correctly - // because that would prevent the TPM from ever getting unstuck. - if(g_nvOk == FALSE) - return TPM_RC_NV_UNINITIALIZED; - // For Resume, the H-CRTM has to be the same as the previous boot - if(g_DrtmPreStartup != ((gp.orderlyState & PRE_STARTUP_FLAG) != 0)) - return TPM_RCS_VALUE + RC_Startup_startupType; - if(g_StartupLocality3 != ((gp.orderlyState & STARTUP_LOCALITY_3) != 0)) - return TPM_RC_LOCALITY; - } - // Clean up the gp state - gp.orderlyState = g_prevOrderlyState; - -// Internal Date Update - if((gp.orderlyState == TPM_SU_STATE) && (g_nvOk == TRUE)) - { - // Always read the data that is only cleared on a Reset because this is not - // a reset - NvRead(&gr, NV_STATE_RESET_DATA, sizeof(gr)); - if(in->startupType == TPM_SU_STATE) - { - // If this is a startup STATE (a Resume) need to read the data - // that is cleared on a startup CLEAR because this is not a Reset - // or Restart. - NvRead(&gc, NV_STATE_CLEAR_DATA, sizeof(gc)); - startup = SU_RESUME; - } - else - startup = SU_RESTART; - } - else - // Will do a TPM reset if Shutdown(CLEAR) and Startup(CLEAR) or no shutdown - // or there was a failure reading the NV data. - startup = SU_RESET; - // Startup for cryptographic library. Don't do this until after the orderly - // state has been read in from NV. - OK = OK && CryptStartup(startup); - - // When the cryptographic library has been started, indicate that a TPM2_Startup - // command has been received. - OK = OK && TPMRegisterStartup(); - -#ifdef VENDOR_PERMANENT - // Read the platform unique value that is used as VENDOR_PERMANENT - // authorization value - g_platformUniqueDetails.t.size - = (UINT16)_plat__GetUnique(1, sizeof(g_platformUniqueDetails.t.buffer), - g_platformUniqueDetails.t.buffer); -#endif - -// Start up subsystems - // Start set the safe flag - OK = OK && TimeStartup(startup); - - // Start dictionary attack subsystem - OK = OK && DAStartup(startup); - - // Enable hierarchies - OK = OK && HierarchyStartup(startup); - - // Restore/Initialize PCR - OK = OK && PCRStartup(startup, locality); - - // Restore/Initialize command audit information - OK = OK && CommandAuditStartup(startup); - -//// The following code was moved from Time.c where it made no sense - if(OK) - { - switch(startup) - { - case SU_RESUME: - // Resume sequence - gr.restartCount++; - break; - case SU_RESTART: - // Hibernate sequence - gr.clearCount++; - gr.restartCount++; - break; - default: - // Reset object context ID to 0 - gr.objectContextID = 0; - // Reset clearCount to 0 - gr.clearCount = 0; - - // Reset sequence - // Increase resetCount - gp.resetCount++; - - // Write resetCount to NV - NV_SYNC_PERSISTENT(resetCount); - - gp.totalResetCount++; - // We do not expect the total reset counter overflow during the life - // time of TPM. if it ever happens, TPM will be put to failure mode - // and there is no way to recover it. - // The reason that there is no recovery is that we don't increment - // the NV totalResetCount when incrementing would make it 0. When the - // TPM starts up again, the old value of totalResetCount will be read - // and we will get right back to here with the increment failing. - if(gp.totalResetCount == 0) - FAIL(FATAL_ERROR_INTERNAL); - - // Write total reset counter to NV - NV_SYNC_PERSISTENT(totalResetCount); - - // Reset restartCount - gr.restartCount = 0; - - break; - } - } - // Initialize session table - OK = OK && SessionStartup(startup); - - // Initialize object table - OK = OK && ObjectStartup(); - - // Initialize index/evict data. This function clears read/write locks - // in NV index - OK = OK && NvEntityStartup(startup); - - // Initialize the orderly shut down flag for this cycle to SU_NONE_VALUE. - gp.orderlyState = SU_NONE_VALUE; - - OK = OK && NV_SYNC_PERSISTENT(orderlyState); - - // This can be reset after the first completion of a TPM2_Startup() after - // a power loss. It can probably be reset earlier but this is an OK place. - if(OK) - g_powerWasLost = FALSE; - - return (OK) ? TPM_RC_SUCCESS : TPM_RC_FAILURE; -} - -#endif // CC_Startup \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c deleted file mode 100644 index 16fd4bb89..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c +++ /dev/null @@ -1,163 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EncryptDecrypt_fp.h" -#if CC_EncryptDecrypt2 -#include "EncryptDecrypt_spt_fp.h" -#endif - -#if CC_EncryptDecrypt // Conditional expansion of this file - -/*(See part 3 specification) -// symmetric encryption or decryption -*/ -// Return Type: TPM_RC -// TPM_RC_KEY is not a symmetric decryption key with both -// public and private portions loaded -// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; -// or 'inData' size is not an even multiple of the block -// size for CBC or ECB mode -// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does -// not match the key's mode -TPM_RC -TPM2_EncryptDecrypt( - EncryptDecrypt_In *in, // IN: input parameter list - EncryptDecrypt_Out *out // OUT: output parameter list - ) -{ -#if CC_EncryptDecrypt2 - return EncryptDecryptShared(in->keyHandle, in->decrypt, in->mode, - &in->ivIn, &in->inData, out); -#else - OBJECT *symKey; - UINT16 keySize; - UINT16 blockSize; - BYTE *key; - TPM_ALG_ID alg; - TPM_ALG_ID mode; - TPM_RC result; - BOOL OK; - TPMA_OBJECT attributes; - -// Input Validation - symKey = HandleToObject(in->keyHandle); - mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; - attributes = symKey->publicArea.objectAttributes; - - // The input key should be a symmetric key - if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; - // The key must be unrestricted and allow the selected operation - OK = IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - if(YES == in->decrypt) - OK = OK && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt); - else - OK = OK && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign); - if(!OK) - return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; - - // If the key mode is not TPM_ALG_NULL... - // or TPM_ALG_NULL - if(mode != TPM_ALG_NULL) - { - // then the input mode has to be TPM_ALG_NULL or the same as the key - if((in->mode != TPM_ALG_NULL) && (in->mode != mode)) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - } - else - { - // if the key mode is null, then the input can't be null - if(in->mode == TPM_ALG_NULL) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - mode = in->mode; - } - // The input iv for ECB mode should be an Empty Buffer. All the other modes - // should have an iv size same as encryption block size - keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; - alg = symKey->publicArea.parameters.symDetail.sym.algorithm; - blockSize = CryptGetSymmetricBlockSize(alg, keySize); - - // reverify the algorithm. This is mainly to keep static analysis tools happy - if(blockSize == 0) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; - - // Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that - // algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for - // the algorithm is always defined. Both have the same numeric value. - // ALG_xxx_VALUE is used here so that the code does not get cluttered with - // #ifdef's. Having this check does not mean that the algorithm is supported. - // If it was not supported the unmarshaling code would have rejected it before - // this function were called. This means that, depending on the implementation, - // the check could be redundant but it doesn't hurt. - if(((mode == ALG_ECB_VALUE) && (in->ivIn.t.size != 0)) - || ((mode != ALG_ECB_VALUE) && (in->ivIn.t.size != blockSize))) - return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; - - // The input data size of CBC mode or ECB mode must be an even multiple of - // the symmetric algorithm's block size - if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE)) - && ((in->inData.t.size % blockSize) != 0)) - return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; - - // Copy IV - // Note: This is copied here so that the calls to the encrypt/decrypt functions - // will modify the output buffer, not the input buffer - out->ivOut = in->ivIn; - -// Command Output - key = symKey->sensitive.sensitive.sym.t.buffer; - // For symmetric encryption, the cipher data size is the same as plain data - // size. - out->outData.t.size = in->inData.t.size; - if(in->decrypt == YES) - { - // Decrypt data to output - result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, in->inData.t.size, - in->inData.t.buffer); - } - else - { - // Encrypt data to output - result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, in->inData.t.size, - in->inData.t.buffer); - } - return result; -#endif // CC_EncryptDecrypt2 - -} - -#endif // CC_EncryptDecrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c deleted file mode 100644 index 4623c8999..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c +++ /dev/null @@ -1,83 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EncryptDecrypt2_fp.h" -#include "EncryptDecrypt_fp.h" -#include "EncryptDecrypt_spt_fp.h" - -#if CC_EncryptDecrypt2 // Conditional expansion of this file - -/*(See part 3 specification) -// symmetric encryption or decryption using modified parameter list -*/ -// Return Type: TPM_RC -// TPM_RC_KEY is not a symmetric decryption key with both -// public and private portions loaded -// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; -// or 'inData' size is not an even multiple of the block -// size for CBC or ECB mode -// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does -// not match the key's mode -TPM_RC -TPM2_EncryptDecrypt2( - EncryptDecrypt2_In *in, // IN: input parameter list - EncryptDecrypt2_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; - // EncryptDecyrptShared() performs the operations as shown in - // TPM2_EncrypDecrypt - result = EncryptDecryptShared(in->keyHandle, in->decrypt, in->mode, - &in->ivIn, &in->inData, - (EncryptDecrypt_Out *)out); - // Handle response code swizzle. - switch(result) - { - case TPM_RCS_MODE + RC_EncryptDecrypt_mode: - result = TPM_RCS_MODE + RC_EncryptDecrypt2_mode; - break; - case TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn: - result = TPM_RCS_SIZE + RC_EncryptDecrypt2_ivIn; - break; - case TPM_RCS_SIZE + RC_EncryptDecrypt_inData: - result = TPM_RCS_SIZE + RC_EncryptDecrypt2_inData; - break; - default: - break; - } - return result; -} - -#endif // CC_EncryptDecrypt2 \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c deleted file mode 100644 index 593986648..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c +++ /dev/null @@ -1,163 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "EncryptDecrypt_fp.h" -#include "EncryptDecrypt_spt_fp.h" - -#if CC_EncryptDecrypt2 - -/*(See part 3 specification) -// symmetric encryption or decryption -*/ -// Return Type: TPM_RC -// TPM_RC_KEY is not a symmetric decryption key with both -// public and private portions loaded -// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; -// or 'inData' size is not an even multiple of the block -// size for CBC or ECB mode -// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does -// not match the key's mode -TPM_RC -EncryptDecryptShared( - TPMI_DH_OBJECT keyHandleIn, - TPMI_YES_NO decryptIn, - TPMI_ALG_SYM_MODE modeIn, - TPM2B_IV *ivIn, - TPM2B_MAX_BUFFER *inData, - EncryptDecrypt_Out *out - ) -{ - OBJECT *symKey; - UINT16 keySize; - UINT16 blockSize; - BYTE *key; - TPM_ALG_ID alg; - TPM_ALG_ID mode; - TPM_RC result; - BOOL OK; -// Input Validation - symKey = HandleToObject(keyHandleIn); - mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; - - // The input key should be a symmetric key - if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; - // The key must be unrestricted and allow the selected operation - OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, restricted); - if(YES == decryptIn) - OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, decrypt); - else - OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, sign); - if(!OK) - return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; - - // Make sure that key is an encrypt/decrypt key and not SMAC - if(!CryptSymModeIsValid(mode, TRUE)) - return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle; - - // If the key mode is not TPM_ALG_NULL... - // or TPM_ALG_NULL - if(mode != TPM_ALG_NULL) - { - // then the input mode has to be TPM_ALG_NULL or the same as the key - if((modeIn != TPM_ALG_NULL) && (modeIn != mode)) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - } - else - { - // if the key mode is null, then the input can't be null - if(modeIn == TPM_ALG_NULL) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - mode = modeIn; - } - // The input iv for ECB mode should be an Empty Buffer. All the other modes - // should have an iv size same as encryption block size - keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; - alg = symKey->publicArea.parameters.symDetail.sym.algorithm; - blockSize = CryptGetSymmetricBlockSize(alg, keySize); - - // reverify the algorithm. This is mainly to keep static analysis tools happy - if(blockSize == 0) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; - - // Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that - // algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for - // the algorithm is always defined. Both have the same numeric value. - // ALG_xxx_VALUE is used here so that the code does not get cluttered with - // #ifdef's. Having this check does not mean that the algorithm is supported. - // If it was not supported the unmarshaling code would have rejected it before - // this function were called. This means that, depending on the implementation, - // the check could be redundant but it doesn't hurt. - if(((mode == ALG_ECB_VALUE) && (ivIn->t.size != 0)) - || ((mode != ALG_ECB_VALUE) && (ivIn->t.size != blockSize))) - return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; - - // The input data size of CBC mode or ECB mode must be an even multiple of - // the symmetric algorithm's block size - if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE)) - && ((inData->t.size % blockSize) != 0)) - return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; - - // Copy IV - // Note: This is copied here so that the calls to the encrypt/decrypt functions - // will modify the output buffer, not the input buffer - out->ivOut = *ivIn; - -// Command Output - key = symKey->sensitive.sensitive.sym.t.buffer; - // For symmetric encryption, the cipher data size is the same as plain data - // size. - out->outData.t.size = inData->t.size; - if(decryptIn == YES) - { - // Decrypt data to output - result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, inData->t.size, - inData->t.buffer); - } - else - { - // Encrypt data to output - result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, inData->t.size, - inData->t.buffer); - } - return result; -} - -#endif // CC_EncryptDecrypt \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c deleted file mode 100644 index 29ec971d4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c +++ /dev/null @@ -1,108 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "HMAC_fp.h" - -#if CC_HMAC // Conditional expansion of this file - -/*(See part 3 specification) -// Compute HMAC on a data buffer -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'handle' is a restricted key -// TPM_RC_KEY 'handle' does not reference a signing key -// TPM_RC_TYPE key referenced by 'handle' is not an HMAC key -// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm -// of the scheme of the object referenced by 'handle' -TPM_RC -TPM2_HMAC( - HMAC_In *in, // IN: input parameter list - HMAC_Out *out // OUT: output parameter list - ) -{ - HMAC_STATE hmacState; - OBJECT *hmacObject; - TPMI_ALG_HASH hashAlg; - TPMT_PUBLIC *publicArea; - -// Input Validation - - // Get HMAC key object and public area pointers - hmacObject = HandleToObject(in->handle); - publicArea = &hmacObject->publicArea; - // Make sure that the key is an HMAC key - if(publicArea->type != TPM_ALG_KEYEDHASH) - return TPM_RCS_TYPE + RC_HMAC_handle; - - // and that it is unrestricted - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_HMAC_handle; - - // and that it is a signing key - if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_KEY + RC_HMAC_handle; - - // See if the key has a default - if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL) - // it doesn't so use the input value - hashAlg = in->hashAlg; - else - { - // key has a default so use it - hashAlg - = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg; - // and verify that the input was either the TPM_ALG_NULL or the default - if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg) - hashAlg = TPM_ALG_NULL; - } - // if we ended up without a hash algorithm then return an error - if(hashAlg == TPM_ALG_NULL) - return TPM_RCS_VALUE + RC_HMAC_hashAlg; - -// Command Output - - // Start HMAC stack - out->outHMAC.t.size = CryptHmacStart2B(&hmacState, hashAlg, - &hmacObject->sensitive.sensitive.bits.b); - // Adding HMAC data - CryptDigestUpdate2B(&hmacState.hashState, &in->buffer.b); - - // Complete HMAC - CryptHmacEnd2B(&hmacState, &out->outHMAC.b); - - return TPM_RC_SUCCESS; -} - -#endif // CC_HMAC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c deleted file mode 100644 index 9736185b3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c +++ /dev/null @@ -1,88 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "Hash_fp.h" - -#if CC_Hash // Conditional expansion of this file - -/*(See part 3 specification) -// Hash a data buffer -*/ -TPM_RC -TPM2_Hash( - Hash_In *in, // IN: input parameter list - Hash_Out *out // OUT: output parameter list - ) -{ - HASH_STATE hashState; - -// Command Output - - // Output hash - // Start hash stack - out->outHash.t.size = CryptHashStart(&hashState, in->hashAlg); - // Adding hash data - CryptDigestUpdate2B(&hashState, &in->data.b); - // Complete hash - CryptHashEnd2B(&hashState, &out->outHash.b); - - // Output ticket - out->validation.tag = TPM_ST_HASHCHECK; - out->validation.hierarchy = in->hierarchy; - - if(in->hierarchy == TPM_RH_NULL) - { - // Ticket is not required - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } - else if(in->data.t.size >= sizeof(TPM_GENERATED) - && !TicketIsSafe(&in->data.b)) - { - // Ticket is not safe - out->validation.hierarchy = TPM_RH_NULL; - out->validation.digest.t.size = 0; - } - else - { - // Compute ticket - TicketComputeHashCheck(in->hierarchy, in->hashAlg, - &out->outHash, &out->validation); - } - - return TPM_RC_SUCCESS; -} - -#endif // CC_Hash \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c deleted file mode 100644 index 219406c8e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c +++ /dev/null @@ -1,94 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "MAC_fp.h" - -#if CC_MAC // Conditional expansion of this file - -/*(See part 3 specification) -// Compute MAC on a data buffer -*/ -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES key referenced by 'handle' is a restricted key -// TPM_RC_KEY 'handle' does not reference a signing key -// TPM_RC_TYPE key referenced by 'handle' is not an HMAC key -// TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm -// of the scheme of the object referenced by 'handle' -TPM_RC -TPM2_MAC( - MAC_In *in, // IN: input parameter list - MAC_Out *out // OUT: output parameter list - ) -{ - OBJECT *keyObject; - HMAC_STATE state; - TPMT_PUBLIC *publicArea; - TPM_RC result; - -// Input Validation - // Get MAC key object and public area pointers - keyObject = HandleToObject(in->handle); - publicArea = &keyObject->publicArea; - - // If the key is not able to do a MAC, indicate that the handle selects an - // object that can't do a MAC - result = CryptSelectMac(publicArea, &in->inScheme); - if(result == TPM_RCS_TYPE) - return TPM_RCS_TYPE + RC_MAC_handle; - // If there is another error type, indicate that the scheme and key are not - // compatible - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, RC_MAC_inScheme); - // Make sure that the key is not restricted - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - return TPM_RCS_ATTRIBUTES + RC_MAC_handle; - // and that it is a signing key - if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - return TPM_RCS_KEY + RC_MAC_handle; -// Command Output - out->outMAC.t.size = CryptMacStart(&state, &publicArea->parameters, - in->inScheme, - &keyObject->sensitive.sensitive.any.b); - // If the mac can't start, treat it as a fatal error - if(out->outMAC.t.size == 0) - return TPM_RC_FAILURE; - CryptDigestUpdate2B(&state.hashState, &in->buffer.b); - // If the MAC result is not what was expected, it is a fatal error - if(CryptHmacEnd2B(&state, &out->outMAC.b) != out->outMAC.t.size) - return TPM_RC_FAILURE; - return TPM_RC_SUCCESS; -} - -#endif // CC_MAC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c deleted file mode 100644 index 3ded75a36..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c +++ /dev/null @@ -1,61 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "GetTestResult_fp.h" - -#if CC_GetTestResult // Conditional expansion of this file - -/*(See part 3 specification) -// returns manufacturer-specific information regarding the results of a self- -// test and an indication of the test status. -*/ - -// In the reference implementation, this function is only reachable if the TPM is -// not in failure mode meaning that all tests that have been run have completed -// successfully. There is not test data and the test result is TPM_RC_SUCCESS. -TPM_RC -TPM2_GetTestResult( - GetTestResult_Out *out // OUT: output parameter list - ) -{ -// Command Output - - // Call incremental self test function in crypt module - out->testResult = CryptGetTestResult(&out->outData); - - return TPM_RC_SUCCESS; -} - -#endif // CC_GetTestResult \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c deleted file mode 100644 index 2b62e7a67..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c +++ /dev/null @@ -1,65 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "IncrementalSelfTest_fp.h" - -#if CC_IncrementalSelfTest // Conditional expansion of this file - -/*(See part 3 specification) -// perform a test of selected algorithms -*/ -// Return Type: TPM_RC -// TPM_RC_CANCELED the command was canceled (some tests may have -// completed) -// TPM_RC_VALUE an algorithm in the toTest list is not implemented -TPM_RC -TPM2_IncrementalSelfTest( - IncrementalSelfTest_In *in, // IN: input parameter list - IncrementalSelfTest_Out *out // OUT: output parameter list - ) -{ - TPM_RC result; -// Command Output - - // Call incremental self test function in crypt module. If this function - // returns TPM_RC_VALUE, it means that an algorithm on the 'toTest' list is - // not implemented. - result = CryptIncrementalSelfTest(&in->toTest, &out->toDoList); - if(result == TPM_RC_VALUE) - return TPM_RCS_VALUE + RC_IncrementalSelfTest_toTest; - return result; -} - -#endif // CC_IncrementalSelfTest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c deleted file mode 100644 index f5e0106f1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c +++ /dev/null @@ -1,58 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "SelfTest_fp.h" - -#if CC_SelfTest // Conditional expansion of this file - -/*(See part 3 specification) -// perform a test of TPM capabilities -*/ -// Return Type: TPM_RC -// TPM_RC_CANCELED the command was canceled (some incremental -// process may have been made) -// TPM_RC_TESTING self test in process -TPM_RC -TPM2_SelfTest( - SelfTest_In *in // IN: input parameter list - ) -{ -// Command Output - - // Call self test function in crypt module - return CryptSelfTest(in->fullTest); -} - -#endif // CC_SelfTest \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c deleted file mode 100644 index c06d50813..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c +++ /dev/null @@ -1,50 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -#if CC_Vendor_TCG_Test // Conditional expansion of this file -#include "Vendor_TCG_Test_fp.h" - -TPM_RC -TPM2_Vendor_TCG_Test( - Vendor_TCG_Test_In *in, // IN: input parameter list - Vendor_TCG_Test_Out *out // OUT: output parameter list - ) -{ - out->outputData = in->inputData; - return TPM_RC_SUCCESS; -} - -#endif // CC_Vendor_TCG_Test \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c deleted file mode 100644 index 9d203e5f4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c +++ /dev/null @@ -1,963 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the code to perform the various self-test functions. -// -// NOTE: In this implementation, large local variables are made static to minimize -// stack usage, which is critical for stack-constrained platforms. - -//** Includes and Defines -#include "Tpm.h" - -#define SELF_TEST_DATA - -#if SELF_TEST - -// These includes pull in the data structures. They contain data definitions for the -// various tests. -#include "SelfTest.h" -#include "SymmetricTest.h" -#include "RsaTestData.h" -#include "EccTestData.h" -#include "HashTestData.h" -#include "KdfTestData.h" - -#define TEST_DEFAULT_TEST_HASH(vector) \ - if(TEST_BIT(DEFAULT_TEST_HASH, g_toTest)) \ - TestHash(DEFAULT_TEST_HASH, vector); - -// Make sure that the algorithm has been tested -#define CLEAR_BOTH(alg) { CLEAR_BIT(alg, *toTest); \ - if(toTest != &g_toTest) \ - CLEAR_BIT(alg, g_toTest); } - -#define SET_BOTH(alg) { SET_BIT(alg, *toTest); \ - if(toTest != &g_toTest) \ - SET_BIT(alg, g_toTest); } - -#define TEST_BOTH(alg) ((toTest != &g_toTest) \ - ? TEST_BIT(alg, *toTest) || TEST_BIT(alg, g_toTest) \ - : TEST_BIT(alg, *toTest)) - -// Can only cancel if doing a list. -#define CHECK_CANCELED \ - if(_plat__IsCanceled() && toTest != &g_toTest) \ - return TPM_RC_CANCELED; - -//** Hash Tests - -//*** Description -// The hash test does a known-value HMAC using the specified hash algorithm. - -//*** TestHash() -// The hash test function. -static TPM_RC -TestHash( - TPM_ALG_ID hashAlg, - ALGORITHM_VECTOR *toTest - ) -{ - static TPM2B_DIGEST computed; // value computed - static HMAC_STATE state; - UINT16 digestSize; - const TPM2B *testDigest = NULL; -// TPM2B_TYPE(HMAC_BLOCK, DEFAULT_TEST_HASH_BLOCK_SIZE); - - pAssert(hashAlg != ALG_NULL_VALUE); - switch(hashAlg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - testDigest = &c_SHA1_digest.b; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - testDigest = &c_SHA256_digest.b; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - testDigest = &c_SHA384_digest.b; - break; -#endif -#if ALG_SHA512 - case ALG_SHA512_VALUE: - testDigest = &c_SHA512_digest.b; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - testDigest = &c_SM3_256_digest.b; - break; -#endif - default: - FAIL(FATAL_ERROR_INTERNAL); - } - // Clear the to-test bits - CLEAR_BOTH(hashAlg); - - // Set the HMAC key to twice the digest size - digestSize = CryptHashGetDigestSize(hashAlg); - CryptHmacStart(&state, hashAlg, digestSize * 2, - (BYTE *)c_hashTestKey.t.buffer); - CryptDigestUpdate(&state.hashState, 2 * CryptHashGetBlockSize(hashAlg), - (BYTE *)c_hashTestData.t.buffer); - computed.t.size = digestSize; - CryptHmacEnd(&state, digestSize, computed.t.buffer); - if((testDigest->size != computed.t.size) - || (memcmp(testDigest->buffer, computed.t.buffer, computed.b.size) != 0)) - SELF_TEST_FAILURE; - return TPM_RC_SUCCESS; -} - -//** Symmetric Test Functions - -//*** MakeIv() -// Internal function to make the appropriate IV depending on the mode. -static UINT32 -MakeIv( - TPM_ALG_ID mode, // IN: symmetric mode - UINT32 size, // IN: block size of the algorithm - BYTE *iv // OUT: IV to fill in - ) -{ - BYTE i; - - if(mode == ALG_ECB_VALUE) - return 0; - if(mode == ALG_CTR_VALUE) - { - // The test uses an IV that has 0xff in the last byte - for(i = 1; i <= size; i++) - *iv++ = 0xff - (BYTE)(size - i); - } - else - { - for(i = 0; i < size; i++) - *iv++ = i; - } - return size; -} - -//*** TestSymmetricAlgorithm() -// Function to test a specific algorithm, key size, and mode. -static void -TestSymmetricAlgorithm( - const SYMMETRIC_TEST_VECTOR *test, // - TPM_ALG_ID mode // - ) -{ - static BYTE encrypted[MAX_SYM_BLOCK_SIZE * 2]; - static BYTE decrypted[MAX_SYM_BLOCK_SIZE * 2]; - static TPM2B_IV iv; -// - // Get the appropriate IV - iv.t.size = (UINT16)MakeIv(mode, test->ivSize, iv.t.buffer); - - // Encrypt known data - CryptSymmetricEncrypt(encrypted, test->alg, test->keyBits, test->key, &iv, - mode, test->dataInOutSize, test->dataIn); - // Check that it matches the expected value - if(!MemoryEqual(encrypted, test->dataOut[mode - ALG_CTR_VALUE], - test->dataInOutSize)) - SELF_TEST_FAILURE; - // Reinitialize the iv for decryption - MakeIv(mode, test->ivSize, iv.t.buffer); - CryptSymmetricDecrypt(decrypted, test->alg, test->keyBits, test->key, &iv, - mode, test->dataInOutSize, - test->dataOut[mode - ALG_CTR_VALUE]); - // Make sure that it matches what we started with - if(!MemoryEqual(decrypted, test->dataIn, test->dataInOutSize)) - SELF_TEST_FAILURE; -} - -//*** AllSymsAreDone() -// Checks if both symmetric algorithms have been tested. This is put here -// so that addition of a symmetric algorithm will be relatively easy to handle -// Return Type: BOOL -// TRUE(1) all symmetric algorithms tested -// FALSE(0) not all symmetric algorithms tested -static BOOL -AllSymsAreDone( - ALGORITHM_VECTOR *toTest - ) -{ - return (!TEST_BOTH(ALG_AES_VALUE) && !TEST_BOTH(ALG_SM4_VALUE)); -} - -//*** AllModesAreDone() -// Checks if all the modes have been tested -// Return Type: BOOL -// TRUE(1) all modes tested -// FALSE(0) all modes not tested -static BOOL -AllModesAreDone( - ALGORITHM_VECTOR *toTest - ) -{ - TPM_ALG_ID alg; - for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) - if(TEST_BOTH(alg)) - return FALSE; - return TRUE; -} - -//*** TestSymmetric() -// If 'alg' is a symmetric block cipher, then all of the modes that are selected are -// tested. If 'alg' is a mode, then all algorithms of that mode are tested. -static TPM_RC -TestSymmetric( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - SYM_INDEX index; - TPM_ALG_ID mode; -// - if(!TEST_BIT(alg, *toTest)) - return TPM_RC_SUCCESS; - if(alg == ALG_AES_VALUE || alg == ALG_SM4_VALUE || alg == ALG_CAMELLIA_VALUE) - { - // Will test the algorithm for all modes and key sizes - CLEAR_BOTH(alg); - - // A test this algorithm for all modes - for(index = 0; index < NUM_SYMS; index++) - { - if(c_symTestValues[index].alg == alg) - { - for(mode = TPM_SYM_MODE_FIRST; - mode <= TPM_SYM_MODE_LAST; - mode++) - { - if(TEST_BIT(mode, *toTest)) - TestSymmetricAlgorithm(&c_symTestValues[index], mode); - } - } - } - // if all the symmetric tests are done - if(AllSymsAreDone(toTest)) - { - // all symmetric algorithms tested so no modes should be set - for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) - CLEAR_BOTH(alg); - } - } - else if(TPM_SYM_MODE_FIRST <= alg && alg <= TPM_SYM_MODE_LAST) - { - // Test this mode for all key sizes and algorithms - for(index = 0; index < NUM_SYMS; index++) - { - // The mode testing only comes into play when doing self tests - // by command. When doing self tests by command, the block ciphers are - // tested first. That means that all of their modes would have been - // tested for all key sizes. If there is no block cipher left to - // test, then clear this mode bit. - if(!TEST_BIT(ALG_AES_VALUE, *toTest) - && !TEST_BIT(ALG_SM4_VALUE, *toTest)) - { - CLEAR_BOTH(alg); - } - else - { - for(index = 0; index < NUM_SYMS; index++) - { - if(TEST_BIT(c_symTestValues[index].alg, *toTest)) - TestSymmetricAlgorithm(&c_symTestValues[index], alg); - } - // have tested this mode for all algorithms - CLEAR_BOTH(alg); - } - } - if(AllModesAreDone(toTest)) - { - CLEAR_BOTH(ALG_AES_VALUE); - CLEAR_BOTH(ALG_SM4_VALUE); - } - } - else - pAssert(alg == 0 && alg != 0); - return TPM_RC_SUCCESS; -} - -//** RSA Tests -#if ALG_RSA - -//*** Introduction -// The tests are for public key only operations and for private key operations. -// Signature verification and encryption are public key operations. They are tested -// by using a KVT. For signature verification, this means that a known good -// signature is checked by CryptRsaValidateSignature(). If it fails, then the -// TPM enters failure mode. For encryption, the TPM encrypts known values using -// the selected scheme and checks that the returned value matches the expected -// value. -// -// For private key operations, a full scheme check is used. For a signing key, a -// known key is used to sign a known message. Then that signature is verified. -// since the signature may involve use of random values, the signature will be -// different each time and we can't always check that the signature matches a -// known value. The same technique is used for decryption (RSADP/RSAEP). -// -// When an operation uses the public key and the verification has not been -// tested, the TPM will do a KVT. -// -// The test for the signing algorithm is built into the call for the algorithm - -//*** RsaKeyInitialize() -// The test key is defined by a public modulus and a private prime. The TPM's RSA -// code computes the second prime and the private exponent. -static void -RsaKeyInitialize( - OBJECT *testObject - ) -{ - MemoryCopy2B(&testObject->publicArea.unique.rsa.b, (P2B)&c_rsaPublicModulus, - sizeof(c_rsaPublicModulus)); - MemoryCopy2B(&testObject->sensitive.sensitive.rsa.b, (P2B)&c_rsaPrivatePrime, - sizeof(testObject->sensitive.sensitive.rsa.t.buffer)); - testObject->publicArea.parameters.rsaDetail.keyBits = RSA_TEST_KEY_SIZE * 8; - // Use the default exponent - testObject->publicArea.parameters.rsaDetail.exponent = 0; -} - -//*** TestRsaEncryptDecrypt() -// These tests are for a public key encryption that uses a random value. -static TPM_RC -TestRsaEncryptDecrypt( - TPM_ALG_ID scheme, // IN: the scheme - ALGORITHM_VECTOR *toTest // - ) -{ - static TPM2B_PUBLIC_KEY_RSA testInput; - static TPM2B_PUBLIC_KEY_RSA testOutput; - static OBJECT testObject; - const TPM2B_RSA_TEST_KEY *kvtValue = NULL; - TPM_RC result = TPM_RC_SUCCESS; - const TPM2B *testLabel = NULL; - TPMT_RSA_DECRYPT rsaScheme; -// - // Don't need to initialize much of the test object - RsaKeyInitialize(&testObject); - rsaScheme.scheme = scheme; - rsaScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; - CLEAR_BOTH(scheme); - CLEAR_BOTH(ALG_NULL_VALUE); - if(scheme == ALG_NULL_VALUE) - { - // This is an encryption scheme using the private key without any encoding. - memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue)); - testInput.t.size = sizeof(c_RsaTestValue); - if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, - &testObject, &rsaScheme, NULL, NULL)) - SELF_TEST_FAILURE; - if(!MemoryEqual(testOutput.t.buffer, c_RsaepKvt.buffer, c_RsaepKvt.size)) - SELF_TEST_FAILURE; - MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); - if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, - &testObject, &rsaScheme, NULL)) - SELF_TEST_FAILURE; - if(!MemoryEqual(testOutput.t.buffer, c_RsaTestValue, - sizeof(c_RsaTestValue))) - SELF_TEST_FAILURE; - } - else - { - // ALG_RSAES_VALUE: - // This is an decryption scheme using padding according to - // PKCS#1v2.1, 7.2. This padding uses random bits. To test a public - // key encryption that uses random data, encrypt a value and then - // decrypt the value and see that we get the encrypted data back. - // The hash is not used by this encryption so it can be TMP_ALG_NULL - - // ALG_OAEP_VALUE: - // This is also an decryption scheme and it also uses a - // pseudo-random - // value. However, this also uses a hash algorithm. So, we may need - // to test that algorithm before use. - if(scheme == ALG_OAEP_VALUE) - { - TEST_DEFAULT_TEST_HASH(toTest); - kvtValue = &c_OaepKvt; - testLabel = OAEP_TEST_STRING; - } - else if(scheme == ALG_RSAES_VALUE) - { - kvtValue = &c_RsaesKvt; - testLabel = NULL; - } - else - SELF_TEST_FAILURE; - // Only use a digest-size portion of the test value - memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); - testInput.t.size = DEFAULT_TEST_DIGEST_SIZE; - - // See if the encryption works - if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, - &testObject, &rsaScheme, testLabel, - NULL)) - SELF_TEST_FAILURE; - MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); - // see if we can decrypt this value and get the original data back - if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, - &testObject, &rsaScheme, testLabel)) - SELF_TEST_FAILURE; - // See if the results compare - if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE - || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, - DEFAULT_TEST_DIGEST_SIZE)) - SELF_TEST_FAILURE; - // Now check that the decryption works on a known value - MemoryCopy2B(&testInput.b, (P2B)kvtValue, - sizeof(testInput.t.buffer)); - if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, - &testObject, &rsaScheme, testLabel)) - SELF_TEST_FAILURE; - if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE - || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, - DEFAULT_TEST_DIGEST_SIZE)) - SELF_TEST_FAILURE; - } - return result; -} - -//*** TestRsaSignAndVerify() -// This function does the testing of the RSA sign and verification functions. This -// test does a KVT. -static TPM_RC -TestRsaSignAndVerify( - TPM_ALG_ID scheme, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - static OBJECT testObject; - static TPM2B_DIGEST testDigest; - static TPMT_SIGNATURE testSig; - - // Do a sign and signature verification. - // RSASSA: - // This is a signing scheme according to PKCS#1-v2.1 8.2. It does not - // use random data so there is a KVT for the signing operation. On - // first use of the scheme for signing, use the TPM's RSA key to - // sign a portion of c_RsaTestData and compare the results to c_RsassaKvt. Then - // decrypt the data to see that it matches the starting value. This verifies - // the signature with a KVT - - // Clear the bits indicating that the function has not been checked. This is to - // prevent looping - CLEAR_BOTH(scheme); - CLEAR_BOTH(ALG_NULL_VALUE); - CLEAR_BOTH(ALG_RSA_VALUE); - - RsaKeyInitialize(&testObject); - memcpy(testDigest.t.buffer, (BYTE *)c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); - testDigest.t.size = DEFAULT_TEST_DIGEST_SIZE; - testSig.sigAlg = scheme; - testSig.signature.rsapss.hash = DEFAULT_TEST_HASH; - - // RSAPSS: - // This is a signing scheme a according to PKCS#1-v2.2 8.1 it uses - // random data in the signature so there is no KVT for the signing - // operation. To test signing, the TPM will use the TPM's RSA key - // to sign a portion of c_RsaTestValue and then it will verify the - // signature. For verification, c_RsapssKvt is verified before the - // user signature blob is verified. The worst case for testing of this - // algorithm is two private and one public key operation. - - // The process is to sign known data. If RSASSA is being done, verify that the - // signature matches the precomputed value. For both, use the signed value and - // see that the verification says that it is a good signature. Then - // if testing RSAPSS, do a verify of a known good signature. This ensures that - // the validation function works. - - if(TPM_RC_SUCCESS != CryptRsaSign(&testSig, &testObject, &testDigest, NULL)) - SELF_TEST_FAILURE; - // For RSASSA, make sure the results is what we are looking for - if(testSig.sigAlg == ALG_RSASSA_VALUE) - { - if(testSig.signature.rsassa.sig.t.size != RSA_TEST_KEY_SIZE - || !MemoryEqual(c_RsassaKvt.buffer, - testSig.signature.rsassa.sig.t.buffer, - RSA_TEST_KEY_SIZE)) - SELF_TEST_FAILURE; - } - // See if the TPM will validate its own signatures - if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, - &testDigest)) - SELF_TEST_FAILURE; - // If this is RSAPSS, check the verification with known signature - // Have to copy because CrytpRsaValidateSignature() eats the signature - if(ALG_RSAPSS_VALUE == scheme) - { - MemoryCopy2B(&testSig.signature.rsapss.sig.b, (P2B)&c_RsapssKvt, - sizeof(testSig.signature.rsapss.sig.t.buffer)); - if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, - &testDigest)) - SELF_TEST_FAILURE; - } - return result; -} - -//*** TestRSA() -// Function uses the provided vector to indicate which tests to run. It will clear -// the vector after each test is run and also clear g_toTest -static TPM_RC -TestRsa( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_RC result = TPM_RC_SUCCESS; -// - switch(alg) - { - case ALG_NULL_VALUE: - // This is the RSAEP/RSADP function. If we are processing a list, don't - // need to test these now because any other test will validate - // RSAEP/RSADP. Can tell this is list of test by checking to see if - // 'toTest' is pointing at g_toTest. If so, this is an isolated test - // an need to go ahead and do the test; - if((toTest == &g_toTest) - || (!TEST_BIT(ALG_RSASSA_VALUE, *toTest) - && !TEST_BIT(ALG_RSAES_VALUE, *toTest) - && !TEST_BIT(ALG_RSAPSS_VALUE, *toTest) - && !TEST_BIT(ALG_OAEP_VALUE, *toTest))) - // Not running a list of tests or no other tests on the list - // so run the test now - result = TestRsaEncryptDecrypt(alg, toTest); - // if not running the test now, leave the bit on, just in case things - // get interrupted - break; - case ALG_OAEP_VALUE: - case ALG_RSAES_VALUE: - result = TestRsaEncryptDecrypt(alg, toTest); - break; - case ALG_RSAPSS_VALUE: - case ALG_RSASSA_VALUE: - result = TestRsaSignAndVerify(alg, toTest); - break; - default: - SELF_TEST_FAILURE; - } - return result; -} - -#endif // ALG_RSA - -//** ECC Tests - -#if ALG_ECC - -//*** LoadEccParameter() -// This function is mostly for readability and type checking -static void -LoadEccParameter( - TPM2B_ECC_PARAMETER *to, // target - const TPM2B_EC_TEST *from // source - ) -{ - MemoryCopy2B(&to->b, &from->b, sizeof(to->t.buffer)); -} - -//*** LoadEccPoint() -static void -LoadEccPoint( - TPMS_ECC_POINT *point, // target - const TPM2B_EC_TEST *x, // source - const TPM2B_EC_TEST *y - ) -{ - MemoryCopy2B(&point->x.b, (TPM2B *)x, sizeof(point->x.t.buffer)); - MemoryCopy2B(&point->y.b, (TPM2B *)y, sizeof(point->y.t.buffer)); -} - -//*** TestECDH() -// This test does a KVT on a point multiply. -static TPM_RC -TestECDH( - TPM_ALG_ID scheme, // IN: for consistency - ALGORITHM_VECTOR *toTest // IN/OUT: modified after test is run - ) -{ - static TPMS_ECC_POINT Z; - static TPMS_ECC_POINT Qe; - static TPM2B_ECC_PARAMETER ds; - TPM_RC result = TPM_RC_SUCCESS; -// - NOT_REFERENCED(scheme); - CLEAR_BOTH(ALG_ECDH_VALUE); - LoadEccParameter(&ds, &c_ecTestKey_ds); - LoadEccPoint(&Qe, &c_ecTestKey_QeX, &c_ecTestKey_QeY); - if(TPM_RC_SUCCESS != CryptEccPointMultiply(&Z, c_testCurve, &Qe, &ds, - NULL, NULL)) - SELF_TEST_FAILURE; - if(!MemoryEqual2B(&c_ecTestEcdh_X.b, &Z.x.b) - || !MemoryEqual2B(&c_ecTestEcdh_Y.b, &Z.y.b)) - SELF_TEST_FAILURE; - return result; -} - -//*** TestEccSignAndVerify() -static TPM_RC -TestEccSignAndVerify( - TPM_ALG_ID scheme, - ALGORITHM_VECTOR *toTest - ) -{ - static OBJECT testObject; - static TPMT_SIGNATURE testSig; - static TPMT_ECC_SCHEME eccScheme; - - testSig.sigAlg = scheme; - testSig.signature.ecdsa.hash = DEFAULT_TEST_HASH; - - eccScheme.scheme = scheme; - eccScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; - - CLEAR_BOTH(scheme); - CLEAR_BOTH(ALG_ECDH_VALUE); - - // ECC signature verification testing uses a KVT. - switch(scheme) - { - case ALG_ECDSA_VALUE: - LoadEccParameter(&testSig.signature.ecdsa.signatureR, &c_TestEcDsa_r); - LoadEccParameter(&testSig.signature.ecdsa.signatureS, &c_TestEcDsa_s); - break; - case ALG_ECSCHNORR_VALUE: - LoadEccParameter(&testSig.signature.ecschnorr.signatureR, - &c_TestEcSchnorr_r); - LoadEccParameter(&testSig.signature.ecschnorr.signatureS, - &c_TestEcSchnorr_s); - break; - case ALG_SM2_VALUE: - // don't have a test for SM2 - return TPM_RC_SUCCESS; - default: - SELF_TEST_FAILURE; - break; - } - TEST_DEFAULT_TEST_HASH(toTest); - - // Have to copy the key. This is because the size used in the test vectors - // is the size of the ECC parameter for the test key while the size of a point - // is TPM dependent - MemoryCopy2B(&testObject.sensitive.sensitive.ecc.b, &c_ecTestKey_ds.b, - sizeof(testObject.sensitive.sensitive.ecc.t.buffer)); - LoadEccPoint(&testObject.publicArea.unique.ecc, &c_ecTestKey_QsX, - &c_ecTestKey_QsY); - testObject.publicArea.parameters.eccDetail.curveID = c_testCurve; - - if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, - (TPM2B_DIGEST *)&c_ecTestValue.b)) - { - SELF_TEST_FAILURE; - } - CHECK_CANCELED; - - // Now sign and verify some data - if(TPM_RC_SUCCESS != CryptEccSign(&testSig, &testObject, - (TPM2B_DIGEST *)&c_ecTestValue, - &eccScheme, NULL)) - SELF_TEST_FAILURE; - - CHECK_CANCELED; - - if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, - (TPM2B_DIGEST *)&c_ecTestValue)) - SELF_TEST_FAILURE; - - CHECK_CANCELED; - - return TPM_RC_SUCCESS; -} - -//*** TestKDFa() -static TPM_RC -TestKDFa( - ALGORITHM_VECTOR *toTest - ) -{ - static TPM2B_KDF_TEST_KEY keyOut; - UINT32 counter = 0; -// - CLEAR_BOTH(ALG_KDF1_SP800_108_VALUE); - - keyOut.t.size = CryptKDFa(KDF_TEST_ALG, &c_kdfTestKeyIn.b, &c_kdfTestLabel.b, - &c_kdfTestContextU.b, &c_kdfTestContextV.b, - TEST_KDF_KEY_SIZE * 8, keyOut.t.buffer, - &counter, FALSE); - if ( keyOut.t.size != TEST_KDF_KEY_SIZE - || !MemoryEqual(keyOut.t.buffer, c_kdfTestKeyOut.t.buffer, - TEST_KDF_KEY_SIZE)) - SELF_TEST_FAILURE; - - return TPM_RC_SUCCESS; -} - -//*** TestEcc() -static TPM_RC -TestEcc( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - NOT_REFERENCED(toTest); - switch(alg) - { - case ALG_ECC_VALUE: - case ALG_ECDH_VALUE: - // If this is in a loop then see if another test is going to deal with - // this. - // If toTest is not a self-test list - if((toTest == &g_toTest) - // or this is the only ECC test in the list - || !(TEST_BIT(ALG_ECDSA_VALUE, *toTest) - || TEST_BIT(ALG_ECSCHNORR, *toTest) - || TEST_BIT(ALG_SM2_VALUE, *toTest))) - { - result = TestECDH(alg, toTest); - } - break; - case ALG_ECDSA_VALUE: - case ALG_ECSCHNORR_VALUE: - case ALG_SM2_VALUE: - result = TestEccSignAndVerify(alg, toTest); - break; - default: - SELF_TEST_FAILURE; - break; - } - return result; -} - -#endif // ALG_ECC - -//*** TestAlgorithm() -// Dispatches to the correct test function for the algorithm or gets a list of -// testable algorithms. -// -// If 'toTest' is not NULL, then the test decisions are based on the algorithm -// selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in -// 'g_toTest' they will also be cleared 'toTest'. -// -// If there doesn't happen to be a test for the algorithm, its associated bit is -// quietly cleared. -// -// If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits -// for which there is no test (i.e. no tests are actually run but the vector is -// cleared). -// -// Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' -// can be anything. -// Return Type: TPM_RC -// TPM_RC_CANCELED test was canceled -LIB_EXPORT -TPM_RC -TestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_ALG_ID first = (alg == ALG_ERROR_VALUE) ? ALG_FIRST_VALUE : alg; - TPM_ALG_ID last = (alg == ALG_ERROR_VALUE) ? ALG_LAST_VALUE : alg; - BOOL doTest = (alg != ALG_ERROR_VALUE); - TPM_RC result = TPM_RC_SUCCESS; - - if(toTest == NULL) - toTest = &g_toTest; - - // This is kind of strange. This function will either run a test of the selected - // algorithm or just clear a bit if there is no test for the algorithm. So, - // either this loop will be executed once for the selected algorithm or once for - // each of the possible algorithms. If it is executed more than once ('alg' == - // ALG_ERROR), then no test will be run but bits will be cleared for - // unimplemented algorithms. This was done this way so that there is only one - // case statement with all of the algorithms. It was easier to have one case - // statement than to have multiple ones to manage whenever an algorithm ID is - // added. - for(alg = first; (alg <= last); alg++) - { - // if 'alg' was TPM_ALG_ERROR, then we will be cycling through - // values, some of which may not be implemented. If the bit in toTest - // happens to be set, then we could either generated an assert, or just - // silently CLEAR it. Decided to just clear. - if(!TEST_BIT(alg, g_implementedAlgorithms)) - { - CLEAR_BIT(alg, *toTest); - continue; - } - // Process whatever is left. - // NOTE: since this switch will only be called if the algorithm is - // implemented, it is not necessary to modify this list except to comment - // out the algorithms for which there is no test - switch(alg) - { - // Symmetric block ciphers -#if ALG_AES - case ALG_AES_VALUE: -#endif // ALG_AES -#if ALG_SM4 - // if SM4 is implemented, its test is like other block ciphers but there - // aren't any test vectors for it yet -// case ALG_SM4_VALUE: -#endif // ALG_SM4 -#if ALG_CAMELLIA - // no test vectors for camellia -// case ALG_CAMELLIA_VALUE: -#endif - // Symmetric modes -#if !ALG_CFB -# error CFB is required in all TPM implementations -#endif // !ALG_CFB - case ALG_CFB_VALUE: - if(doTest) - result = TestSymmetric(alg, toTest); - break; -#if ALG_CTR - case ALG_CTR_VALUE: -#endif // ALG_CRT -#if ALG_OFB - case ALG_OFB_VALUE: -#endif // ALG_OFB -#if ALG_CBC - case ALG_CBC_VALUE: -#endif // ALG_CBC -#if ALG_ECB - case ALG_ECB_VALUE: -#endif - if(doTest) - result = TestSymmetric(alg, toTest); - else - // If doing the initialization of g_toTest vector, only need - // to test one of the modes for the symmetric algorithms. If - // initializing for a SelfTest(FULL_TEST), allow all the modes. - if(toTest == &g_toTest) - CLEAR_BIT(alg, *toTest); - break; -#if !ALG_HMAC -# error HMAC is required in all TPM implementations -#endif - case ALG_HMAC_VALUE: - // Clear the bit that indicates that HMAC is required because - // HMAC is used as the basic test for all hash algorithms. - CLEAR_BOTH(alg); - // Testing HMAC means test the default hash - if(doTest) - TestHash(DEFAULT_TEST_HASH, toTest); - else - // If not testing, then indicate that the hash needs to be - // tested because this uses HMAC - SET_BOTH(DEFAULT_TEST_HASH); - break; -#if ALG_SHA1 - case ALG_SHA1_VALUE: -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: -#endif // ALG_SHA512 - // if SM3 is implemented its test is like any other hash, but there - // aren't any test vectors yet. -#if ALG_SM3_256 -// case ALG_SM3_256_VALUE: -#endif // ALG_SM3_256 - if(doTest) - result = TestHash(alg, toTest); - break; - // RSA-dependent -#if ALG_RSA - case ALG_RSA_VALUE: - CLEAR_BOTH(alg); - if(doTest) - result = TestRsa(ALG_NULL_VALUE, toTest); - else - SET_BOTH(ALG_NULL_VALUE); - break; - case ALG_RSASSA_VALUE: - case ALG_RSAES_VALUE: - case ALG_RSAPSS_VALUE: - case ALG_OAEP_VALUE: - case ALG_NULL_VALUE: // used or RSADP - if(doTest) - result = TestRsa(alg, toTest); - break; -#endif // ALG_RSA -#if ALG_KDF1_SP800_108 - case ALG_KDF1_SP800_108_VALUE: - if(doTest) - result = TestKDFa(toTest); - break; -#endif // ALG_KDF1_SP800_108 -#if ALG_ECC - // ECC dependent but no tests - // case ALG_ECDAA_VALUE: - // case ALG_ECMQV_VALUE: - // case ALG_KDF1_SP800_56a_VALUE: - // case ALG_KDF2_VALUE: - // case ALG_MGF1_VALUE: - case ALG_ECC_VALUE: - CLEAR_BOTH(alg); - if(doTest) - result = TestEcc(ALG_ECDH_VALUE, toTest); - else - SET_BOTH(ALG_ECDH_VALUE); - break; - case ALG_ECDSA_VALUE: - case ALG_ECDH_VALUE: - case ALG_ECSCHNORR_VALUE: -// case ALG_SM2_VALUE: - if(doTest) - result = TestEcc(alg, toTest); - break; -#endif // ALG_ECC - default: - CLEAR_BIT(alg, *toTest); - break; - } - if(result != TPM_RC_SUCCESS) - break; - } - return result; -} - -#endif // SELF_TESTS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c deleted file mode 100644 index f729cfe6f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c +++ /dev/null @@ -1,295 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the basic conversion functions that will convert TPM2B -// to/from the internal format. The internal format is a bigNum, -// - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** BnFromBytes() -// This function will convert a big-endian byte array to the internal number -// format. If bn is NULL, then the output is NULL. If bytes is null or the -// required size is 0, then the output is set to zero -LIB_EXPORT bigNum -BnFromBytes( - bigNum bn, - const BYTE *bytes, - NUMBYTES nBytes - ) -{ - const BYTE *pFrom; // 'p' points to the least significant bytes of source - BYTE *pTo; // points to least significant bytes of destination - crypt_uword_t size; -// - - size = (bytes != NULL) ? BYTES_TO_CRYPT_WORDS(nBytes) : 0; - - // If nothing in, nothing out - if(bn == NULL) - return NULL; - - // make sure things fit - pAssert(BnGetAllocated(bn) >= size); - - if(size > 0) - { - // Clear the topmost word in case it is not filled with data - bn->d[size - 1] = 0; - // Moving the input bytes from the end of the list (LSB) end - pFrom = bytes + nBytes - 1; - // To the LS0 of the LSW of the bigNum. - pTo = (BYTE *)bn->d; - for(; nBytes != 0; nBytes--) - *pTo++ = *pFrom--; - // For a little-endian machine, the conversion is a straight byte - // reversal. For a big-endian machine, we have to put the words in - // big-endian byte order -#if BIG_ENDIAN_TPM - { - crypt_word_t t; - for(t = (crypt_word_t)size - 1; t >= 0; t--) - bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]); - } -#endif - } - BnSetTop(bn, size); - return bn; -} - -//*** BnFrom2B() -// Convert an TPM2B to a BIG_NUM. -// If the input value does not exist, or the output does not exist, or the input -// will not fit into the output the function returns NULL -LIB_EXPORT bigNum -BnFrom2B( - bigNum bn, // OUT: - const TPM2B *a2B // IN: number to convert - ) -{ - if(a2B != NULL) - return BnFromBytes(bn, a2B->buffer, a2B->size); - // Make sure that the number has an initialized value rather than whatever - // was there before - BnSetTop(bn, 0); // Function accepts NULL - return NULL; -} - -//*** BnFromHex() -// Convert a hex string into a bigNum. This is primarily used in debugging. -LIB_EXPORT bigNum -BnFromHex( - bigNum bn, // OUT: - const char *hex // IN: - ) -{ -#define FromHex(a) ((a) - (((a) > 'a') ? ('a' + 10) \ - : ((a) > 'A') ? ('A' - 10) : '0')) - unsigned i; - unsigned wordCount; - const char *p; - BYTE *d = (BYTE *)&(bn->d[0]); -// - pAssert(bn && hex); - i = (unsigned)strlen(hex); - wordCount = BYTES_TO_CRYPT_WORDS((i + 1) / 2); - if((i == 0) || (wordCount >= BnGetAllocated(bn))) - BnSetWord(bn, 0); - else - { - bn->d[wordCount - 1] = 0; - p = hex + i - 1; - for(;i > 1; i -= 2) - { - BYTE a; - a = FromHex(*p); - p--; - *d++ = a + (FromHex(*p) << 4); - p--; - } - if(i == 1) - *d = FromHex(*p); - } -#if !BIG_ENDIAN_TPM - for(i = 0; i < wordCount; i++) - bn->d[i] = SWAP_CRYPT_WORD(bn->d[i]); -#endif // BIG_ENDIAN_TPM - BnSetTop(bn, wordCount); - return bn; -} - -//*** BnToBytes() -// This function converts a BIG_NUM to a byte array. It converts the bigNum to a -// big-endian byte string and sets 'size' to the normalized value. If 'size' is an -// input 0, then the receiving buffer is guaranteed to be large enough for the result -// and the size will be set to the size required for bigNum (leading zeros -// suppressed). -// -// The conversion for a little-endian machine simply requires that all significant -// bytes of the bigNum be reversed. For a big-endian machine, rather than -// unpack each word individually, the bigNum is converted to little-endian words, -// copied, and then converted back to big-endian. -LIB_EXPORT BOOL -BnToBytes( - bigConst bn, - BYTE *buffer, - NUMBYTES *size // This the number of bytes that are - // available in the buffer. The result - // should be this big. - ) -{ - crypt_uword_t requiredSize; - BYTE *pFrom; - BYTE *pTo; - crypt_uword_t count; -// - // validate inputs - pAssert(bn && buffer && size); - - requiredSize = (BnSizeInBits(bn) + 7) / 8; - if(requiredSize == 0) - { - // If the input value is 0, return a byte of zero - *size = 1; - *buffer = 0; - } - else - { -#if BIG_ENDIAN_TPM - // Copy the constant input value into a modifiable value - BN_VAR(bnL, LARGEST_NUMBER_BITS * 2); - BnCopy(bnL, bn); - // byte swap the words in the local value to make them little-endian - for(count = 0; count < bnL->size; count++) - bnL->d[count] = SWAP_CRYPT_WORD(bnL->d[count]); - bn = (bigConst)bnL; -#endif - if(*size == 0) - *size = (NUMBYTES)requiredSize; - pAssert(requiredSize <= *size); - // Byte swap the number (not words but the whole value) - count = *size; - // Start from the least significant word and offset to the most significant - // byte which is in some high word - pFrom = (BYTE *)(&bn->d[0]) + requiredSize - 1; - pTo = buffer; - - // If the number of output bytes is larger than the number bytes required - // for the input number, pad with zeros - for(count = *size; count > requiredSize; count--) - *pTo++ = 0; - // Move the most significant byte at the end of the BigNum to the next most - // significant byte position of the 2B and repeat for all significant bytes. - for(; requiredSize > 0; requiredSize--) - *pTo++ = *pFrom--; - } - return TRUE; -} - -//*** BnTo2B() -// Function to convert a BIG_NUM to TPM2B. -// The TPM2B size is set to the requested 'size' which may require padding. -// If 'size' is non-zero and less than required by the value in 'bn' then an error -// is returned. If 'size' is zero, then the TPM2B is assumed to be large enough -// for the data and a2b->size will be adjusted accordingly. -LIB_EXPORT BOOL -BnTo2B( - bigConst bn, // IN: - TPM2B *a2B, // OUT: - NUMBYTES size // IN: the desired size - ) -{ - // Set the output size - if(bn && a2B) - { - a2B->size = size; - return BnToBytes(bn, a2B->buffer, &a2B->size); - } - return FALSE; -} - -#if ALG_ECC - -//*** BnPointFrom2B() -// Function to create a BIG_POINT structure from a 2B point. -// A point is going to be two ECC values in the same buffer. The values are going -// to be the size of the modulus. They are in modular form. -LIB_EXPORT bn_point_t * -BnPointFrom2B( - bigPoint ecP, // OUT: the preallocated point structure - TPMS_ECC_POINT *p // IN: the number to convert - ) -{ - if(p == NULL) - return NULL; - - if(NULL != ecP) - { - BnFrom2B(ecP->x, &p->x.b); - BnFrom2B(ecP->y, &p->y.b); - BnSetWord(ecP->z, 1); - } - return ecP; -} - -//*** BnPointTo2B() -// This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT -// contains two TPM2B_ECC_PARAMETER values. The maximum size of the parameters -// is dependent on the maximum EC key size used in an implementation. -// The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B -// values, each as large as a MAX_ECC_PARAMETER_BYTES -LIB_EXPORT BOOL -BnPointTo2B( - TPMS_ECC_POINT *p, // OUT: the converted 2B structure - bigPoint ecP, // IN: the values to be converted - bigCurve E // IN: curve descriptor for the point - ) -{ - UINT16 size; -// - pAssert(p && ecP && E); - pAssert(BnEqualWord(ecP->z, 1)); - // BnMsb is the bit number of the MSB. This is one less than the number of bits - size = (UINT16)BITS_TO_BYTES(BnSizeInBits(CurveGetOrder(AccessCurveData(E)))); - BnTo2B(ecP->x, &p->x.b, size); - BnTo2B(ecP->y, &p->y.b, size); - return TRUE; -} - -#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c deleted file mode 100644 index 84d3e9eeb..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c +++ /dev/null @@ -1,597 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// The simulator code uses the canonical form whenever possible in order to make -// the code in Part 3 more accessible. The canonical data formats are simple and -// not well suited for complex big number computations. When operating on big -// numbers, the data format is changed for easier manipulation. The format is native -// words in little-endian format. As the magnitude of the number decreases, the -// length of the array containing the number decreases but the starting address -// doesn't change. -// -// The functions in this file perform simple operations on these big numbers. Only -// the more complex operations are passed to the underlying support library. -// Although the support library would have most of these functions, the interface -// code to convert the format for the values is greater than the size of the -// code to implement the functions here. So, rather than incur the overhead of -// conversion, they are done here. -// -// If an implementer would prefer, the underlying library can be used simply by -// making code substitutions here. -// -// NOTE: There is an intention to continue to augment these functions so that there -// would be no need to use an external big number library. -// -// Many of these functions have no error returns and will always return TRUE. This -// is to allow them to be used in "guarded" sequences. That is: -// OK = OK || BnSomething(s); -// where the BnSomething function should not be called if OK isn't true. - -//** Includes -#include "Tpm.h" - -// A constant value of zero as a stand in for NULL bigNum values -const bignum_t BnConstZero = {1, 0, {0}}; - -//** Functions - -//*** AddSame() -// Adds two values that are the same size. This function allows 'result' to be -// the same as either of the addends. This is a nice function to put into assembly -// because handling the carry for multi-precision stuff is not as easy in C -// (unless there is a REALLY smart compiler). It would be nice if there were idioms -// in a language that a compiler could recognize what is going on and optimize -// loops like this. -// Return Type: int -// 0 no carry out -// 1 carry out -static BOOL -AddSame( - crypt_uword_t *result, - const crypt_uword_t *op1, - const crypt_uword_t *op2, - int count - ) -{ - int carry = 0; - int i; - - for(i = 0; i < count; i++) - { - crypt_uword_t a = op1[i]; - crypt_uword_t sum = a + op2[i]; - result[i] = sum + carry; - // generate a carry if the sum is less than either of the inputs - // propagate a carry if there was a carry and the sum + carry is zero - // do this using bit operations rather than logical operations so that - // the time is about the same. - // propagate term | generate term - carry = ((result[i] == 0) & carry) | (sum < a); - } - return carry; -} - -//*** CarryProp() -// Propagate a carry -static int -CarryProp( - crypt_uword_t *result, - const crypt_uword_t *op, - int count, - int carry - ) -{ - for(; count; count--) - carry = ((*result++ = *op++ + carry) == 0) & carry; - return carry; -} - -static void -CarryResolve( - bigNum result, - int stop, - int carry - ) -{ - if(carry) - { - pAssert((unsigned)stop < result->allocated); - result->d[stop++] = 1; - } - BnSetTop(result, stop); -} - -//*** BnAdd() -// This function adds two bigNum values. This function always returns TRUE. -LIB_EXPORT BOOL -BnAdd( - bigNum result, - bigConst op1, - bigConst op2 - ) -{ - crypt_uword_t stop; - int carry; - const bignum_t *n1 = op1; - const bignum_t *n2 = op2; - -// - if(n2->size > n1->size) - { - n1 = op2; - n2 = op1; - } - pAssert(result->allocated >= n1->size); - stop = MIN(n1->size, n2->allocated); - carry = (int)AddSame(result->d, n1->d, n2->d, (int)stop); - if(n1->size > stop) - carry = CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry); - CarryResolve(result, (int)n1->size, carry); - return TRUE; -} - -//*** BnAddWord() -// This function adds a word value to a bigNum. This function always returns TRUE. -LIB_EXPORT BOOL -BnAddWord( - bigNum result, - bigConst op, - crypt_uword_t word - ) -{ - int carry; -// - carry = (result->d[0] = op->d[0] + word) < word; - carry = CarryProp(&result->d[1], &op->d[1], (int)(op->size - 1), carry); - CarryResolve(result, (int)op->size, carry); - return TRUE; -} - -//*** SubSame() -// This function subtracts two values that have the same size. -static int -SubSame( - crypt_uword_t *result, - const crypt_uword_t *op1, - const crypt_uword_t *op2, - int count - ) -{ - int borrow = 0; - int i; - for(i = 0; i < count; i++) - { - crypt_uword_t a = op1[i]; - crypt_uword_t diff = a - op2[i]; - result[i] = diff - borrow; - // generate | propagate - borrow = (diff > a) | ((diff == 0) & borrow); - } - return borrow; -} - -//*** BorrowProp() -// This propagates a borrow. If borrow is true when the end -// of the array is reached, then it means that op2 was larger than -// op1 and we don't handle that case so an assert is generated. -// This design choice was made because our only bigNum computations -// are on large positive numbers (primes) or on fields. -// Propagate a borrow. -static int -BorrowProp( - crypt_uword_t *result, - const crypt_uword_t *op, - int size, - int borrow - ) -{ - for(; size > 0; size--) - borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow; - return borrow; -} - -//*** BnSub() -// This function does subtraction of two bigNum values and returns result = op1 - op2 -// when op1 is greater than op2. If op2 is greater than op1, then a fault is -// generated. This function always returns TRUE. -LIB_EXPORT BOOL -BnSub( - bigNum result, - bigConst op1, - bigConst op2 - ) -{ - int borrow; - int stop = (int)MIN(op1->size, op2->allocated); -// - // Make sure that op2 is not obviously larger than op1 - pAssert(op1->size >= op2->size); - borrow = SubSame(result->d, op1->d, op2->d, stop); - if(op1->size > (crypt_uword_t)stop) - borrow = BorrowProp(&result->d[stop], &op1->d[stop], (int)(op1->size - stop), - borrow); - pAssert(!borrow); - BnSetTop(result, op1->size); - return TRUE; -} - -//*** BnSubWord() -// This function subtracts a word value from a bigNum. This function always -// returns TRUE. -LIB_EXPORT BOOL -BnSubWord( - bigNum result, - bigConst op, - crypt_uword_t word - ) -{ - int borrow; -// - pAssert(op->size > 1 || word <= op->d[0]); - borrow = word > op->d[0]; - result->d[0] = op->d[0] - word; - borrow = BorrowProp(&result->d[1], &op->d[1], (int)(op->size - 1), borrow); - pAssert(!borrow); - BnSetTop(result, op->size); - return TRUE; -} - -//*** BnUnsignedCmp() -// This function performs a comparison of op1 to op2. The compare is approximately -// constant time if the size of the values used in the compare is consistent -// across calls (from the same line in the calling code). -// Return Type: int -// < 0 op1 is less than op2 -// 0 op1 is equal to op2 -// > 0 op1 is greater than op2 -LIB_EXPORT int -BnUnsignedCmp( - bigConst op1, - bigConst op2 - ) -{ - int retVal; - int diff; - int i; -// - pAssert((op1 != NULL) && (op2 != NULL)); - retVal = (int)(op1->size - op2->size); - if(retVal == 0) - { - for(i = (int)(op1->size - 1); i >= 0; i--) - { - diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]); - retVal = retVal == 0 ? diff : retVal; - } - } - else - retVal = (retVal < 0) ? -1 : 1; - return retVal; -} - -//*** BnUnsignedCmpWord() -// Compare a bigNum to a crypt_uword_t. -// Return Type: int -// -1 op1 is less that word -// 0 op1 is equal to word -// 1 op1 is greater than word -LIB_EXPORT int -BnUnsignedCmpWord( - bigConst op1, - crypt_uword_t word - ) -{ - if(op1->size > 1) - return 1; - else if(op1->size == 1) - return (op1->d[0] < word) ? -1 : (op1->d[0] > word); - else // op1 is zero - // equal if word is zero - return (word == 0) ? 0 : -1; -} - -//*** BnModWord() -// This function does modular division of a big number when the modulus is a -// word value. -LIB_EXPORT crypt_word_t -BnModWord( - bigConst numerator, - crypt_word_t modulus - ) -{ - BN_MAX(remainder); - BN_VAR(mod, RADIX_BITS); -// - mod->d[0] = modulus; - mod->size = (modulus != 0); - BnDiv(NULL, remainder, numerator, mod); - return remainder->d[0]; -} - -//*** Msb() -// This function returns the bit number of the most significant bit of a -// crypt_uword_t. The number for the least significant bit of any bigNum value is 0. -// The maximum return value is RADIX_BITS - 1, -// Return Type: int -// -1 the word was zero -// n the bit number of the most significant bit in the word -LIB_EXPORT int -Msb( - crypt_uword_t word - ) -{ - int retVal = -1; -// -#if RADIX_BITS == 64 - if(word & 0xffffffff00000000) { retVal += 32; word >>= 32; } -#endif - if(word & 0xffff0000) { retVal += 16; word >>= 16; } - if(word & 0x0000ff00) { retVal += 8; word >>= 8; } - if(word & 0x000000f0) { retVal += 4; word >>= 4; } - if(word & 0x0000000c) { retVal += 2; word >>= 2; } - if(word & 0x00000002) { retVal += 1; word >>= 1; } - return retVal + (int)word; -} - -//*** BnMsb() -// This function returns the number of the MSb of a bigNum value. -// Return Type: int -// -1 the word was zero or 'bn' was NULL -// n the bit number of the most significant bit in the word -LIB_EXPORT int -BnMsb( - bigConst bn - ) -{ - // If the value is NULL, or the size is zero then treat as zero and return -1 - if(bn != NULL && bn->size > 0) - { - int retVal = Msb(bn->d[bn->size - 1]); - retVal += (int)(bn->size - 1) * RADIX_BITS; - return retVal; - } - else - return -1; -} - -//*** BnSizeInBits() -// This function returns the number of bits required to hold a number. It is one -// greater than the Msb. -// -LIB_EXPORT unsigned -BnSizeInBits( - bigConst n - ) -{ - int bits = BnMsb(n) + 1; -// - return bits < 0? 0 : (unsigned)bits; -} - -//*** BnSetWord() -// Change the value of a bignum_t to a word value. -LIB_EXPORT bigNum -BnSetWord( - bigNum n, - crypt_uword_t w - ) -{ - if(n != NULL) - { - pAssert(n->allocated > 1); - n->d[0] = w; - BnSetTop(n, (w != 0) ? 1 : 0); - } - return n; -} - -//*** BnSetBit() -// This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in -// the 0th digit_t. The function always return TRUE -LIB_EXPORT BOOL -BnSetBit( - bigNum bn, // IN/OUT: big number to modify - unsigned int bitNum // IN: Bit number to SET - ) -{ - crypt_uword_t offset = bitNum / RADIX_BITS; - pAssert(bn->allocated * RADIX_BITS >= bitNum); - // Grow the number if necessary to set the bit. - while(bn->size <= offset) - bn->d[bn->size++] = 0; - bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum)); - return TRUE; -} - -//*** BnTestBit() -// This function is used to check to see if a bit is SET in a bignum_t. The 0th bit -// is the LSb of d[0]. -// Return Type: BOOL -// TRUE(1) the bit is set -// FALSE(0) the bit is not set or the number is out of range -LIB_EXPORT BOOL -BnTestBit( - bigNum bn, // IN: number to check - unsigned int bitNum // IN: bit to test - ) -{ - crypt_uword_t offset = RADIX_DIV(bitNum); -// - if(bn->size > offset) - return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0); - else - return FALSE; -} - -//***BnMaskBits() -// This function is used to mask off high order bits of a big number. -// The returned value will have no more than 'maskBit' bits -// set. -// Note: There is a requirement that unused words of a bignum_t are set to zero. -// Return Type: BOOL -// TRUE(1) result masked -// FALSE(0) the input was not as large as the mask -LIB_EXPORT BOOL -BnMaskBits( - bigNum bn, // IN/OUT: number to mask - crypt_uword_t maskBit // IN: the bit number for the mask. - ) -{ - crypt_uword_t finalSize; - BOOL retVal; - - finalSize = BITS_TO_CRYPT_WORDS(maskBit); - retVal = (finalSize <= bn->allocated); - if(retVal && (finalSize > 0)) - { - crypt_uword_t mask; - mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit); - bn->d[finalSize - 1] &= mask; - } - BnSetTop(bn, finalSize); - return retVal; -} - -//*** BnShiftRight() -// This function will shift a bigNum to the right by the shiftAmount. -// This function always returns TRUE. -LIB_EXPORT BOOL -BnShiftRight( - bigNum result, - bigConst toShift, - uint32_t shiftAmount - ) -{ - uint32_t offset = (shiftAmount >> RADIX_LOG2); - uint32_t i; - uint32_t shiftIn; - crypt_uword_t finalSize; -// - shiftAmount = shiftAmount & RADIX_MASK; - shiftIn = RADIX_BITS - shiftAmount; - - // The end size is toShift->size - offset less one additional - // word if the shiftAmount would make the upper word == 0 - if(toShift->size > offset) - { - finalSize = toShift->size - offset; - finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0; - } - else - finalSize = 0; - - pAssert(finalSize <= result->allocated); - if(finalSize != 0) - { - for(i = 0; i < finalSize; i++) - { - result->d[i] = (toShift->d[i + offset] >> shiftAmount) - | (toShift->d[i + offset + 1] << shiftIn); - } - if(offset == 0) - result->d[i] = toShift->d[i] >> shiftAmount; - } - BnSetTop(result, finalSize); - return TRUE; -} - -//*** BnGetRandomBits() -// This function gets random bits for use in various places. To make sure that the -// number is generated in a portable format, it is created as a TPM2B and then -// converted to the internal format. -// -// One consequence of the generation scheme is that, if the number of bits requested -// is not a multiple of 8, then the high-order bits are set to zero. This would come -// into play when generating a 521-bit ECC key. A 66-byte (528-bit) value is -// generated an the high order 7 bits are masked off (CLEAR). -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -LIB_EXPORT BOOL -BnGetRandomBits( - bigNum n, - size_t bits, - RAND_STATE *rand -) -{ - // Since this could be used for ECC key generation using the extra bits method, - // make sure that the value is large enough - TPM2B_TYPE(LARGEST, LARGEST_NUMBER + 8); - TPM2B_LARGEST large; -// - large.b.size = (UINT16)BITS_TO_BYTES(bits); - if(DRBG_Generate(rand, large.t.buffer, large.t.size) == large.t.size) - { - if(BnFrom2B(n, &large.b) != NULL) - { - if(BnMaskBits(n, bits)) - return TRUE; - } - } - return FALSE; -} - -//*** BnGenerateRandomInRange() -// This function is used to generate a random number r in the range 1 <= r < limit. -// The function gets a random number of bits that is the size of limit. There is some -// some probability that the returned number is going to be greater than or equal -// to the limit. If it is, try again. There is no more than 50% chance that the -// next number is also greater, so try again. We keep trying until we get a -// value that meets the criteria. Since limit is very often a number with a LOT of -// high order ones, this rarely would need a second try. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure ('limit' is too small) -LIB_EXPORT BOOL -BnGenerateRandomInRange( - bigNum dest, - bigConst limit, - RAND_STATE *rand - ) -{ - size_t bits = BnSizeInBits(limit); -// - if(bits < 2) - { - BnSetWord(dest, 0); - return FALSE; - } - else - { - while(BnGetRandomBits(dest, bits, rand) - && (BnEqualZero(dest) || (BnUnsignedCmp(dest, limit) >= 0))); - } - return !g_inFailureMode; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c deleted file mode 100644 index ec70a476f..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c +++ /dev/null @@ -1,187 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the memory setup functions used by the bigNum functions -// in CryptoEngine - -//** Includes -#include "Tpm.h" - -//** Functions - -//*** BnSetTop() -// This function is used when the size of a bignum_t is changed. It -// makes sure that the unused words are set to zero and that any significant -// words of zeros are eliminated from the used size indicator. -LIB_EXPORT bigNum -BnSetTop( - bigNum bn, // IN/OUT: number to clean - crypt_uword_t top // IN: the new top - ) -{ - if(bn != NULL) - { - pAssert(top <= bn->allocated); - // If forcing the size to be decreased, make sure that the words being - // discarded are being set to 0 - while(bn->size > top) - bn->d[--bn->size] = 0; - bn->size = top; - // Now make sure that the words that are left are 'normalized' (no high-order - // words of zero. - while((bn->size > 0) && (bn->d[bn->size - 1] == 0)) - bn->size -= 1; - } - return bn; -} - -//*** BnClearTop() -// This function will make sure that all unused words are zero. -LIB_EXPORT bigNum -BnClearTop( - bigNum bn - ) -{ - crypt_uword_t i; -// - if(bn != NULL) - { - for(i = bn->size; i < bn->allocated; i++) - bn->d[i] = 0; - while((bn->size > 0) && (bn->d[bn->size] == 0)) - bn->size -= 1; - } - return bn; -} - -//*** BnInitializeWord() -// This function is used to initialize an allocated bigNum with a word value. The -// bigNum does not have to be allocated with a single word. -LIB_EXPORT bigNum -BnInitializeWord( - bigNum bn, // IN: - crypt_uword_t allocated, // IN: - crypt_uword_t word // IN: - ) -{ - bn->allocated = allocated; - bn->size = (word != 0); - bn->d[0] = word; - while(allocated > 1) - bn->d[--allocated] = 0; - return bn; -} - -//*** BnInit() -// This function initializes a stack allocated bignum_t. It initializes -// 'allocated' and 'size' and zeros the words of 'd'. -LIB_EXPORT bigNum -BnInit( - bigNum bn, - crypt_uword_t allocated - ) -{ - if(bn != NULL) - { - bn->allocated = allocated; - bn->size = 0; - while(allocated != 0) - bn->d[--allocated] = 0; - } - return bn; -} - -//*** BnCopy() -// Function to copy a bignum_t. If the output is NULL, then -// nothing happens. If the input is NULL, the output is set -// to zero. -LIB_EXPORT BOOL -BnCopy( - bigNum out, - bigConst in - ) -{ - if(in == out) - BnSetTop(out, BnGetSize(out)); - else if(out != NULL) - { - if(in != NULL) - { - unsigned int i; - pAssert(BnGetAllocated(out) >= BnGetSize(in)); - for(i = 0; i < BnGetSize(in); i++) - out->d[i] = in->d[i]; - BnSetTop(out, BnGetSize(in)); - } - else - BnSetTop(out, 0); - } - return TRUE; -} - -#if ALG_ECC - -//*** BnPointCopy() -// Function to copy a bn point. -LIB_EXPORT BOOL -BnPointCopy( - bigPoint pOut, - pointConst pIn - ) -{ - return BnCopy(pOut->x, pIn->x) - && BnCopy(pOut->y, pIn->y) - && BnCopy(pOut->z, pIn->z); -} - -//*** BnInitializePoint() -// This function is used to initialize a point structure with the addresses -// of the coordinates. -LIB_EXPORT bn_point_t * -BnInitializePoint( - bigPoint p, // OUT: structure to receive pointers - bigNum x, // IN: x coordinate - bigNum y, // IN: y coordinate - bigNum z // IN: x coordinate - ) -{ - p->x = x; - p->y = y; - p->z = z; - BnSetWord(z, 1); - return p; -} - -#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c deleted file mode 100644 index 7440d5f6b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c +++ /dev/null @@ -1,176 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the implementation of the message authentication codes based -// on a symmetric block cipher. These functions only use the single block -// encryption functions of the selected symmetric cryptographic library. - -//** Includes, Defines, and Typedefs -#define _CRYPT_HASH_C_ -#include "Tpm.h" -#include "CryptSym.h" - -#if ALG_CMAC - -//** Functions - -//*** CryptCmacStart() -// This is the function to start the CMAC sequence operation. It initializes the -// dispatch functions for the data and end operations for CMAC and initializes the -// parameters that are used for the processing of data, including the key, key size -// and block cipher algorithm. -UINT16 -CryptCmacStart( - SMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParms, - TPM_ALG_ID macAlg, - TPM2B *key -) -{ - tpmCmacState_t *cState = &state->state.cmac; - TPMT_SYM_DEF_OBJECT *def = &keyParms->symDetail.sym; -// - if(macAlg != TPM_ALG_CMAC) - return 0; - // set up the encryption algorithm and parameters - cState->symAlg = def->algorithm; - cState->keySizeBits = def->keyBits.sym; - cState->iv.t.size = CryptGetSymmetricBlockSize(def->algorithm, - def->keyBits.sym); - MemoryCopy2B(&cState->symKey.b, key, sizeof(cState->symKey.t.buffer)); - - // Set up the dispatch methods for the CMAC - state->smacMethods.data = CryptCmacData; - state->smacMethods.end = CryptCmacEnd; - return cState->iv.t.size; -} - - -//*** CryptCmacData() -// This function is used to add data to the CMAC sequence computation. The function -// will XOR new data into the IV. If the buffer is full, and there is additional -// input data, the data is encrypted into the IV buffer, the new data is then -// XOR into the IV. When the data runs out, the function returns without encrypting -// even if the buffer is full. The last data block of a sequence will not be -// encrypted until the call to CryptCmacEnd(). This is to allow the proper subkey -// to be computed and applied before the last block is encrypted. -void -CryptCmacData( - SMAC_STATES *state, - UINT32 size, - const BYTE *buffer -) -{ - tpmCmacState_t *cmacState = &state->cmac; - TPM_ALG_ID algorithm = cmacState->symAlg; - BYTE *key = cmacState->symKey.t.buffer; - UINT16 keySizeInBits = cmacState->keySizeBits; - tpmCryptKeySchedule_t keySchedule; - TpmCryptSetSymKeyCall_t encrypt; -// - SELECT(ENCRYPT); - while(size > 0) - { - if(cmacState->bcount == cmacState->iv.t.size) - { - ENCRYPT(&keySchedule, cmacState->iv.t.buffer, cmacState->iv.t.buffer); - cmacState->bcount = 0; - } - for(;(size > 0) && (cmacState->bcount < cmacState->iv.t.size); - size--, cmacState->bcount++) - { - cmacState->iv.t.buffer[cmacState->bcount] ^= *buffer++; - } - } -} - -//*** CryptCmacEnd() -// This is the completion function for the CMAC. It does padding, if needed, and -// selects the subkey to be applied before the last block is encrypted. -UINT16 -CryptCmacEnd( - SMAC_STATES *state, - UINT32 outSize, - BYTE *outBuffer -) -{ - tpmCmacState_t *cState = &state->cmac; - // Need to set algorithm, key, and keySizeInBits in the local context so that - // the SELECT and ENCRYPT macros will work here - TPM_ALG_ID algorithm = cState->symAlg; - BYTE *key = cState->symKey.t.buffer; - UINT16 keySizeInBits = cState->keySizeBits; - tpmCryptKeySchedule_t keySchedule; - TpmCryptSetSymKeyCall_t encrypt; - TPM2B_IV subkey = {{0, {0}}}; - BOOL xorVal; - UINT16 i; - - subkey.t.size = cState->iv.t.size; - // Encrypt a block of zero - SELECT(ENCRYPT); - ENCRYPT(&keySchedule, subkey.t.buffer, subkey.t.buffer); - - // shift left by 1 and XOR with 0x0...87 if the MSb was 0 - xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; - ShiftLeft(&subkey.b); - subkey.t.buffer[subkey.t.size - 1] ^= xorVal; - // this is a sanity check to make sure that the algorithm is working properly. - // remove this check when debug is done - pAssert(cState->bcount <= cState->iv.t.size); - // If the buffer is full then no need to compute subkey 2. - if(cState->bcount < cState->iv.t.size) - { - //Pad the data - cState->iv.t.buffer[cState->bcount++] ^= 0x80; - // The rest of the data is a pad of zero which would simply be XORed - // with the iv value so nothing to do... - // Now compute K2 - xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; - ShiftLeft(&subkey.b); - subkey.t.buffer[subkey.t.size - 1] ^= xorVal; - } - // XOR the subkey into the IV - for(i = 0; i < subkey.t.size; i++) - cState->iv.t.buffer[i] ^= subkey.t.buffer[i]; - ENCRYPT(&keySchedule, cState->iv.t.buffer, cState->iv.t.buffer); - i = (UINT16)MIN(cState->iv.t.size, outSize); - MemoryCopy(outBuffer, cState->iv.t.buffer, i); - - return i; -} -#endif - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c deleted file mode 100644 index dd0b6f6ed..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c +++ /dev/null @@ -1,188 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the extra functions required for TDES. - -//** Includes, Defines, and Typedefs -#include "Tpm.h" - -#if ALG_TDES - - -#define DES_NUM_WEAK 64 -const UINT64 DesWeakKeys[DES_NUM_WEAK] = { - 0x0101010101010101ULL, 0xFEFEFEFEFEFEFEFEULL, - 0xE0E0E0E0F1F1F1F1ULL, 0x1F1F1F1F0E0E0E0EULL, - 0x011F011F010E010EULL, 0x1F011F010E010E01ULL, - 0x01E001E001F101F1ULL, 0xE001E001F101F101ULL, - 0x01FE01FE01FE01FEULL, 0xFE01FE01FE01FE01ULL, - 0x1FE01FE00EF10EF1ULL, 0xE01FE01FF10EF10EULL, - 0x1FFE1FFE0EFE0EFEULL, 0xFE1FFE1FFE0EFE0EULL, - 0xE0FEE0FEF1FEF1FEULL, 0xFEE0FEE0FEF1FEF1ULL, - 0x01011F1F01010E0EULL, 0x1F1F01010E0E0101ULL, - 0xE0E01F1FF1F10E0EULL, 0x0101E0E00101F1F1ULL, - 0x1F1FE0E00E0EF1F1ULL, 0xE0E0FEFEF1F1FEFEULL, - 0x0101FEFE0101FEFEULL, 0x1F1FFEFE0E0EFEFEULL, - 0xE0FE011FF1FE010EULL, 0x011F1F01010E0E01ULL, - 0x1FE001FE0EF101FEULL, 0xE0FE1F01F1FE0E01ULL, - 0x011FE0FE010EF1FEULL, 0x1FE0E01F0EF1F10EULL, - 0xE0FEFEE0F1FEFEF1ULL, 0x011FFEE0010EFEF1ULL, - 0x1FE0FE010EF1FE01ULL, 0xFE0101FEFE0101FEULL, - 0x01E01FFE01F10EFEULL, 0x1FFE01E00EFE01F1ULL, - 0xFE011FE0FE010EF1ULL, 0xFE01E01FFE01F10EULL, - 0x1FFEE0010EFEF101ULL, 0xFE1F01E0FE0E01F1ULL, - 0x01E0E00101F1F101ULL, 0x1FFEFE1F0EFEFE0EULL, - 0xFE1FE001FE0EF101ULL, 0x01E0FE1F01F1FE0EULL, - 0xE00101E0F10101F1ULL, 0xFE1F1FFEFE0E0EFEULL, - 0x01FE1FE001FE0EF1ULL, 0xE0011FFEF1010EFEULL, - 0xFEE0011FFEF1010EULL, 0x01FEE01F01FEF10EULL, - 0xE001FE1FF101FE0EULL, 0xFEE01F01FEF10E01ULL, - 0x01FEFE0101FEFE01ULL, 0xE01F01FEF10E01FEULL, - 0xFEE0E0FEFEF1F1FEULL, 0x1F01011F0E01010EULL, - 0xE01F1FE0F10E0EF1ULL, 0xFEFE0101FEFE0101ULL, - 0x1F01E0FE0E01F1FEULL, 0xE01FFE01F10EFE01ULL, - 0xFEFE1F1FFEFE0E0EULL, 0x1F01FEE00E01FEF1ULL, - 0xE0E00101F1F10101ULL, 0xFEFEE0E0FEFEF1F1ULL}; - - -//*** CryptSetOddByteParity() -// This function sets the per byte parity of a 64-bit value. The least-significant -// bit is of each byte is replaced with the odd parity of the other 7 bits in the -// byte. With odd parity, no byte will ever be 0x00. -UINT64 -CryptSetOddByteParity( - UINT64 k - ) -{ -#define PMASK 0x0101010101010101ULL - UINT64 out; - k |= PMASK; // set the parity bit - out = k; - k ^= k >> 4; - k ^= k >> 2; - k ^= k >> 1; - k &= PMASK; // odd parity extracted - out ^= k; // out is now even parity because parity bit was already set - out ^= PMASK; // out is now even parity - return out; -} - - -//*** CryptDesIsWeakKey() -// Check to see if a DES key is on the list of weak, semi-weak, or possibly weak -// keys. -// Return Type: BOOL -// TRUE(1) DES key is weak -// FALSE(0) DES key is not weak -static BOOL -CryptDesIsWeakKey( - UINT64 k - ) -{ - int i; -// - for(i = 0; i < DES_NUM_WEAK; i++) - { - if(k == DesWeakKeys[i]) - return TRUE; - } - return FALSE; -} - -//*** CryptDesValidateKey() -// Function to check to see if the input key is a valid DES key where the definition -// of valid is that none of the elements are on the list of weak, semi-weak, or -// possibly weak keys; and that for two keys, K1!=K2, and for three keys that -// K1!=K2 and K2!=K3. -BOOL -CryptDesValidateKey( - TPM2B_SYM_KEY *desKey // IN: key to validate - ) -{ - UINT64 k[3]; - int i; - int keys = (desKey->t.size + 7) / 8; - BYTE *pk = desKey->t.buffer; - BOOL ok; -// - // Note: 'keys' is the number of keys, not the maximum index for 'k' - ok = ((keys == 2) || (keys == 3)) && ((desKey->t.size % 8) == 0); - for(i = 0; ok && i < keys; pk += 8, i++) - { - k[i] = CryptSetOddByteParity(BYTE_ARRAY_TO_UINT64(pk)); - ok = !CryptDesIsWeakKey(k[i]); - } - ok = ok && k[0] != k[1]; - if(keys == 3) - ok = ok && k[1] != k[2]; - return ok; -} - -//*** CryptGenerateKeyDes() -// This function is used to create a DES key of the appropriate size. The key will -// have odd parity in the bytes. -TPM_RC -CryptGenerateKeyDes( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template - // for the new key. - TPMT_SENSITIVE *sensitive, // OUT: sensitive area - RAND_STATE *rand // IN: the "entropy" source for - ) -{ - - // Assume that the publicArea key size has been validated and is a supported - // number of bits. - sensitive->sensitive.sym.t.size = - BITS_TO_BYTES(publicArea->parameters.symDetail.sym.keyBits.sym); - do - { - BYTE *pK = sensitive->sensitive.sym.t.buffer; - int i = (sensitive->sensitive.sym.t.size + 7) / 8; -// Use the random number generator to generate the required number of bits - if(DRBG_Generate(rand, pK, sensitive->sensitive.sym.t.size) == 0) - return TPM_RC_NO_RESULT; - for(; i > 0; pK += 8, i--) - { - UINT64 k = BYTE_ARRAY_TO_UINT64(pK); - k = CryptSetOddByteParity(k); - UINT64_TO_BYTE_ARRAY(k, pK); - } - } while(!CryptDesValidateKey(&sensitive->sensitive.sym)); - return TPM_RC_SUCCESS; -} - -#endif -//*** diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c deleted file mode 100644 index 06fb85e90..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c +++ /dev/null @@ -1,657 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmStructures; Version 4.1 Dec 8, 2018 - * Date: Jan 28, 2019 Time: 01:24:09AM - */ - -#include "Tpm.h" -#include "OIDs.h" - - -// This file contains the ECC curve data. The format of the data depends on the -// setting of USE_BN_ECC_DATA. If it is defined, then the TPM's BigNum format is -// used. Otherwise, it is kept in TPM2B format. The purpose of having the data in -// BigNum format is so that it does not have to be reformatted before being used -// by the crypto library. - -#if ALG_ECC - -#if USE_BN_ECC_DATA -# define TO_ECC_64 TO_CRYPT_WORD_64 -# define TO_ECC_56(a, b, c, d, e, f, g) TO_ECC_64(0, a, b, c, d, e, f, g) -# define TO_ECC_48(a, b, c, d, e, f) TO_ECC_64(0, 0, a, b, c, d, e, f) -# define TO_ECC_40(a, b, c, d, e) TO_ECC_64(0, 0, 0, a, b, c, d, e) -# if RADIX_BITS > 32 -# define TO_ECC_32(a, b, c, d) TO_ECC_64(0, 0, 0, 0, a, b, c, d) -# define TO_ECC_24(a, b, c) TO_ECC_64(0, 0, 0, 0, 0, a, b, c) -# define TO_ECC_16(a, b) TO_ECC_64(0, 0, 0, 0, 0, 0, a, b) -# define TO_ECC_8(a) TO_ECC_64(0, 0, 0, 0, 0, 0, 0, a) -# else // RADIX_BITS == 32 -# define TO_ECC_32 BIG_ENDIAN_BYTES_TO_UINT32 -# define TO_ECC_24(a, b, c) TO_ECC_32(0, a, b, c) -# define TO_ECC_16(a, b) TO_ECC_32(0, 0, a, b) -# define TO_ECC_8(a) TO_ECC_32(0, 0, 0, a) -# endif -#else // TPM2B_ -# define TO_ECC_64(a, b, c, d, e, f, g, h) a, b, c, d, e, f, g, h -# define TO_ECC_56(a, b, c, d, e, f, g) a, b, c, d, e, f, g -# define TO_ECC_48(a, b, c, d, e, f) a, b, c, d, e, f -# define TO_ECC_40(a, b, c, d, e) a, b, c, d, e -# define TO_ECC_32(a, b, c, d) a, b, c, d -# define TO_ECC_24(a, b, c) a, b, c -# define TO_ECC_16(a, b) a, b -# define TO_ECC_8(a) a -#endif - -#if USE_BN_ECC_DATA -#define BN_MIN_ALLOC(bytes) \ - (BYTES_TO_CRYPT_WORDS(bytes) == 0) ? 1 : BYTES_TO_CRYPT_WORDS(bytes) -# define ECC_CONST(NAME, bytes, initializer) \ - const struct { \ - crypt_uword_t allocate, size, d[BN_MIN_ALLOC(bytes)]; \ - } NAME = {BN_MIN_ALLOC(bytes), BYTES_TO_CRYPT_WORDS(bytes),{initializer}} - -ECC_CONST(ECC_ZERO, 0, 0); - -#else -# define ECC_CONST(NAME, bytes, initializer) \ - const TPM2B_##bytes##_BYTE_VALUE NAME = {bytes, {initializer}} - -// Have to special case ECC_ZERO -TPM2B_BYTE_VALUE(1); -TPM2B_1_BYTE_VALUE ECC_ZERO = {1, {0}}; - - -#endif - -ECC_CONST(ECC_ONE, 1, 1); - -#if !USE_BN_ECC_DATA -TPM2B_BYTE_VALUE(24); -#define TO_ECC_192(a, b, c) a, b, c -TPM2B_BYTE_VALUE(28); -#define TO_ECC_224(a, b, c, d) a, b, c, d -TPM2B_BYTE_VALUE(32); -#define TO_ECC_256(a, b, c, d) a, b, c, d -TPM2B_BYTE_VALUE(48); -#define TO_ECC_384(a, b, c, d, e, f) a, b, c, d, e, f -TPM2B_BYTE_VALUE(66); -#define TO_ECC_528(a, b, c, d, e, f, g, h, i) a, b, c, d, e, f, g, h, i -TPM2B_BYTE_VALUE(80); -#define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) a, b, c, d, e, f, g, h, i, j -#else -#define TO_ECC_192(a, b, c) c, b, a -#define TO_ECC_224(a, b, c, d) d, c, b, a -#define TO_ECC_256(a, b, c, d) d, c, b, a -#define TO_ECC_384(a, b, c, d, e, f) f, e, d, c, b, a -#define TO_ECC_528(a, b, c, d, e, f, g, h, i) i, h, g, f, e, d, c, b, a -#define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) j, i, h, g, f, e, d, c, b, a -#endif // !USE_BN_ECC_DATA - -#if ECC_NIST_P192 -ECC_CONST(NIST_P192_p, 24, TO_ECC_192( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(NIST_P192_a, 24, TO_ECC_192( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(NIST_P192_b, 24, TO_ECC_192( - TO_ECC_64(0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7), - TO_ECC_64(0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49), - TO_ECC_64(0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1))); -ECC_CONST(NIST_P192_gX, 24, TO_ECC_192( - TO_ECC_64(0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6), - TO_ECC_64(0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00), - TO_ECC_64(0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12))); -ECC_CONST(NIST_P192_gY, 24, TO_ECC_192( - TO_ECC_64(0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78), - TO_ECC_64(0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5), - TO_ECC_64(0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11))); -ECC_CONST(NIST_P192_n, 24, TO_ECC_192( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36), - TO_ECC_64(0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31))); -#define NIST_P192_h ECC_ONE -#define NIST_P192_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P192 = { - (bigNum)&NIST_P192_p, (bigNum)&NIST_P192_n, (bigNum)&NIST_P192_h, - (bigNum)&NIST_P192_a, (bigNum)&NIST_P192_b, - {(bigNum)&NIST_P192_gX, (bigNum)&NIST_P192_gY, (bigNum)&NIST_P192_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P192 = { - &NIST_P192_p.b, &NIST_P192_n.b, &NIST_P192_h.b, - &NIST_P192_a.b, &NIST_P192_b.b, - {&NIST_P192_gX.b, &NIST_P192_gY.b, &NIST_P192_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P192 - - -#if ECC_NIST_P224 -ECC_CONST(NIST_P224_p, 28, TO_ECC_224( - TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01))); -ECC_CONST(NIST_P224_a, 28, TO_ECC_224( - TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE))); -ECC_CONST(NIST_P224_b, 28, TO_ECC_224( - TO_ECC_32(0xB4, 0x05, 0x0A, 0x85), - TO_ECC_64(0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56), - TO_ECC_64(0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA), - TO_ECC_64(0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4))); -ECC_CONST(NIST_P224_gX, 28, TO_ECC_224( - TO_ECC_32(0xB7, 0x0E, 0x0C, 0xBD), - TO_ECC_64(0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9), - TO_ECC_64(0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22), - TO_ECC_64(0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21))); -ECC_CONST(NIST_P224_gY, 28, TO_ECC_224( - TO_ECC_32(0xBD, 0x37, 0x63, 0x88), - TO_ECC_64(0xB5, 0xF7, 0x23, 0xFB, 0x4C, 0x22, 0xDF, 0xE6), - TO_ECC_64(0xCD, 0x43, 0x75, 0xA0, 0x5A, 0x07, 0x47, 0x64), - TO_ECC_64(0x44, 0xD5, 0x81, 0x99, 0x85, 0x00, 0x7E, 0x34))); -ECC_CONST(NIST_P224_n, 28, TO_ECC_224( - TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E), - TO_ECC_64(0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D))); -#define NIST_P224_h ECC_ONE -#define NIST_P224_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P224 = { - (bigNum)&NIST_P224_p, (bigNum)&NIST_P224_n, (bigNum)&NIST_P224_h, - (bigNum)&NIST_P224_a, (bigNum)&NIST_P224_b, - {(bigNum)&NIST_P224_gX, (bigNum)&NIST_P224_gY, (bigNum)&NIST_P224_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P224 = { - &NIST_P224_p.b, &NIST_P224_n.b, &NIST_P224_h.b, - &NIST_P224_a.b, &NIST_P224_b.b, - {&NIST_P224_gX.b, &NIST_P224_gY.b, &NIST_P224_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P224 - - -#if ECC_NIST_P256 -ECC_CONST(NIST_P256_p, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(NIST_P256_a, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(NIST_P256_b, 32, TO_ECC_256( - TO_ECC_64(0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7), - TO_ECC_64(0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC), - TO_ECC_64(0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6), - TO_ECC_64(0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B))); -ECC_CONST(NIST_P256_gX, 32, TO_ECC_256( - TO_ECC_64(0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47), - TO_ECC_64(0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2), - TO_ECC_64(0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0), - TO_ECC_64(0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96))); -ECC_CONST(NIST_P256_gY, 32, TO_ECC_256( - TO_ECC_64(0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B), - TO_ECC_64(0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16), - TO_ECC_64(0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE), - TO_ECC_64(0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5))); -ECC_CONST(NIST_P256_n, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84), - TO_ECC_64(0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51))); -#define NIST_P256_h ECC_ONE -#define NIST_P256_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P256 = { - (bigNum)&NIST_P256_p, (bigNum)&NIST_P256_n, (bigNum)&NIST_P256_h, - (bigNum)&NIST_P256_a, (bigNum)&NIST_P256_b, - {(bigNum)&NIST_P256_gX, (bigNum)&NIST_P256_gY, (bigNum)&NIST_P256_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P256 = { - &NIST_P256_p.b, &NIST_P256_n.b, &NIST_P256_h.b, - &NIST_P256_a.b, &NIST_P256_b.b, - {&NIST_P256_gX.b, &NIST_P256_gY.b, &NIST_P256_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P256 - - -#if ECC_NIST_P384 -ECC_CONST(NIST_P384_p, 48, TO_ECC_384( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(NIST_P384_a, 48, TO_ECC_384( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(NIST_P384_b, 48, TO_ECC_384( - TO_ECC_64(0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4), - TO_ECC_64(0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19), - TO_ECC_64(0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12), - TO_ECC_64(0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A), - TO_ECC_64(0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D), - TO_ECC_64(0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF))); -ECC_CONST(NIST_P384_gX, 48, TO_ECC_384( - TO_ECC_64(0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37), - TO_ECC_64(0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74), - TO_ECC_64(0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98), - TO_ECC_64(0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38), - TO_ECC_64(0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C), - TO_ECC_64(0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7))); -ECC_CONST(NIST_P384_gY, 48, TO_ECC_384( - TO_ECC_64(0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F), - TO_ECC_64(0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29), - TO_ECC_64(0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C), - TO_ECC_64(0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0), - TO_ECC_64(0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D), - TO_ECC_64(0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F))); -ECC_CONST(NIST_P384_n, 48, TO_ECC_384( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF), - TO_ECC_64(0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A), - TO_ECC_64(0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73))); -#define NIST_P384_h ECC_ONE -#define NIST_P384_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P384 = { - (bigNum)&NIST_P384_p, (bigNum)&NIST_P384_n, (bigNum)&NIST_P384_h, - (bigNum)&NIST_P384_a, (bigNum)&NIST_P384_b, - {(bigNum)&NIST_P384_gX, (bigNum)&NIST_P384_gY, (bigNum)&NIST_P384_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P384 = { - &NIST_P384_p.b, &NIST_P384_n.b, &NIST_P384_h.b, - &NIST_P384_a.b, &NIST_P384_b.b, - {&NIST_P384_gX.b, &NIST_P384_gY.b, &NIST_P384_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P384 - - -#if ECC_NIST_P521 -ECC_CONST(NIST_P521_p, 66, TO_ECC_528( - TO_ECC_16(0x01, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(NIST_P521_a, 66, TO_ECC_528( - TO_ECC_16(0x01, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(NIST_P521_b, 66, TO_ECC_528( - TO_ECC_16(0x00, 0x51), - TO_ECC_64(0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F), - TO_ECC_64(0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE), - TO_ECC_64(0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3), - TO_ECC_64(0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1), - TO_ECC_64(0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B), - TO_ECC_64(0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 0xBF, 0x07), - TO_ECC_64(0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1), - TO_ECC_64(0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00))); -ECC_CONST(NIST_P521_gX, 66, TO_ECC_528( - TO_ECC_16(0x00, 0xC6), - TO_ECC_64(0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD), - TO_ECC_64(0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42), - TO_ECC_64(0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21), - TO_ECC_64(0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA), - TO_ECC_64(0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28), - TO_ECC_64(0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 0xA8, 0xDE), - TO_ECC_64(0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B), - TO_ECC_64(0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66))); -ECC_CONST(NIST_P521_gY, 66, TO_ECC_528( - TO_ECC_16(0x01, 0x18), - TO_ECC_64(0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, 0xC0, 0x04), - TO_ECC_64(0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, 0x1B, 0xD9), - TO_ECC_64(0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, 0x44, 0x68), - TO_ECC_64(0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, 0x66, 0x2C), - TO_ECC_64(0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, 0x26, 0x40), - TO_ECC_64(0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, 0x07, 0x61), - TO_ECC_64(0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, 0xC2, 0x40), - TO_ECC_64(0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, 0x66, 0x50))); -ECC_CONST(NIST_P521_n, 66, TO_ECC_528( - TO_ECC_16(0x01, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA), - TO_ECC_64(0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B), - TO_ECC_64(0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0), - TO_ECC_64(0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE), - TO_ECC_64(0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09))); -#define NIST_P521_h ECC_ONE -#define NIST_P521_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA NIST_P521 = { - (bigNum)&NIST_P521_p, (bigNum)&NIST_P521_n, (bigNum)&NIST_P521_h, - (bigNum)&NIST_P521_a, (bigNum)&NIST_P521_b, - {(bigNum)&NIST_P521_gX, (bigNum)&NIST_P521_gY, (bigNum)&NIST_P521_gZ}}; - -#else - const ECC_CURVE_DATA NIST_P521 = { - &NIST_P521_p.b, &NIST_P521_n.b, &NIST_P521_h.b, - &NIST_P521_a.b, &NIST_P521_b.b, - {&NIST_P521_gX.b, &NIST_P521_gY.b, &NIST_P521_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_NIST_P521 - - -#if ECC_BN_P256 -ECC_CONST(BN_P256_p, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD), - TO_ECC_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F), - TO_ECC_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82), - TO_ECC_64(0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13))); -#define BN_P256_a ECC_ZERO -ECC_CONST(BN_P256_b, 1, TO_ECC_8(3)); -#define BN_P256_gX ECC_ONE -ECC_CONST(BN_P256_gY, 1, TO_ECC_8(2)); -ECC_CONST(BN_P256_n, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD), - TO_ECC_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9E), - TO_ECC_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A), - TO_ECC_64(0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D))); -#define BN_P256_h ECC_ONE -#define BN_P256_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA BN_P256 = { - (bigNum)&BN_P256_p, (bigNum)&BN_P256_n, (bigNum)&BN_P256_h, - (bigNum)&BN_P256_a, (bigNum)&BN_P256_b, - {(bigNum)&BN_P256_gX, (bigNum)&BN_P256_gY, (bigNum)&BN_P256_gZ}}; - -#else - const ECC_CURVE_DATA BN_P256 = { - &BN_P256_p.b, &BN_P256_n.b, &BN_P256_h.b, - &BN_P256_a.b, &BN_P256_b.b, - {&BN_P256_gX.b, &BN_P256_gY.b, &BN_P256_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_BN_P256 - - -#if ECC_BN_P638 -ECC_CONST(BN_P638_p, 80, TO_ECC_640( - TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), - TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), - TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), - TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), - TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), - TO_ECC_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B), - TO_ECC_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80), - TO_ECC_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67))); -#define BN_P638_a ECC_ZERO -ECC_CONST(BN_P638_b, 2, TO_ECC_16(0x01,0x01)); -ECC_CONST(BN_P638_gX, 80, TO_ECC_640( - TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), - TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), - TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), - TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), - TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), - TO_ECC_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B), - TO_ECC_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80), - TO_ECC_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x66))); -ECC_CONST(BN_P638_gY, 1, TO_ECC_8(0x10)); -ECC_CONST(BN_P638_n, 80, TO_ECC_640( - TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), - TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), - TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), - TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), - TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), - TO_ECC_64(0x60, 0x00, 0x86, 0x55, 0x00, 0x21, 0xE5, 0x55), - TO_ECC_64(0xFF, 0xFF, 0xF5, 0x4F, 0xFF, 0xF4, 0xEA, 0xC0), - TO_ECC_64(0x00, 0x00, 0x00, 0x49, 0x80, 0x01, 0x54, 0xD9), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xA0), - TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x61))); -#define BN_P638_h ECC_ONE -#define BN_P638_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA BN_P638 = { - (bigNum)&BN_P638_p, (bigNum)&BN_P638_n, (bigNum)&BN_P638_h, - (bigNum)&BN_P638_a, (bigNum)&BN_P638_b, - {(bigNum)&BN_P638_gX, (bigNum)&BN_P638_gY, (bigNum)&BN_P638_gZ}}; - -#else - const ECC_CURVE_DATA BN_P638 = { - &BN_P638_p.b, &BN_P638_n.b, &BN_P638_h.b, - &BN_P638_a.b, &BN_P638_b.b, - {&BN_P638_gX.b, &BN_P638_gY.b, &BN_P638_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_BN_P638 - - -#if ECC_SM2_P256 -ECC_CONST(SM2_P256_p, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); -ECC_CONST(SM2_P256_a, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); -ECC_CONST(SM2_P256_b, 32, TO_ECC_256( - TO_ECC_64(0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34), - TO_ECC_64(0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7), - TO_ECC_64(0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92), - TO_ECC_64(0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93))); -ECC_CONST(SM2_P256_gX, 32, TO_ECC_256( - TO_ECC_64(0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19), - TO_ECC_64(0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94), - TO_ECC_64(0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1), - TO_ECC_64(0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7))); -ECC_CONST(SM2_P256_gY, 32, TO_ECC_256( - TO_ECC_64(0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C), - TO_ECC_64(0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53), - TO_ECC_64(0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40), - TO_ECC_64(0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0))); -ECC_CONST(SM2_P256_n, 32, TO_ECC_256( - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), - TO_ECC_64(0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B), - TO_ECC_64(0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23))); -#define SM2_P256_h ECC_ONE -#define SM2_P256_gZ ECC_ONE - -#if USE_BN_ECC_DATA - const ECC_CURVE_DATA SM2_P256 = { - (bigNum)&SM2_P256_p, (bigNum)&SM2_P256_n, (bigNum)&SM2_P256_h, - (bigNum)&SM2_P256_a, (bigNum)&SM2_P256_b, - {(bigNum)&SM2_P256_gX, (bigNum)&SM2_P256_gY, (bigNum)&SM2_P256_gZ}}; - -#else - const ECC_CURVE_DATA SM2_P256 = { - &SM2_P256_p.b, &SM2_P256_n.b, &SM2_P256_h.b, - &SM2_P256_a.b, &SM2_P256_b.b, - {&SM2_P256_gX.b, &SM2_P256_gY.b, &SM2_P256_gZ.b}}; - -#endif // USE_BN_ECC_DATA - -#endif // ECC_SM2_P256 - - -#define comma -const ECC_CURVE eccCurves[] = { -#if ECC_NIST_P192 - comma - {TPM_ECC_NIST_P192, - 192, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P192, - OID_ECC_NIST_P192 - CURVE_NAME("NIST_P192")} -# undef comma -# define comma , -#endif // ECC_NIST_P192 -#if ECC_NIST_P224 - comma - {TPM_ECC_NIST_P224, - 224, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P224, - OID_ECC_NIST_P224 - CURVE_NAME("NIST_P224")} -# undef comma -# define comma , -#endif // ECC_NIST_P224 -#if ECC_NIST_P256 - comma - {TPM_ECC_NIST_P256, - 256, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P256, - OID_ECC_NIST_P256 - CURVE_NAME("NIST_P256")} -# undef comma -# define comma , -#endif // ECC_NIST_P256 -#if ECC_NIST_P384 - comma - {TPM_ECC_NIST_P384, - 384, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA384_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P384, - OID_ECC_NIST_P384 - CURVE_NAME("NIST_P384")} -# undef comma -# define comma , -#endif // ECC_NIST_P384 -#if ECC_NIST_P521 - comma - {TPM_ECC_NIST_P521, - 521, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA512_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &NIST_P521, - OID_ECC_NIST_P521 - CURVE_NAME("NIST_P521")} -# undef comma -# define comma , -#endif // ECC_NIST_P521 -#if ECC_BN_P256 - comma - {TPM_ECC_BN_P256, - 256, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &BN_P256, - OID_ECC_BN_P256 - CURVE_NAME("BN_P256")} -# undef comma -# define comma , -#endif // ECC_BN_P256 -#if ECC_BN_P638 - comma - {TPM_ECC_BN_P638, - 638, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &BN_P638, - OID_ECC_BN_P638 - CURVE_NAME("BN_P638")} -# undef comma -# define comma , -#endif // ECC_BN_P638 -#if ECC_SM2_P256 - comma - {TPM_ECC_SM2_P256, - 256, - {ALG_KDF1_SP800_56A_VALUE, {{ALG_SM3_256_VALUE}}}, - {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, - &SM2_P256, - OID_ECC_SM2_P256 - CURVE_NAME("SM2_P256")} -# undef comma -# define comma , -#endif // ECC_SM2_P256 -}; -#endif // TPM_ALG_ECC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c deleted file mode 100644 index 5e141cf3d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c +++ /dev/null @@ -1,383 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions that are used for the two-phase, ECC, -// key-exchange protocols - - -#include "Tpm.h" - -#if CC_ZGen_2Phase == YES - -//** Functions - -#if ALG_ECMQV - -//*** avf1() -// This function does the associated value computation required by MQV key -// exchange. -// Process: -// 1. Convert 'xQ' to an integer 'xqi' using the convention specified in Appendix C.3. -// 2. Calculate -// xqm = xqi mod 2^ceil(f/2) (where f = ceil(log2(n)). -// 3. Calculate the associate value function -// avf(Q) = xqm + 2ceil(f / 2) -// Always returns TRUE(1). -static BOOL -avf1( - bigNum bnX, // IN/OUT: the reduced value - bigNum bnN // IN: the order of the curve - ) -{ -// compute f = 2^(ceil(ceil(log2(n)) / 2)) - int f = (BnSizeInBits(bnN) + 1) / 2; -// x' = 2^f + (x mod 2^f) - BnMaskBits(bnX, f); // This is mod 2*2^f but it doesn't matter because - // the next operation will SET the extra bit anyway - BnSetBit(bnX, f); - return TRUE; -} - -//*** C_2_2_MQV() -// This function performs the key exchange defined in SP800-56A -// 6.1.1.4 Full MQV, C(2, 2, ECC MQV). -// -// CAUTION: Implementation of this function may require use of essential claims in -// patents not owned by TCG members. -// -// Points 'QsB' and 'QeB' are required to be on the curve of 'inQsA'. The function -// will fail, possibly catastrophically, if this is not the case. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the -// curve -static TPM_RC -C_2_2_MQV( - TPMS_ECC_POINT *outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsB, // IN: static public party B key - TPMS_ECC_POINT *QeB // IN: ephemeral public party B key - ) -{ - CURVE_INITIALIZED(E, curveId); - const ECC_CURVE_DATA *C; - POINT(pQeA); - POINT_INITIALIZED(pQeB, QeB); - POINT_INITIALIZED(pQsB, QsB); - ECC_NUM(bnTa); - ECC_INITIALIZED(bnDeA, deA); - ECC_INITIALIZED(bnDsA, dsA); - ECC_NUM(bnN); - ECC_NUM(bnXeB); - TPM_RC retVal; -// - // Parameter checks - if(E == NULL) - ERROR_RETURN(TPM_RC_VALUE); - pAssert(outZ != NULL && pQeB != NULL && pQsB != NULL && deA != NULL - && dsA != NULL); - C = AccessCurveData(E); -// Process: -// 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. -// 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). -// 3. If P = O, output an error indicator. -// 4. Z=xP, where xP is the x-coordinate of P. - - // Compute the public ephemeral key pQeA = [de,A]G - if((retVal = BnPointMult(pQeA, CurveGetG(C), bnDeA, NULL, NULL, E)) - != TPM_RC_SUCCESS) - goto Exit; - -// 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. -// tA := (ds,A + de,A avf(Xe,A)) mod n (3) -// Compute 'tA' = ('deA' + 'dsA' avf('XeA')) mod n - // Ta = avf(XeA); - BnCopy(bnTa, pQeA->x); - avf1(bnTa, bnN); - // do Ta = ds,A * Ta mod n = dsA * avf(XeA) mod n - BnModMult(bnTa, bnDsA, bnTa, bnN); - // now Ta = deA + Ta mod n = deA + dsA * avf(XeA) mod n - BnAdd(bnTa, bnTa, bnDeA); - BnMod(bnTa, bnN); - -// 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). -// Put this in because almost every case of h is == 1 so skip the call when - // not necessary. - if(!BnEqualWord(CurveGetCofactor(C), 1)) - // Cofactor is not 1 so compute Ta := Ta * h mod n - BnModMult(bnTa, bnTa, CurveGetCofactor(C), CurveGetOrder(C)); - - // Now that 'tA' is (h * 'tA' mod n) - // 'outZ' = (tA)(Qe,B + avf(Qe,B)Qs,B). - - // first, compute XeB = avf(XeB) - avf1(bnXeB, bnN); - - // QsB := [XeB]QsB - BnPointMult(pQsB, pQsB, bnXeB, NULL, NULL, E); - BnEccAdd(pQeB, pQeB, pQsB, E); - - // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity - // If the result is not the point at infinity, return QeB - BnPointMult(pQeB, pQeB, bnTa, NULL, NULL, E); - if(BnEqualZero(pQeB->z)) - ERROR_RETURN(TPM_RC_NO_RESULT); - // Convert BIGNUM E to TPM2B E - BnPointTo2B(outZ, pQeB, E); - -Exit: - CURVE_FREE(E); - return retVal; -} - -#endif // ALG_ECMQV - -//*** C_2_2_ECDH() -// This function performs the two phase key exchange defined in SP800-56A, -// 6.1.1.2 Full Unified Model, C(2, 2, ECC CDH). -// -static TPM_RC -C_2_2_ECDH( - TPMS_ECC_POINT *outZs, // OUT: Zs - TPMS_ECC_POINT *outZe, // OUT: Ze - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsB, // IN: static public party B key - TPMS_ECC_POINT *QeB // IN: ephemeral public party B key - ) -{ - CURVE_INITIALIZED(E, curveId); - ECC_INITIALIZED(bnAs, dsA); - ECC_INITIALIZED(bnAe, deA); - POINT_INITIALIZED(ecBs, QsB); - POINT_INITIALIZED(ecBe, QeB); - POINT(ecZ); - TPM_RC retVal; -// - // Parameter checks - if(E == NULL) - ERROR_RETURN(TPM_RC_CURVE); - pAssert(outZs != NULL && dsA != NULL && deA != NULL && QsB != NULL - && QeB != NULL); - - // Do the point multiply for the Zs value ([dsA]QsB) - retVal = BnPointMult(ecZ, ecBs, bnAs, NULL, NULL, E); - if(retVal == TPM_RC_SUCCESS) - { - // Convert the Zs value. - BnPointTo2B(outZs, ecZ, E); - // Do the point multiply for the Ze value ([deA]QeB) - retVal = BnPointMult(ecZ, ecBe, bnAe, NULL, NULL, E); - if(retVal == TPM_RC_SUCCESS) - BnPointTo2B(outZe, ecZ, E); - } -Exit: - CURVE_FREE(E); - return retVal; -} - -//*** CryptEcc2PhaseKeyExchange() -// This function is the dispatch routine for the EC key exchange functions that use -// two ephemeral and two static keys. -// Return Type: TPM_RC -// TPM_RC_SCHEME scheme is not defined -LIB_EXPORT TPM_RC -CryptEcc2PhaseKeyExchange( - TPMS_ECC_POINT *outZ1, // OUT: a computed point - TPMS_ECC_POINT *outZ2, // OUT: and optional second point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM_ALG_ID scheme, // IN: the key exchange scheme - TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsB, // IN: static public party B key - TPMS_ECC_POINT *QeB // IN: ephemeral public party B key - ) -{ - pAssert(outZ1 != NULL - && dsA != NULL && deA != NULL - && QsB != NULL && QeB != NULL); - - // Initialize the output points so that they are empty until one of the - // functions decides otherwise - outZ1->x.b.size = 0; - outZ1->y.b.size = 0; - if(outZ2 != NULL) - { - outZ2->x.b.size = 0; - outZ2->y.b.size = 0; - } - switch(scheme) - { - case ALG_ECDH_VALUE: - return C_2_2_ECDH(outZ1, outZ2, curveId, dsA, deA, QsB, QeB); - break; -#if ALG_ECMQV - case ALG_ECMQV_VALUE: - return C_2_2_MQV(outZ1, curveId, dsA, deA, QsB, QeB); - break; -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: - return SM2KeyExchange(outZ1, curveId, dsA, deA, QsB, QeB); - break; -#endif - default: - return TPM_RC_SCHEME; - } -} - -#if ALG_SM2 - -//*** ComputeWForSM2() -// Compute the value for w used by SM2 -static UINT32 -ComputeWForSM2( - bigCurve E - ) -{ - // w := ceil(ceil(log2(n)) / 2) - 1 - return (BnMsb(CurveGetOrder(AccessCurveData(E))) / 2 - 1); -} - -//*** avfSm2() -// This function does the associated value computation required by SM2 key -// exchange. This is different from the avf() in the international standards -// because it returns a value that is half the size of the value returned by the -// standard avf(). For example, if 'n' is 15, 'Ws' ('w' in the standard) is 2 but -// the 'W' here is 1. This means that an input value of 14 (1110b) would return a -// value of 110b with the standard but 10b with the scheme in SM2. -static bigNum -avfSm2( - bigNum bn, // IN/OUT: the reduced value - UINT32 w // IN: the value of w - ) -{ - // a) set w := ceil(ceil(log2(n)) / 2) - 1 - // b) set x' := 2^w + ( x & (2^w - 1)) - // This is just like the avf for MQV where x' = 2^w + (x mod 2^w) - - BnMaskBits(bn, w); // as with avf1, this is too big by a factor of 2 but - // it doesn't matter because we SET the extra bit - // anyway - BnSetBit(bn, w); - return bn; -} - -//*** SM2KeyExchange() -// This function performs the key exchange defined in SM2. -// The first step is to compute -// 'tA' = ('dsA' + 'deA' avf(Xe,A)) mod 'n' -// Then, compute the 'Z' value from -// 'outZ' = ('h' 'tA' mod 'n') ('QsA' + [avf('QeB.x')]('QeB')). -// The function will compute the ephemeral public key from the ephemeral -// private key. -// All points are required to be on the curve of 'inQsA'. The function will fail -// catastrophically if this is not the case -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the value for dsA does not give a valid point on the -// curve -LIB_EXPORT TPM_RC -SM2KeyExchange( - TPMS_ECC_POINT *outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER *dsAIn, // IN: static private TPM key - TPM2B_ECC_PARAMETER *deAIn, // IN: ephemeral private TPM key - TPMS_ECC_POINT *QsBIn, // IN: static public party B key - TPMS_ECC_POINT *QeBIn // IN: ephemeral public party B key - ) -{ - CURVE_INITIALIZED(E, curveId); - const ECC_CURVE_DATA *C; - ECC_INITIALIZED(dsA, dsAIn); - ECC_INITIALIZED(deA, deAIn); - POINT_INITIALIZED(QsB, QsBIn); - POINT_INITIALIZED(QeB, QeBIn); - BN_WORD_INITIALIZED(One, 1); - POINT(QeA); - ECC_NUM(XeB); - POINT(Z); - ECC_NUM(Ta); - UINT32 w; - TPM_RC retVal = TPM_RC_NO_RESULT; -// - // Parameter checks - if(E == NULL) - ERROR_RETURN(TPM_RC_CURVE); - C = AccessCurveData(E); - pAssert(outZ != NULL && dsA != NULL && deA != NULL && QsB != NULL - && QeB != NULL); - - // Compute the value for w - w = ComputeWForSM2(E); - - // Compute the public ephemeral key pQeA = [de,A]G - if(!BnEccModMult(QeA, CurveGetG(C), deA, E)) - goto Exit; - - // tA := (ds,A + de,A avf(Xe,A)) mod n (3) - // Compute 'tA' = ('dsA' + 'deA' avf('XeA')) mod n - // Ta = avf(XeA); - // do Ta = de,A * Ta = deA * avf(XeA) - BnMult(Ta, deA, avfSm2(QeA->x, w)); - // now Ta = dsA + Ta = dsA + deA * avf(XeA) - BnAdd(Ta, dsA, Ta); - BnMod(Ta, CurveGetOrder(C)); - - // outZ = [h tA mod n] (Qs,B + [avf(Xe,B)](Qe,B)) (4) - // Put this in because almost every case of h is == 1 so skip the call when - // not necessary. - if(!BnEqualWord(CurveGetCofactor(C), 1)) - // Cofactor is not 1 so compute Ta := Ta * h mod n - BnModMult(Ta, Ta, CurveGetCofactor(C), CurveGetOrder(C)); - // Now that 'tA' is (h * 'tA' mod n) - // 'outZ' = ['tA'](QsB + [avf(QeB.x)](QeB)). - BnCopy(XeB, QeB->x); - if(!BnEccModMult2(Z, QsB, One, QeB, avfSm2(XeB, w), E)) - goto Exit; - // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity - if(!BnEccModMult(Z, Z, Ta, E)) - goto Exit; - // Convert BIGNUM E to TPM2B E - BnPointTo2B(outZ, Z, E); - retVal = TPM_RC_SUCCESS; -Exit: - CURVE_FREE(E); - return retVal; -} -#endif - -#endif // CC_ZGen_2Phase \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c deleted file mode 100644 index 79bebfa57..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c +++ /dev/null @@ -1,820 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes and Defines -#include "Tpm.h" - -#if ALG_ECC - -// This version requires that the new format for ECC data be used -#if !USE_BN_ECC_DATA -#error "Need to SET USE_BN_ECC_DATA to YES in Implementaion.h" -#endif - -//** Functions - -#if SIMULATION -void -EccSimulationEnd( - void - ) -{ -#if SIMULATION -// put things to be printed at the end of the simulation here -#endif -} -#endif // SIMULATION - -//*** CryptEccInit() -// This function is called at _TPM_Init -BOOL -CryptEccInit( - void - ) -{ - return TRUE; -} - -//*** CryptEccStartup() -// This function is called at TPM2_Startup(). -BOOL -CryptEccStartup( - void - ) -{ - return TRUE; -} - -//*** ClearPoint2B(generic) -// Initialize the size values of a TPMS_ECC_POINT structure. -void -ClearPoint2B( - TPMS_ECC_POINT *p // IN: the point - ) -{ - if(p != NULL) - { - p->x.t.size = 0; - p->y.t.size = 0; - } -} - -//*** CryptEccGetParametersByCurveId() -// This function returns a pointer to the curve data that is associated with -// the indicated curveId. -// If there is no curve with the indicated ID, the function returns NULL. This -// function is in this module so that it can be called by GetCurve data. -// Return Type: const ECC_CURVE_DATA -// NULL curve with the indicated TPM_ECC_CURVE is not implemented -// != NULL pointer to the curve data -LIB_EXPORT const ECC_CURVE * -CryptEccGetParametersByCurveId( - TPM_ECC_CURVE curveId // IN: the curveID - ) -{ - int i; - for(i = 0; i < ECC_CURVE_COUNT; i++) - { - if(eccCurves[i].curveId == curveId) - return &eccCurves[i]; - } - return NULL; -} - -//*** CryptEccGetKeySizeForCurve() -// This function returns the key size in bits of the indicated curve. -LIB_EXPORT UINT16 -CryptEccGetKeySizeForCurve( - TPM_ECC_CURVE curveId // IN: the curve - ) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - UINT16 keySizeInBits; -// - keySizeInBits = (curve != NULL) ? curve->keySizeBits : 0; - return keySizeInBits; -} - -//*** GetCurveData() -// This function returns the a pointer for the parameter data -// associated with a curve. -const ECC_CURVE_DATA * -GetCurveData( - TPM_ECC_CURVE curveId // IN: the curveID - ) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - return (curve != NULL) ? curve->curveData : NULL; -} - -//***CryptEccGetOID() -const BYTE * -CryptEccGetOID( - TPM_ECC_CURVE curveId -) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - return (curve != NULL) ? curve->OID : NULL; -} - -//*** CryptEccGetCurveByIndex() -// This function returns the number of the 'i'-th implemented curve. The normal -// use would be to call this function with 'i' starting at 0. When the 'i' is greater -// than or equal to the number of implemented curves, TPM_ECC_NONE is returned. -LIB_EXPORT TPM_ECC_CURVE -CryptEccGetCurveByIndex( - UINT16 i - ) -{ - if(i >= ECC_CURVE_COUNT) - return TPM_ECC_NONE; - return eccCurves[i].curveId; -} - -//*** CryptEccGetParameter() -// This function returns an ECC curve parameter. The parameter is -// selected by a single character designator from the set of ""PNABXYH"". -// Return Type: BOOL -// TRUE(1) curve exists and parameter returned -// FALSE(0) curve does not exist or parameter selector -LIB_EXPORT BOOL -CryptEccGetParameter( - TPM2B_ECC_PARAMETER *out, // OUT: place to put parameter - char p, // IN: the parameter selector - TPM_ECC_CURVE curveId // IN: the curve id - ) -{ - const ECC_CURVE_DATA *curve = GetCurveData(curveId); - bigConst parameter = NULL; - - if(curve != NULL) - { - switch(p) - { - case 'p': - parameter = CurveGetPrime(curve); - break; - case 'n': - parameter = CurveGetOrder(curve); - break; - case 'a': - parameter = CurveGet_a(curve); - break; - case 'b': - parameter = CurveGet_b(curve); - break; - case 'x': - parameter = CurveGetGx(curve); - break; - case 'y': - parameter = CurveGetGy(curve); - break; - case 'h': - parameter = CurveGetCofactor(curve); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - } - // If not debugging and we get here with parameter still NULL, had better - // not try to convert so just return FALSE instead. - return (parameter != NULL) ? BnTo2B(parameter, &out->b, 0) : 0; -} - -//*** CryptCapGetECCCurve() -// This function returns the list of implemented ECC curves. -// Return Type: TPMI_YES_NO -// YES if no more ECC curve is available -// NO if there are more ECC curves not reported -TPMI_YES_NO -CryptCapGetECCCurve( - TPM_ECC_CURVE curveID, // IN: the starting ECC curve - UINT32 maxCount, // IN: count of returned curves - TPML_ECC_CURVE *curveList // OUT: ECC curve list - ) -{ - TPMI_YES_NO more = NO; - UINT16 i; - UINT32 count = ECC_CURVE_COUNT; - TPM_ECC_CURVE curve; - - // Initialize output property list - curveList->count = 0; - - // The maximum count of curves we may return is MAX_ECC_CURVES - if(maxCount > MAX_ECC_CURVES) maxCount = MAX_ECC_CURVES; - - // Scan the eccCurveValues array - for(i = 0; i < count; i++) - { - curve = CryptEccGetCurveByIndex(i); - // If curveID is less than the starting curveID, skip it - if(curve < curveID) - continue; - if(curveList->count < maxCount) - { - // If we have not filled up the return list, add more curves to - // it - curveList->eccCurves[curveList->count] = curve; - curveList->count++; - } - else - { - // If the return list is full but we still have curves - // available, report this and stop iterating - more = YES; - break; - } - } - return more; -} - -//*** CryptGetCurveSignScheme() -// This function will return a pointer to the scheme of the curve. -const TPMT_ECC_SCHEME * -CryptGetCurveSignScheme( - TPM_ECC_CURVE curveId // IN: The curve selector - ) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - - if(curve != NULL) - return &(curve->sign); - else - return NULL; -} - -//*** CryptGenerateR() -// This function computes the commit random value for a split signing scheme. -// -// If 'c' is NULL, it indicates that 'r' is being generated -// for TPM2_Commit. -// If 'c' is not NULL, the TPM will validate that the 'gr.commitArray' -// bit associated with the input value of 'c' is SET. If not, the TPM -// returns FALSE and no 'r' value is generated. -// Return Type: BOOL -// TRUE(1) r value computed -// FALSE(0) no r value computed -BOOL -CryptGenerateR( - TPM2B_ECC_PARAMETER *r, // OUT: the generated random value - UINT16 *c, // IN/OUT: count value. - TPMI_ECC_CURVE curveID, // IN: the curve for the value - TPM2B_NAME *name // IN: optional name of a key to - // associate with 'r' - ) -{ - // This holds the marshaled g_commitCounter. - TPM2B_TYPE(8B, 8); - TPM2B_8B cntr = {{8,{0}}}; - UINT32 iterations; - TPM2B_ECC_PARAMETER n; - UINT64 currentCount = gr.commitCounter; - UINT16 t1; -// - if(!CryptEccGetParameter(&n, 'n', curveID)) - return FALSE; - - // If this is the commit phase, use the current value of the commit counter - if(c != NULL) - { - // if the array bit is not set, can't use the value. - if(!TEST_BIT((*c & COMMIT_INDEX_MASK), gr.commitArray)) - return FALSE; - - // If it is the sign phase, figure out what the counter value was - // when the commitment was made. - // - // When gr.commitArray has less than 64K bits, the extra - // bits of 'c' are used as a check to make sure that the - // signing operation is not using an out of range count value - t1 = (UINT16)currentCount; - - // If the lower bits of c are greater or equal to the lower bits of t1 - // then the upper bits of t1 must be one more than the upper bits - // of c - if((*c & COMMIT_INDEX_MASK) >= (t1 & COMMIT_INDEX_MASK)) - // Since the counter is behind, reduce the current count - currentCount = currentCount - (COMMIT_INDEX_MASK + 1); - - t1 = (UINT16)currentCount; - if((t1 & ~COMMIT_INDEX_MASK) != (*c & ~COMMIT_INDEX_MASK)) - return FALSE; - // set the counter to the value that was - // present when the commitment was made - currentCount = (currentCount & 0xffffffffffff0000) | *c; - } - // Marshal the count value to a TPM2B buffer for the KDF - cntr.t.size = sizeof(currentCount); - UINT64_TO_BYTE_ARRAY(currentCount, cntr.t.buffer); - - // Now can do the KDF to create the random value for the signing operation - // During the creation process, we may generate an r that does not meet the - // requirements of the random value. - // want to generate a new r. - r->t.size = n.t.size; - - for(iterations = 1; iterations < 1000000;) - { - int i; - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gr.commitNonce.b, COMMIT_STRING, - &name->b, &cntr.b, n.t.size * 8, r->t.buffer, &iterations, FALSE); - - // "random" value must be less than the prime - if(UnsignedCompareB(r->b.size, r->b.buffer, n.t.size, n.t.buffer) >= 0) - continue; - - // in this implementation it is required that at least bit - // in the upper half of the number be set - for(i = n.t.size / 2; i >= 0; i--) - if(r->b.buffer[i] != 0) - return TRUE; - } - return FALSE; -} - -//*** CryptCommit() -// This function is called when the count value is committed. The 'gr.commitArray' -// value associated with the current count value is SET and g_commitCounter is -// incremented. The low-order 16 bits of old value of the counter is returned. -UINT16 -CryptCommit( - void - ) -{ - UINT16 oldCount = (UINT16)gr.commitCounter; - gr.commitCounter++; - SET_BIT(oldCount & COMMIT_INDEX_MASK, gr.commitArray); - return oldCount; -} - -//*** CryptEndCommit() -// This function is called when the signing operation using the committed value -// is completed. It clears the gr.commitArray bit associated with the count -// value so that it can't be used again. -void -CryptEndCommit( - UINT16 c // IN: the counter value of the commitment - ) -{ - ClearBit((c & COMMIT_INDEX_MASK), gr.commitArray, sizeof(gr.commitArray)); -} - -//*** CryptEccGetParameters() -// This function returns the ECC parameter details of the given curve. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) unsupported ECC curve ID -BOOL -CryptEccGetParameters( - TPM_ECC_CURVE curveId, // IN: ECC curve ID - TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameters - ) -{ - const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); - const ECC_CURVE_DATA *data; - BOOL found = curve != NULL; - - if(found) - { - data = curve->curveData; - parameters->curveID = curve->curveId; - parameters->keySize = curve->keySizeBits; - parameters->kdf = curve->kdf; - parameters->sign = curve->sign; -// BnTo2B(data->prime, ¶meters->p.b, 0); - BnTo2B(data->prime, ¶meters->p.b, parameters->p.t.size); - BnTo2B(data->a, ¶meters->a.b, 0); - BnTo2B(data->b, ¶meters->b.b, 0); - BnTo2B(data->base.x, ¶meters->gX.b, parameters->p.t.size); - BnTo2B(data->base.y, ¶meters->gY.b, parameters->p.t.size); -// BnTo2B(data->base.x, ¶meters->gX.b, 0); -// BnTo2B(data->base.y, ¶meters->gY.b, 0); - BnTo2B(data->order, ¶meters->n.b, 0); - BnTo2B(data->h, ¶meters->h.b, 0); - } - return found; -} - -//*** BnGetCurvePrime() -// This function is used to get just the prime modulus associated with a curve. -const bignum_t * -BnGetCurvePrime( - TPM_ECC_CURVE curveId - ) -{ - const ECC_CURVE_DATA *C = GetCurveData(curveId); - return (C != NULL) ? CurveGetPrime(C) : NULL; -} - -//*** BnGetCurveOrder() -// This function is used to get just the curve order -const bignum_t * -BnGetCurveOrder( - TPM_ECC_CURVE curveId - ) -{ - const ECC_CURVE_DATA *C = GetCurveData(curveId); - return (C != NULL) ? CurveGetOrder(C) : NULL; -} - -//*** BnIsOnCurve() -// This function checks if a point is on the curve. -BOOL -BnIsOnCurve( - pointConst Q, - const ECC_CURVE_DATA *C - ) -{ - BN_VAR(right, (MAX_ECC_KEY_BITS * 3)); - BN_VAR(left, (MAX_ECC_KEY_BITS * 2)); - bigConst prime = CurveGetPrime(C); -// - // Show that point is on the curve y^2 = x^3 + ax + b; - // Or y^2 = x(x^2 + a) + b - // y^2 - BnMult(left, Q->y, Q->y); - - BnMod(left, prime); -// x^2 - BnMult(right, Q->x, Q->x); - - // x^2 + a - BnAdd(right, right, CurveGet_a(C)); - -// BnMod(right, CurveGetPrime(C)); - // x(x^2 + a) - BnMult(right, right, Q->x); - - // x(x^2 + a) + b - BnAdd(right, right, CurveGet_b(C)); - - BnMod(right, prime); - if(BnUnsignedCmp(left, right) == 0) - return TRUE; - else - return FALSE; -} - -//*** BnIsValidPrivateEcc() -// Checks that 0 < 'x' < 'q' -BOOL -BnIsValidPrivateEcc( - bigConst x, // IN: private key to check - bigCurve E // IN: the curve to check - ) -{ - BOOL retVal; - retVal = (!BnEqualZero(x) - && (BnUnsignedCmp(x, CurveGetOrder(AccessCurveData(E))) < 0)); - return retVal; -} - -LIB_EXPORT BOOL -CryptEccIsValidPrivateKey( - TPM2B_ECC_PARAMETER *d, - TPM_ECC_CURVE curveId - ) -{ - BN_INITIALIZED(bnD, MAX_ECC_PARAMETER_BYTES * 8, d); - return !BnEqualZero(bnD) && (BnUnsignedCmp(bnD, BnGetCurveOrder(curveId)) < 0); -} - -//*** BnPointMul() -// This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the -// parameters are bigNum values. If 'S' is NULL and d is not NULL, then it computes -// 'R' = ['d']'G' + ['u']'Q' or just 'R' = ['d']'G' if 'u' and 'Q' are NULL. -// If 'skipChecks' is TRUE, then the function will not verify that the inputs are -// correct for the domain. This would be the case when the values were created by the -// CryptoEngine code. -// It will return TPM_RC_NO_RESULT if the resulting point is the point at infinity. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT result of multiplication is a point at infinity -// TPM_RC_ECC_POINT 'S' or 'Q' is not on the curve -// TPM_RC_VALUE 'd' or 'u' is not < n -TPM_RC -BnPointMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point to multiply by 'd' - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: optional second point - bigConst u, // IN: optional second scalar - bigCurve E // IN: curve parameters - ) -{ - BOOL OK; -// - TEST(TPM_ALG_ECDH); - - // Need one scalar - OK = (d != NULL || u != NULL); - - // If S is present, then d has to be present. If S is not - // present, then d may or may not be present - OK = OK && (((S == NULL) == (d == NULL)) || (d != NULL)); - - // either both u and Q have to be provided or neither can be provided (don't - // know what to do if only one is provided. - OK = OK && ((u == NULL) == (Q == NULL)); - - OK = OK && (E != NULL); - if(!OK) - return TPM_RC_VALUE; - - - OK = (S == NULL) || BnIsOnCurve(S, AccessCurveData(E)); - OK = OK && ((Q == NULL) || BnIsOnCurve(Q, AccessCurveData(E))); - if(!OK) - return TPM_RC_ECC_POINT; - - if((d != NULL) && (S == NULL)) - S = CurveGetG(AccessCurveData(E)); - // If only one scalar, don't need Shamir's trick - if((d == NULL) || (u == NULL)) - { - if(d == NULL) - OK = BnEccModMult(R, Q, u, E); - else - OK = BnEccModMult(R, S, d, E); - } - else - { - OK = BnEccModMult2(R, S, d, Q, u, E); - } - return (OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT); -} - -//***BnEccGetPrivate() -// This function gets random values that are the size of the key plus 64 bits. The -// value is reduced (mod ('q' - 1)) and incremented by 1 ('q' is the order of the -// curve. This produces a value ('d') such that 1 <= 'd' < 'q'. This is the method -// of FIPS 186-4 Section B.4.1 ""Key Pair Generation Using Extra Random Bits"". -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure generating private key -BOOL -BnEccGetPrivate( - bigNum dOut, // OUT: the qualified random value - const ECC_CURVE_DATA *C, // IN: curve for which the private key - // needs to be appropriate - RAND_STATE *rand // IN: state for DRBG - ) -{ - bigConst order = CurveGetOrder(C); - BOOL OK; - UINT32 orderBits = BnSizeInBits(order); - UINT32 orderBytes = BITS_TO_BYTES(orderBits); - BN_VAR(bnExtraBits, MAX_ECC_KEY_BITS + 64); - BN_VAR(nMinus1, MAX_ECC_KEY_BITS); -// - OK = BnGetRandomBits(bnExtraBits, (orderBytes * 8) + 64, rand); - OK = OK && BnSubWord(nMinus1, order, 1); - OK = OK && BnMod(bnExtraBits, nMinus1); - OK = OK && BnAddWord(dOut, bnExtraBits, 1); - return OK && !g_inFailureMode; -} - -//*** BnEccGenerateKeyPair() -// This function gets a private scalar from the source of random bits and does -// the point multiply to get the public key. -BOOL -BnEccGenerateKeyPair( - bigNum bnD, // OUT: private scalar - bn_point_t *ecQ, // OUT: public point - bigCurve E, // IN: curve for the point - RAND_STATE *rand // IN: DRBG state to use - ) -{ - BOOL OK = FALSE; - // Get a private scalar - OK = BnEccGetPrivate(bnD, AccessCurveData(E), rand); - - // Do a point multiply - OK = OK && BnEccModMult(ecQ, NULL, bnD, E); - if(!OK) - BnSetWord(ecQ->z, 0); - else - BnSetWord(ecQ->z, 1); - return OK; -} - -//***CryptEccNewKeyPair(***) -// This function creates an ephemeral ECC. It is ephemeral in that -// is expected that the private part of the key will be discarded -LIB_EXPORT TPM_RC -CryptEccNewKeyPair( - TPMS_ECC_POINT *Qout, // OUT: the public point - TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar - TPM_ECC_CURVE curveId // IN: the curve for the key - ) -{ - CURVE_INITIALIZED(E, curveId); - POINT(ecQ); - ECC_NUM(bnD); - BOOL OK; - - if(E == NULL) - return TPM_RC_CURVE; - - TEST(TPM_ALG_ECDH); - OK = BnEccGenerateKeyPair(bnD, ecQ, E, NULL); - if(OK) - { - BnPointTo2B(Qout, ecQ, E); - BnTo2B(bnD, &dOut->b, Qout->x.t.size); - } - else - { - Qout->x.t.size = Qout->y.t.size = dOut->t.size = 0; - } - CURVE_FREE(E); - return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; -} - -//*** CryptEccPointMultiply() -// This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and -// 'uIn' are scalars, 'G' and 'QIn' are points on the specified curve and 'G' is the -// default generator of the curve. -// -// The 'xOut' and 'yOut' parameters are optional and may be set to NULL if not -// used. -// -// It is not necessary to provide 'uIn' if 'QIn' is specified but one of 'uIn' and -// 'dIn' must be provided. If 'dIn' and 'QIn' are specified but 'uIn' is not -// provided, then 'R' = ['dIn']'QIn'. -// -// If the multiply produces the point at infinity, the TPM_RC_NO_RESULT is returned. -// -// The sizes of 'xOut' and yOut' will be set to be the size of the degree of -// the curve -// -// It is a fatal error if 'dIn' and 'uIn' are both unspecified (NULL) or if 'Qin' -// or 'Rout' is unspecified. -// -// Return Type: TPM_RC -// TPM_RC_ECC_POINT the point 'Pin' or 'Qin' is not on the curve -// TPM_RC_NO_RESULT the product point is at infinity -// TPM_RC_CURVE bad curve -// TPM_RC_VALUE 'dIn' or 'uIn' out of range -// -LIB_EXPORT TPM_RC -CryptEccPointMultiply( - TPMS_ECC_POINT *Rout, // OUT: the product point R - TPM_ECC_CURVE curveId, // IN: the curve to use - TPMS_ECC_POINT *Pin, // IN: first point (can be null) - TPM2B_ECC_PARAMETER *dIn, // IN: scalar value for [dIn]Qin - // the Pin - TPMS_ECC_POINT *Qin, // IN: point Q - TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier - // of Q - ) -{ - CURVE_INITIALIZED(E, curveId); - POINT_INITIALIZED(ecP, Pin); - ECC_INITIALIZED(bnD, dIn); // If dIn is null, then bnD is null - ECC_INITIALIZED(bnU, uIn); - POINT_INITIALIZED(ecQ, Qin); - POINT(ecR); - TPM_RC retVal; -// - retVal = BnPointMult(ecR, ecP, bnD, ecQ, bnU, E); - - if(retVal == TPM_RC_SUCCESS) - BnPointTo2B(Rout, ecR, E); - else - ClearPoint2B(Rout); - CURVE_FREE(E); - return retVal; -} - -//*** CryptEccIsPointOnCurve() -// This function is used to test if a point is on a defined curve. It does this -// by checking that 'y'^2 mod 'p' = 'x'^3 + 'a'*'x' + 'b' mod 'p'. -// -// It is a fatal error if 'Q' is not specified (is NULL). -// Return Type: BOOL -// TRUE(1) point is on curve -// FALSE(0) point is not on curve or curve is not supported -LIB_EXPORT BOOL -CryptEccIsPointOnCurve( - TPM_ECC_CURVE curveId, // IN: the curve selector - TPMS_ECC_POINT *Qin // IN: the point. - ) -{ - const ECC_CURVE_DATA *C = GetCurveData(curveId); - POINT_INITIALIZED(ecQ, Qin); - BOOL OK; -// - pAssert(Qin != NULL); - OK = (C != NULL && (BnIsOnCurve(ecQ, C))); - return OK; -} - -//*** CryptEccGenerateKey() -// This function generates an ECC key pair based on the input parameters. -// This routine uses KDFa to produce candidate numbers. The method is according -// to FIPS 186-3, section B.1.2 "Key Pair Generation by Testing Candidates." -// According to the method in FIPS 186-3, the resulting private value 'd' should be -// 1 <= 'd' < 'n' where 'n' is the order of the base point. -// -// It is a fatal error if 'Qout', 'dOut', is not provided (is NULL). -// -// If the curve is not supported -// If 'seed' is not provided, then a random number will be used for the key -// Return Type: TPM_RC -// TPM_RC_CURVE curve is not supported -// TPM_RC_NO_RESULT could not verify key with signature (FIPS only) -LIB_EXPORT TPM_RC -CryptEccGenerateKey( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for - // the new key. The public key - // area will be replaced computed - // ECC public key - TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be - // updated to contain the private - // ECC key and the symmetric - // encryption key - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ - CURVE_INITIALIZED(E, publicArea->parameters.eccDetail.curveID); - ECC_NUM(bnD); - POINT(ecQ); - BOOL OK; - TPM_RC retVal; -// - TEST(TPM_ALG_ECDSA); // ECDSA is used to verify each key - - // Validate parameters - if(E == NULL) - ERROR_RETURN(TPM_RC_CURVE); - - publicArea->unique.ecc.x.t.size = 0; - publicArea->unique.ecc.y.t.size = 0; - sensitive->sensitive.ecc.t.size = 0; - - OK = BnEccGenerateKeyPair(bnD, ecQ, E, rand); - if(OK) - { - BnPointTo2B(&publicArea->unique.ecc, ecQ, E); - BnTo2B(bnD, &sensitive->sensitive.ecc.b, publicArea->unique.ecc.x.t.size); - } -#if FIPS_COMPLIANT - // See if PWCT is required - if(OK && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - { - ECC_NUM(bnT); - ECC_NUM(bnS); - TPM2B_DIGEST digest; -// - TEST(TPM_ALG_ECDSA); - digest.t.size = MIN(sensitive->sensitive.ecc.t.size, sizeof(digest.t.buffer)); - // Get a random value to sign using the built in DRBG state - DRBG_Generate(NULL, digest.t.buffer, digest.t.size); - if(g_inFailureMode) - return TPM_RC_FAILURE; - BnSignEcdsa(bnT, bnS, E, bnD, &digest, NULL); - // and make sure that we can validate the signature - OK = BnValidateSignatureEcdsa(bnT, bnS, E, ecQ, &digest) == TPM_RC_SUCCESS; - } -#endif - retVal = (OK) ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; -Exit: - CURVE_FREE(E); - return retVal; -} - -#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c deleted file mode 100644 index 42a198224..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c +++ /dev/null @@ -1,931 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes and Defines -#include "Tpm.h" -#include "CryptEccSignature_fp.h" - -#if ALG_ECC - -//** Utility Functions - -//*** EcdsaDigest() -// Function to adjust the digest so that it is no larger than the order of the -// curve. This is used for ECDSA sign and verification. -static bigNum -EcdsaDigest( - bigNum bnD, // OUT: the adjusted digest - const TPM2B_DIGEST *digest, // IN: digest to adjust - bigConst max // IN: value that indicates the maximum - // number of bits in the results - ) -{ - int bitsInMax = BnSizeInBits(max); - int shift; -// - if(digest == NULL) - BnSetWord(bnD, 0); - else - { - BnFromBytes(bnD, digest->t.buffer, - (NUMBYTES)MIN(digest->t.size, BITS_TO_BYTES(bitsInMax))); - shift = BnSizeInBits(bnD) - bitsInMax; - if(shift > 0) - BnShiftRight(bnD, bnD, shift); - } - return bnD; -} - -//*** BnSchnorrSign() -// This contains the Schnorr signature computation. It is used by both ECDSA and -// Schnorr signing. The result is computed as: ['s' = 'k' + 'r' * 'd' (mod 'n')] -// where -// 1) 's' is the signature -// 2) 'k' is a random value -// 3) 'r' is the value to sign -// 4) 'd' is the private EC key -// 5) 'n' is the order of the curve -// Return Type: TPM_RC -// TPM_RC_NO_RESULT the result of the operation was zero or 'r' (mod 'n') -// is zero -static TPM_RC -BnSchnorrSign( - bigNum bnS, // OUT: 's' component of the signature - bigConst bnK, // IN: a random value - bigNum bnR, // IN: the signature 'r' value - bigConst bnD, // IN: the private key - bigConst bnN // IN: the order of the curve - ) -{ - // Need a local temp value to store the intermediate computation because product - // size can be larger than will fit in bnS. - BN_VAR(bnT1, MAX_ECC_PARAMETER_BYTES * 2 * 8); -// - // Reduce bnR without changing the input value - BnDiv(NULL, bnT1, bnR, bnN); - if(BnEqualZero(bnT1)) - return TPM_RC_NO_RESULT; - // compute s = (k + r * d)(mod n) - // r * d - BnMult(bnT1, bnT1, bnD); - // k * r * d - BnAdd(bnT1, bnT1, bnK); - // k + r * d (mod n) - BnDiv(NULL, bnS, bnT1, bnN); - return (BnEqualZero(bnS)) ? TPM_RC_NO_RESULT : TPM_RC_SUCCESS; -} - -//** Signing Functions - -//*** BnSignEcdsa() -// This function implements the ECDSA signing algorithm. The method is described -// in the comments below. -TPM_RC -BnSignEcdsa( - bigNum bnR, // OUT: 'r' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bigNum bnD, // IN: private signing key - const TPM2B_DIGEST *digest, // IN: the digest to sign - RAND_STATE *rand // IN: used in debug of signing - ) -{ - ECC_NUM(bnK); - ECC_NUM(bnIk); - BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8); - POINT(ecR); - bigConst order = CurveGetOrder(AccessCurveData(E)); - TPM_RC retVal = TPM_RC_SUCCESS; - INT32 tries = 10; - BOOL OK = FALSE; -// - pAssert(digest != NULL); - // The algorithm as described in "Suite B Implementer's Guide to FIPS - // 186-3(ECDSA)" - // 1. Use one of the routines in Appendix A.2 to generate (k, k^-1), a - // per-message secret number and its inverse modulo n. Since n is prime, - // the output will be invalid only if there is a failure in the RBG. - // 2. Compute the elliptic curve point R = [k]G = (xR, yR) using EC scalar - // multiplication (see [Routines]), where G is the base point included in - // the set of domain parameters. - // 3. Compute r = xR mod n. If r = 0, then return to Step 1. 1. - // 4. Use the selected hash function to compute H = Hash(M). - // 5. Convert the bit string H to an integer e as described in Appendix B.2. - // 6. Compute s = (k^-1 * (e + d * r)) mod q. If s = 0, return to Step 1.2. - // 7. Return (r, s). - // In the code below, q is n (that it, the order of the curve is p) - - do // This implements the loop at step 6. If s is zero, start over. - { - for(; tries > 0; tries--) - { - // Step 1 and 2 -- generate an ephemeral key and the modular inverse - // of the private key. - if(!BnEccGenerateKeyPair(bnK, ecR, E, rand)) - continue; - // x coordinate is mod p. Make it mod q - BnMod(ecR->x, order); - // Make sure that it is not zero; - if(BnEqualZero(ecR->x)) - continue; - // write the modular reduced version of r as part of the signature - BnCopy(bnR, ecR->x); - // Make sure that a modular inverse exists and try again if not - OK = (BnModInverse(bnIk, bnK, order)); - if(OK) - break; - } - if(!OK) - goto Exit; - - EcdsaDigest(bnE, digest, order); - - // now have inverse of K (bnIk), e (bnE), r (bnR), d (bnD) and - // CurveGetOrder(E) - // Compute s = k^-1 (e + r*d)(mod q) - // first do s = r*d mod q - BnModMult(bnS, bnR, bnD, order); - // s = e + s = e + r * d - BnAdd(bnS, bnE, bnS); - // s = k^(-1)s (mod n) = k^(-1)(e + r * d)(mod n) - BnModMult(bnS, bnIk, bnS, order); - - // If S is zero, try again - } while(BnEqualZero(bnS)); -Exit: - return retVal; -} - -#if ALG_ECDAA - -//*** BnSignEcdaa() -// -// This function performs 's' = 'r' + 'T' * 'd' mod 'q' where -// 1) 'r is a random, or pseudo-random value created in the commit phase -// 2) 'nonceK' is a TPM-generated, random value 0 < 'nonceK' < 'n' -// 3) 'T' is mod 'q' of "Hash"('nonceK' || 'digest'), and -// 4) 'd' is a private key. -// -// The signature is the tuple ('nonceK', 's') -// -// Regrettably, the parameters in this function kind of collide with the parameter -// names used in ECSCHNORR making for a lot of confusion. -// Return Type: TPM_RC -// TPM_RC_SCHEME unsupported hash algorithm -// TPM_RC_NO_RESULT cannot get values from random number generator -static TPM_RC -BnSignEcdaa( - TPM2B_ECC_PARAMETER *nonceK, // OUT: 'nonce' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in signing - bigNum bnD, // IN: the private key - const TPM2B_DIGEST *digest, // IN: the value to sign (mod 'q') - TPMT_ECC_SCHEME *scheme, // IN: signing scheme (contains the - // commit count value). - OBJECT *eccKey, // IN: The signing key - RAND_STATE *rand // IN: a random number state - ) -{ - TPM_RC retVal; - TPM2B_ECC_PARAMETER r; - HASH_STATE state; - TPM2B_DIGEST T; - BN_MAX(bnT); -// - NOT_REFERENCED(rand); - if(!CryptGenerateR(&r, &scheme->details.ecdaa.count, - eccKey->publicArea.parameters.eccDetail.curveID, - &eccKey->name)) - retVal = TPM_RC_VALUE; - else - { - // This allocation is here because 'r' doesn't have a value until - // CrypGenerateR() is done. - ECC_INITIALIZED(bnR, &r); - do - { - // generate nonceK such that 0 < nonceK < n - // use bnT as a temp. - if(!BnEccGetPrivate(bnT, AccessCurveData(E), rand)) - { - retVal = TPM_RC_NO_RESULT; - break; - } - BnTo2B(bnT, &nonceK->b, 0); - - T.t.size = CryptHashStart(&state, scheme->details.ecdaa.hashAlg); - if(T.t.size == 0) - { - retVal = TPM_RC_SCHEME; - } - else - { - CryptDigestUpdate2B(&state, &nonceK->b); - CryptDigestUpdate2B(&state, &digest->b); - CryptHashEnd2B(&state, &T.b); - BnFrom2B(bnT, &T.b); - // Watch out for the name collisions in this call!! - retVal = BnSchnorrSign(bnS, bnR, bnT, bnD, - AccessCurveData(E)->order); - } - } while(retVal == TPM_RC_NO_RESULT); - // Because the rule is that internal state is not modified if the command - // fails, only end the commit if the command succeeds. - // NOTE that if the result of the Schnorr computation was zero - // it will probably not be worthwhile to run the same command again because - // the result will still be zero. This means that the Commit command will - // need to be run again to get a new commit value for the signature. - if(retVal == TPM_RC_SUCCESS) - CryptEndCommit(scheme->details.ecdaa.count); - } - return retVal; -} -#endif // ALG_ECDAA - -#if ALG_ECSCHNORR - -//*** SchnorrReduce() -// Function to reduce a hash result if it's magnitude is too large. The size of -// 'number' is set so that it has no more bytes of significance than 'reference' -// value. If the resulting number can have more bits of significance than -// 'reference'. -static void -SchnorrReduce( - TPM2B *number, // IN/OUT: Value to reduce - bigConst reference // IN: the reference value - ) -{ - UINT16 maxBytes = (UINT16)BITS_TO_BYTES(BnSizeInBits(reference)); - if(number->size > maxBytes) - number->size = maxBytes; -} - -//*** SchnorrEcc() -// This function is used to perform a modified Schnorr signature. -// -// This function will generate a random value 'k' and compute -// a) ('xR', 'yR') = ['k']'G' -// b) 'r' = "Hash"('xR' || 'P')(mod 'q') -// c) 'rT' = truncated 'r' -// d) 's'= 'k' + 'rT' * 'ds' (mod 'q') -// e) return the tuple 'rT', 's' -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT failure in the Schnorr sign process -// TPM_RC_SCHEME hashAlg can't produce zero-length digest -static TPM_RC -BnSignEcSchnorr( - bigNum bnR, // OUT: 'r' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in signing - bigNum bnD, // IN: the signing key - const TPM2B_DIGEST *digest, // IN: the digest to sign - TPM_ALG_ID hashAlg, // IN: signing scheme (contains a hash) - RAND_STATE *rand // IN: non-NULL when testing - ) -{ - HASH_STATE hashState; - UINT16 digestSize = CryptHashGetDigestSize(hashAlg); - TPM2B_TYPE(T, MAX(MAX_DIGEST_SIZE, MAX_ECC_KEY_BYTES)); - TPM2B_T T2b; - TPM2B *e = &T2b.b; - TPM_RC retVal = TPM_RC_NO_RESULT; - const ECC_CURVE_DATA *C; - bigConst order; - bigConst prime; - ECC_NUM(bnK); - POINT(ecR); -// - // Parameter checks - if(E == NULL) - ERROR_RETURN(TPM_RC_VALUE); - C = AccessCurveData(E); - order = CurveGetOrder(C); - prime = CurveGetOrder(C); - - // If the digest does not produce a hash, then null the signature and return - // a failure. - if(digestSize == 0) - { - BnSetWord(bnR, 0); - BnSetWord(bnS, 0); - ERROR_RETURN(TPM_RC_SCHEME); - } - do - { - // Generate a random key pair - if(!BnEccGenerateKeyPair(bnK, ecR, E, rand)) - break; - // Convert R.x to a string - BnTo2B(ecR->x, e, (NUMBYTES)BITS_TO_BYTES(BnSizeInBits(prime))); - - // f) compute r = Hash(e || P) (mod n) - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate2B(&hashState, e); - CryptDigestUpdate2B(&hashState, &digest->b); - e->size = CryptHashEnd(&hashState, digestSize, e->buffer); - // Reduce the hash size if it is larger than the curve order - SchnorrReduce(e, order); - // Convert hash to number - BnFrom2B(bnR, e); - // Do the Schnorr computation - retVal = BnSchnorrSign(bnS, bnK, bnR, bnD, CurveGetOrder(C)); - } while(retVal == TPM_RC_NO_RESULT); -Exit: - return retVal; -} - -#endif // ALG_ECSCHNORR - -#if ALG_SM2 -#ifdef _SM2_SIGN_DEBUG - -//*** BnHexEqual() -// This function compares a bignum value to a hex string. -// Return Type: BOOL -// TRUE(1) values equal -// FALSE(0) values not equal -static BOOL -BnHexEqual( - bigNum bn, //IN: big number value - const char *c //IN: character string number - ) -{ - ECC_NUM(bnC); - BnFromHex(bnC, c); - return (BnUnsignedCmp(bn, bnC) == 0); -} -#endif // _SM2_SIGN_DEBUG - -//*** BnSignEcSm2() -// This function signs a digest using the method defined in SM2 Part 2. The method -// in the standard will add a header to the message to be signed that is a hash of -// the values that define the key. This then hashed with the message to produce a -// digest ('e'). This function signs 'e'. -// Return Type: TPM_RC -// TPM_RC_VALUE bad curve -static TPM_RC -BnSignEcSm2( - bigNum bnR, // OUT: 'r' component of the signature - bigNum bnS, // OUT: 's' component of the signature - bigCurve E, // IN: the curve used in signing - bigNum bnD, // IN: the private key - const TPM2B_DIGEST *digest, // IN: the digest to sign - RAND_STATE *rand // IN: random number generator (mostly for - // debug) - ) -{ - BN_MAX_INITIALIZED(bnE, digest); // Don't know how big digest might be - ECC_NUM(bnN); - ECC_NUM(bnK); - ECC_NUM(bnT); // temp - POINT(Q1); - bigConst order = (E != NULL) - ? CurveGetOrder(AccessCurveData(E)) : NULL; -// -#ifdef _SM2_SIGN_DEBUG - BnFromHex(bnE, "B524F552CD82B8B028476E005C377FB1" - "9A87E6FC682D48BB5D42E3D9B9EFFE76"); - BnFromHex(bnD, "128B2FA8BD433C6C068C8D803DFF7979" - "2A519A55171B1B650C23661D15897263"); -#endif - // A3: Use random number generator to generate random number 1 <= k <= n-1; - // NOTE: Ax: numbers are from the SM2 standard -loop: - { - // Get a random number 0 < k < n - BnGenerateRandomInRange(bnK, order, rand); -#ifdef _SM2_SIGN_DEBUG - BnFromHex(bnK, "6CB28D99385C175C94F94E934817663F" - "C176D925DD72B727260DBAAE1FB2F96F"); -#endif - // A4: Figure out the point of elliptic curve (x1, y1)=[k]G, and according - // to details specified in 4.2.7 in Part 1 of this document, transform the - // data type of x1 into an integer; - if(!BnEccModMult(Q1, NULL, bnK, E)) - goto loop; - // A5: Figure out 'r' = ('e' + 'x1') mod 'n', - BnAdd(bnR, bnE, Q1->x); - BnMod(bnR, order); -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); -#endif - // if r=0 or r+k=n, return to A3; - if(BnEqualZero(bnR)) - goto loop; - BnAdd(bnT, bnK, bnR); - if(BnUnsignedCmp(bnT, bnN) == 0) - goto loop; - // A6: Figure out s = ((1 + dA)^-1 (k - r dA)) mod n, - // if s=0, return to A3; - // compute t = (1+dA)^-1 - BnAddWord(bnT, bnD, 1); - BnModInverse(bnT, bnT, order); -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnT, "79BFCF3052C80DA7B939E0C6914A18CB" - "B2D96D8555256E83122743A7D4F5F956")); -#endif - // compute s = t * (k - r * dA) mod n - BnModMult(bnS, bnR, bnD, order); - // k - r * dA mod n = k + n - ((r * dA) mod n) - BnSub(bnS, order, bnS); - BnAdd(bnS, bnK, bnS); - BnModMult(bnS, bnS, bnT, order); -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); -#endif - if(BnEqualZero(bnS)) - goto loop; - } - // A7: According to details specified in 4.2.1 in Part 1 of this document, - // transform the data type of r, s into bit strings, signature of message M - // is (r, s). - // This is handled by the common return code -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); - pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); -#endif - return TPM_RC_SUCCESS; -} -#endif // ALG_SM2 - -//*** CryptEccSign() -// This function is the dispatch function for the various ECC-based -// signing schemes. -// There is a bit of ugliness to the parameter passing. In order to test this, -// we sometime would like to use a deterministic RNG so that we can get the same -// signatures during testing. The easiest way to do this for most schemes is to -// pass in a deterministic RNG and let it return canned values during testing. -// There is a competing need for a canned parameter to use in ECDAA. To accommodate -// both needs with minimal fuss, a special type of RAND_STATE is defined to carry -// the address of the commit value. The setup and handling of this is not very -// different for the caller than what was in previous versions of the code. -// Return Type: TPM_RC -// TPM_RC_SCHEME 'scheme' is not supported -LIB_EXPORT TPM_RC -CryptEccSign( - TPMT_SIGNATURE *signature, // OUT: signature - OBJECT *signKey, // IN: ECC key to sign the hash - const TPM2B_DIGEST *digest, // IN: digest to sign - TPMT_ECC_SCHEME *scheme, // IN: signing scheme - RAND_STATE *rand - ) -{ - CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); - ECC_INITIALIZED(bnD, &signKey->sensitive.sensitive.ecc.b); - ECC_NUM(bnR); - ECC_NUM(bnS); - const ECC_CURVE_DATA *C; - TPM_RC retVal = TPM_RC_SCHEME; -// - NOT_REFERENCED(scheme); - if(E == NULL) - ERROR_RETURN(TPM_RC_VALUE); - C = AccessCurveData(E); - signature->signature.ecdaa.signatureR.t.size - = sizeof(signature->signature.ecdaa.signatureR.t.buffer); - signature->signature.ecdaa.signatureS.t.size - = sizeof(signature->signature.ecdaa.signatureS.t.buffer); - TEST(signature->sigAlg); - switch(signature->sigAlg) - { - case ALG_ECDSA_VALUE: - retVal = BnSignEcdsa(bnR, bnS, E, bnD, digest, rand); - break; -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - retVal = BnSignEcdaa(&signature->signature.ecdaa.signatureR, bnS, E, - bnD, digest, scheme, signKey, rand); - bnR = NULL; - break; -#endif -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - retVal = BnSignEcSchnorr(bnR, bnS, E, bnD, digest, - signature->signature.ecschnorr.hash, - rand); - break; -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: - retVal = BnSignEcSm2(bnR, bnS, E, bnD, digest, rand); - break; -#endif - default: - break; - } - // If signature generation worked, convert the results. - if(retVal == TPM_RC_SUCCESS) - { - NUMBYTES orderBytes = - (NUMBYTES)BITS_TO_BYTES(BnSizeInBits(CurveGetOrder(C))); - if(bnR != NULL) - BnTo2B(bnR, &signature->signature.ecdaa.signatureR.b, orderBytes); - if(bnS != NULL) - BnTo2B(bnS, &signature->signature.ecdaa.signatureS.b, orderBytes); - } -Exit: - CURVE_FREE(E); - return retVal; -} - -//********************* Signature Validation ******************** - -#if ALG_ECDSA - -//*** BnValidateSignatureEcdsa() -// This function validates an ECDSA signature. rIn and sIn should have been checked -// to make sure that they are in the range 0 < 'v' < 'n' -// Return Type: TPM_RC -// TPM_RC_SIGNATURE signature not valid -TPM_RC -BnValidateSignatureEcdsa( - bigNum bnR, // IN: 'r' component of the signature - bigNum bnS, // IN: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bn_point_t *ecQ, // IN: the public point of the key - const TPM2B_DIGEST *digest // IN: the digest that was signed - ) -{ - // Make sure that the allocation for the digest is big enough for a maximum - // digest - BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8); - POINT(ecR); - ECC_NUM(bnU1); - ECC_NUM(bnU2); - ECC_NUM(bnW); - bigConst order = CurveGetOrder(AccessCurveData(E)); - TPM_RC retVal = TPM_RC_SIGNATURE; -// - // Get adjusted digest - EcdsaDigest(bnE, digest, order); - // 1. If r and s are not both integers in the interval [1, n - 1], output - // INVALID. - // bnR and bnS were validated by the caller - // 2. Use the selected hash function to compute H0 = Hash(M0). - // This is an input parameter - // 3. Convert the bit string H0 to an integer e as described in Appendix B.2. - // Done at entry - // 4. Compute w = (s')^-1 mod n, using the routine in Appendix B.1. - if(!BnModInverse(bnW, bnS, order)) - goto Exit; - // 5. Compute u1 = (e' * w) mod n, and compute u2 = (r' * w) mod n. - BnModMult(bnU1, bnE, bnW, order); - BnModMult(bnU2, bnR, bnW, order); - // 6. Compute the elliptic curve point R = (xR, yR) = u1G+u2Q, using EC - // scalar multiplication and EC addition (see [Routines]). If R is equal to - // the point at infinity O, output INVALID. - if(BnPointMult(ecR, CurveGetG(AccessCurveData(E)), bnU1, ecQ, bnU2, E) - != TPM_RC_SUCCESS) - goto Exit; - // 7. Compute v = Rx mod n. - BnMod(ecR->x, order); - // 8. Compare v and r0. If v = r0, output VALID; otherwise, output INVALID - if(BnUnsignedCmp(ecR->x, bnR) != 0) - goto Exit; - - retVal = TPM_RC_SUCCESS; -Exit: - return retVal; -} - -#endif // ALG_ECDSA - -#if ALG_SM2 - -//*** BnValidateSignatureEcSm2() -// This function is used to validate an SM2 signature. -// Return Type: TPM_RC -// TPM_RC_SIGNATURE signature not valid -static TPM_RC -BnValidateSignatureEcSm2( - bigNum bnR, // IN: 'r' component of the signature - bigNum bnS, // IN: 's' component of the signature - bigCurve E, // IN: the curve used in the signature - // process - bigPoint ecQ, // IN: the public point of the key - const TPM2B_DIGEST *digest // IN: the digest that was signed - ) -{ - POINT(P); - ECC_NUM(bnRp); - ECC_NUM(bnT); - BN_MAX_INITIALIZED(bnE, digest); - BOOL OK; - bigConst order = CurveGetOrder(AccessCurveData(E)); - -#ifdef _SM2_SIGN_DEBUG - // Make sure that the input signature is the test signature - pAssert(BnHexEqual(bnR, - "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); - pAssert(BnHexEqual(bnS, - "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); -#endif - // b) compute t := (r + s) mod n - BnAdd(bnT, bnR, bnS); - BnMod(bnT, order); -#ifdef _SM2_SIGN_DEBUG - pAssert(BnHexEqual(bnT, - "2B75F07ED7ECE7CCC1C8986B991F441A" - "D324D6D619FE06DD63ED32E0C997C801")); -#endif - // c) verify that t > 0 - OK = !BnEqualZero(bnT); - if(!OK) - // set T to a value that should allow rest of the computations to run - // without trouble - BnCopy(bnT, bnS); - // d) compute (x, y) := [s]G + [t]Q - OK = BnEccModMult2(P, NULL, bnS, ecQ, bnT, E); -#ifdef _SM2_SIGN_DEBUG - pAssert(OK && BnHexEqual(P->x, - "110FCDA57615705D5E7B9324AC4B856D" - "23E6D9188B2AE47759514657CE25D112")); -#endif - // e) compute r' := (e + x) mod n (the x coordinate is in bnT) - OK = OK && BnAdd(bnRp, bnE, P->x); - OK = OK && BnMod(bnRp, order); - - // f) verify that r' = r - OK = OK && (BnUnsignedCmp(bnR, bnRp) == 0); - - if(!OK) - return TPM_RC_SIGNATURE; - else - return TPM_RC_SUCCESS; -} - -#endif // ALG_SM2 - -#if ALG_ECSCHNORR - -//*** BnValidateSignatureEcSchnorr() -// This function is used to validate an EC Schnorr signature. -// Return Type: TPM_RC -// TPM_RC_SIGNATURE signature not valid -static TPM_RC -BnValidateSignatureEcSchnorr( - bigNum bnR, // IN: 'r' component of the signature - bigNum bnS, // IN: 's' component of the signature - TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature - bigCurve E, // IN: the curve used in the signature - // process - bigPoint ecQ, // IN: the public point of the key - const TPM2B_DIGEST *digest // IN: the digest that was signed - ) -{ - BN_MAX(bnRn); - POINT(ecE); - BN_MAX(bnEx); - const ECC_CURVE_DATA *C = AccessCurveData(E); - bigConst order = CurveGetOrder(C); - UINT16 digestSize = CryptHashGetDigestSize(hashAlg); - HASH_STATE hashState; - TPM2B_TYPE(BUFFER, MAX(MAX_ECC_PARAMETER_BYTES, MAX_DIGEST_SIZE)); - TPM2B_BUFFER Ex2 = {{sizeof(Ex2.t.buffer),{ 0 }}}; - BOOL OK; -// - // E = [s]G - [r]Q - BnMod(bnR, order); - // Make -r = n - r - BnSub(bnRn, order, bnR); - // E = [s]G + [-r]Q - OK = BnPointMult(ecE, CurveGetG(C), bnS, ecQ, bnRn, E) == TPM_RC_SUCCESS; -// // reduce the x portion of E mod q -// OK = OK && BnMod(ecE->x, order); - // Convert to byte string - OK = OK && BnTo2B(ecE->x, &Ex2.b, - (NUMBYTES)(BITS_TO_BYTES(BnSizeInBits(order)))); - if(OK) - { -// Ex = h(pE.x || digest) - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate(&hashState, Ex2.t.size, Ex2.t.buffer); - CryptDigestUpdate(&hashState, digest->t.size, digest->t.buffer); - Ex2.t.size = CryptHashEnd(&hashState, digestSize, Ex2.t.buffer); - SchnorrReduce(&Ex2.b, order); - BnFrom2B(bnEx, &Ex2.b); - // see if Ex matches R - OK = BnUnsignedCmp(bnEx, bnR) == 0; - } - return (OK) ? TPM_RC_SUCCESS : TPM_RC_SIGNATURE; -} -#endif // ALG_ECSCHNORR - -//*** CryptEccValidateSignature() -// This function validates an EcDsa or EcSchnorr signature. -// The point 'Qin' needs to have been validated to be on the curve of 'curveId'. -// Return Type: TPM_RC -// TPM_RC_SIGNATURE not a valid signature -LIB_EXPORT TPM_RC -CryptEccValidateSignature( - TPMT_SIGNATURE *signature, // IN: signature to be verified - OBJECT *signKey, // IN: ECC key signed the hash - const TPM2B_DIGEST *digest // IN: digest that was signed - ) -{ - CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); - ECC_NUM(bnR); - ECC_NUM(bnS); - POINT_INITIALIZED(ecQ, &signKey->publicArea.unique.ecc); - bigConst order; - TPM_RC retVal; - - if(E == NULL) - ERROR_RETURN(TPM_RC_VALUE); - - order = CurveGetOrder(AccessCurveData(E)); - -// // Make sure that the scheme is valid - switch(signature->sigAlg) - { - case ALG_ECDSA_VALUE: -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif - break; - default: - ERROR_RETURN(TPM_RC_SCHEME); - break; - } - // Can convert r and s after determining that the scheme is an ECC scheme. If - // this conversion doesn't work, it means that the unmarshaling code for - // an ECC signature is broken. - BnFrom2B(bnR, &signature->signature.ecdsa.signatureR.b); - BnFrom2B(bnS, &signature->signature.ecdsa.signatureS.b); - - // r and s have to be greater than 0 but less than the curve order - if(BnEqualZero(bnR) || BnEqualZero(bnS)) - ERROR_RETURN(TPM_RC_SIGNATURE); - if((BnUnsignedCmp(bnS, order) >= 0) - || (BnUnsignedCmp(bnR, order) >= 0)) - ERROR_RETURN(TPM_RC_SIGNATURE); - - switch(signature->sigAlg) - { - case ALG_ECDSA_VALUE: - retVal = BnValidateSignatureEcdsa(bnR, bnS, E, ecQ, digest); - break; - -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - retVal = BnValidateSignatureEcSchnorr(bnR, bnS, - signature->signature.any.hashAlg, - E, ecQ, digest); - break; -#endif -#if ALG_SM2 - case ALG_SM2_VALUE: - retVal = BnValidateSignatureEcSm2(bnR, bnS, E, ecQ, digest); - break; -#endif - default: - FAIL(FATAL_ERROR_INTERNAL); - } -Exit: - CURVE_FREE(E); - return retVal; -} - -//***CryptEccCommitCompute() -// This function performs the point multiply operations required by TPM2_Commit. -// -// If 'B' or 'M' is provided, they must be on the curve defined by 'curveId'. This -// routine does not check that they are on the curve and results are unpredictable -// if they are not. -// -// It is a fatal error if 'r' is NULL. If 'B' is not NULL, then it is a -// fatal error if 'd' is NULL or if 'K' and 'L' are both NULL. -// If 'M' is not NULL, then it is a fatal error if 'E' is NULL. -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT if 'K', 'L' or 'E' was computed to be the point -// at infinity -// TPM_RC_CANCELED a cancel indication was asserted during this -// function -LIB_EXPORT TPM_RC -CryptEccCommitCompute( - TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q - TPMS_ECC_POINT *L, // OUT: [r]B - TPMS_ECC_POINT *E, // OUT: [r]M - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPMS_ECC_POINT *M, // IN: M (optional) - TPMS_ECC_POINT *B, // IN: B (optional) - TPM2B_ECC_PARAMETER *d, // IN: d (optional) - TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) - ) -{ - CURVE_INITIALIZED(curve, curveId); // Normally initialize E as the curve, but - // E means something else in this function - ECC_INITIALIZED(bnR, r); - TPM_RC retVal = TPM_RC_SUCCESS; -// - // Validate that the required parameters are provided. - // Note: E has to be provided if computing E := [r]Q or E := [r]M. Will do - // E := [r]Q if both M and B are NULL. - pAssert(r != NULL && E != NULL); - - // Initialize the output points in case they are not computed - ClearPoint2B(K); - ClearPoint2B(L); - ClearPoint2B(E); - - // Sizes of the r parameter may not be zero - pAssert(r->t.size > 0); - - // If B is provided, compute K=[d]B and L=[r]B - if(B != NULL) - { - ECC_INITIALIZED(bnD, d); - POINT_INITIALIZED(pB, B); - POINT(pK); - POINT(pL); -// - pAssert(d != NULL && K != NULL && L != NULL); - - if(!BnIsOnCurve(pB, AccessCurveData(curve))) - ERROR_RETURN(TPM_RC_VALUE); - // do the math for K = [d]B - if((retVal = BnPointMult(pK, pB, bnD, NULL, NULL, curve)) != TPM_RC_SUCCESS) - goto Exit; - // Convert BN K to TPM2B K - BnPointTo2B(K, pK, curve); - // compute L= [r]B after checking for cancel - if(_plat__IsCanceled()) - ERROR_RETURN(TPM_RC_CANCELED); - // compute L = [r]B - if(!BnIsValidPrivateEcc(bnR, curve)) - ERROR_RETURN(TPM_RC_VALUE); - if((retVal = BnPointMult(pL, pB, bnR, NULL, NULL, curve)) != TPM_RC_SUCCESS) - goto Exit; - // Convert BN L to TPM2B L - BnPointTo2B(L, pL, curve); - } - if((M != NULL) || (B == NULL)) - { - POINT_INITIALIZED(pM, M); - POINT(pE); -// - // Make sure that a place was provided for the result - pAssert(E != NULL); - - // if this is the third point multiply, check for cancel first - if((B != NULL) && _plat__IsCanceled()) - ERROR_RETURN(TPM_RC_CANCELED); - - // If M provided, then pM will not be NULL and will compute E = [r]M. - // However, if M was not provided, then pM will be NULL and E = [r]G - // will be computed - if((retVal = BnPointMult(pE, pM, bnR, NULL, NULL, curve)) != TPM_RC_SUCCESS) - goto Exit; - // Convert E to 2B format - BnPointTo2B(E, pE, curve); - } -Exit: - CURVE_FREE(curve); - return retVal; -} - -#endif // ALG_ECC \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c deleted file mode 100644 index 3f6ac63a2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c +++ /dev/null @@ -1,938 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// -// This file contains implementation of cryptographic functions for hashing. -// -//** Includes, Defines, and Types - -#define _CRYPT_HASH_C_ -#include "Tpm.h" -#include "CryptHash_fp.h" -#include "CryptHash.h" -#include "OIDs.h" - -#define HASH_TABLE_SIZE (HASH_COUNT + 1) - - -#if ALG_SHA1 -HASH_DEF_TEMPLATE(SHA1, Sha1); -#endif -#if ALG_SHA256 -HASH_DEF_TEMPLATE(SHA256, Sha256); -#endif -#if ALG_SHA384 -HASH_DEF_TEMPLATE(SHA384, Sha384); -#endif -#if ALG_SHA512 -HASH_DEF_TEMPLATE(SHA512, Sha512); -#endif -#if ALG_SM3_256 -HASH_DEF_TEMPLATE(SM3_256, Sm3_256); -#endif -HASH_DEF NULL_Def = {{0}}; - -PHASH_DEF HashDefArray[] = { -#if ALG_SHA1 - &Sha1_Def, -#endif -#if ALG_SHA256 - &Sha256_Def, -#endif -#if ALG_SHA384 - &Sha384_Def, -#endif -#if ALG_SHA512 - &Sha512_Def, -#endif -#if ALG_SM3_256 - &Sm3_256_Def, -#endif - &NULL_Def -}; - - -//** Obligatory Initialization Functions - -//*** CryptHashInit() -// This function is called by _TPM_Init do perform the initialization operations for -// the library. -BOOL -CryptHashInit( - void - ) -{ - LibHashInit(); - return TRUE; -} - -//*** CryptHashStartup() -// This function is called by TPM2_Startup(). It checks that the size of the -// HashDefArray is consistent with the HASH_COUNT. -BOOL -CryptHashStartup( - void - ) -{ - int i = sizeof(HashDefArray) / sizeof(PHASH_DEF) - 1; - return (i == HASH_COUNT); -} - -//** Hash Information Access Functions -//*** Introduction -// These functions provide access to the hash algorithm description information. - -//*** CryptGetHashDef() -// This function accesses the hash descriptor associated with a hash a -// algorithm. The function returns a pointer to a 'null' descriptor if hashAlg is -// TPM_ALG_NULL or not a defined algorithm. -PHASH_DEF -CryptGetHashDef( - TPM_ALG_ID hashAlg - ) -{ - size_t i; -#define HASHES (sizeof(HashDefArray) / sizeof(PHASH_DEF)) - for(i = 0; i < HASHES; i++) - { - PHASH_DEF p = HashDefArray[i]; - if(p->hashAlg == hashAlg) - return p; - } - return &NULL_Def; -} - -//*** CryptHashIsValidAlg() -// This function tests to see if an algorithm ID is a valid hash algorithm. If -// flag is true, then TPM_ALG_NULL is a valid hash. -// Return Type: BOOL -// TRUE(1) hashAlg is a valid, implemented hash on this TPM -// FALSE(0) hashAlg is not valid for this TPM -BOOL -CryptHashIsValidAlg( - TPM_ALG_ID hashAlg, // IN: the algorithm to check - BOOL flag // IN: TRUE if TPM_ALG_NULL is to be treated - // as a valid hash - ) -{ - if(hashAlg == TPM_ALG_NULL) - return flag; - return CryptGetHashDef(hashAlg) != &NULL_Def; -} - -//*** CryptHashGetAlgByIndex() -// This function is used to iterate through the hashes. TPM_ALG_NULL -// is returned for all indexes that are not valid hashes. -// If the TPM implements 3 hashes, then an 'index' value of 0 will -// return the first implemented hash and an 'index' of 2 will return the -// last. All other index values will return TPM_ALG_NULL. -// -// Return Type: TPM_ALG_ID -// TPM_ALG_xxx a hash algorithm -// TPM_ALG_NULL this can be used as a stop value -LIB_EXPORT TPM_ALG_ID -CryptHashGetAlgByIndex( - UINT32 index // IN: the index - ) -{ - TPM_ALG_ID hashAlg; - if(index >= HASH_COUNT) - hashAlg = TPM_ALG_NULL; - else - hashAlg = HashDefArray[index]->hashAlg; - return hashAlg; -} - -//*** CryptHashGetDigestSize() -// Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash -// algorithm, the TPM will FAIL. -// Return Type: UINT16 -// 0 TPM_ALG_NULL -// > 0 the digest size -// -LIB_EXPORT UINT16 -CryptHashGetDigestSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up - ) -{ - return CryptGetHashDef(hashAlg)->digestSize; -} - -//*** CryptHashGetBlockSize() -// Returns the size of the block used by the hash. If 'hashAlg' is not a hash -// algorithm, the TPM will FAIL. -// Return Type: UINT16 -// 0 TPM_ALG_NULL -// > 0 the digest size -// -LIB_EXPORT UINT16 -CryptHashGetBlockSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up - ) -{ - return CryptGetHashDef(hashAlg)->blockSize; -} - -//*** CryptHashGetOid() -// This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs -// are full OID values including the Tag (0x06) and length byte. -LIB_EXPORT const BYTE * -CryptHashGetOid( - TPM_ALG_ID hashAlg -) -{ - return CryptGetHashDef(hashAlg)->OID; -} - -//*** CryptHashGetContextAlg() -// This function returns the hash algorithm associated with a hash context. -TPM_ALG_ID -CryptHashGetContextAlg( - PHASH_STATE state // IN: the context to check - ) -{ - return state->hashAlg; -} - -//** State Import and Export - -//*** CryptHashCopyState -// This function is used to clone a HASH_STATE. -LIB_EXPORT void -CryptHashCopyState( - HASH_STATE *out, // OUT: destination of the state - const HASH_STATE *in // IN: source of the state - ) -{ - pAssert(out->type == in->type); - out->hashAlg = in->hashAlg; - out->def = in->def; - if(in->hashAlg != TPM_ALG_NULL) - { - HASH_STATE_COPY(out, in); - } - if(in->type == HASH_STATE_HMAC) - { - const HMAC_STATE *hIn = (HMAC_STATE *)in; - HMAC_STATE *hOut = (HMAC_STATE *)out; - hOut->hmacKey = hIn->hmacKey; - } - return; -} - -//*** CryptHashExportState() -// This function is used to export a hash or HMAC hash state. This function -// would be called when preparing to context save a sequence object. -void -CryptHashExportState( - PCHASH_STATE internalFmt, // IN: the hash state formatted for use by - // library - PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state - ) -{ - BYTE *outBuf = (BYTE *)externalFmt; -// - cAssert(sizeof(HASH_STATE) <= sizeof(EXPORT_HASH_STATE)); - // the following #define is used to move data from an aligned internal data - // structure to a byte buffer (external format data. -#define CopyToOffset(value) \ - memcpy(&outBuf[offsetof(HASH_STATE,value)], &internalFmt->value, \ - sizeof(internalFmt->value)) - // Copy the hashAlg - CopyToOffset(hashAlg); - CopyToOffset(type); -#ifdef HASH_STATE_SMAC - if(internalFmt->type == HASH_STATE_SMAC) - { - memcpy(outBuf, internalFmt, sizeof(HASH_STATE)); - return; - - } -#endif - if(internalFmt->type == HASH_STATE_HMAC) - { - HMAC_STATE *from = (HMAC_STATE *)internalFmt; - memcpy(&outBuf[offsetof(HMAC_STATE, hmacKey)], &from->hmacKey, - sizeof(from->hmacKey)); - } - if(internalFmt->hashAlg != TPM_ALG_NULL) - HASH_STATE_EXPORT(externalFmt, internalFmt); -} - -//*** CryptHashImportState() -// This function is used to import the hash state. This function -// would be called to import a hash state when the context of a sequence object -// was being loaded. -void -CryptHashImportState( - PHASH_STATE internalFmt, // OUT: the hash state formatted for use by - // the library - PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state - ) -{ - BYTE *inBuf = (BYTE *)externalFmt; -// -#define CopyFromOffset(value) \ - memcpy(&internalFmt->value, &inBuf[offsetof(HASH_STATE,value)], \ - sizeof(internalFmt->value)) - - // Copy the hashAlg of the byte-aligned input structure to the structure-aligned - // internal structure. - CopyFromOffset(hashAlg); - CopyFromOffset(type); - if(internalFmt->hashAlg != TPM_ALG_NULL) - { -#ifdef HASH_STATE_SMAC - if(internalFmt->type == HASH_STATE_SMAC) - { - memcpy(internalFmt, inBuf, sizeof(HASH_STATE)); - return; - } -#endif - internalFmt->def = CryptGetHashDef(internalFmt->hashAlg); - HASH_STATE_IMPORT(internalFmt, inBuf); - if(internalFmt->type == HASH_STATE_HMAC) - { - HMAC_STATE *to = (HMAC_STATE *)internalFmt; - memcpy(&to->hmacKey, &inBuf[offsetof(HMAC_STATE, hmacKey)], - sizeof(to->hmacKey)); - } - } -} - -//** State Modification Functions - -//***HashEnd() -// Local function to complete a hash that uses the hashDef instead of an algorithm -// ID. This function is used to complete the hash and only return a partial digest. -// The return value is the size of the data copied. -static UINT16 -HashEnd( - PHASH_STATE hashState, // IN: the hash state - UINT32 dOutSize, // IN: the size of receive buffer - PBYTE dOut // OUT: the receive buffer - ) -{ - BYTE temp[MAX_DIGEST_SIZE]; - if((hashState->hashAlg == TPM_ALG_NULL) - || (hashState->type != HASH_STATE_HASH)) - dOutSize = 0; - if(dOutSize > 0) - { - hashState->def = CryptGetHashDef(hashState->hashAlg); - // Set the final size - dOutSize = MIN(dOutSize, hashState->def->digestSize); - // Complete into the temp buffer and then copy - HASH_END(hashState, temp); - // Don't want any other functions calling the HASH_END method - // directly. -#undef HASH_END - memcpy(dOut, &temp, dOutSize); - } - hashState->type = HASH_STATE_EMPTY; - return (UINT16)dOutSize; -} - -//*** CryptHashStart() -// Functions starts a hash stack -// Start a hash stack and returns the digest size. As a side effect, the -// value of 'stateSize' in hashState is updated to indicate the number of bytes -// of state that were saved. This function calls GetHashServer() and that function -// will put the TPM into failure mode if the hash algorithm is not supported. -// -// This function does not use the sequence parameter. If it is necessary to import -// or export context, this will start the sequence in a local state -// and export the state to the input buffer. Will need to add a flag to the state -// structure to indicate that it needs to be imported before it can be used. -// (BLEH). -// Return Type: UINT16 -// 0 hash is TPM_ALG_NULL -// >0 digest size -LIB_EXPORT UINT16 -CryptHashStart( - PHASH_STATE hashState, // OUT: the running hash state - TPM_ALG_ID hashAlg // IN: hash algorithm - ) -{ - UINT16 retVal; - - TEST(hashAlg); - - hashState->hashAlg = hashAlg; - if(hashAlg == TPM_ALG_NULL) - { - retVal = 0; - } - else - { - hashState->def = CryptGetHashDef(hashAlg); - HASH_START(hashState); - retVal = hashState->def->digestSize; - } -#undef HASH_START - hashState->type = HASH_STATE_HASH; - return retVal; -} - -//*** CryptDigestUpdate() -// Add data to a hash or HMAC, SMAC stack. -// -void -CryptDigestUpdate( - PHASH_STATE hashState, // IN: the hash context information - UINT32 dataSize, // IN: the size of data to be added - const BYTE *data // IN: data to be hashed - ) -{ - if(hashState->hashAlg != TPM_ALG_NULL) - { - if((hashState->type == HASH_STATE_HASH) - || (hashState->type == HASH_STATE_HMAC)) - HASH_DATA(hashState, dataSize, (BYTE *)data); -#if SMAC_IMPLEMENTED - else if(hashState->type == HASH_STATE_SMAC) - (hashState->state.smac.smacMethods.data)(&hashState->state.smac.state, - dataSize, data); -#endif // SMAC_IMPLEMENTED - else - FAIL(FATAL_ERROR_INTERNAL); - } - return; -} - -//*** CryptHashEnd() -// Complete a hash or HMAC computation. This function will place the smaller of -// 'digestSize' or the size of the digest in 'dOut'. The number of bytes in the -// placed in the buffer is returned. If there is a failure, the returned value -// is <= 0. -// Return Type: UINT16 -// 0 no data returned -// > 0 the number of bytes in the digest or dOutSize, whichever is smaller -LIB_EXPORT UINT16 -CryptHashEnd( - PHASH_STATE hashState, // IN: the state of hash stack - UINT32 dOutSize, // IN: size of digest buffer - BYTE *dOut // OUT: hash digest - ) -{ - pAssert(hashState->type == HASH_STATE_HASH); - return HashEnd(hashState, dOutSize, dOut); -} - -//*** CryptHashBlock() -// Start a hash, hash a single block, update 'digest' and return the size of -// the results. -// -// The 'digestSize' parameter can be smaller than the digest. If so, only the more -// significant bytes are returned. -// Return Type: UINT16 -// >= 0 number of bytes placed in 'dOut' -LIB_EXPORT UINT16 -CryptHashBlock( - TPM_ALG_ID hashAlg, // IN: The hash algorithm - UINT32 dataSize, // IN: size of buffer to hash - const BYTE *data, // IN: the buffer to hash - UINT32 dOutSize, // IN: size of the digest buffer - BYTE *dOut // OUT: digest buffer - ) -{ - HASH_STATE state; - CryptHashStart(&state, hashAlg); - CryptDigestUpdate(&state, dataSize, data); - return HashEnd(&state, dOutSize, dOut); -} - -//*** CryptDigestUpdate2B() -// This function updates a digest (hash or HMAC) with a TPM2B. -// -// This function can be used for both HMAC and hash functions so the -// 'digestState' is void so that either state type can be passed. -LIB_EXPORT void -CryptDigestUpdate2B( - PHASH_STATE state, // IN: the digest state - const TPM2B *bIn // IN: 2B containing the data - ) -{ - // Only compute the digest if a pointer to the 2B is provided. - // In CryptDigestUpdate(), if size is zero or buffer is NULL, then no change - // to the digest occurs. This function should not provide a buffer if bIn is - // not provided. - pAssert(bIn != NULL); - CryptDigestUpdate(state, bIn->size, bIn->buffer); - return; -} - -//*** CryptHashEnd2B() -// This function is the same as CryptCompleteHash() but the digest is -// placed in a TPM2B. This is the most common use and this is provided -// for specification clarity. 'digest.size' should be set to indicate the number of -// bytes to place in the buffer -// Return Type: UINT16 -// >=0 the number of bytes placed in 'digest.buffer' -LIB_EXPORT UINT16 -CryptHashEnd2B( - PHASH_STATE state, // IN: the hash state - P2B digest // IN: the size of the buffer Out: requested - // number of bytes - ) -{ - return CryptHashEnd(state, digest->size, digest->buffer); -} - -//*** CryptDigestUpdateInt() -// This function is used to include an integer value to a hash stack. The function -// marshals the integer into its canonical form before calling CryptDigestUpdate(). -LIB_EXPORT void -CryptDigestUpdateInt( - void *state, // IN: the state of hash stack - UINT32 intSize, // IN: the size of 'intValue' in bytes - UINT64 intValue // IN: integer value to be hashed - ) -{ -#if LITTLE_ENDIAN_TPM - intValue = REVERSE_ENDIAN_64(intValue); -#endif - CryptDigestUpdate(state, intSize, &((BYTE *)&intValue)[8 - intSize]); -} - -//** HMAC Functions - -//*** CryptHmacStart() -// This function is used to start an HMAC using a temp -// hash context. The function does the initialization -// of the hash with the HMAC key XOR iPad and updates the -// HMAC key XOR oPad. -// -// The function returns the number of bytes in a digest produced by 'hashAlg'. -// Return Type: UINT16 -// >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) -// -LIB_EXPORT UINT16 -CryptHmacStart( - PHMAC_STATE state, // IN/OUT: the state buffer - TPM_ALG_ID hashAlg, // IN: the algorithm to use - UINT16 keySize, // IN: the size of the HMAC key - const BYTE *key // IN: the HMAC key - ) -{ - PHASH_DEF hashDef; - BYTE * pb; - UINT32 i; -// - hashDef = CryptGetHashDef(hashAlg); - if(hashDef->digestSize != 0) - { - // If the HMAC key is larger than the hash block size, it has to be reduced - // to fit. The reduction is a digest of the hashKey. - if(keySize > hashDef->blockSize) - { - // if the key is too big, reduce it to a digest of itself - state->hmacKey.t.size = CryptHashBlock(hashAlg, keySize, key, - hashDef->digestSize, - state->hmacKey.t.buffer); - } - else - { - memcpy(state->hmacKey.t.buffer, key, keySize); - state->hmacKey.t.size = keySize; - } - // XOR the key with iPad (0x36) - pb = state->hmacKey.t.buffer; - for(i = state->hmacKey.t.size; i > 0; i--) - *pb++ ^= 0x36; - - // if the keySize is smaller than a block, fill the rest with 0x36 - for(i = hashDef->blockSize - state->hmacKey.t.size; i > 0; i--) - *pb++ = 0x36; - - // Increase the oPadSize to a full block - state->hmacKey.t.size = hashDef->blockSize; - - // Start a new hash with the HMAC key - // This will go in the caller's state structure and may be a sequence or not - CryptHashStart((PHASH_STATE)state, hashAlg); - CryptDigestUpdate((PHASH_STATE)state, state->hmacKey.t.size, - state->hmacKey.t.buffer); - // XOR the key block with 0x5c ^ 0x36 - for(pb = state->hmacKey.t.buffer, i = hashDef->blockSize; i > 0; i--) - *pb++ ^= (0x5c ^ 0x36); - } - // Set the hash algorithm - state->hashState.hashAlg = hashAlg; - // Set the hash state type - state->hashState.type = HASH_STATE_HMAC; - - return hashDef->digestSize; -} - -//*** CryptHmacEnd() -// This function is called to complete an HMAC. It will finish the current -// digest, and start a new digest. It will then add the oPadKey and the -// completed digest and return the results in dOut. It will not return more -// than dOutSize bytes. -// Return Type: UINT16 -// >= 0 number of bytes in 'dOut' (may be zero) -LIB_EXPORT UINT16 -CryptHmacEnd( - PHMAC_STATE state, // IN: the hash state buffer - UINT32 dOutSize, // IN: size of digest buffer - BYTE *dOut // OUT: hash digest - ) -{ - BYTE temp[MAX_DIGEST_SIZE]; - PHASH_STATE hState = (PHASH_STATE)&state->hashState; - -#if SMAC_IMPLEMENTED - if(hState->type == HASH_STATE_SMAC) - return (state->hashState.state.smac.smacMethods.end) - (&state->hashState.state.smac.state, - dOutSize, - dOut); -#endif - pAssert(hState->type == HASH_STATE_HMAC); - hState->def = CryptGetHashDef(hState->hashAlg); - // Change the state type for completion processing - hState->type = HASH_STATE_HASH; - if(hState->hashAlg == TPM_ALG_NULL) - dOutSize = 0; - else - { - - // Complete the current hash - HashEnd(hState, hState->def->digestSize, temp); - // Do another hash starting with the oPad - CryptHashStart(hState, hState->hashAlg); - CryptDigestUpdate(hState, state->hmacKey.t.size, state->hmacKey.t.buffer); - CryptDigestUpdate(hState, hState->def->digestSize, temp); - } - return HashEnd(hState, dOutSize, dOut); -} - -//*** CryptHmacStart2B() -// This function starts an HMAC and returns the size of the digest -// that will be produced. -// -// This function is provided to support the most common use of starting an HMAC -// with a TPM2B key. -// -// The caller must provide a block of memory in which the hash sequence state -// is kept. The caller should not alter the contents of this buffer until the -// hash sequence is completed or abandoned. -// -// Return Type: UINT16 -// > 0 the digest size of the algorithm -// = 0 the hashAlg was TPM_ALG_NULL -LIB_EXPORT UINT16 -CryptHmacStart2B( - PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used - // in HMAC update and completion - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - P2B key // IN: HMAC key - ) -{ - return CryptHmacStart(hmacState, hashAlg, key->size, key->buffer); -} - -//*** CryptHmacEnd2B() -// This function is the same as CryptHmacEnd() but the HMAC result -// is returned in a TPM2B which is the most common use. -// Return Type: UINT16 -// >=0 the number of bytes placed in 'digest' -LIB_EXPORT UINT16 -CryptHmacEnd2B( - PHMAC_STATE hmacState, // IN: the state of HMAC stack - P2B digest // OUT: HMAC - ) -{ - return CryptHmacEnd(hmacState, digest->size, digest->buffer); -} - -//** Mask and Key Generation Functions -//*** CryptMGF1() -// This function performs MGF1 using the selected hash. MGF1 is -// T(n) = T(n-1) || H(seed || counter). -// This function returns the length of the mask produced which -// could be zero if the digest algorithm is not supported -// Return Type: UINT16 -// 0 hash algorithm was TPM_ALG_NULL -// > 0 should be the same as 'mSize' -LIB_EXPORT UINT16 -CryptMGF1( - UINT32 mSize, // IN: length of the mask to be produced - BYTE *mask, // OUT: buffer to receive the mask - TPM_ALG_ID hashAlg, // IN: hash to use - UINT32 seedSize, // IN: size of the seed - BYTE *seed // IN: seed size - ) -{ - HASH_STATE hashState; - PHASH_DEF hDef = CryptGetHashDef(hashAlg); - UINT32 remaining; - UINT32 counter = 0; - BYTE swappedCounter[4]; - - // If there is no digest to compute return - if((hashAlg == TPM_ALG_NULL) || (mSize == 0)) - return 0; - - for(remaining = mSize; ; remaining -= hDef->digestSize) - { - // Because the system may be either Endian... - UINT32_TO_BYTE_ARRAY(counter, swappedCounter); - - // Start the hash and include the seed and counter - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate(&hashState, seedSize, seed); - CryptDigestUpdate(&hashState, 4, swappedCounter); - - // Handling the completion depends on how much space remains in the mask - // buffer. If it can hold the entire digest, put it there. If not - // put the digest in a temp buffer and only copy the amount that - // will fit into the mask buffer. - HashEnd(&hashState, remaining, mask); - if(remaining <= hDef->digestSize) - break; - mask = &mask[hDef->digestSize]; - counter++; - } - return (UINT16)mSize; -} - -//*** CryptKDFa() -// This function performs the key generation according to Part 1 of the -// TPM specification. -// -// This function returns the number of bytes generated which may be zero. -// -// The 'key' and 'keyStream' pointers are not allowed to be NULL. The other -// pointer values may be NULL. The value of 'sizeInBits' must be no larger -// than (2^18)-1 = 256K bits (32385 bytes). -// -// The 'once' parameter is set to allow incremental generation of a large -// value. If this flag is TRUE, 'sizeInBits' will be used in the HMAC computation -// but only one iteration of the KDF is performed. This would be used for -// XOR obfuscation so that the mask value can be generated in digest-sized -// chunks rather than having to be generated all at once in an arbitrarily -// large buffer and then XORed into the result. If 'once' is TRUE, then -// 'sizeInBits' must be a multiple of 8. -// -// Any error in the processing of this command is considered fatal. -// Return Type: UINT16 -// 0 hash algorithm is not supported or is TPM_ALG_NULL -// > 0 the number of bytes in the 'keyStream' buffer -LIB_EXPORT UINT16 -CryptKDFa( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - const TPM2B *key, // IN: HMAC key - const TPM2B *label, // IN: a label for the KDF - const TPM2B *contextU, // IN: context U - const TPM2B *contextV, // IN: context V - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE *keyStream, // OUT: key buffer - UINT32 *counterInOut, // IN/OUT: caller may provide the iteration - // counter for incremental operations to - // avoid large intermediate buffers. - UINT16 blocks // IN: If non-zero, this is the maximum number - // of blocks to be returned, regardless - // of sizeInBits - ) -{ - UINT32 counter = 0; // counter value - INT16 bytes; // number of bytes to produce - UINT16 generated; // number of bytes generated - BYTE *stream = keyStream; - HMAC_STATE hState; - UINT16 digestSize = CryptHashGetDigestSize(hashAlg); - - pAssert(key != NULL && keyStream != NULL); - - TEST(TPM_ALG_KDF1_SP800_108); - - if(digestSize == 0) - return 0; - - if(counterInOut != NULL) - counter = *counterInOut; - - // If the size of the request is larger than the numbers will handle, - // it is a fatal error. - pAssert(((sizeInBits + 7) / 8) <= INT16_MAX); - - // The number of bytes to be generated is the smaller of the sizeInBits bytes or - // the number of requested blocks. The number of blocks is the smaller of the - // number requested or the number allowed by sizeInBits. A partial block is - // a full block. - bytes = (blocks > 0) ? blocks * digestSize : (UINT16)BITS_TO_BYTES(sizeInBits); - generated = bytes; - - // Generate required bytes - for(; bytes > 0; bytes -= digestSize) - { - counter++; - // Start HMAC - if(CryptHmacStart(&hState, hashAlg, key->size, key->buffer) == 0) - return 0; - // Adding counter - CryptDigestUpdateInt(&hState.hashState, 4, counter); - - // Adding label - if(label != NULL) - HASH_DATA(&hState.hashState, label->size, (BYTE *)label->buffer); - // Add a null. SP108 is not very clear about when the 0 is needed but to - // make this like the previous version that did not add an 0x00 after - // a null-terminated string, this version will only add a null byte - // if the label parameter did not end in a null byte, or if no label - // is present. - if((label == NULL) - || (label->size == 0) - || (label->buffer[label->size - 1] != 0)) - CryptDigestUpdateInt(&hState.hashState, 1, 0); - // Adding contextU - if(contextU != NULL) - HASH_DATA(&hState.hashState, contextU->size, contextU->buffer); - // Adding contextV - if(contextV != NULL) - HASH_DATA(&hState.hashState, contextV->size, contextV->buffer); - // Adding size in bits - CryptDigestUpdateInt(&hState.hashState, 4, sizeInBits); - - // Complete and put the data in the buffer - CryptHmacEnd(&hState, bytes, stream); - stream = &stream[digestSize]; - } - // Masking in the KDF is disabled. If the calling function wants something - // less than even number of bytes, then the caller should do the masking - // because there is no universal way to do it here - if(counterInOut != NULL) - *counterInOut = counter; - return generated; -} - -//*** CryptKDFe() -// This function implements KDFe() as defined in TPM specification part 1. -// -// This function returns the number of bytes generated which may be zero. -// -// The 'Z' and 'keyStream' pointers are not allowed to be NULL. The other -// pointer values may be NULL. The value of 'sizeInBits' must be no larger -// than (2^18)-1 = 256K bits (32385 bytes). -// Any error in the processing of this command is considered fatal. -// Return Type: UINT16 -// 0 hash algorithm is not supported or is TPM_ALG_NULL -// > 0 the number of bytes in the 'keyStream' buffer -// -LIB_EXPORT UINT16 -CryptKDFe( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - TPM2B *Z, // IN: Z - const TPM2B *label, // IN: a label value for the KDF - TPM2B *partyUInfo, // IN: PartyUInfo - TPM2B *partyVInfo, // IN: PartyVInfo - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE *keyStream // OUT: key buffer - ) -{ - HASH_STATE hashState; - PHASH_DEF hashDef = CryptGetHashDef(hashAlg); - - UINT32 counter = 0; // counter value - UINT16 hLen; - BYTE *stream = keyStream; - INT16 bytes; // number of bytes to generate - - pAssert(keyStream != NULL && Z != NULL && ((sizeInBits + 7) / 8) < INT16_MAX); -// - hLen = hashDef->digestSize; - bytes = (INT16)((sizeInBits + 7) / 8); - if(hashAlg == TPM_ALG_NULL || bytes == 0) - return 0; - - // Generate required bytes - //The inner loop of that KDF uses: - // Hash[i] := H(counter | Z | OtherInfo) (5) - // Where: - // Hash[i] the hash generated on the i-th iteration of the loop. - // H() an approved hash function - // counter a 32-bit counter that is initialized to 1 and incremented - // on each iteration - // Z the X coordinate of the product of a public ECC key and a - // different private ECC key. - // OtherInfo a collection of qualifying data for the KDF defined below. - // In this specification, OtherInfo will be constructed by: - // OtherInfo := Use | PartyUInfo | PartyVInfo - for(; bytes > 0; stream = &stream[hLen], bytes = bytes - hLen) - { - if(bytes < hLen) - hLen = bytes; - counter++; - // Do the hash - CryptHashStart(&hashState, hashAlg); - // Add counter - CryptDigestUpdateInt(&hashState, 4, counter); - - // Add Z - if(Z != NULL) - CryptDigestUpdate2B(&hashState, Z); - // Add label - if(label != NULL) - CryptDigestUpdate2B(&hashState, label); - // Add a null. SP108 is not very clear about when the 0 is needed but to - // make this like the previous version that did not add an 0x00 after - // a null-terminated string, this version will only add a null byte - // if the label parameter did not end in a null byte, or if no label - // is present. - if((label == NULL) - || (label->size == 0) - || (label->buffer[label->size - 1] != 0)) - CryptDigestUpdateInt(&hashState, 1, 0); - // Add PartyUInfo - if(partyUInfo != NULL) - CryptDigestUpdate2B(&hashState, partyUInfo); - - // Add PartyVInfo - if(partyVInfo != NULL) - CryptDigestUpdate2B(&hashState, partyVInfo); - - // Compute Hash. hLen was changed to be the smaller of bytes or hLen - // at the start of each iteration. - CryptHashEnd(&hashState, hLen, stream); - } - - // Mask off bits if the required bits is not a multiple of byte size - if((sizeInBits % 8) != 0) - keyStream[0] &= ((1 << (sizeInBits % 8)) - 1); - - return (UINT16)((sizeInBits + 7) / 8); -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c deleted file mode 100644 index 14af46216..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c +++ /dev/null @@ -1,385 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the code for prime validation. - -#include "Tpm.h" -#include "CryptPrime_fp.h" - -//#define CPRI_PRIME -//#include "PrimeTable.h" - -#include "CryptPrimeSieve_fp.h" - -extern const uint32_t s_LastPrimeInTable; -extern const uint32_t s_PrimeTableSize; -extern const uint32_t s_PrimesInTable; -extern const unsigned char s_PrimeTable[]; -extern bigConst s_CompositeOfSmallPrimes; - -//** Functions - -//*** Root2() -// This finds ceil(sqrt(n)) to use as a stopping point for searching the prime -// table. -static uint32_t -Root2( - uint32_t n - ) -{ - int32_t last = (int32_t)(n >> 2); - int32_t next = (int32_t)(n >> 1); - int32_t diff; - int32_t stop = 10; -// - // get a starting point - for(; next != 0; last >>= 1, next >>= 2); - last++; - do - { - next = (last + (n / last)) >> 1; - diff = next - last; - last = next; - if(stop-- == 0) - FAIL(FATAL_ERROR_INTERNAL); - } while(diff < -1 || diff > 1); - if((n / next) > (unsigned)next) - next++; - pAssert(next != 0); - pAssert(((n / next) <= (unsigned)next) && (n / (next + 1) < (unsigned)next)); - return next; -} - -//*** IsPrimeInt() -// This will do a test of a word of up to 32-bits in size. -BOOL -IsPrimeInt( - uint32_t n - ) -{ - uint32_t i; - uint32_t stop; - if(n < 3 || ((n & 1) == 0)) - return (n == 2); - if(n <= s_LastPrimeInTable) - { - n >>= 1; - return ((s_PrimeTable[n >> 3] >> (n & 7)) & 1); - } - // Need to search - stop = Root2(n) >> 1; - // starting at 1 is equivalent to staring at (1 << 1) + 1 = 3 - for(i = 1; i < stop; i++) - { - if((s_PrimeTable[i >> 3] >> (i & 7)) & 1) - // see if this prime evenly divides the number - if((n % ((i << 1) + 1)) == 0) - return FALSE; - } - return TRUE; -} - -//*** BnIsProbablyPrime() -// This function is used when the key sieve is not implemented. This function -// Will try to eliminate some of the obvious things before going on -// to perform MillerRabin as a final verification of primeness. -BOOL -BnIsProbablyPrime( - bigNum prime, // IN: - RAND_STATE *rand // IN: the random state just - // in case Miller-Rabin is required - ) -{ -#if RADIX_BITS > 32 - if(BnUnsignedCmpWord(prime, UINT32_MAX) <= 0) -#else - if(BnGetSize(prime) == 1) -#endif - return IsPrimeInt((uint32_t)prime->d[0]); - - if(BnIsEven(prime)) - return FALSE; - if(BnUnsignedCmpWord(prime, s_LastPrimeInTable) <= 0) - { - crypt_uword_t temp = prime->d[0] >> 1; - return ((s_PrimeTable[temp >> 3] >> (temp & 7)) & 1); - } - { - BN_VAR(n, LARGEST_NUMBER_BITS); - BnGcd(n, prime, s_CompositeOfSmallPrimes); - if(!BnEqualWord(n, 1)) - return FALSE; - } - return MillerRabin(prime, rand); -} - -//*** MillerRabinRounds() -// Function returns the number of Miller-Rabin rounds necessary to give an -// error probability equal to the security strength of the prime. These values -// are from FIPS 186-3. -UINT32 -MillerRabinRounds( - UINT32 bits // IN: Number of bits in the RSA prime - ) -{ - if(bits < 511) return 8; // don't really expect this - if(bits < 1536) return 5; // for 512 and 1K primes - return 4; // for 3K public modulus and greater -} - -//*** MillerRabin() -// This function performs a Miller-Rabin test from FIPS 186-3. It does -// 'iterations' trials on the number. In all likelihood, if the number -// is not prime, the first test fails. -// Return Type: BOOL -// TRUE(1) probably prime -// FALSE(0) composite -BOOL -MillerRabin( - bigNum bnW, - RAND_STATE *rand - ) -{ - BN_MAX(bnWm1); - BN_PRIME(bnM); - BN_PRIME(bnB); - BN_PRIME(bnZ); - BOOL ret = FALSE; // Assumed composite for easy exit - unsigned int a; - unsigned int j; - int wLen; - int i; - int iterations = MillerRabinRounds(BnSizeInBits(bnW)); -// - INSTRUMENT_INC(MillerRabinTrials[PrimeIndex]); - - pAssert(bnW->size > 1); - // Let a be the largest integer such that 2^a divides w1. - BnSubWord(bnWm1, bnW, 1); - pAssert(bnWm1->size != 0); - - // Since w is odd (w-1) is even so start at bit number 1 rather than 0 - // Get the number of bits in bnWm1 so that it doesn't have to be recomputed - // on each iteration. - i = (int)(bnWm1->size * RADIX_BITS); - // Now find the largest power of 2 that divides w1 - for(a = 1; - (a < (bnWm1->size * RADIX_BITS)) && - (BnTestBit(bnWm1, a) == 0); - a++); - // 2. m = (w1) / 2^a - BnShiftRight(bnM, bnWm1, a); - // 3. wlen = len (w). - wLen = BnSizeInBits(bnW); - // 4. For i = 1 to iterations do - for(i = 0; i < iterations; i++) - { - // 4.1 Obtain a string b of wlen bits from an RBG. - // Ensure that 1 < b < w1. - // 4.2 If ((b <= 1) or (b >= w1)), then go to step 4.1. - while(BnGetRandomBits(bnB, wLen, rand) && ((BnUnsignedCmpWord(bnB, 1) <= 0) - || (BnUnsignedCmp(bnB, bnWm1) >= 0))); - if(g_inFailureMode) - return FALSE; - - // 4.3 z = b^m mod w. - // if ModExp fails, then say this is not - // prime and bail out. - BnModExp(bnZ, bnB, bnM, bnW); - - // 4.4 If ((z == 1) or (z = w == 1)), then go to step 4.7. - if((BnUnsignedCmpWord(bnZ, 1) == 0) - || (BnUnsignedCmp(bnZ, bnWm1) == 0)) - goto step4point7; - // 4.5 For j = 1 to a 1 do. - for(j = 1; j < a; j++) - { - // 4.5.1 z = z^2 mod w. - BnModMult(bnZ, bnZ, bnZ, bnW); - // 4.5.2 If (z = w1), then go to step 4.7. - if(BnUnsignedCmp(bnZ, bnWm1) == 0) - goto step4point7; - // 4.5.3 If (z = 1), then go to step 4.6. - if(BnEqualWord(bnZ, 1)) - goto step4point6; - } - // 4.6 Return COMPOSITE. -step4point6: - INSTRUMENT_INC(failedAtIteration[i]); - goto end; - // 4.7 Continue. Comment: Increment i for the do-loop in step 4. -step4point7: - continue; - } - // 5. Return PROBABLY PRIME - ret = TRUE; -end: - return ret; -} - -#if ALG_RSA - -//*** RsaCheckPrime() -// This will check to see if a number is prime and appropriate for an -// RSA prime. -// -// This has different functionality based on whether we are using key -// sieving or not. If not, the number checked to see if it is divisible by -// the public exponent, then the number is adjusted either up or down -// in order to make it a better candidate. It is then checked for being -// probably prime. -// -// If sieving is used, the number is used to root a sieving process. -// -TPM_RC -RsaCheckPrime( - bigNum prime, - UINT32 exponent, - RAND_STATE *rand - ) -{ -#if !RSA_KEY_SIEVE - TPM_RC retVal = TPM_RC_SUCCESS; - UINT32 modE = BnModWord(prime, exponent); - - NOT_REFERENCED(rand); - - if(modE == 0) - // evenly divisible so add two keeping the number odd - BnAddWord(prime, prime, 2); - // want 0 != (p - 1) mod e - // which is 1 != p mod e - else if(modE == 1) - // subtract 2 keeping number odd and insuring that - // 0 != (p - 1) mod e - BnSubWord(prime, prime, 2); - - if(BnIsProbablyPrime(prime, rand) == 0) - ERROR_RETURN(g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_VALUE); -Exit: - return retVal; -#else - return PrimeSelectWithSieve(prime, exponent, rand); -#endif -} - -//*** AdjustPrimeCandiate() -// For this math, we assume that the RSA numbers are fixed-point numbers with -// the decimal point to the "left" of the most significant bit. This approach helps -// make it clear what is happening with the MSb of the values. -// The two RSA primes have to be large enough so that their product will be a number -// with the necessary number of significant bits. For example, we want to be able -// to multiply two 1024-bit numbers to produce a number with 2028 significant bits. If -// we accept any 1024-bit prime that has its MSb set, then it is possible to produce a -// product that does not have the MSb SET. For example, if we use tiny keys of 16 bits -// and have two 8-bit 'primes' of 0x80, then the public key would be 0x4000 which is -// only 15-bits. So, what we need to do is made sure that each of the primes is large -// enough so that the product of the primes is twice as large as each prime. A little -// arithmetic will show that the only way to do this is to make sure that each of the -// primes is no less than root(2)/2. That's what this functions does. -// This function adjusts the candidate prime so that it is odd and >= root(2)/2. -// This allows the product of these two numbers to be .5, which, in fixed point -// notation means that the most significant bit is 1. -// For this routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 -// which is, in fixed point, 0.7071075439453125 or an error of 0.000108%. Just setting -// the upper two bits would give a value > 0.75 which is an error of > 6%. Given the -// amount of time all the other computations take, reducing the error is not much of -// a cost, but it isn't totally required either. -// -// This function can be replaced with a function that just sets the two most -// significant bits of each prime candidate without introducing any computational -// issues. -// -// -LIB_EXPORT void -RsaAdjustPrimeCandidate( - bigNum prime - ) -{ - UINT32 msw; - UINT32 adjusted; - - // If the radix is 32, the compiler should turn this into a simple assignment - msw = prime->d[prime->size - 1] >> ((RADIX_BITS == 64) ? 32 : 0); - // Multiplying 0xff...f by 0x4AFB gives 0xff..f - 0xB5050...0 - adjusted = (msw >> 16) * 0x4AFB; - adjusted += ((msw & 0xFFFF) * 0x4AFB) >> 16; - adjusted += 0xB5050000UL; -#if RADIX_BITS == 64 - // Save the low-order 32 bits - prime->d[prime->size - 1] &= 0xFFFFFFFFUL; - // replace the upper 32-bits - prime->d[prime->size -1] |= ((crypt_uword_t)adjusted << 32); -#else - prime->d[prime->size - 1] = (crypt_uword_t)adjusted; -#endif - // make sure the number is odd - prime->d[0] |= 1; -} - -//***BnGeneratePrimeForRSA() -// Function to generate a prime of the desired size with the proper attributes -// for an RSA prime. -TPM_RC -BnGeneratePrimeForRSA( - bigNum prime, // IN/OUT: points to the BN that will get the - // random value - UINT32 bits, // IN: number of bits to get - UINT32 exponent, // IN: the exponent - RAND_STATE *rand // IN: the random state - ) -{ - BOOL found = FALSE; -// - // Make sure that the prime is large enough - pAssert(prime->allocated >= BITS_TO_CRYPT_WORDS(bits)); - // Only try to handle specific sizes of keys in order to save overhead - pAssert((bits % 32) == 0); - prime->size = BITS_TO_CRYPT_WORDS(bits); - while(!found) - { -// The change below is to make sure that all keys that are generated from the same -// seed value will be the same regardless of the endianess or word size of the CPU. -// DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));// old -// if(g_inFailureMode) // old - if(!BnGetRandomBits(prime, bits, rand)) // new - return TPM_RC_FAILURE; - RsaAdjustPrimeCandidate(prime); - found = RsaCheckPrime(prime, exponent, rand) == TPM_RC_SUCCESS; - } - return TPM_RC_SUCCESS; -} - -#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c deleted file mode 100644 index 6c9c0c174..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c +++ /dev/null @@ -1,571 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes and defines - -#include "Tpm.h" - -#if RSA_KEY_SIEVE - -#include "CryptPrimeSieve_fp.h" - -// This determines the number of bits in the largest sieve field. -#define MAX_FIELD_SIZE 2048 - -extern const uint32_t s_LastPrimeInTable; -extern const uint32_t s_PrimeTableSize; -extern const uint32_t s_PrimesInTable; -extern const unsigned char s_PrimeTable[]; - -// This table is set of prime markers. Each entry is the prime value -// for the ((n + 1) * 1024) prime. That is, the entry in s_PrimeMarkers[1] -// is the value for the 2,048th prime. This is used in the PrimeSieve -// to adjust the limit for the prime search. When processing smaller -// prime candidates, fewer primes are checked directly before going to -// Miller-Rabin. As the prime grows, it is worth spending more time eliminating -// primes as, a) the density is lower, and b) the cost of Miller-Rabin is -// higher. -const uint32_t s_PrimeMarkersCount = 6; -const uint32_t s_PrimeMarkers[] = { - 8167, 17881, 28183, 38891, 49871, 60961 }; -uint32_t primeLimit; - -//** Functions - -//*** RsaAdjustPrimeLimit() -// This used during the sieve process. The iterator for getting the -// next prime (RsaNextPrime()) will return primes until it hits the -// limit (primeLimit) set up by this function. This causes the sieve -// process to stop when an appropriate number of primes have been -// sieved. -LIB_EXPORT void -RsaAdjustPrimeLimit( - uint32_t requestedPrimes - ) -{ - if(requestedPrimes == 0 || requestedPrimes > s_PrimesInTable) - requestedPrimes = s_PrimesInTable; - requestedPrimes = (requestedPrimes - 1) / 1024; - if(requestedPrimes < s_PrimeMarkersCount) - primeLimit = s_PrimeMarkers[requestedPrimes]; - else - primeLimit = s_LastPrimeInTable; - primeLimit >>= 1; - -} - -//*** RsaNextPrime() -// This the iterator used during the sieve process. The input is the -// last prime returned (or any starting point) and the output is the -// next higher prime. The function returns 0 when the primeLimit is -// reached. -LIB_EXPORT uint32_t -RsaNextPrime( - uint32_t lastPrime - ) -{ - if(lastPrime == 0) - return 0; - lastPrime >>= 1; - for(lastPrime += 1; lastPrime <= primeLimit; lastPrime++) - { - if(((s_PrimeTable[lastPrime >> 3] >> (lastPrime & 0x7)) & 1) == 1) - return ((lastPrime << 1) + 1); - } - return 0; -} - -// This table contains a previously sieved table. It has -// the bits for 3, 5, and 7 removed. Because of the -// factors, it needs to be aligned to 105 and has -// a repeat of 105. -const BYTE seedValues[] = { - 0x16, 0x29, 0xcb, 0xa4, 0x65, 0xda, 0x30, 0x6c, - 0x99, 0x96, 0x4c, 0x53, 0xa2, 0x2d, 0x52, 0x96, - 0x49, 0xcb, 0xb4, 0x61, 0xd8, 0x32, 0x2d, 0x99, - 0xa6, 0x44, 0x5b, 0xa4, 0x2c, 0x93, 0x96, 0x69, - 0xc3, 0xb0, 0x65, 0x5a, 0x32, 0x4d, 0x89, 0xb6, - 0x48, 0x59, 0x26, 0x2d, 0xd3, 0x86, 0x61, 0xcb, - 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x91, 0xb2, 0x4c, - 0x5a, 0xa6, 0x0d, 0xc3, 0x96, 0x69, 0xc9, 0x34, - 0x25, 0xda, 0x22, 0x65, 0x99, 0xb4, 0x4c, 0x1b, - 0x86, 0x2d, 0xd3, 0x92, 0x69, 0x4a, 0xb4, 0x45, - 0xca, 0x32, 0x69, 0x99, 0x36, 0x0c, 0x5b, 0xa6, - 0x25, 0xd3, 0x94, 0x68, 0x8b, 0x94, 0x65, 0xd2, - 0x32, 0x6d, 0x18, 0xb6, 0x4c, 0x4b, 0xa6, 0x29, - 0xd1}; - -#define USE_NIBBLE - -#ifndef USE_NIBBLE -static const BYTE bitsInByte[256] = { - 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, - 0x05, 0x06, 0x06, 0x07, 0x06, 0x07, 0x07, 0x08 -}; -#define BitsInByte(x) bitsInByte[(unsigned char)x] -#else -const BYTE bitsInNibble[16] = { - 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, - 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04}; -#define BitsInByte(x) \ - (bitsInNibble[(unsigned char)(x) & 0xf] \ - + bitsInNibble[((unsigned char)(x) >> 4) & 0xf]) -#endif - -//*** BitsInArry() -// This function counts the number of bits set in an array of bytes. -static int -BitsInArray( - const unsigned char *a, // IN: A pointer to an array of bytes - unsigned int aSize // IN: the number of bytes to sum - ) -{ - int j = 0; - for(; aSize; a++, aSize--) - j += BitsInByte(*a); - return j; -} - -//*** FindNthSetBit() -// This function finds the nth SET bit in a bit array. The 'n' parameter is -// between 1 and the number of bits in the array (always a multiple of 8). -// If called when the array does not have n bits set, it will return -1 -// Return Type: unsigned int -// <0 no bit is set or no bit with the requested number is set -// >=0 the number of the bit in the array that is the nth set -LIB_EXPORT int -FindNthSetBit( - const UINT16 aSize, // IN: the size of the array to check - const BYTE *a, // IN: the array to check - const UINT32 n // IN, the number of the SET bit - ) -{ - UINT16 i; - int retValue; - UINT32 sum = 0; - BYTE sel; - - //find the bit - for(i = 0; (i < (int)aSize) && (sum < n); i++) - sum += BitsInByte(a[i]); - i--; - // The chosen bit is in the byte that was just accessed - // Compute the offset to the start of that byte - retValue = i * 8 - 1; - sel = a[i]; - // Subtract the bits in the last byte added. - sum -= BitsInByte(sel); - // Now process the byte, one bit at a time. - for(; (sel != 0) && (sum != n); retValue++, sel = sel >> 1) - sum += (sel & 1) != 0; - return (sum == n) ? retValue : -1; -} - -typedef struct -{ - UINT16 prime; - UINT16 count; -} SIEVE_MARKS; - -const SIEVE_MARKS sieveMarks[5] = { - {31, 7}, {73, 5}, {241, 4}, {1621, 3}, {UINT16_MAX, 2}}; - - -//*** PrimeSieve() -// This function does a prime sieve over the input 'field' which has as its -// starting address the value in bnN. Since this initializes the Sieve -// using a precomputed field with the bits associated with 3, 5 and 7 already -// turned off, the value of pnN may need to be adjusted by a few counts to allow -// the precomputed field to be used without modification. -// -// To get better performance, one could address the issue of developing the -// composite numbers. When the size of the prime gets large, the time for doing -// the divisions goes up, noticeably. It could be better to develop larger composite -// numbers even if they need to be bigNum's themselves. The object would be to -// reduce the number of times that the large prime is divided into a few large -// divides and then use smaller divides to get to the final 16 bit (or smaller) -// remainders. -LIB_EXPORT UINT32 -PrimeSieve( - bigNum bnN, // IN/OUT: number to sieve - UINT32 fieldSize, // IN: size of the field area in bytes - BYTE *field // IN: field - ) -{ - UINT32 i; - UINT32 j; - UINT32 fieldBits = fieldSize * 8; - UINT32 r; - BYTE *pField; - INT32 iter; - UINT32 adjust; - UINT32 mark = 0; - UINT32 count = sieveMarks[0].count; - UINT32 stop = sieveMarks[0].prime; - UINT32 composite; - UINT32 pList[8]; - UINT32 next; - - pAssert(field != NULL && bnN != NULL); - - // If the remainder is odd, then subtracting the value will give an even number, - // but we want an odd number, so subtract the 105+rem. Otherwise, just subtract - // the even remainder. - adjust = (UINT32)BnModWord(bnN, 105); - if(adjust & 1) - adjust += 105; - - // Adjust the input number so that it points to the first number in a - // aligned field. - BnSubWord(bnN, bnN, adjust); -// pAssert(BnModWord(bnN, 105) == 0); - pField = field; - for(i = fieldSize; i >= sizeof(seedValues); - pField += sizeof(seedValues), i -= sizeof(seedValues)) - { - memcpy(pField, seedValues, sizeof(seedValues)); - } - if(i != 0) - memcpy(pField, seedValues, i); - - // Cycle through the primes, clearing bits - // Have already done 3, 5, and 7 - iter = 7; - -#define NEXT_PRIME(iter) (iter = RsaNextPrime(iter)) - // Get the next N primes where N is determined by the mark in the sieveMarks - while((composite = NEXT_PRIME(iter)) != 0) - { - next = 0; - i = count; - pList[i--] = composite; - for(; i > 0; i--) - { - next = NEXT_PRIME(iter); - pList[i] = next; - if(next != 0) - composite *= next; - } - // Get the remainder when dividing the base field address - // by the composite - composite = (UINT32)BnModWord(bnN, composite); - // 'composite' is divisible by the composite components. for each of the - // composite components, divide 'composite'. That remainder (r) is used to - // pick a starting point for clearing the array. The stride is equal to the - // composite component. Note, the field only contains odd numbers. If the - // field were expanded to contain all numbers, then half of the bits would - // have already been cleared. We can save the trouble of clearing them a - // second time by having a stride of 2*next. Or we can take all of the even - // numbers out of the field and use a stride of 'next' - for(i = count; i > 0; i--) - { - next = pList[i]; - if(next == 0) - goto done; - r = composite % next; - // these computations deal with the fact that we have picked a field-sized - // range that is aligned to a 105 count boundary. The problem is, this field - // only contains odd numbers. If we take our prime guess and walk through all - // the numbers using that prime as the 'stride', then every other 'stride' is - // going to be an even number. So, we are actually counting by 2 * the stride - // We want the count to start on an odd number at the start of our field. That - // is, we want to assume that we have counted up to the edge of the field by - // the 'stride' and now we are going to start flipping bits in the field as we - // continue to count up by 'stride'. If we take the base of our field and - // divide by the stride, we find out how much we find out how short the last - // count was from reaching the edge of the bit field. Say we get a quotient of - // 3 and remainder of 1. This means that after 3 strides, we are 1 short of - // the start of the field and the next stride will either land within the - // field or step completely over it. The confounding factor is that our field - // only contains odd numbers and our stride is actually 2 * stride. If the - // quoitent is even, then that means that when we add 2 * stride, we are going - // to hit another even number. So, we have to know if we need to back off - // by 1 stride before we start couting by 2 * stride. - // We can tell from the remainder whether we are on an even or odd - // stride when we hit the beginning of the table. If we are on an odd stride - // (r & 1), we would start half a stride in (next - r)/2. If we are on an - // even stride, we need 0.5 strides (next - r/2) because the table only has - // odd numbers. If the remainder happens to be zero, then the start of the - // table is on stride so no adjustment is necessary. - if(r & 1) j = (next - r) / 2; - else if(r == 0) j = 0; - else j = next - (r / 2); - for(; j < fieldBits; j += next) - ClearBit(j, field, fieldSize); - } - if(next >= stop) - { - mark++; - count = sieveMarks[mark].count; - stop = sieveMarks[mark].prime; - } - } -done: - INSTRUMENT_INC(totalFieldsSieved[PrimeIndex]); - i = BitsInArray(field, fieldSize); - INSTRUMENT_ADD(bitsInFieldAfterSieve[PrimeIndex], i); - INSTRUMENT_ADD(emptyFieldsSieved[PrimeIndex], (i == 0)); - return i; -} - - - -#ifdef SIEVE_DEBUG -static uint32_t fieldSize = 210; - -//***SetFieldSize() -// Function to set the field size used for prime generation. Used for tuning. -LIB_EXPORT uint32_t -SetFieldSize( - uint32_t newFieldSize - ) -{ - if(newFieldSize == 0 || newFieldSize > MAX_FIELD_SIZE) - fieldSize = MAX_FIELD_SIZE; - else - fieldSize = newFieldSize; - return fieldSize; -} -#endif // SIEVE_DEBUG - -//*** PrimeSelectWithSieve() -// This function will sieve the field around the input prime candidate. If the -// sieve field is not empty, one of the one bits in the field is chosen for testing -// with Miller-Rabin. If the value is prime, 'pnP' is updated with this value -// and the function returns success. If this value is not prime, another -// pseudo-random candidate is chosen and tested. This process repeats until -// all values in the field have been checked. If all bits in the field have -// been checked and none is prime, the function returns FALSE and a new random -// value needs to be chosen. -// Return Type: TPM_RC -// TPM_RC_FAILURE TPM in failure mode, probably due to entropy source -// TPM_RC_SUCCESS candidate is probably prime -// TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative -// in the field -LIB_EXPORT TPM_RC -PrimeSelectWithSieve( - bigNum candidate, // IN/OUT: The candidate to filter - UINT32 e, // IN: the exponent - RAND_STATE *rand // IN: the random number generator state - ) -{ - BYTE field[MAX_FIELD_SIZE]; - UINT32 first; - UINT32 ones; - INT32 chosen; - BN_PRIME(test); - UINT32 modE; -#ifndef SIEVE_DEBUG - UINT32 fieldSize = MAX_FIELD_SIZE; -#endif - UINT32 primeSize; -// - // Adjust the field size and prime table list to fit the size of the prime - // being tested. This is done to try to optimize the trade-off between the - // dividing done for sieving and the time for Miller-Rabin. When the size - // of the prime is large, the cost of Miller-Rabin is fairly high, as is the - // cost of the sieving. However, the time for Miller-Rabin goes up considerably - // faster than the cost of dividing by a number of primes. - primeSize = BnSizeInBits(candidate); - - if(primeSize <= 512) - { - RsaAdjustPrimeLimit(1024); // Use just the first 1024 primes - } - else if(primeSize <= 1024) - { - RsaAdjustPrimeLimit(4096); // Use just the first 4K primes - } - else - { - RsaAdjustPrimeLimit(0); // Use all available - } - - // Save the low-order word to use as a search generator and make sure that - // it has some interesting range to it - first = (UINT32)(candidate->d[0] | 0x80000000); - - // Sieve the field - ones = PrimeSieve(candidate, fieldSize, field); - pAssert(ones > 0 && ones < (fieldSize * 8)); - for(; ones > 0; ones--) - { - // Decide which bit to look at and find its offset - chosen = FindNthSetBit((UINT16)fieldSize, field, ((first % ones) + 1)); - - if((chosen < 0) || (chosen >= (INT32)(fieldSize * 8))) - FAIL(FATAL_ERROR_INTERNAL); - - // Set this as the trial prime - BnAddWord(test, candidate, (crypt_uword_t)(chosen * 2)); - - // The exponent might not have been one of the tested primes so - // make sure that it isn't divisible and make sure that 0 != (p-1) mod e - // Note: This is the same as 1 != p mod e - modE = (UINT32)BnModWord(test, e); - if((modE != 0) && (modE != 1) && MillerRabin(test, rand)) - { - BnCopy(candidate, test); - return TPM_RC_SUCCESS; - } - // Clear the bit just tested - ClearBit(chosen, field, fieldSize); - } - // Ran out of bits and couldn't find a prime in this field - INSTRUMENT_INC(noPrimeFields[PrimeIndex]); - return (g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_NO_RESULT); -} - -#if RSA_INSTRUMENT -static char a[256]; - -//*** PrintTuple() -char * -PrintTuple( - UINT32 *i - ) -{ - sprintf(a, "{%d, %d, %d}", i[0], i[1], i[2]); - return a; -} - -#define CLEAR_VALUE(x) memset(x, 0, sizeof(x)) - -//*** RsaSimulationEnd() -void -RsaSimulationEnd( - void - ) -{ - int i; - UINT32 averages[3]; - UINT32 nonFirst = 0; - if((PrimeCounts[0] + PrimeCounts[1] + PrimeCounts[2]) != 0) - { - printf("Primes generated = %s\n", PrintTuple(PrimeCounts)); - printf("Fields sieved = %s\n", PrintTuple(totalFieldsSieved)); - printf("Fields with no primes = %s\n", PrintTuple(noPrimeFields)); - printf("Primes checked with Miller-Rabin = %s\n", - PrintTuple(MillerRabinTrials)); - for(i = 0; i < 3; i++) - averages[i] = (totalFieldsSieved[i] - != 0 ? bitsInFieldAfterSieve[i] / totalFieldsSieved[i] - : 0); - printf("Average candidates in field %s\n", PrintTuple(averages)); - for(i = 1; i < (sizeof(failedAtIteration) / sizeof(failedAtIteration[0])); - i++) - nonFirst += failedAtIteration[i]; - printf("Miller-Rabin failures not in first round = %d\n", nonFirst); - - } - CLEAR_VALUE(PrimeCounts); - CLEAR_VALUE(totalFieldsSieved); - CLEAR_VALUE(noPrimeFields); - CLEAR_VALUE(MillerRabinTrials); - CLEAR_VALUE(bitsInFieldAfterSieve); -} - -//*** GetSieveStats() -LIB_EXPORT void -GetSieveStats( - uint32_t *trials, - uint32_t *emptyFields, - uint32_t *averageBits - ) -{ - uint32_t totalBits; - uint32_t fields; - *trials = MillerRabinTrials[0] + MillerRabinTrials[1] + MillerRabinTrials[2]; - *emptyFields = noPrimeFields[0] + noPrimeFields[1] + noPrimeFields[2]; - fields = totalFieldsSieved[0] + totalFieldsSieved[1] - + totalFieldsSieved[2]; - totalBits = bitsInFieldAfterSieve[0] + bitsInFieldAfterSieve[1] - + bitsInFieldAfterSieve[2]; - if(fields != 0) - *averageBits = totalBits / fields; - else - *averageBits = 0; - CLEAR_VALUE(PrimeCounts); - CLEAR_VALUE(totalFieldsSieved); - CLEAR_VALUE(noPrimeFields); - CLEAR_VALUE(MillerRabinTrials); - CLEAR_VALUE(bitsInFieldAfterSieve); - -} -#endif - -#endif // RSA_KEY_SIEVE - -#if !RSA_INSTRUMENT - -//*** RsaSimulationEnd() -// Stub for call when not doing instrumentation. -void -RsaSimulationEnd( - void - ) -{ - return; -} -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c deleted file mode 100644 index c41eb41af..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c +++ /dev/null @@ -1,950 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file implements a DRBG with a behavior according to SP800-90A using -// a block cypher. This is also compliant to ISO/IEC 18031:2011(E) C.3.2. -// -// A state structure is created for use by TPM.lib and functions -// within the CryptoEngine my use their own state structures when they need to have -// deterministic values. -// -// A debug mode is available that allows the random numbers generated for TPM.lib -// to be repeated during runs of the simulator. The switch for it is in -// TpmBuildSwitches.h. It is USE_DEBUG_RNG. -// -// -// This is the implementation layer of CTR DRGB mechanism as defined in SP800-90A -// and the functions are organized as closely as practical to the organization in -// SP800-90A. It is intended to be compiled as a separate module that is linked -// with a secure application so that both reside inside the same boundary -// [SP 800-90A 8.5]. The secure application in particular manages the accesses -// protected storage for the state of the DRBG instantiations, and supplies the -// implementation functions here with a valid pointer to the working state of the -// given instantiations (as a DRBG_STATE structure). -// -// This DRBG mechanism implementation does not support prediction resistance. Thus -// 'prediction_resistance_flag' is omitted from Instantiate_function(), -// Reseed_function(), Generate_function() argument lists [SP 800-90A 9.1, 9.2, -// 9.3], as well as from the working state data structure DRBG_STATE [SP 800-90A -// 9.1]. -// -// This DRBG mechanism implementation always uses the highest security strength of -// available in the block ciphers. Thus 'requested_security_strength' parameter is -// omitted from Instantiate_function() and Generate_function() argument lists -// [SP 800-90A 9.1, 9.2, 9.3], as well as from the working state data structure -// DRBG_STATE [SP 800-90A 9.1]. -// -// Internal functions (ones without Crypt prefix) expect validated arguments and -// therefore use assertions instead of runtime parameter checks and mostly return -// void instead of a status value. - -#include "Tpm.h" - -// Pull in the test vector definitions and define the space -#include "PRNG_TestVectors.h" - -const BYTE DRBG_NistTestVector_Entropy[] = {DRBG_TEST_INITIATE_ENTROPY}; -const BYTE DRBG_NistTestVector_GeneratedInterm[] = - {DRBG_TEST_GENERATED_INTERM}; - -const BYTE DRBG_NistTestVector_EntropyReseed[] = - {DRBG_TEST_RESEED_ENTROPY}; -const BYTE DRBG_NistTestVector_Generated[] = {DRBG_TEST_GENERATED}; - -//** Derivation Functions -//*** Description -// The functions in this section are used to reduce the personalization input values -// to make them usable as input for reseeding and instantiation. The overall -// behavior is intended to produce the same results as described in SP800-90A, -// section 10.4.2 "Derivation Function Using a Block Cipher Algorithm -// (Block_Cipher_df)." The code is broken into several subroutines to deal with the -// fact that the data used for personalization may come in several separate blocks -// such as a Template hash and a proof value and a primary seed. - -//*** Derivation Function Defines and Structures - -#define DF_COUNT (DRBG_KEY_SIZE_WORDS / DRBG_IV_SIZE_WORDS + 1) -#if DRBG_KEY_SIZE_BITS != 128 && DRBG_KEY_SIZE_BITS != 256 -# error "CryptRand.c only written for AES with 128- or 256-bit keys." -#endif - -typedef struct -{ - DRBG_KEY_SCHEDULE keySchedule; - DRBG_IV iv[DF_COUNT]; - DRBG_IV out1; - DRBG_IV buf; - int contents; -} DF_STATE, *PDF_STATE; - -//*** DfCompute() -// This function does the incremental update of the derivation function state. It -// encrypts the 'iv' value and XOR's the results into each of the blocks of the -// output. This is equivalent to processing all of input data for each output block. -static void -DfCompute( - PDF_STATE dfState - ) -{ - int i; - int iv; - crypt_uword_t *pIv; - crypt_uword_t temp[DRBG_IV_SIZE_WORDS] = {0}; -// - for(iv = 0; iv < DF_COUNT; iv++) - { - pIv = (crypt_uword_t *)&dfState->iv[iv].words[0]; - for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) - { - temp[i] ^= pIv[i] ^ dfState->buf.words[i]; - } - DRBG_ENCRYPT(&dfState->keySchedule, &temp, pIv); - } - for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) - dfState->buf.words[i] = 0; - dfState->contents = 0; -} - -//*** DfStart() -// This initializes the output blocks with an encrypted counter value and -// initializes the key schedule. -static void -DfStart( - PDF_STATE dfState, - uint32_t inputLength - ) -{ - BYTE init[8]; - int i; - UINT32 drbgSeedSize = sizeof(DRBG_SEED); - - const BYTE dfKey[DRBG_KEY_SIZE_BYTES] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f - #if DRBG_KEY_SIZE_BYTES > 16 - ,0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - #endif - }; - memset(dfState, 0, sizeof(DF_STATE)); - DRBG_ENCRYPT_SETUP(&dfKey[0], DRBG_KEY_SIZE_BITS, &dfState->keySchedule); - // Create the first chaining values - for(i = 0; i < DF_COUNT; i++) - ((BYTE *)&dfState->iv[i])[3] = (BYTE)i; - DfCompute(dfState); - // initialize the first 64 bits of the IV in a way that doesn't depend - // on the size of the words used. - UINT32_TO_BYTE_ARRAY(inputLength, init); - UINT32_TO_BYTE_ARRAY(drbgSeedSize, &init[4]); - memcpy(&dfState->iv[0], init, 8); - dfState->contents = 4; -} - -//*** DfUpdate() -// This updates the state with the input data. A byte at a time is moved into the -// state buffer until it is full and then that block is encrypted by DfCompute(). -static void -DfUpdate( - PDF_STATE dfState, - int size, - const BYTE *data - ) -{ - while(size > 0) - { - int toFill = DRBG_IV_SIZE_BYTES - dfState->contents; - if(size < toFill) - toFill = size; - // Copy as many bytes as there are or until the state buffer is full - memcpy(&dfState->buf.bytes[dfState->contents], data, toFill); - // Reduce the size left by the amount copied - size -= toFill; - // Advance the data pointer by the amount copied - data += toFill; - // increase the buffer contents count by the amount copied - dfState->contents += toFill; - pAssert(dfState->contents <= DRBG_IV_SIZE_BYTES); - // If we have a full buffer, do a computation pass. - if(dfState->contents == DRBG_IV_SIZE_BYTES) - DfCompute(dfState); - } -} - -//*** DfEnd() -// This function is called to get the result of the derivation function computation. -// If the buffer is not full, it is padded with zeros. The output buffer is -// structured to be the same as a DRBG_SEED value so that the function can return -// a pointer to the DRBG_SEED value in the DF_STATE structure. -static DRBG_SEED * -DfEnd( - PDF_STATE dfState - ) -{ - // Since DfCompute is always called when a buffer is full, there is always - // space in the buffer for the terminator - dfState->buf.bytes[dfState->contents++] = 0x80; - // If the buffer is not full, pad with zeros - while(dfState->contents < DRBG_IV_SIZE_BYTES) - dfState->buf.bytes[dfState->contents++] = 0; - // Do a final state update - DfCompute(dfState); - return (DRBG_SEED *)&dfState->iv; -} - -//*** DfBuffer() -// Function to take an input buffer and do the derivation function to produce a -// DRBG_SEED value that can be used in DRBG_Reseed(); -static DRBG_SEED * -DfBuffer( - DRBG_SEED *output, // OUT: receives the result - int size, // IN: size of the buffer to add - BYTE *buf // IN: address of the buffer - ) -{ - DF_STATE dfState; - if(size == 0 || buf == NULL) - return NULL; - // Initialize the derivation function - DfStart(&dfState, size); - DfUpdate(&dfState, size, buf); - DfEnd(&dfState); - memcpy(output, &dfState.iv[0], sizeof(DRBG_SEED)); - return output; -} - -//*** DRBG_GetEntropy() -// Even though this implementation never fails, it may get blocked -// indefinitely long in the call to get entropy from the platform -// (DRBG_GetEntropy32()). -// This function is only used during instantiation of the DRBG for -// manufacturing and on each start-up after an non-orderly shutdown. -// Return Type: BOOL -// TRUE(1) requested entropy returned -// FALSE(0) entropy Failure -BOOL -DRBG_GetEntropy( - UINT32 requiredEntropy, // IN: requested number of bytes of full - // entropy - BYTE *entropy // OUT: buffer to return collected entropy - ) -{ -#if !USE_DEBUG_RNG - - UINT32 obtainedEntropy; - INT32 returnedEntropy; - -// If in debug mode, always use the self-test values for initialization - if(IsSelfTest()) - { -#endif - // If doing simulated DRBG, then check to see if the - // entropyFailure condition is being tested - if(!IsEntropyBad()) - { - // In self-test, the caller should be asking for exactly the seed - // size of entropy. - pAssert(requiredEntropy == sizeof(DRBG_NistTestVector_Entropy)); - memcpy(entropy, DRBG_NistTestVector_Entropy, - sizeof(DRBG_NistTestVector_Entropy)); - } -#if !USE_DEBUG_RNG - } - else if(!IsEntropyBad()) - { - // Collect entropy - // Note: In debug mode, the only "entropy" value ever returned - // is the value of the self-test vector. - for(returnedEntropy = 1, obtainedEntropy = 0; - obtainedEntropy < requiredEntropy && !IsEntropyBad(); - obtainedEntropy += returnedEntropy) - { - returnedEntropy = _plat__GetEntropy(&entropy[obtainedEntropy], - requiredEntropy - obtainedEntropy); - if(returnedEntropy <= 0) - SetEntropyBad(); - } - } -#endif - return !IsEntropyBad(); -} - -//*** IncrementIv() -// This function increments the IV value by 1. It is used by EncryptDRBG(). -void -IncrementIv( - DRBG_IV *iv - ) -{ - BYTE *ivP = ((BYTE *)iv) + DRBG_IV_SIZE_BYTES; - while((--ivP >= (BYTE *)iv) && ((*ivP = ((*ivP + 1) & 0xFF)) == 0)); -} - -//*** EncryptDRBG() -// This does the encryption operation for the DRBG. It will encrypt -// the input state counter (IV) using the state key. Into the output -// buffer for as many times as it takes to generate the required -// number of bytes. -static BOOL -EncryptDRBG( - BYTE *dOut, - UINT32 dOutBytes, - DRBG_KEY_SCHEDULE *keySchedule, - DRBG_IV *iv, - UINT32 *lastValue // Points to the last output value - ) -{ -#if FIPS_COMPLIANT -// For FIPS compliance, the DRBG has to do a continuous self-test to make sure that -// no two consecutive values are the same. This overhead is not incurred if the TPM -// is not required to be FIPS compliant -// - UINT32 temp[DRBG_IV_SIZE_BYTES / sizeof(UINT32)]; - int i; - BYTE *p; - - for(; dOutBytes > 0;) - { - // Increment the IV before each encryption (this is what makes this - // different from normal counter-mode encryption - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, temp); -// Expect a 16 byte block -#if DRBG_IV_SIZE_BITS != 128 -#error "Unsuppored IV size in DRBG" -#endif - if((lastValue[0] == temp[0]) - && (lastValue[1] == temp[1]) - && (lastValue[2] == temp[2]) - && (lastValue[3] == temp[3]) - ) - { - LOG_FAILURE(FATAL_ERROR_ENTROPY); - return FALSE; - } - lastValue[0] = temp[0]; - lastValue[1] = temp[1]; - lastValue[2] = temp[2]; - lastValue[3] = temp[3]; - i = MIN(dOutBytes, DRBG_IV_SIZE_BYTES); - dOutBytes -= i; - for(p = (BYTE *)temp; i > 0; i--) - *dOut++ = *p++; - } -#else // version without continuous self-test - NOT_REFERENCED(lastValue); - for(; dOutBytes >= DRBG_IV_SIZE_BYTES; - dOut = &dOut[DRBG_IV_SIZE_BYTES], dOutBytes -= DRBG_IV_SIZE_BYTES) - { - // Increment the IV - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, dOut); - } - // If there is a partial, generate into a block-sized - // temp buffer and copy to the output. - if(dOutBytes != 0) - { - BYTE temp[DRBG_IV_SIZE_BYTES]; - // Increment the IV - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, temp); - memcpy(dOut, temp, dOutBytes); - } -#endif - return TRUE; -} - -//*** DRBG_Update() -// This function performs the state update function. -// According to SP800-90A, a temp value is created by doing CTR mode -// encryption of 'providedData' and replacing the key and IV with -// these values. The one difference is that, with counter mode, the -// IV is incremented after each block is encrypted and in this -// operation, the counter is incremented before each block is -// encrypted. This function implements an 'optimized' version -// of the algorithm in that it does the update of the drbgState->seed -// in place and then 'providedData' is XORed into drbgState->seed -// to complete the encryption of 'providedData'. This works because -// the IV is the last thing that gets encrypted. -// -static BOOL -DRBG_Update( - DRBG_STATE *drbgState, // IN:OUT state to update - DRBG_KEY_SCHEDULE *keySchedule, // IN: the key schedule (optional) - DRBG_SEED *providedData // IN: additional data - ) -{ - UINT32 i; - BYTE *temp = (BYTE *)&drbgState->seed; - DRBG_KEY *key = pDRBG_KEY(&drbgState->seed); - DRBG_IV *iv = pDRBG_IV(&drbgState->seed); - DRBG_KEY_SCHEDULE localKeySchedule; -// - pAssert(drbgState->magic == DRBG_MAGIC); - - // If an key schedule was not provided, make one - if(keySchedule == NULL) - { - if(DRBG_ENCRYPT_SETUP((BYTE *)key, - DRBG_KEY_SIZE_BITS, &localKeySchedule) != 0) - { - LOG_FAILURE(FATAL_ERROR_INTERNAL); - return FALSE; - } - keySchedule = &localKeySchedule; - } - // Encrypt the temp value - - EncryptDRBG(temp, sizeof(DRBG_SEED), keySchedule, iv, - drbgState->lastValue); - if(providedData != NULL) - { - BYTE *pP = (BYTE *)providedData; - for(i = DRBG_SEED_SIZE_BYTES; i != 0; i--) - *temp++ ^= *pP++; - } - // Since temp points to the input key and IV, we are done and - // don't need to copy the resulting 'temp' to drbgState->seed - return TRUE; -} - -//*** DRBG_Reseed() -// This function is used when reseeding of the DRBG is required. If -// entropy is provided, it is used in lieu of using hardware entropy. -// Note: the provided entropy must be the required size. -// Return Type: BOOL -// TRUE(1) reseed succeeded -// FALSE(0) reseed failed, probably due to the entropy generation -BOOL -DRBG_Reseed( - DRBG_STATE *drbgState, // IN: the state to update - DRBG_SEED *providedEntropy, // IN: entropy - DRBG_SEED *additionalData // IN: - ) -{ - DRBG_SEED seed; - - pAssert((drbgState != NULL) && (drbgState->magic == DRBG_MAGIC)); - - if(providedEntropy == NULL) - { - providedEntropy = &seed; - if(!DRBG_GetEntropy(sizeof(DRBG_SEED), (BYTE *)providedEntropy)) - return FALSE; - } - if(additionalData != NULL) - { - unsigned int i; - - // XOR the provided data into the provided entropy - for(i = 0; i < sizeof(DRBG_SEED); i++) - ((BYTE *)providedEntropy)[i] ^= ((BYTE *)additionalData)[i]; - } - DRBG_Update(drbgState, NULL, providedEntropy); - - drbgState->reseedCounter = 1; - - return TRUE; -} - -//*** DRBG_SelfTest() -// This is run when the DRBG is instantiated and at startup -// Return Type: BOOL -// TRUE(1) test OK -// FALSE(0) test failed -BOOL -DRBG_SelfTest( - void - ) -{ - BYTE buf[sizeof(DRBG_NistTestVector_Generated)]; - DRBG_SEED seed; - UINT32 i; - BYTE *p; - DRBG_STATE testState; -// - pAssert(!IsSelfTest()); - - SetSelfTest(); - SetDrbgTested(); - // Do an instantiate - if(!DRBG_Instantiate(&testState, 0, NULL)) - return FALSE; -#if DRBG_DEBUG_PRINT - dbgDumpMemBlock(pDRBG_KEY(&testState), DRBG_KEY_SIZE_BYTES, - "Key after Instantiate"); - dbgDumpMemBlock(pDRBG_IV(&testState), DRBG_IV_SIZE_BYTES, - "Value after Instantiate"); -#endif - if(DRBG_Generate((RAND_STATE *)&testState, buf, sizeof(buf)) == 0) - return FALSE; -#if DRBG_DEBUG_PRINT - dbgDumpMemBlock(pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, - "Key after 1st Generate"); - dbgDumpMemBlock(pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, - "Value after 1st Generate"); -#endif - if(memcmp(buf, DRBG_NistTestVector_GeneratedInterm, sizeof(buf)) != 0) - return FALSE; - memcpy(seed.bytes, DRBG_NistTestVector_EntropyReseed, sizeof(seed)); - DRBG_Reseed(&testState, &seed, NULL); -#if DRBG_DEBUG_PRINT - dbgDumpMemBlock((BYTE *)pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, - "Key after 2nd Generate"); - dbgDumpMemBlock((BYTE *)pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, - "Value after 2nd Generate"); - dbgDumpMemBlock(buf, sizeof(buf), "2nd Generated"); -#endif - if(DRBG_Generate((RAND_STATE *)&testState, buf, sizeof(buf)) == 0) - return FALSE; - if(memcmp(buf, DRBG_NistTestVector_Generated, sizeof(buf)) != 0) - return FALSE; - ClearSelfTest(); - - DRBG_Uninstantiate(&testState); - for(p = (BYTE *)&testState, i = 0; i < sizeof(DRBG_STATE); i++) - { - if(*p++) - return FALSE; - } - // Simulate hardware failure to make sure that we get an error when - // trying to instantiate - SetEntropyBad(); - if(DRBG_Instantiate(&testState, 0, NULL)) - return FALSE; - ClearEntropyBad(); - - return TRUE; -} - -//** Public Interface -//*** Description -// The functions in this section are the interface to the RNG. These -// are the functions that are used by TPM.lib. - -//*** CryptRandomStir() -// This function is used to cause a reseed. A DRBG_SEED amount of entropy is -// collected from the hardware and then additional data is added. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT failure of the entropy generator -LIB_EXPORT TPM_RC -CryptRandomStir( - UINT16 additionalDataSize, - BYTE *additionalData - ) -{ -#if !USE_DEBUG_RNG - DRBG_SEED tmpBuf; - DRBG_SEED dfResult; -// - // All reseed with outside data starts with a buffer full of entropy - if(!DRBG_GetEntropy(sizeof(tmpBuf), (BYTE *)&tmpBuf)) - return TPM_RC_NO_RESULT; - - DRBG_Reseed(&drbgDefault, &tmpBuf, - DfBuffer(&dfResult, additionalDataSize, additionalData)); - drbgDefault.reseedCounter = 1; - - return TPM_RC_SUCCESS; - -#else - // If doing debug, use the input data as the initial setting for the RNG state - // so that the test can be reset at any time. - // Note: If this is called with a data size of 0 or less, nothing happens. The - // presumption is that, in a debug environment, the caller will have specific - // values for initialization, so this check is just a simple way to prevent - // inadvertent programming errors from screwing things up. This doesn't use an - // pAssert() because the non-debug version of this function will accept these - // parameters as meaning that there is no additionalData and only hardware - // entropy is used. - if((additionalDataSize > 0) && (additionalData != NULL)) - { - memset(drbgDefault.seed.bytes, 0, sizeof(drbgDefault.seed.bytes)); - memcpy(drbgDefault.seed.bytes, additionalData, - MIN(additionalDataSize, sizeof(drbgDefault.seed.bytes))); - } - drbgDefault.reseedCounter = 1; - - return TPM_RC_SUCCESS; -#endif -} - -//*** CryptRandomGenerate() -// Generate a 'randomSize' number or random bytes. -LIB_EXPORT UINT16 -CryptRandomGenerate( - UINT16 randomSize, - BYTE *buffer - ) -{ - return DRBG_Generate((RAND_STATE *)&drbgDefault, buffer, randomSize); -} - - - -//*** DRBG_InstantiateSeededKdf() -// This function is used to instantiate a KDF-based RNG. This is used for derivations. -// This function always returns TRUE. -LIB_EXPORT BOOL -DRBG_InstantiateSeededKdf( - KDF_STATE *state, // OUT: buffer to hold the state - TPM_ALG_ID hashAlg, // IN: hash algorithm - TPM_ALG_ID kdf, // IN: the KDF to use - TPM2B *seed, // IN: the seed to use - const TPM2B *label, // IN: a label for the generation process. - TPM2B *context, // IN: the context value - UINT32 limit // IN: Maximum number of bits from the KDF - ) -{ - state->magic = KDF_MAGIC; - state->limit = limit; - state->seed = seed; - state->hash = hashAlg; - state->kdf = kdf; - state->label = label; - state->context = context; - state->digestSize = CryptHashGetDigestSize(hashAlg); - state->counter = 0; - state->residual.t.size = 0; - return TRUE; -} - -//*** DRBG_AdditionalData() -// Function to reseed the DRBG with additional entropy. This is normally called -// before computing the protection value of a primary key in the Endorsement -// hierarchy. -LIB_EXPORT void -DRBG_AdditionalData( - DRBG_STATE *drbgState, // IN:OUT state to update - TPM2B *additionalData // IN: value to incorporate - ) -{ - DRBG_SEED dfResult; - if(drbgState->magic == DRBG_MAGIC) - { - DfBuffer(&dfResult, additionalData->size, additionalData->buffer); - DRBG_Reseed(drbgState, &dfResult, NULL); - } -} - - -//*** DRBG_InstantiateSeeded() -// This function is used to instantiate a random number generator from seed values. -// The nominal use of this generator is to create sequences of pseudo-random -// numbers from a seed value. -// Return Type: TPM_RC -// TPM_RC_FAILURE DRBG self-test failure -LIB_EXPORT TPM_RC -DRBG_InstantiateSeeded( - DRBG_STATE *drbgState, // IN/OUT: buffer to hold the state - const TPM2B *seed, // IN: the seed to use - const TPM2B *purpose, // IN: a label for the generation process. - const TPM2B *name, // IN: name of the object - const TPM2B *additional // IN: additional data - ) -{ - DF_STATE dfState; - int totalInputSize; - // DRBG should have been tested, but... - if(!IsDrbgTested() && !DRBG_SelfTest()) - { - LOG_FAILURE(FATAL_ERROR_SELF_TEST); - return TPM_RC_FAILURE; - } - // Initialize the DRBG state - memset(drbgState, 0, sizeof(DRBG_STATE)); - drbgState->magic = DRBG_MAGIC; - - // Size all of the values - totalInputSize = (seed != NULL) ? seed->size : 0; - totalInputSize += (purpose != NULL) ? purpose->size : 0; - totalInputSize += (name != NULL) ? name->size : 0; - totalInputSize += (additional != NULL) ? additional->size : 0; - - // Initialize the derivation - DfStart(&dfState, totalInputSize); - - // Run all the input strings through the derivation function - if(seed != NULL) - DfUpdate(&dfState, seed->size, seed->buffer); - if(purpose != NULL) - DfUpdate(&dfState, purpose->size, purpose->buffer); - if(name != NULL) - DfUpdate(&dfState, name->size, name->buffer); - if(additional != NULL) - DfUpdate(&dfState, additional->size, additional->buffer); - - // Used the derivation function output as the "entropy" input. This is not - // how it is described in SP800-90A but this is the equivalent function - DRBG_Reseed(((DRBG_STATE *)drbgState), DfEnd(&dfState), NULL); - - return TPM_RC_SUCCESS; -} - -//*** CryptRandStartup() -// This function is called when TPM_Startup is executed. This function always returns -// TRUE. -LIB_EXPORT BOOL -CryptRandStartup( - void - ) -{ -#if ! _DRBG_STATE_SAVE - // If not saved in NV, re-instantiate on each startup - DRBG_Instantiate(&drbgDefault, 0, NULL); -#else - // If the running state is saved in NV, NV has to be loaded before it can - // be updated - if(go.drbgState.magic == DRBG_MAGIC) - DRBG_Reseed(&go.drbgState, NULL, NULL); - else - DRBG_Instantiate(&go.drbgState, 0, NULL); -#endif - return TRUE; -} - -//**** CryptRandInit() -// This function is called when _TPM_Init is being processed. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -LIB_EXPORT BOOL -CryptRandInit( - void - ) -{ -#if !USE_DEBUG_RNG - _plat__GetEntropy(NULL, 0); -#endif - return DRBG_SelfTest(); -} - -//*** DRBG_Generate() -// This function generates a random sequence according SP800-90A. -// If 'random' is not NULL, then 'randomSize' bytes of random values are generated. -// If 'random' is NULL or 'randomSize' is zero, then the function returns -// zero without generating any bits or updating the reseed counter. -// This function returns the number of bytes produced which could be less than the -// number requested if the request is too large ("too large" is implementation -// dependent.) -LIB_EXPORT UINT16 -DRBG_Generate( - RAND_STATE *state, - BYTE *random, // OUT: buffer to receive the random values - UINT16 randomSize // IN: the number of bytes to generate - ) -{ - if(state == NULL) - state = (RAND_STATE *)&drbgDefault; - if(random == NULL) - return 0; - - // If the caller used a KDF state, generate a sequence from the KDF not to - // exceed the limit. - if(state->kdf.magic == KDF_MAGIC) - { - KDF_STATE *kdf = (KDF_STATE *)state; - UINT32 counter = (UINT32)kdf->counter; - INT32 bytesLeft = randomSize; -// - // If the number of bytes to be returned would put the generator - // over the limit, then return 0 - if((((kdf->counter * kdf->digestSize) + randomSize) * 8) > kdf->limit) - return 0; - // Process partial and full blocks until all requested bytes provided - while(bytesLeft > 0) - { - // If there is any residual data in the buffer, copy it to the output - // buffer - if(kdf->residual.t.size > 0) - { - INT32 size; -// - // Don't use more of the residual than will fit or more than are - // available - size = MIN(kdf->residual.t.size, bytesLeft); - - // Copy some or all of the residual to the output. The residual is - // at the end of the buffer. The residual might be a full buffer. - MemoryCopy(random, - &kdf->residual.t.buffer - [kdf->digestSize - kdf->residual.t.size], size); - - // Advance the buffer pointer - random += size; - - // Reduce the number of bytes left to get - bytesLeft -= size; - - // And reduce the residual size appropriately - kdf->residual.t.size -= (UINT16)size; - } - else - { - UINT16 blocks = (UINT16)(bytesLeft / kdf->digestSize); -// - // Get the number of required full blocks - if(blocks > 0) - { - UINT16 size = blocks * kdf->digestSize; -// Get some number of full blocks and put them in the return buffer - CryptKDFa(kdf->hash, kdf->seed, kdf->label, kdf->context, NULL, - kdf->limit, random, &counter, blocks); - - // reduce the size remaining to be moved and advance the pointer - bytesLeft -= size; - random += size; - } - else - { - // Fill the residual buffer with a full block and then loop to - // top to get part of it copied to the output. - kdf->residual.t.size = CryptKDFa(kdf->hash, kdf->seed, - kdf->label, kdf->context, NULL, - kdf->limit, - kdf->residual.t.buffer, - &counter, 1); - } - } - } - kdf->counter = counter; - return randomSize; - } - else if(state->drbg.magic == DRBG_MAGIC) - { - DRBG_STATE *drbgState = (DRBG_STATE *)state; - DRBG_KEY_SCHEDULE keySchedule; - DRBG_SEED *seed = &drbgState->seed; - - if(drbgState->reseedCounter >= CTR_DRBG_MAX_REQUESTS_PER_RESEED) - { - if(drbgState == &drbgDefault) - { - DRBG_Reseed(drbgState, NULL, NULL); - if(IsEntropyBad() && !IsSelfTest()) - return 0; - } - else - { - // If this is a PRNG then the only way to get - // here is if the SW has run away. - LOG_FAILURE(FATAL_ERROR_INTERNAL); - return 0; - } - } - // if the allowed number of bytes in a request is larger than the - // less than the number of bytes that can be requested, then check -#if UINT16_MAX >= CTR_DRBG_MAX_BYTES_PER_REQUEST - if(randomSize > CTR_DRBG_MAX_BYTES_PER_REQUEST) - randomSize = CTR_DRBG_MAX_BYTES_PER_REQUEST; -#endif - // Create encryption schedule - if(DRBG_ENCRYPT_SETUP((BYTE *)pDRBG_KEY(seed), - DRBG_KEY_SIZE_BITS, &keySchedule) != 0) - { - LOG_FAILURE(FATAL_ERROR_INTERNAL); - return 0; - } - // Generate the random data - EncryptDRBG(random, randomSize, &keySchedule, pDRBG_IV(seed), - drbgState->lastValue); - // Do a key update - DRBG_Update(drbgState, &keySchedule, NULL); - - // Increment the reseed counter - drbgState->reseedCounter += 1; - } - else - { - LOG_FAILURE(FATAL_ERROR_INTERNAL); - return FALSE; - } - return randomSize; -} - -//*** DRBG_Instantiate() -// This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. -// This is called when a the TPM DRBG is to be instantiated. This is -// called to instantiate a DRBG used by the TPM for normal -// operations. -// Return Type: BOOL -// TRUE(1) instantiation succeeded -// FALSE(0) instantiation failed -LIB_EXPORT BOOL -DRBG_Instantiate( - DRBG_STATE *drbgState, // OUT: the instantiated value - UINT16 pSize, // IN: Size of personalization string - BYTE *personalization // IN: The personalization string - ) -{ - DRBG_SEED seed; - DRBG_SEED dfResult; -// - pAssert((pSize == 0) || (pSize <= sizeof(seed)) || (personalization != NULL)); - // If the DRBG has not been tested, test when doing an instantiation. Since - // Instantiation is called during self test, make sure we don't get stuck in a - // loop. - if(!IsDrbgTested() && !IsSelfTest() && !DRBG_SelfTest()) - return FALSE; - // If doing a self test, DRBG_GetEntropy will return the NIST - // test vector value. - if(!DRBG_GetEntropy(sizeof(seed), (BYTE *)&seed)) - return FALSE; - // set everything to zero - memset(drbgState, 0, sizeof(DRBG_STATE)); - drbgState->magic = DRBG_MAGIC; - - // Steps 1, 2, 3, 6, 7 of SP 800-90A 10.2.1.3.1 are exactly what - // reseeding does. So, do a reduction on the personalization value (if any) - // and do a reseed. - DRBG_Reseed(drbgState, &seed, DfBuffer(&dfResult, pSize, personalization)); - - return TRUE; -} - -//*** DRBG_Uninstantiate() -// This is Uninstantiate_function() from [SP 800-90A 9.4]. -// -// Return Type: TPM_RC -// TPM_RC_VALUE not a valid state -LIB_EXPORT TPM_RC -DRBG_Uninstantiate( - DRBG_STATE *drbgState // IN/OUT: working state to erase - ) -{ - if((drbgState == NULL) || (drbgState->magic != DRBG_MAGIC)) - return TPM_RC_VALUE; - memset(drbgState, 0, sizeof(DRBG_STATE)); - return TPM_RC_SUCCESS; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c deleted file mode 100644 index dc0ceed57..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c +++ /dev/null @@ -1,1489 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains implementation of cryptographic primitives for RSA. -// Vendors may replace the implementation in this file with their own library -// functions. - -//** Includes -// Need this define to get the 'private' defines for this function -#define CRYPT_RSA_C -#include "Tpm.h" - -#if ALG_RSA - -//** Obligatory Initialization Functions - -//*** CryptRsaInit() -// Function called at _TPM_Init(). -BOOL -CryptRsaInit( - void - ) -{ - return TRUE; -} - -//*** CryptRsaStartup() -// Function called at TPM2_Startup() -BOOL -CryptRsaStartup( - void - ) -{ - return TRUE; -} - -//** Internal Functions - -//*** RsaInitializeExponent() -// This function initializes the bignum data structure that holds the private -// exponent. This function returns the pointer to the private exponent value so that -// it can be used in an initializer for a data declaration. -static privateExponent * -RsaInitializeExponent( - privateExponent *Z - ) -{ - bigNum *bn = (bigNum *)&Z->P; - int i; -// - for(i = 0; i < 5; i++) - { - bn[i] = (bigNum)&Z->entries[i]; - BnInit(bn[i], BYTES_TO_CRYPT_WORDS(sizeof(Z->entries[0].d))); - } - return Z; -} - -//*** MakePgreaterThanQ() -// This function swaps the pointers for P and Q if Q happens to be larger than Q. -static void -MakePgreaterThanQ( - privateExponent *Z -) -{ - if(BnUnsignedCmp(Z->P, Z->Q) < 0) - { - bigNum bnT = Z->P; - Z->P = Z->Q; - Z->Q = bnT; - } -} - -//*** PackExponent() -// This function takes the bignum private exponent and converts it into TPM2B form. -// In this form, the size field contains the overall size of the packed data. The -// buffer contains 5, equal sized values in P, Q, dP, dQ, qInv order. For example, if -// a key has a 2Kb public key, then the packed private key will contain 5, 1Kb values. -// This form makes it relatively easy to load and save the values without changing -// the normal unmarshaling to do anything more than allow a larger TPM2B for the -// private key. Also, when exporting the value, all that is needed is to change the -// size field of the private key in order to save just the P value. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure // The data is too big to fit -static BOOL -PackExponent( - TPM2B_PRIVATE_KEY_RSA *packed, - privateExponent *Z -) -{ - int i; - UINT16 primeSize = (UINT16)BITS_TO_BYTES(BnMsb(Z->P)); - UINT16 pS = primeSize; -// - pAssert((primeSize * 5) <= sizeof(packed->t.buffer)); - packed->t.size = (primeSize * 5) + RSA_prime_flag; - for(i = 0; i < 5; i++) - if(!BnToBytes((bigNum)&Z->entries[i], &packed->t.buffer[primeSize * i], &pS)) - return FALSE; - if(pS != primeSize) - return FALSE; - return TRUE; -} - -//*** UnpackExponent() -// This function unpacks the private exponent from its TPM2B form into its bignum -// form. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) TPM2B is not the correct size -static BOOL -UnpackExponent( - TPM2B_PRIVATE_KEY_RSA *b, - privateExponent *Z -) -{ - UINT16 primeSize = b->t.size & ~RSA_prime_flag; - int i; - bigNum *bn = &Z->P; -// - VERIFY(b->t.size & RSA_prime_flag); - RsaInitializeExponent(Z); - VERIFY((primeSize % 5) == 0); - primeSize /= 5; - for(i = 0; i < 5; i++) - VERIFY(BnFromBytes(bn[i], &b->t.buffer[primeSize * i], primeSize) - != NULL); - MakePgreaterThanQ(Z); - return TRUE; -Error: - return FALSE; - } - -//*** ComputePrivateExponent() -// This function computes the private exponent from the primes. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -static BOOL -ComputePrivateExponent( - bigNum pubExp, // IN: the public exponent - privateExponent *Z // IN/OUT: on input, has primes P and Q. On - // output, has P, Q, dP, dQ, and pInv - ) -{ - BOOL pOK; - BOOL qOK; - BN_PRIME(pT); -// - // make p the larger value so that m2 is always less than p - MakePgreaterThanQ(Z); - - //dP = (1/e) mod (p-1) - pOK = BnSubWord(pT, Z->P, 1); - pOK = pOK && BnModInverse(Z->dP, pubExp, pT); - //dQ = (1/e) mod (q-1) - qOK = BnSubWord(pT, Z->Q, 1); - qOK = qOK && BnModInverse(Z->dQ, pubExp, pT); - // qInv = (1/q) mod p - if(pOK && qOK) - pOK = qOK = BnModInverse(Z->qInv, Z->Q, Z->P); - if(!pOK) - BnSetWord(Z->P, 0); - if(!qOK) - BnSetWord(Z->Q, 0); - return pOK && qOK; -} - -//*** RsaPrivateKeyOp() -// This function is called to do the exponentiation with the private key. Compile -// options allow use of the simple (but slow) private exponent, or the more complex -// but faster CRT method. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -static BOOL -RsaPrivateKeyOp( - bigNum inOut, // IN/OUT: number to be exponentiated - privateExponent *Z - ) -{ - BN_RSA(M1); - BN_RSA(M2); - BN_RSA(M); - BN_RSA(H); -// - MakePgreaterThanQ(Z); - // m1 = cdP mod p - VERIFY(BnModExp(M1, inOut, Z->dP, Z->P)); - // m2 = cdQ mod q - VERIFY(BnModExp(M2, inOut, Z->dQ, Z->Q)); - // h = qInv * (m1 - m2) mod p = qInv * (m1 + P - m2) mod P because Q < P - // so m2 < P - VERIFY(BnSub(H, Z->P, M2)); - VERIFY(BnAdd(H, H, M1)); - VERIFY(BnModMult(H, H, Z->qInv, Z->P)); - // m = m2 + h * q - VERIFY(BnMult(M, H, Z->Q)); - VERIFY(BnAdd(inOut, M2, M)); - return TRUE; -Error: - return FALSE; -} - -//*** RSAEP() -// This function performs the RSAEP operation defined in PKCS#1v2.1. It is -// an exponentiation of a value ('m') with the public exponent ('e'), modulo -// the public ('n'). -// -// Return Type: TPM_RC -// TPM_RC_VALUE number to exponentiate is larger than the modulus -// -static TPM_RC -RSAEP( - TPM2B *dInOut, // IN: size of the encrypted block and the size of - // the encrypted value. It must be the size of - // the modulus. - // OUT: the encrypted data. Will receive the - // decrypted value - OBJECT *key // IN: the key to use - ) -{ - TPM2B_TYPE(4BYTES, 4); - TPM2B_4BYTES e2B; - UINT32 e = key->publicArea.parameters.rsaDetail.exponent; -// - if(e == 0) - e = RSA_DEFAULT_PUBLIC_EXPONENT; - UINT32_TO_BYTE_ARRAY(e, e2B.t.buffer); - e2B.t.size = 4; - return ModExpB(dInOut->size, dInOut->buffer, dInOut->size, dInOut->buffer, - e2B.t.size, e2B.t.buffer, key->publicArea.unique.rsa.t.size, - key->publicArea.unique.rsa.t.buffer); -} - -//*** RSADP() -// This function performs the RSADP operation defined in PKCS#1v2.1. It is -// an exponentiation of a value ('c') with the private exponent ('d'), modulo -// the public modulus ('n'). The decryption is in place. -// -// This function also checks the size of the private key. If the size indicates -// that only a prime value is present, the key is converted to being a private -// exponent. -// -// Return Type: TPM_RC -// TPM_RC_SIZE the value to decrypt is larger than the modulus -// -static TPM_RC -RSADP( - TPM2B *inOut, // IN/OUT: the value to encrypt - OBJECT *key // IN: the key - ) -{ - BN_RSA_INITIALIZED(bnM, inOut); - NEW_PRIVATE_EXPONENT(Z); - if(UnsignedCompareB(inOut->size, inOut->buffer, - key->publicArea.unique.rsa.t.size, - key->publicArea.unique.rsa.t.buffer) >= 0) - return TPM_RC_SIZE; - // private key operation requires that private exponent be loaded - // During self-test, this might not be the case so load it up if it hasn't - // already done - // been done - if((key->sensitive.sensitive.rsa.t.size & RSA_prime_flag) == 0) - { - if(CryptRsaLoadPrivateExponent(&key->publicArea, &key->sensitive) - != TPM_RC_SUCCESS) - return TPM_RC_BINDING; - } - VERIFY(UnpackExponent(&key->sensitive.sensitive.rsa, Z)); - VERIFY(RsaPrivateKeyOp(bnM, Z)); - VERIFY(BnTo2B(bnM, inOut, inOut->size)); - return TPM_RC_SUCCESS; -Error: - return TPM_RC_FAILURE; -} - -//*** OaepEncode() -// This function performs OAEP padding. The size of the buffer to receive the -// OAEP padded data must equal the size of the modulus -// -// Return Type: TPM_RC -// TPM_RC_VALUE 'hashAlg' is not valid or message size is too large -// -static TPM_RC -OaepEncode( - TPM2B *padded, // OUT: the pad data - TPM_ALG_ID hashAlg, // IN: algorithm to use for padding - const TPM2B *label, // IN: null-terminated string (may be NULL) - TPM2B *message, // IN: the message being padded - RAND_STATE *rand // IN: the random number generator to use - ) -{ - INT32 padLen; - INT32 dbSize; - INT32 i; - BYTE mySeed[MAX_DIGEST_SIZE]; - BYTE *seed = mySeed; - UINT16 hLen = CryptHashGetDigestSize(hashAlg); - BYTE mask[MAX_RSA_KEY_BYTES]; - BYTE *pp; - BYTE *pm; - TPM_RC retVal = TPM_RC_SUCCESS; - - pAssert(padded != NULL && message != NULL); - - // A value of zero is not allowed because the KDF can't produce a result - // if the digest size is zero. - if(hLen == 0) - return TPM_RC_VALUE; - - // Basic size checks - // make sure digest isn't too big for key size - if(padded->size < (2 * hLen) + 2) - ERROR_RETURN(TPM_RC_HASH); - - // and that message will fit messageSize <= k - 2hLen - 2 - if(message->size > (padded->size - (2 * hLen) - 2)) - ERROR_RETURN(TPM_RC_VALUE); - - // Hash L even if it is null - // Offset into padded leaving room for masked seed and byte of zero - pp = &padded->buffer[hLen + 1]; - if(CryptHashBlock(hashAlg, label->size, (BYTE *)label->buffer, - hLen, pp) != hLen) - ERROR_RETURN(TPM_RC_FAILURE); - - // concatenate PS of k mLen 2hLen 2 - padLen = padded->size - message->size - (2 * hLen) - 2; - MemorySet(&pp[hLen], 0, padLen); - pp[hLen + padLen] = 0x01; - padLen += 1; - memcpy(&pp[hLen + padLen], message->buffer, message->size); - - // The total size of db = hLen + pad + mSize; - dbSize = hLen + padLen + message->size; - - // If testing, then use the provided seed. Otherwise, use values - // from the RNG - CryptRandomGenerate(hLen, mySeed); - DRBG_Generate(rand, mySeed, (UINT16)hLen); - if(g_inFailureMode) - ERROR_RETURN(TPM_RC_FAILURE); - // mask = MGF1 (seed, nSize hLen 1) - CryptMGF1(dbSize, mask, hashAlg, hLen, seed); - - // Create the masked db - pm = mask; - for(i = dbSize; i > 0; i--) - *pp++ ^= *pm++; - pp = &padded->buffer[hLen + 1]; - - // Run the masked data through MGF1 - if(CryptMGF1(hLen, &padded->buffer[1], hashAlg, dbSize, pp) != (unsigned)hLen) - ERROR_RETURN(TPM_RC_VALUE); -// Now XOR the seed to create masked seed - pp = &padded->buffer[1]; - pm = seed; - for(i = hLen; i > 0; i--) - *pp++ ^= *pm++; - // Set the first byte to zero - padded->buffer[0] = 0x00; -Exit: - return retVal; -} - -//*** OaepDecode() -// This function performs OAEP padding checking. The size of the buffer to receive -// the recovered data. If the padding is not valid, the 'dSize' size is set to zero -// and the function returns TPM_RC_VALUE. -// -// The 'dSize' parameter is used as an input to indicate the size available in the -// buffer. - -// If insufficient space is available, the size is not changed and the return code -// is TPM_RC_VALUE. -// -// Return Type: TPM_RC -// TPM_RC_VALUE the value to decode was larger than the modulus, or -// the padding is wrong or the buffer to receive the -// results is too small -// -// -static TPM_RC -OaepDecode( - TPM2B *dataOut, // OUT: the recovered data - TPM_ALG_ID hashAlg, // IN: algorithm to use for padding - const TPM2B *label, // IN: null-terminated string (may be NULL) - TPM2B *padded // IN: the padded data - ) -{ - UINT32 i; - BYTE seedMask[MAX_DIGEST_SIZE]; - UINT32 hLen = CryptHashGetDigestSize(hashAlg); - - BYTE mask[MAX_RSA_KEY_BYTES]; - BYTE *pp; - BYTE *pm; - TPM_RC retVal = TPM_RC_SUCCESS; - - // Strange size (anything smaller can't be an OAEP padded block) - // Also check for no leading 0 - if((padded->size < (unsigned)((2 * hLen) + 2)) || (padded->buffer[0] != 0)) - ERROR_RETURN(TPM_RC_VALUE); -// Use the hash size to determine what to put through MGF1 in order -// to recover the seedMask - CryptMGF1(hLen, seedMask, hashAlg, padded->size - hLen - 1, - &padded->buffer[hLen + 1]); - - // Recover the seed into seedMask - pAssert(hLen <= sizeof(seedMask)); - pp = &padded->buffer[1]; - pm = seedMask; - for(i = hLen; i > 0; i--) - *pm++ ^= *pp++; - - // Use the seed to generate the data mask - CryptMGF1(padded->size - hLen - 1, mask, hashAlg, hLen, seedMask); - - // Use the mask generated from seed to recover the padded data - pp = &padded->buffer[hLen + 1]; - pm = mask; - for(i = (padded->size - hLen - 1); i > 0; i--) - *pm++ ^= *pp++; - - // Make sure that the recovered data has the hash of the label - // Put trial value in the seed mask - if((CryptHashBlock(hashAlg, label->size, (BYTE *)label->buffer, - hLen, seedMask)) != hLen) - FAIL(FATAL_ERROR_INTERNAL); - if(memcmp(seedMask, mask, hLen) != 0) - ERROR_RETURN(TPM_RC_VALUE); - - // find the start of the data - pm = &mask[hLen]; - for(i = (UINT32)padded->size - (2 * hLen) - 1; i > 0; i--) - { - if(*pm++ != 0) - break; - } - // If we ran out of data or didn't end with 0x01, then return an error - if(i == 0 || pm[-1] != 0x01) - ERROR_RETURN(TPM_RC_VALUE); - - // pm should be pointing at the first part of the data - // and i is one greater than the number of bytes to move - i--; - if(i > dataOut->size) - // Special exit to preserve the size of the output buffer - return TPM_RC_VALUE; - memcpy(dataOut->buffer, pm, i); - dataOut->size = (UINT16)i; -Exit: - if(retVal != TPM_RC_SUCCESS) - dataOut->size = 0; - return retVal; -} - -//*** PKCS1v1_5Encode() -// This function performs the encoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in -// PKCS#1V2.1 -// Return Type: TPM_RC -// TPM_RC_VALUE message size is too large -// -static TPM_RC -RSAES_PKCS1v1_5Encode( - TPM2B *padded, // OUT: the pad data - TPM2B *message, // IN: the message being padded - RAND_STATE *rand - ) -{ - UINT32 ps = padded->size - message->size - 3; -// - if(message->size > padded->size - 11) - return TPM_RC_VALUE; - // move the message to the end of the buffer - memcpy(&padded->buffer[padded->size - message->size], message->buffer, - message->size); - // Set the first byte to 0x00 and the second to 0x02 - padded->buffer[0] = 0; - padded->buffer[1] = 2; - - // Fill with random bytes - DRBG_Generate(rand, &padded->buffer[2], (UINT16)ps); - if(g_inFailureMode) - return TPM_RC_FAILURE; - - // Set the delimiter for the random field to 0 - padded->buffer[2 + ps] = 0; - - // Now, the only messy part. Make sure that all the 'ps' bytes are non-zero - // In this implementation, use the value of the current index - for(ps++; ps > 1; ps--) - { - if(padded->buffer[ps] == 0) - padded->buffer[ps] = 0x55; // In the < 0.5% of the cases that the - // random value is 0, just pick a value to - // put into the spot. - } - return TPM_RC_SUCCESS; -} - -//*** RSAES_Decode() -// This function performs the decoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in -// PKCS#1V2.1 -// -// Return Type: TPM_RC -// TPM_RC_FAIL decoding error or results would no fit into provided buffer -// -static TPM_RC -RSAES_Decode( - TPM2B *message, // OUT: the recovered message - TPM2B *coded // IN: the encoded message - ) -{ - BOOL fail = FALSE; - UINT16 pSize; - - fail = (coded->size < 11); - fail = (coded->buffer[0] != 0x00) | fail; - fail = (coded->buffer[1] != 0x02) | fail; - for(pSize = 2; pSize < coded->size; pSize++) - { - if(coded->buffer[pSize] == 0) - break; - } - pSize++; - - // Make sure that pSize has not gone over the end and that there are at least 8 - // bytes of pad data. - fail = (pSize > coded->size) | fail; - fail = ((pSize - 2) < 8) | fail; - if((message->size < (UINT16)(coded->size - pSize)) || fail) - return TPM_RC_VALUE; - message->size = coded->size - pSize; - memcpy(message->buffer, &coded->buffer[pSize], coded->size - pSize); - return TPM_RC_SUCCESS; -} - -//*** CryptRsaPssSaltSize() -// This function computes the salt size used in PSS. It is broken out so that -// the X509 code can get the same value that is used by the encoding function in this -// module. -INT16 -CryptRsaPssSaltSize( - INT16 hashSize, - INT16 outSize -) -{ - INT16 saltSize; -// - // (Mask Length) = (outSize - hashSize - 1); - // Max saltSize is (Mask Length) - 1 - saltSize = (outSize - hashSize - 1) - 1; - // Use the maximum salt size allowed by FIPS 186-4 - if(saltSize > hashSize) - saltSize = hashSize; - else if(saltSize < 0) - saltSize = 0; - return saltSize; -} - -//*** PssEncode() -// This function creates an encoded block of data that is the size of modulus. -// The function uses the maximum salt size that will fit in the encoded block. -// -// Returns TPM_RC_SUCCESS or goes into failure mode. -static TPM_RC -PssEncode( - TPM2B *out, // OUT: the encoded buffer - TPM_ALG_ID hashAlg, // IN: hash algorithm for the encoding - TPM2B *digest, // IN: the digest - RAND_STATE *rand // IN: random number source - ) -{ - UINT32 hLen = CryptHashGetDigestSize(hashAlg); - BYTE salt[MAX_RSA_KEY_BYTES - 1]; - UINT16 saltSize; - BYTE *ps = salt; - BYTE *pOut; - UINT16 mLen; - HASH_STATE hashState; - - // These are fatal errors indicating bad TPM firmware - pAssert(out != NULL && hLen > 0 && digest != NULL); - - // Get the size of the mask - mLen = (UINT16)(out->size - hLen - 1); - - // Set the salt size - saltSize = CryptRsaPssSaltSize((INT16)hLen, (INT16)out->size); - -//using eOut for scratch space - // Set the first 8 bytes to zero - pOut = out->buffer; - memset(pOut, 0, 8); - - // Get set the salt - DRBG_Generate(rand, salt, saltSize); - if(g_inFailureMode) - return TPM_RC_FAILURE; - - // Create the hash of the pad || input hash || salt - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate(&hashState, 8, pOut); - CryptDigestUpdate2B(&hashState, digest); - CryptDigestUpdate(&hashState, saltSize, salt); - CryptHashEnd(&hashState, hLen, &pOut[out->size - hLen - 1]); - - // Create a mask - if(CryptMGF1(mLen, pOut, hashAlg, hLen, &pOut[mLen]) != mLen) - FAIL(FATAL_ERROR_INTERNAL); - - // Since this implementation uses key sizes that are all even multiples of - // 8, just need to make sure that the most significant bit is CLEAR - *pOut &= 0x7f; - - // Before we mess up the pOut value, set the last byte to 0xbc - pOut[out->size - 1] = 0xbc; - - // XOR a byte of 0x01 at the position just before where the salt will be XOR'ed - pOut = &pOut[mLen - saltSize - 1]; - *pOut++ ^= 0x01; - - // XOR the salt data into the buffer - for(; saltSize > 0; saltSize--) - *pOut++ ^= *ps++; - - // and we are done - return TPM_RC_SUCCESS; -} - -//*** PssDecode() -// This function checks that the PSS encoded block was built from the -// provided digest. If the check is successful, TPM_RC_SUCCESS is returned. -// Any other value indicates an error. -// -// This implementation of PSS decoding is intended for the reference TPM -// implementation and is not at all generalized. It is used to check -// signatures over hashes and assumptions are made about the sizes of values. -// Those assumptions are enforce by this implementation. -// This implementation does allow for a variable size salt value to have been -// used by the creator of the signature. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'hashAlg' is not a supported hash algorithm -// TPM_RC_VALUE decode operation failed -// -static TPM_RC -PssDecode( - TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding - TPM2B *dIn, // In: the digest to compare - TPM2B *eIn // IN: the encoded data - ) -{ - UINT32 hLen = CryptHashGetDigestSize(hashAlg); - BYTE mask[MAX_RSA_KEY_BYTES]; - BYTE *pm = mask; - BYTE *pe; - BYTE pad[8] = {0}; - UINT32 i; - UINT32 mLen; - BYTE fail; - TPM_RC retVal = TPM_RC_SUCCESS; - HASH_STATE hashState; - - // These errors are indicative of failures due to programmer error - pAssert(dIn != NULL && eIn != NULL); - pe = eIn->buffer; - - // check the hash scheme - if(hLen == 0) - ERROR_RETURN(TPM_RC_SCHEME); - - // most significant bit must be zero - fail = pe[0] & 0x80; - - // last byte must be 0xbc - fail |= pe[eIn->size - 1] ^ 0xbc; - - // Use the hLen bytes at the end of the buffer to generate a mask - // Doesn't start at the end which is a flag byte - mLen = eIn->size - hLen - 1; - CryptMGF1(mLen, mask, hashAlg, hLen, &pe[mLen]); - - // Clear the MSO of the mask to make it consistent with the encoding. - mask[0] &= 0x7F; - - pAssert(mLen <= sizeof(mask)); - // XOR the data into the mask to recover the salt. This sequence - // advances eIn so that it will end up pointing to the seed data - // which is the hash of the signature data - for(i = mLen; i > 0; i--) - *pm++ ^= *pe++; - - // Find the first byte of 0x01 after a string of all 0x00 - for(pm = mask, i = mLen; i > 0; i--) - { - if(*pm == 0x01) - break; - else - fail |= *pm++; - } - // i should not be zero - fail |= (i == 0); - - // if we have failed, will continue using the entire mask as the salt value so - // that the timing attacks will not disclose anything (I don't think that this - // is a problem for TPM applications but, usually, we don't fail so this - // doesn't cost anything). - if(fail) - { - i = mLen; - pm = mask; - } - else - { - pm++; - i--; - } - // i contains the salt size and pm points to the salt. Going to use the input - // hash and the seed to recreate the hash in the lower portion of eIn. - CryptHashStart(&hashState, hashAlg); - - // add the pad of 8 zeros - CryptDigestUpdate(&hashState, 8, pad); - - // add the provided digest value - CryptDigestUpdate(&hashState, dIn->size, dIn->buffer); - - // and the salt - CryptDigestUpdate(&hashState, i, pm); - - // get the result - fail |= (CryptHashEnd(&hashState, hLen, mask) != hLen); - - // Compare all bytes - for(pm = mask; hLen > 0; hLen--) - // don't use fail = because that could skip the increment and compare - // operations after the first failure and that gives away timing - // information. - fail |= *pm++ ^ *pe++; - - retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; -Exit: - return retVal; -} - -//*** MakeDerTag() -// Construct the DER value that is used in RSASSA -// Return Type: INT16 -// > 0 size of value -// <= 0 no hash exists -INT16 -MakeDerTag( - TPM_ALG_ID hashAlg, - INT16 sizeOfBuffer, - BYTE *buffer -) -{ -// 0x30, 0x31, // SEQUENCE (2 elements) 1st -// 0x30, 0x0D, // SEQUENCE (2 elements) -// 0x06, 0x09, // HASH OID -// 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, -// 0x05, 0x00, // NULL -// 0x04, 0x20 // OCTET STRING - HASH_DEF *info = CryptGetHashDef(hashAlg); - INT16 oidSize; - // If no OID, can't do encode - VERIFY(info != NULL); - oidSize = 2 + (info->OID)[1]; - // make sure this fits in the buffer - VERIFY(sizeOfBuffer >= (oidSize + 8)); - *buffer++ = 0x30; // 1st SEQUENCE - // Size of the 1st SEQUENCE is 6 bytes + size of the hash OID + size of the - // digest size - *buffer++ = (BYTE)(6 + oidSize + info->digestSize); // - *buffer++ = 0x30; // 2nd SEQUENCE - // size is 4 bytes of overhead plus the side of the OID - *buffer++ = (BYTE)(2 + oidSize); - MemoryCopy(buffer, info->OID, oidSize); - buffer += oidSize; - *buffer++ = 0x05; // Add a NULL - *buffer++ = 0x00; - - *buffer++ = 0x04; - *buffer++ = (BYTE)(info->digestSize); - return oidSize + 8; -Error: - return 0; - -} - -//*** RSASSA_Encode() -// Encode a message using PKCS1v1.5 method. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'hashAlg' is not a supported hash algorithm -// TPM_RC_SIZE 'eOutSize' is not large enough -// TPM_RC_VALUE 'hInSize' does not match the digest size of hashAlg -static TPM_RC -RSASSA_Encode( - TPM2B *pOut, // IN:OUT on in, the size of the public key - // on out, the encoded area - TPM_ALG_ID hashAlg, // IN: hash algorithm for PKCS1v1_5 - TPM2B *hIn // IN: digest value to encode - ) -{ - BYTE DER[20]; - BYTE *der = DER; - INT32 derSize = MakeDerTag(hashAlg, sizeof(DER), DER); - BYTE *eOut; - INT32 fillSize; - TPM_RC retVal = TPM_RC_SUCCESS; - - // Can't use this scheme if the algorithm doesn't have a DER string defined. - if(derSize == 0) - ERROR_RETURN(TPM_RC_SCHEME); - - // If the digest size of 'hashAl' doesn't match the input digest size, then - // the DER will misidentify the digest so return an error - if(CryptHashGetDigestSize(hashAlg) != hIn->size) - ERROR_RETURN(TPM_RC_VALUE); - fillSize = pOut->size - derSize - hIn->size - 3; - eOut = pOut->buffer; - - // Make sure that this combination will fit in the provided space - if(fillSize < 8) - ERROR_RETURN(TPM_RC_SIZE); - - // Start filling - *eOut++ = 0; // initial byte of zero - *eOut++ = 1; // byte of 0x01 - for(; fillSize > 0; fillSize--) - *eOut++ = 0xff; // bunch of 0xff - *eOut++ = 0; // another 0 - for(; derSize > 0; derSize--) - *eOut++ = *der++; // copy the DER - der = hIn->buffer; - for(fillSize = hIn->size; fillSize > 0; fillSize--) - *eOut++ = *der++; // copy the hash -Exit: - return retVal; -} - -//*** RSASSA_Decode() -// This function performs the RSASSA decoding of a signature. -// -// Return Type: TPM_RC -// TPM_RC_VALUE decode unsuccessful -// TPM_RC_SCHEME 'haslAlg' is not supported -// -static TPM_RC -RSASSA_Decode( - TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding - TPM2B *hIn, // In: the digest to compare - TPM2B *eIn // IN: the encoded data - ) -{ - BYTE fail; - BYTE DER[20]; - BYTE *der = DER; - INT32 derSize = MakeDerTag(hashAlg, sizeof(DER), DER); - BYTE *pe; - INT32 hashSize = CryptHashGetDigestSize(hashAlg); - INT32 fillSize; - TPM_RC retVal; - BYTE *digest; - UINT16 digestSize; - - pAssert(hIn != NULL && eIn != NULL); - pe = eIn->buffer; - - // Can't use this scheme if the algorithm doesn't have a DER string - // defined or if the provided hash isn't the right size - if(derSize == 0 || (unsigned)hashSize != hIn->size) - ERROR_RETURN(TPM_RC_SCHEME); - - // Make sure that this combination will fit in the provided space - // Since no data movement takes place, can just walk though this - // and accept nearly random values. This can only be called from - // CryptValidateSignature() so eInSize is known to be in range. - fillSize = eIn->size - derSize - hashSize - 3; - - // Start checking (fail will become non-zero if any of the bytes do not have - // the expected value. - fail = *pe++; // initial byte of zero - fail |= *pe++ ^ 1; // byte of 0x01 - for(; fillSize > 0; fillSize--) - fail |= *pe++ ^ 0xff; // bunch of 0xff - fail |= *pe++; // another 0 - for(; derSize > 0; derSize--) - fail |= *pe++ ^ *der++; // match the DER - digestSize = hIn->size; - digest = hIn->buffer; - for(; digestSize > 0; digestSize--) - fail |= *pe++ ^ *digest++; // match the hash - retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; -Exit: - return retVal; -} - -//** Externally Accessible Functions - -//*** CryptRsaSelectScheme() -// This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up -// the rules to select a scheme between input and object default. -// This function assume the RSA object is loaded. -// If a default scheme is defined in object, the default scheme should be chosen, -// otherwise, the input scheme should be chosen. -// In the case that both the object and 'scheme' are not TPM_ALG_NULL, then -// if the schemes are the same, the input scheme will be chosen. -// if the scheme are not compatible, a NULL pointer will be returned. -// -// The return pointer may point to a TPM_ALG_NULL scheme. -TPMT_RSA_DECRYPT* -CryptRsaSelectScheme( - TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key - TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme - ) -{ - OBJECT *rsaObject; - TPMT_ASYM_SCHEME *keyScheme; - TPMT_RSA_DECRYPT *retVal = NULL; - - // Get sign object pointer - rsaObject = HandleToObject(rsaHandle); - keyScheme = &rsaObject->publicArea.parameters.asymDetail.scheme; - - // if the default scheme of the object is TPM_ALG_NULL, then select the - // input scheme - if(keyScheme->scheme == TPM_ALG_NULL) - { - retVal = scheme; - } - // if the object scheme is not TPM_ALG_NULL and the input scheme is - // TPM_ALG_NULL, then select the default scheme of the object. - else if(scheme->scheme == TPM_ALG_NULL) - { - // if input scheme is NULL - retVal = (TPMT_RSA_DECRYPT *)keyScheme; - } - // get here if both the object scheme and the input scheme are - // not TPM_ALG_NULL. Need to insure that they are the same. - // IMPLEMENTATION NOTE: This could cause problems if future versions have - // schemes that have more values than just a hash algorithm. A new function - // (IsSchemeSame()) might be needed then. - else if(keyScheme->scheme == scheme->scheme - && keyScheme->details.anySig.hashAlg == scheme->details.anySig.hashAlg) - { - retVal = scheme; - } - // two different, incompatible schemes specified will return NULL - return retVal; -} - -//*** CryptRsaLoadPrivateExponent() -// This function is called to generate the private exponent of an RSA key. -// Return Type: TPM_RC -// TPM_RC_BINDING public and private parts of 'rsaKey' are not matched -TPM_RC -CryptRsaLoadPrivateExponent( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive - ) -{ -// - if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) == 0) - { - if((sensitive->sensitive.rsa.t.size * 2) == publicArea->unique.rsa.t.size) - { - NEW_PRIVATE_EXPONENT(Z); - BN_RSA_INITIALIZED(bnN, &publicArea->unique.rsa); - BN_RSA(bnQr); - BN_VAR(bnE, RADIX_BITS); - - TEST(ALG_NULL_VALUE); - - VERIFY((sensitive->sensitive.rsa.t.size * 2) - == publicArea->unique.rsa.t.size); - // Initialize the exponent - BnSetWord(bnE, publicArea->parameters.rsaDetail.exponent); - if(BnEqualZero(bnE)) - BnSetWord(bnE, RSA_DEFAULT_PUBLIC_EXPONENT); - // Convert first prime to 2B - VERIFY(BnFrom2B(Z->P, &sensitive->sensitive.rsa.b) != NULL); - - // Find the second prime by division. This uses 'bQ' rather than Z->Q - // because the division could make the quotient larger than a prime during - // some intermediate step. - VERIFY(BnDiv(Z->Q, bnQr, bnN, Z->P)); - VERIFY(BnEqualZero(bnQr)); - // Compute the private exponent and return it if found - VERIFY(ComputePrivateExponent(bnE, Z)); - VERIFY(PackExponent(&sensitive->sensitive.rsa, Z)); - } - else - VERIFY(((sensitive->sensitive.rsa.t.size / 5) * 2) - == publicArea->unique.rsa.t.size); - sensitive->sensitive.rsa.t.size |= RSA_prime_flag; - } - return TPM_RC_SUCCESS; -Error: - return TPM_RC_BINDING; -} - -//*** CryptRsaEncrypt() -// This is the entry point for encryption using RSA. Encryption is -// use of the public exponent. The padding parameter determines what -// padding will be used. -// -// The 'cOutSize' parameter must be at least as large as the size of the key. -// -// If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be -// lower in value than the key modulus. -// NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to -// dIn to make it the size of the RSA key for the call to RSAEP. This is -// because the high order bytes of dIn might have a numeric value that is -// greater than the value of the key modulus. If this had low-order zeros -// added, it would have a numeric value larger than the modulus even though -// it started out with a lower numeric value. -// -// Return Type: TPM_RC -// TPM_RC_VALUE 'cOutSize' is too small (must be the size -// of the modulus) -// TPM_RC_SCHEME 'padType' is not a supported scheme -// -LIB_EXPORT TPM_RC -CryptRsaEncrypt( - TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data - TPM2B *dIn, // IN: the data to encrypt - OBJECT *key, // IN: the key used for encryption - TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash - // if needed - const TPM2B *label, // IN: in case it is needed - RAND_STATE *rand // IN: random number generator - // state (mostly for testing) - ) -{ - TPM_RC retVal = TPM_RC_SUCCESS; - TPM2B_PUBLIC_KEY_RSA dataIn; -// - // if the input and output buffers are the same, copy the input to a scratch - // buffer so that things don't get messed up. - if(dIn == &cOut->b) - { - MemoryCopy2B(&dataIn.b, dIn, sizeof(dataIn.t.buffer)); - dIn = &dataIn.b; - } - // All encryption schemes return the same size of data - cOut->t.size = key->publicArea.unique.rsa.t.size; - TEST(scheme->scheme); - - switch(scheme->scheme) - { - case ALG_NULL_VALUE: // 'raw' encryption - { - INT32 i; - INT32 dSize = dIn->size; - // dIn can have more bytes than cOut as long as the extra bytes - // are zero. Note: the more significant bytes of a number in a byte - // buffer are the bytes at the start of the array. - for(i = 0; (i < dSize) && (dIn->buffer[i] == 0); i++); - dSize -= i; - if(dSize > cOut->t.size) - ERROR_RETURN(TPM_RC_VALUE); - // Pad cOut with zeros if dIn is smaller - memset(cOut->t.buffer, 0, cOut->t.size - dSize); - // And copy the rest of the value - memcpy(&cOut->t.buffer[cOut->t.size - dSize], &dIn->buffer[i], dSize); - - // If the size of dIn is the same as cOut dIn could be larger than - // the modulus. If it is, then RSAEP() will catch it. - } - break; - case ALG_RSAES_VALUE: - retVal = RSAES_PKCS1v1_5Encode(&cOut->b, dIn, rand); - break; - case ALG_OAEP_VALUE: - retVal = OaepEncode(&cOut->b, scheme->details.oaep.hashAlg, label, dIn, - rand); - break; - default: - ERROR_RETURN(TPM_RC_SCHEME); - break; - } - // All the schemes that do padding will come here for the encryption step - // Check that the Encoding worked - if(retVal == TPM_RC_SUCCESS) - // Padding OK so do the encryption - retVal = RSAEP(&cOut->b, key); -Exit: - return retVal; -} - -//*** CryptRsaDecrypt() -// This is the entry point for decryption using RSA. Decryption is -// use of the private exponent. The 'padType' parameter determines what -// padding was used. -// -// Return Type: TPM_RC -// TPM_RC_SIZE 'cInSize' is not the same as the size of the public -// modulus of 'key'; or numeric value of the encrypted -// data is greater than the modulus -// TPM_RC_VALUE 'dOutSize' is not large enough for the result -// TPM_RC_SCHEME 'padType' is not supported -// -LIB_EXPORT TPM_RC -CryptRsaDecrypt( - TPM2B *dOut, // OUT: the decrypted data - TPM2B *cIn, // IN: the data to decrypt - OBJECT *key, // IN: the key to use for decryption - TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme - const TPM2B *label // IN: in case it is needed for the scheme - ) -{ - TPM_RC retVal; - - // Make sure that the necessary parameters are provided - pAssert(cIn != NULL && dOut != NULL && key != NULL); - - // Size is checked to make sure that the encrypted value is the right size - if(cIn->size != key->publicArea.unique.rsa.t.size) - ERROR_RETURN(TPM_RC_SIZE); - - TEST(scheme->scheme); - - // For others that do padding, do the decryption in place and then - // go handle the decoding. - retVal = RSADP(cIn, key); - if(retVal == TPM_RC_SUCCESS) - { - // Remove padding - switch(scheme->scheme) - { - case ALG_NULL_VALUE: - if(dOut->size < cIn->size) - return TPM_RC_VALUE; - MemoryCopy2B(dOut, cIn, dOut->size); - break; - case ALG_RSAES_VALUE: - retVal = RSAES_Decode(dOut, cIn); - break; - case ALG_OAEP_VALUE: - retVal = OaepDecode(dOut, scheme->details.oaep.hashAlg, label, cIn); - break; - default: - retVal = TPM_RC_SCHEME; - break; - } - } -Exit: - return retVal; -} - -//*** CryptRsaSign() -// This function is used to generate an RSA signature of the type indicated in -// 'scheme'. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported -// TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) -// -LIB_EXPORT TPM_RC -CryptRsaSign( - TPMT_SIGNATURE *sigOut, - OBJECT *key, // IN: key to use - TPM2B_DIGEST *hIn, // IN: the digest to sign - RAND_STATE *rand // IN: the random number generator - // to use (mostly for testing) - ) -{ - TPM_RC retVal = TPM_RC_SUCCESS; - UINT16 modSize; - - // parameter checks - pAssert(sigOut != NULL && key != NULL && hIn != NULL); - - modSize = key->publicArea.unique.rsa.t.size; - - // for all non-null signatures, the size is the size of the key modulus - sigOut->signature.rsapss.sig.t.size = modSize; - - TEST(sigOut->sigAlg); - - switch(sigOut->sigAlg) - { - case ALG_NULL_VALUE: - sigOut->signature.rsapss.sig.t.size = 0; - return TPM_RC_SUCCESS; - case ALG_RSAPSS_VALUE: - retVal = PssEncode(&sigOut->signature.rsapss.sig.b, - sigOut->signature.rsapss.hash, &hIn->b, rand); - break; - case ALG_RSASSA_VALUE: - retVal = RSASSA_Encode(&sigOut->signature.rsassa.sig.b, - sigOut->signature.rsassa.hash, &hIn->b); - break; - default: - retVal = TPM_RC_SCHEME; - } - if(retVal == TPM_RC_SUCCESS) - { - // Do the encryption using the private key - retVal = RSADP(&sigOut->signature.rsapss.sig.b, key); - } - return retVal; -} - -//*** CryptRsaValidateSignature() -// This function is used to validate an RSA signature. If the signature is valid -// TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is -// returned. Other return codes indicate either parameter problems or fatal errors. -// -// Return Type: TPM_RC -// TPM_RC_SIGNATURE the signature does not check -// TPM_RC_SCHEME unsupported scheme or hash algorithm -// -LIB_EXPORT TPM_RC -CryptRsaValidateSignature( - TPMT_SIGNATURE *sig, // IN: signature - OBJECT *key, // IN: public modulus - TPM2B_DIGEST *digest // IN: The digest being validated - ) -{ - TPM_RC retVal; -// - // Fatal programming errors - pAssert(key != NULL && sig != NULL && digest != NULL); - switch(sig->sigAlg) - { - case ALG_RSAPSS_VALUE: - case ALG_RSASSA_VALUE: - break; - default: - return TPM_RC_SCHEME; - } - - // Errors that might be caused by calling parameters - if(sig->signature.rsassa.sig.t.size != key->publicArea.unique.rsa.t.size) - ERROR_RETURN(TPM_RC_SIGNATURE); - - TEST(sig->sigAlg); - - // Decrypt the block - retVal = RSAEP(&sig->signature.rsassa.sig.b, key); - if(retVal == TPM_RC_SUCCESS) - { - switch(sig->sigAlg) - { - case ALG_RSAPSS_VALUE: - retVal = PssDecode(sig->signature.any.hashAlg, &digest->b, - &sig->signature.rsassa.sig.b); - break; - case ALG_RSASSA_VALUE: - retVal = RSASSA_Decode(sig->signature.any.hashAlg, &digest->b, - &sig->signature.rsassa.sig.b); - break; - default: - return TPM_RC_SCHEME; - } - } -Exit: - return (retVal != TPM_RC_SUCCESS) ? TPM_RC_SIGNATURE : TPM_RC_SUCCESS; -} - -#if SIMULATION && USE_RSA_KEY_CACHE -extern int s_rsaKeyCacheEnabled; -int GetCachedRsaKey(TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, - RAND_STATE *rand); -#define GET_CACHED_KEY(publicArea, sensitive, rand) \ - (s_rsaKeyCacheEnabled && GetCachedRsaKey(publicArea, sensitive, rand)) -#else -#define GET_CACHED_KEY(key, rand) -#endif - -//*** CryptRsaGenerateKey() -// Generate an RSA key from a provided seed -/*(See part 1 specification) -// The formulation is: -// KDFa(hash, seed, label, Name, Counter, bits) -// Where: -// hash the nameAlg from the public template -// seed a seed (will be a primary seed for a primary key) -// label a distinguishing label including vendor ID and -// vendor-assigned part number for the TPM. -// Name the nameAlg from the template and the hash of the template -// using nameAlg. -// Counter a 32-bit integer that is incremented each time the KDF is -// called in order to produce a specific key. This value -// can be a 32-bit integer in host format and does not need -// to be put in canonical form. -// bits the number of bits needed for the key. -// The following process is implemented to find a RSA key pair: -// 1. pick a random number with enough bits from KDFa as a prime candidate -// 2. set the first two significant bits and the least significant bit of the -// prime candidate -// 3. check if the number is a prime. if not, pick another random number -// 4. Make sure the difference between the two primes are more than 2^104. -// Otherwise, restart the process for the second prime -// 5. If the counter has reached its maximum but we still can not find a valid -// RSA key pair, return an internal error. This is an artificial bound. -// Other implementation may choose a smaller number to indicate how many -// times they are willing to try. -*/ -// Return Type: TPM_RC -// TPM_RC_CANCELED operation was canceled -// TPM_RC_RANGE public exponent is not supported -// TPM_RC_VALUE could not find a prime using the provided parameters -LIB_EXPORT TPM_RC -CryptRsaGenerateKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ - UINT32 i; - BN_RSA(bnD); - BN_RSA(bnN); - BN_WORD(bnPubExp); - UINT32 e = publicArea->parameters.rsaDetail.exponent; - int keySizeInBits; - TPM_RC retVal = TPM_RC_NO_RESULT; - NEW_PRIVATE_EXPONENT(Z); -// - -// Need to make sure that the caller did not specify an exponent that is -// not supported - e = publicArea->parameters.rsaDetail.exponent; - if(e == 0) - e = RSA_DEFAULT_PUBLIC_EXPONENT; - else - { - if(e < 65537) - ERROR_RETURN(TPM_RC_RANGE); - // Check that e is prime - if(!IsPrimeInt(e)) - ERROR_RETURN(TPM_RC_RANGE); - } - BnSetWord(bnPubExp, e); - - // check for supported key size. - keySizeInBits = publicArea->parameters.rsaDetail.keyBits; - if(((keySizeInBits % 1024) != 0) - || (keySizeInBits > MAX_RSA_KEY_BITS) // this might be redundant, but... - || (keySizeInBits == 0)) - ERROR_RETURN(TPM_RC_VALUE); - - // Set the prime size for instrumentation purposes - INSTRUMENT_SET(PrimeIndex, PRIME_INDEX(keySizeInBits / 2)); - -#if SIMULATION && USE_RSA_KEY_CACHE - if(GET_CACHED_KEY(publicArea, sensitive, rand)) - return TPM_RC_SUCCESS; -#endif - - // Make sure that key generation has been tested - TEST(ALG_NULL_VALUE); - - - // The prime is computed in P. When a new prime is found, Q is checked to - // see if it is zero. If so, P is copied to Q and a new P is found. - // When both P and Q are non-zero, the modulus and - // private exponent are computed and a trial encryption/decryption is - // performed. If the encrypt/decrypt fails, assume that at least one of the - // primes is composite. Since we don't know which one, set Q to zero and start - // over and find a new pair of primes. - - for(i = 1; (retVal == TPM_RC_NO_RESULT) && (i != 100); i++) - { - if(_plat__IsCanceled()) - ERROR_RETURN(TPM_RC_CANCELED); - - if(BnGeneratePrimeForRSA(Z->P, keySizeInBits / 2, e, rand) == TPM_RC_FAILURE) - { - retVal = TPM_RC_FAILURE; - goto Exit; - } - - INSTRUMENT_INC(PrimeCounts[PrimeIndex]); - - // If this is the second prime, make sure that it differs from the - // first prime by at least 2^100 - if(BnEqualZero(Z->Q)) - { - // copy p to q and compute another prime in p - BnCopy(Z->Q, Z->P); - continue; - } - // Make sure that the difference is at least 100 bits. Need to do it this - // way because the big numbers are only positive values - if(BnUnsignedCmp(Z->P, Z->Q) < 0) - BnSub(bnD, Z->Q, Z->P); - else - BnSub(bnD, Z->P, Z->Q); - if(BnMsb(bnD) < 100) - continue; - - //Form the public modulus and set the unique value - BnMult(bnN, Z->P, Z->Q); - BnTo2B(bnN, &publicArea->unique.rsa.b, - (NUMBYTES)BITS_TO_BYTES(keySizeInBits)); - // Make sure everything came out right. The MSb of the values must be one - if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) - || (publicArea->unique.rsa.t.size - != (NUMBYTES)BITS_TO_BYTES(keySizeInBits))) - FAIL(FATAL_ERROR_INTERNAL); - - - // Make sure that we can form the private exponent values - if(ComputePrivateExponent(bnPubExp, Z) != TRUE) - { - // If ComputePrivateExponent could not find an inverse for - // Q, then copy P and recompute P. This might - // cause both to be recomputed if P is also zero - if(BnEqualZero(Z->Q)) - BnCopy(Z->Q, Z->P); - continue; - } - - // Pack the private exponent into the sensitive area - PackExponent(&sensitive->sensitive.rsa, Z); - // Make sure everything came out right. The MSb of the values must be one - if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) - || ((sensitive->sensitive.rsa.t.buffer[0] & 0x80) == 0)) - FAIL(FATAL_ERROR_INTERNAL); - - retVal = TPM_RC_SUCCESS; - // Do a trial encryption decryption if this is a signing key - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - { - BN_RSA(temp1); - BN_RSA(temp2); - BnGenerateRandomInRange(temp1, bnN, rand); - - // Encrypt with public exponent... - BnModExp(temp2, temp1, bnPubExp, bnN); - // ... then decrypt with private exponent - RsaPrivateKeyOp(temp2, Z); - - // If the starting and ending values are not the same, - // start over )-; - if(BnUnsignedCmp(temp2, temp1) != 0) - { - BnSetWord(Z->Q, 0); - retVal = TPM_RC_NO_RESULT; - } - } - } -Exit: - return retVal; -} - -#endif // ALG_RSA \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c deleted file mode 100644 index 33b312e64..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c +++ /dev/null @@ -1,222 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// The functions in this file are designed to support self-test of cryptographic -// functions in the TPM. The TPM allows the user to decide whether to run self-test -// on a demand basis or to run all the self-tests before proceeding. -// -// The self-tests are controlled by a set of bit vectors. The -// 'g_untestedDecryptionAlgorithms' vector has a bit for each decryption algorithm -// that needs to be tested and 'g_untestedEncryptionAlgorithms' has a bit for -// each encryption algorithm that needs to be tested. Before an algorithm -// is used, the appropriate vector is checked (indexed using the algorithm ID). -// If the bit is 1, then the test function should be called. -// -// For more information, see TpmSelfTests.txt - -#include "Tpm.h" - -//** Functions - -//*** RunSelfTest() -// Local function to run self-test -static TPM_RC -CryptRunSelfTests( - ALGORITHM_VECTOR *toTest // IN: the vector of the algorithms to test - ) -{ - TPM_ALG_ID alg; - - // For each of the algorithms that are in the toTestVecor, need to run a - // test - for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++) - { - if(TEST_BIT(alg, *toTest)) - { - TPM_RC result = CryptTestAlgorithm(alg, toTest); - if(result != TPM_RC_SUCCESS) - return result; - } - } - return TPM_RC_SUCCESS; -} - -//*** CryptSelfTest() -// This function is called to start/complete a full self-test. -// If 'fullTest' is NO, then only the untested algorithms will be run. If -// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then -// all tests are run. -// This implementation of the reference design does not support processing outside -// the framework of a TPM command. As a consequence, this command does not -// complete until all tests are done. Since this can take a long time, the TPM -// will check after each test to see if the command is canceled. If so, then the -// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call -// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. -// Return Type: TPM_RC -// TPM_RC_CANCELED if the command is canceled -LIB_EXPORT -TPM_RC -CryptSelfTest( - TPMI_YES_NO fullTest // IN: if full test is required - ) -{ -#if SIMULATION - if(g_forceFailureMode) - FAIL(FATAL_ERROR_FORCED); -#endif - - // If the caller requested a full test, then reset the to test vector so that - // all the tests will be run - if(fullTest == YES) - { - MemoryCopy(g_toTest, - g_implementedAlgorithms, - sizeof(g_toTest)); - } - return CryptRunSelfTests(&g_toTest); -} - -//*** CryptIncrementalSelfTest() -// This function is used to perform an incremental self-test. This implementation -// will perform the toTest values before returning. That is, it assumes that the -// TPM cannot perform background tasks between commands. -// -// This command may be canceled. If it is, then there is no return result. -// However, this command can be run again and the incremental progress will not -// be lost. -// Return Type: TPM_RC -// TPM_RC_CANCELED processing of this command was canceled -// TPM_RC_TESTING if toTest list is not empty -// TPM_RC_VALUE an algorithm in the toTest list is not implemented -TPM_RC -CryptIncrementalSelfTest( - TPML_ALG *toTest, // IN: list of algorithms to be tested - TPML_ALG *toDoList // OUT: list of algorithms needing test - ) -{ - ALGORITHM_VECTOR toTestVector = {0}; - TPM_ALG_ID alg; - UINT32 i; - - pAssert(toTest != NULL && toDoList != NULL); - if(toTest->count > 0) - { - // Transcribe the toTest list into the toTestVector - for(i = 0; i < toTest->count; i++) - { - alg = toTest->algorithms[i]; - - // make sure that the algorithm value is not out of range - if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms)) - return TPM_RC_VALUE; - SET_BIT(alg, toTestVector); - } - // Run the test - if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED) - return TPM_RC_CANCELED; - } - // Fill in the toDoList with the algorithms that are still untested - toDoList->count = 0; - - for(alg = TPM_ALG_FIRST; - toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST; - alg++) - { - if(TEST_BIT(alg, g_toTest)) - toDoList->algorithms[toDoList->count++] = alg; - } - return TPM_RC_SUCCESS; -} - -//*** CryptInitializeToTest() -// This function will initialize the data structures for testing all the -// algorithms. This should not be called unless CryptAlgsSetImplemented() has -// been called -void -CryptInitializeToTest( - void - ) -{ - // Indicate that nothing has been tested - memset(&g_cryptoSelfTestState, 0, sizeof(g_cryptoSelfTestState)); - - // Copy the implemented algorithm vector - MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest)); - - // Setting the algorithm to null causes the test function to just clear - // out any algorithms for which there is no test. - CryptTestAlgorithm(TPM_ALG_ERROR, &g_toTest); - - return; -} - -//*** CryptTestAlgorithm() -// Only point of contact with the actual self tests. If a self-test fails, there -// is no return and the TPM goes into failure mode. -// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the -// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If -// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. -// There is a special case for the call to TestAlgorithm(). When 'alg' is -// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has -// no test. This allows the knowledge about which algorithms have test to be -// accessed through the interface that provides the test. -// Return Type: TPM_RC -// TPM_RC_CANCELED test was canceled -LIB_EXPORT -TPM_RC -CryptTestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ) -{ - TPM_RC result; -#if SELF_TEST - result = TestAlgorithm(alg, toTest); -#else - // If this is an attempt to determine the algorithms for which there is a - // self test, pretend that all of them do. We do that by not clearing any - // of the algorithm bits. When/if this function is called to run tests, it - // will over report. This can be changed so that any call to check on which - // algorithms have tests, 'toTest' can be cleared. - if(alg != TPM_ALG_ERROR) - { - CLEAR_BIT(alg, g_toTest); - if(toTest != NULL) - CLEAR_BIT(alg, *toTest); - } - result = TPM_RC_SUCCESS; -#endif - return result; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c deleted file mode 100644 index cd584cf22..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c +++ /dev/null @@ -1,132 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the implementation of the message authentication codes based -// on a symmetric block cipher. These functions only use the single block -// encryption functions of the selected symmetric cryptographic library. - -//** Includes, Defines, and Typedefs -#define _CRYPT_HASH_C_ -#include "Tpm.h" - -#if SMAC_IMPLEMENTED - -//*** CryptSmacStart() -// Function to start an SMAC. -UINT16 -CryptSmacStart( - HASH_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key -) -{ - UINT16 retVal = 0; -// - // Make sure that the key size is correct. This should have been checked - // at key load, but... - if(BITS_TO_BYTES(keyParameters->symDetail.sym.keyBits.sym) == key->size) - { - switch(macAlg) - { -#if ALG_CMAC - case ALG_CMAC_VALUE: - retVal = CryptCmacStart(&state->state.smac, keyParameters, - macAlg, key); - break; -#endif - default: - break; - } - } - state->type = (retVal != 0) ? HASH_STATE_SMAC : HASH_STATE_EMPTY; - return retVal; -} - -//*** CryptMacStart() -// Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart -// function because of the difference in number of parameters. -UINT16 -CryptMacStart( - HMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key -) -{ - MemorySet(state, 0, sizeof(HMAC_STATE)); - if(CryptHashIsValidAlg(macAlg, FALSE)) - { - return CryptHmacStart(state, macAlg, key->size, key->buffer); - } - else if(CryptSmacIsValidAlg(macAlg, FALSE)) - { - return CryptSmacStart(&state->hashState, keyParameters, macAlg, key); - } - else - return 0; -} - -//*** CryptMacEnd() -// Dispatch to the MAC end function using a size and buffer pointer. -UINT16 -CryptMacEnd( - HMAC_STATE *state, - UINT32 size, - BYTE *buffer -) -{ - UINT16 retVal = 0; - if(state->hashState.type == HASH_STATE_SMAC) - retVal = (state->hashState.state.smac.smacMethods.end)( - &state->hashState.state.smac.state, size, buffer); - else if(state->hashState.type == HASH_STATE_HMAC) - retVal = CryptHmacEnd(state, size, buffer); - state->hashState.type = HASH_STATE_EMPTY; - return retVal; -} - -//*** CryptMacEnd2B() -// Dispatch to the MAC end function using a 2B. -UINT16 -CryptMacEnd2B ( - HMAC_STATE *state, - TPM2B *data -) -{ - return CryptMacEnd(state, data->size, data->buffer); -} -#endif // SMAC_IMPLEMENTED diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c deleted file mode 100644 index 824c1fce5..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c +++ /dev/null @@ -1,478 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the implementation of the symmetric block cipher modes -// allowed for a TPM. These functions only use the single block encryption functions -// of the selected symmetric crypto library. - -//** Includes, Defines, and Typedefs -#include "Tpm.h" - -#include "CryptSym.h" - -#define KEY_BLOCK_SIZES(ALG, alg) \ -static const INT16 alg##KeyBlockSizes[] = { \ - ALG##_KEY_SIZES_BITS, -1, ALG##_BLOCK_SIZES }; - -#if ALG_AES - KEY_BLOCK_SIZES(AES, aes); -#endif // ALG_AES -#if ALG_SM4 - KEY_BLOCK_SIZES(SM4, sm4); -#endif -#if ALG_CAMELLIA - KEY_BLOCK_SIZES(CAMELLIA, camellia); -#endif -#if ALG_TDES - KEY_BLOCK_SIZES(TDES, tdes); -#endif - -//** Initialization and Data Access Functions -// -//*** CryptSymInit() -// This function is called to do _TPM_Init processing -BOOL -CryptSymInit( - void - ) -{ - return TRUE; -} - -//*** CryptSymStartup() -// This function is called to do TPM2_Startup() processing -BOOL -CryptSymStartup( - void - ) -{ - return TRUE; -} - -//*** CryptGetSymmetricBlockSize() -// This function returns the block size of the algorithm. The table of bit sizes has -// an entry for each allowed key size. The entry for a key size is 0 if the TPM does -// not implement that key size. The key size table is delimited with a negative number -// (-1). After the delimiter is a list of block sizes with each entry corresponding -// to the key bit size. For most symmetric algorithms, the block size is the same -// regardless of the key size but this arrangement allows them to be different. -// Return Type: INT16 -// <= 0 cipher not supported -// > 0 the cipher block size in bytes -LIB_EXPORT INT16 -CryptGetSymmetricBlockSize( - TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm - UINT16 keySizeInBits // IN: the key size - ) -{ - const INT16 *sizes; - INT16 i; -#define ALG_CASE(SYM, sym) case ALG_##SYM##_VALUE: sizes = sym##KeyBlockSizes; break - switch(symmetricAlg) - { -#if ALG_AES - ALG_CASE(AES, aes); -#endif -#if ALG_SM4 - ALG_CASE(SM4, sm4); -#endif -#if ALG_CAMELLIA - ALG_CASE(CAMELLIA, camellia); -#endif -#if ALG_TDES - ALG_CASE(TDES, tdes); -#endif - default: - return 0; - } - // Find the index of the indicated keySizeInBits - for(i = 0; *sizes >= 0; i++, sizes++) - { - if(*sizes == keySizeInBits) - break; - } - // If sizes is pointing at the end of the list of key sizes, then the desired - // key size was not found so set the block size to zero. - if(*sizes++ < 0) - return 0; - // Advance until the end of the list is found - while(*sizes++ >= 0); - // sizes is pointing to the first entry in the list of block sizes. Use the - // ith index to find the block size for the corresponding key size. - return sizes[i]; -} - -//** Symmetric Encryption -// This function performs symmetric encryption based on the mode. -// Return Type: TPM_RC -// TPM_RC_SIZE 'dSize' is not a multiple of the block size for an -// algorithm that requires it -// TPM_RC_FAILURE Fatal error -LIB_EXPORT TPM_RC -CryptSymmetricEncrypt( - BYTE *dOut, // OUT: - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer - ) -{ - BYTE *pIv; - int i; - BYTE tmp[MAX_SYM_BLOCK_SIZE]; - BYTE *pT; - tpmCryptKeySchedule_t keySchedule; - INT16 blockSize; - TpmCryptSetSymKeyCall_t encrypt; - BYTE *iv; - BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; -// - pAssert(dOut != NULL && key != NULL && dIn != NULL); - if(dSize == 0) - return TPM_RC_SUCCESS; - - TEST(algorithm); - blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); - if(blockSize == 0) - return TPM_RC_FAILURE; - // If the iv is provided, then it is expected to be block sized. In some cases, - // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] - // with no knowledge of the actual block size. This function will set it. - if((ivInOut != NULL) && (mode != ALG_ECB_VALUE)) - { - ivInOut->t.size = blockSize; - iv = ivInOut->t.buffer; - } - else - iv = defaultIv; - pIv = iv; - - // Create encrypt key schedule and set the encryption function pointer. - - SELECT(ENCRYPT); - - switch(mode) - { -#if ALG_CTR - case ALG_CTR_VALUE: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV(counter) - ENCRYPT(&keySchedule, iv, tmp); - - //increment the counter (counter is big-endian so start at end) - for(i = blockSize - 1; i >= 0; i--) - if((iv[i] += 1) != 0) - break; - // XOR the encrypted counter value with input and put into output - pT = tmp; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = *dIn++ ^ *pT++; - } - break; -#endif -#if ALG_OFB - case ALG_OFB_VALUE: - // This is written so that dIn and dOut may be the same - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the "IV" - ENCRYPT(&keySchedule, iv, iv); - - // XOR the encrypted IV into dIn to create the cipher text (dOut) - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = (*pIv++ ^ *dIn++); - } - break; -#endif -#if ALG_CBC - case ALG_CBC_VALUE: - // For CBC the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - // XOR the data block into the IV, encrypt the IV into the IV - // and then copy the IV to the output - for(; dSize > 0; dSize -= blockSize) - { - pIv = iv; - for(i = blockSize; i > 0; i--) - *pIv++ ^= *dIn++; - ENCRYPT(&keySchedule, iv, iv); - pIv = iv; - for(i = blockSize; i > 0; i--) - *dOut++ = *pIv++; - } - break; -#endif - // CFB is not optional - case ALG_CFB_VALUE: - // Encrypt the IV into the IV, XOR in the data, and copy to output - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV - ENCRYPT(&keySchedule, iv, iv); - pIv = iv; - for(i = (int)(dSize < blockSize) ? dSize : blockSize; i > 0; i--) - // XOR the data into the IV to create the cipher text - // and put into the output - *dOut++ = *pIv++ ^= *dIn++; - } - // If the inner loop (i loop) was smaller than blockSize, then dSize - // would have been smaller than blockSize and it is now negative. If - // it is negative, then it indicates how many bytes are needed to pad - // out the IV for the next round. - for(; dSize < 0; dSize++) - *pIv++ = 0; - break; -#if ALG_ECB - case ALG_ECB_VALUE: - // For ECB the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - // Encrypt the input block to the output block - for(; dSize > 0; dSize -= blockSize) - { - ENCRYPT(&keySchedule, dIn, dOut); - dIn = &dIn[blockSize]; - dOut = &dOut[blockSize]; - } - break; -#endif - default: - return TPM_RC_FAILURE; - } - return TPM_RC_SUCCESS; -} - -//*** CryptSymmetricDecrypt() -// This function performs symmetric decryption based on the mode. -// Return Type: TPM_RC -// TPM_RC_FAILURE A fatal error -// TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an -// algorithm that requires it -LIB_EXPORT TPM_RC -CryptSymmetricDecrypt( - BYTE *dOut, // OUT: decrypted data - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer - ) -{ - BYTE *pIv; - int i; - BYTE tmp[MAX_SYM_BLOCK_SIZE]; - BYTE *pT; - tpmCryptKeySchedule_t keySchedule; - INT16 blockSize; - BYTE *iv; - TpmCryptSetSymKeyCall_t encrypt; - TpmCryptSetSymKeyCall_t decrypt; - BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; - - // These are used but the compiler can't tell because they are initialized - // in case statements and it can't tell if they are always initialized - // when needed, so... Comment these out if the compiler can tell or doesn't - // care that these are initialized before use. - encrypt = NULL; - decrypt = NULL; - - pAssert(dOut != NULL && key != NULL && dIn != NULL); - if(dSize == 0) - return TPM_RC_SUCCESS; - - TEST(algorithm); - blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); - if(blockSize == 0) - return TPM_RC_FAILURE; - // If the iv is provided, then it is expected to be block sized. In some cases, - // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] - // with no knowledge of the actual block size. This function will set it. - if((ivInOut != NULL) && (mode != ALG_ECB_VALUE)) - { - ivInOut->t.size = blockSize; - iv = ivInOut->t.buffer; - } - else - iv = defaultIv; - - pIv = iv; - // Use the mode to select the key schedule to create. Encrypt always uses the - // encryption schedule. Depending on the mode, decryption might use either - // the decryption or encryption schedule. - switch(mode) - { -#if ALG_CBC || ALG_ECB - case ALG_CBC_VALUE: // decrypt = decrypt - case ALG_ECB_VALUE: - // For ECB and CBC, the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - SELECT(DECRYPT); - break; -#endif - default: - // For the remaining stream ciphers, use encryption to decrypt - SELECT(ENCRYPT); - break; - } - // Now do the mode-dependent decryption - switch(mode) - { -#if ALG_CBC - case ALG_CBC_VALUE: - // Copy the input data to a temp buffer, decrypt the buffer into the - // output, XOR in the IV, and copy the temp buffer to the IV and repeat. - for(; dSize > 0; dSize -= blockSize) - { - pT = tmp; - for(i = blockSize; i > 0; i--) - *pT++ = *dIn++; - DECRYPT(&keySchedule, tmp, dOut); - pIv = iv; - pT = tmp; - for(i = blockSize; i > 0; i--) - { - *dOut++ ^= *pIv; - *pIv++ = *pT++; - } - } - break; -#endif - case ALG_CFB_VALUE: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the IV into the temp buffer - ENCRYPT(&keySchedule, iv, tmp); - pT = tmp; - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - // Copy the current cipher text to IV, XOR - // with the temp buffer and put into the output - *dOut++ = *pT++ ^ (*pIv++ = *dIn++); - } - // If the inner loop (i loop) was smaller than blockSize, then dSize - // would have been smaller than blockSize and it is now negative - // If it is negative, then it indicates how may fill bytes - // are needed to pad out the IV for the next round. - for(; dSize < 0; dSize++) - *pIv++ = 0; - - break; -#if ALG_CTR - case ALG_CTR_VALUE: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV(counter) - ENCRYPT(&keySchedule, iv, tmp); - - //increment the counter (counter is big-endian so start at end) - for(i = blockSize - 1; i >= 0; i--) - if((iv[i] += 1) != 0) - break; - // XOR the encrypted counter value with input and put into output - pT = tmp; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = *dIn++ ^ *pT++; - } - break; -#endif -#if ALG_ECB - case ALG_ECB_VALUE: - for(; dSize > 0; dSize -= blockSize) - { - DECRYPT(&keySchedule, dIn, dOut); - dIn = &dIn[blockSize]; - dOut = &dOut[blockSize]; - } - break; -#endif -#if ALG_OFB - case ALG_OFB_VALUE: - // This is written so that dIn and dOut may be the same - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the "IV" - ENCRYPT(&keySchedule, iv, iv); - - // XOR the encrypted IV into dIn to create the cipher text (dOut) - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = (*pIv++ ^ *dIn++); - } - break; -#endif - default: - return TPM_RC_FAILURE; - } - return TPM_RC_SUCCESS; -} - -//*** CryptSymKeyValidate() -// Validate that a provided symmetric key meets the requirements of the TPM -// Return Type: TPM_RC -// TPM_RC_KEY_SIZE Key size specifiers do not match -// TPM_RC_KEY Key is not allowed -TPM_RC -CryptSymKeyValidate( - TPMT_SYM_DEF_OBJECT *symDef, - TPM2B_SYM_KEY *key - ) -{ - if(key->t.size != BITS_TO_BYTES(symDef->keyBits.sym)) - return TPM_RCS_KEY_SIZE; -#if ALG_TDES - if(symDef->algorithm == TPM_ALG_TDES && !CryptDesValidateKey(key)) - return TPM_RCS_KEY; -#endif // ALG_TDES - return TPM_RC_SUCCESS; -} - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c deleted file mode 100644 index fdea4f6da..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c +++ /dev/null @@ -1,1901 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This module contains the interfaces to the CryptoEngine and provides -// miscellaneous cryptographic functions in support of the TPM. -// - -//** Includes -#include "Tpm.h" - -//****************************************************************************/ -//** Hash/HMAC Functions -//****************************************************************************/ - -//*** CryptHmacSign() -// Sign a digest using an HMAC key. This an HMAC of a digest, not an HMAC of a -// message. -// Return Type: TPM_RC -// TPM_RC_HASH not a valid hash -static TPM_RC -CryptHmacSign( - TPMT_SIGNATURE *signature, // OUT: signature - OBJECT *signKey, // IN: HMAC key sign the hash - TPM2B_DIGEST *hashData // IN: hash to be signed - ) -{ - HMAC_STATE hmacState; - UINT32 digestSize; - - digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg, - &signKey->sensitive.sensitive.bits.b); - CryptDigestUpdate2B(&hmacState.hashState, &hashData->b); - CryptHmacEnd(&hmacState, digestSize, - (BYTE *)&signature->signature.hmac.digest); - return TPM_RC_SUCCESS; -} - -//*** CryptHMACVerifySignature() -// This function will verify a signature signed by a HMAC key. -// Note that a caller needs to prepare 'signature' with the signature algorithm -// (TPM_ALG_HMAC) and the hash algorithm to use. This function then builds a -// signature of that type. -// Return Type: TPM_RC -// TPM_RC_SCHEME not the proper scheme for this key type -// TPM_RC_SIGNATURE if invalid input or signature is not genuine -static TPM_RC -CryptHMACVerifySignature( - OBJECT *signKey, // IN: HMAC key signed the hash - TPM2B_DIGEST *hashData, // IN: digest being verified - TPMT_SIGNATURE *signature // IN: signature to be verified - ) -{ - TPMT_SIGNATURE test; - TPMT_KEYEDHASH_SCHEME *keyScheme = - &signKey->publicArea.parameters.keyedHashDetail.scheme; -// - if((signature->sigAlg != ALG_HMAC_VALUE) - || (signature->signature.hmac.hashAlg == ALG_NULL_VALUE)) - return TPM_RC_SCHEME; - // This check is not really needed for verification purposes. However, it does - // prevent someone from trying to validate a signature using a weaker hash - // algorithm than otherwise allowed by the key. That is, a key with a scheme - // other than TMP_ALG_NULL can only be used to validate signatures that have - // a matching scheme. - if((keyScheme->scheme != ALG_NULL_VALUE) - && ((keyScheme->scheme != signature->sigAlg) - || (keyScheme->details.hmac.hashAlg - != signature->signature.any.hashAlg))) - return TPM_RC_SIGNATURE; - test.sigAlg = signature->sigAlg; - test.signature.hmac.hashAlg = signature->signature.hmac.hashAlg; - - CryptHmacSign(&test, signKey, hashData); - - // Compare digest - if(!MemoryEqual(&test.signature.hmac.digest, - &signature->signature.hmac.digest, - CryptHashGetDigestSize(signature->signature.any.hashAlg))) - return TPM_RC_SIGNATURE; - - return TPM_RC_SUCCESS; -} - -//*** CryptGenerateKeyedHash() -// This function creates a keyedHash object. -// Return type: TPM_RC -// TPM_RC_NO_RESULT cannot get values from random number generator -// TPM_RC_SIZE sensitive data size is larger than allowed for -// the scheme -static TPM_RC -CryptGenerateKeyedHash( - TPMT_PUBLIC *publicArea, // IN/OUT: the public area template - // for the new key. - TPMT_SENSITIVE *sensitive, // OUT: sensitive area - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data - RAND_STATE *rand // IN: "entropy" source - ) -{ - TPMT_KEYEDHASH_SCHEME *scheme; - TPM_ALG_ID hashAlg; - UINT16 hashBlockSize; - UINT16 digestSize; - - scheme = &publicArea->parameters.keyedHashDetail.scheme; - - if(publicArea->type != ALG_KEYEDHASH_VALUE) - return TPM_RC_FAILURE; - - // Pick the limiting hash algorithm - if(scheme->scheme == ALG_NULL_VALUE) - hashAlg = publicArea->nameAlg; - else if(scheme->scheme == ALG_XOR_VALUE) - hashAlg = scheme->details.xor.hashAlg; - else - hashAlg = scheme->details.hmac.hashAlg; - hashBlockSize = CryptHashGetBlockSize(hashAlg); - digestSize = CryptHashGetDigestSize(hashAlg); - - // if this is a signing or a decryption key, then the limit - // for the data size is the block size of the hash. This limit - // is set because larger values have lower entropy because of the - // HMAC function. The lower limit is 1/2 the size of the digest - // - //If the user provided the key, check that it is a proper size - if(sensitiveCreate->data.t.size != 0) - { - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) - || IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - { - if(sensitiveCreate->data.t.size > hashBlockSize) - return TPM_RC_SIZE; -#if 0 // May make this a FIPS-mode requirement - if(sensitiveCreate->data.t.size < (digestSize / 2)) - return TPM_RC_SIZE; -#endif - } - // If this is a data blob, then anything that will get past the unmarshaling - // is OK - MemoryCopy2B(&sensitive->sensitive.bits.b, &sensitiveCreate->data.b, - sizeof(sensitive->sensitive.bits.t.buffer)); - } - else - { - // The TPM is going to generate the data so set the size to be the - // size of the digest of the algorithm - sensitive->sensitive.bits.t.size = - DRBG_Generate(rand, sensitive->sensitive.bits.t.buffer, digestSize); - if(sensitive->sensitive.bits.t.size == 0) - return (g_inFailureMode) ? TPM_RC_FAILURE : TPM_RC_NO_RESULT; - } - return TPM_RC_SUCCESS; -} - -//*** CryptIsSchemeAnonymous() -// This function is used to test a scheme to see if it is an anonymous scheme -// The only anonymous scheme is ECDAA. ECDAA can be used to do things -// like U-Prove. -BOOL -CryptIsSchemeAnonymous( - TPM_ALG_ID scheme // IN: the scheme algorithm to test - ) -{ - return scheme == ALG_ECDAA_VALUE; -} - -//**** ************************************************************************ -//** Symmetric Functions -//**** ************************************************************************ - -//*** ParmDecryptSym() -// This function performs parameter decryption using symmetric block cipher. -/*(See Part 1 specification) -// Symmetric parameter decryption -// When parameter decryption uses a symmetric block cipher, a decryption -// key and IV will be generated from: -// KDFa(hash, sessionAuth, "CFB", nonceNewer, nonceOlder, bits) (24) -// Where: -// hash the hash function associated with the session -// sessionAuth the sessionAuth associated with the session -// nonceNewer nonceCaller for a command -// nonceOlder nonceTPM for a command -// bits the number of bits required for the symmetric key -// plus an IV -*/ -void -ParmDecryptSym( - TPM_ALG_ID symAlg, // IN: the symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: the key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be decrypted - ) -{ - // KDF output buffer - // It contains parameters for the CFB encryption - // From MSB to LSB, they are the key and iv - BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; - // Symmetric key size in byte - UINT16 keySize = (keySizeInBits + 7) / 8; - TPM2B_IV iv; - - iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); - // If there is decryption to do... - if(iv.t.size > 0) - { - // Generate key and iv - CryptKDFa(hash, key, CFB_KEY, nonceCaller, nonceTpm, - keySizeInBits + (iv.t.size * 8), symParmString, NULL, FALSE); - MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); - - CryptSymmetricDecrypt(data, symAlg, keySizeInBits, symParmString, - &iv, ALG_CFB_VALUE, dataSize, data); - } - return; -} - -//*** ParmEncryptSym() -// This function performs parameter encryption using symmetric block cipher. -/*(See part 1 specification) -// When parameter decryption uses a symmetric block cipher, an encryption -// key and IV will be generated from: -// KDFa(hash, sessionAuth, "CFB", nonceNewer, nonceOlder, bits) (24) -// Where: -// hash the hash function associated with the session -// sessionAuth the sessionAuth associated with the session -// nonceNewer nonceTPM for a response -// nonceOlder nonceCaller for a response -// bits the number of bits required for the symmetric key -// plus an IV -*/ -void -ParmEncryptSym( - TPM_ALG_ID symAlg, // IN: symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: symmetric key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be encrypted - ) -{ - // KDF output buffer - // It contains parameters for the CFB encryption - BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; - - // Symmetric key size in bytes - UINT16 keySize = (keySizeInBits + 7) / 8; - - TPM2B_IV iv; - - iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); - // See if there is any encryption to do - if(iv.t.size > 0) - { - // Generate key and iv - CryptKDFa(hash, key, CFB_KEY, nonceTpm, nonceCaller, - keySizeInBits + (iv.t.size * 8), symParmString, NULL, FALSE); - MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); - - CryptSymmetricEncrypt(data, symAlg, keySizeInBits, symParmString, &iv, - ALG_CFB_VALUE, dataSize, data); - } - return; -} - -//*** CryptGenerateKeySymmetric() -// This function generates a symmetric cipher key. The derivation process is -// determined by the type of the provided 'rand' -// Return type: TPM_RC -// TPM_RC_NO_RESULT cannot get a random value -// TPM_RC_KEY_SIZE key size in the public area does not match the size -// in the sensitive creation area -// TPM_RC_KEY provided key value is not allowed -static TPM_RC -CryptGenerateKeySymmetric( - TPMT_PUBLIC *publicArea, // IN/OUT: The public area template - // for the new key. - TPMT_SENSITIVE *sensitive, // OUT: sensitive area - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data - RAND_STATE *rand // IN: the "entropy" source for - ) -{ - UINT16 keyBits = publicArea->parameters.symDetail.sym.keyBits.sym; - TPM_RC result; -// - // only do multiples of RADIX_BITS - if((keyBits % RADIX_BITS) != 0) - return TPM_RC_KEY_SIZE; - // If this is not a new key, then the provided key data must be the right size - if(sensitiveCreate->data.t.size != 0) - { - result = CryptSymKeyValidate(&publicArea->parameters.symDetail.sym, - (TPM2B_SYM_KEY *)&sensitiveCreate->data); - if(result == TPM_RC_SUCCESS) - MemoryCopy2B(&sensitive->sensitive.sym.b, &sensitiveCreate->data.b, - sizeof(sensitive->sensitive.sym.t.buffer)); - } -#if ALG_TDES - else if(publicArea->parameters.symDetail.sym.algorithm == ALG_TDES_VALUE) - { - result = CryptGenerateKeyDes(publicArea, sensitive, rand); - } -#endif - else - { - sensitive->sensitive.sym.t.size = - DRBG_Generate(rand, sensitive->sensitive.sym.t.buffer, - BITS_TO_BYTES(keyBits)); - if(g_inFailureMode) - result = TPM_RC_FAILURE; - else if(sensitive->sensitive.sym.t.size == 0) - result = TPM_RC_NO_RESULT; - else - result = TPM_RC_SUCCESS; - } - return result; -} - -//*** CryptXORObfuscation() -// This function implements XOR obfuscation. It should not be called if the -// hash algorithm is not implemented. The only return value from this function -// is TPM_RC_SUCCESS. -void -CryptXORObfuscation( - TPM_ALG_ID hash, // IN: hash algorithm for KDF - TPM2B *key, // IN: KDF key - TPM2B *contextU, // IN: contextU - TPM2B *contextV, // IN: contextV - UINT32 dataSize, // IN: size of data buffer - BYTE *data // IN/OUT: data to be XORed in place - ) -{ - BYTE mask[MAX_DIGEST_SIZE]; // Allocate a digest sized buffer - BYTE *pm; - UINT32 i; - UINT32 counter = 0; - UINT16 hLen = CryptHashGetDigestSize(hash); - UINT32 requestSize = dataSize * 8; - INT32 remainBytes = (INT32)dataSize; - - pAssert((key != NULL) && (data != NULL) && (hLen != 0)); - - // Call KDFa to generate XOR mask - for(; remainBytes > 0; remainBytes -= hLen) - { - // Make a call to KDFa to get next iteration - CryptKDFa(hash, key, XOR_KEY, contextU, contextV, - requestSize, mask, &counter, TRUE); - - // XOR next piece of the data - pm = mask; - for(i = hLen < remainBytes ? hLen : remainBytes; i > 0; i--) - *data++ ^= *pm++; - } - return; -} - -//**************************************************************************** -//** Initialization and shut down -//**************************************************************************** - -//*** CryptInit() -// This function is called when the TPM receives a _TPM_Init indication. -// -// NOTE: The hash algorithms do not have to be tested, they just need to be -// available. They have to be tested before the TPM can accept HMAC authorization -// or return any result that relies on a hash algorithm. -// Return Type: BOOL -// TRUE(1) initializations succeeded -// FALSE(0) initialization failed and caller should place the TPM into -// Failure Mode -BOOL -CryptInit( - void - ) -{ - BOOL ok; - // Initialize the vector of implemented algorithms - AlgorithmGetImplementedVector(&g_implementedAlgorithms); - - // Indicate that all test are necessary - CryptInitializeToTest(); - - // Do any library initializations that are necessary. If any fails, - // the caller should go into failure mode; - ok = SupportLibInit(); - ok = ok && CryptSymInit(); - ok = ok && CryptRandInit(); - ok = ok && CryptHashInit(); -#if ALG_RSA - ok = ok && CryptRsaInit(); -#endif // ALG_RSA -#if ALG_ECC - ok = ok && CryptEccInit(); -#endif // ALG_ECC - return ok; -} - -//*** CryptStartup() -// This function is called by TPM2_Startup() to initialize the functions in -// this cryptographic library and in the provided CryptoLibrary. This function -// and CryptUtilInit() are both provided so that the implementation may move the -// initialization around to get the best interaction. -// Return Type: BOOL -// TRUE(1) startup succeeded -// FALSE(0) startup failed and caller should place the TPM into -// Failure Mode -BOOL -CryptStartup( - STARTUP_TYPE type // IN: the startup type - ) -{ - BOOL OK; - NOT_REFERENCED(type); - - OK = CryptSymStartup() && CryptRandStartup() && CryptHashStartup() -#if ALG_RSA - && CryptRsaStartup() -#endif // ALG_RSA -#if ALG_ECC - && CryptEccStartup() -#endif // ALG_ECC - ; -#if ALG_ECC - // Don't directly check for SU_RESET because that is the default - if(OK && (type != SU_RESTART) && (type != SU_RESUME)) - { - // If the shutdown was orderly, then the values recovered from NV will - // be OK to use. - // Get a new random commit nonce - gr.commitNonce.t.size = sizeof(gr.commitNonce.t.buffer); - CryptRandomGenerate(gr.commitNonce.t.size, gr.commitNonce.t.buffer); - // Reset the counter and commit array - gr.commitCounter = 0; - MemorySet(gr.commitArray, 0, sizeof(gr.commitArray)); - } -#endif // ALG_ECC - return OK; -} - -//**************************************************************************** -//** Algorithm-Independent Functions -//**************************************************************************** -//*** Introduction -// These functions are used generically when a function of a general type -// (e.g., symmetric encryption) is required. The functions will modify the -// parameters as required to interface to the indicated algorithms. -// -//*** CryptIsAsymAlgorithm() -// This function indicates if an algorithm is an asymmetric algorithm. -// Return Type: BOOL -// TRUE(1) if it is an asymmetric algorithm -// FALSE(0) if it is not an asymmetric algorithm -BOOL -CryptIsAsymAlgorithm( - TPM_ALG_ID algID // IN: algorithm ID - ) -{ - switch(algID) - { -#if ALG_RSA - case ALG_RSA_VALUE: -#endif -#if ALG_ECC - case ALG_ECC_VALUE: -#endif - return TRUE; - break; - default: - break; - } - return FALSE; -} - -//*** CryptSecretEncrypt() -// This function creates a secret value and its associated secret structure using -// an asymmetric algorithm. -// -// This function is used by TPM2_Rewrap() TPM2_MakeCredential(), -// and TPM2_Duplicate(). -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key -// TPM_RC_KEY invalid ECC key (public point is not on the curve) -// TPM_RC_SCHEME RSA key with an unsupported padding scheme -// TPM_RC_VALUE numeric value of the data to be decrypted is greater -// than the RSA key modulus -TPM_RC -CryptSecretEncrypt( - OBJECT *encryptKey, // IN: encryption key object - const TPM2B *label, // IN: a null-terminated string as L - TPM2B_DATA *data, // OUT: secret value - TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure - ) -{ - TPMT_RSA_DECRYPT scheme; - TPM_RC result = TPM_RC_SUCCESS; -// - if(data == NULL || secret == NULL) - return TPM_RC_FAILURE; - - // The output secret value has the size of the digest produced by the nameAlg. - data->t.size = CryptHashGetDigestSize(encryptKey->publicArea.nameAlg); - // The encryption scheme is OAEP using the nameAlg of the encrypt key. - scheme.scheme = ALG_OAEP_VALUE; - scheme.details.anySig.hashAlg = encryptKey->publicArea.nameAlg; - - if(!IS_ATTRIBUTE(encryptKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RC_ATTRIBUTES; - switch(encryptKey->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - { - // Create secret data from RNG - CryptRandomGenerate(data->t.size, data->t.buffer); - - // Encrypt the data by RSA OAEP into encrypted secret - result = CryptRsaEncrypt((TPM2B_PUBLIC_KEY_RSA *)secret, &data->b, - encryptKey, &scheme, label, NULL); - } - break; -#endif // ALG_RSA - -#if ALG_ECC - case ALG_ECC_VALUE: - { - TPMS_ECC_POINT eccPublic; - TPM2B_ECC_PARAMETER eccPrivate; - TPMS_ECC_POINT eccSecret; - BYTE *buffer = secret->t.secret; - - // Need to make sure that the public point of the key is on the - // curve defined by the key. - if(!CryptEccIsPointOnCurve( - encryptKey->publicArea.parameters.eccDetail.curveID, - &encryptKey->publicArea.unique.ecc)) - result = TPM_RC_KEY; - else - { - // Call crypto engine to create an auxiliary ECC key - // We assume crypt engine initialization should always success. - // Otherwise, TPM should go to failure mode. - - CryptEccNewKeyPair(&eccPublic, &eccPrivate, - encryptKey->publicArea.parameters.eccDetail.curveID); - // Marshal ECC public to secret structure. This will be used by the - // recipient to decrypt the secret with their private key. - secret->t.size = TPMS_ECC_POINT_Marshal(&eccPublic, &buffer, NULL); - - // Compute ECDH shared secret which is R = [d]Q where d is the - // private part of the ephemeral key and Q is the public part of a - // TPM key. TPM_RC_KEY error return from CryptComputeECDHSecret - // because the auxiliary ECC key is just created according to the - // parameters of input ECC encrypt key. - if(CryptEccPointMultiply(&eccSecret, - encryptKey->publicArea.parameters.eccDetail.curveID, - &encryptKey->publicArea.unique.ecc, &eccPrivate, - NULL, NULL) - != TPM_RC_SUCCESS) - result = TPM_RC_KEY; - else - { - // The secret value is computed from Z using KDFe as: - // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) - // Where: - // HashID the nameAlg of the decrypt key - // Z the x coordinate (Px) of the product (P) of the point - // (Q) of the secret and the private x coordinate (de,V) - // of the decryption key - // Use a null-terminated string containing "SECRET" - // PartyUInfo the x coordinate of the point in the secret - // (Qe,U ) - // PartyVInfo the x coordinate of the public key (Qs,V ) - // bits the number of bits in the digest of HashID - // Retrieve seed from KDFe - CryptKDFe(encryptKey->publicArea.nameAlg, &eccSecret.x.b, - label, &eccPublic.x.b, - &encryptKey->publicArea.unique.ecc.x.b, - data->t.size * 8, data->t.buffer); - } - } - } - break; -#endif // ALG_ECC - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return result; -} - -//*** CryptSecretDecrypt() -// Decrypt a secret value by asymmetric (or symmetric) algorithm -// This function is used for ActivateCredential and Import for asymmetric -// decryption, and StartAuthSession for both asymmetric and symmetric -// decryption process -// -// Return Type: TPM_RC -// TPM_RC_ATTRIBUTES RSA key is not a decryption key -// TPM_RC_BINDING Invalid RSA key (public and private parts are not -// cryptographically bound. -// TPM_RC_ECC_POINT ECC point in the secret is not on the curve -// TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret -// TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity -// TPM_RC_SIZE data to decrypt is not of the same size as RSA key -// TPM_RC_VALUE For RSA key, numeric value of the encrypted data is -// greater than the modulus, or the recovered data is -// larger than the output buffer. -// For keyedHash or symmetric key, the secret is -// larger than the size of the digest produced by -// the name algorithm. -// TPM_RC_FAILURE internal error -TPM_RC -CryptSecretDecrypt( - OBJECT *decryptKey, // IN: decrypt key - TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for - // symmetric decryption. For - // asymmetric decryption, this - // parameter is NULL - const TPM2B *label, // IN: a value for L - TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret - TPM2B_DATA *data // OUT: decrypted secret value - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - - // Decryption for secret - switch(decryptKey->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - { - TPMT_RSA_DECRYPT scheme; - TPMT_RSA_SCHEME *keyScheme - = &decryptKey->publicArea.parameters.rsaDetail.scheme; - UINT16 digestSize; - - scheme = *(TPMT_RSA_DECRYPT *)keyScheme; - // If the key scheme is ALG_NULL_VALUE, set the scheme to OAEP and - // set the algorithm to the name algorithm. - if(scheme.scheme == ALG_NULL_VALUE) - { - // Use OAEP scheme - scheme.scheme = ALG_OAEP_VALUE; - scheme.details.oaep.hashAlg = decryptKey->publicArea.nameAlg; - } - // use the digestSize as an indicator of whether or not the scheme - // is using a supported hash algorithm. - // Note: depending on the scheme used for encryption, a hashAlg might - // not be needed. However, the return value has to have some upper - // limit on the size. In this case, it is the size of the digest of the - // hash algorithm. It is checked after the decryption is done but, there - // is no point in doing the decryption if the size is going to be - // 'wrong' anyway. - digestSize = CryptHashGetDigestSize(scheme.details.oaep.hashAlg); - if(scheme.scheme != ALG_OAEP_VALUE || digestSize == 0) - return TPM_RC_SCHEME; - - // Set the output buffer capacity - data->t.size = sizeof(data->t.buffer); - - // Decrypt seed by RSA OAEP - result = CryptRsaDecrypt(&data->b, &secret->b, - decryptKey, &scheme, label); - if((result == TPM_RC_SUCCESS) && (data->t.size > digestSize)) - result = TPM_RC_VALUE; - } - break; -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - { - TPMS_ECC_POINT eccPublic; - TPMS_ECC_POINT eccSecret; - BYTE *buffer = secret->t.secret; - INT32 size = secret->t.size; - - // Retrieve ECC point from secret buffer - result = TPMS_ECC_POINT_Unmarshal(&eccPublic, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - result = CryptEccPointMultiply(&eccSecret, - decryptKey->publicArea.parameters.eccDetail.curveID, - &eccPublic, &decryptKey->sensitive.sensitive.ecc, - NULL, NULL); - if(result == TPM_RC_SUCCESS) - { - // Set the size of the "recovered" secret value to be the size - // of the digest produced by the nameAlg. - data->t.size = - CryptHashGetDigestSize(decryptKey->publicArea.nameAlg); - - // The secret value is computed from Z using KDFe as: - // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) - // Where: - // HashID -- the nameAlg of the decrypt key - // Z -- the x coordinate (Px) of the product (P) of the point - // (Q) of the secret and the private x coordinate (de,V) - // of the decryption key - // Use -- a null-terminated string containing "SECRET" - // PartyUInfo -- the x coordinate of the point in the secret - // (Qe,U ) - // PartyVInfo -- the x coordinate of the public key (Qs,V ) - // bits -- the number of bits in the digest of HashID - // Retrieve seed from KDFe - CryptKDFe(decryptKey->publicArea.nameAlg, &eccSecret.x.b, label, - &eccPublic.x.b, - &decryptKey->publicArea.unique.ecc.x.b, - data->t.size * 8, data->t.buffer); - } - } - } - break; -#endif // ALG_ECC -#if !ALG_KEYEDHASH -# error "KEYEDHASH support is required" -#endif - case ALG_KEYEDHASH_VALUE: - // The seed size can not be bigger than the digest size of nameAlg - if(secret->t.size > - CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) - result = TPM_RC_VALUE; - else - { - // Retrieve seed by XOR Obfuscation: - // seed = XOR(secret, hash, key, nonceCaller, nullNonce) - // where: - // secret the secret parameter from the TPM2_StartAuthHMAC - // command that contains the seed value - // hash nameAlg of tpmKey - // key the key or data value in the object referenced by - // entityHandle in the TPM2_StartAuthHMAC command - // nonceCaller the parameter from the TPM2_StartAuthHMAC command - // nullNonce a zero-length nonce - // XOR Obfuscation in place - CryptXORObfuscation(decryptKey->publicArea.nameAlg, - &decryptKey->sensitive.sensitive.bits.b, - &nonceCaller->b, NULL, - secret->t.size, secret->t.secret); - // Copy decrypted seed - MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); - } - break; - case ALG_SYMCIPHER_VALUE: - { - TPM2B_IV iv = {{0}}; - TPMT_SYM_DEF_OBJECT *symDef; - // The seed size can not be bigger than the digest size of nameAlg - if(secret->t.size > - CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) - result = TPM_RC_VALUE; - else - { - symDef = &decryptKey->publicArea.parameters.symDetail.sym; - iv.t.size = CryptGetSymmetricBlockSize(symDef->algorithm, - symDef->keyBits.sym); - if(iv.t.size == 0) - return TPM_RC_FAILURE; - if(nonceCaller->t.size >= iv.t.size) - { - MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, iv.t.size); - } - else - { - if(nonceCaller->t.size > sizeof(iv.t.buffer)) - return TPM_RC_FAILURE; - MemoryCopy(iv.b.buffer, nonceCaller->t.buffer, - nonceCaller->t.size); - } - // make sure secret will fit - if(secret->t.size > data->t.size) - return TPM_RC_FAILURE; - data->t.size = secret->t.size; - // CFB decrypt, using nonceCaller as iv - CryptSymmetricDecrypt(data->t.buffer, symDef->algorithm, - symDef->keyBits.sym, - decryptKey->sensitive.sensitive.sym.t.buffer, - &iv, ALG_CFB_VALUE, secret->t.size, - secret->t.secret); - } - } - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return result; -} - -//*** CryptParameterEncryption() -// This function does in-place encryption of a response parameter. -void -CryptParameterEncryption( - TPM_HANDLE handle, // IN: encrypt session handle - TPM2B *nonceCaller, // IN: nonce caller - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // bytes - TPM2B_AUTH *extraKey, // IN: additional key material other than - // sessionAuth - BYTE *buffer // IN/OUT: parameter buffer to be encrypted - ) -{ - SESSION *session = SessionGet(handle); // encrypt session - TPM2B_TYPE(TEMP_KEY, (sizeof(extraKey->t.buffer) - + sizeof(session->sessionKey.t.buffer))); - TPM2B_TEMP_KEY key; // encryption key - UINT32 cipherSize = 0; // size of cipher text -// - // Retrieve encrypted data size. - if(leadingSizeInByte == 2) - { - // Extract the first two bytes as the size field as the data size - // encrypt - cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); - // advance the buffer - buffer = &buffer[2]; - } -#ifdef TPM4B - else if(leadingSizeInByte == 4) - { - // use the first four bytes to indicate the number of bytes to encrypt - cipherSize = BYTE_ARRAY_TO_UINT32(buffer); - //advance pointer - buffer = &buffer[4]; - } -#endif - else - { - FAIL(FATAL_ERROR_INTERNAL); - } - - // Compute encryption key by concatenating sessionKey with extra key - MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); - MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); - - if(session->symmetric.algorithm == ALG_XOR_VALUE) - - // XOR parameter encryption formulation: - // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) - CryptXORObfuscation(session->authHashAlg, &(key.b), - &(session->nonceTPM.b), - nonceCaller, cipherSize, buffer); - else - ParmEncryptSym(session->symmetric.algorithm, session->authHashAlg, - session->symmetric.keyBits.aes, &(key.b), - nonceCaller, &(session->nonceTPM.b), - cipherSize, buffer); - return; -} - -//*** CryptParameterDecryption() -// This function does in-place decryption of a command parameter. -// Return Type: TPM_RC -// TPM_RC_SIZE The number of bytes in the input buffer is less than -// the number of bytes to be decrypted. -TPM_RC -CryptParameterDecryption( - TPM_HANDLE handle, // IN: encrypted session handle - TPM2B *nonceCaller, // IN: nonce caller - UINT32 bufferSize, // IN: size of parameter buffer - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // byte - TPM2B_AUTH *extraKey, // IN: the authValue - BYTE *buffer // IN/OUT: parameter buffer to be decrypted - ) -{ - SESSION *session = SessionGet(handle); // encrypt session - // The HMAC key is going to be the concatenation of the session key and any - // additional key material (like the authValue). The size of both of these - // is the size of the buffer which can contain a TPMT_HA. - TPM2B_TYPE(HMAC_KEY, (sizeof(extraKey->t.buffer) - + sizeof(session->sessionKey.t.buffer))); - TPM2B_HMAC_KEY key; // decryption key - UINT32 cipherSize = 0; // size of cipher text -// - // Retrieve encrypted data size. - if(leadingSizeInByte == 2) - { - // The first two bytes of the buffer are the size of the - // data to be decrypted - cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); - buffer = &buffer[2]; // advance the buffer - } -#ifdef TPM4B - else if(leadingSizeInByte == 4) - { - // the leading size is four bytes so get the four byte size field - cipherSize = BYTE_ARRAY_TO_UINT32(buffer); - buffer = &buffer[4]; //advance pointer - } -#endif - else - { - FAIL(FATAL_ERROR_INTERNAL); - } - if(cipherSize > bufferSize) - return TPM_RC_SIZE; - - // Compute decryption key by concatenating sessionAuth with extra input key - MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); - MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); - - if(session->symmetric.algorithm == ALG_XOR_VALUE) - // XOR parameter decryption formulation: - // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) - // Call XOR obfuscation function - CryptXORObfuscation(session->authHashAlg, &key.b, nonceCaller, - &(session->nonceTPM.b), cipherSize, buffer); - else - // Assume that it is one of the symmetric block ciphers. - ParmDecryptSym(session->symmetric.algorithm, session->authHashAlg, - session->symmetric.keyBits.sym, - &key.b, nonceCaller, &session->nonceTPM.b, - cipherSize, buffer); - - return TPM_RC_SUCCESS; -} - -//*** CryptComputeSymmetricUnique() -// This function computes the unique field in public area for symmetric objects. -void -CryptComputeSymmetricUnique( - TPMT_PUBLIC *publicArea, // IN: the object's public area - TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area - TPM2B_DIGEST *unique // OUT: unique buffer - ) -{ - // For parents (symmetric and derivation), use an HMAC to compute - // the 'unique' field - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt)) - { - // Unique field is HMAC(sensitive->seedValue, sensitive->sensitive) - HMAC_STATE hmacState; - unique->b.size = CryptHmacStart2B(&hmacState, publicArea->nameAlg, - &sensitive->seedValue.b); - CryptDigestUpdate2B(&hmacState.hashState, - &sensitive->sensitive.any.b); - CryptHmacEnd2B(&hmacState, &unique->b); - } - else - { - HASH_STATE hashState; - // Unique := Hash(sensitive->seedValue || sensitive->sensitive) - unique->t.size = CryptHashStart(&hashState, publicArea->nameAlg); - CryptDigestUpdate2B(&hashState, &sensitive->seedValue.b); - CryptDigestUpdate2B(&hashState, &sensitive->sensitive.any.b); - CryptHashEnd2B(&hashState, &unique->b); - } - return; -} - -//*** CryptCreateObject() -// This function creates an object. -// For an asymmetric key, it will create a key pair and, for a parent key, a seed -// value for child protections. -// -// For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will -// create a secret key if the caller did not provide one. It will create a random -// secret seed value that is hashed with the secret value to create the public -// unique value. -// -// 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters -// and are the only ones that are used by TPM2_Create(). The other parameters -// are optional and are used when the generated Object needs to be deterministic. -// This is the case for both Primary Objects and Derived Objects. -// -// When a seed value is provided, a RAND_STATE will be populated and used for -// all operations in the object generation that require a random number. In the -// simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with -// context being the hash of the template. If the Primary Object is in -// the Endorsement hierarchy, it will also populate 'proof' with ehProof. -// -// For derived keys, 'seed' will be the secret value from the parent, 'label' and -// 'context' will be set according to the parameters of TPM2_CreateLoaded() and -// 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. -// -// Return Type: TPM_RC -// TPM_RC_KEY a provided key is not an allowed value -// TPM_RC_KEY_SIZE key size in the public area does not match the size -// in the sensitive creation area for a symmetric key -// TPM_RC_NO_RESULT unable to get random values (only in derivation) -// TPM_RC_RANGE for an RSA key, the exponent is not supported -// TPM_RC_SIZE sensitive data size is larger than allowed for the -// scheme for a keyed hash object -// TPM_RC_VALUE exponent is not prime or could not find a prime using -// the provided parameters for an RSA key; -// unsupported name algorithm for an ECC key -TPM_RC -CryptCreateObject( - OBJECT *object, // IN: new object structure pointer - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation - RAND_STATE *rand // IN: the random number generator - // to use - ) -{ - TPMT_PUBLIC *publicArea = &object->publicArea; - TPMT_SENSITIVE *sensitive = &object->sensitive; - TPM_RC result = TPM_RC_SUCCESS; -// - // Set the sensitive type for the object - sensitive->sensitiveType = publicArea->type; - - // For all objects, copy the initial authorization data - sensitive->authValue = sensitiveCreate->userAuth; - - // If the TPM is the source of the data, set the size of the provided data to - // zero so that there's no confusion about what to do. - if(IS_ATTRIBUTE(publicArea->objectAttributes, - TPMA_OBJECT, sensitiveDataOrigin)) - sensitiveCreate->data.t.size = 0; - - // Generate the key and unique fields for the asymmetric keys and just the - // sensitive value for symmetric object - switch(publicArea->type) - { -#if ALG_RSA - // Create RSA key - case ALG_RSA_VALUE: - // RSA uses full object so that it has a place to put the private - // exponent - result = CryptRsaGenerateKey(publicArea, sensitive, rand); - break; -#endif // ALG_RSA - -#if ALG_ECC - // Create ECC key - case ALG_ECC_VALUE: - result = CryptEccGenerateKey(publicArea, sensitive, rand); - break; -#endif // ALG_ECC - case ALG_SYMCIPHER_VALUE: - result = CryptGenerateKeySymmetric(publicArea, sensitive, - sensitiveCreate, rand); - break; - case ALG_KEYEDHASH_VALUE: - result = CryptGenerateKeyedHash(publicArea, sensitive, - sensitiveCreate, rand); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - if(result != TPM_RC_SUCCESS) - return result; -// Create the sensitive seed value - // If this is a primary key in the endorsement hierarchy, stir the DRBG state - // This implementation uses both shProof and ehProof to make sure that there - // is no leakage of either. - if(object->attributes.primary && object->attributes.epsHierarchy) - { - DRBG_AdditionalData((DRBG_STATE *)rand, &gp.shProof.b); - DRBG_AdditionalData((DRBG_STATE *)rand, &gp.ehProof.b); - } - // Generate a seedValue that is the size of the digest produced by nameAlg - sensitive->seedValue.t.size = - DRBG_Generate(rand, sensitive->seedValue.t.buffer, - CryptHashGetDigestSize(publicArea->nameAlg)); - if(g_inFailureMode) - return TPM_RC_FAILURE; - else if(sensitive->seedValue.t.size == 0) - return TPM_RC_NO_RESULT; - // For symmetric objects, need to compute the unique value for the public area - if(publicArea->type == ALG_SYMCIPHER_VALUE - || publicArea->type == ALG_KEYEDHASH_VALUE) - { - CryptComputeSymmetricUnique(publicArea, sensitive, &publicArea->unique.sym); - } - else - { - // if this is an asymmetric key and it isn't a parent, then - // get rid of the seed. - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) - || !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - memset(&sensitive->seedValue, 0, sizeof(sensitive->seedValue)); - } - // Compute the name - PublicMarshalAndComputeName(publicArea, &object->name); - return result; -} - -//*** CryptGetSignHashAlg() -// Get the hash algorithm of signature from a TPMT_SIGNATURE structure. -// It assumes the signature is not NULL -// This is a function for easy access -TPMI_ALG_HASH -CryptGetSignHashAlg( - TPMT_SIGNATURE *auth // IN: signature - ) -{ - if(auth->sigAlg == ALG_NULL_VALUE) - FAIL(FATAL_ERROR_INTERNAL); - - // Get authHash algorithm based on signing scheme - switch(auth->sigAlg) - { -#if ALG_RSA - // If RSA is supported, both RSASSA and RSAPSS are required -# if !defined ALG_RSASSA_VALUE || !defined ALG_RSAPSS_VALUE -# error "RSASSA and RSAPSS are required for RSA" -# endif - case ALG_RSASSA_VALUE: - return auth->signature.rsassa.hash; - case ALG_RSAPSS_VALUE: - return auth->signature.rsapss.hash; -#endif // ALG_RSA - -#if ALG_ECC - // If ECC is defined, ECDSA is mandatory -# if !ALG_ECDSA -# error "ECDSA is requried for ECC" -# endif - case ALG_ECDSA_VALUE: - // SM2 and ECSCHNORR are optional - -# if ALG_SM2 - case ALG_SM2_VALUE: -# endif -# if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -# endif - //all ECC signatures look the same - return auth->signature.ecdsa.hash; - -# if ALG_ECDAA - // Don't know how to verify an ECDAA signature - case ALG_ECDAA_VALUE: - break; -# endif - -#endif // ALG_ECC - - case ALG_HMAC_VALUE: - return auth->signature.hmac.hashAlg; - - default: - break; - } - return ALG_NULL_VALUE; -} - -//*** CryptIsSplitSign() -// This function us used to determine if the signing operation is a split -// signing operation that required a TPM2_Commit(). -// -BOOL -CryptIsSplitSign( - TPM_ALG_ID scheme // IN: the algorithm selector - ) -{ - switch(scheme) - { -# if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TRUE; - break; -# endif // ALG_ECDAA - default: - return FALSE; - break; - } -} - -//*** CryptIsAsymSignScheme() -// This function indicates if a scheme algorithm is a sign algorithm. -BOOL -CryptIsAsymSignScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme - ) -{ - BOOL isSignScheme = TRUE; - - switch(publicType) - { -#if ALG_RSA - case ALG_RSA_VALUE: - switch(scheme) - { -# if !ALG_RSASSA || !ALG_RSAPSS -# error "RSASSA and PSAPSS required if RSA used." -# endif - case ALG_RSASSA_VALUE: - case ALG_RSAPSS_VALUE: - break; - default: - isSignScheme = FALSE; - break; - } - break; -#endif // ALG_RSA - -#if ALG_ECC - // If ECC is implemented ECDSA is required - case ALG_ECC_VALUE: - switch(scheme) - { - // Support for ECDSA is required for ECC - case ALG_ECDSA_VALUE: -#if ALG_ECDAA // ECDAA is optional - case ALG_ECDAA_VALUE: -#endif -#if ALG_ECSCHNORR // Schnorr is also optional - case ALG_ECSCHNORR_VALUE: -#endif -#if ALG_SM2 // SM2 is optional - case ALG_SM2_VALUE: -#endif - break; - default: - isSignScheme = FALSE; - break; - } - break; -#endif // ALG_ECC - default: - isSignScheme = FALSE; - break; - } - return isSignScheme; -} - -//*** CryptIsAsymDecryptScheme() -// This function indicate if a scheme algorithm is a decrypt algorithm. -BOOL -CryptIsAsymDecryptScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme - ) -{ - BOOL isDecryptScheme = TRUE; - - switch(publicType) - { -#if ALG_RSA - case ALG_RSA_VALUE: - switch(scheme) - { - case ALG_RSAES_VALUE: - case ALG_OAEP_VALUE: - break; - default: - isDecryptScheme = FALSE; - break; - } - break; -#endif // ALG_RSA - -#if ALG_ECC - // If ECC is implemented ECDH is required - case ALG_ECC_VALUE: - switch(scheme) - { -#if !ALG_ECDH -# error "ECDH is required for ECC" -#endif - case ALG_ECDH_VALUE: -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif -#if ALG_ECMQV - case ALG_ECMQV_VALUE: -#endif - break; - default: - isDecryptScheme = FALSE; - break; - } - break; -#endif // ALG_ECC - default: - isDecryptScheme = FALSE; - break; - } - return isDecryptScheme; -} - -//*** CryptSelectSignScheme() -// This function is used by the attestation and signing commands. It implements -// the rules for selecting the signature scheme to use in signing. This function -// requires that the signing key either be TPM_RH_NULL or be loaded. -// -// If a default scheme is defined in object, the default scheme should be chosen, -// otherwise, the input scheme should be chosen. -// In the case that both object and input scheme has a non-NULL scheme -// algorithm, if the schemes are compatible, the input scheme will be chosen. -// -// This function should not be called if 'signObject->publicArea.type' == -// ALG_SYMCIPHER. -// -// Return Type: BOOL -// TRUE(1) scheme selected -// FALSE(0) both 'scheme' and key's default scheme are empty; or -// 'scheme' is empty while key's default scheme requires -// explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme' -BOOL -CryptSelectSignScheme( - OBJECT *signObject, // IN: signing key - TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme - ) -{ - TPMT_SIG_SCHEME *objectScheme; - TPMT_PUBLIC *publicArea; - BOOL OK; - - // If the signHandle is TPM_RH_NULL, then the NULL scheme is used, regardless - // of the setting of scheme - if(signObject == NULL) - { - OK = TRUE; - scheme->scheme = ALG_NULL_VALUE; - scheme->details.any.hashAlg = ALG_NULL_VALUE; - } - else - { - // assignment to save typing. - publicArea = &signObject->publicArea; - - // A symmetric cipher can be used to encrypt and decrypt but it can't - // be used for signing - if(publicArea->type == ALG_SYMCIPHER_VALUE) - return FALSE; - // Point to the scheme object - if(CryptIsAsymAlgorithm(publicArea->type)) - objectScheme = - (TPMT_SIG_SCHEME *)&publicArea->parameters.asymDetail.scheme; - else - objectScheme = - (TPMT_SIG_SCHEME *)&publicArea->parameters.keyedHashDetail.scheme; - - // If the object doesn't have a default scheme, then use the - // input scheme. - if(objectScheme->scheme == ALG_NULL_VALUE) - { - // Input and default can't both be NULL - OK = (scheme->scheme != ALG_NULL_VALUE); - // Assume that the scheme is compatible with the key. If not, - // an error will be generated in the signing operation. - } - else if(scheme->scheme == ALG_NULL_VALUE) - { - // input scheme is NULL so use default - - // First, check to see if the default requires that the caller - // provided scheme data - OK = !CryptIsSplitSign(objectScheme->scheme); - if(OK) - { - // The object has a scheme and the input is TPM_ALG_NULL so copy - // the object scheme as the final scheme. It is better to use a - // structure copy than a copy of the individual fields. - *scheme = *objectScheme; - } - } - else - { - // Both input and object have scheme selectors - // If the scheme and the hash are not the same then... - // NOTE: the reason that there is no copy here is that the input - // might contain extra data for a split signing scheme and that - // data is not in the object so, it has to be preserved. - OK = (objectScheme->scheme == scheme->scheme) - && (objectScheme->details.any.hashAlg - == scheme->details.any.hashAlg); - } - } - return OK; -} - -//*** CryptSign() -// Sign a digest with asymmetric key or HMAC. -// This function is called by attestation commands and the generic TPM2_Sign -// command. -// This function checks the key scheme and digest size. It does not -// check if the sign operation is allowed for restricted key. It should be -// checked before the function is called. -// The function will assert if the key is not a signing key. -// -// Return Type: TPM_RC -// TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type -// TPM_RC_VALUE 'digest' value is greater than the modulus of -// 'signHandle' or size of 'hashData' does not match hash -// algorithm in'signScheme' (for an RSA key); -// invalid commit status or failed to generate "r" value -// (for an ECC key) -TPM_RC -CryptSign( - OBJECT *signKey, // IN: signing key - TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. - TPM2B_DIGEST *digest, // IN: The digest being signed - TPMT_SIGNATURE *signature // OUT: signature - ) -{ - TPM_RC result = TPM_RC_SCHEME; - - // Initialize signature scheme - signature->sigAlg = signScheme->scheme; - - // If the signature algorithm is TPM_ALG_NULL or the signing key is NULL, - // then we are done - if((signature->sigAlg == ALG_NULL_VALUE) || (signKey == NULL)) - return TPM_RC_SUCCESS; - - // Initialize signature hash - // Note: need to do the check for TPM_ALG_NULL first because the null scheme - // doesn't have a hashAlg member. - signature->signature.any.hashAlg = signScheme->details.any.hashAlg; - - // perform sign operation based on different key type - switch(signKey->publicArea.type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - result = CryptRsaSign(signature, signKey, digest, NULL); - break; -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - // The reason that signScheme is passed to CryptEccSign but not to the - // other signing methods is that the signing for ECC may be split and - // need the 'r' value that is in the scheme but not in the signature. - result = CryptEccSign(signature, signKey, digest, - (TPMT_ECC_SCHEME *)signScheme, NULL); - break; -#endif // ALG_ECC - case ALG_KEYEDHASH_VALUE: - result = CryptHmacSign(signature, signKey, digest); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return result; -} - -//*** CryptValidateSignature() -// This function is used to verify a signature. It is called by -// TPM2_VerifySignature() and TPM2_PolicySigned. -// -// Since this operation only requires use of a public key, no consistency -// checks are necessary for the key to signature type because a caller can load -// any public key that they like with any scheme that they like. This routine -// simply makes sure that the signature is correct, whatever the type. -// -// Return Type: TPM_RC -// TPM_RC_SIGNATURE the signature is not genuine -// TPM_RC_SCHEME the scheme is not supported -// TPM_RC_HANDLE an HMAC key was selected but the -// private part of the key is not loaded -TPM_RC -CryptValidateSignature( - TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key - TPM2B_DIGEST *digest, // IN: The digest being validated - TPMT_SIGNATURE *signature // IN: signature - ) -{ - // NOTE: HandleToObject will either return a pointer to a loaded object or - // will assert. It will never return a non-valid value. This makes it save - // to initialize 'publicArea' with the return value from HandleToObject() - // without checking it first. - OBJECT *signObject = HandleToObject(keyHandle); - TPMT_PUBLIC *publicArea = &signObject->publicArea; - TPM_RC result = TPM_RC_SCHEME; - - // The input unmarshaling should prevent any input signature from being - // a NULL signature, but just in case - if(signature->sigAlg == ALG_NULL_VALUE) - return TPM_RC_SIGNATURE; - - switch(publicArea->type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - { - // - // Call RSA code to verify signature - result = CryptRsaValidateSignature(signature, signObject, digest); - break; - } -#endif // ALG_RSA - -#if ALG_ECC - case ALG_ECC_VALUE: - result = CryptEccValidateSignature(signature, signObject, digest); - break; -#endif // ALG_ECC - - case ALG_KEYEDHASH_VALUE: - if(signObject->attributes.publicOnly) - result = TPM_RCS_HANDLE; - else - result = CryptHMACVerifySignature(signObject, digest, signature); - break; - default: - break; - } - return result; -} - -//*** CryptGetTestResult -// This function returns the results of a self-test function. -// Note: the behavior in this function is NOT the correct behavior for a real -// TPM implementation. An artificial behavior is placed here due to the -// limitation of a software simulation environment. For the correct behavior, -// consult the part 3 specification for TPM2_GetTestResult(). -TPM_RC -CryptGetTestResult( - TPM2B_MAX_BUFFER *outData // OUT: test result data - ) -{ - outData->t.size = 0; - return TPM_RC_SUCCESS; -} - -//*** CryptValidateKeys() -// This function is used to verify that the key material of and object is valid. -// For a 'publicOnly' object, the key is verified for size and, if it is an ECC -// key, it is verified to be on the specified curve. For a key with a sensitive -// area, the binding between the public and private parts of the key are verified. -// If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area -// is verified but the public portion is not verified, unless the key is an RSA key. -// For an RSA key, the reason for loading the sensitive area is to use it. The -// only way to use a private RSA key is to compute the private exponent. To compute -// the private exponent, the public modulus is used. -// Return Type: TPM_RC -// TPM_RC_BINDING the public and private parts are not cryptographically -// bound -// TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL -// TPM_RC_KEY the public unique is not valid -// TPM_RC_KEY_SIZE the private area key is not valid -// TPM_RC_TYPE the types of the sensitive and private parts do not match -TPM_RC -CryptValidateKeys( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - TPM_RC blamePublic, - TPM_RC blameSensitive - ) -{ - TPM_RC result; - UINT16 keySizeInBytes; - UINT16 digestSize = CryptHashGetDigestSize(publicArea->nameAlg); - TPMU_PUBLIC_PARMS *params = &publicArea->parameters; - TPMU_PUBLIC_ID *unique = &publicArea->unique; - - if(sensitive != NULL) - { - // Make sure that the types of the public and sensitive are compatible - if(publicArea->type != sensitive->sensitiveType) - return TPM_RCS_TYPE + blameSensitive; - // Make sure that the authValue is not bigger than allowed - // If there is no name algorithm, then the size just needs to be less than - // the maximum size of the buffer used for authorization. That size check - // was made during unmarshaling of the sensitive area - if((sensitive->authValue.t.size) > digestSize && (digestSize > 0)) - return TPM_RCS_SIZE + blameSensitive; - } - switch(publicArea->type) - { -#if ALG_RSA - case ALG_RSA_VALUE: - keySizeInBytes = BITS_TO_BYTES(params->rsaDetail.keyBits); - - // Regardless of whether there is a sensitive area, the public modulus - // needs to have the correct size. Otherwise, it can't be used for - // any public key operation nor can it be used to compute the private - // exponent. - // NOTE: This implementation only supports key sizes that are multiples - // of 1024 bits which means that the MSb of the 0th byte will always be - // SET in any prime and in the public modulus. - if((unique->rsa.t.size != keySizeInBytes) - || (unique->rsa.t.buffer[0] < 0x80)) - return TPM_RCS_KEY + blamePublic; - if(params->rsaDetail.exponent != 0 - && params->rsaDetail.exponent < 7) - return TPM_RCS_VALUE + blamePublic; - if(sensitive != NULL) - { - // If there is a sensitive area, it has to be the correct size - // including having the correct high order bit SET. - if(((sensitive->sensitive.rsa.t.size * 2) != keySizeInBytes) - || (sensitive->sensitive.rsa.t.buffer[0] < 0x80)) - return TPM_RCS_KEY_SIZE + blameSensitive; - } - break; -#endif -#if ALG_ECC - case ALG_ECC_VALUE: - { - TPMI_ECC_CURVE curveId; - curveId = params->eccDetail.curveID; - keySizeInBytes = BITS_TO_BYTES(CryptEccGetKeySizeForCurve(curveId)); - if(sensitive == NULL) - { - // Validate the public key size - if(unique->ecc.x.t.size != keySizeInBytes - || unique->ecc.y.t.size != keySizeInBytes) - return TPM_RCS_KEY + blamePublic; - if(publicArea->nameAlg != ALG_NULL_VALUE) - { - if(!CryptEccIsPointOnCurve(curveId, &unique->ecc)) - return TPM_RCS_ECC_POINT + blamePublic; - } - } - else - { - // If the nameAlg is TPM_ALG_NULL, then only verify that the - // private part of the key is OK. - if(!CryptEccIsValidPrivateKey(&sensitive->sensitive.ecc, - curveId)) - return TPM_RCS_KEY_SIZE; - if(publicArea->nameAlg != ALG_NULL_VALUE) - { - // Full key load, verify that the public point belongs to the - // private key. - TPMS_ECC_POINT toCompare; - result = CryptEccPointMultiply(&toCompare, curveId, NULL, - &sensitive->sensitive.ecc, - NULL, NULL); - if(result != TPM_RC_SUCCESS) - return TPM_RCS_BINDING; - else - { - // Make sure that the private key generated the public key. - // The input values and the values produced by the point - // multiply may not be the same size so adjust the computed - // value to match the size of the input value by adding or - // removing zeros. - AdjustNumberB(&toCompare.x.b, unique->ecc.x.t.size); - AdjustNumberB(&toCompare.y.b, unique->ecc.y.t.size); - if(!MemoryEqual2B(&unique->ecc.x.b, &toCompare.x.b) - || !MemoryEqual2B(&unique->ecc.y.b, &toCompare.y.b)) - return TPM_RCS_BINDING; - } - } - } - break; - } -#endif - default: - // Checks for SYMCIPHER and KEYEDHASH are largely the same - // If public area has a nameAlg, then validate the public area size - // and if there is also a sensitive area, validate the binding - - // For consistency, if the object is public-only just make sure that - // the unique field is consistent with the name algorithm - if(sensitive == NULL) - { - if(unique->sym.t.size != digestSize) - return TPM_RCS_KEY + blamePublic; - } - else - { - // Make sure that the key size in the sensitive area is consistent. - if(publicArea->type == ALG_SYMCIPHER_VALUE) - { - result = CryptSymKeyValidate(¶ms->symDetail.sym, - &sensitive->sensitive.sym); - if(result != TPM_RC_SUCCESS) - return result + blameSensitive; - } - else - { - // For a keyed hash object, the key has to be less than the - // smaller of the block size of the hash used in the scheme or - // 128 bytes. The worst case value is limited by the - // unmarshaling code so the only thing left to be checked is - // that it does not exceed the block size of the hash. - // by the hash algorithm of the scheme. - TPMT_KEYEDHASH_SCHEME *scheme; - UINT16 maxSize; - scheme = ¶ms->keyedHashDetail.scheme; - if(scheme->scheme == ALG_XOR_VALUE) - { - maxSize = CryptHashGetBlockSize(scheme->details.xor.hashAlg); - } - else if(scheme->scheme == ALG_HMAC_VALUE) - { - maxSize = CryptHashGetBlockSize(scheme->details.hmac.hashAlg); - } - else if(scheme->scheme == ALG_NULL_VALUE) - { - // Not signing or xor so must be a data block - maxSize = 128; - } - else - return TPM_RCS_SCHEME + blamePublic; - if(sensitive->sensitive.bits.t.size > maxSize) - return TPM_RCS_KEY_SIZE + blameSensitive; - } - // If there is a nameAlg, check the binding - if(publicArea->nameAlg != ALG_NULL_VALUE) - { - TPM2B_DIGEST compare; - if(sensitive->seedValue.t.size != digestSize) - return TPM_RCS_KEY_SIZE + blameSensitive; - - CryptComputeSymmetricUnique(publicArea, sensitive, &compare); - if(!MemoryEqual2B(&unique->sym.b, &compare.b)) - return TPM_RC_BINDING; - } - } - break; - } - // For a parent, need to check that the seedValue is the correct size for - // protections. It should be at least half the size of the nameAlg - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) - && sensitive != NULL - && publicArea->nameAlg != ALG_NULL_VALUE) - { - if((sensitive->seedValue.t.size < (digestSize / 2)) - || (sensitive->seedValue.t.size > digestSize)) - return TPM_RCS_SIZE + blameSensitive; - } - return TPM_RC_SUCCESS; -} - -//*** CryptSelectMac() -// This function is used to set the MAC scheme based on the key parameters and -// the input scheme. -// Return Type: TPM_RC -// TPM_RC_SCHEME the scheme is not a valid mac scheme -// TPM_RC_TYPE the input key is not a type that supports a mac -// TPM_RC_VALUE the input scheme and the key scheme are not compatible -TPM_RC -CryptSelectMac( - TPMT_PUBLIC *publicArea, - TPMI_ALG_MAC_SCHEME *inMac -) -{ - TPM_ALG_ID macAlg = ALG_NULL_VALUE; - switch(publicArea->type) - { - case ALG_KEYEDHASH_VALUE: - { - // Local value to keep lines from getting too long - TPMT_KEYEDHASH_SCHEME *scheme; - scheme = &publicArea->parameters.keyedHashDetail.scheme; - // Expect that the scheme is either HMAC or NULL - if(scheme->scheme != ALG_NULL_VALUE) - macAlg = scheme->details.hmac.hashAlg; - break; - } - case ALG_SYMCIPHER_VALUE: - { - TPMT_SYM_DEF_OBJECT *scheme; - scheme = &publicArea->parameters.symDetail.sym; - // Expect that the scheme is either valid symmetric cipher or NULL - if(scheme->algorithm != ALG_NULL_VALUE) - macAlg = scheme->mode.sym; - break; - } - default: - return TPM_RCS_TYPE; - } - // If the input value is not TPM_ALG_NULL ... - if(*inMac != ALG_NULL_VALUE) - { - // ... then either the scheme in the key must be TPM_ALG_NULL or the input - // value must match - if((macAlg != ALG_NULL_VALUE) && (*inMac != macAlg)) - return TPM_RCS_VALUE; - } - else - { - // Since the input value is TPM_ALG_NULL, then the key value can't be - // TPM_ALG_NULL - if(macAlg == ALG_NULL_VALUE) - return TPM_RCS_VALUE; - *inMac = macAlg; - } - if(!CryptMacIsValidForKey(publicArea->type, *inMac, FALSE)) - return TPM_RCS_SCHEME; - return TPM_RC_SUCCESS; -} - -//*** CryptMacIsValidForKey() -// Check to see if the key type is compatible with the mac type -BOOL -CryptMacIsValidForKey( - TPM_ALG_ID keyType, - TPM_ALG_ID macAlg, - BOOL flag -) -{ - switch(keyType) - { - case ALG_KEYEDHASH_VALUE: - return CryptHashIsValidAlg(macAlg, flag); - break; - case ALG_SYMCIPHER_VALUE: - return CryptSmacIsValidAlg(macAlg, flag); - break; - default: - break; - } - return FALSE; -} - -//*** CryptSmacIsValidAlg() -// This function is used to test if an algorithm is a supported SMAC algorithm. It -// needs to be updated as new algorithms are added. -BOOL -CryptSmacIsValidAlg( - TPM_ALG_ID alg, - BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid -) -{ - switch (alg) - { -#if ALG_CMAC - case ALG_CMAC_VALUE: - return TRUE; - break; -#endif - case ALG_NULL_VALUE: - return FLAG; - break; - default: - return FALSE; - } -} - -//*** CryptSymModeIsValid() -// Function checks to see if an algorithm ID is a valid, symmetric block cipher -// mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. -// not include the modes used for SMAC -BOOL -CryptSymModeIsValid( - TPM_ALG_ID mode, - BOOL flag -) -{ - switch(mode) - { -#if ALG_CTR - case ALG_CTR_VALUE: -#endif // ALG_CTR -#if ALG_OFB - case ALG_OFB_VALUE: -#endif // ALG_OFB -#if ALG_CBC - case ALG_CBC_VALUE: -#endif // ALG_CBC -#if ALG_CFB - case ALG_CFB_VALUE: -#endif // ALG_CFB -#if ALG_ECB - case ALG_ECB_VALUE: -#endif // ALG_ECB - return TRUE; - case ALG_NULL_VALUE: - return flag; - break; - default: - break; - } - return FALSE; -} - - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c deleted file mode 100644 index 00072188d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c +++ /dev/null @@ -1,422 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -// This table is the product of all of the primes up to 1000. -// Checking to see if there is a GCD between a prime candidate -// and this number will eliminate many prime candidates from -// consideration before running Miller-Rabin on the result. - -const BN_STRUCT(43 * RADIX_BITS) s_CompositeOfSmallPrimes_ = -{44, 44, -{ 0x2ED42696, 0x2BBFA177, 0x4820594F, 0xF73F4841, -0xBFAC313A, 0xCAC3EB81, 0xF6F26BF8, 0x7FAB5061, -0x59746FB7, 0xF71377F6, 0x3B19855B, 0xCBD03132, -0xBB92EF1B, 0x3AC3152C, 0xE87C8273, 0xC0AE0E69, -0x74A9E295, 0x448CCE86, 0x63CA1907, 0x8A0BF944, -0xF8CC3BE0, 0xC26F0AF5, 0xC501C02F, 0x6579441A, -0xD1099CDA, 0x6BC76A00, 0xC81A3228, 0xBFB1AB25, -0x70FA3841, 0x51B3D076, 0xCC2359ED, 0xD9EE0769, -0x75E47AF0, 0xD45FF31E, 0x52CCE4F6, 0x04DBC891, -0x96658ED2, 0x1753EFE5, 0x3AE4A5A6, 0x8FD4A97F, -0x8B15E7EB, 0x0243C3E1, 0xE0F0C31D, 0x0000000B } -}; - -bigConst s_CompositeOfSmallPrimes = (const bigNum)&s_CompositeOfSmallPrimes_; - -// This table contains a bit for each of the odd values between 1 and 2^16 + 1. -// This table allows fast checking of the primes in that range. -// Don't change the size of this table unless you are prepared to do redo -// IsPrimeInt(). - -const uint32_t s_LastPrimeInTable = 65537; -const uint32_t s_PrimeTableSize = 4097; -const uint32_t s_PrimesInTable = 6542; -const unsigned char s_PrimeTable[] = { - 0x6e, 0xcb, 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x81, 0x32, 0x4c, 0x4a, 0x86, - 0x0d, 0x82, 0x96, 0x21, 0xc9, 0x34, 0x04, 0x5a, 0x20, 0x61, 0x89, 0xa4, - 0x44, 0x11, 0x86, 0x29, 0xd1, 0x82, 0x28, 0x4a, 0x30, 0x40, 0x42, 0x32, - 0x21, 0x99, 0x34, 0x08, 0x4b, 0x06, 0x25, 0x42, 0x84, 0x48, 0x8a, 0x14, - 0x05, 0x42, 0x30, 0x6c, 0x08, 0xb4, 0x40, 0x0b, 0xa0, 0x08, 0x51, 0x12, - 0x28, 0x89, 0x04, 0x65, 0x98, 0x30, 0x4c, 0x80, 0x96, 0x44, 0x12, 0x80, - 0x21, 0x42, 0x12, 0x41, 0xc9, 0x04, 0x21, 0xc0, 0x32, 0x2d, 0x98, 0x00, - 0x00, 0x49, 0x04, 0x08, 0x81, 0x96, 0x68, 0x82, 0xb0, 0x25, 0x08, 0x22, - 0x48, 0x89, 0xa2, 0x40, 0x59, 0x26, 0x04, 0x90, 0x06, 0x40, 0x43, 0x30, - 0x44, 0x92, 0x00, 0x69, 0x10, 0x82, 0x08, 0x08, 0xa4, 0x0d, 0x41, 0x12, - 0x60, 0xc0, 0x00, 0x24, 0xd2, 0x22, 0x61, 0x08, 0x84, 0x04, 0x1b, 0x82, - 0x01, 0xd3, 0x10, 0x01, 0x02, 0xa0, 0x44, 0xc0, 0x22, 0x60, 0x91, 0x14, - 0x0c, 0x40, 0xa6, 0x04, 0xd2, 0x94, 0x20, 0x09, 0x94, 0x20, 0x52, 0x00, - 0x08, 0x10, 0xa2, 0x4c, 0x00, 0x82, 0x01, 0x51, 0x10, 0x08, 0x8b, 0xa4, - 0x25, 0x9a, 0x30, 0x44, 0x81, 0x10, 0x4c, 0x03, 0x02, 0x25, 0x52, 0x80, - 0x08, 0x49, 0x84, 0x20, 0x50, 0x32, 0x00, 0x18, 0xa2, 0x40, 0x11, 0x24, - 0x28, 0x01, 0x84, 0x01, 0x01, 0xa0, 0x41, 0x0a, 0x12, 0x45, 0x00, 0x36, - 0x08, 0x00, 0x26, 0x29, 0x83, 0x82, 0x61, 0xc0, 0x80, 0x04, 0x10, 0x10, - 0x6d, 0x00, 0x22, 0x48, 0x58, 0x26, 0x0c, 0xc2, 0x10, 0x48, 0x89, 0x24, - 0x20, 0x58, 0x20, 0x45, 0x88, 0x24, 0x00, 0x19, 0x02, 0x25, 0xc0, 0x10, - 0x68, 0x08, 0x14, 0x01, 0xca, 0x32, 0x28, 0x80, 0x00, 0x04, 0x4b, 0x26, - 0x00, 0x13, 0x90, 0x60, 0x82, 0x80, 0x25, 0xd0, 0x00, 0x01, 0x10, 0x32, - 0x0c, 0x43, 0x86, 0x21, 0x11, 0x00, 0x08, 0x43, 0x24, 0x04, 0x48, 0x10, - 0x0c, 0x90, 0x92, 0x00, 0x43, 0x20, 0x2d, 0x00, 0x06, 0x09, 0x88, 0x24, - 0x40, 0xc0, 0x32, 0x09, 0x09, 0x82, 0x00, 0x53, 0x80, 0x08, 0x80, 0x96, - 0x41, 0x81, 0x00, 0x40, 0x48, 0x10, 0x48, 0x08, 0x96, 0x48, 0x58, 0x20, - 0x29, 0xc3, 0x80, 0x20, 0x02, 0x94, 0x60, 0x92, 0x00, 0x20, 0x81, 0x22, - 0x44, 0x10, 0xa0, 0x05, 0x40, 0x90, 0x01, 0x49, 0x20, 0x04, 0x0a, 0x00, - 0x24, 0x89, 0x34, 0x48, 0x13, 0x80, 0x2c, 0xc0, 0x82, 0x29, 0x00, 0x24, - 0x45, 0x08, 0x00, 0x08, 0x98, 0x36, 0x04, 0x52, 0x84, 0x04, 0xd0, 0x04, - 0x00, 0x8a, 0x90, 0x44, 0x82, 0x32, 0x65, 0x18, 0x90, 0x00, 0x0a, 0x02, - 0x01, 0x40, 0x02, 0x28, 0x40, 0xa4, 0x04, 0x92, 0x30, 0x04, 0x11, 0x86, - 0x08, 0x42, 0x00, 0x2c, 0x52, 0x04, 0x08, 0xc9, 0x84, 0x60, 0x48, 0x12, - 0x09, 0x99, 0x24, 0x44, 0x00, 0x24, 0x00, 0x03, 0x14, 0x21, 0x00, 0x10, - 0x01, 0x1a, 0x32, 0x05, 0x88, 0x20, 0x40, 0x40, 0x06, 0x09, 0xc3, 0x84, - 0x40, 0x01, 0x30, 0x60, 0x18, 0x02, 0x68, 0x11, 0x90, 0x0c, 0x02, 0xa2, - 0x04, 0x00, 0x86, 0x29, 0x89, 0x14, 0x24, 0x82, 0x02, 0x41, 0x08, 0x80, - 0x04, 0x19, 0x80, 0x08, 0x10, 0x12, 0x68, 0x42, 0xa4, 0x04, 0x00, 0x02, - 0x61, 0x10, 0x06, 0x0c, 0x10, 0x00, 0x01, 0x12, 0x10, 0x20, 0x03, 0x94, - 0x21, 0x42, 0x12, 0x65, 0x18, 0x94, 0x0c, 0x0a, 0x04, 0x28, 0x01, 0x14, - 0x29, 0x0a, 0xa4, 0x40, 0xd0, 0x00, 0x40, 0x01, 0x90, 0x04, 0x41, 0x20, - 0x2d, 0x40, 0x82, 0x48, 0xc1, 0x20, 0x00, 0x10, 0x30, 0x01, 0x08, 0x24, - 0x04, 0x59, 0x84, 0x24, 0x00, 0x02, 0x29, 0x82, 0x00, 0x61, 0x58, 0x02, - 0x48, 0x81, 0x16, 0x48, 0x10, 0x00, 0x21, 0x11, 0x06, 0x00, 0xca, 0xa0, - 0x40, 0x02, 0x00, 0x04, 0x91, 0xb0, 0x00, 0x42, 0x04, 0x0c, 0x81, 0x06, - 0x09, 0x48, 0x14, 0x25, 0x92, 0x20, 0x25, 0x11, 0xa0, 0x00, 0x0a, 0x86, - 0x0c, 0xc1, 0x02, 0x48, 0x00, 0x20, 0x45, 0x08, 0x32, 0x00, 0x98, 0x06, - 0x04, 0x13, 0x22, 0x00, 0x82, 0x04, 0x48, 0x81, 0x14, 0x44, 0x82, 0x12, - 0x24, 0x18, 0x10, 0x40, 0x43, 0x80, 0x28, 0xd0, 0x04, 0x20, 0x81, 0x24, - 0x64, 0xd8, 0x00, 0x2c, 0x09, 0x12, 0x08, 0x41, 0xa2, 0x00, 0x00, 0x02, - 0x41, 0xca, 0x20, 0x41, 0xc0, 0x10, 0x01, 0x18, 0xa4, 0x04, 0x18, 0xa4, - 0x20, 0x12, 0x94, 0x20, 0x83, 0xa0, 0x40, 0x02, 0x32, 0x44, 0x80, 0x04, - 0x00, 0x18, 0x00, 0x0c, 0x40, 0x86, 0x60, 0x8a, 0x00, 0x64, 0x88, 0x12, - 0x05, 0x01, 0x82, 0x00, 0x4a, 0xa2, 0x01, 0xc1, 0x10, 0x61, 0x09, 0x04, - 0x01, 0x88, 0x00, 0x60, 0x01, 0xb4, 0x40, 0x08, 0x06, 0x01, 0x03, 0x80, - 0x08, 0x40, 0x94, 0x04, 0x8a, 0x20, 0x29, 0x80, 0x02, 0x0c, 0x52, 0x02, - 0x01, 0x42, 0x84, 0x00, 0x80, 0x84, 0x64, 0x02, 0x32, 0x48, 0x00, 0x30, - 0x44, 0x40, 0x22, 0x21, 0x00, 0x02, 0x08, 0xc3, 0xa0, 0x04, 0xd0, 0x20, - 0x40, 0x18, 0x16, 0x40, 0x40, 0x00, 0x28, 0x52, 0x90, 0x08, 0x82, 0x14, - 0x01, 0x18, 0x10, 0x08, 0x09, 0x82, 0x40, 0x0a, 0xa0, 0x20, 0x93, 0x80, - 0x08, 0xc0, 0x00, 0x20, 0x52, 0x00, 0x05, 0x01, 0x10, 0x40, 0x11, 0x06, - 0x0c, 0x82, 0x00, 0x00, 0x4b, 0x90, 0x44, 0x9a, 0x00, 0x28, 0x80, 0x90, - 0x04, 0x4a, 0x06, 0x09, 0x43, 0x02, 0x28, 0x00, 0x34, 0x01, 0x18, 0x00, - 0x65, 0x09, 0x80, 0x44, 0x03, 0x00, 0x24, 0x02, 0x82, 0x61, 0x48, 0x14, - 0x41, 0x00, 0x12, 0x28, 0x00, 0x34, 0x08, 0x51, 0x04, 0x05, 0x12, 0x90, - 0x28, 0x89, 0x84, 0x60, 0x12, 0x10, 0x49, 0x10, 0x26, 0x40, 0x49, 0x82, - 0x00, 0x91, 0x10, 0x01, 0x0a, 0x24, 0x40, 0x88, 0x10, 0x4c, 0x10, 0x04, - 0x00, 0x50, 0xa2, 0x2c, 0x40, 0x90, 0x48, 0x0a, 0xb0, 0x01, 0x50, 0x12, - 0x08, 0x00, 0xa4, 0x04, 0x09, 0xa0, 0x28, 0x92, 0x02, 0x00, 0x43, 0x10, - 0x21, 0x02, 0x20, 0x41, 0x81, 0x32, 0x00, 0x08, 0x04, 0x0c, 0x52, 0x00, - 0x21, 0x49, 0x84, 0x20, 0x10, 0x02, 0x01, 0x81, 0x10, 0x48, 0x40, 0x22, - 0x01, 0x01, 0x84, 0x69, 0xc1, 0x30, 0x01, 0xc8, 0x02, 0x44, 0x88, 0x00, - 0x0c, 0x01, 0x02, 0x2d, 0xc0, 0x12, 0x61, 0x00, 0xa0, 0x00, 0xc0, 0x30, - 0x40, 0x01, 0x12, 0x08, 0x0b, 0x20, 0x00, 0x80, 0x94, 0x40, 0x01, 0x84, - 0x40, 0x00, 0x32, 0x00, 0x10, 0x84, 0x00, 0x0b, 0x24, 0x00, 0x01, 0x06, - 0x29, 0x8a, 0x84, 0x41, 0x80, 0x10, 0x08, 0x08, 0x94, 0x4c, 0x03, 0x80, - 0x01, 0x40, 0x96, 0x40, 0x41, 0x20, 0x20, 0x50, 0x22, 0x25, 0x89, 0xa2, - 0x40, 0x40, 0xa4, 0x20, 0x02, 0x86, 0x28, 0x01, 0x20, 0x21, 0x4a, 0x10, - 0x08, 0x00, 0x14, 0x08, 0x40, 0x04, 0x25, 0x42, 0x02, 0x21, 0x43, 0x10, - 0x04, 0x92, 0x00, 0x21, 0x11, 0xa0, 0x4c, 0x18, 0x22, 0x09, 0x03, 0x84, - 0x41, 0x89, 0x10, 0x04, 0x82, 0x22, 0x24, 0x01, 0x14, 0x08, 0x08, 0x84, - 0x08, 0xc1, 0x00, 0x09, 0x42, 0xb0, 0x41, 0x8a, 0x02, 0x00, 0x80, 0x36, - 0x04, 0x49, 0xa0, 0x24, 0x91, 0x00, 0x00, 0x02, 0x94, 0x41, 0x92, 0x02, - 0x01, 0x08, 0x06, 0x08, 0x09, 0x00, 0x01, 0xd0, 0x16, 0x28, 0x89, 0x80, - 0x60, 0x00, 0x00, 0x68, 0x01, 0x90, 0x0c, 0x50, 0x20, 0x01, 0x40, 0x80, - 0x40, 0x42, 0x30, 0x41, 0x00, 0x20, 0x25, 0x81, 0x06, 0x40, 0x49, 0x00, - 0x08, 0x01, 0x12, 0x49, 0x00, 0xa0, 0x20, 0x18, 0x30, 0x05, 0x01, 0xa6, - 0x00, 0x10, 0x24, 0x28, 0x00, 0x02, 0x20, 0xc8, 0x20, 0x00, 0x88, 0x12, - 0x0c, 0x90, 0x92, 0x00, 0x02, 0x26, 0x01, 0x42, 0x16, 0x49, 0x00, 0x04, - 0x24, 0x42, 0x02, 0x01, 0x88, 0x80, 0x0c, 0x1a, 0x80, 0x08, 0x10, 0x00, - 0x60, 0x02, 0x94, 0x44, 0x88, 0x00, 0x69, 0x11, 0x30, 0x08, 0x12, 0xa0, - 0x24, 0x13, 0x84, 0x00, 0x82, 0x00, 0x65, 0xc0, 0x10, 0x28, 0x00, 0x30, - 0x04, 0x03, 0x20, 0x01, 0x11, 0x06, 0x01, 0xc8, 0x80, 0x00, 0xc2, 0x20, - 0x08, 0x10, 0x82, 0x0c, 0x13, 0x02, 0x0c, 0x52, 0x06, 0x40, 0x00, 0xb0, - 0x61, 0x40, 0x10, 0x01, 0x98, 0x86, 0x04, 0x10, 0x84, 0x08, 0x92, 0x14, - 0x60, 0x41, 0x80, 0x41, 0x1a, 0x10, 0x04, 0x81, 0x22, 0x40, 0x41, 0x20, - 0x29, 0x52, 0x00, 0x41, 0x08, 0x34, 0x60, 0x10, 0x00, 0x28, 0x01, 0x10, - 0x40, 0x00, 0x84, 0x08, 0x42, 0x90, 0x20, 0x48, 0x04, 0x04, 0x52, 0x02, - 0x00, 0x08, 0x20, 0x04, 0x00, 0x82, 0x0d, 0x00, 0x82, 0x40, 0x02, 0x10, - 0x05, 0x48, 0x20, 0x40, 0x99, 0x00, 0x00, 0x01, 0x06, 0x24, 0xc0, 0x00, - 0x68, 0x82, 0x04, 0x21, 0x12, 0x10, 0x44, 0x08, 0x04, 0x00, 0x40, 0xa6, - 0x20, 0xd0, 0x16, 0x09, 0xc9, 0x24, 0x41, 0x02, 0x20, 0x0c, 0x09, 0x92, - 0x40, 0x12, 0x00, 0x00, 0x40, 0x00, 0x09, 0x43, 0x84, 0x20, 0x98, 0x02, - 0x01, 0x11, 0x24, 0x00, 0x43, 0x24, 0x00, 0x03, 0x90, 0x08, 0x41, 0x30, - 0x24, 0x58, 0x20, 0x4c, 0x80, 0x82, 0x08, 0x10, 0x24, 0x25, 0x81, 0x06, - 0x41, 0x09, 0x10, 0x20, 0x18, 0x10, 0x44, 0x80, 0x10, 0x00, 0x4a, 0x24, - 0x0d, 0x01, 0x94, 0x28, 0x80, 0x30, 0x00, 0xc0, 0x02, 0x60, 0x10, 0x84, - 0x0c, 0x02, 0x00, 0x09, 0x02, 0x82, 0x01, 0x08, 0x10, 0x04, 0xc2, 0x20, - 0x68, 0x09, 0x06, 0x04, 0x18, 0x00, 0x00, 0x11, 0x90, 0x08, 0x0b, 0x10, - 0x21, 0x82, 0x02, 0x0c, 0x10, 0xb6, 0x08, 0x00, 0x26, 0x00, 0x41, 0x02, - 0x01, 0x4a, 0x24, 0x21, 0x1a, 0x20, 0x24, 0x80, 0x00, 0x44, 0x02, 0x00, - 0x2d, 0x40, 0x02, 0x00, 0x8b, 0x94, 0x20, 0x10, 0x00, 0x20, 0x90, 0xa6, - 0x40, 0x13, 0x00, 0x2c, 0x11, 0x86, 0x61, 0x01, 0x80, 0x41, 0x10, 0x02, - 0x04, 0x81, 0x30, 0x48, 0x48, 0x20, 0x28, 0x50, 0x80, 0x21, 0x8a, 0x10, - 0x04, 0x08, 0x10, 0x09, 0x10, 0x10, 0x48, 0x42, 0xa0, 0x0c, 0x82, 0x92, - 0x60, 0xc0, 0x20, 0x05, 0xd2, 0x20, 0x40, 0x01, 0x00, 0x04, 0x08, 0x82, - 0x2d, 0x82, 0x02, 0x00, 0x48, 0x80, 0x41, 0x48, 0x10, 0x00, 0x91, 0x04, - 0x04, 0x03, 0x84, 0x00, 0xc2, 0x04, 0x68, 0x00, 0x00, 0x64, 0xc0, 0x22, - 0x40, 0x08, 0x32, 0x44, 0x09, 0x86, 0x00, 0x91, 0x02, 0x28, 0x01, 0x00, - 0x64, 0x48, 0x00, 0x24, 0x10, 0x90, 0x00, 0x43, 0x00, 0x21, 0x52, 0x86, - 0x41, 0x8b, 0x90, 0x20, 0x40, 0x20, 0x08, 0x88, 0x04, 0x44, 0x13, 0x20, - 0x00, 0x02, 0x84, 0x60, 0x81, 0x90, 0x24, 0x40, 0x30, 0x00, 0x08, 0x10, - 0x08, 0x08, 0x02, 0x01, 0x10, 0x04, 0x20, 0x43, 0xb4, 0x40, 0x90, 0x12, - 0x68, 0x01, 0x80, 0x4c, 0x18, 0x00, 0x08, 0xc0, 0x12, 0x49, 0x40, 0x10, - 0x24, 0x1a, 0x00, 0x41, 0x89, 0x24, 0x4c, 0x10, 0x00, 0x04, 0x52, 0x10, - 0x09, 0x4a, 0x20, 0x41, 0x48, 0x22, 0x69, 0x11, 0x14, 0x08, 0x10, 0x06, - 0x24, 0x80, 0x84, 0x28, 0x00, 0x10, 0x00, 0x40, 0x10, 0x01, 0x08, 0x26, - 0x08, 0x48, 0x06, 0x28, 0x00, 0x14, 0x01, 0x42, 0x84, 0x04, 0x0a, 0x20, - 0x00, 0x01, 0x82, 0x08, 0x00, 0x82, 0x24, 0x12, 0x04, 0x40, 0x40, 0xa0, - 0x40, 0x90, 0x10, 0x04, 0x90, 0x22, 0x40, 0x10, 0x20, 0x2c, 0x80, 0x10, - 0x28, 0x43, 0x00, 0x04, 0x58, 0x00, 0x01, 0x81, 0x10, 0x48, 0x09, 0x20, - 0x21, 0x83, 0x04, 0x00, 0x42, 0xa4, 0x44, 0x00, 0x00, 0x6c, 0x10, 0xa0, - 0x44, 0x48, 0x80, 0x00, 0x83, 0x80, 0x48, 0xc9, 0x00, 0x00, 0x00, 0x02, - 0x05, 0x10, 0xb0, 0x04, 0x13, 0x04, 0x29, 0x10, 0x92, 0x40, 0x08, 0x04, - 0x44, 0x82, 0x22, 0x00, 0x19, 0x20, 0x00, 0x19, 0x20, 0x01, 0x81, 0x90, - 0x60, 0x8a, 0x00, 0x41, 0xc0, 0x02, 0x45, 0x10, 0x04, 0x00, 0x02, 0xa2, - 0x09, 0x40, 0x10, 0x21, 0x49, 0x20, 0x01, 0x42, 0x30, 0x2c, 0x00, 0x14, - 0x44, 0x01, 0x22, 0x04, 0x02, 0x92, 0x08, 0x89, 0x04, 0x21, 0x80, 0x10, - 0x05, 0x01, 0x20, 0x40, 0x41, 0x80, 0x04, 0x00, 0x12, 0x09, 0x40, 0xb0, - 0x64, 0x58, 0x32, 0x01, 0x08, 0x90, 0x00, 0x41, 0x04, 0x09, 0xc1, 0x80, - 0x61, 0x08, 0x90, 0x00, 0x9a, 0x00, 0x24, 0x01, 0x12, 0x08, 0x02, 0x26, - 0x05, 0x82, 0x06, 0x08, 0x08, 0x00, 0x20, 0x48, 0x20, 0x00, 0x18, 0x24, - 0x48, 0x03, 0x02, 0x00, 0x11, 0x00, 0x09, 0x00, 0x84, 0x01, 0x4a, 0x10, - 0x01, 0x98, 0x00, 0x04, 0x18, 0x86, 0x00, 0xc0, 0x00, 0x20, 0x81, 0x80, - 0x04, 0x10, 0x30, 0x05, 0x00, 0xb4, 0x0c, 0x4a, 0x82, 0x29, 0x91, 0x02, - 0x28, 0x00, 0x20, 0x44, 0xc0, 0x00, 0x2c, 0x91, 0x80, 0x40, 0x01, 0xa2, - 0x00, 0x12, 0x04, 0x09, 0xc3, 0x20, 0x00, 0x08, 0x02, 0x0c, 0x10, 0x22, - 0x04, 0x00, 0x00, 0x2c, 0x11, 0x86, 0x00, 0xc0, 0x00, 0x00, 0x12, 0x32, - 0x40, 0x89, 0x80, 0x40, 0x40, 0x02, 0x05, 0x50, 0x86, 0x60, 0x82, 0xa4, - 0x60, 0x0a, 0x12, 0x4d, 0x80, 0x90, 0x08, 0x12, 0x80, 0x09, 0x02, 0x14, - 0x48, 0x01, 0x24, 0x20, 0x8a, 0x00, 0x44, 0x90, 0x04, 0x04, 0x01, 0x02, - 0x00, 0xd1, 0x12, 0x00, 0x0a, 0x04, 0x40, 0x00, 0x32, 0x21, 0x81, 0x24, - 0x08, 0x19, 0x84, 0x20, 0x02, 0x04, 0x08, 0x89, 0x80, 0x24, 0x02, 0x02, - 0x68, 0x18, 0x82, 0x44, 0x42, 0x00, 0x21, 0x40, 0x00, 0x28, 0x01, 0x80, - 0x45, 0x82, 0x20, 0x40, 0x11, 0x80, 0x0c, 0x02, 0x00, 0x24, 0x40, 0x90, - 0x01, 0x40, 0x20, 0x20, 0x50, 0x20, 0x28, 0x19, 0x00, 0x40, 0x09, 0x20, - 0x08, 0x80, 0x04, 0x60, 0x40, 0x80, 0x20, 0x08, 0x30, 0x49, 0x09, 0x34, - 0x00, 0x11, 0x24, 0x24, 0x82, 0x00, 0x41, 0xc2, 0x00, 0x04, 0x92, 0x02, - 0x24, 0x80, 0x00, 0x0c, 0x02, 0xa0, 0x00, 0x01, 0x06, 0x60, 0x41, 0x04, - 0x21, 0xd0, 0x00, 0x01, 0x01, 0x00, 0x48, 0x12, 0x84, 0x04, 0x91, 0x12, - 0x08, 0x00, 0x24, 0x44, 0x00, 0x12, 0x41, 0x18, 0x26, 0x0c, 0x41, 0x80, - 0x00, 0x52, 0x04, 0x20, 0x09, 0x00, 0x24, 0x90, 0x20, 0x48, 0x18, 0x02, - 0x00, 0x03, 0xa2, 0x09, 0xd0, 0x14, 0x00, 0x8a, 0x84, 0x25, 0x4a, 0x00, - 0x20, 0x98, 0x14, 0x40, 0x00, 0xa2, 0x05, 0x00, 0x00, 0x00, 0x40, 0x14, - 0x01, 0x58, 0x20, 0x2c, 0x80, 0x84, 0x00, 0x09, 0x20, 0x20, 0x91, 0x02, - 0x08, 0x02, 0xb0, 0x41, 0x08, 0x30, 0x00, 0x09, 0x10, 0x00, 0x18, 0x02, - 0x21, 0x02, 0x02, 0x00, 0x00, 0x24, 0x44, 0x08, 0x12, 0x60, 0x00, 0xb2, - 0x44, 0x12, 0x02, 0x0c, 0xc0, 0x80, 0x40, 0xc8, 0x20, 0x04, 0x50, 0x20, - 0x05, 0x00, 0xb0, 0x04, 0x0b, 0x04, 0x29, 0x53, 0x00, 0x61, 0x48, 0x30, - 0x00, 0x82, 0x20, 0x29, 0x00, 0x16, 0x00, 0x53, 0x22, 0x20, 0x43, 0x10, - 0x48, 0x00, 0x80, 0x04, 0xd2, 0x00, 0x40, 0x00, 0xa2, 0x44, 0x03, 0x80, - 0x29, 0x00, 0x04, 0x08, 0xc0, 0x04, 0x64, 0x40, 0x30, 0x28, 0x09, 0x84, - 0x44, 0x50, 0x80, 0x21, 0x02, 0x92, 0x00, 0xc0, 0x10, 0x60, 0x88, 0x22, - 0x08, 0x80, 0x00, 0x00, 0x18, 0x84, 0x04, 0x83, 0x96, 0x00, 0x81, 0x20, - 0x05, 0x02, 0x00, 0x45, 0x88, 0x84, 0x00, 0x51, 0x20, 0x20, 0x51, 0x86, - 0x41, 0x4b, 0x94, 0x00, 0x80, 0x00, 0x08, 0x11, 0x20, 0x4c, 0x58, 0x80, - 0x04, 0x03, 0x06, 0x20, 0x89, 0x00, 0x05, 0x08, 0x22, 0x05, 0x90, 0x00, - 0x40, 0x00, 0x82, 0x09, 0x50, 0x00, 0x00, 0x00, 0xa0, 0x41, 0xc2, 0x20, - 0x08, 0x00, 0x16, 0x08, 0x40, 0x26, 0x21, 0xd0, 0x90, 0x08, 0x81, 0x90, - 0x41, 0x00, 0x02, 0x44, 0x08, 0x10, 0x0c, 0x0a, 0x86, 0x09, 0x90, 0x04, - 0x00, 0xc8, 0xa0, 0x04, 0x08, 0x30, 0x20, 0x89, 0x84, 0x00, 0x11, 0x22, - 0x2c, 0x40, 0x00, 0x08, 0x02, 0xb0, 0x01, 0x48, 0x02, 0x01, 0x09, 0x20, - 0x04, 0x03, 0x04, 0x00, 0x80, 0x02, 0x60, 0x42, 0x30, 0x21, 0x4a, 0x10, - 0x44, 0x09, 0x02, 0x00, 0x01, 0x24, 0x00, 0x12, 0x82, 0x21, 0x80, 0xa4, - 0x20, 0x10, 0x02, 0x04, 0x91, 0xa0, 0x40, 0x18, 0x04, 0x00, 0x02, 0x06, - 0x69, 0x09, 0x00, 0x05, 0x58, 0x02, 0x01, 0x00, 0x00, 0x48, 0x00, 0x00, - 0x00, 0x03, 0x92, 0x20, 0x00, 0x34, 0x01, 0xc8, 0x20, 0x48, 0x08, 0x30, - 0x08, 0x42, 0x80, 0x20, 0x91, 0x90, 0x68, 0x01, 0x04, 0x40, 0x12, 0x02, - 0x61, 0x00, 0x12, 0x08, 0x01, 0xa0, 0x00, 0x11, 0x04, 0x21, 0x48, 0x04, - 0x24, 0x92, 0x00, 0x0c, 0x01, 0x84, 0x04, 0x00, 0x00, 0x01, 0x12, 0x96, - 0x40, 0x01, 0xa0, 0x41, 0x88, 0x22, 0x28, 0x88, 0x00, 0x44, 0x42, 0x80, - 0x24, 0x12, 0x14, 0x01, 0x42, 0x90, 0x60, 0x1a, 0x10, 0x04, 0x81, 0x10, - 0x48, 0x08, 0x06, 0x29, 0x83, 0x02, 0x40, 0x02, 0x24, 0x64, 0x80, 0x10, - 0x05, 0x80, 0x10, 0x40, 0x02, 0x02, 0x08, 0x42, 0x84, 0x01, 0x09, 0x20, - 0x04, 0x50, 0x00, 0x60, 0x11, 0x30, 0x40, 0x13, 0x02, 0x04, 0x81, 0x00, - 0x09, 0x08, 0x20, 0x45, 0x4a, 0x10, 0x61, 0x90, 0x26, 0x0c, 0x08, 0x02, - 0x21, 0x91, 0x00, 0x60, 0x02, 0x04, 0x00, 0x02, 0x00, 0x0c, 0x08, 0x06, - 0x08, 0x48, 0x84, 0x08, 0x11, 0x02, 0x00, 0x80, 0xa4, 0x00, 0x5a, 0x20, - 0x00, 0x88, 0x04, 0x04, 0x02, 0x00, 0x09, 0x00, 0x14, 0x08, 0x49, 0x14, - 0x20, 0xc8, 0x00, 0x04, 0x91, 0xa0, 0x40, 0x59, 0x80, 0x00, 0x12, 0x10, - 0x00, 0x80, 0x80, 0x65, 0x00, 0x00, 0x04, 0x00, 0x80, 0x40, 0x19, 0x00, - 0x21, 0x03, 0x84, 0x60, 0xc0, 0x04, 0x24, 0x1a, 0x12, 0x61, 0x80, 0x80, - 0x08, 0x02, 0x04, 0x09, 0x42, 0x12, 0x20, 0x08, 0x34, 0x04, 0x90, 0x20, - 0x01, 0x01, 0xa0, 0x00, 0x0b, 0x00, 0x08, 0x91, 0x92, 0x40, 0x02, 0x34, - 0x40, 0x88, 0x10, 0x61, 0x19, 0x02, 0x00, 0x40, 0x04, 0x25, 0xc0, 0x80, - 0x68, 0x08, 0x04, 0x21, 0x80, 0x22, 0x04, 0x00, 0xa0, 0x0c, 0x01, 0x84, - 0x20, 0x41, 0x00, 0x08, 0x8a, 0x00, 0x20, 0x8a, 0x00, 0x48, 0x88, 0x04, - 0x04, 0x11, 0x82, 0x08, 0x40, 0x86, 0x09, 0x49, 0xa4, 0x40, 0x00, 0x10, - 0x01, 0x01, 0xa2, 0x04, 0x50, 0x80, 0x0c, 0x80, 0x00, 0x48, 0x82, 0xa0, - 0x01, 0x18, 0x12, 0x41, 0x01, 0x04, 0x48, 0x41, 0x00, 0x24, 0x01, 0x00, - 0x00, 0x88, 0x14, 0x00, 0x02, 0x00, 0x68, 0x01, 0x20, 0x08, 0x4a, 0x22, - 0x08, 0x83, 0x80, 0x00, 0x89, 0x04, 0x01, 0xc2, 0x00, 0x00, 0x00, 0x34, - 0x04, 0x00, 0x82, 0x28, 0x02, 0x02, 0x41, 0x4a, 0x90, 0x05, 0x82, 0x02, - 0x09, 0x80, 0x24, 0x04, 0x41, 0x00, 0x01, 0x92, 0x80, 0x28, 0x01, 0x14, - 0x00, 0x50, 0x20, 0x4c, 0x10, 0xb0, 0x04, 0x43, 0xa4, 0x21, 0x90, 0x04, - 0x01, 0x02, 0x00, 0x44, 0x48, 0x00, 0x64, 0x08, 0x06, 0x00, 0x42, 0x20, - 0x08, 0x02, 0x92, 0x01, 0x4a, 0x00, 0x20, 0x50, 0x32, 0x25, 0x90, 0x22, - 0x04, 0x09, 0x00, 0x08, 0x11, 0x80, 0x21, 0x01, 0x10, 0x05, 0x00, 0x32, - 0x08, 0x88, 0x94, 0x08, 0x08, 0x24, 0x0d, 0xc1, 0x80, 0x40, 0x0b, 0x20, - 0x40, 0x18, 0x12, 0x04, 0x00, 0x22, 0x40, 0x10, 0x26, 0x05, 0xc1, 0x82, - 0x00, 0x01, 0x30, 0x24, 0x02, 0x22, 0x41, 0x08, 0x24, 0x48, 0x1a, 0x00, - 0x25, 0xd2, 0x12, 0x28, 0x42, 0x00, 0x04, 0x40, 0x30, 0x41, 0x00, 0x02, - 0x00, 0x13, 0x20, 0x24, 0xd1, 0x84, 0x08, 0x89, 0x80, 0x04, 0x52, 0x00, - 0x44, 0x18, 0xa4, 0x00, 0x00, 0x06, 0x20, 0x91, 0x10, 0x09, 0x42, 0x20, - 0x24, 0x40, 0x30, 0x28, 0x00, 0x84, 0x40, 0x40, 0x80, 0x08, 0x10, 0x04, - 0x09, 0x08, 0x04, 0x40, 0x08, 0x22, 0x00, 0x19, 0x02, 0x00, 0x00, 0x80, - 0x2c, 0x02, 0x02, 0x21, 0x01, 0x90, 0x20, 0x40, 0x00, 0x0c, 0x00, 0x34, - 0x48, 0x58, 0x20, 0x01, 0x43, 0x04, 0x20, 0x80, 0x14, 0x00, 0x90, 0x00, - 0x6d, 0x11, 0x00, 0x00, 0x40, 0x20, 0x00, 0x03, 0x10, 0x40, 0x88, 0x30, - 0x05, 0x4a, 0x00, 0x65, 0x10, 0x24, 0x08, 0x18, 0x84, 0x28, 0x03, 0x80, - 0x20, 0x42, 0xb0, 0x40, 0x00, 0x10, 0x69, 0x19, 0x04, 0x00, 0x00, 0x80, - 0x04, 0xc2, 0x04, 0x00, 0x01, 0x00, 0x05, 0x00, 0x22, 0x25, 0x08, 0x96, - 0x04, 0x02, 0x22, 0x00, 0xd0, 0x10, 0x29, 0x01, 0xa0, 0x60, 0x08, 0x10, - 0x04, 0x01, 0x16, 0x44, 0x10, 0x02, 0x28, 0x02, 0x82, 0x48, 0x40, 0x84, - 0x20, 0x90, 0x22, 0x28, 0x80, 0x04, 0x00, 0x40, 0x04, 0x24, 0x00, 0x80, - 0x29, 0x03, 0x10, 0x60, 0x48, 0x00, 0x00, 0x81, 0xa0, 0x00, 0x51, 0x20, - 0x0c, 0xd1, 0x00, 0x01, 0x41, 0x20, 0x04, 0x92, 0x00, 0x00, 0x10, 0x92, - 0x00, 0x42, 0x04, 0x05, 0x01, 0x86, 0x40, 0x80, 0x10, 0x20, 0x52, 0x20, - 0x21, 0x00, 0x10, 0x48, 0x0a, 0x02, 0x00, 0xd0, 0x12, 0x41, 0x48, 0x80, - 0x04, 0x00, 0x00, 0x48, 0x09, 0x22, 0x04, 0x00, 0x24, 0x00, 0x43, 0x10, - 0x60, 0x0a, 0x00, 0x44, 0x12, 0x20, 0x2c, 0x08, 0x20, 0x44, 0x00, 0x84, - 0x09, 0x40, 0x06, 0x08, 0xc1, 0x00, 0x40, 0x80, 0x20, 0x00, 0x98, 0x12, - 0x48, 0x10, 0xa2, 0x20, 0x00, 0x84, 0x48, 0xc0, 0x10, 0x20, 0x90, 0x12, - 0x08, 0x98, 0x82, 0x00, 0x0a, 0xa0, 0x04, 0x03, 0x00, 0x28, 0xc3, 0x00, - 0x44, 0x42, 0x10, 0x04, 0x08, 0x04, 0x40, 0x00, 0x00, 0x05, 0x10, 0x00, - 0x21, 0x03, 0x80, 0x04, 0x88, 0x12, 0x69, 0x10, 0x00, 0x04, 0x08, 0x04, - 0x04, 0x02, 0x84, 0x48, 0x49, 0x04, 0x20, 0x18, 0x02, 0x64, 0x80, 0x30, - 0x08, 0x01, 0x02, 0x00, 0x52, 0x12, 0x49, 0x08, 0x20, 0x41, 0x88, 0x10, - 0x48, 0x08, 0x34, 0x00, 0x01, 0x86, 0x05, 0xd0, 0x00, 0x00, 0x83, 0x84, - 0x21, 0x40, 0x02, 0x41, 0x10, 0x80, 0x48, 0x40, 0xa2, 0x20, 0x51, 0x00, - 0x00, 0x49, 0x00, 0x01, 0x90, 0x20, 0x40, 0x18, 0x02, 0x40, 0x02, 0x22, - 0x05, 0x40, 0x80, 0x08, 0x82, 0x10, 0x20, 0x18, 0x00, 0x05, 0x01, 0x82, - 0x40, 0x58, 0x00, 0x04, 0x81, 0x90, 0x29, 0x01, 0xa0, 0x64, 0x00, 0x22, - 0x40, 0x01, 0xa2, 0x00, 0x18, 0x04, 0x0d, 0x00, 0x00, 0x60, 0x80, 0x94, - 0x60, 0x82, 0x10, 0x0d, 0x80, 0x30, 0x0c, 0x12, 0x20, 0x00, 0x00, 0x12, - 0x40, 0xc0, 0x20, 0x21, 0x58, 0x02, 0x41, 0x10, 0x80, 0x44, 0x03, 0x02, - 0x04, 0x13, 0x90, 0x29, 0x08, 0x00, 0x44, 0xc0, 0x00, 0x21, 0x00, 0x26, - 0x00, 0x1a, 0x80, 0x01, 0x13, 0x14, 0x20, 0x0a, 0x14, 0x20, 0x00, 0x32, - 0x61, 0x08, 0x00, 0x40, 0x42, 0x20, 0x09, 0x80, 0x06, 0x01, 0x81, 0x80, - 0x60, 0x42, 0x00, 0x68, 0x90, 0x82, 0x08, 0x42, 0x80, 0x04, 0x02, 0x80, - 0x09, 0x0b, 0x04, 0x00, 0x98, 0x00, 0x0c, 0x81, 0x06, 0x44, 0x48, 0x84, - 0x28, 0x03, 0x92, 0x00, 0x01, 0x80, 0x40, 0x0a, 0x00, 0x0c, 0x81, 0x02, - 0x08, 0x51, 0x04, 0x28, 0x90, 0x02, 0x20, 0x09, 0x10, 0x60, 0x00, 0x00, - 0x09, 0x81, 0xa0, 0x0c, 0x00, 0xa4, 0x09, 0x00, 0x02, 0x28, 0x80, 0x20, - 0x00, 0x02, 0x02, 0x04, 0x81, 0x14, 0x04, 0x00, 0x04, 0x09, 0x11, 0x12, - 0x60, 0x40, 0x20, 0x01, 0x48, 0x30, 0x40, 0x11, 0x00, 0x08, 0x0a, 0x86, - 0x00, 0x00, 0x04, 0x60, 0x81, 0x04, 0x01, 0xd0, 0x02, 0x41, 0x18, 0x90, - 0x00, 0x0a, 0x20, 0x00, 0xc1, 0x06, 0x01, 0x08, 0x80, 0x64, 0xca, 0x10, - 0x04, 0x99, 0x80, 0x48, 0x01, 0x82, 0x20, 0x50, 0x90, 0x48, 0x80, 0x84, - 0x20, 0x90, 0x22, 0x00, 0x19, 0x00, 0x04, 0x18, 0x20, 0x24, 0x10, 0x86, - 0x40, 0xc2, 0x00, 0x24, 0x12, 0x10, 0x44, 0x00, 0x16, 0x08, 0x10, 0x24, - 0x00, 0x12, 0x06, 0x01, 0x08, 0x90, 0x00, 0x12, 0x02, 0x4d, 0x10, 0x80, - 0x40, 0x50, 0x22, 0x00, 0x43, 0x10, 0x01, 0x00, 0x30, 0x21, 0x0a, 0x00, - 0x00, 0x01, 0x14, 0x00, 0x10, 0x84, 0x04, 0xc1, 0x10, 0x29, 0x0a, 0x00, - 0x01, 0x8a, 0x00, 0x20, 0x01, 0x12, 0x0c, 0x49, 0x20, 0x04, 0x81, 0x00, - 0x48, 0x01, 0x04, 0x60, 0x80, 0x12, 0x0c, 0x08, 0x10, 0x48, 0x4a, 0x04, - 0x28, 0x10, 0x00, 0x28, 0x40, 0x84, 0x45, 0x50, 0x10, 0x60, 0x10, 0x06, - 0x44, 0x01, 0x80, 0x09, 0x00, 0x86, 0x01, 0x42, 0xa0, 0x00, 0x90, 0x00, - 0x05, 0x90, 0x22, 0x40, 0x41, 0x00, 0x08, 0x80, 0x02, 0x08, 0xc0, 0x00, - 0x01, 0x58, 0x30, 0x49, 0x09, 0x14, 0x00, 0x41, 0x02, 0x0c, 0x02, 0x80, - 0x40, 0x89, 0x00, 0x24, 0x08, 0x10, 0x05, 0x90, 0x32, 0x40, 0x0a, 0x82, - 0x08, 0x00, 0x12, 0x61, 0x00, 0x04, 0x21, 0x00, 0x22, 0x04, 0x10, 0x24, - 0x08, 0x0a, 0x04, 0x01, 0x10, 0x00, 0x20, 0x40, 0x84, 0x04, 0x88, 0x22, - 0x20, 0x90, 0x12, 0x00, 0x53, 0x06, 0x24, 0x01, 0x04, 0x40, 0x0b, 0x14, - 0x60, 0x82, 0x02, 0x0d, 0x10, 0x90, 0x0c, 0x08, 0x20, 0x09, 0x00, 0x14, - 0x09, 0x80, 0x80, 0x24, 0x82, 0x00, 0x40, 0x01, 0x02, 0x44, 0x01, 0x20, - 0x0c, 0x40, 0x84, 0x40, 0x0a, 0x10, 0x41, 0x00, 0x30, 0x05, 0x09, 0x80, - 0x44, 0x08, 0x20, 0x20, 0x02, 0x00, 0x49, 0x43, 0x20, 0x21, 0x00, 0x20, - 0x00, 0x01, 0xb6, 0x08, 0x40, 0x04, 0x08, 0x02, 0x80, 0x01, 0x41, 0x80, - 0x40, 0x08, 0x10, 0x24, 0x00, 0x20, 0x04, 0x12, 0x86, 0x09, 0xc0, 0x12, - 0x21, 0x81, 0x14, 0x04, 0x00, 0x02, 0x20, 0x89, 0xb4, 0x44, 0x12, 0x80, - 0x00, 0xd1, 0x00, 0x69, 0x40, 0x80, 0x00, 0x42, 0x12, 0x00, 0x18, 0x04, - 0x00, 0x49, 0x06, 0x21, 0x02, 0x04, 0x28, 0x02, 0x84, 0x01, 0xc0, 0x10, - 0x68, 0x00, 0x20, 0x08, 0x40, 0x00, 0x08, 0x91, 0x10, 0x01, 0x81, 0x24, - 0x04, 0xd2, 0x10, 0x4c, 0x88, 0x86, 0x00, 0x10, 0x80, 0x0c, 0x02, 0x14, - 0x00, 0x8a, 0x90, 0x40, 0x18, 0x20, 0x21, 0x80, 0xa4, 0x00, 0x58, 0x24, - 0x20, 0x10, 0x10, 0x60, 0xc1, 0x30, 0x41, 0x48, 0x02, 0x48, 0x09, 0x00, - 0x40, 0x09, 0x02, 0x05, 0x11, 0x82, 0x20, 0x4a, 0x20, 0x24, 0x18, 0x02, - 0x0c, 0x10, 0x22, 0x0c, 0x0a, 0x04, 0x00, 0x03, 0x06, 0x48, 0x48, 0x04, - 0x04, 0x02, 0x00, 0x21, 0x80, 0x84, 0x00, 0x18, 0x00, 0x0c, 0x02, 0x12, - 0x01, 0x00, 0x14, 0x05, 0x82, 0x10, 0x41, 0x89, 0x12, 0x08, 0x40, 0xa4, - 0x21, 0x01, 0x84, 0x48, 0x02, 0x10, 0x60, 0x40, 0x02, 0x28, 0x00, 0x14, - 0x08, 0x40, 0xa0, 0x20, 0x51, 0x12, 0x00, 0xc2, 0x00, 0x01, 0x1a, 0x30, - 0x40, 0x89, 0x12, 0x4c, 0x02, 0x80, 0x00, 0x00, 0x14, 0x01, 0x01, 0xa0, - 0x21, 0x18, 0x22, 0x21, 0x18, 0x06, 0x40, 0x01, 0x80, 0x00, 0x90, 0x04, - 0x48, 0x02, 0x30, 0x04, 0x08, 0x00, 0x05, 0x88, 0x24, 0x08, 0x48, 0x04, - 0x24, 0x02, 0x06, 0x00, 0x80, 0x00, 0x00, 0x00, 0x10, 0x65, 0x11, 0x90, - 0x00, 0x0a, 0x82, 0x04, 0xc3, 0x04, 0x60, 0x48, 0x24, 0x04, 0x92, 0x02, - 0x44, 0x88, 0x80, 0x40, 0x18, 0x06, 0x29, 0x80, 0x10, 0x01, 0x00, 0x00, - 0x44, 0xc8, 0x10, 0x21, 0x89, 0x30, 0x00, 0x4b, 0xa0, 0x01, 0x10, 0x14, - 0x00, 0x02, 0x94, 0x40, 0x00, 0x20, 0x65, 0x00, 0xa2, 0x0c, 0x40, 0x22, - 0x20, 0x81, 0x12, 0x20, 0x82, 0x04, 0x01, 0x10, 0x00, 0x08, 0x88, 0x00, - 0x00, 0x11, 0x80, 0x04, 0x42, 0x80, 0x40, 0x41, 0x14, 0x00, 0x40, 0x32, - 0x2c, 0x80, 0x24, 0x04, 0x19, 0x00, 0x00, 0x91, 0x00, 0x20, 0x83, 0x00, - 0x05, 0x40, 0x20, 0x09, 0x01, 0x84, 0x40, 0x40, 0x20, 0x20, 0x11, 0x00, - 0x40, 0x41, 0x90, 0x20, 0x00, 0x00, 0x40, 0x90, 0x92, 0x48, 0x18, 0x06, - 0x08, 0x81, 0x80, 0x48, 0x01, 0x34, 0x24, 0x10, 0x20, 0x04, 0x00, 0x20, - 0x04, 0x18, 0x06, 0x2d, 0x90, 0x10, 0x01, 0x00, 0x90, 0x00, 0x0a, 0x22, - 0x01, 0x00, 0x22, 0x00, 0x11, 0x84, 0x01, 0x01, 0x00, 0x20, 0x88, 0x00, - 0x44, 0x00, 0x22, 0x01, 0x00, 0xa6, 0x40, 0x02, 0x06, 0x20, 0x11, 0x00, - 0x01, 0xc8, 0xa0, 0x04, 0x8a, 0x00, 0x28, 0x19, 0x80, 0x00, 0x52, 0xa0, - 0x24, 0x12, 0x12, 0x09, 0x08, 0x24, 0x01, 0x48, 0x00, 0x04, 0x00, 0x24, - 0x40, 0x02, 0x84, 0x08, 0x00, 0x04, 0x48, 0x40, 0x90, 0x60, 0x0a, 0x22, - 0x01, 0x88, 0x14, 0x08, 0x01, 0x02, 0x08, 0xd3, 0x00, 0x20, 0xc0, 0x90, - 0x24, 0x10, 0x00, 0x00, 0x01, 0xb0, 0x08, 0x0a, 0xa0, 0x00, 0x80, 0x00, - 0x01, 0x09, 0x00, 0x20, 0x52, 0x02, 0x25, 0x00, 0x24, 0x04, 0x02, 0x84, - 0x24, 0x10, 0x92, 0x40, 0x02, 0xa0, 0x40, 0x00, 0x22, 0x08, 0x11, 0x04, - 0x08, 0x01, 0x22, 0x00, 0x42, 0x14, 0x00, 0x09, 0x90, 0x21, 0x00, 0x30, - 0x6c, 0x00, 0x00, 0x0c, 0x00, 0x22, 0x09, 0x90, 0x10, 0x28, 0x40, 0x00, - 0x20, 0xc0, 0x20, 0x00, 0x90, 0x00, 0x40, 0x01, 0x82, 0x05, 0x12, 0x12, - 0x09, 0xc1, 0x04, 0x61, 0x80, 0x02, 0x28, 0x81, 0x24, 0x00, 0x49, 0x04, - 0x08, 0x10, 0x86, 0x29, 0x41, 0x80, 0x21, 0x0a, 0x30, 0x49, 0x88, 0x90, - 0x00, 0x41, 0x04, 0x29, 0x81, 0x80, 0x41, 0x09, 0x00, 0x40, 0x12, 0x10, - 0x40, 0x00, 0x10, 0x40, 0x48, 0x02, 0x05, 0x80, 0x02, 0x21, 0x40, 0x20, - 0x00, 0x58, 0x20, 0x60, 0x00, 0x90, 0x48, 0x00, 0x80, 0x28, 0xc0, 0x80, - 0x48, 0x00, 0x00, 0x44, 0x80, 0x02, 0x00, 0x09, 0x06, 0x00, 0x12, 0x02, - 0x01, 0x00, 0x10, 0x08, 0x83, 0x10, 0x45, 0x12, 0x00, 0x2c, 0x08, 0x04, - 0x44, 0x00, 0x20, 0x20, 0xc0, 0x10, 0x20, 0x01, 0x00, 0x05, 0xc8, 0x20, - 0x04, 0x98, 0x10, 0x08, 0x10, 0x00, 0x24, 0x02, 0x16, 0x40, 0x88, 0x00, - 0x61, 0x88, 0x12, 0x24, 0x80, 0xa6, 0x00, 0x42, 0x00, 0x08, 0x10, 0x06, - 0x48, 0x40, 0xa0, 0x00, 0x50, 0x20, 0x04, 0x81, 0xa4, 0x40, 0x18, 0x00, - 0x08, 0x10, 0x80, 0x01, 0x01}; - -#if RSA_KEY_SIEVE && SIMULATION && RSA_INSTRUMENT -UINT32 PrimeIndex = 0; -UINT32 failedAtIteration[10] = {0}; -UINT32 PrimeCounts[3] = {0}; -UINT32 MillerRabinTrials[3] = {0}; -UINT32 totalFieldsSieved[3] = {0}; -UINT32 bitsInFieldAfterSieve[3] = {0}; -UINT32 emptyFieldsSieved[3] = {0}; -UINT32 noPrimeFields[3] = {0}; -UINT32 primesChecked[3] = {0}; -UINT16 lastSievePrime = 0; -#endif \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c deleted file mode 100644 index ba8dec83d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c +++ /dev/null @@ -1,255 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions to implement the RSA key cache that can be used -// to speed up simulation. -// -// Only one key is created for each supported key size and it is returned whenever -// a key of that size is requested. -// -// If desired, the key cache can be populated from a file. This allows multiple -// TPM to run with the same RSA keys. Also, when doing simulation, the DRBG will -// use preset sequences so it is not too hard to repeat sequences for debug or -// profile or stress. -// -// When the key cache is enabled, a call to CryptRsaGenerateKey() will call the -// GetCachedRsaKey(). If the cache is enabled and populated, then the cached key -// of the requested size is returned. If a key of the requested size is not -// available, the no key is loaded and the requested key will need to be generated. -// If the cache is not populated, the TPM will open a file that has the appropriate -// name for the type of keys required (CRT or no-CRT). If the file is the right -// size, it is used. If the file doesn't exist or the file does not have the correct -// size, the TMP will populate the cache with new keys of the required size and -// write the cache data to the file so that they will be available the next time. -// -// Currently, if two simulations are being run with TPM's that have different RSA -// key sizes (e.g,, one with 1024 and 2048 and another with 2048 and 3072, then the -// files will not match for the both of them and they will both try to overwrite -// the other's cache file. I may try to do something about this if necessary. - -//** Includes, Types, Locals, and Defines - -#include "Tpm.h" - -#if USE_RSA_KEY_CACHE - -#include -#include "RsaKeyCache_fp.h" - -#if CRT_FORMAT_RSA == YES -#define CACHE_FILE_NAME "RsaKeyCacheCrt.data" -#else -#define CACHE_FILE_NAME "RsaKeyCacheNoCrt.data" -#endif - -typedef struct _RSA_KEY_CACHE_ -{ - TPM2B_PUBLIC_KEY_RSA publicModulus; - TPM2B_PRIVATE_KEY_RSA privateExponent; -} RSA_KEY_CACHE; - -// Determine the number of RSA key sizes for the cache -TPMI_RSA_KEY_BITS SupportedRsaKeySizes[] = { -#if RSA_1024 - 1024, -#endif -#if RSA_2048 - 2048, -#endif -#if RSA_3072 - 3072, -#endif -#if RSA_4096 - 4096, -#endif - 0 -}; - -#define RSA_KEY_CACHE_ENTRIES (RSA_1024 + RSA_2048 + RSA_3072 + RSA_4096) - -// The key cache holds one entry for each of the supported key sizes -RSA_KEY_CACHE s_rsaKeyCache[RSA_KEY_CACHE_ENTRIES]; -// Indicates if the key cache is loaded. It can be loaded and enabled or disabled. -BOOL s_keyCacheLoaded = 0; - -// Indicates if the key cache is enabled -int s_rsaKeyCacheEnabled = FALSE; - -//*** RsaKeyCacheControl() -// Used to enable and disable the RSA key cache. -LIB_EXPORT void -RsaKeyCacheControl( - int state - ) -{ - s_rsaKeyCacheEnabled = state; -} - -//*** InitializeKeyCache() -// This will initialize the key cache and attempt to write it to a file for later -// use. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure -static BOOL -InitializeKeyCache( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ - int index; - TPM_KEY_BITS keySave = publicArea->parameters.rsaDetail.keyBits; - BOOL OK = TRUE; -// - s_rsaKeyCacheEnabled = FALSE; - for(index = 0; OK && index < RSA_KEY_CACHE_ENTRIES; index++) - { - publicArea->parameters.rsaDetail.keyBits - = SupportedRsaKeySizes[index]; - OK = (CryptRsaGenerateKey(publicArea, sensitive, rand) == TPM_RC_SUCCESS); - if(OK) - { - s_rsaKeyCache[index].publicModulus = publicArea->unique.rsa; - s_rsaKeyCache[index].privateExponent = sensitive->sensitive.rsa; - } - } - publicArea->parameters.rsaDetail.keyBits = keySave; - s_keyCacheLoaded = OK; -#if SIMULATION && USE_RSA_KEY_CACHE && USE_KEY_CACHE_FILE - if(OK) - { - FILE *cacheFile; - const char *fn = CACHE_FILE_NAME; - -#if defined _MSC_VER - if(fopen_s(&cacheFile, fn, "w+b") != 0) -#else - cacheFile = fopen(fn, "w+b"); - if(NULL == cacheFile) -#endif - { - printf("Can't open %s for write.\n", fn); - } - else - { - fseek(cacheFile, 0, SEEK_SET); - if(fwrite(s_rsaKeyCache, 1, sizeof(s_rsaKeyCache), cacheFile) - != sizeof(s_rsaKeyCache)) - { - printf("Error writing cache to %s.", fn); - } - } - if(cacheFile) - fclose(cacheFile); - } -#endif - return s_keyCacheLoaded; -} - -//*** KeyCacheLoaded() -// Checks that key cache is loaded. -// Return Type: BOOL -// TRUE(1) cache loaded -// FALSE(0) cache not loaded -static BOOL -KeyCacheLoaded( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ -#if SIMULATION && USE_RSA_KEY_CACHE && USE_KEY_CACHE_FILE - if(!s_keyCacheLoaded) - { - FILE *cacheFile; - const char * fn = CACHE_FILE_NAME; -#if defined _MSC_VER && 1 - if(fopen_s(&cacheFile, fn, "r+b") == 0) -#else - cacheFile = fopen(fn, "r+b"); - if(NULL != cacheFile) -#endif - { - fseek(cacheFile, 0L, SEEK_END); - if(ftell(cacheFile) == sizeof(s_rsaKeyCache)) - { - fseek(cacheFile, 0L, SEEK_SET); - s_keyCacheLoaded = ( - fread(&s_rsaKeyCache, 1, sizeof(s_rsaKeyCache), cacheFile) - == sizeof(s_rsaKeyCache)); - } - fclose(cacheFile); - } - } -#endif - if(!s_keyCacheLoaded) - s_rsaKeyCacheEnabled = InitializeKeyCache(publicArea, sensitive, rand); - return s_keyCacheLoaded; -} - -//*** GetCachedRsaKey() -// Return Type: BOOL -// TRUE(1) key loaded -// FALSE(0) key not loaded -BOOL -GetCachedRsaKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - RAND_STATE *rand // IN: if not NULL, the deterministic - // RNG state - ) -{ - int keyBits = publicArea->parameters.rsaDetail.keyBits; - int index; -// - if(KeyCacheLoaded(publicArea, sensitive, rand)) - { - for(index = 0; index < RSA_KEY_CACHE_ENTRIES; index++) - { - if((s_rsaKeyCache[index].publicModulus.t.size * 8) == keyBits) - { - publicArea->unique.rsa = s_rsaKeyCache[index].publicModulus; - sensitive->sensitive.rsa = s_rsaKeyCache[index].privateExponent; - return TRUE; - } - } - return FALSE; - } - return s_keyCacheLoaded; -} -#endif // defined SIMULATION && defined USE_RSA_KEY_CACHE diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c deleted file mode 100644 index bd65948a6..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c +++ /dev/null @@ -1,277 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -/* - This clause contains the functions used for ticket computations. -*/ - -//** Includes -#include "Tpm.h" - -//** Functions - -//*** TicketIsSafe() -// This function indicates if producing a ticket is safe. -// It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE -// or its substring of canonical form. If so, it is not safe to produce ticket -// for an input buffer claiming to be TPM generated buffer -// Return Type: BOOL -// TRUE(1) safe to produce ticket -// FALSE(0) not safe to produce ticket -BOOL -TicketIsSafe( - TPM2B *buffer - ) -{ - TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE; - BYTE bufferToCompare[sizeof(valueToCompare)]; - BYTE *marshalBuffer; -// - // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume - // it is not safe to generate a ticket - if(buffer->size < sizeof(valueToCompare)) - return FALSE; - marshalBuffer = bufferToCompare; - TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, NULL); - if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare))) - return FALSE; - else - return TRUE; -} - -//*** TicketComputeVerified() -// This function creates a TPMT_TK_VERIFIED ticket. -/*(See part 2 specification) -// The ticket is computed as: -// HMAC(proof, (TPM_ST_VERIFIED | digest | keyName)) -// Where: -// HMAC() an HMAC using the hash of proof -// proof a TPM secret value associated with the hierarchy -// associated with keyName -// TPM_ST_VERIFIED a value to differentiate the tickets -// digest the signed digest -// keyName the Name of the key that signed digest -*/ -void -TicketComputeVerified( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM2B_DIGEST *digest, // IN: digest - TPM2B_NAME *keyName, // IN: name of key that signed the values - TPMT_TK_VERIFIED *ticket // OUT: verified ticket - ) -{ - TPM2B_PROOF *proof; - HMAC_STATE hmacState; -// - // Fill in ticket fields - ticket->tag = TPM_ST_VERIFIED; - ticket->hierarchy = hierarchy; - proof = HierarchyGetProof(hierarchy); - - // Start HMAC using the proof value of the hierarchy as the HMAC key - ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - // TPM_ST_VERIFIED - CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); - // digest - CryptDigestUpdate2B(&hmacState.hashState, &digest->b); - // key name - CryptDigestUpdate2B(&hmacState.hashState, &keyName->b); - // done - CryptHmacEnd2B(&hmacState, &ticket->digest.b); - - return; -} - -//*** TicketComputeAuth() -// This function creates a TPMT_TK_AUTH ticket. -/*(See part 2 specification) -// The ticket is computed as: -// HMAC(proof, (type || timeout || timeEpoch || cpHash -// || policyRef || keyName)) -// where: -// HMAC() an HMAC using the hash of proof -// proof a TPM secret value associated with the hierarchy of the key -// associated with keyName. -// type a value to differentiate the tickets. It could be either -// TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED -// timeout TPM-specific value indicating when the authorization expires -// timeEpoch TPM-specific value indicating the epoch for the timeout -// cpHash optional hash (digest only) of the authorized command -// policyRef optional reference to a policy value -// keyName name of the key that signed the authorization -*/ -void -TicketComputeAuth( - TPM_ST type, // IN: the type of ticket. - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - UINT64 timeout, // IN: timeout - BOOL expiresOnReset,// IN: flag to indicate if ticket expires on - // TPM Reset - TPM2B_DIGEST *cpHashA, // IN: input cpHashA - TPM2B_NONCE *policyRef, // IN: input policyRef - TPM2B_NAME *entityName, // IN: name of entity - TPMT_TK_AUTH *ticket // OUT: Created ticket - ) -{ - TPM2B_PROOF *proof; - HMAC_STATE hmacState; -// - // Get proper proof - proof = HierarchyGetProof(hierarchy); - - // Fill in ticket fields - ticket->tag = type; - ticket->hierarchy = hierarchy; - - // Start HMAC with hierarchy proof as the HMAC key - ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - // TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED, - CryptDigestUpdateInt(&hmacState, sizeof(UINT16), ticket->tag); - // cpHash - CryptDigestUpdate2B(&hmacState.hashState, &cpHashA->b); - // policyRef - CryptDigestUpdate2B(&hmacState.hashState, &policyRef->b); - // keyName - CryptDigestUpdate2B(&hmacState.hashState, &entityName->b); - // timeout - CryptDigestUpdateInt(&hmacState, sizeof(timeout), timeout); - if(timeout != 0) - { - // epoch - CryptDigestUpdateInt(&hmacState.hashState, sizeof(CLOCK_NONCE), - g_timeEpoch); - // reset count - if(expiresOnReset) - CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount), - gp.totalResetCount); - } - // done - CryptHmacEnd2B(&hmacState, &ticket->digest.b); - - return; -} - -//*** TicketComputeHashCheck() -// This function creates a TPMT_TK_HASHCHECK ticket. -/*(See part 2 specification) -// The ticket is computed as: -// HMAC(proof, (TPM_ST_HASHCHECK || digest )) -// where: -// HMAC() an HMAC using the hash of proof -// proof a TPM secret value associated with the hierarchy -// TPM_ST_HASHCHECK -// a value to differentiate the tickets -// digest the digest of the data -*/ -void -TicketComputeHashCheck( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' - TPM2B_DIGEST *digest, // IN: input digest - TPMT_TK_HASHCHECK *ticket // OUT: Created ticket - ) -{ - TPM2B_PROOF *proof; - HMAC_STATE hmacState; -// - // Get proper proof - proof = HierarchyGetProof(hierarchy); - - // Fill in ticket fields - ticket->tag = TPM_ST_HASHCHECK; - ticket->hierarchy = hierarchy; - - // Start HMAC using hierarchy proof as HMAC key - ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - // TPM_ST_HASHCHECK - CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); - // hash algorithm - CryptDigestUpdateInt(&hmacState, sizeof(hashAlg), hashAlg); - // digest - CryptDigestUpdate2B(&hmacState.hashState, &digest->b); - // done - CryptHmacEnd2B(&hmacState, &ticket->digest.b); - - return; -} - -//*** TicketComputeCreation() -// This function creates a TPMT_TK_CREATION ticket. -/*(See part 2 specification) -// The ticket is computed as: -// HMAC(proof, (TPM_ST_CREATION || Name || hash(TPMS_CREATION_DATA))) -// Where: -// HMAC() an HMAC using the hash of proof -// proof a TPM secret value associated with the hierarchy associated with Name -// TPM_ST_VERIFIED a value to differentiate the tickets -// Name the Name of the object to which the creation data is to be associated -// TPMS_CREATION_DATA the creation data structure associated with Name -*/ -void -TicketComputeCreation( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket - TPM2B_NAME *name, // IN: object name - TPM2B_DIGEST *creation, // IN: creation hash - TPMT_TK_CREATION *ticket // OUT: created ticket - ) -{ - TPM2B_PROOF *proof; - HMAC_STATE hmacState; - - // Get proper proof - proof = HierarchyGetProof(hierarchy); - - // Fill in ticket fields - ticket->tag = TPM_ST_CREATION; - ticket->hierarchy = hierarchy; - - // Start HMAC using hierarchy proof as HMAC key - ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, - &proof->b); - // TPM_ST_CREATION - CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); - // name if provided - if(name != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &name->b); - // creation hash - CryptDigestUpdate2B(&hmacState.hashState, &creation->b); - // Done - CryptHmacEnd2B(&hmacState, &ticket->digest.b); - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c deleted file mode 100644 index 69a0b01a1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// LibTomCrypt and MpaLib libraries. This is not used if only the LTC hash and -// symmetric functions are used. - -//** Defines and Includes - -#include "Tpm.h" - -#if (defined SYM_LIB_LTC) && ALG_TDES - -//** TDES_setup -// This function calls the LTC function to generate a TDES key schedule. If the -// key is one DES key (8 bytes), then it is replicated two more times to create a -// 24-byte TDES key. If the key is two key (16 bytes), then the first DES key is -// replicated to the third key position. -void TDES_setup( - const BYTE *key, - UINT32 keyBits, - symmetric_key *skey - ) -{ - BYTE k[24]; - BYTE *kp; - - // If this is two-key, make it three key by replicating K1 - if(keyBits == 128) - { - memcpy(k, key, 16); - memcpy(&k[16], key, 8); - kp = k; - } - else - kp = (BYTE *)key; - - des3_setup(kp, 24, 0, skey); -} - -#endif // MATH_LIB_LTC && ALG_TDES diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c deleted file mode 100644 index bb1a0e62a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c +++ /dev/null @@ -1,286 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This file contains the math functions that are not implemented in the BnMath -// library (yet). These math functions will call the ST MPA library or the -// LibTomCrypt library to execute the operations. Since the TPM internal big number -// format is identical to the MPA format, no reformatting is required. - -//** Includes -#include "Tpm.h" - -#ifdef MATH_LIB_LTC - -#if defined ECC_NIST_P256 && ECC_NIST_P256 == YES && ECC_CURVE_COUNT > 1 -#error "LibTomCrypt only supports P256" -#endif - -//** Functions - -//*** BnModMult() -// Does multiply and divide returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ) -{ - BN_VAR(temp, LARGEST_NUMBER_BITS * 2); - // mpa_mul does not allocate from the pool if the result is not the same as - // op1 or op2. since this is assured by the stack allocation of 'temp', the - // pool pointer can be NULL - pAssert(BnGetAllocated(result) >= BnGetSize(modulus)); - mpa_mul((mpanum)temp, (const mpanum)op1, (const mpanum)op2, - NULL); - return BnDiv(NULL, result, temp, modulus); -} - -//*** BnMult() -// Multiplies two numbers -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ) -{ - // Make sure that the mpa_mul function does not allocate anything - // from the POOL by eliminating the reason for doing it. - BN_VAR(tempResult, LARGEST_NUMBER_BITS * 2); - if(result != multiplicand && result != multiplier) - tempResult = result; - mpa_mul((mpanum)tempResult, (const mpanum)multiplicand, - (const mpanum)multiplier, - NULL); - BnCopy(result, tempResult); - return TRUE; -} - -//*** BnDiv() -// This function divides two BIGNUM values. The function always returns TRUE. -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ) -{ - MPA_ENTER(10, LARGEST_NUMBER_BITS); - pAssert(!BnEqualZero(divisor)); - if(BnGetSize(dividend) < BnGetSize(divisor)) - { - if(quotient) - BnSetWord(quotient, 0); - if(remainder) - BnCopy(remainder, dividend); - } - else - { - pAssert((quotient == NULL) - || (quotient->allocated >= - (unsigned)(dividend->size - divisor->size))); - pAssert((remainder == NULL) - || (remainder->allocated >= divisor->size)); - mpa_div((mpanum)quotient, (mpanum)remainder, - (const mpanum)dividend, (const mpanum)divisor, POOL); - } - MPA_LEAVE(); - return TRUE; -} - -#ifdef TPM_ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ) -{ - MPA_ENTER(20, LARGEST_NUMBER_BITS); -// - mpa_gcd((mpanum)gcd, (mpanum)number1, (mpanum)number2, POOL); - MPA_LEAVE(); - return TRUE; -} - -//***BnModExp() -// Do modular exponentiation using BIGNUM values. The conversion from a bignum_t -// to a BIGNUM is trivial as they are based on the same structure -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ) -{ - MPA_ENTER(20, LARGEST_NUMBER_BITS); - BN_VAR(bnR, MAX_RSA_KEY_BITS); - BN_VAR(bnR2, MAX_RSA_KEY_BITS); - mpa_word_t n_inv; - mpa_word_t ffmCtx[mpa_fmm_context_size_in_U32(MAX_RSA_KEY_BITS)]; -// - mpa_init_static_fmm_context((mpa_fmm_context_base *)ffmCtx, - BYTES_TO_CRYPT_WORDS(sizeof(ffmCtx))); - // Generate modular form - if(mpa_compute_fmm_context((const mpanum)modulus, (mpanum)bnR, - (mpanum)bnR2, &n_inv, POOL) != 0) - FAIL(FATAL_ERROR_INTERNAL); - // Do exponentiation - mpa_exp_mod((mpanum)result, (const mpanum)number, (const mpanum)exponent, - (const mpanum)modulus, (const mpanum)bnR, (const mpanum)bnR2, - n_inv, POOL); - MPA_LEAVE(); - return TRUE; -} - -//*** BnModInverse() -// Modular multiplicative inverse -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ) -{ - BOOL retVal; - MPA_ENTER(10, LARGEST_NUMBER_BITS); - retVal = (mpa_inv_mod((mpanum)result, (const mpanum)number, - (const mpanum)modulus, POOL) == 0); - MPA_LEAVE(); - return retVal; -} -#endif // TPM_ALG_RSA - -#ifdef TPM_ALG_ECC - - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - bigConst d, // IN: scalar for [d]S - bigCurve E - ) -{ - MPA_ENTER(30, MAX_ECC_KEY_BITS * 2); - // The point multiply in LTC seems to need a large reciprocal for - // intermediate results - POINT_VAR(result, MAX_ECC_KEY_BITS * 4); - BOOL OK; -// - (POOL); // Avoid compiler warning - if(S == NULL) - S = CurveGetG(AccessCurveData(E)); - OK = (ltc_ecc_mulmod((mpanum)d, (ecc_point *)S, - (ecc_point *)result, (void *)CurveGetPrime(E), 1) - == CRYPT_OK); - OK = OK && !BnEqualZero(result->z); - if(OK) - BnPointCopy(R, result); - - MPA_LEAVE(); - return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; -} - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]S + [u]Q -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: first point (optional) - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ) -{ - MPA_ENTER(80, MAX_ECC_KEY_BITS); - BOOL OK; - // The point multiply in LTC seems to need a large reciprocal for - // intermediate results - POINT_VAR(result, MAX_ECC_KEY_BITS * 4); -// - (POOL); // Avoid compiler warning - if(S == NULL) - S = CurveGetG(AccessCurveData(E)); - - OK = (ltc_ecc_mul2add((ecc_point *)S, (mpanum)d, (ecc_point *)Q, (mpanum)u, - (ecc_point *)result, (mpanum)CurveGetPrime(E)) - == CRYPT_OK); - OK = OK && !BnEqualZero(result->z); - - if(OK) - BnPointCopy(R, result); - - MPA_LEAVE(); - return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; -} - -//*** BnEccAdd() -// This function does addition of two points. Since this is not implemented -// in LibTomCrypt() will try to trick it by doing multiply with scalar of 1. -// I have no idea if this will work and it's not needed unless MQV or the SM2 -// variant is enabled. -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ) -{ - BN_WORD_INITIALIZED(one, 1); - return BnEccModMult2(R, S, one, Q, one, E); -} - -#endif // TPM_ALG_ECC - -#endif // MATH_LIB_LTC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c deleted file mode 100644 index 0dcb79ebe..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c +++ /dev/null @@ -1,96 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// LibTomCrypt and MpsLib libraries. This is not used if only the LTC hash and -// symmetric functions are used. - -//** Defines and Includes - -#include "Tpm.h" - -#if defined(HASH_LIB_LTC) || defined(MATH_LIB_LTC) || defined(SYM_LIB_LTC) - -// This state is used because there is no way to pass the random number state -// to LibTomCrypt. I do not think that this is currently an issue because... -// Heck, just put in an assert and see what happens. -static void *s_randState; - -//*** LtcRand() -// This is a stub function that is called from the LibTomCrypt or libmpa code -// to get a random number. In turn, this will call the random RandGenerate -// function that was passed in LibraryInit(). This function will pass the pointer -// to the current rand state along with the random byte request. -uint32_t LtcRand( - void *buf, - size_t blen - ) -{ - pAssert(1); - DRBG_Generate(s_randState, buf, (uint16_t)blen); - return 0; -} - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ) -{ - mpa_set_random_generator(LtcRand); - s_randState = NULL; - external_mem_pool = NULL; - return 1; -} - -//*** LtcPoolInit() -// Function to initialize a pool. **** -LIB_EXPORT mpa_scratch_mem -LtcPoolInit( - mpa_word_t *poolAddress, - int vars, - int bits - ) -{ - mpa_scratch_mem pool = (mpa_scratch_mem)poolAddress; - mpa_init_scratch_mem(pool, vars, bits); - init_mpa_tomcrypt(pool); - return pool; -} - -#endif // HASH_LIB_LTC || MATH_LIB_LTC || SYM_LIB_LTC diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c deleted file mode 100644 index 68c28ab96..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c +++ /dev/null @@ -1,100 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// OpenSSL library. - -//** Defines and Includes - -#include "Tpm.h" - -#if (defined SYM_LIB_OSSL) && ALG_TDES - -//**Functions -//*** TDES_set_encyrpt_key() -// This function makes creation of a TDES key look like the creation of a key for -// any of the other OpenSSL block ciphers. It will create three key schedules, -// one for each of the DES keys. If there are only two keys, then the third schedule -// is a copy of the first. -void -TDES_set_encrypt_key( - const BYTE *key, - UINT16 keySizeInBits, - tpmKeyScheduleTDES *keySchedule - ) -{ - DES_set_key_unchecked((const_DES_cblock *)key, &keySchedule[0]); - DES_set_key_unchecked((const_DES_cblock *)&key[8], &keySchedule[1]); - // If is two-key, copy the schedule for K1 into K3, otherwise, compute the - // the schedule for K3 - if(keySizeInBits == 128) - keySchedule[2] = keySchedule[0]; - else - DES_set_key_unchecked((const_DES_cblock *)&key[16], - &keySchedule[2]); -} - - -//*** TDES_encyrpt() -// The TPM code uses one key schedule. For TDES, the schedule contains three -// schedules. OpenSSL wants the schedules referenced separately. This function -// does that. -void TDES_encrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ) -{ - DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, - &ks[0], &ks[1], &ks[2], - DES_ENCRYPT); -} - -//*** TDES_decrypt() -// As with TDES_encypt() this function bridges between the TPM single schedule -// model and the OpenSSL three schedule model. -void TDES_decrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ) -{ - DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, - &ks[0], &ks[1], &ks[2], - DES_DECRYPT); -} - -#endif // SYM_LIB_OSSL diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c deleted file mode 100644 index 042709ec2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c +++ /dev/null @@ -1,638 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// The functions in this file provide the low-level interface between the TPM code -// and the big number and elliptic curve math routines in OpenSSL. -// -// Most math on big numbers require a context. The context contains the memory in -// which OpenSSL creates and manages the big number values. When a OpenSSL math -// function will be called that modifies a BIGNUM value, that value must be created in -// an OpenSSL context. The first line of code in such a function must be: -// OSSL_ENTER(); and the last operation before returning must be OSSL_LEAVE(). -// OpenSSL variables can then be created with BnNewVariable(). Constant values to be -// used by OpenSSL are created from the bigNum values passed to the functions in this -// file. Space for the BIGNUM control block is allocated in the stack of the -// function and then it is initialized by calling BigInitialized(). That function -// sets up the values in the BIGNUM structure and sets the data pointer to point to -// the data in the bignum_t. This is only used when the value is known to be a -// constant in the called function. -// -// Because the allocations of constants is on the local stack and the -// OSSL_ENTER()/OSSL_LEAVE() pair flushes everything created in OpenSSL memory, there -// should be no chance of a memory leak. - -//** Includes and Defines -#include "Tpm.h" - -#ifdef MATH_LIB_OSSL -#include "TpmToOsslMath_fp.h" - -//** Functions - -//*** OsslToTpmBn() -// This function converts an OpenSSL BIGNUM to a TPM bignum. In this implementation -// it is assumed that OpenSSL uses a different control structure but the same data -// layout -- an array of native-endian words in little-endian order. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure because value will not fit or OpenSSL variable doesn't -// exist -BOOL -OsslToTpmBn( - bigNum bn, - BIGNUM *osslBn - ) -{ - VERIFY(osslBn != NULL); - // If the bn is NULL, it means that an output value pointer was NULL meaning that - // the results is simply to be discarded. - if(bn != NULL) - { - int i; - // - VERIFY((unsigned)osslBn->top <= BnGetAllocated(bn)); - for(i = 0; i < osslBn->top; i++) - bn->d[i] = osslBn->d[i]; - BnSetTop(bn, osslBn->top); - } - return TRUE; -Error: - return FALSE; -} - -//*** BigInitialized() -// This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for -// values that are passed to OpenSLL when they are not declared as const in the -// function prototype. Instead, use BnNewVariable(). -BIGNUM * -BigInitialized( - BIGNUM *toInit, - bigConst initializer - ) -{ - if(initializer == NULL) - FAIL(FATAL_ERROR_PARAMETER); - if(toInit == NULL || initializer == NULL) - return NULL; - toInit->d = (BN_ULONG *)&initializer->d[0]; - toInit->dmax = (int)initializer->allocated; - toInit->top = (int)initializer->size; - toInit->neg = 0; - toInit->flags = 0; - return toInit; -} - -#ifndef OSSL_DEBUG -# define BIGNUM_PRINT(label, bn, eol) -# define DEBUG_PRINT(x) -#else -# define DEBUG_PRINT(x) printf("%s", x) -# define BIGNUM_PRINT(label, bn, eol) BIGNUM_print((label), (bn), (eol)) - -//*** BIGNUM_print() -static void -BIGNUM_print( - const char *label, - const BIGNUM *a, - BOOL eol - ) -{ - BN_ULONG *d; - int i; - int notZero = FALSE; - - if(label != NULL) - printf("%s", label); - if(a == NULL) - { - printf("NULL"); - goto done; - } - if (a->neg) - printf("-"); - for(i = a->top, d = &a->d[i - 1]; i > 0; i--) - { - int j; - BN_ULONG l = *d--; - for(j = BN_BITS2 - 8; j >= 0; j -= 8) - { - BYTE b = (BYTE)((l >> j) & 0xFF); - notZero = notZero || (b != 0); - if(notZero) - printf("%02x", b); - } - if(!notZero) - printf("0"); - } -done: - if(eol) - printf("\n"); - return; -} -#endif - -//*** BnNewVariable() -// This function allocates a new variable in the provided context. If the context -// does not exist or the allocation fails, it is a catastrophic failure. -static BIGNUM * -BnNewVariable( - BN_CTX *CTX -) -{ - BIGNUM *new; -// - // This check is intended to protect against calling this function without - // having initialized the CTX. - if((CTX == NULL) || ((new = BN_CTX_get(CTX)) == NULL)) - FAIL(FATAL_ERROR_ALLOCATION); - return new; -} - -#if LIBRARY_COMPATIBILITY_CHECK - -//*** MathLibraryCompatibilityCheck() -void -MathLibraryCompatibilityCheck( - void - ) -{ - OSSL_ENTER(); - BIGNUM *osslTemp = BnNewVariable(CTX); - crypt_uword_t i; - BYTE test[] = {0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, - 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, - 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00}; - BN_VAR(tpmTemp, sizeof(test) * 8); // allocate some space for a test value -// - // Convert the test data to a bigNum - BnFromBytes(tpmTemp, test, sizeof(test)); - // Convert the test data to an OpenSSL BIGNUM - BN_bin2bn(test, sizeof(test), osslTemp); - // Make sure the values are consistent - VERIFY(osslTemp->top == (int)tpmTemp->size); - for(i = 0; i < tpmTemp->size; i++) - VERIFY(osslTemp->d[i] == tpmTemp->d[i]); - OSSL_LEAVE(); - return; -Error: - FAIL(FATAL_ERROR_MATHLIBRARY); -} -#endif - -//*** BnModMult() -// This function does a modular multiply. It first does a multiply and then a divide -// and returns the remainder of the divide. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ) -{ - OSSL_ENTER(); - BOOL OK = TRUE; - BIGNUM *bnResult = BN_NEW(); - BIGNUM *bnTemp = BN_NEW(); - BIG_INITIALIZED(bnOp1, op1); - BIG_INITIALIZED(bnOp2, op2); - BIG_INITIALIZED(bnMod, modulus); -// - VERIFY(BN_mul(bnTemp, bnOp1, bnOp2, CTX)); - VERIFY(BN_div(NULL, bnResult, bnTemp, bnMod, CTX)); - VERIFY(OsslToTpmBn(result, bnResult)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -//*** BnMult() -// Multiplies two numbers -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ) -{ - OSSL_ENTER(); - BIGNUM *bnTemp = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bnA, multiplicand); - BIG_INITIALIZED(bnB, multiplier); -// - VERIFY(BN_mul(bnTemp, bnA, bnB, CTX)); - VERIFY(OsslToTpmBn(result, bnTemp)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -//*** BnDiv() -// This function divides two bigNum values. The function returns FALSE if -// there is an error in the operation. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ) -{ - OSSL_ENTER(); - BIGNUM *bnQ = BN_NEW(); - BIGNUM *bnR = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bnDend, dividend); - BIG_INITIALIZED(bnSor, divisor); -// - if(BnEqualZero(divisor)) - FAIL(FATAL_ERROR_DIVIDE_ZERO); - VERIFY(BN_div(bnQ, bnR, bnDend, bnSor, CTX)); - VERIFY(OsslToTpmBn(quotient, bnQ)); - VERIFY(OsslToTpmBn(remainder, bnR)); - DEBUG_PRINT("In BnDiv:\n"); - BIGNUM_PRINT(" bnDividend: ", bnDend, TRUE); - BIGNUM_PRINT(" bnDivisor: ", bnSor, TRUE); - BIGNUM_PRINT(" bnQuotient: ", bnQ, TRUE); - BIGNUM_PRINT(" bnRemainder: ", bnR, TRUE); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -#if ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ) -{ - OSSL_ENTER(); - BIGNUM *bnGcd = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bn1, number1); - BIG_INITIALIZED(bn2, number2); -// - VERIFY(BN_gcd(bnGcd, bn1, bn2, CTX)); - VERIFY(OsslToTpmBn(gcd, bnGcd)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -//***BnModExp() -// Do modular exponentiation using bigNum values. The conversion from a bignum_t to -// a bigNum is trivial as they are based on the same structure -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ) -{ - OSSL_ENTER(); - BIGNUM *bnResult = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bnN, number); - BIG_INITIALIZED(bnE, exponent); - BIG_INITIALIZED(bnM, modulus); -// - VERIFY(BN_mod_exp(bnResult, bnN, bnE, bnM, CTX)); - VERIFY(OsslToTpmBn(result, bnResult)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} - -//*** BnModInverse() -// Modular multiplicative inverse -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ) -{ - OSSL_ENTER(); - BIGNUM *bnResult = BN_NEW(); - BOOL OK = TRUE; - BIG_INITIALIZED(bnN, number); - BIG_INITIALIZED(bnM, modulus); -// - VERIFY(BN_mod_inverse(bnResult, bnN, bnM, CTX) != NULL); - VERIFY(OsslToTpmBn(result, bnResult)); - goto Exit; -Error: - OK = FALSE; -Exit: - OSSL_LEAVE(); - return OK; -} -#endif // ALG_RSA - -#if ALG_ECC - -//*** PointFromOssl() -// Function to copy the point result from an OSSL function to a bigNum -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation -static BOOL -PointFromOssl( - bigPoint pOut, // OUT: resulting point - EC_POINT *pIn, // IN: the point to return - bigCurve E // IN: the curve - ) -{ - BIGNUM *x = NULL; - BIGNUM *y = NULL; - BOOL OK; - BN_CTX_start(E->CTX); -// - x = BN_CTX_get(E->CTX); - y = BN_CTX_get(E->CTX); - - if(y == NULL) - FAIL(FATAL_ERROR_ALLOCATION); - // If this returns false, then the point is at infinity - OK = EC_POINT_get_affine_coordinates_GFp(E->G, pIn, x, y, E->CTX); - if(OK) - { - OsslToTpmBn(pOut->x, x); - OsslToTpmBn(pOut->y, y); - BnSetWord(pOut->z, 1); - } - else - BnSetWord(pOut->z, 0); - BN_CTX_end(E->CTX); - return OK; -} - -//*** EcPointInitialized() -// Allocate and initialize a point. -static EC_POINT * -EcPointInitialized( - pointConst initializer, - bigCurve E - ) -{ - EC_POINT *P = NULL; - - if(initializer != NULL) - { - BIG_INITIALIZED(bnX, initializer->x); - BIG_INITIALIZED(bnY, initializer->y); - P = EC_POINT_new(E->G); - if(E == NULL) - FAIL(FATAL_ERROR_ALLOCATION); - if(!EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, E->CTX)) - P = NULL; - } - return P; -} - -//*** BnCurveInitialize() -// This function initializes the OpenSSL curve information structure. This -// structure points to the TPM-defined values for the curve, to the context for the -// number values in the frame, and to the OpenSSL-defined group values. -// Return Type: bigCurve * -// NULL the TPM_ECC_CURVE is not valid or there was a problem in -// in initializing the curve data -// non-NULL points to 'E' -LIB_EXPORT bigCurve -BnCurveInitialize( - bigCurve E, // IN: curve structure to initialize - TPM_ECC_CURVE curveId // IN: curve identifier -) -{ - const ECC_CURVE_DATA *C = GetCurveData(curveId); - if(C == NULL) - E = NULL; - if(E != NULL) - { - // This creates the OpenSSL memory context that stays in effect as long as the - // curve (E) is defined. - OSSL_ENTER(); // if the allocation fails, the TPM fails - EC_POINT *P = NULL; - BIG_INITIALIZED(bnP, C->prime); - BIG_INITIALIZED(bnA, C->a); - BIG_INITIALIZED(bnB, C->b); - BIG_INITIALIZED(bnX, C->base.x); - BIG_INITIALIZED(bnY, C->base.y); - BIG_INITIALIZED(bnN, C->order); - BIG_INITIALIZED(bnH, C->h); - // - E->C = C; - E->CTX = CTX; - - // initialize EC group, associate a generator point and initialize the point - // from the parameter data - // Create a group structure - E->G = EC_GROUP_new_curve_GFp(bnP, bnA, bnB, CTX); - VERIFY(E->G != NULL); - - // Allocate a point in the group that will be used in setting the - // generator. This is not needed after the generator is set. - P = EC_POINT_new(E->G); - VERIFY(P != NULL); - - // Need to use this in case Montgomery method is being used - VERIFY(EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, CTX)); - // Now set the generator - VERIFY(EC_GROUP_set_generator(E->G, P, bnN, bnH)); - - EC_POINT_free(P); - goto Exit; -Error: - EC_POINT_free(P); - BnCurveFree(E); - E = NULL; - } -Exit: - return E; -} - -//*** BnCurveFree() -// This function will free the allocated components of the curve and end the -// frame in which the curve data exists -LIB_EXPORT void -BnCurveFree( - bigCurve E -) -{ - if(E) - { - EC_GROUP_free(E->G); - OsslContextLeave(E->CTX); - } -} - - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - bigCurve E - ) -{ - EC_POINT *pR = EC_POINT_new(E->G); - EC_POINT *pS = EcPointInitialized(S, E); - BIG_INITIALIZED(bnD, d); - - if(S == NULL) - EC_POINT_mul(E->G, pR, bnD, NULL, NULL, E->CTX); - else - EC_POINT_mul(E->G, pR, NULL, pS, bnD, E->CTX); - PointFromOssl(R, pR, E); - EC_POINT_free(pR); - EC_POINT_free(pS); - return !BnEqualZero(R->z); -} - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]G + [u]Q -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ) -{ - EC_POINT *pR = EC_POINT_new(E->G); - EC_POINT *pS = EcPointInitialized(S, E); - BIG_INITIALIZED(bnD, d); - EC_POINT *pQ = EcPointInitialized(Q, E); - BIG_INITIALIZED(bnU, u); - - if(S == NULL || S == (pointConst)&(AccessCurveData(E)->base)) - EC_POINT_mul(E->G, pR, bnD, pQ, bnU, E->CTX); - else - { - const EC_POINT *points[2]; - const BIGNUM *scalars[2]; - points[0] = pS; - points[1] = pQ; - scalars[0] = bnD; - scalars[1] = bnU; - EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX); - } - PointFromOssl(R, pR, E); - EC_POINT_free(pR); - EC_POINT_free(pS); - EC_POINT_free(pQ); - return !BnEqualZero(R->z); -} - -//** BnEccAdd() -// This function does addition of two points. -// Return Type: BOOL -// TRUE(1) success -// FALSE(0) failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ) -{ - EC_POINT *pR = EC_POINT_new(E->G); - EC_POINT *pS = EcPointInitialized(S, E); - EC_POINT *pQ = EcPointInitialized(Q, E); -// - EC_POINT_add(E->G, pR, pS, pQ, E->CTX); - - PointFromOssl(R, pR, E); - EC_POINT_free(pR); - EC_POINT_free(pS); - EC_POINT_free(pQ); - return !BnEqualZero(R->z); -} - -#endif // ALG_ECC - - -#endif // MATHLIB OSSL \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c deleted file mode 100644 index de7d939e1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c +++ /dev/null @@ -1,112 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// OpenSSL library. - -//** Defines and Includes - -#include "Tpm.h" - -#if defined(HASH_LIB_OSSL) || defined(MATH_LIB_OSSL) || defined(SYM_LIB_OSSL) -// Used to pass the pointers to the correct sub-keys -typedef const BYTE *desKeyPointers[3]; - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ) -{ -#if LIBRARY_COMPATIBILITY_CHECK - MathLibraryCompatibilityCheck(); -#endif - return TRUE; -} - -//*** OsslContextEnter() -// This function is used to initialize an OpenSSL context at the start of a function -// that will call to an OpenSSL math function. -BN_CTX * -OsslContextEnter( - void - ) -{ - BN_CTX *CTX = BN_CTX_new(); -// - return OsslPushContext(CTX); -} - -//*** OsslContextLeave() -// This is the companion function to OsslContextEnter(). -void -OsslContextLeave( - BN_CTX *CTX - ) -{ - OsslPopContext(CTX); - BN_CTX_free(CTX); -} - -//*** OsslPushContext() -// This function is used to create a frame in a context. All values allocated within -// this context after the frame is started will be automatically freed when the -// context (OsslPopContext() -BN_CTX * -OsslPushContext( - BN_CTX *CTX - ) -{ - if(CTX == NULL) - FAIL(FATAL_ERROR_ALLOCATION); - BN_CTX_start(CTX); - return CTX; -} - -//*** OsslPopContext() -// This is the companion function to OsslPushContext(). -void -OsslPopContext( - BN_CTX *CTX - ) -{ - // BN_CTX_end can't be called with NULL. It will blow up. - if(CTX != NULL) - BN_CTX_end(CTX); -} - -#endif // HASH_LIB_OSSL || MATH_LIB_OSSL || SYM_LIB_OSSL diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c deleted file mode 100644 index b42b32b1c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c +++ /dev/null @@ -1,117 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// wolfcrypt library. - -//** Defines and Includes - -#include "Tpm.h" - -#if (defined SYM_LIB_WOLF) && ALG_TDES - -//**Functions -//** TDES_setup -// This function calls the wolfcrypt function to generate a TDES key schedule. If the -// If the key is two key (16 bytes), then the first DES key is replicated to the third -// key position. -int TDES_setup( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey, - int dir - ) -{ - BYTE k[24]; - BYTE *kp; - - // If this is two-key, make it three key by replicating K1 - if(keyBits == 128) - { - memcpy(k, key, 16); - memcpy(&k[16], key, 8); - kp = k; - } - else - kp = (BYTE *)key; - - return wc_Des3_SetKey( skey, kp, 0, dir ); -} - -//** TDES_setup_encrypt_key -// This function calls into TDES_setup(), specifically for an encryption key. -int TDES_setup_encrypt_key( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey -) -{ - return TDES_setup( key, keyBits, skey, DES_ENCRYPTION ); -} - -//** TDES_setup_decrypt_key -// This function calls into TDES_setup(), specifically for an decryption key. -int TDES_setup_decrypt_key( - const BYTE *key, - UINT32 keyBits, - tpmKeyScheduleTDES *skey -) -{ - return TDES_setup( key, keyBits, skey, DES_DECRYPTION ); -} - -//*** TDES_encyrpt() -void TDES_encrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ) -{ - wc_Des3_EcbEncrypt( ks, out, in, DES_BLOCK_SIZE ); -} - -//*** TDES_decrypt() -void TDES_decrypt( - const BYTE *in, - BYTE *out, - tpmKeyScheduleTDES *ks - ) -{ - wc_Des3_EcbDecrypt( ks, out, in, DES_BLOCK_SIZE ); -} - -#endif // MATH_LIB_WOLF && ALG_TDES diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c deleted file mode 100644 index 7169ee299..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c +++ /dev/null @@ -1,521 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// This file contains the math functions that are not implemented in the BnMath -// library (yet). These math functions will call the wolfcrypt library to execute -// the operations. There is a difference between the internal format and the -// wolfcrypt format. To call the wolfcrypt function, a mp_int structure is created -// for each passed variable. We define USE_FAST_MATH wolfcrypt option, which allocates -// mp_int on the stack. We must copy each word to the new structure, and set the used -// size. -// -// Not using USE_FAST_MATH would allow for a simple pointer swap for the big integer -// buffer 'd', however wolfcrypt expects to manage this memory, and will swap out -// the pointer to and from temporary variables and free the reference underneath us. -// Using USE_FAST_MATH also instructs wolfcrypt to use the stack for all these -// intermediate variables - - -//** Includes and Defines -#include "Tpm.h" - -#ifdef MATH_LIB_WOLF -#include "BnConvert_fp.h" -#include "TpmToWolfMath_fp.h" - -#define WOLF_HALF_RADIX (RADIX_BITS == 64 && !defined(FP_64BIT)) - -//** Functions - -//*** BnFromWolf() -// This function converts a wolfcrypt mp_int to a TPM bignum. In this implementation -// it is assumed that wolfcrypt used the same format for a big number as does the -// TPM -- an array of native-endian words in little-endian order. -void -BnFromWolf( - bigNum bn, - mp_int *wolfBn - ) -{ - if(bn != NULL) - { - int i; -#if WOLF_HALF_RADIX - pAssert((unsigned)wolfBn->used <= 2 * BnGetAllocated(bn)); -#else - pAssert((unsigned)wolfBn->used <= BnGetAllocated(bn)); -#endif - for (i = 0; i < wolfBn->used; i++) - { -#if WOLF_HALF_RADIX - if (i & 1) - bn->d[i/2] |= (crypt_uword_t)wolfBn->dp[i] << 32; - else - bn->d[i/2] = wolfBn->dp[i]; -#else - bn->d[i] = wolfBn->dp[i]; -#endif - } - -#if WOLF_HALF_RADIX - BnSetTop(bn, (wolfBn->used + 1)/2); -#else - BnSetTop(bn, wolfBn->used); -#endif - } -} - -//*** BnToWolf() -// This function converts a TPM bignum to a wolfcrypt mp_init, and has the same -// assumptions as made by BnFromWolf() -void -BnToWolf( - mp_int *toInit, - bigConst initializer - ) -{ - uint32_t i; - if (toInit != NULL && initializer != NULL) - { - for (i = 0; i < initializer->size; i++) - { -#if WOLF_HALF_RADIX - toInit->dp[2 * i] = (fp_digit)initializer->d[i]; - toInit->dp[2 * i + 1] = (fp_digit)(initializer->d[i] >> 32); -#else - toInit->dp[i] = initializer->d[i]; -#endif - } - -#if WOLF_HALF_RADIX - toInit->used = (int)initializer->size * 2; - if (toInit->dp[toInit->used - 1] == 0 && toInit->dp[toInit->used - 2] != 0) - --toInit->used; -#else - toInit->used = (int)initializer->size; -#endif - toInit->sign = 0; - } -} - -//*** MpInitialize() -// This function initializes an wolfcrypt mp_int. -mp_int * -MpInitialize( - mp_int *toInit -) -{ - mp_init( toInit ); - return toInit; -} - -#if LIBRARY_COMPATIBILITY_CHECK -//** MathLibraryCompatibililtyCheck() -// This function is only used during development to make sure that the library -// that is being referenced is using the same size of data structures as the TPM. -void -MathLibraryCompatibilityCheck( - void - ) -{ - BN_VAR(tpmTemp, 64 * 8); // allocate some space for a test value - crypt_uword_t i; - TPM2B_TYPE(TEST, 16); - TPM2B_TEST test = {{16, {0x0F, 0x0E, 0x0D, 0x0C, - 0x0B, 0x0A, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, - 0x03, 0x02, 0x01, 0x00}}}; - // Convert the test TPM2B to a bigNum - BnFrom2B(tpmTemp, &test.b); - MP_INITIALIZED(wolfTemp, tpmTemp); - (wolfTemp); // compiler warning - // Make sure the values are consistent - cAssert(wolfTemp->used == (int)tpmTemp->size); - for(i = 0; i < tpmTemp->size; i++) - cAssert(wolfTemp->dp[i] == tpmTemp->d[i]); -} -#endif - -//*** BnModMult() -// Does multiply and divide returning the remainder of the divide. -LIB_EXPORT BOOL -BnModMult( - bigNum result, - bigConst op1, - bigConst op2, - bigConst modulus - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnOp1, op1); - MP_INITIALIZED(bnOp2, op2); - MP_INITIALIZED(bnTemp, NULL); - BN_VAR(temp, LARGEST_NUMBER_BITS * 2); - - pAssert(BnGetAllocated(result) >= BnGetSize(modulus)); - - OK = (mp_mul( bnOp1, bnOp2, bnTemp ) == MP_OKAY); - if(OK) - { - BnFromWolf(temp, bnTemp); - OK = BnDiv(NULL, result, temp, modulus); - } - - WOLF_LEAVE(); - return OK; -} - -//*** BnMult() -// Multiplies two numbers -LIB_EXPORT BOOL -BnMult( - bigNum result, - bigConst multiplicand, - bigConst multiplier - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnTemp, NULL); - MP_INITIALIZED(bnA, multiplicand); - MP_INITIALIZED(bnB, multiplier); - - pAssert(result->allocated >= - (BITS_TO_CRYPT_WORDS(BnSizeInBits(multiplicand) - + BnSizeInBits(multiplier)))); - - OK = (mp_mul( bnA, bnB, bnTemp ) == MP_OKAY); - if(OK) - { - BnFromWolf(result, bnTemp); - } - - WOLF_LEAVE(); - return OK; -} - -//*** BnDiv() -// This function divides two bigNum values. The function returns FALSE if -// there is an error in the operation. -LIB_EXPORT BOOL -BnDiv( - bigNum quotient, - bigNum remainder, - bigConst dividend, - bigConst divisor - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnQ, quotient); - MP_INITIALIZED(bnR, remainder); - MP_INITIALIZED(bnDend, dividend); - MP_INITIALIZED(bnSor, divisor); - pAssert(!BnEqualZero(divisor)); - if(BnGetSize(dividend) < BnGetSize(divisor)) - { - if(quotient) - BnSetWord(quotient, 0); - if(remainder) - BnCopy(remainder, dividend); - OK = TRUE; - } - else - { - pAssert((quotient == NULL) - || (quotient->allocated >= (unsigned)(dividend->size - - divisor->size))); - pAssert((remainder == NULL) - || (remainder->allocated >= divisor->size)); - OK = (mp_div(bnDend , bnSor, bnQ, bnR) == MP_OKAY); - if(OK) - { - BnFromWolf(quotient, bnQ); - BnFromWolf(remainder, bnR); - } - } - - WOLF_LEAVE(); - return OK; -} - -#if ALG_RSA -//*** BnGcd() -// Get the greatest common divisor of two numbers -LIB_EXPORT BOOL -BnGcd( - bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnGcd, gcd); - MP_INITIALIZED(bn1, number1); - MP_INITIALIZED(bn2, number2); - pAssert(gcd != NULL); - OK = (mp_gcd( bn1, bn2, bnGcd ) == MP_OKAY); - if(OK) - { - BnFromWolf(gcd, bnGcd); - } - WOLF_LEAVE(); - return OK; -} - -//***BnModExp() -// Do modular exponentiation using bigNum values. The conversion from a mp_int to -// a bigNum is trivial as they are based on the same structure -LIB_EXPORT BOOL -BnModExp( - bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnResult, result); - MP_INITIALIZED(bnN, number); - MP_INITIALIZED(bnE, exponent); - MP_INITIALIZED(bnM, modulus); - OK = (mp_exptmod( bnN, bnE, bnM, bnResult ) == MP_OKAY); - if(OK) - { - BnFromWolf(result, bnResult); - } - - WOLF_LEAVE(); - return OK; -} - -//*** BnModInverse() -// Modular multiplicative inverse -LIB_EXPORT BOOL -BnModInverse( - bigNum result, - bigConst number, - bigConst modulus - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnResult, result); - MP_INITIALIZED(bnN, number); - MP_INITIALIZED(bnM, modulus); - - OK = (mp_invmod(bnN, bnM, bnResult) == MP_OKAY); - if(OK) - { - BnFromWolf(result, bnResult); - } - - WOLF_LEAVE(); - return OK; -} -#endif // TPM_ALG_RSA - -#if ALG_ECC - -//*** PointFromWolf() -// Function to copy the point result from a wolf ecc_point to a bigNum -void -PointFromWolf( - bigPoint pOut, // OUT: resulting point - ecc_point *pIn // IN: the point to return - ) -{ - BnFromWolf(pOut->x, pIn->x); - BnFromWolf(pOut->y, pIn->y); - BnFromWolf(pOut->z, pIn->z); -} - -//*** PointToWolf() -// Function to copy the point result from a bigNum to a wolf ecc_point -void -PointToWolf( - ecc_point *pOut, // OUT: resulting point - pointConst pIn // IN: the point to return - ) -{ - BnToWolf(pOut->x, pIn->x); - BnToWolf(pOut->y, pIn->y); - BnToWolf(pOut->z, pIn->z); -} - -//*** EcPointInitialized() -// Allocate and initialize a point. -static ecc_point * -EcPointInitialized( - pointConst initializer - ) -{ - ecc_point *P; - - P = wc_ecc_new_point(); - pAssert(P != NULL); - // mp_int x,y,z are stack allocated. - // initializer is not required - if (P != NULL && initializer != NULL) - { - PointToWolf( P, initializer ); - } - - return P; -} - -//*** BnEccModMult() -// This function does a point multiply of the form R = [d]S -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - bigCurve E - ) -{ - WOLF_ENTER(); - BOOL OK; - MP_INITIALIZED(bnD, d); - MP_INITIALIZED(bnPrime, CurveGetPrime(E)); - POINT_CREATE(pS, NULL); - POINT_CREATE(pR, NULL); - - if(S == NULL) - S = CurveGetG(AccessCurveData(E)); - - PointToWolf(pS, S); - - OK = (wc_ecc_mulmod(bnD, pS, pR, NULL, bnPrime, 1 ) == MP_OKAY); - if(OK) - { - PointFromWolf(R, pR); - } - - POINT_DELETE(pR); - POINT_DELETE(pS); - - WOLF_LEAVE(); - return !BnEqualZero(R->z); -} - -//*** BnEccModMult2() -// This function does a point multiply of the form R = [d]G + [u]Q -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccModMult2( - bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - bigCurve E // IN: curve - ) -{ - WOLF_ENTER(); - BOOL OK; - POINT_CREATE(pR, NULL); - POINT_CREATE(pS, NULL); - POINT_CREATE(pQ, Q); - MP_INITIALIZED(bnD, d); - MP_INITIALIZED(bnU, u); - MP_INITIALIZED(bnPrime, CurveGetPrime(E)); - MP_INITIALIZED(bnA, CurveGet_a(E)); - - if(S == NULL) - S = CurveGetG(AccessCurveData(E)); - PointToWolf( pS, S ); - - OK = (ecc_mul2add(pS, bnD, pQ, bnU, pR, bnA, bnPrime, NULL) == MP_OKAY); - if(OK) - { - PointFromWolf(R, pR); - } - - POINT_DELETE(pS); - POINT_DELETE(pQ); - POINT_DELETE(pR); - - WOLF_LEAVE(); - return !BnEqualZero(R->z); -} - -//** BnEccAdd() -// This function does addition of two points. -// return type: BOOL -// FALSE failure in operation; treat as result being point at infinity -LIB_EXPORT BOOL -BnEccAdd( - bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' - pointConst Q, // IN: second point - bigCurve E // IN: curve - ) -{ - WOLF_ENTER(); - BOOL OK; - mp_digit mp; - POINT_CREATE(pR, NULL); - POINT_CREATE(pS, S); - POINT_CREATE(pQ, Q); - MP_INITIALIZED(bnA, CurveGet_a(E)); - MP_INITIALIZED(bnMod, CurveGetPrime(E)); -// - OK = (mp_montgomery_setup(bnMod, &mp) == MP_OKAY); - OK = OK && (ecc_projective_add_point(pS, pQ, pR, bnA, bnMod, mp ) == MP_OKAY); - if(OK) - { - PointFromWolf(R, pR); - } - - POINT_DELETE(pS); - POINT_DELETE(pQ); - POINT_DELETE(pR); - - WOLF_LEAVE(); - return !BnEqualZero(R->z); -} - -#endif // TPM_ALG_ECC - -#endif // MATH_LIB_WOLF \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c deleted file mode 100644 index 5492e350e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c +++ /dev/null @@ -1,60 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or other - * materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Introduction -// -// The functions in this file are used for initialization of the interface to the -// wolfSSL library. - -//** Defines and Includes - -#include "Tpm.h" - -#if defined(HASH_LIB_WOLF) || defined(MATH_LIB_WOLF) || defined(SYM_LIB_WOLF) - -//*** SupportLibInit() -// This does any initialization required by the support library. -LIB_EXPORT int -SupportLibInit( - void - ) -{ -#if LIBRARY_COMPATIBILITY_CHECK - MathLibraryCompatibilityCheck(); -#endif - return TRUE; -} - -#endif // HASH_LIB_WOLF || MATH_LIB_WOLF || SYM_LIB_WOLF diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj deleted file mode 100644 index d36991af2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj +++ /dev/null @@ -1,194 +0,0 @@ - - - - - Coverage - Win32 - - - Coverage - x64 - - - WolfDebug - Win32 - - - WolfDebug - x64 - - - WolfRelease - Win32 - - - WolfRelease - x64 - - - - {73973223-5EE8-41CA-8E88-1D60E89A237B} - wolfssl - Win32Proj - 10.0.17763.0 - $(SolutionDir)..\external\wolfssl\ - - - - StaticLibrary - v141 - Unicode - true - - - StaticLibrary - v141 - Unicode - true - - - StaticLibrary - v141 - Unicode - - - StaticLibrary - v141 - Unicode - - - StaticLibrary - v141 - Unicode - - - StaticLibrary - v141 - Unicode - - - - - - - - - - - - - - - - - - - - - - - - - $(SolutionDir)\bin\$(PlatformTarget)\$(Configuration)\ - $(SolutionDir)\bin\$(ProjectName)\$(PlatformTarget)\$(Configuration)\ - $(VC_IncludePath);$(WindowsSDK_IncludePath);$(WolfRootDir) - - - - WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;CYASSL_USER_SETTINGS;%(PreprocessorDefinitions) - - - - - Disabled - true - EnableFastChecks - MultiThreadedDebugDLL - - Level4 - EditAndContinue - 4206;4214;4706;%(DisableSpecificWarnings) - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - Disabled - true - EnableFastChecks - MultiThreadedDebugDLL - - - Level4 - EditAndContinue - 4206;4214;4706;%(DisableSpecificWarnings) - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - Disabled - EnableFastChecks - MultiThreadedDebugDLL - - - Level4 - ProgramDatabase - 4206;4214;4706;%(DisableSpecificWarnings) - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - Disabled - EnableFastChecks - MultiThreadedDebugDLL - - - Level4 - ProgramDatabase - 4206;4214;4706;%(DisableSpecificWarnings) - - - - - MaxSpeed - true - MultiThreadedDLL - true - - Level3 - ProgramDatabase - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - MaxSpeed - true - MultiThreadedDLL - true - - - Level3 - ProgramDatabase - $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c deleted file mode 100644 index 52d5ecbb2..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c +++ /dev/null @@ -1,70 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -// This function is called to process a _TPM_Hash_Data indication. -LIB_EXPORT void -_TPM_Hash_Data( - uint32_t dataSize, // IN: size of data to be extend - unsigned char *data // IN: data buffer - ) -{ - UINT32 i; - HASH_OBJECT *hashObject; - TPMI_DH_PCR pcrHandle = TPMIsStarted() - ? PCR_FIRST + DRTM_PCR : PCR_FIRST + HCRTM_PCR; - -// If there is no DRTM sequence object, then _TPM_Hash_Start -// was not called so this function returns without doing -// anything. - if(g_DRTMHandle == TPM_RH_UNASSIGNED) - return; - - hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); - pAssert(hashObject->attributes.eventSeq); - - // For each of the implemented hash algorithms, update the digest with the - // data provided. - for(i = 0; i < HASH_COUNT; i++) - { - // make sure that the PCR is implemented for this algorithm - if(PcrIsAllocated(pcrHandle, - hashObject->state.hashState[i].hashAlg)) - // Update sequence object - CryptDigestUpdate(&hashObject->state.hashState[i], dataSize, data); - } - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c deleted file mode 100644 index 72d0519b1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c +++ /dev/null @@ -1,102 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -// This function is called to process a _TPM_Hash_End indication. -LIB_EXPORT void -_TPM_Hash_End( - void - ) -{ - UINT32 i; - TPM2B_DIGEST digest; - HASH_OBJECT *hashObject; - TPMI_DH_PCR pcrHandle; - - // If the DRTM handle is not being used, then either _TPM_Hash_Start has not - // been called, _TPM_Hash_End was previously called, or some other command - // was executed and the sequence was aborted. - if(g_DRTMHandle == TPM_RH_UNASSIGNED) - return; - - // Get DRTM sequence object - hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); - - // Is this _TPM_Hash_End after Startup or before - if(TPMIsStarted()) - { - // After - - // Reset the DRTM PCR - PCRResetDynamics(); - - // Extend the DRTM_PCR. - pcrHandle = PCR_FIRST + DRTM_PCR; - - // DRTM sequence increments restartCount - gr.restartCount++; - } - else - { - pcrHandle = PCR_FIRST + HCRTM_PCR; - g_DrtmPreStartup = TRUE; - } - - // Complete hash and extend PCR, or if this is an HCRTM, complete - // the hash, reset the H-CRTM register (PCR[0]) to 0...04, and then - // extend the H-CRTM data - for(i = 0; i < HASH_COUNT; i++) - { - TPMI_ALG_HASH hash = CryptHashGetAlgByIndex(i); - // make sure that the PCR is implemented for this algorithm - if(PcrIsAllocated(pcrHandle, - hashObject->state.hashState[i].hashAlg)) - { - // Complete hash - digest.t.size = CryptHashGetDigestSize(hash); - CryptHashEnd2B(&hashObject->state.hashState[i], &digest.b); - - PcrDrtm(pcrHandle, hash, &digest); - } - } - - // Flush sequence object. - FlushObject(g_DRTMHandle); - - g_DRTMHandle = TPM_RH_UNASSIGNED; - - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c deleted file mode 100644 index 9d108fef1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" - -// This function is called to process a _TPM_Hash_Start indication. -LIB_EXPORT void -_TPM_Hash_Start( - void - ) -{ - TPM_RC result; - TPMI_DH_OBJECT handle; - - // If a DRTM sequence object exists, free it up - if(g_DRTMHandle != TPM_RH_UNASSIGNED) - { - FlushObject(g_DRTMHandle); - g_DRTMHandle = TPM_RH_UNASSIGNED; - } - - // Create an event sequence object and store the handle in global - // g_DRTMHandle. A TPM_RC_OBJECT_MEMORY error may be returned at this point - // The NULL value for the first parameter will cause the sequence structure to - // be allocated without being set as present. This keeps the sequence from - // being left behind if the sequence is terminated early. - result = ObjectCreateEventSequence(NULL, &g_DRTMHandle); - - // If a free slot was not available, then free up a slot. - if(result != TPM_RC_SUCCESS) - { - // An implementation does not need to have a fixed relationship between - // slot numbers and handle numbers. To handle the general case, scan for - // a handle that is assigned and free it for the DRTM sequence. - // In the reference implementation, the relationship between handles and - // slots is fixed. So, if the call to ObjectCreateEvenSequence() - // failed indicating that all slots are occupied, then the first handle we - // are going to check (TRANSIENT_FIRST) will be occupied. It will be freed - // so that it can be assigned for use as the DRTM sequence object. - for(handle = TRANSIENT_FIRST; handle < TRANSIENT_LAST; handle++) - { - // try to flush the first object - if(IsObjectPresent(handle)) - break; - } - // If the first call to find a slot fails but none of the slots is occupied - // then there's a big problem - pAssert(handle < TRANSIENT_LAST); - - // Free the slot - FlushObject(handle); - - // Try to create an event sequence object again. This time, we must - // succeed. - result = ObjectCreateEventSequence(NULL, &g_DRTMHandle); - if(result != TPM_RC_SUCCESS) - FAIL(FATAL_ERROR_INTERNAL); - } - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c deleted file mode 100644 index 0adc0a41a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c +++ /dev/null @@ -1,90 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include "Tpm.h" -#include "_TPM_Init_fp.h" - - // This function is used to process a _TPM_Init indication. -LIB_EXPORT void -_TPM_Init( - void - ) -{ - g_powerWasLost = g_powerWasLost | _plat__WasPowerLost(); - -#if SIMULATION && DEBUG - // If power was lost and this was a simulation, put canary in RAM used by NV - // so that uninitialized memory can be detected more easily - if(g_powerWasLost) - { - memset(&gc, 0xbb, sizeof(gc)); - memset(&gr, 0xbb, sizeof(gr)); - memset(&gp, 0xbb, sizeof(gp)); - memset(&go, 0xbb, sizeof(go)); - } -#endif - -#if SIMULATION - // Clear the flag that forces failure on self-test - g_forceFailureMode = FALSE; -#endif - - // Set initialization state - TPMInit(); - - // Set g_DRTMHandle as unassigned - g_DRTMHandle = TPM_RH_UNASSIGNED; - - // No H-CRTM, yet. - g_DrtmPreStartup = FALSE; - - // Initialize the NvEnvironment. - g_nvOk = NvPowerOn(); - - // Initialize cryptographic functions - g_inFailureMode = (CryptInit() == FALSE); - if(!g_inFailureMode) - { - // Load the persistent data - NvReadPersistent(); - - // Load the orderly data (clock and DRBG state). - // If this is not done here, things break - NvRead(&go, NV_ORDERLY_DATA, sizeof(go)); - - // Start clock. Need to do this after NV has been restored. - TimePowerOn(); - } - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c deleted file mode 100644 index bc55a3b0e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c +++ /dev/null @@ -1,430 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes and Typedefs -#include "Tpm.h" - -#if TABLE_DRIVEN_DISPATCH - -typedef TPM_RC(NoFlagFunction)(void *target, BYTE **buffer, INT32 *size); -typedef TPM_RC(FlagFunction)(void *target, BYTE **buffer, INT32 *size, BOOL flag); - -typedef FlagFunction *UNMARSHAL_t; - -typedef INT16(MarshalFunction)(void *source, BYTE **buffer, INT32 *size); -typedef MarshalFunction *MARSHAL_t; - -typedef TPM_RC(COMMAND_NO_ARGS)(void); -typedef TPM_RC(COMMAND_IN_ARG)(void *in); -typedef TPM_RC(COMMAND_OUT_ARG)(void *out); -typedef TPM_RC(COMMAND_INOUT_ARG)(void *in, void *out); - -typedef union COMMAND_t -{ - COMMAND_NO_ARGS *noArgs; - COMMAND_IN_ARG *inArg; - COMMAND_OUT_ARG *outArg; - COMMAND_INOUT_ARG *inOutArg; -} COMMAND_t; - -// This structure is used by ParseHandleBuffer() and CommandDispatcher(). The -// parameters in this structure are unique for each command. The parameters are: -// command holds the address of the command processing function that is called -// by Command Dispatcher. -// inSize this is the size of the command-dependent input structure. The -// input structure holds the unmarshaled handles and command -// parameters. If the command takes no arguments (handles or -// parameters) then inSize will have a value of 0. -// outSize this is the size of the command-dependent output structure. The -// output structure holds the results of the command in an unmarshaled -// form. When command processing is completed, these values are -// marshaled into the output buffer. It is always the case that the -// unmarshaled version of an output structure is larger then the -// marshaled version. This is because the marshaled version contains -// the exact same number of significant bytes but with padding removed. -// typesOffsets this parameter points to the list of data types that are to be -// marshaled or unmarshaled. The list of types follows the 'offsets' -// array. The offsets array is variable sized so the typesOffset filed -// is necessary for the handle and command processing to be able to -// find the types that are being handled. The 'offsets' array may be -// empty. The types structure is described below. -// offsets this is an array of offsets of each of the parameters in the -// command or response. When processing the command parameters (not -// handles) the list contains the offset of the next parameter. For -// example, if the first command parameter has a size of 4 and there is -// a second command parameter, then the offset would be 4, indicating -// that the second parameter starts at 4. If the second parameter has -// a size of 8, and there is a third parameter, then the second entry -// in offsets is 12 (4 for the first parameter and 8 for the second). -// An offset value of 0 in the list indicates the start of the response -// parameter list. When CommandDispatcher hits this value, it will stop -// unmarshaling the parameters and call 'command'. If a command has no -// response parameters and only one command parameter, then offsets can -// be an empty list. - -typedef struct COMMAND_DESCRIPTOR_t -{ - COMMAND_t command; // Address of the command - UINT16 inSize; // Maximum size of the input structure - UINT16 outSize; // Maximum size of the output structure - UINT16 typesOffset; // address of the types field - UINT16 offsets[1]; -} COMMAND_DESCRIPTOR_t; - -// The 'types' list is an encoded byte array. The byte value has two parts. The most -// significant bit is used when a parameter takes a flag and indicates if the flag -// should be SET or not. The remaining 7 bits are an index into an array of -// addresses of marshaling and unmarshaling functions. -// The array of functions is divided into 6 sections with a value assigned -// to denote the start of that section (and the end of the previous section). The -// defined offset values for each section are: -// 0 unmarshaling for handles that do not take flags -// HANDLE_FIRST_FLAG_TYPE unmarshaling for handles that take flags -// PARAMETER_FIRST_TYPE unmarshaling for parameters that do not take flags -// PARAMETER_FIRST_FLAG_TYPE unmarshaling for parameters that take flags -// PARAMETER_LAST_TYPE + 1 marshaling for handles -// RESPONSE_PARAMETER_FIRST_TYPE marshaling for parameters -// RESPONSE_PARAMETER_LAST_TYPE is the last value in the list of marshaling and -// unmarshaling functions. -// -// The types list is constructed with a byte of 0xff at the end of the command -// parameters and with an 0xff at the end of the response parameters. - -#if COMPRESSED_LISTS -# define PAD_LIST 0 -#else -# define PAD_LIST 1 -#endif -#define _COMMAND_TABLE_DISPATCH_ -#include "CommandDispatchData.h" - -#define TEST_COMMAND TPM_CC_Startup - -#define NEW_CC - -#else - -#include "Commands.h" - -#endif - -//** Marshal/Unmarshal Functions - -//*** ParseHandleBuffer() -// This is the table-driven version of the handle buffer unmarshaling code -TPM_RC -ParseHandleBuffer( - COMMAND *command - ) -{ - TPM_RC result; -#if TABLE_DRIVEN_DISPATCH - COMMAND_DESCRIPTOR_t *desc; - BYTE *types; - BYTE type; - BYTE dType; - - // Make sure that nothing strange has happened - pAssert(command->index - < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); - // Get the address of the descriptor for this command - desc = s_CommandDataArray[command->index]; - - pAssert(desc != NULL); - // Get the associated list of unmarshaling data types. - types = &((BYTE *)desc)[desc->typesOffset]; - -// if(s_ccAttr[commandIndex].commandIndex == TEST_COMMAND) -// commandIndex = commandIndex; - // No handles yet - command->handleNum = 0; - - // Get the first type value - for(type = *types++; - // check each byte to make sure that we have not hit the start - // of the parameters - (dType = (type & 0x7F)) < PARAMETER_FIRST_TYPE; - // get the next type - type = *types++) - { - // See if unmarshaling of this handle type requires a flag - if(dType < HANDLE_FIRST_FLAG_TYPE) - { - // Look up the function to do the unmarshaling - NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType]; - // call it - result = f(&(command->handles[command->handleNum]), - &command->parameterBuffer, - &command->parameterSize); - } - else - { - // Look up the function - FlagFunction *f = UnmarshalArray[dType]; - - // Call it setting the flag to the appropriate value - result = f(&(command->handles[command->handleNum]), - &command->parameterBuffer, - &command->parameterSize, (type & 0x80) != 0); - } - // Got a handle - // We do this first so that the match for the handle offset of the - // response code works correctly. - command->handleNum += 1; - if(result != TPM_RC_SUCCESS) - // if the unmarshaling failed, return the response code with the - // handle indication set - return result + TPM_RC_H + (command->handleNum * TPM_RC_1); - } -#else - BYTE **handleBufferStart = &command->parameterBuffer; - INT32 *bufferRemainingSize = &command->parameterSize; - TPM_HANDLE *handles = &command->handles[0]; - UINT32 *handleCount = &command->handleNum; - *handleCount = 0; - switch(command->code) - { -#include "HandleProcess.h" -#undef handles - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } -#endif - return TPM_RC_SUCCESS; -} - -//*** CommandDispatcher() -// Function to unmarshal the command parameters, call the selected action code, and -// marshal the response parameters. -TPM_RC -CommandDispatcher( - COMMAND *command - ) -{ -#if !TABLE_DRIVEN_DISPATCH - TPM_RC result; - BYTE **paramBuffer = &command->parameterBuffer; - INT32 *paramBufferSize = &command->parameterSize; - BYTE **responseBuffer = &command->responseBuffer; - INT32 *respParmSize = &command->parameterSize; - INT32 rSize; - TPM_HANDLE *handles = &command->handles[0]; -// - command->handleNum = 0; // The command-specific code knows how - // many handles there are. This is for - // cataloging the number of response - // handles - MemoryIoBufferAllocationReset(); // Initialize so that allocation will - // work properly - switch(GetCommandCode(command->index)) - { -#include "CommandDispatcher.h" - - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } -Exit: - MemoryIoBufferZero(); - return result; -#else - COMMAND_DESCRIPTOR_t *desc; - BYTE *types; - BYTE type; - UINT16 *offsets; - UINT16 offset = 0; - UINT32 maxInSize; - BYTE *commandIn; - INT32 maxOutSize; - BYTE *commandOut; - COMMAND_t cmd; - TPM_HANDLE *handles; - UINT32 hasInParameters = 0; - BOOL hasOutParameters = FALSE; - UINT32 pNum = 0; - BYTE dType; // dispatch type - TPM_RC result; -// - // Get the address of the descriptor for this command - pAssert(command->index - < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); - desc = s_CommandDataArray[command->index]; - - // Get the list of parameter types for this command - pAssert(desc != NULL); - types = &((BYTE *)desc)[desc->typesOffset]; - - // Get a pointer to the list of parameter offsets - offsets = &desc->offsets[0]; - // pointer to handles - handles = command->handles; - - // Get the size required to hold all the unmarshaled parameters for this command - maxInSize = desc->inSize; - // and the size of the output parameter structure returned by this command - maxOutSize = desc->outSize; - - MemoryIoBufferAllocationReset(); - // Get a buffer for the input parameters - commandIn = MemoryGetInBuffer(maxInSize); - // And the output parameters - commandOut = (BYTE *)MemoryGetOutBuffer((UINT32)maxOutSize); - - // Get the address of the action code dispatch - cmd = desc->command; - - // Copy any handles into the input buffer - for(type = *types++; (type & 0x7F) < PARAMETER_FIRST_TYPE; type = *types++) - { - // 'offset' was initialized to zero so the first unmarshaling will always - // be to the start of the data structure - *(TPM_HANDLE *)&(commandIn[offset]) = *handles++; - // This check is used so that we don't have to add an additional offset - // value to the offsets list to correspond to the stop value in the - // command parameter list. - if(*types != 0xFF) - offset = *offsets++; -// maxInSize -= sizeof(TPM_HANDLE); - hasInParameters++; - } - // Exit loop with type containing the last value read from types - // maxInSize has the amount of space remaining in the command action input - // buffer. Make sure that we don't have more data to unmarshal than is going to - // fit. - - // type contains the last value read from types so it is not necessary to - // reload it, which is good because *types now points to the next value - for(; (dType = (type & 0x7F)) <= PARAMETER_LAST_TYPE; type = *types++) - { - pNum++; - if(dType < PARAMETER_FIRST_FLAG_TYPE) - { - NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType]; - result = f(&commandIn[offset], &command->parameterBuffer, - &command->parameterSize); - } - else - { - FlagFunction *f = UnmarshalArray[dType]; - result = f(&commandIn[offset], &command->parameterBuffer, - &command->parameterSize, - (type & 0x80) != 0); - } - if(result != TPM_RC_SUCCESS) - { - result += TPM_RC_P + (TPM_RC_1 * pNum); - goto Exit; - } - - // This check is used so that we don't have to add an additional offset - // value to the offsets list to correspond to the stop value in the - // command parameter list. - if(*types != 0xFF) - offset = *offsets++; - hasInParameters++; - } - // Should have used all the bytes in the input - if(command->parameterSize != 0) - { - result = TPM_RC_SIZE; - goto Exit; - } - - // The command parameter unmarshaling stopped when it hit a value that was out - // of range for unmarshaling values and left *types pointing to the first - // marshaling type. If that type happens to be the STOP value, then there - // are no response parameters. So, set the flag to indicate if there are - // output parameters. - hasOutParameters = *types != 0xFF; - - // There are four cases for calling, with and without input parameters and with - // and without output parameters. - if(hasInParameters > 0) - { - if(hasOutParameters) - result = cmd.inOutArg(commandIn, commandOut); - else - result = cmd.inArg(commandIn); - } - else - { - if(hasOutParameters) - result = cmd.outArg(commandOut); - else - result = cmd.noArgs(); - } - if(result != TPM_RC_SUCCESS) - goto Exit; - - // Offset in the marshaled output structure - offset = 0; - - // Process the return handles, if any - command->handleNum = 0; - - // Could make this a loop to process output handles but there is only ever - // one handle in the outputs (for now). - type = *types++; - if((dType = (type & 0x7F)) < RESPONSE_PARAMETER_FIRST_TYPE) - { - // The out->handle value was referenced as TPM_HANDLE in the - // action code so it has to be properly aligned. - command->handles[command->handleNum++] = - *((TPM_HANDLE *)&(commandOut[offset])); - maxOutSize -= sizeof(UINT32); - type = *types++; - offset = *offsets++; - } - // Use the size of the command action output buffer as the maximum for the - // number of bytes that can get marshaled. Since the marshaling code has - // no pointers to data, all of the data being returned has to be in the - // command action output buffer. If we try to marshal more bytes than - // could fit into the output buffer, we need to fail. - for(;(dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE - && !g_inFailureMode; type = *types++) - { - const MARSHAL_t f = MarshalArray[dType]; - - command->parameterSize += f(&commandOut[offset], - &command->responseBuffer, - &maxOutSize); - offset = *offsets++; - } - result = (maxOutSize < 0) ? TPM_RC_FAILURE : TPM_RC_SUCCESS; -Exit: - MemoryIoBufferZero(); - return result; -#endif -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c deleted file mode 100644 index d7673c5d0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c +++ /dev/null @@ -1,317 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains the entry function ExecuteCommand() which provides the main -// control flow for TPM command execution. - -//** Includes - -#include "Tpm.h" -#include "ExecCommand_fp.h" - -// Uncomment this next #include if doing static command/response buffer sizing -// #include "CommandResponseSizes_fp.h" - -//** ExecuteCommand() -// -// The function performs the following steps. -// -// a) Parses the command header from input buffer. -// b) Calls ParseHandleBuffer() to parse the handle area of the command. -// c) Validates that each of the handles references a loaded entity. -// d) Calls ParseSessionBuffer () to: -// 1) unmarshal and parse the session area; -// 2) check the authorizations; and -// 3) when necessary, decrypt a parameter. -// e) Calls CommandDispatcher() to: -// 1) unmarshal the command parameters from the command buffer; -// 2) call the routine that performs the command actions; and -// 3) marshal the responses into the response buffer. -// f) If any error occurs in any of the steps above create the error response -// and return. -// g) Calls BuildResponseSessions() to: -// 1) when necessary, encrypt a parameter -// 2) build the response authorization sessions -// 3) update the audit sessions and nonces -// h) Calls BuildResponseHeader() to complete the construction of the response. -// -// 'responseSize' is set by the caller to the maximum number of bytes available in -// the output buffer. ExecuteCommand will adjust the value and return the number -// of bytes placed in the buffer. -// -// 'response' is also set by the caller to indicate the buffer into which -// ExecuteCommand is to place the response. -// -// 'request' and 'response' may point to the same buffer -// -// Note: As of February, 2016, the failure processing has been moved to the -// platform-specific code. When the TPM code encounters an unrecoverable failure, it -// will SET g_inFailureMode and call _plat__Fail(). That function should not return -// but may call ExecuteCommand(). -// -LIB_EXPORT void -ExecuteCommand( - uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer - ) -{ - // Command local variables - UINT32 commandSize; - COMMAND command; - - // Response local variables - UINT32 maxResponse = *responseSize; - TPM_RC result; // return code for the command - -// This next function call is used in development to size the command and response -// buffers. The values printed are the sizes of the internal structures and -// not the sizes of the canonical forms of the command response structures. Also, -// the sizes do not include the tag, command.code, requestSize, or the authorization -// fields. -//CommandResponseSizes(); - // Set flags for NV access state. This should happen before any other - // operation that may require a NV write. Note, that this needs to be done - // even when in failure mode. Otherwise, g_updateNV would stay SET while in - // Failure mode and the NV would be written on each call. - g_updateNV = UT_NONE; - g_clearOrderly = FALSE; - if(g_inFailureMode) - { - // Do failure mode processing - TpmFailureMode(requestSize, request, responseSize, response); - return; - } - // Query platform to get the NV state. The result state is saved internally - // and will be reported by NvIsAvailable(). The reference code requires that - // accessibility of NV does not change during the execution of a command. - // Specifically, if NV is available when the command execution starts and then - // is not available later when it is necessary to write to NV, then the TPM - // will go into failure mode. - NvCheckState(); - - // Due to the limitations of the simulation, TPM clock must be explicitly - // synchronized with the system clock whenever a command is received. - // This function call is not necessary in a hardware TPM. However, taking - // a snapshot of the hardware timer at the beginning of the command allows - // the time value to be consistent for the duration of the command execution. - TimeUpdateToCurrent(); - - // Any command through this function will unceremoniously end the - // _TPM_Hash_Data/_TPM_Hash_End sequence. - if(g_DRTMHandle != TPM_RH_UNASSIGNED) - ObjectTerminateEvent(); - - // Get command buffer size and command buffer. - command.parameterBuffer = request; - command.parameterSize = requestSize; - - // Parse command header: tag, commandSize and command.code. - // First parse the tag. The unmarshaling routine will validate - // that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS. - result = TPMI_ST_COMMAND_TAG_Unmarshal(&command.tag, - &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Unmarshal the commandSize indicator. - result = UINT32_Unmarshal(&commandSize, - &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // On a TPM that receives bytes on a port, the number of bytes that were - // received on that port is requestSize it must be identical to commandSize. - // In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed - // by the implementation. The check against MAX_COMMAND_SIZE may be redundant - // as the input processing (the function that receives the command bytes and - // places them in the input buffer) would likely have the input truncated when - // it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize. - if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE) - { - result = TPM_RC_COMMAND_SIZE; - goto Cleanup; - } - // Unmarshal the command code. - result = TPM_CC_Unmarshal(&command.code, &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Check to see if the command is implemented. - command.index = CommandCodeToCommandIndex(command.code); - if(UNIMPLEMENTED_COMMAND_INDEX == command.index) - { - result = TPM_RC_COMMAND_CODE; - goto Cleanup; - } -#if FIELD_UPGRADE_IMPLEMENTED == YES - // If the TPM is in FUM, then the only allowed command is - // TPM_CC_FieldUpgradeData. - if(IsFieldUgradeMode() && (command.code != TPM_CC_FieldUpgradeData)) - { - result = TPM_RC_UPGRADE; - goto Cleanup; - } - else -#endif - // Excepting FUM, the TPM only accepts TPM2_Startup() after - // _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup() - // is no longer allowed. - if((!TPMIsStarted() && command.code != TPM_CC_Startup) - || (TPMIsStarted() && command.code == TPM_CC_Startup)) - { - result = TPM_RC_INITIALIZE; - goto Cleanup; - } -// Start regular command process. - NvIndexCacheInit(); - // Parse Handle buffer. - result = ParseHandleBuffer(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // All handles in the handle area are required to reference TPM-resident - // entities. - result = EntityGetLoadStatus(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Authorization session handling for the command. - ClearCpRpHashes(&command); - if(command.tag == TPM_ST_SESSIONS) - { - // Find out session buffer size. - result = UINT32_Unmarshal((UINT32 *)&command.authSize, - &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Perform sanity check on the unmarshaled value. If it is smaller than - // the smallest possible session or larger than the remaining size of - // the command, then it is an error. NOTE: This check could pass but the - // session size could still be wrong. That will be determined after the - // sessions are unmarshaled. - if(command.authSize < 9 - || command.authSize > command.parameterSize) - { - result = TPM_RC_SIZE; - goto Cleanup; - } - command.parameterSize -= command.authSize; - - // The actions of ParseSessionBuffer() are described in the introduction. - // As the sessions are parsed command.parameterBuffer is advanced so, on a - // successful return, command.parameterBuffer should be pointing at the - // first byte of the parameters. - result = ParseSessionBuffer(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - } - else - { - command.authSize = 0; - // The command has no authorization sessions. - // If the command requires authorizations, then CheckAuthNoSession() will - // return an error. - result = CheckAuthNoSession(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - } - // Set up the response buffer pointers. CommandDispatch will marshal the - // response parameters starting at the address in command.responseBuffer. -//*response = MemoryGetResponseBuffer(command.index); - // leave space for the command header - command.responseBuffer = *response + STD_RESPONSE_HEADER; - - // leave space for the parameter size field if needed - if(command.tag == TPM_ST_SESSIONS) - command.responseBuffer += sizeof(UINT32); - if(IsHandleInResponse(command.index)) - command.responseBuffer += sizeof(TPM_HANDLE); - - // CommandDispatcher returns a response handle buffer and a response parameter - // buffer if it succeeds. It will also set the parameterSize field in the - // buffer if the tag is TPM_RC_SESSIONS. - result = CommandDispatcher(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - - // Build the session area at the end of the parameter area. - BuildResponseSession(&command); - -Cleanup: - if(g_clearOrderly == TRUE - && NV_IS_ORDERLY) - { -#if USE_DA_USED - gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE; -#else - gp.orderlyState = SU_NONE_VALUE; -#endif - NV_SYNC_PERSISTENT(orderlyState); - } - // This implementation loads an "evict" object to a transient object slot in - // RAM whenever an "evict" object handle is used in a command so that the - // access to any object is the same. These temporary objects need to be - // cleared from RAM whether the command succeeds or fails. - ObjectCleanupEvict(); - - // The parameters and sessions have been marshaled. Now tack on the header and - // set the sizes - BuildResponseHeader(&command, *response, result); - - // Try to commit all the writes to NV if any NV write happened during this - // command execution. This check should be made for both succeeded and failed - // commands, because a failed one may trigger a NV write in DA logic as well. - // This is the only place in the command execution path that may call the NV - // commit. If the NV commit fails, the TPM should be put in failure mode. - if((g_updateNV != UT_NONE) && !g_inFailureMode) - { - if(g_updateNV == UT_ORDERLY) - NvUpdateIndexOrderlyData(); - if(!NvCommit()) - FAIL(FATAL_ERROR_INTERNAL); - g_updateNV = UT_NONE; - } - pAssert((UINT32)command.parameterSize <= maxResponse); - - // Clear unused bits in response buffer. - MemorySet(*response + *responseSize, 0, maxResponse - *responseSize); - - // as a final act, and not before, update the response size. - *responseSize = (UINT32)command.parameterSize; - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c deleted file mode 100644 index bd7f89f1e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c +++ /dev/null @@ -1,2242 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the subsystem that process the authorization sessions -// including implementation of the Dictionary Attack logic. ExecCommand() uses -// ParseSessionBuffer() to process the authorization session area of a command and -// BuildResponseSession() to create the authorization session area of a response. - -//** Includes and Data Definitions - -#define SESSION_PROCESS_C - -#include "Tpm.h" - -// -//** Authorization Support Functions -// - -//*** IsDAExempted() -// This function indicates if a handle is exempted from DA logic. -// A handle is exempted if it is -// 1. a primary seed handle, -// 2. an object with noDA bit SET, -// 3. an NV Index with TPMA_NV_NO_DA bit SET, or -// 4. a PCR handle. -// -// Return Type: BOOL -// TRUE(1) handle is exempted from DA logic -// FALSE(0) handle is not exempted from DA logic -BOOL -IsDAExempted( - TPM_HANDLE handle // IN: entity handle - ) -{ - BOOL result = FALSE; -// - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - // All permanent handles, other than TPM_RH_LOCKOUT, are exempt from - // DA protection. - result = (handle != TPM_RH_LOCKOUT); - break; - // When this function is called, a persistent object will have been loaded - // into an object slot and assigned a transient handle. - case TPM_HT_TRANSIENT: - { - TPMA_OBJECT attributes = ObjectGetPublicAttributes(handle); - result = IS_ATTRIBUTE(attributes, TPMA_OBJECT, noDA); - break; - } - case TPM_HT_NV_INDEX: - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - result = IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, NO_DA); - break; - } - case TPM_HT_PCR: - // PCRs are always exempted from DA. - result = TRUE; - break; - default: - break; - } - return result; -} - -//*** IncrementLockout() -// This function is called after an authorization failure that involves use of -// an authValue. If the entity referenced by the handle is not exempt from DA -// protection, then the failedTries counter will be incremented. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_FAIL authorization failure that caused DA lockout to increment -// TPM_RC_BAD_AUTH authorization failure did not cause DA lockout to -// increment -static TPM_RC -IncrementLockout( - UINT32 sessionIndex - ) -{ - TPM_HANDLE handle = s_associatedHandles[sessionIndex]; - TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; - SESSION *session = NULL; -// - // Don't increment lockout unless the handle associated with the session - // is DA protected or the session is bound to a DA protected entity. - if(sessionHandle == TPM_RS_PW) - { - if(IsDAExempted(handle)) - return TPM_RC_BAD_AUTH; - } - else - { - session = SessionGet(sessionHandle); - // If the session is bound to lockout, then use that as the relevant - // handle. This means that an authorization failure with a bound session - // bound to lockoutAuth will take precedence over any other - // lockout check - if(session->attributes.isLockoutBound == SET) - handle = TPM_RH_LOCKOUT; - if(session->attributes.isDaBound == CLEAR - && (IsDAExempted(handle) || session->attributes.includeAuth == CLEAR)) - // If the handle was changed to TPM_RH_LOCKOUT, this will not return - // TPM_RC_BAD_AUTH - return TPM_RC_BAD_AUTH; - } - if(handle == TPM_RH_LOCKOUT) - { - pAssert(gp.lockOutAuthEnabled == TRUE); - - // lockout is no longer enabled - gp.lockOutAuthEnabled = FALSE; - - // For TPM_RH_LOCKOUT, if lockoutRecovery is 0, no need to update NV since - // the lockout authorization will be reset at startup. - if(gp.lockoutRecovery != 0) - { - if(NV_IS_AVAILABLE) - // Update NV. - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - else - // No NV access for now. Put the TPM in pending mode. - s_DAPendingOnNV = TRUE; - } - } - else - { - if(gp.recoveryTime != 0) - { - gp.failedTries++; - if(NV_IS_AVAILABLE) - // Record changes to NV. NvWrite will SET g_updateNV - NV_SYNC_PERSISTENT(failedTries); - else - // No NV access for now. Put the TPM in pending mode. - s_DAPendingOnNV = TRUE; - } - } - // Register a DA failure and reset the timers. - DARegisterFailure(handle); - - return TPM_RC_AUTH_FAIL; -} - -//*** IsSessionBindEntity() -// This function indicates if the entity associated with the handle is the entity, -// to which this session is bound. The binding would occur by making the "bind" -// parameter in TPM2_StartAuthSession() not equal to TPM_RH_NULL. The binding only -// occurs if the session is an HMAC session. The bind value is a combination of -// the Name and the authValue of the entity. -// -// Return Type: BOOL -// TRUE(1) handle points to the session start entity -// FALSE(0) handle does not point to the session start entity -static BOOL -IsSessionBindEntity( - TPM_HANDLE associatedHandle, // IN: handle to be authorized - SESSION *session // IN: associated session - ) -{ - TPM2B_NAME entity; // The bind value for the entity -// - // If the session is not bound, return FALSE. - if(session->attributes.isBound) - { - // Compute the bind value for the entity. - SessionComputeBoundEntity(associatedHandle, &entity); - - // Compare to the bind value in the session. - return MemoryEqual2B(&entity.b, &session->u1.boundEntity.b); - } - return FALSE; -} - -//*** IsPolicySessionRequired() -// Checks if a policy session is required for a command. If a command requires -// DUP or ADMIN role authorization, then the handle that requires that role is the -// first handle in the command. This simplifies this checking. If a new command -// is created that requires multiple ADMIN role authorizations, then it will -// have to be special-cased in this function. -// A policy session is required if: -// 1. the command requires the DUP role, -// 2. the command requires the ADMIN role and the authorized entity -// is an object and its adminWithPolicy bit is SET, or -// 3. the command requires the ADMIN role and the authorized entity -// is a permanent handle or an NV Index. -// 4. The authorized entity is a PCR belonging to a policy group, and -// has its policy initialized -// Return Type: BOOL -// TRUE(1) policy session is required -// FALSE(0) policy session is not required -static BOOL -IsPolicySessionRequired( - COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) -{ - AUTH_ROLE role = CommandAuthRole(commandIndex, sessionIndex); - TPM_HT type = HandleGetType(s_associatedHandles[sessionIndex]); -// - if(role == AUTH_DUP) - return TRUE; - if(role == AUTH_ADMIN) - { - // We allow an exception for ADMIN role in a transient object. If the object - // allows ADMIN role actions with authorization, then policy is not - // required. For all other cases, there is no way to override the command - // requirement that a policy be used - if(type == TPM_HT_TRANSIENT) - { - OBJECT *object = HandleToObject(s_associatedHandles[sessionIndex]); - - if(!IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, - adminWithPolicy)) - return FALSE; - } - return TRUE; - } - - if(type == TPM_HT_PCR) - { - if(PCRPolicyIsAvailable(s_associatedHandles[sessionIndex])) - { - TPM2B_DIGEST policy; - TPMI_ALG_HASH policyAlg; - policyAlg = PCRGetAuthPolicy(s_associatedHandles[sessionIndex], - &policy); - if(policyAlg != TPM_ALG_NULL) - return TRUE; - } - } - return FALSE; -} - -//*** IsAuthValueAvailable() -// This function indicates if authValue is available and allowed for USER role -// authorization of an entity. -// -// This function is similar to IsAuthPolicyAvailable() except that it does not -// check the size of the authValue as IsAuthPolicyAvailable() does (a null -// authValue is a valid authorization, but a null policy is not a valid policy). -// -// This function does not check that the handle reference is valid or if the entity -// is in an enabled hierarchy. Those checks are assumed to have been performed -// during the handle unmarshaling. -// -// Return Type: BOOL -// TRUE(1) authValue is available -// FALSE(0) authValue is not available -static BOOL -IsAuthValueAvailable( - TPM_HANDLE handle, // IN: handle of entity - COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) -{ - BOOL result = FALSE; -// - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - switch(handle) - { - // At this point hierarchy availability has already been - // checked so primary seed handles are always available here - case TPM_RH_OWNER: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM: -#ifdef VENDOR_PERMANENT - // This vendor defined handle associated with the - // manufacturer's shared secret - case VENDOR_PERMANENT: -#endif - // The DA checking has been performed on LockoutAuth but we - // bypass the DA logic if we are using lockout policy. The - // policy would allow execution to continue an lockoutAuth - // could be used, even if direct use of lockoutAuth is disabled - case TPM_RH_LOCKOUT: - // NullAuth is always available. - case TPM_RH_NULL: - result = TRUE; - break; - default: - // Otherwise authValue is not available. - break; - } - break; - case TPM_HT_TRANSIENT: - // A persistent object has already been loaded and the internal - // handle changed. - { - OBJECT *object; - TPMA_OBJECT attributes; -// - object = HandleToObject(handle); - attributes = object->publicArea.objectAttributes; - - // authValue is always available for a sequence object. - // An alternative for this is to - // SET_ATTRIBUTE(object->publicArea, TPMA_OBJECT, userWithAuth) when the - // sequence is started. - if(ObjectIsSequence(object)) - { - result = TRUE; - break; - } - // authValue is available for an object if it has its sensitive - // portion loaded and - // 1. userWithAuth bit is SET, or - // 2. ADMIN role is required - if(object->attributes.publicOnly == CLEAR - && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, userWithAuth) - || (CommandAuthRole(commandIndex, sessionIndex) == AUTH_ADMIN - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, adminWithPolicy)))) - result = TRUE; - } - break; - case TPM_HT_NV_INDEX: - // NV Index. - { - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(handle, &locator); - TPMA_NV nvAttributes; -// - pAssert(nvIndex != 0); - - nvAttributes = nvIndex->publicArea.attributes; - - if(IsWriteOperation(commandIndex)) - { - // AuthWrite can't be set for a PIN index - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHWRITE)) - result = TRUE; - } - else - { - // A "read" operation - // For a PIN Index, the authValue is available as long as the - // Index has been written and the pinCount is less than pinLimit - if(IsNvPinFailIndex(nvAttributes) - || IsNvPinPassIndex(nvAttributes)) - { - NV_PIN pin; - if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) - break; // return false - // get the index values - pin.intVal = NvGetUINT64Data(nvIndex, locator); - if(pin.pin.pinCount < pin.pin.pinLimit) - result = TRUE; - } - // For non-PIN Indexes, need to allow use of the authValue - else if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHREAD)) - result = TRUE; - } - } - break; - case TPM_HT_PCR: - // PCR handle. - // authValue is always allowed for PCR - result = TRUE; - break; - default: - // Otherwise, authValue is not available - break; - } - return result; -} - -//*** IsAuthPolicyAvailable() -// This function indicates if an authPolicy is available and allowed. -// -// This function does not check that the handle reference is valid or if the entity -// is in an enabled hierarchy. Those checks are assumed to have been performed -// during the handle unmarshaling. -// -// Return Type: BOOL -// TRUE(1) authPolicy is available -// FALSE(0) authPolicy is not available -static BOOL -IsAuthPolicyAvailable( - TPM_HANDLE handle, // IN: handle of entity - COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) -{ - BOOL result = FALSE; -// - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - switch(handle) - { - // At this point hierarchy availability has already been checked. - case TPM_RH_OWNER: - if(gp.ownerPolicy.t.size != 0) - result = TRUE; - break; - case TPM_RH_ENDORSEMENT: - if(gp.endorsementPolicy.t.size != 0) - result = TRUE; - break; - case TPM_RH_PLATFORM: - if(gc.platformPolicy.t.size != 0) - result = TRUE; - break; - case TPM_RH_LOCKOUT: - if(gp.lockoutPolicy.t.size != 0) - result = TRUE; - break; - default: - break; - } - break; - case TPM_HT_TRANSIENT: - { - // Object handle. - // An evict object would already have been loaded and given a - // transient object handle by this point. - OBJECT *object = HandleToObject(handle); - // Policy authorization is not available for an object with only - // public portion loaded. - if(object->attributes.publicOnly == CLEAR) - { - // Policy authorization is always available for an object but - // is never available for a sequence. - if(!ObjectIsSequence(object)) - result = TRUE; - } - break; - } - case TPM_HT_NV_INDEX: - // An NV Index. - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - TPMA_NV nvAttributes = nvIndex->publicArea.attributes; -// - // If the policy size is not zero, check if policy can be used. - if(nvIndex->publicArea.authPolicy.t.size != 0) - { - // If policy session is required for this handle, always - // uses policy regardless of the attributes bit setting - if(IsPolicySessionRequired(commandIndex, sessionIndex)) - result = TRUE; - // Otherwise, the presence of the policy depends on the NV - // attributes. - else if(IsWriteOperation(commandIndex)) - { - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYWRITE)) - result = TRUE; - } - else - { - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYREAD)) - result = TRUE; - } - } - } - break; - case TPM_HT_PCR: - // PCR handle. - if(PCRPolicyIsAvailable(handle)) - result = TRUE; - break; - default: - break; - } - return result; -} - -//** Session Parsing Functions - -//*** ClearCpRpHashes() -void -ClearCpRpHashes( - COMMAND *command - ) -{ -#if ALG_SHA1 - command->sha1CpHash.t.size = 0; - command->sha1RpHash.t.size = 0; -#endif -#if ALG_SHA256 - command->sha256CpHash.t.size = 0; - command->sha256RpHash.t.size = 0; -#endif -#if ALG_SHA384 - command->sha384CpHash.t.size = 0; - command->sha384RpHash.t.size = 0; -#endif -#if ALG_SHA512 - command->sha512CpHash.t.size = 0; - command->sha512RpHash.t.size = 0; -#endif -#if ALG_SM3_256 - command->sm3_256CpHash.t.size = 0; - command->sm3_256RpHash.t.size = 0; -#endif -} - - -//*** GetCpHashPointer() -// Function to get a pointer to the cpHash of the command -static TPM2B_DIGEST * -GetCpHashPointer( - COMMAND *command, - TPMI_ALG_HASH hashAlg - ) -{ - TPM2B_DIGEST *retVal; -// - switch(hashAlg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha1CpHash; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha256CpHash; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha384CpHash; - break; -#endif -#if ALG_SHA512 - case ALG_SHA512_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha512CpHash; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - retVal = (TPM2B_DIGEST *)&command->sm3_256CpHash; - break; -#endif - default: - retVal = NULL; - break; - } - return retVal; -} - -//*** GetRpHashPointer() -// Function to get a pointer to the RpHash of the command -static TPM2B_DIGEST * -GetRpHashPointer( - COMMAND *command, - TPMI_ALG_HASH hashAlg - ) -{ - TPM2B_DIGEST *retVal; -// - switch(hashAlg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha1RpHash; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha256RpHash; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha384RpHash; - break; -#endif -#if ALG_SHA512 - case ALG_SHA512_VALUE: - retVal = (TPM2B_DIGEST *)&command->sha512RpHash; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - retVal = (TPM2B_DIGEST *)&command->sm3_256RpHash; - break; -#endif - default: - retVal = NULL; - break; - } - return retVal; -} - - -//*** ComputeCpHash() -// This function computes the cpHash as defined in Part 2 and described in Part 1. -static TPM2B_DIGEST * -ComputeCpHash( - COMMAND *command, // IN: command parsing structure - TPMI_ALG_HASH hashAlg // IN: hash algorithm - ) -{ - UINT32 i; - HASH_STATE hashState; - TPM2B_NAME name; - TPM2B_DIGEST *cpHash; -// - // cpHash = hash(commandCode [ || authName1 - // [ || authName2 - // [ || authName 3 ]]] - // [ || parameters]) - // A cpHash can contain just a commandCode only if the lone session is - // an audit session. - // Get pointer to the hash value - cpHash = GetCpHashPointer(command, hashAlg); - if(cpHash->t.size == 0) - { - cpHash->t.size = CryptHashStart(&hashState, hashAlg); - // Add commandCode. - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); - // Add authNames for each of the handles. - for(i = 0; i < command->handleNum; i++) - CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i], - &name)->b); - // Add the parameters. - CryptDigestUpdate(&hashState, command->parameterSize, - command->parameterBuffer); - // Complete the hash. - CryptHashEnd2B(&hashState, &cpHash->b); - } - return cpHash; -} - -//*** GetCpHash() -// This function is used to access a precomputed cpHash. -static TPM2B_DIGEST * -GetCpHash( - COMMAND *command, - TPMI_ALG_HASH hashAlg - ) -{ - TPM2B_DIGEST *cpHash = GetCpHashPointer(command, hashAlg); - // - pAssert(cpHash->t.size != 0); - return cpHash; -} - -//*** CompareTemplateHash() -// This function computes the template hash and compares it to the session -// templateHash. It is the hash of the second parameter -// assuming that the command is TPM2_Create(), TPM2_CreatePrimary(), or -// TPM2_CreateLoaded() -// Return Type: BOOL -// TRUE(1) template hash equal to session->templateHash -// FALSE(0) template hash not equal to session->templateHash -static BOOL -CompareTemplateHash( - COMMAND *command, // IN: parsing structure - SESSION *session // IN: session data - ) -{ - BYTE *pBuffer = command->parameterBuffer; - INT32 pSize = command->parameterSize; - TPM2B_DIGEST tHash; - UINT16 size; -// - // Only try this for the three commands for which it is intended - if(command->code != TPM_CC_Create - && command->code != TPM_CC_CreatePrimary -#if CC_CreateLoaded - && command->code != TPM_CC_CreateLoaded -#endif - ) - return FALSE; - // Assume that the first parameter is a TPM2B and unmarshal the size field - // Note: this will not affect the parameter buffer and size in the calling - // function. - if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) - return FALSE; - // reduce the space in the buffer. - // NOTE: this could make pSize go negative if the parameters are not correct but - // the unmarshaling code does not try to unmarshal if the remaining size is - // negative. - pSize -= size; - - // Advance the pointer - pBuffer += size; - - // Get the size of what should be the template - if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) - return FALSE; - // See if this is reasonable - if(size > pSize) - return FALSE; - // Hash the template data - tHash.t.size = CryptHashBlock(session->authHashAlg, size, pBuffer, - sizeof(tHash.t.buffer), tHash.t.buffer); - return(MemoryEqual2B(&session->u1.templateHash.b, &tHash.b)); -} - -//*** CompareNameHash() -// This function computes the name hash and compares it to the nameHash in the -// session data. -BOOL -CompareNameHash( - COMMAND *command, // IN: main parsing structure - SESSION *session // IN: session structure with nameHash - ) -{ - HASH_STATE hashState; - TPM2B_DIGEST nameHash; - UINT32 i; - TPM2B_NAME name; -// - nameHash.t.size = CryptHashStart(&hashState, session->authHashAlg); - // Add names. - for(i = 0; i < command->handleNum; i++) - CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i], - &name)->b); - // Complete hash. - CryptHashEnd2B(&hashState, &nameHash.b); - // and compare - return MemoryEqual(session->u1.nameHash.t.buffer, nameHash.t.buffer, - nameHash.t.size); -} - -//*** CheckPWAuthSession() -// This function validates the authorization provided in a PWAP session. It -// compares the input value to authValue of the authorized entity. Argument -// sessionIndex is used to get handles handle of the referenced entities from -// s_inputAuthValues[] and s_associatedHandles[]. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_FAIL authorization fails and increments DA failure -// count -// TPM_RC_BAD_AUTH authorization fails but DA does not apply -// -static TPM_RC -CheckPWAuthSession( - UINT32 sessionIndex // IN: index of session to be processed - ) -{ - TPM2B_AUTH authValue; - TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; -// - // Strip trailing zeros from the password. - MemoryRemoveTrailingZeros(&s_inputAuthValues[sessionIndex]); - - // Get the authValue with trailing zeros removed - EntityGetAuthValue(associatedHandle, &authValue); - - // Success if the values are identical. - if(MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &authValue.b)) - { - return TPM_RC_SUCCESS; - } - else // if the digests are not identical - { - // Invoke DA protection if applicable. - return IncrementLockout(sessionIndex); - } -} - -//*** ComputeCommandHMAC() -// This function computes the HMAC for an authorization session in a command. -/*(See part 1 specification -- this tag keeps this comment from showing up in -// merged document which is probably good because this comment doesn't look right. -// The sessionAuth value -// authHMAC := HMACsHash((sessionKey | authValue), -// (pHash | nonceNewer | nonceOlder | nonceTPMencrypt-only -// | nonceTPMaudit | sessionAttributes)) -// Where: -// HMACsHash() The HMAC algorithm using the hash algorithm specified -// when the session was started. -// -// sessionKey A value that is computed in a protocol-dependent way, -// using KDFa. When used in an HMAC or KDF, the size field -// for this value is not included. -// -// authValue A value that is found in the sensitive area of an entity. -// When used in an HMAC or KDF, the size field for this -// value is not included. -// -// pHash Hash of the command (cpHash) using the session hash. -// When using a pHash in an HMAC computation, only the -// digest is used. -// -// nonceNewer A value that is generated by the entity using the -// session. A new nonce is generated on each use of the -// session. For a command, this will be nonceCaller. -// When used in an HMAC or KDF, the size field is not used. -// -// nonceOlder A TPM2B_NONCE that was received the previous time the -// session was used. For a command, this is nonceTPM. -// When used in an HMAC or KDF, the size field is not used. -// -// nonceTPMdecrypt The nonceTPM of the decrypt session is included in -// the HMAC, but only in the command. -// -// nonceTPMencrypt The nonceTPM of the encrypt session is included in -// the HMAC but only in the command. -// -// sessionAttributes A byte indicating the attributes associated with the -// particular use of the session. -*/ -static TPM2B_DIGEST * -ComputeCommandHMAC( - COMMAND *command, // IN: primary control structure - UINT32 sessionIndex, // IN: index of session to be processed - TPM2B_DIGEST *hmac // OUT: authorization HMAC - ) -{ - TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); - TPM2B_KEY key; - BYTE marshalBuffer[sizeof(TPMA_SESSION)]; - BYTE *buffer; - UINT32 marshalSize; - HMAC_STATE hmacState; - TPM2B_NONCE *nonceDecrypt; - TPM2B_NONCE *nonceEncrypt; - SESSION *session; -// - nonceDecrypt = NULL; - nonceEncrypt = NULL; - - // Determine if extra nonceTPM values are going to be required. - // If this is the first session (sessionIndex = 0) and it is an authorization - // session that uses an HMAC, then check if additional session nonces are to be - // included. - if(sessionIndex == 0 - && s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) - { - // If there is a decrypt session and if this is not the decrypt session, - // then an extra nonce may be needed. - if(s_decryptSessionIndex != UNDEFINED_INDEX - && s_decryptSessionIndex != sessionIndex) - { - // Will add the nonce for the decrypt session. - SESSION *decryptSession - = SessionGet(s_sessionHandles[s_decryptSessionIndex]); - nonceDecrypt = &decryptSession->nonceTPM; - } - // Now repeat for the encrypt session. - if(s_encryptSessionIndex != UNDEFINED_INDEX - && s_encryptSessionIndex != sessionIndex - && s_encryptSessionIndex != s_decryptSessionIndex) - { - // Have to have the nonce for the encrypt session. - SESSION *encryptSession - = SessionGet(s_sessionHandles[s_encryptSessionIndex]); - nonceEncrypt = &encryptSession->nonceTPM; - } - } - - // Continue with the HMAC processing. - session = SessionGet(s_sessionHandles[sessionIndex]); - - // Generate HMAC key. - MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); - - // Check if the session has an associated handle and if the associated entity - // is the one to which the session is bound. If not, add the authValue of - // this entity to the HMAC key. - // If the session is bound to the object or the session is a policy session - // with no authValue required, do not include the authValue in the HMAC key. - // Note: For a policy session, its isBound attribute is CLEARED. - // - // Include the entity authValue if it is needed - if(session->attributes.includeAuth == SET) - { - TPM2B_AUTH authValue; - // Get the entity authValue with trailing zeros removed - EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); - // add the authValue to the HMAC key - MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); - } - // if the HMAC key size is 0, a NULL string HMAC is allowed - if(key.t.size == 0 - && s_inputAuthValues[sessionIndex].t.size == 0) - { - hmac->t.size = 0; - return hmac; - } - // Start HMAC - hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); - - // Add cpHash - CryptDigestUpdate2B(&hmacState.hashState, - &ComputeCpHash(command, session->authHashAlg)->b); - // Add nonces as required - CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); - CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); - if(nonceDecrypt != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &nonceDecrypt->b); - if(nonceEncrypt != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &nonceEncrypt->b); - // Add sessionAttributes - buffer = marshalBuffer; - marshalSize = TPMA_SESSION_Marshal(&(s_attributes[sessionIndex]), - &buffer, NULL); - CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer); - // Complete the HMAC computation - CryptHmacEnd2B(&hmacState, &hmac->b); - - return hmac; -} - -//*** CheckSessionHMAC() -// This function checks the HMAC of in a session. It uses ComputeCommandHMAC() -// to compute the expected HMAC value and then compares the result with the -// HMAC in the authorization session. The authorization is successful if they -// are the same. -// -// If the authorizations are not the same, IncrementLockout() is called. It will -// return TPM_RC_AUTH_FAIL if the failure caused the failureCount to increment. -// Otherwise, it will return TPM_RC_BAD_AUTH. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_FAIL authorization failure caused failureCount increment -// TPM_RC_BAD_AUTH authorization failure did not cause failureCount -// increment -// -static TPM_RC -CheckSessionHMAC( - COMMAND *command, // IN: primary control structure - UINT32 sessionIndex // IN: index of session to be processed - ) -{ - TPM2B_DIGEST hmac; // authHMAC for comparing -// - // Compute authHMAC - ComputeCommandHMAC(command, sessionIndex, &hmac); - - // Compare the input HMAC with the authHMAC computed above. - if(!MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &hmac.b)) - { - // If an HMAC session has a failure, invoke the anti-hammering - // if it applies to the authorized entity or the session. - // Otherwise, just indicate that the authorization is bad. - return IncrementLockout(sessionIndex); - } - return TPM_RC_SUCCESS; -} - -//*** CheckPolicyAuthSession() -// This function is used to validate the authorization in a policy session. -// This function performs the following comparisons to see if a policy -// authorization is properly provided. The check are: -// 1. compare policyDigest in session with authPolicy associated with -// the entity to be authorized; -// 2. compare timeout if applicable; -// 3. compare commandCode if applicable; -// 4. compare cpHash if applicable; and -// 5. see if PCR values have changed since computed. -// -// If all the above checks succeed, the handle is authorized. -// The order of these comparisons is not important because any failure will -// result in the same error code. -// -// Return Type: TPM_RC -// TPM_RC_PCR_CHANGED PCR value is not current -// TPM_RC_POLICY_FAIL policy session fails -// TPM_RC_LOCALITY command locality is not allowed -// TPM_RC_POLICY_CC CC doesn't match -// TPM_RC_EXPIRED policy session has expired -// TPM_RC_PP PP is required but not asserted -// TPM_RC_NV_UNAVAILABLE NV is not available for write -// TPM_RC_NV_RATE NV is rate limiting -static TPM_RC -CheckPolicyAuthSession( - COMMAND *command, // IN: primary parsing structure - UINT32 sessionIndex // IN: index of session to be processed - ) -{ - SESSION *session; - TPM2B_DIGEST authPolicy; - TPMI_ALG_HASH policyAlg; - UINT8 locality; -// - // Initialize pointer to the authorization session. - session = SessionGet(s_sessionHandles[sessionIndex]); - - // If the command is TPM2_PolicySecret(), make sure that - // either password or authValue is required - if(command->code == TPM_CC_PolicySecret - && session->attributes.isPasswordNeeded == CLEAR - && session->attributes.isAuthValueNeeded == CLEAR) - return TPM_RC_MODE; - // See if the PCR counter for the session is still valid. - if(!SessionPCRValueIsCurrent(session)) - return TPM_RC_PCR_CHANGED; - // Get authPolicy. - policyAlg = EntityGetAuthPolicy(s_associatedHandles[sessionIndex], - &authPolicy); - // Compare authPolicy. - if(!MemoryEqual2B(&session->u2.policyDigest.b, &authPolicy.b)) - return TPM_RC_POLICY_FAIL; - // Policy is OK so check if the other factors are correct - - // Compare policy hash algorithm. - if(policyAlg != session->authHashAlg) - return TPM_RC_POLICY_FAIL; - - // Compare timeout. - if(session->timeout != 0) - { - // Cannot compare time if clock stop advancing. An TPM_RC_NV_UNAVAILABLE - // or TPM_RC_NV_RATE error may be returned here. This doesn't mean that - // a new nonce will be created just that, because TPM time can't advance - // we can't do time-based operations. - RETURN_IF_NV_IS_NOT_AVAILABLE; - - if((session->timeout < g_time) - || (session->epoch != g_timeEpoch)) - return TPM_RC_EXPIRED; - } - // If command code is provided it must match - if(session->commandCode != 0) - { - if(session->commandCode != command->code) - return TPM_RC_POLICY_CC; - } - else - { - // If command requires a DUP or ADMIN authorization, the session must have - // command code set. - AUTH_ROLE role = CommandAuthRole(command->index, sessionIndex); - if(role == AUTH_ADMIN || role == AUTH_DUP) - return TPM_RC_POLICY_FAIL; - } - // Check command locality. - { - BYTE sessionLocality[sizeof(TPMA_LOCALITY)]; - BYTE *buffer = sessionLocality; - - // Get existing locality setting in canonical form - sessionLocality[0] = 0; - TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); - - // See if the locality has been set - if(sessionLocality[0] != 0) - { - // If so, get the current locality - locality = _plat__LocalityGet(); - if(locality < 5) - { - if(((sessionLocality[0] & (1 << locality)) == 0) - || sessionLocality[0] > 31) - return TPM_RC_LOCALITY; - } - else if(locality > 31) - { - if(sessionLocality[0] != locality) - return TPM_RC_LOCALITY; - } - else - { - // Could throw an assert here but a locality error is just - // as good. It just means that, whatever the locality is, it isn't - // the locality requested so... - return TPM_RC_LOCALITY; - } - } - } // end of locality check - // Check physical presence. - if(session->attributes.isPPRequired == SET - && !_plat__PhysicalPresenceAsserted()) - return TPM_RC_PP; - // Compare cpHash/nameHash if defined, or if the command requires an ADMIN or - // DUP role for this handle. - if(session->u1.cpHash.b.size != 0) - { - BOOL OK; - if(session->attributes.isCpHashDefined) - // Compare cpHash. - OK = MemoryEqual2B(&session->u1.cpHash.b, - &ComputeCpHash(command, session->authHashAlg)->b); - else if(session->attributes.isTemplateSet) - OK = CompareTemplateHash(command, session); - else - OK = CompareNameHash(command, session); - if(!OK) - return TPM_RCS_POLICY_FAIL; - } - if(session->attributes.checkNvWritten) - { - NV_REF locator; - NV_INDEX *nvIndex; -// - // If this is not an NV index, the policy makes no sense so fail it. - if(HandleGetType(s_associatedHandles[sessionIndex]) != TPM_HT_NV_INDEX) - return TPM_RC_POLICY_FAIL; - // Get the index data - nvIndex = NvGetIndexInfo(s_associatedHandles[sessionIndex], &locator); - - // Make sure that the TPMA_WRITTEN_ATTRIBUTE has the desired state - if((IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - != (session->attributes.nvWrittenState == SET)) - return TPM_RC_POLICY_FAIL; - } - return TPM_RC_SUCCESS; -} - -//*** RetrieveSessionData() -// This function will unmarshal the sessions in the session area of a command. The -// values are placed in the arrays that are defined at the beginning of this file. -// The normal unmarshaling errors are possible. -// -// Return Type: TPM_RC -// TPM_RC_SUCCSS unmarshaled without error -// TPM_RC_SIZE the number of bytes unmarshaled is not the same -// as the value for authorizationSize in the command -// -static TPM_RC -RetrieveSessionData( - COMMAND *command // IN: main parsing structure for command - ) -{ - int i; - TPM_RC result; - SESSION *session; - TPMA_SESSION sessionAttributes; - TPM_HT sessionType; - INT32 sessionIndex; - TPM_RC errorIndex; -// - s_decryptSessionIndex = UNDEFINED_INDEX; - s_encryptSessionIndex = UNDEFINED_INDEX; - s_auditSessionIndex = UNDEFINED_INDEX; - - for(sessionIndex = 0; command->authSize > 0; sessionIndex++) - { - errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; - - // If maximum allowed number of sessions has been parsed, return a size - // error with a session number that is larger than the number of allowed - // sessions - if(sessionIndex == MAX_SESSION_NUM) - return TPM_RCS_SIZE + errorIndex; - // make sure that the associated handle for each session starts out - // unassigned - s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; - - // First parameter: Session handle. - result = TPMI_SH_AUTH_SESSION_Unmarshal( - &s_sessionHandles[sessionIndex], - &command->parameterBuffer, - &command->authSize, TRUE); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Second parameter: Nonce. - result = TPM2B_NONCE_Unmarshal(&s_nonceCaller[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Third parameter: sessionAttributes. - result = TPMA_SESSION_Unmarshal(&s_attributes[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Fourth parameter: authValue (PW or HMAC). - result = TPM2B_AUTH_Unmarshal(&s_inputAuthValues[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + errorIndex; - - sessionAttributes = s_attributes[sessionIndex]; - if(s_sessionHandles[sessionIndex] == TPM_RS_PW) - { - // A PWAP session needs additional processing. - // Can't have any attributes set other than continueSession bit - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset)) - return TPM_RCS_ATTRIBUTES + errorIndex; - // The nonce size must be zero. - if(s_nonceCaller[sessionIndex].t.size != 0) - return TPM_RCS_NONCE + errorIndex; - continue; - } - // For not password sessions... - // Find out if the session is loaded. - if(!SessionIsLoaded(s_sessionHandles[sessionIndex])) - return TPM_RC_REFERENCE_S0 + sessionIndex; - sessionType = HandleGetType(s_sessionHandles[sessionIndex]); - session = SessionGet(s_sessionHandles[sessionIndex]); - - // Check if the session is an HMAC/policy session. - if((session->attributes.isPolicy == SET - && sessionType == TPM_HT_HMAC_SESSION) - || (session->attributes.isPolicy == CLEAR - && sessionType == TPM_HT_POLICY_SESSION)) - return TPM_RCS_HANDLE + errorIndex; - // Check that this handle has not previously been used. - for(i = 0; i < sessionIndex; i++) - { - if(s_sessionHandles[i] == s_sessionHandles[sessionIndex]) - return TPM_RCS_HANDLE + errorIndex; - } - // If the session is used for parameter encryption or audit as well, set - // the corresponding Indexes. - - // First process decrypt. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt)) - { - // Check if the commandCode allows command parameter encryption. - if(DecryptSize(command->index) == 0) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Encrypt attribute can only appear in one session - if(s_decryptSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Can't decrypt if the session's symmetric algorithm is TPM_ALG_NULL - if(session->symmetric.algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC + errorIndex; - // All checks passed, so set the index for the session used to decrypt - // a command parameter. - s_decryptSessionIndex = sessionIndex; - } - // Now process encrypt. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt)) - { - // Check if the commandCode allows response parameter encryption. - if(EncryptSize(command->index) == 0) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Encrypt attribute can only appear in one session. - if(s_encryptSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Can't encrypt if the session's symmetric algorithm is TPM_ALG_NULL - if(session->symmetric.algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC + errorIndex; - // All checks passed, so set the index for the session used to encrypt - // a response parameter. - s_encryptSessionIndex = sessionIndex; - } - // At last process audit. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit)) - { - // Audit attribute can only appear in one session. - if(s_auditSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // An audit session can not be policy session. - if(HandleGetType(s_sessionHandles[sessionIndex]) - == TPM_HT_POLICY_SESSION) - return TPM_RCS_ATTRIBUTES + errorIndex; - // If this is a reset of the audit session, or the first use - // of the session as an audit session, it doesn't matter what - // the exclusive state is. The session will become exclusive. - if(!IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset) - && session->attributes.isAudit == SET) - { - // Not first use or reset. If auditExlusive is SET, then this - // session must be the current exclusive session. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) - && g_exclusiveAuditSession != s_sessionHandles[sessionIndex]) - return TPM_RC_EXCLUSIVE; - } - s_auditSessionIndex = sessionIndex; - } - // Initialize associated handle as undefined. This will be changed when - // the handles are processed. - s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; - } - command->sessionNum = sessionIndex; - return TPM_RC_SUCCESS; -} - -//*** CheckLockedOut() -// This function checks to see if the TPM is in lockout. This function should only -// be called if the entity being checked is subject to DA protection. The TPM -// is in lockout if the NV is not available and a DA write is pending. Otherwise -// the TPM is locked out if checking for lockoutAuth ('lockoutAuthCheck' == TRUE) -// and use of lockoutAuth is disabled, or 'failedTries' >= 'maxTries' -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting -// TPM_RC_NV_UNAVAILABLE NV is not available at this time -// TPM_RC_LOCKOUT TPM is in lockout -static TPM_RC -CheckLockedOut( - BOOL lockoutAuthCheck // IN: TRUE if checking is for lockoutAuth - ) -{ - // If NV is unavailable, and current cycle state recorded in NV is not - // SU_NONE_VALUE, refuse to check any authorization because we would - // not be able to handle a DA failure. - if(!NV_IS_AVAILABLE && NV_IS_ORDERLY) - return g_NvStatus; - // Check if DA info needs to be updated in NV. - if(s_DAPendingOnNV) - { - // If NV is accessible, - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // ... write the pending DA data and proceed. - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - NV_SYNC_PERSISTENT(failedTries); - s_DAPendingOnNV = FALSE; - } - // Lockout is in effect if checking for lockoutAuth and use of lockoutAuth - // is disabled... - if(lockoutAuthCheck) - { - if(gp.lockOutAuthEnabled == FALSE) - return TPM_RC_LOCKOUT; - } - else - { - // ... or if the number of failed tries has been maxed out. - if(gp.failedTries >= gp.maxTries) - return TPM_RC_LOCKOUT; -#if USE_DA_USED - // If the daUsed flag is not SET, then no DA validation until the - // daUsed state is written to NV - if(!g_daUsed) - { - RETURN_IF_NV_IS_NOT_AVAILABLE; - g_daUsed = TRUE; - gp.orderlyState = SU_DA_USED_VALUE; - NV_SYNC_PERSISTENT(orderlyState); - return TPM_RC_RETRY; - } -#endif - } - return TPM_RC_SUCCESS; -} - -//*** CheckAuthSession() -// This function checks that the authorization session properly authorizes the -// use of the associated handle. -// -// Return Type: TPM_RC -// TPM_RC_LOCKOUT entity is protected by DA and TPM is in -// lockout, or TPM is locked out on NV update -// pending on DA parameters -// -// TPM_RC_PP Physical Presence is required but not provided -// TPM_RC_AUTH_FAIL HMAC or PW authorization failed -// with DA side-effects (can be a policy session) -// -// TPM_RC_BAD_AUTH HMAC or PW authorization failed without DA -// side-effects (can be a policy session) -// -// TPM_RC_POLICY_FAIL if policy session fails -// TPM_RC_POLICY_CC command code of policy was wrong -// TPM_RC_EXPIRED the policy session has expired -// TPM_RC_PCR -// TPM_RC_AUTH_UNAVAILABLE authValue or authPolicy unavailable -static TPM_RC -CheckAuthSession( - COMMAND *command, // IN: primary parsing structure - UINT32 sessionIndex // IN: index of session to be processed - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - SESSION *session = NULL; - TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; - TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; - TPM_HT sessionHandleType = HandleGetType(sessionHandle); -// - pAssert(sessionHandle != TPM_RH_UNASSIGNED); - - // Take care of physical presence - if(associatedHandle == TPM_RH_PLATFORM) - { - // If the physical presence is required for this command, check for PP - // assertion. If it isn't asserted, no point going any further. - if(PhysicalPresenceIsRequired(command->index) - && !_plat__PhysicalPresenceAsserted()) - return TPM_RC_PP; - } - if(sessionHandle != TPM_RS_PW) - { - session = SessionGet(sessionHandle); - - // Set includeAuth to indicate if DA checking will be required and if the - // authValue will be included in any HMAC. - if(sessionHandleType == TPM_HT_POLICY_SESSION) - { - // For a policy session, will check the DA status of the entity if either - // isAuthValueNeeded or isPasswordNeeded is SET. - session->attributes.includeAuth = - session->attributes.isAuthValueNeeded - || session->attributes.isPasswordNeeded; - } - else - { - // For an HMAC session, need to check unless the session - // is bound. - session->attributes.includeAuth = - !IsSessionBindEntity(s_associatedHandles[sessionIndex], session); - } - } - // If the authorization session is going to use an authValue, then make sure - // that access to that authValue isn't locked out. - // Note: session == NULL for a PW session. - if(session == NULL || session->attributes.includeAuth) - { - // See if entity is subject to lockout. - if(!IsDAExempted(associatedHandle)) - { - // See if in lockout - result = CheckLockedOut(associatedHandle == TPM_RH_LOCKOUT); - if(result != TPM_RC_SUCCESS) - return result; - } - } - // Policy or HMAC+PW? - if(sessionHandleType != TPM_HT_POLICY_SESSION) - { - // for non-policy session make sure that a policy session is not required - if(IsPolicySessionRequired(command->index, sessionIndex)) - return TPM_RC_AUTH_TYPE; - // The authValue must be available. - // Note: The authValue is going to be "used" even if it is an EmptyAuth. - // and the session is bound. - if(!IsAuthValueAvailable(associatedHandle, command->index, sessionIndex)) - return TPM_RC_AUTH_UNAVAILABLE; - } - else - { - // ... see if the entity has a policy, ... - // Note: IsAuthPolicyAvalable will return FALSE if the sensitive area of the - // object is not loaded - if(!IsAuthPolicyAvailable(associatedHandle, command->index, sessionIndex)) - return TPM_RC_AUTH_UNAVAILABLE; - // ... and check the policy session. - result = CheckPolicyAuthSession(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return result; - } - // Check authorization according to the type - if(session == NULL || session->attributes.isPasswordNeeded == SET) - result = CheckPWAuthSession(sessionIndex); - else - result = CheckSessionHMAC(command, sessionIndex); - // Do processing for PIN Indexes are only three possibilities for 'result' at - // this point: TPM_RC_SUCCESS, TPM_RC_AUTH_FAIL, and TPM_RC_BAD_AUTH. - // For all these cases, we would have to process a PIN index if the - // authValue of the index was used for authorization. - // See if we need to do anything to a PIN index - if(TPM_HT_NV_INDEX == HandleGetType(associatedHandle)) - { - NV_REF locator; - NV_INDEX *nvIndex = NvGetIndexInfo(associatedHandle, &locator); - NV_PIN pinData; - TPMA_NV nvAttributes; -// - pAssert(nvIndex != NULL); - nvAttributes = nvIndex->publicArea.attributes; - // If this is a PIN FAIL index and the value has been written - // then we can update the counter (increment or clear) - if(IsNvPinFailIndex(nvAttributes) - && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) - { - pinData.intVal = NvGetUINT64Data(nvIndex, locator); - if(result != TPM_RC_SUCCESS) - pinData.pin.pinCount++; - else - pinData.pin.pinCount = 0; - NvWriteUINT64Data(nvIndex, pinData.intVal); - } - // If this is a PIN PASS Index, increment if we have used the - // authorization value for anything other than NV_Read. - // NOTE: If the counter has already hit the limit, then we - // would not get here because the authorization value would not - // be available and the TPM would have returned before it gets here - else if(IsNvPinPassIndex(nvAttributes) - && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN) - && result == TPM_RC_SUCCESS) - { - // If the access is valid, then increment the use counter - pinData.intVal = NvGetUINT64Data(nvIndex, locator); - pinData.pin.pinCount++; - NvWriteUINT64Data(nvIndex, pinData.intVal); - } - } - return result; -} - -#ifdef TPM_CC_GetCommandAuditDigest -//*** CheckCommandAudit() -// This function is called before the command is processed if audit is enabled -// for the command. It will check to see if the audit can be performed and -// will ensure that the cpHash is available for the audit. -// Return Type: TPM_RC -// TPM_RC_NV_UNAVAILABLE NV is not available for write -// TPM_RC_NV_RATE NV is rate limiting -static TPM_RC -CheckCommandAudit( - COMMAND *command - ) -{ - // If the audit digest is clear and command audit is required, NV must be - // available so that TPM2_GetCommandAuditDigest() is able to increment - // audit counter. If NV is not available, the function bails out to prevent - // the TPM from attempting an operation that would fail anyway. - if(gr.commandAuditDigest.t.size == 0 - || GetCommandCode(command->index) == TPM_CC_GetCommandAuditDigest) - { - RETURN_IF_NV_IS_NOT_AVAILABLE; - } - // Make sure that the cpHash is computed for the algorithm - ComputeCpHash(command, gp.auditHashAlg); - return TPM_RC_SUCCESS; -} -#endif - -//*** ParseSessionBuffer() -// This function is the entry function for command session processing. -// It iterates sessions in session area and reports if the required authorization -// has been properly provided. It also processes audit session and passes the -// information of encryption sessions to parameter encryption module. -// -// Return Type: TPM_RC -// various parsing failure or authorization failure -// -TPM_RC -ParseSessionBuffer( - COMMAND *command // IN: the structure that contains - ) -{ - TPM_RC result; - UINT32 i; - INT32 size = 0; - TPM2B_AUTH extraKey; - UINT32 sessionIndex; - TPM_RC errorIndex; - SESSION *session = NULL; -// - // Check if a command allows any session in its session area. - if(!IsSessionAllowed(command->index)) - return TPM_RC_AUTH_CONTEXT; - // Default-initialization. - command->sessionNum = 0; - - result = RetrieveSessionData(command); - if(result != TPM_RC_SUCCESS) - return result; - // There is no command in the TPM spec that has more handles than - // MAX_SESSION_NUM. - pAssert(command->handleNum <= MAX_SESSION_NUM); - - // Associate the session with an authorization handle. - for(i = 0; i < command->handleNum; i++) - { - if(CommandAuthRole(command->index, i) != AUTH_NONE) - { - // If the received session number is less than the number of handles - // that requires authorization, an error should be returned. - // Note: for all the TPM 2.0 commands, handles requiring - // authorization come first in a command input and there are only ever - // two values requiring authorization - if(i > (command->sessionNum - 1)) - return TPM_RC_AUTH_MISSING; - // Record the handle associated with the authorization session - s_associatedHandles[i] = command->handles[i]; - } - } - // Consistency checks are done first to avoid authorization failure when the - // command will not be executed anyway. - for(sessionIndex = 0; sessionIndex < command->sessionNum; sessionIndex++) - { - errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; - // PW session must be an authorization session - if(s_sessionHandles[sessionIndex] == TPM_RS_PW) - { - if(s_associatedHandles[sessionIndex] == TPM_RH_UNASSIGNED) - return TPM_RCS_HANDLE + errorIndex; - // a password session can't be audit, encrypt or decrypt - if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) - || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) - || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) - return TPM_RCS_ATTRIBUTES + errorIndex; - session = NULL; - } - else - { - session = SessionGet(s_sessionHandles[sessionIndex]); - - // A trial session can not appear in session area, because it cannot - // be used for authorization, audit or encrypt/decrypt. - if(session->attributes.isTrialPolicy == SET) - return TPM_RCS_ATTRIBUTES + errorIndex; - - // See if the session is bound to a DA protected entity - // NOTE: Since a policy session is never bound, a policy is still - // usable even if the object is DA protected and the TPM is in - // lockout. - if(session->attributes.isDaBound == SET) - { - result = CheckLockedOut(session->attributes.isLockoutBound == SET); - if(result != TPM_RC_SUCCESS) - return result; - } - // If this session is for auditing, make sure the cpHash is computed. - if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit)) - ComputeCpHash(command, session->authHashAlg); - } - - // if the session has an associated handle, check the authorization - if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) - { - result = CheckAuthSession(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, errorIndex); - } - else - { - // a session that is not for authorization must either be encrypt, - // decrypt, or audit - if(!IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) - && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) - && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) - return TPM_RCS_ATTRIBUTES + errorIndex; - - // no authValue included in any of the HMAC computations - pAssert(session != NULL); - session->attributes.includeAuth = CLEAR; - - // check HMAC for encrypt/decrypt/audit only sessions - result = CheckSessionHMAC(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, errorIndex); - } - } -#ifdef TPM_CC_GetCommandAuditDigest - // Check if the command should be audited. Need to do this before any parameter - // encryption so that the cpHash for the audit is correct - if(CommandAuditIsRequired(command->index)) - { - result = CheckCommandAudit(command); - if(result != TPM_RC_SUCCESS) - return result; // No session number to reference - } -#endif - // Decrypt the first parameter if applicable. This should be the last operation - // in session processing. - // If the encrypt session is associated with a handle and the handle's - // authValue is available, then authValue is concatenated with sessionKey to - // generate encryption key, no matter if the handle is the session bound entity - // or not. - if(s_decryptSessionIndex != UNDEFINED_INDEX) - { - // If this is an authorization session, include the authValue in the - // generation of the decryption key - if(s_associatedHandles[s_decryptSessionIndex] != TPM_RH_UNASSIGNED) - { - EntityGetAuthValue(s_associatedHandles[s_decryptSessionIndex], - &extraKey); - } - else - { - extraKey.b.size = 0; - } - size = DecryptSize(command->index); - result = CryptParameterDecryption(s_sessionHandles[s_decryptSessionIndex], - &s_nonceCaller[s_decryptSessionIndex].b, - command->parameterSize, (UINT16)size, - &extraKey, - command->parameterBuffer); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, - TPM_RC_S + g_rcIndex[s_decryptSessionIndex]); - } - - return TPM_RC_SUCCESS; -} - -//*** CheckAuthNoSession() -// Function to process a command with no session associated. -// The function makes sure all the handles in the command require no authorization. -// -// Return Type: TPM_RC -// TPM_RC_AUTH_MISSING failure - one or more handles require -// authorization -TPM_RC -CheckAuthNoSession( - COMMAND *command // IN: command parsing structure - ) -{ - UINT32 i; - TPM_RC result = TPM_RC_SUCCESS; -// - // Check if the command requires authorization - for(i = 0; i < command->handleNum; i++) - { - if(CommandAuthRole(command->index, i) != AUTH_NONE) - return TPM_RC_AUTH_MISSING; - } -#ifdef TPM_CC_GetCommandAuditDigest - // Check if the command should be audited. - if(CommandAuditIsRequired(command->index)) - { - result = CheckCommandAudit(command); - if(result != TPM_RC_SUCCESS) - return result; - } -#endif - // Initialize number of sessions to be 0 - command->sessionNum = 0; - - return TPM_RC_SUCCESS; -} - -//** Response Session Processing -//*** Introduction -// -// The following functions build the session area in a response and handle -// the audit sessions (if present). -// - -//*** ComputeRpHash() -// Function to compute rpHash (Response Parameter Hash). The rpHash is only -// computed if there is an HMAC authorization session and the return code is -// TPM_RC_SUCCESS. -static TPM2B_DIGEST * -ComputeRpHash( - COMMAND *command, // IN: command structure - TPM_ALG_ID hashAlg // IN: hash algorithm to compute rpHash - ) -{ - TPM2B_DIGEST *rpHash = GetRpHashPointer(command, hashAlg); - HASH_STATE hashState; -// - if(rpHash->t.size == 0) - { - // rpHash := hash(responseCode || commandCode || parameters) - - // Initiate hash creation. - rpHash->t.size = CryptHashStart(&hashState, hashAlg); - - // Add hash constituents. - CryptDigestUpdateInt(&hashState, sizeof(TPM_RC), TPM_RC_SUCCESS); - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); - CryptDigestUpdate(&hashState, command->parameterSize, - command->parameterBuffer); - // Complete hash computation. - CryptHashEnd2B(&hashState, &rpHash->b); - } - return rpHash; -} - -//*** InitAuditSession() -// This function initializes the audit data in an audit session. -static void -InitAuditSession( - SESSION *session // session to be initialized - ) -{ - // Mark session as an audit session. - session->attributes.isAudit = SET; - - // Audit session can not be bound. - session->attributes.isBound = CLEAR; - - // Size of the audit log is the size of session hash algorithm digest. - session->u2.auditDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); - - // Set the original digest value to be 0. - MemorySet(&session->u2.auditDigest.t.buffer, - 0, - session->u2.auditDigest.t.size); - return; -} - -//*** UpdateAuditDigest -// Function to update an audit digest -static void -UpdateAuditDigest( - COMMAND *command, - TPMI_ALG_HASH hashAlg, - TPM2B_DIGEST *digest - ) -{ - HASH_STATE hashState; - TPM2B_DIGEST *cpHash = GetCpHash(command, hashAlg); - TPM2B_DIGEST *rpHash = ComputeRpHash(command, hashAlg); -// - pAssert(cpHash != NULL); - - // digestNew := hash (digestOld || cpHash || rpHash) - // Start hash computation. - digest->t.size = CryptHashStart(&hashState, hashAlg); - // Add old digest. - CryptDigestUpdate2B(&hashState, &digest->b); - // Add cpHash - CryptDigestUpdate2B(&hashState, &cpHash->b); - // Add rpHash - CryptDigestUpdate2B(&hashState, &rpHash->b); - // Finalize the hash. - CryptHashEnd2B(&hashState, &digest->b); -} - - -//*** Audit() -//This function updates the audit digest in an audit session. -static void -Audit( - COMMAND *command, // IN: primary control structure - SESSION *auditSession // IN: loaded audit session - ) -{ - UpdateAuditDigest(command, auditSession->authHashAlg, - &auditSession->u2.auditDigest); - return; -} - -#ifdef TPM_CC_GetCommandAuditDigest -//*** CommandAudit() -// This function updates the command audit digest. -static void -CommandAudit( - COMMAND *command // IN: - ) -{ - // If the digest.size is one, it indicates the special case of changing - // the audit hash algorithm. For this case, no audit is done on exit. - // NOTE: When the hash algorithm is changed, g_updateNV is set in order to - // force an update to the NV on exit so that the change in digest will - // be recorded. So, it is safe to exit here without setting any flags - // because the digest change will be written to NV when this code exits. - if(gr.commandAuditDigest.t.size == 1) - { - gr.commandAuditDigest.t.size = 0; - return; - } - // If the digest size is zero, need to start a new digest and increment - // the audit counter. - if(gr.commandAuditDigest.t.size == 0) - { - gr.commandAuditDigest.t.size = CryptHashGetDigestSize(gp.auditHashAlg); - MemorySet(gr.commandAuditDigest.t.buffer, - 0, - gr.commandAuditDigest.t.size); - - // Bump the counter and save its value to NV. - gp.auditCounter++; - NV_SYNC_PERSISTENT(auditCounter); - } - UpdateAuditDigest(command, gp.auditHashAlg, &gr.commandAuditDigest); - return; -} -#endif - -//*** UpdateAuditSessionStatus() -// Function to update the internal audit related states of a session. It -// 1. initializes the session as audit session and sets it to be exclusive if this -// is the first time it is used for audit or audit reset was requested; -// 2. reports exclusive audit session; -// 3. extends audit log; and -// 4. clears exclusive audit session if no audit session found in the command. -static void -UpdateAuditSessionStatus( - COMMAND *command // IN: primary control structure - ) -{ - UINT32 i; - TPM_HANDLE auditSession = TPM_RH_UNASSIGNED; -// - // Iterate through sessions - for(i = 0; i < command->sessionNum; i++) - { - SESSION *session; -// - // PW session do not have a loaded session and can not be an audit - // session either. Skip it. - if(s_sessionHandles[i] == TPM_RS_PW) - continue; - session = SessionGet(s_sessionHandles[i]); - - // If a session is used for audit - if(IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, audit)) - { - // An audit session has been found - auditSession = s_sessionHandles[i]; - - // If the session has not been an audit session yet, or - // the auditSetting bits indicate a reset, initialize it and set - // it to be the exclusive session - if(session->attributes.isAudit == CLEAR - || IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditReset)) - { - InitAuditSession(session); - g_exclusiveAuditSession = auditSession; - } - else - { - // Check if the audit session is the current exclusive audit - // session and, if not, clear previous exclusive audit session. - if(g_exclusiveAuditSession != auditSession) - g_exclusiveAuditSession = TPM_RH_UNASSIGNED; - } - // Report audit session exclusivity. - if(g_exclusiveAuditSession == auditSession) - { - SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); - } - else - { - CLEAR_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); - } - // Extend audit log. - Audit(command, session); - } - } - // If no audit session is found in the command, and the command allows - // a session then, clear the current exclusive - // audit session. - if(auditSession == TPM_RH_UNASSIGNED && IsSessionAllowed(command->index)) - { - g_exclusiveAuditSession = TPM_RH_UNASSIGNED; - } - return; -} - -//*** ComputeResponseHMAC() -// Function to compute HMAC for authorization session in a response. -/*(See part 1 specification) -// Function: Compute HMAC for response sessions -// The sessionAuth value -// authHMAC := HMACsHASH((sessionAuth | authValue), -// (pHash | nonceTPM | nonceCaller | sessionAttributes)) -// Where: -// HMACsHASH() The HMAC algorithm using the hash algorithm specified when -// the session was started. -// -// sessionAuth A TPMB_MEDIUM computed in a protocol-dependent way, using -// KDFa. In an HMAC or KDF, only sessionAuth.buffer is used. -// -// authValue A TPM2B_AUTH that is found in the sensitive area of an -// object. In an HMAC or KDF, only authValue.buffer is used -// and all trailing zeros are removed. -// -// pHash Response parameters (rpHash) using the session hash. When -// using a pHash in an HMAC computation, both the algorithm ID -// and the digest are included. -// -// nonceTPM A TPM2B_NONCE that is generated by the entity using the -// session. In an HMAC or KDF, only nonceTPM.buffer is used. -// -// nonceCaller a TPM2B_NONCE that was received the previous time the -// session was used. In an HMAC or KDF, only -// nonceCaller.buffer is used. -// -// sessionAttributes A TPMA_SESSION that indicates the attributes associated -// with a particular use of the session. -*/ -static void -ComputeResponseHMAC( - COMMAND *command, // IN: command structure - UINT32 sessionIndex, // IN: session index to be processed - SESSION *session, // IN: loaded session - TPM2B_DIGEST *hmac // OUT: authHMAC - ) -{ - TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); - TPM2B_KEY key; // HMAC key - BYTE marshalBuffer[sizeof(TPMA_SESSION)]; - BYTE *buffer; - UINT32 marshalSize; - HMAC_STATE hmacState; - TPM2B_DIGEST *rpHash = ComputeRpHash(command, session->authHashAlg); -// - // Generate HMAC key - MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); - - // Add the object authValue if required - if(session->attributes.includeAuth == SET) - { - // Note: includeAuth may be SET for a policy that is used in - // UndefineSpaceSpecial(). At this point, the Index has been deleted - // so the includeAuth will have no meaning. However, the - // s_associatedHandles[] value for the session is now set to TPM_RH_NULL so - // this will return the authValue associated with TPM_RH_NULL and that is - // and empty buffer. - TPM2B_AUTH authValue; -// - // Get the authValue with trailing zeros removed - EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); - - // Add it to the key - MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); - } - - // if the HMAC key size is 0, the response HMAC is computed according to the - // input HMAC - if(key.t.size == 0 - && s_inputAuthValues[sessionIndex].t.size == 0) - { - hmac->t.size = 0; - return; - } - // Start HMAC computation. - hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); - - // Add hash components. - CryptDigestUpdate2B(&hmacState.hashState, &rpHash->b); - CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); - CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); - - // Add session attributes. - buffer = marshalBuffer; - marshalSize = TPMA_SESSION_Marshal(&s_attributes[sessionIndex], &buffer, NULL); - CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer); - - // Finalize HMAC. - CryptHmacEnd2B(&hmacState, &hmac->b); - - return; -} - -//*** UpdateInternalSession() -// Updates internal sessions: -// 1. Restarts session time. -// 2. Clears a policy session since nonce is rolling. -static void -UpdateInternalSession( - SESSION *session, // IN: the session structure - UINT32 i // IN: session number - ) -{ - // If nonce is rolling in a policy session, the policy related data - // will be re-initialized. - if(HandleGetType(s_sessionHandles[i]) == TPM_HT_POLICY_SESSION - && IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) - { - // When the nonce rolls it starts a new timing interval for the - // policy session. - SessionResetPolicyData(session); - SessionSetStartTime(session); - } - return; -} - -//*** BuildSingleResponseAuth() -// Function to compute response HMAC value for a policy or HMAC session. -static TPM2B_NONCE * -BuildSingleResponseAuth( - COMMAND *command, // IN: command structure - UINT32 sessionIndex, // IN: session index to be processed - TPM2B_AUTH *auth // OUT: authHMAC - ) -{ - // Fill in policy/HMAC based session response. - SESSION *session = SessionGet(s_sessionHandles[sessionIndex]); -// - // If the session is a policy session with isPasswordNeeded SET, the - // authorization field is empty. - if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION - && session->attributes.isPasswordNeeded == SET) - auth->t.size = 0; - else - // Compute response HMAC. - ComputeResponseHMAC(command, sessionIndex, session, auth); - - UpdateInternalSession(session, sessionIndex); - return &session->nonceTPM; -} - -//*** UpdateAllNonceTPM() -// Updates TPM nonce for all sessions in command. -static void -UpdateAllNonceTPM( - COMMAND *command // IN: controlling structure - ) -{ - UINT32 i; - SESSION *session; -// - for(i = 0; i < command->sessionNum; i++) - { - // If not a PW session, compute the new nonceTPM. - if(s_sessionHandles[i] != TPM_RS_PW) - { - session = SessionGet(s_sessionHandles[i]); - // Update nonceTPM in both internal session and response. - CryptRandomGenerate(session->nonceTPM.t.size, - session->nonceTPM.t.buffer); - } - } - return; -} - - - -//*** BuildResponseSession() -// Function to build Session buffer in a response. The authorization data is added -// to the end of command->responseBuffer. The size of the authorization area is -// accumulated in command->authSize. -// When this is called, command->responseBuffer is pointing at the next location -// in the response buffer to be filled. This is where the authorization sessions -// will go, if any. command->parameterSize is the number of bytes that have been -// marshaled as parameters in the output buffer. -void -BuildResponseSession( - COMMAND *command // IN: structure that has relevant command - // information - ) -{ - pAssert(command->authSize == 0); - - // Reset the parameter buffer to point to the start of the parameters so that - // there is a starting point for any rpHash that might be generated and so there - // is a place where parameter encryption would start - command->parameterBuffer = command->responseBuffer - command->parameterSize; - - // Session nonces should be updated before parameter encryption - if(command->tag == TPM_ST_SESSIONS) - { - UpdateAllNonceTPM(command); - - // Encrypt first parameter if applicable. Parameter encryption should - // happen after nonce update and before any rpHash is computed. - // If the encrypt session is associated with a handle, the authValue of - // this handle will be concatenated with sessionKey to generate - // encryption key, no matter if the handle is the session bound entity - // or not. The authValue is added to sessionKey only when the authValue - // is available. - if(s_encryptSessionIndex != UNDEFINED_INDEX) - { - UINT32 size; - TPM2B_AUTH extraKey; -// - extraKey.b.size = 0; - // If this is an authorization session, include the authValue in the - // generation of the encryption key - if(s_associatedHandles[s_encryptSessionIndex] != TPM_RH_UNASSIGNED) - { - EntityGetAuthValue(s_associatedHandles[s_encryptSessionIndex], - &extraKey); - } - size = EncryptSize(command->index); - CryptParameterEncryption(s_sessionHandles[s_encryptSessionIndex], - &s_nonceCaller[s_encryptSessionIndex].b, - (UINT16)size, - &extraKey, - command->parameterBuffer); - } - } - // Audit sessions should be processed regardless of the tag because - // a command with no session may cause a change of the exclusivity state. - UpdateAuditSessionStatus(command); -#if CC_GetCommandAuditDigest - // Command Audit - if(CommandAuditIsRequired(command->index)) - CommandAudit(command); -#endif - // Process command with sessions. - if(command->tag == TPM_ST_SESSIONS) - { - UINT32 i; -// - pAssert(command->sessionNum > 0); - - // Iterate over each session in the command session area, and create - // corresponding sessions for response. - for(i = 0; i < command->sessionNum; i++) - { - TPM2B_NONCE *nonceTPM; - TPM2B_DIGEST responseAuth; - // Make sure that continueSession is SET on any Password session. - // This makes it marginally easier for the management software - // to keep track of the closed sessions. - if(s_sessionHandles[i] == TPM_RS_PW) - { - SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession); - responseAuth.t.size = 0; - nonceTPM = (TPM2B_NONCE *)&responseAuth; - } - else - { - // Compute the response HMAC and get a pointer to the nonce used. - // This function will also update the values if needed. Note, the - nonceTPM = BuildSingleResponseAuth(command, i, &responseAuth); - } - command->authSize += TPM2B_NONCE_Marshal(nonceTPM, - &command->responseBuffer, - NULL); - command->authSize += TPMA_SESSION_Marshal(&s_attributes[i], - &command->responseBuffer, - NULL); - command->authSize += TPM2B_DIGEST_Marshal(&responseAuth, - &command->responseBuffer, - NULL); - if(!IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) - SessionFlush(s_sessionHandles[i]); - } - } - return; -} - -//*** SessionRemoveAssociationToHandle() -// This function deals with the case where an entity associated with an authorization -// is deleted during command processing. The primary use of this is to support -// UndefineSpaceSpecial(). -void -SessionRemoveAssociationToHandle( - TPM_HANDLE handle - ) -{ - UINT32 i; -// - for(i = 0; i < MAX_SESSION_NUM; i++) - { - if(s_associatedHandles[i] == handle) - { - s_associatedHandles[i] = TPM_RH_NULL; - } - } -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c deleted file mode 100644 index 306b39b92..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c +++ /dev/null @@ -1,268 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions that support command audit. - -//** Includes -#include "Tpm.h" - -//** Functions - -//*** CommandAuditPreInstall_Init() -// This function initializes the command audit list. This function simulates -// the behavior of manufacturing. A function is used instead of a structure -// definition because this is easier than figuring out the initialization value -// for a bit array. -// -// This function would not be implemented outside of a manufacturing or -// simulation environment. -void -CommandAuditPreInstall_Init( - void - ) -{ - // Clear all the audit commands - MemorySet(gp.auditCommands, 0x00, sizeof(gp.auditCommands)); - - // TPM_CC_SetCommandCodeAuditStatus always being audited - CommandAuditSet(TPM_CC_SetCommandCodeAuditStatus); - - // Set initial command audit hash algorithm to be context integrity hash - // algorithm - gp.auditHashAlg = CONTEXT_INTEGRITY_HASH_ALG; - - // Set up audit counter to be 0 - gp.auditCounter = 0; - - // Write command audit persistent data to NV - NV_SYNC_PERSISTENT(auditCommands); - NV_SYNC_PERSISTENT(auditHashAlg); - NV_SYNC_PERSISTENT(auditCounter); - - return; -} - -//*** CommandAuditStartup() -// This function clears the command audit digest on a TPM Reset. -BOOL -CommandAuditStartup( - STARTUP_TYPE type // IN: start up type - ) -{ - if((type != SU_RESTART) && (type != SU_RESUME)) - { - // Reset the digest size to initialize the digest - gr.commandAuditDigest.t.size = 0; - } - return TRUE; -} - -//*** CommandAuditSet() -// This function will SET the audit flag for a command. This function -// will not SET the audit flag for a command that is not implemented. This -// ensures that the audit status is not SET when TPM2_GetCapability() is -// used to read the list of audited commands. -// -// This function is only used by TPM2_SetCommandCodeAuditStatus(). -// -// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the -// changes to be saved to NV after it is setting and clearing bits. -// Return Type: BOOL -// TRUE(1) command code audit status was changed -// FALSE(0) command code audit status was not changed -BOOL -CommandAuditSet( - TPM_CC commandCode // IN: command code - ) -{ - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); - - // Only SET a bit if the corresponding command is implemented - if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - // Can't audit shutdown - if(commandCode != TPM_CC_Shutdown) - { - if(!TEST_BIT(commandIndex, gp.auditCommands)) - { - // Set bit - SET_BIT(commandIndex, gp.auditCommands); - return TRUE; - } - } - } - // No change - return FALSE; -} - -//*** CommandAuditClear() -// This function will CLEAR the audit flag for a command. It will not CLEAR the -// audit flag for TPM_CC_SetCommandCodeAuditStatus(). -// -// This function is only used by TPM2_SetCommandCodeAuditStatus(). -// -// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the -// changes to be saved to NV after it is setting and clearing bits. -// Return Type: BOOL -// TRUE(1) command code audit status was changed -// FALSE(0) command code audit status was not changed -BOOL -CommandAuditClear( - TPM_CC commandCode // IN: command code - ) -{ - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); - - // Do nothing if the command is not implemented - if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - // The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be - // cleared - if(commandCode != TPM_CC_SetCommandCodeAuditStatus) - { - if(TEST_BIT(commandIndex, gp.auditCommands)) - { - // Clear bit - CLEAR_BIT(commandIndex, gp.auditCommands); - return TRUE; - } - } - } - // No change - return FALSE; -} - -//*** CommandAuditIsRequired() -// This function indicates if the audit flag is SET for a command. -// Return Type: BOOL -// TRUE(1) command is audited -// FALSE(0) command is not audited -BOOL -CommandAuditIsRequired( - COMMAND_INDEX commandIndex // IN: command index - ) -{ - // Check the bit map. If the bit is SET, command audit is required - return(TEST_BIT(commandIndex, gp.auditCommands)); -} - -//*** CommandAuditCapGetCCList() -// This function returns a list of commands that have their audit bit SET. -// -// The list starts at the input commandCode. -// Return Type: TPMI_YES_NO -// YES if there are more command code available -// NO all the available command code has been returned -TPMI_YES_NO -CommandAuditCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC - ) -{ - TPMI_YES_NO more = NO; - COMMAND_INDEX commandIndex; - - // Initialize output handle list - commandList->count = 0; - - // The maximum count of command we may return is MAX_CAP_CC - if(count > MAX_CAP_CC) count = MAX_CAP_CC; - - // Find the implemented command that has a command code that is the same or - // higher than the input - // Collect audit commands - for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - if(CommandAuditIsRequired(commandIndex)) - { - if(commandList->count < count) - { - // If we have not filled up the return list, add this command - // code to its - TPM_CC cc = GET_ATTRIBUTE(s_ccAttr[commandIndex], - TPMA_CC, commandIndex); - if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - cc += (1 << 29); - commandList->commandCodes[commandList->count] = cc; - commandList->count++; - } - else - { - // If the return list is full but we still have command - // available, report this and stop iterating - more = YES; - break; - } - } - } - - return more; -} - -//*** CommandAuditGetDigest -// This command is used to create a digest of the commands being audited. The -// commands are processed in ascending numeric order with a list of TPM_CC being -// added to a hash. This operates as if all the audited command codes were -// concatenated and then hashed. -void -CommandAuditGetDigest( - TPM2B_DIGEST *digest // OUT: command digest - ) -{ - TPM_CC commandCode; - COMMAND_INDEX commandIndex; - HASH_STATE hashState; - - // Start hash - digest->t.size = CryptHashStart(&hashState, gp.auditHashAlg); - - // Add command code - for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) - { - if(CommandAuditIsRequired(commandIndex)) - { - commandCode = GetCommandCode(commandIndex); - CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); - } - } - - // Complete hash - CryptHashEnd2B(&hashState, &digest->b); - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c deleted file mode 100644 index a537c719e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c +++ /dev/null @@ -1,235 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions and data definitions relating to the -// dictionary attack logic. - -//** Includes and Data Definitions -#define DA_C -#include "Tpm.h" - -//** Functions - -//*** DAPreInstall_Init() -// This function initializes the DA parameters to their manufacturer-default -// values. The default values are determined by a platform-specific specification. -// -// This function should not be called outside of a manufacturing or simulation -// environment. -// -// The DA parameters will be restored to these initial values by TPM2_Clear(). -void -DAPreInstall_Init( - void - ) -{ - gp.failedTries = 0; - gp.maxTries = 3; - gp.recoveryTime = 1000; // in seconds (~16.67 minutes) - gp.lockoutRecovery = 1000; // in seconds - gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled - - // Record persistent DA parameter changes to NV - NV_SYNC_PERSISTENT(failedTries); - NV_SYNC_PERSISTENT(maxTries); - NV_SYNC_PERSISTENT(recoveryTime); - NV_SYNC_PERSISTENT(lockoutRecovery); - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - - return; -} - - -//*** DAStartup() -// This function is called by TPM2_Startup() to initialize the DA parameters. -// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the -// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until -// the TPM has been continuously powered for the lockoutRecovery time. -// -// This function requires that NV be available and not rate limiting. -BOOL -DAStartup( - STARTUP_TYPE type // IN: startup type - ) -{ - NOT_REFERENCED(type); -#if !ACCUMULATE_SELF_HEAL_TIMER - _plat__TimerWasReset(); - s_selfHealTimer = 0; - s_lockoutTimer = 0; -#else - if(_plat__TimerWasReset()) - { - if(!NV_IS_ORDERLY) - { - // If shutdown was not orderly, then don't really know if go.time has - // any useful value so reset the timer to 0. This is what the tick - // was reset to - s_selfHealTimer = 0; - s_lockoutTimer = 0; - } - else - { - // If we know how much time was accumulated at the last orderly shutdown - // subtract that from the saved timer values so that they effectively - // have the accumulated values - s_selfHealTimer -= go.time; - s_lockoutTimer -= go.time; - } - } -#endif - - // For any Startup(), if lockoutRecovery is 0, enable use of lockoutAuth. - if(gp.lockoutRecovery == 0) - { - gp.lockOutAuthEnabled = TRUE; - // Record the changes to NV - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - } - - // If DA has not been disabled and the previous shutdown is not orderly - // failedTries is not already at its maximum then increment 'failedTries' - if(gp.recoveryTime != 0 - && gp.failedTries < gp.maxTries - && !IS_ORDERLY(g_prevOrderlyState)) - { -#if USE_DA_USED - gp.failedTries += g_daUsed; - g_daUsed = FALSE; -#else - gp.failedTries++; -#endif - // Record the change to NV - NV_SYNC_PERSISTENT(failedTries); - } - // Before Startup, the TPM will not do clock updates. At startup, need to - // do a time update which will do the DA update. - TimeUpdate(); - - return TRUE; -} - -//*** DARegisterFailure() -// This function is called when a authorization failure occurs on an entity -// that is subject to dictionary-attack protection. When a DA failure is -// triggered, register the failure by resetting the relevant self-healing -// timer to the current time. -void -DARegisterFailure( - TPM_HANDLE handle // IN: handle for failure - ) -{ - // Reset the timer associated with lockout if the handle is the lockoutAuth. - if(handle == TPM_RH_LOCKOUT) - s_lockoutTimer = g_time; - else - s_selfHealTimer = g_time; - return; -} - -//*** DASelfHeal() -// This function is called to check if sufficient time has passed to allow -// decrement of failedTries or to re-enable use of lockoutAuth. -// -// This function should be called when the time interval is updated. -void -DASelfHeal( - void - ) -{ - // Regular authorization self healing logic - // If no failed authorization tries, do nothing. Otherwise, try to - // decrease failedTries - if(gp.failedTries != 0) - { - // if recovery time is 0, DA logic has been disabled. Clear failed tries - // immediately - if(gp.recoveryTime == 0) - { - gp.failedTries = 0; - // Update NV record - NV_SYNC_PERSISTENT(failedTries); - } - else - { - UINT64 decreaseCount; -#if 0 // Errata eliminates this code - // In the unlikely event that failedTries should become larger than - // maxTries - if(gp.failedTries > gp.maxTries) - gp.failedTries = gp.maxTries; -#endif - // How much can failedTries be decreased - - // Cast s_selfHealTimer to an int in case it became negative at - // startup - decreaseCount = ((g_time - (INT64)s_selfHealTimer) / 1000) - / gp.recoveryTime; - - if(gp.failedTries <= (UINT32)decreaseCount) - // should not set failedTries below zero - gp.failedTries = 0; - else - gp.failedTries -= (UINT32)decreaseCount; - - // the cast prevents overflow of the product - s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000; - if(decreaseCount != 0) - // If there was a change to the failedTries, record the changes - // to NV - NV_SYNC_PERSISTENT(failedTries); - } - } - - // LockoutAuth self healing logic - // If lockoutAuth is enabled, do nothing. Otherwise, try to see if we - // may enable it - if(!gp.lockOutAuthEnabled) - { - // if lockout authorization recovery time is 0, a reboot is required to - // re-enable use of lockout authorization. Self-healing would not - // apply in this case. - if(gp.lockoutRecovery != 0) - { - if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery) - { - gp.lockOutAuthEnabled = TRUE; - // Record the changes to NV - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - } - } - } - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c deleted file mode 100644 index bec54378d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c +++ /dev/null @@ -1,237 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions used for managing and accessing the -// hierarchy-related values. - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** HierarchyPreInstall() -// This function performs the initialization functions for the hierarchy -// when the TPM is simulated. This function should not be called if the -// TPM is not in a manufacturing mode at the manufacturer, or in a simulated -// environment. -void -HierarchyPreInstall_Init( - void - ) -{ - // Allow lockout clear command - gp.disableClear = FALSE; - - // Initialize Primary Seeds - gp.EPSeed.t.size = sizeof(gp.EPSeed.t.buffer); - gp.SPSeed.t.size = sizeof(gp.SPSeed.t.buffer); - gp.PPSeed.t.size = sizeof(gp.PPSeed.t.buffer); -#if (defined USE_PLATFORM_EPS) && (USE_PLATFORM_EPS != NO) - _plat__GetEPS(gp.EPSeed.t.size, gp.EPSeed.t.buffer); -#else - CryptRandomGenerate(gp.EPSeed.t.size, gp.EPSeed.t.buffer); -#endif - CryptRandomGenerate(gp.SPSeed.t.size, gp.SPSeed.t.buffer); - CryptRandomGenerate(gp.PPSeed.t.size, gp.PPSeed.t.buffer); - - // Initialize owner, endorsement and lockout authorization - gp.ownerAuth.t.size = 0; - gp.endorsementAuth.t.size = 0; - gp.lockoutAuth.t.size = 0; - - // Initialize owner, endorsement, and lockout policy - gp.ownerAlg = TPM_ALG_NULL; - gp.ownerPolicy.t.size = 0; - gp.endorsementAlg = TPM_ALG_NULL; - gp.endorsementPolicy.t.size = 0; - gp.lockoutAlg = TPM_ALG_NULL; - gp.lockoutPolicy.t.size = 0; - - // Initialize ehProof, shProof and phProof - gp.phProof.t.size = sizeof(gp.phProof.t.buffer); - gp.shProof.t.size = sizeof(gp.shProof.t.buffer); - gp.ehProof.t.size = sizeof(gp.ehProof.t.buffer); - CryptRandomGenerate(gp.phProof.t.size, gp.phProof.t.buffer); - CryptRandomGenerate(gp.shProof.t.size, gp.shProof.t.buffer); - CryptRandomGenerate(gp.ehProof.t.size, gp.ehProof.t.buffer); - - // Write hierarchy data to NV - NV_SYNC_PERSISTENT(disableClear); - NV_SYNC_PERSISTENT(EPSeed); - NV_SYNC_PERSISTENT(SPSeed); - NV_SYNC_PERSISTENT(PPSeed); - NV_SYNC_PERSISTENT(ownerAuth); - NV_SYNC_PERSISTENT(endorsementAuth); - NV_SYNC_PERSISTENT(lockoutAuth); - NV_SYNC_PERSISTENT(ownerAlg); - NV_SYNC_PERSISTENT(ownerPolicy); - NV_SYNC_PERSISTENT(endorsementAlg); - NV_SYNC_PERSISTENT(endorsementPolicy); - NV_SYNC_PERSISTENT(lockoutAlg); - NV_SYNC_PERSISTENT(lockoutPolicy); - NV_SYNC_PERSISTENT(phProof); - NV_SYNC_PERSISTENT(shProof); - NV_SYNC_PERSISTENT(ehProof); - - return; -} - -//*** HierarchyStartup() -// This function is called at TPM2_Startup() to initialize the hierarchy -// related values. -BOOL -HierarchyStartup( - STARTUP_TYPE type // IN: start up type - ) -{ - // phEnable is SET on any startup - g_phEnable = TRUE; - - // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and - // TPM_RESTART - if(type != SU_RESUME) - { - gc.platformAuth.t.size = 0; - gc.platformPolicy.t.size = 0; - gc.platformAlg = TPM_ALG_NULL; - - // enable the storage and endorsement hierarchies and the platformNV - gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; - } - - // nullProof and nullSeed are updated at every TPM_RESET - if((type != SU_RESTART) && (type != SU_RESUME)) - { - gr.nullProof.t.size = sizeof(gr.nullProof.t.buffer); - CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer); - gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer); - CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer); - } - - return TRUE; -} - -//*** HierarchyGetProof() -// This function finds the proof value associated with a hierarchy.It returns a -// pointer to the proof value. -TPM2B_PROOF * -HierarchyGetProof( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant - ) -{ - TPM2B_PROOF *proof = NULL; - - switch(hierarchy) - { - case TPM_RH_PLATFORM: - // phProof for TPM_RH_PLATFORM - proof = &gp.phProof; - break; - case TPM_RH_ENDORSEMENT: - // ehProof for TPM_RH_ENDORSEMENT - proof = &gp.ehProof; - break; - case TPM_RH_OWNER: - // shProof for TPM_RH_OWNER - proof = &gp.shProof; - break; - default: - // nullProof for TPM_RH_NULL or anything else - proof = &gr.nullProof; - break; - } - return proof; -} - -//*** HierarchyGetPrimarySeed() -// This function returns the primary seed of a hierarchy. -TPM2B_SEED * -HierarchyGetPrimarySeed( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ) -{ - TPM2B_SEED *seed = NULL; - switch(hierarchy) - { - case TPM_RH_PLATFORM: - seed = &gp.PPSeed; - break; - case TPM_RH_OWNER: - seed = &gp.SPSeed; - break; - case TPM_RH_ENDORSEMENT: - seed = &gp.EPSeed; - break; - default: - seed = &gr.nullSeed; - break; - } - return seed; -} - -//*** HierarchyIsEnabled() -// This function checks to see if a hierarchy is enabled. -// NOTE: The TPM_RH_NULL hierarchy is always enabled. -// Return Type: BOOL -// TRUE(1) hierarchy is enabled -// FALSE(0) hierarchy is disabled -BOOL -HierarchyIsEnabled( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ) -{ - BOOL enabled = FALSE; - - switch(hierarchy) - { - case TPM_RH_PLATFORM: - enabled = g_phEnable; - break; - case TPM_RH_OWNER: - enabled = gc.shEnable; - break; - case TPM_RH_ENDORSEMENT: - enabled = gc.ehEnable; - break; - case TPM_RH_NULL: - enabled = TRUE; - break; - default: - enabled = FALSE; - break; - } - return enabled; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c deleted file mode 100644 index d73d4bf8d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c +++ /dev/null @@ -1,1932 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction - -// The NV memory is divided into two area: dynamic space for user defined NV -// indexes and evict objects, and reserved space for TPM persistent and state save -// data. -// -// The entries in dynamic space are a linked list of entries. Each entry has, as its -// first field, a size. If the size field is zero, it marks the end of the -// list. -// -// An Index allocation will contain an NV_INDEX structure. If the Index does not -// have the orderly attribute, the NV_INDEX is followed immediately by the NV data. -// -// An evict object entry contains a handle followed by an OBJECT structure. This -// results in both the Index and Evict Object having an identifying handle as the -// first field following the size field. -// -// When an Index has the orderly attribute, the data is kept in RAM. This RAM is -// saved to backing store in NV memory on any orderly shutdown. The entries in -// orderly memory are also a linked list using a size field as the first entry. -// -// The attributes of an orderly index are maintained in RAM memory in order to -// reduce the number of NV writes needed for orderly data. When an orderly index -// is created, an entry is made in the dynamic NV memory space that holds the Index -// authorizations (authPolicy and authValue) and the size of the data. This entry is -// only modified if the authValue of the index is changed. The more volatile data -// of the index is kept in RAM. When an orderly Index is created or deleted, the -// RAM data is copied to NV backing store so that the image in the backing store -// matches the layout of RAM. In normal operation. The RAM data is also copied on -// any orderly shutdown. In normal operation, the only other reason for writing -// to the backing store for RAM is when a counter is first written (TPMA_NV_WRITTEN -// changes from CLEAR to SET) or when a counter "rolls over." -// -// Static space contains items that are individually modifiable. The values are in -// the 'gp' PERSISTEND_DATA structure in RAM and mapped to locations in NV. -// - -//** Includes, Defines and Data Definitions -#define NV_C -#include "Tpm.h" -#include "PlatformData.h" - -//** Local Functions - - -//*** NvNext() -// This function provides a method to traverse every data entry in NV dynamic -// area. -// -// To begin with, parameter 'iter' should be initialized to NV_REF_INIT -// indicating the first element. Every time this function is called, the -// value in 'iter' would be adjusted pointing to the next element in -// traversal. If there is no next element, 'iter' value would be 0. -// This function returns the address of the 'data entry' pointed by the -// 'iter'. If there is no more element in the set, a 0 value is returned -// indicating the end of traversal. -// -static NV_REF -NvNext( - NV_REF *iter, // IN/OUT: the list iterator - TPM_HANDLE *handle // OUT: the handle of the next item. - ) -{ - NV_REF currentAddr; - NV_ENTRY_HEADER header; -// - // If iterator is at the beginning of list - if(*iter == NV_REF_INIT) - { - // Initialize iterator - *iter = NV_USER_DYNAMIC; - } - // Step over the size field and point to the handle - currentAddr = *iter + sizeof(UINT32); - - // read the header of the next entry - NvRead(&header, *iter, sizeof(NV_ENTRY_HEADER)); - - // if the size field is zero, then we have hit the end of the list - if(header.size == 0) - // leave the *iter pointing at the end of the list - return 0; - // advance the header by the size of the entry - *iter += header.size; - - if(handle != NULL) - *handle = header.handle; - return currentAddr; -} - - -//*** NvNextByType() -// This function returns a reference to the next NV entry of the desired type -// Return Type: NV_REF -// 0 end of list -// != 0 the next entry of the indicated type -static NV_REF -NvNextByType( - TPM_HANDLE *handle, // OUT: the handle of the found type - NV_REF *iter, // IN: the iterator - TPM_HT type // IN: the handle type to look for - ) -{ - NV_REF addr; - TPM_HANDLE nvHandle; -// - while((addr = NvNext(iter, &nvHandle)) != 0) - { - // addr: the address of the location containing the handle of the value - // iter: the next location. - if(HandleGetType(nvHandle) == type) - break; - } - if(handle != NULL) - *handle = nvHandle; - return addr; -} - -//*** NvNextIndex() -// This function returns the reference to the next NV Index entry. A value -// of 0 indicates the end of the list. -// Return Type: NV_REF -// 0 end of list -// != 0 the next reference -#define NvNextIndex(handle, iter) \ - NvNextByType(handle, iter, TPM_HT_NV_INDEX) - -//*** NvNextEvict() -// This function returns the offset in NV of the next evict object entry. A value -// of 0 indicates the end of the list. -#define NvNextEvict(handle, iter) \ - NvNextByType(handle, iter, TPM_HT_PERSISTENT) - -//*** NvGetEnd() -// Function to find the end of the NV dynamic data list -static NV_REF -NvGetEnd( - void - ) -{ - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; -// - // Scan until the next address is 0 - while((currentAddr = NvNext(&iter, NULL)) != 0); - return iter; -} - -//*** NvGetFreeBytes -// This function returns the number of free octets in NV space. -static UINT32 -NvGetFreeBytes( - void - ) -{ - // This does not have an overflow issue because NvGetEnd() cannot return a value - // that is larger than s_evictNvEnd. This is because there is always a 'stop' - // word in the NV memory that terminates the search for the end before the - // value can go past s_evictNvEnd. - return s_evictNvEnd - NvGetEnd(); -} - -//*** NvTestSpace() -// This function will test if there is enough space to add a new entity. -// Return Type: BOOL -// TRUE(1) space available -// FALSE(0) no enough space -static BOOL -NvTestSpace( - UINT32 size, // IN: size of the entity to be added - BOOL isIndex, // IN: TRUE if the entity is an index - BOOL isCounter // IN: TRUE if the index is a counter - ) -{ - UINT32 remainBytes = NvGetFreeBytes(); - UINT32 reserved = sizeof(UINT32) // size of the forward pointer - + sizeof(NV_LIST_TERMINATOR); -// - // Do a compile time sanity check on the setting for NV_MEMORY_SIZE -#if NV_MEMORY_SIZE < 1024 -#error "NV_MEMORY_SIZE probably isn't large enough" -#endif - - // For NV Index, need to make sure that we do not allocate an Index if this - // would mean that the TPM cannot allocate the minimum number of evict - // objects. - if(isIndex) - { - // Get the number of persistent objects allocated - UINT32 persistentNum = NvCapGetPersistentNumber(); - - // If we have not allocated the requisite number of evict objects, then we - // need to reserve space for them. - // NOTE: some of this is not written as simply as it might seem because - // the values are all unsigned and subtracting needs to be done carefully - // so that an underflow doesn't cause problems. - if(persistentNum < MIN_EVICT_OBJECTS) - reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; - } - // If this is not an index or is not a counter, reserve space for the - // required number of counter indexes - if(!isIndex || !isCounter) - { - // Get the number of counters - UINT32 counterNum = NvCapGetCounterNumber(); - - // If the required number of counters have not been allocated, reserved - // space for the extra needed counters - if(counterNum < MIN_COUNTER_INDICES) - reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; - } - // Check that the requested allocation will fit after making sure that there - // will be no chance of overflow - return ((reserved < remainBytes) - && (size <= remainBytes) - && (size + reserved <= remainBytes)); -} - -//*** NvWriteNvListEnd() -// Function to write the list terminator. -NV_REF -NvWriteNvListEnd( - NV_REF end - ) -{ - // Marker is initialized with zeros - BYTE listEndMarker[sizeof(NV_LIST_TERMINATOR)] = {0}; - UINT64 maxCount = NvReadMaxCount(); -// - // This is a constant check that can be resolved at compile time. - cAssert(sizeof(UINT64) <= sizeof(NV_LIST_TERMINATOR) - sizeof(UINT32)); - - // Copy the maxCount value to the marker buffer - MemoryCopy(&listEndMarker[sizeof(UINT32)], &maxCount, sizeof(UINT64)); - pAssert(end + sizeof(NV_LIST_TERMINATOR) <= s_evictNvEnd); - - // Write it to memory - NvWrite(end, sizeof(NV_LIST_TERMINATOR), &listEndMarker); - return end + sizeof(NV_LIST_TERMINATOR); -} - - -//*** NvAdd() -// This function adds a new entity to NV. -// -// This function requires that there is enough space to add a new entity (i.e., -// that NvTestSpace() has been called and the available space is at least as -// large as the required space). -// -// The 'totalSize' will be the size of 'entity'. If a handle is added, this -// function will increase the size accordingly. -static TPM_RC -NvAdd( - UINT32 totalSize, // IN: total size needed for this entity For - // evict object, totalSize is the same as - // bufferSize. For NV Index, totalSize is - // bufferSize plus index data size - UINT32 bufferSize, // IN: size of initial buffer - TPM_HANDLE handle, // IN: optional handle - BYTE *entity // IN: initial buffer - ) -{ - NV_REF newAddr; // IN: where the new entity will start - NV_REF nextAddr; -// - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Get the end of data list - newAddr = NvGetEnd(); - - // Step over the forward pointer - nextAddr = newAddr + sizeof(UINT32); - - // Optionally write the handle. For indexes, the handle is TPM_RH_UNASSIGNED - // so that the handle in the nvIndex is used instead of writing this value - if(handle != TPM_RH_UNASSIGNED) - { - NvWrite((UINT32)nextAddr, sizeof(TPM_HANDLE), &handle); - nextAddr += sizeof(TPM_HANDLE); - } - // Write entity data - NvWrite((UINT32)nextAddr, bufferSize, entity); - - // Advance the pointer by the amount of the total - nextAddr += totalSize; - - // Finish by writing the link value - - // Write the next offset (relative addressing) - totalSize = nextAddr - newAddr; - - // Write link value - NvWrite((UINT32)newAddr, sizeof(UINT32), &totalSize); - - // Write the list terminator - NvWriteNvListEnd(nextAddr); - - return TPM_RC_SUCCESS; -} - -//*** NvDelete() -// This function is used to delete an NV Index or persistent object from NV memory. -static TPM_RC -NvDelete( - NV_REF entityRef // IN: reference to entity to be deleted - ) -{ - UINT32 entrySize; - // adjust entityAddr to back up and point to the forward pointer - NV_REF entryRef = entityRef - sizeof(UINT32); - NV_REF endRef = NvGetEnd(); - NV_REF nextAddr; // address of the next entry -// - RETURN_IF_NV_IS_NOT_AVAILABLE; - - // Get the offset of the next entry. That is, back up and point to the size - // field of the entry - NvRead(&entrySize, entryRef, sizeof(UINT32)); - - // The next entry after the one being deleted is at a relative offset - // from the current entry - nextAddr = entryRef + entrySize; - - // If this is not the last entry, move everything up - if(nextAddr < endRef) - { - pAssert(nextAddr > entryRef); - _plat__NvMemoryMove(nextAddr, - entryRef, - (endRef - nextAddr)); - } - // The end of the used space is now moved up by the amount of space we just - // reclaimed - endRef -= entrySize; - - // Write the end marker, and make the new end equal to the first byte after - // the just added end value. This will automatically update the NV value for - // maxCounter. - // NOTE: This is the call that sets flag to cause NV to be updated - endRef = NvWriteNvListEnd(endRef); - - // Clear the reclaimed memory - _plat__NvMemoryClear(endRef, entrySize); - - return TPM_RC_SUCCESS; -} - -//************************************************ -//** RAM-based NV Index Data Access Functions -//************************************************ -//*** Introduction -// The data layout in ram buffer is {size of(NV_handle + attributes + data -// NV_handle, attributes, data} -// for each NV Index data stored in RAM. -// -// NV storage associated with orderly data is updated when a NV Index is added -// but NOT when the data or attributes are changed. Orderly data is only updated -// to NV on an orderly shutdown (TPM2_Shutdown()) - -//*** NvRamNext() -// This function is used to iterate trough the list of Ram Index values. *iter needs -// to be initialized by calling -static NV_RAM_REF -NvRamNext( - NV_RAM_REF *iter, // IN/OUT: the list iterator - TPM_HANDLE *handle // OUT: the handle of the next item. - ) -{ - NV_RAM_REF currentAddr; - NV_RAM_HEADER header; -// - // If iterator is at the beginning of list - if(*iter == NV_RAM_REF_INIT) - { - // Initialize iterator - *iter = &s_indexOrderlyRam[0]; - } - // if we are going to return what the iter is currently pointing to... - currentAddr = *iter; - - // If iterator reaches the end of NV space, then don't advance and return - // that we are at the end of the list. The end of the list occurs when - // we don't have space for a size and a handle - if(currentAddr + sizeof(NV_RAM_HEADER) > RAM_ORDERLY_END) - return NULL; - // read the header of the next entry - MemoryCopy(&header, currentAddr, sizeof(NV_RAM_HEADER)); - - // if the size field is zero, then we have hit the end of the list - if(header.size == 0) - // leave the *iter pointing at the end of the list - return NULL; - // advance the header by the size of the entry - *iter = currentAddr + header.size; - -// pAssert(*iter <= RAM_ORDERLY_END); - if(handle != NULL) - *handle = header.handle; - return currentAddr; -} - -//*** NvRamGetEnd() -// This routine performs the same function as NvGetEnd() but for the RAM data. -static NV_RAM_REF -NvRamGetEnd( - void - ) -{ - NV_RAM_REF iter = NV_RAM_REF_INIT; - NV_RAM_REF currentAddr; -// - // Scan until the next address is 0 - while((currentAddr = NvRamNext(&iter, NULL)) != 0); - return iter; -} - -//*** NvRamTestSpaceIndex() -// This function indicates if there is enough RAM space to add a data for a -// new NV Index. -// Return Type: BOOL -// TRUE(1) space available -// FALSE(0) no enough space -static BOOL -NvRamTestSpaceIndex( - UINT32 size // IN: size of the data to be added to RAM - ) -{ - UINT32 remaining = (UINT32)(RAM_ORDERLY_END - NvRamGetEnd()); - UINT32 needed = sizeof(NV_RAM_HEADER) + size; -// - // NvRamGetEnd points to the next available byte. - return remaining >= needed; -} - -//*** NvRamGetIndex() -// This function returns the offset of NV data in the RAM buffer -// -// This function requires that NV Index is in RAM. That is, the -// index must be known to exist. -static NV_RAM_REF -NvRamGetIndex( - TPMI_RH_NV_INDEX handle // IN: NV handle - ) -{ - NV_RAM_REF iter = NV_RAM_REF_INIT; - NV_RAM_REF currentAddr; - TPM_HANDLE foundHandle; -// - while((currentAddr = NvRamNext(&iter, &foundHandle)) != 0) - { - if(handle == foundHandle) - break; - } - return currentAddr; -} - -//*** NvUpdateIndexOrderlyData() -// This function is used to cause an update of the orderly data to the NV backing -// store. -void -NvUpdateIndexOrderlyData( - void - ) -{ - // Write reserved RAM space to NV - NvWrite(NV_INDEX_RAM_DATA, sizeof(s_indexOrderlyRam), s_indexOrderlyRam); -} - -//*** NvAddRAM() -// This function adds a new data area to RAM. -// -// This function requires that enough free RAM space is available to add -// the new data. -// -// This function should be called after the NV Index space has been updated -// and the index removed. This insures that NV is available so that checking -// for NV availability is not required during this function. -static void -NvAddRAM( - TPMS_NV_PUBLIC *index // IN: the index descriptor - ) -{ - NV_RAM_HEADER header; - NV_RAM_REF end = NvRamGetEnd(); -// - header.size = sizeof(NV_RAM_HEADER) + index->dataSize; - header.handle = index->nvIndex; - MemoryCopy(&header.attributes, &index->attributes, sizeof(TPMA_NV)); - - pAssert(ORDERLY_RAM_ADDRESS_OK(end, header.size)); - - // Copy the header to the memory - MemoryCopy(end, &header, sizeof(NV_RAM_HEADER)); - - // Clear the data area (just in case) - MemorySet(end + sizeof(NV_RAM_HEADER), 0, index->dataSize); - - // Step over this new entry - end += header.size; - - // If the end marker will fit, add it - if(end + sizeof(UINT32) < RAM_ORDERLY_END) - MemorySet(end, 0, sizeof(UINT32)); - // Write reserved RAM space to NV to reflect the newly added NV Index - SET_NV_UPDATE(UT_ORDERLY); - - return; -} - -//*** NvDeleteRAM() -// This function is used to delete a RAM-backed NV Index data area. -// The space used by the entry are overwritten by the contents of the -// Index data that comes after (the data is moved up to fill the hole left -// by removing this index. The reclaimed space is cleared to zeros. -// This function assumes the data of NV Index exists in RAM. -// -// This function should be called after the NV Index space has been updated -// and the index removed. This insures that NV is available so that checking -// for NV availability is not required during this function. -static void -NvDeleteRAM( - TPMI_RH_NV_INDEX handle // IN: NV handle - ) -{ - NV_RAM_REF nodeAddress; - NV_RAM_REF nextNode; - UINT32 size; - NV_RAM_REF lastUsed = NvRamGetEnd(); -// - nodeAddress = NvRamGetIndex(handle); - - pAssert(nodeAddress != 0); - - // Get node size - MemoryCopy(&size, nodeAddress, sizeof(size)); - - // Get the offset of next node - nextNode = nodeAddress + size; - - // Copy the data - MemoryCopy(nodeAddress, nextNode, (int)(lastUsed - nextNode)); - - // Clear out the reclaimed space - MemorySet(lastUsed - size, 0, size); - - // Write reserved RAM space to NV to reflect the newly delete NV Index - SET_NV_UPDATE(UT_ORDERLY); - - return; -} - -//*** NvReadIndex() -// This function is used to read the NV Index NV_INDEX. This is used so that the -// index information can be compressed and only this function would be needed -// to decompress it. Mostly, compression would only be able to save the space -// needed by the policy. -void -NvReadNvIndexInfo( - NV_REF ref, // IN: points to NV where index is located - NV_INDEX *nvIndex // OUT: place to receive index data - ) -{ - pAssert(nvIndex != NULL); - NvRead(nvIndex, ref, sizeof(NV_INDEX)); - return; -} - -//*** NvReadObject() -// This function is used to read a persistent object. This is used so that the -// object information can be compressed and only this function would be needed -// to uncompress it. -void -NvReadObject( - NV_REF ref, // IN: points to NV where index is located - OBJECT *object // OUT: place to receive the object data - ) -{ - NvRead(object, (ref + sizeof(TPM_HANDLE)), sizeof(OBJECT)); - return; -} - -//*** NvFindEvict() -// This function will return the NV offset of an evict object -// Return Type: UINT32 -// 0 evict object not found -// != 0 offset of evict object -static NV_REF -NvFindEvict( - TPM_HANDLE nvHandle, - OBJECT *object - ) -{ - NV_REF found = NvFindHandle(nvHandle); -// - // If we found the handle and the request included an object pointer, fill it in - if(found != 0 && object != NULL) - NvReadObject(found, object); - return found; -} - -//*** NvIndexIsDefined() -// See if an index is already defined -BOOL -NvIndexIsDefined( - TPM_HANDLE nvHandle // IN: Index to look for - ) -{ - return (NvFindHandle(nvHandle) != 0); -} - -//*** NvConditionallyWrite() -// Function to check if the data to be written has changed -// and write it if it has -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -static TPM_RC -NvConditionallyWrite( - NV_REF entryAddr, // IN: stating address - UINT32 size, // IN: size of the data to write - void *data // IN: the data to write - ) -{ - // If the index data is actually changed, then a write to NV is required - if(_plat__NvIsDifferent(entryAddr, size, data)) - { - // Write the data if NV is available - if(g_NvStatus == TPM_RC_SUCCESS) - { - NvWrite(entryAddr, size, data); - } - return g_NvStatus; - } - return TPM_RC_SUCCESS; -} - -//*** NvReadNvIndexAttributes() -// This function returns the attributes of an NV Index. -static TPMA_NV -NvReadNvIndexAttributes( - NV_REF locator // IN: reference to an NV index - ) -{ - TPMA_NV attributes; -// - NvRead(&attributes, - locator + offsetof(NV_INDEX, publicArea.attributes), - sizeof(TPMA_NV)); - return attributes; -} - -//*** NvReadRamIndexAttributes() -// This function returns the attributes from the RAM header structure. This function -// is used to deal with the fact that the header structure is only byte aligned. -static TPMA_NV -NvReadRamIndexAttributes( - NV_RAM_REF ref // IN: pointer to a NV_RAM_HEADER - ) -{ - TPMA_NV attributes; -// - MemoryCopy(&attributes, ref + offsetof(NV_RAM_HEADER, attributes), - sizeof(TPMA_NV)); - return attributes; -} - -//*** NvWriteNvIndexAttributes() -// This function is used to write just the attributes of an index to NV. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -static TPM_RC -NvWriteNvIndexAttributes( - NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write - ) -{ - return NvConditionallyWrite( - locator + offsetof(NV_INDEX, publicArea.attributes), - sizeof(TPMA_NV), - &attributes); -} - -//*** NvWriteRamIndexAttributes() -// This function is used to write the index attributes into an unaligned structure -static void -NvWriteRamIndexAttributes( - NV_RAM_REF ref, // IN: address of the header - TPMA_NV attributes // IN: the attributes to write - ) -{ - MemoryCopy(ref + offsetof(NV_RAM_HEADER, attributes), &attributes, - sizeof(TPMA_NV)); - return; -} - -//************************************************ -//** Externally Accessible Functions -//************************************************ - -//*** NvIsPlatformPersistentHandle() -// This function indicates if a handle references a persistent object in the -// range belonging to the platform. -// Return Type: BOOL -// TRUE(1) handle references a platform persistent object -// and may reference an owner persistent object either -// FALSE(0) handle does not reference platform persistent object -BOOL -NvIsPlatformPersistentHandle( - TPM_HANDLE handle // IN: handle - ) -{ - return (handle >= PLATFORM_PERSISTENT && handle <= PERSISTENT_LAST); -} - -//*** NvIsOwnerPersistentHandle() -// This function indicates if a handle references a persistent object in the -// range belonging to the owner. -// Return Type: BOOL -// TRUE(1) handle is owner persistent handle -// FALSE(0) handle is not owner persistent handle and may not be -// a persistent handle at all -BOOL -NvIsOwnerPersistentHandle( - TPM_HANDLE handle // IN: handle - ) -{ - return (handle >= PERSISTENT_FIRST && handle < PLATFORM_PERSISTENT); -} - -//*** NvIndexIsAccessible() -// -// This function validates that a handle references a defined NV Index and -// that the Index is currently accessible. -// Return Type: TPM_RC -// TPM_RC_HANDLE the handle points to an undefined NV Index -// If shEnable is CLEAR, this would include an index -// created using ownerAuth. If phEnableNV is CLEAR, -// this would include and index created using -// platformAuth -// TPM_RC_NV_READLOCKED Index is present but locked for reading and command -// does not write to the index -// TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command -// writes to the index -TPM_RC -NvIndexIsAccessible( - TPMI_RH_NV_INDEX handle // IN: handle - ) -{ - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); -// - if(nvIndex == NULL) - // If index is not found, return TPM_RC_HANDLE - return TPM_RC_HANDLE; - if(gc.shEnable == FALSE || gc.phEnableNV == FALSE) - { - // if shEnable is CLEAR, an ownerCreate NV Index should not be - // indicated as present - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) - { - if(gc.shEnable == FALSE) - return TPM_RC_HANDLE; - } - // if phEnableNV is CLEAR, a platform created Index should not - // be visible - else if(gc.phEnableNV == FALSE) - return TPM_RC_HANDLE; - } -#if 0 // Writelock test for debug - // If the Index is write locked and this is an NV Write operation... - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITELOCKED) - && IsWriteOperation(commandIndex)) - { - // then return a locked indication unless the command is TPM2_NV_WriteLock - if(GetCommandCode(commandIndex) != TPM_CC_NV_WriteLock) - return TPM_RC_NV_LOCKED; - return TPM_RC_SUCCESS; - } -#endif -#if 0 // Readlock Test for debug - // If the Index is read locked and this is an NV Read operation... - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, READLOCKED) - && IsReadOperation(commandIndex)) - { - // then return a locked indication unless the command is TPM2_NV_ReadLock - if(GetCommandCode(commandIndex) != TPM_CC_NV_ReadLock) - return TPM_RC_NV_LOCKED; - } -#endif - // NV Index is accessible - return TPM_RC_SUCCESS; -} - -//*** NvGetEvictObject() -// This function is used to dereference an evict object handle and get a pointer -// to the object. -// Return Type: TPM_RC -// TPM_RC_HANDLE the handle does not point to an existing -// persistent object -TPM_RC -NvGetEvictObject( - TPM_HANDLE handle, // IN: handle - OBJECT *object // OUT: object data - ) -{ - NV_REF entityAddr; // offset points to the entity -// - // Find the address of evict object and copy to object - entityAddr = NvFindEvict(handle, object); - - // whether there is an error or not, make sure that the evict - // status of the object is set so that the slot will get freed on exit - // Must do this after NvFindEvict loads the object - object->attributes.evict = SET; - - // If handle is not found, return an error - if(entityAddr == 0) - return TPM_RC_HANDLE; - return TPM_RC_SUCCESS; -} - -//*** NvIndexCacheInit() -// Function to initialize the Index cache -void -NvIndexCacheInit( - void - ) -{ - s_cachedNvRef = NV_REF_INIT; - s_cachedNvRamRef = NV_RAM_REF_INIT; - s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; - return; -} - - -//*** NvGetIndexData() -// This function is used to access the data in an NV Index. The data is returned -// as a byte sequence. -// -// This function requires that the NV Index be defined, and that the -// required data is within the data range. It also requires that TPMA_NV_WRITTEN -// of the Index is SET. -void -NvGetIndexData( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: offset of NV data - UINT16 size, // IN: number of octets of NV data to read - void *data // OUT: data buffer - ) -{ - TPMA_NV nvAttributes; -// - pAssert(nvIndex != NULL); - - nvAttributes = nvIndex->publicArea.attributes; - - pAssert(IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)); - - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, ORDERLY)) - { - // Get data from RAM buffer - NV_RAM_REF ramAddr = NvRamGetIndex(nvIndex->publicArea.nvIndex); - pAssert(ramAddr != 0 && (size <= - ((NV_RAM_HEADER *)ramAddr)->size - sizeof(NV_RAM_HEADER) - offset)); - MemoryCopy(data, ramAddr + sizeof(NV_RAM_HEADER) + offset, size); - } - else - { - // Validate that read falls within range of the index - pAssert(offset <= nvIndex->publicArea.dataSize - && size <= (nvIndex->publicArea.dataSize - offset)); - NvRead(data, locator + sizeof(NV_INDEX) + offset, size); - } - return; -} - -//*** NvHashIndexData() -// This function adds Index data to a hash. It does this in parts to avoid large stack -// buffers. -void -NvHashIndexData( - HASH_STATE *hashState, // IN: Initialized hash state - NV_INDEX *nvIndex, // IN: Index - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: starting offset - UINT16 size // IN: amount to hash -) -{ -#define BUFFER_SIZE 64 - BYTE buffer[BUFFER_SIZE]; - if (offset > nvIndex->publicArea.dataSize) - return; - // Make sure that we don't try to read off the end. - if ((offset + size) > nvIndex->publicArea.dataSize) - size = nvIndex->publicArea.dataSize - (UINT16)offset; -#if BUFFER_SIZE >= MAX_NV_INDEX_SIZE - NvGetIndexData(nvIndex, locator, offset, size, buffer); - CryptDigestUpdate(hashState, size, buffer); -#else - { - INT16 i; - UINT16 readSize; - // - for (i = size; i > 0; offset += readSize, i -= readSize) - { - readSize = (i < BUFFER_SIZE) ? i : BUFFER_SIZE; - NvGetIndexData(nvIndex, locator, offset, readSize, buffer); - CryptDigestUpdate(hashState, readSize, buffer); - } - } -#endif // BUFFER_SIZE >= MAX_NV_INDEX_SIZE -#undef BUFFER_SIZE -} - - -//*** NvGetUINT64Data() -// Get data in integer format of a bit or counter NV Index. -// -// This function requires that the NV Index is defined and that the NV Index -// previously has been written. -UINT64 -NvGetUINT64Data( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator // IN: where index exists in NV - ) -{ - UINT64 intVal; -// - // Read the value and convert it to internal format - NvGetIndexData(nvIndex, locator, 0, 8, &intVal); - return BYTE_ARRAY_TO_UINT64(((BYTE *)&intVal)); -} - -//*** NvWriteIndexAttributes() -// This function is used to write just the attributes of an index. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexAttributes( - TPM_HANDLE handle, - NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write - ) -{ - TPM_RC result; -// - if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) - { - NV_RAM_REF ram = NvRamGetIndex(handle); - NvWriteRamIndexAttributes(ram, attributes); - result = TPM_RC_SUCCESS; - } - else - { - result = NvWriteNvIndexAttributes(locator, attributes); - } - return result; -} - -//*** NvWriteIndexAuth() -// This function is used to write the authValue of an index. It is used by -// TPM2_NV_ChangeAuth() -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexAuth( - NV_REF locator, // IN: location of the index - TPM2B_AUTH *authValue // IN: the authValue to write - ) -{ - TPM_RC result; -// - // If the locator is pointing to the cached index value... - if(locator == s_cachedNvRef) - { - // copy the authValue to the cached index so it will be there if we - // look for it. This is a safety thing. - MemoryCopy2B(&s_cachedNvIndex.authValue.b, &authValue->b, - sizeof(s_cachedNvIndex.authValue.t.buffer)); - } - result = NvConditionallyWrite( - locator + offsetof(NV_INDEX, authValue), - sizeof(UINT16) + authValue->t.size, - authValue); - return result; -} - -//*** NvGetIndexInfo() -// This function loads the nvIndex Info into the NV cache and returns a pointer -// to the NV_INDEX. If the returned value is zero, the index was not found. -// The 'locator' parameter, if not NULL, will be set to the offset in NV of the -// Index (the location of the handle of the Index). -// -// This function will set the index cache. If the index is orderly, the attributes -// from RAM are substituted for the attributes in the cached index -NV_INDEX * -NvGetIndexInfo( - TPM_HANDLE nvHandle, // IN: the index handle - NV_REF *locator // OUT: location of the index - ) -{ - if(s_cachedNvIndex.publicArea.nvIndex != nvHandle) - { - s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; - s_cachedNvRamRef = 0; - s_cachedNvRef = NvFindHandle(nvHandle); - if(s_cachedNvRef == 0) - return NULL; - NvReadNvIndexInfo(s_cachedNvRef, &s_cachedNvIndex); - if(IS_ATTRIBUTE(s_cachedNvIndex.publicArea.attributes, TPMA_NV, ORDERLY)) - { - s_cachedNvRamRef = NvRamGetIndex(nvHandle); - s_cachedNvIndex.publicArea.attributes = - NvReadRamIndexAttributes(s_cachedNvRamRef); - } - } - if(locator != NULL) - *locator = s_cachedNvRef; - return &s_cachedNvIndex; -} - -//*** NvWriteIndexData() -// This function is used to write NV index data. It is intended to be used to -// update the data associated with the default index. -// -// This function requires that the NV Index is defined, and the data is -// within the defined data range for the index. -// -// Index data is only written due to a command that modifies the data in a single -// index. There is no case where changes are made to multiple indexes data at the -// same time. Multiple attributes may be change but not multiple index data. This -// is important because we will normally be handling the index for which we have -// the cached pointer values. -// Return type: TPM_RC -// TPM_RC_NV_RATE NV is rate limiting so retry -// TPM_RC_NV_UNAVAILABLE NV is not available -TPM_RC -NvWriteIndexData( - NV_INDEX *nvIndex, // IN: the description of the index - UINT32 offset, // IN: offset of NV data - UINT32 size, // IN: size of NV data - void *data // IN: data buffer - ) -{ - TPM_RC result = TPM_RC_SUCCESS; -// - pAssert(nvIndex != NULL); - // Make sure that this is dealing with the 'default' index. - // Note: it is tempting to change the calling sequence so that the 'default' is - // presumed. - pAssert(nvIndex->publicArea.nvIndex == s_cachedNvIndex.publicArea.nvIndex); - - // Validate that write falls within range of the index - pAssert(offset <= nvIndex->publicArea.dataSize - && size <= (nvIndex->publicArea.dataSize - offset)); - - // Update TPMA_NV_WRITTEN bit if necessary - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - { - // Update the in memory version of the attributes - SET_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN); - - // If this is not orderly, then update the NV version of - // the attributes - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - { - result = NvWriteNvIndexAttributes(s_cachedNvRef, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - // If this is a partial write of an ordinary index, clear the whole - // index. - if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes) - && (nvIndex->publicArea.dataSize > size)) - _plat__NvMemoryClear(s_cachedNvRef + sizeof(NV_INDEX), - nvIndex->publicArea.dataSize); - } - else - { - // This is orderly so update the RAM version - MemoryCopy(s_cachedNvRamRef + offsetof(NV_RAM_HEADER, attributes), - &nvIndex->publicArea.attributes, sizeof(TPMA_NV)); - // If setting WRITTEN for an orderly counter, make sure that the - // state saved version of the counter is saved - if(IsNvCounterIndex(nvIndex->publicArea.attributes)) - SET_NV_UPDATE(UT_ORDERLY); - // If setting the written attribute on an ordinary index, make sure that - // the data is all cleared out in case there is a partial write. This - // is only necessary for ordinary indexes because all of the other types - // are always written in total. - else if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes)) - MemorySet(s_cachedNvRamRef + sizeof(NV_RAM_HEADER), - 0, nvIndex->publicArea.dataSize); - } - } - // If this is orderly data, write it to RAM - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - { - // Note: if this is the first write to a counter, the code above will queue - // the write to NV of the RAM data in order to update TPMA_NV_WRITTEN. In - // process of doing that write, it will also write the initial counter value - - // Update RAM - MemoryCopy(s_cachedNvRamRef + sizeof(NV_RAM_HEADER) + offset, data, size); - - // And indicate that the TPM is no longer orderly - g_clearOrderly = TRUE; - } - else - { - // Offset into the index to the first byte of the data to be written to NV - result = NvConditionallyWrite(s_cachedNvRef + sizeof(NV_INDEX) + offset, - size, data); - } - return result; -} - -//*** NvWriteUINT64Data() -// This function to write back a UINT64 value. The various UINT64 values (bits, -// counters, and PINs) are kept in canonical format but manipulate in native -// format. This takes a native format value converts it and saves it back as -// in canonical format. -// -// This function will return the value from NV or RAM depending on the type of the -// index (orderly or not) -// -TPM_RC -NvWriteUINT64Data( - NV_INDEX *nvIndex, // IN: the description of the index - UINT64 intValue // IN: the value to write - ) -{ - BYTE bytes[8]; - UINT64_TO_BYTE_ARRAY(intValue, bytes); -// - return NvWriteIndexData(nvIndex, 0, 8, &bytes); -} - -//*** NvGetIndexName() -// This function computes the Name of an index -// The 'name' buffer receives the bytes of the Name and the return value -// is the number of octets in the Name. -// -// This function requires that the NV Index is defined. -TPM2B_NAME * -NvGetIndexName( - NV_INDEX *nvIndex, // IN: the index over which the name is to be - // computed - TPM2B_NAME *name // OUT: name of the index - ) -{ - UINT16 dataSize, digestSize; - BYTE marshalBuffer[sizeof(TPMS_NV_PUBLIC)]; - BYTE *buffer; - HASH_STATE hashState; -// - // Marshal public area - buffer = marshalBuffer; - dataSize = TPMS_NV_PUBLIC_Marshal(&nvIndex->publicArea, &buffer, NULL); - - // hash public area - digestSize = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); - CryptDigestUpdate(&hashState, dataSize, marshalBuffer); - - // Complete digest leaving room for the nameAlg - CryptHashEnd(&hashState, digestSize, &name->b.buffer[2]); - - // Include the nameAlg - UINT16_TO_BYTE_ARRAY(nvIndex->publicArea.nameAlg, name->b.buffer); - name->t.size = digestSize + 2; - return name; -} - -//*** NvGetNameByIndexHandle() -// This function is used to compute the Name of an NV Index referenced by handle. -// -// The 'name' buffer receives the bytes of the Name and the return value -// is the number of octets in the Name. -// -// This function requires that the NV Index is defined. -TPM2B_NAME * -NvGetNameByIndexHandle( - TPMI_RH_NV_INDEX handle, // IN: handle of the index - TPM2B_NAME *name // OUT: name of the index - ) -{ - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); -// - return NvGetIndexName(nvIndex, name); -} - -//*** NvDefineIndex() -// This function is used to assign NV memory to an NV Index. -// -// Return Type: TPM_RC -// TPM_RC_NV_SPACE insufficient NV space -TPM_RC -NvDefineIndex( - TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. - TPM2B_AUTH *authValue // IN: The initial authorization value - ) -{ - // The buffer to be written to NV memory - NV_INDEX nvIndex; // the index data - UINT16 entrySize; // size of entry - TPM_RC result; -// - entrySize = sizeof(NV_INDEX); - - // only allocate data space for indexes that are going to be written to NV. - // Orderly indexes don't need space. - if(!IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) - entrySize += publicArea->dataSize; - // Check if we have enough space to create the NV Index - // In this implementation, the only resource limitation is the available NV - // space (and possibly RAM space.) Other implementation may have other - // limitation on counter or on NV slots - if(!NvTestSpace(entrySize, TRUE, IsNvCounterIndex(publicArea->attributes))) - return TPM_RC_NV_SPACE; - - // if the index to be defined is RAM backed, check RAM space availability - // as well - if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY) - && !NvRamTestSpaceIndex(publicArea->dataSize)) - return TPM_RC_NV_SPACE; - // Copy input value to nvBuffer - nvIndex.publicArea = *publicArea; - - // Copy the authValue - nvIndex.authValue = *authValue; - - // Add index to NV memory - result = NvAdd(entrySize, sizeof(NV_INDEX), TPM_RH_UNASSIGNED, - (BYTE *)&nvIndex); - if(result == TPM_RC_SUCCESS) - { - // If the data of NV Index is RAM backed, add the data area in RAM as well - if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) - NvAddRAM(publicArea); - } - return result; -} - -//*** NvAddEvictObject() -// This function is used to assign NV memory to a persistent object. -// Return Type: TPM_RC -// TPM_RC_NV_HANDLE the requested handle is already in use -// TPM_RC_NV_SPACE insufficient NV space -TPM_RC -NvAddEvictObject( - TPMI_DH_OBJECT evictHandle, // IN: new evict handle - OBJECT *object // IN: object to be added - ) -{ - TPM_HANDLE temp = object->evictHandle; - TPM_RC result; -// - // Check if we have enough space to add the evict object - // An evict object needs 8 bytes in index table + sizeof OBJECT - // In this implementation, the only resource limitation is the available NV - // space. Other implementation may have other limitation on evict object - // handle space - if(!NvTestSpace(sizeof(OBJECT) + sizeof(TPM_HANDLE), FALSE, FALSE)) - return TPM_RC_NV_SPACE; - - // Set evict attribute and handle - object->attributes.evict = SET; - object->evictHandle = evictHandle; - - // Now put this in NV - result = NvAdd(sizeof(OBJECT), sizeof(OBJECT), evictHandle, (BYTE *)object); - - // Put things back the way they were - object->attributes.evict = CLEAR; - object->evictHandle = temp; - - return result; -} - -//*** NvDeleteIndex() -// This function is used to delete an NV Index. -// Return Type: TPM_RC -// TPM_RC_NV_UNAVAILABLE NV is not accessible -// TPM_RC_NV_RATE NV is rate limiting -TPM_RC -NvDeleteIndex( - NV_INDEX *nvIndex, // IN: an in RAM index descriptor - NV_REF entityAddr // IN: location in NV - ) -{ - TPM_RC result; -// - if(nvIndex != NULL) - { - // Whenever a counter is deleted, make sure that the MaxCounter value is - // updated to reflect the value - if(IsNvCounterIndex(nvIndex->publicArea.attributes) - && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - NvUpdateMaxCount(NvGetUINT64Data(nvIndex, entityAddr)); - result = NvDelete(entityAddr); - if(result != TPM_RC_SUCCESS) - return result; - // If the NV Index is RAM backed, delete the RAM data as well - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - NvDeleteRAM(nvIndex->publicArea.nvIndex); - NvIndexCacheInit(); - } - return TPM_RC_SUCCESS; -} - -//*** NvDeleteEvict() -// This function will delete a NV evict object. -// Will return success if object deleted or if it does not exist - -TPM_RC -NvDeleteEvict( - TPM_HANDLE handle // IN: handle of entity to be deleted - ) -{ - NV_REF entityAddr = NvFindEvict(handle, NULL); // pointer to entity - TPM_RC result = TPM_RC_SUCCESS; -// - if(entityAddr != 0) - result = NvDelete(entityAddr); - return result; -} - -//*** NvFlushHierarchy() -// This function will delete persistent objects belonging to the indicated hierarchy. -// If the storage hierarchy is selected, the function will also delete any -// NV Index defined using ownerAuth. -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -TPM_RC -NvFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. - ) -{ - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - TPM_HANDLE entityHandle; - TPM_RC result = TPM_RC_SUCCESS; -// - while((currentAddr = NvNext(&iter, &entityHandle)) != 0) - { - if(HandleGetType(entityHandle) == TPM_HT_NV_INDEX) - { - NV_INDEX nvIndex; -// - // If flush endorsement or platform hierarchy, no NV Index would be - // flushed - if(hierarchy == TPM_RH_ENDORSEMENT || hierarchy == TPM_RH_PLATFORM) - continue; - // Get the index information - NvReadNvIndexInfo(currentAddr, &nvIndex); - - // For storage hierarchy, flush OwnerCreated index - if(!IS_ATTRIBUTE(nvIndex.publicArea.attributes, TPMA_NV, - PLATFORMCREATE)) - { - // Delete the index (including RAM for orderly) - result = NvDeleteIndex(&nvIndex, currentAddr); - if(result != TPM_RC_SUCCESS) - break; - // Re-iterate from beginning after a delete - iter = NV_REF_INIT; - } - } - else if(HandleGetType(entityHandle) == TPM_HT_PERSISTENT) - { - OBJECT_ATTRIBUTES attributes; -// - NvRead(&attributes, - (UINT32)(currentAddr - + sizeof(TPM_HANDLE) - + offsetof(OBJECT, attributes)), - sizeof(OBJECT_ATTRIBUTES)); - // If the evict object belongs to the hierarchy to be flushed... - if((hierarchy == TPM_RH_PLATFORM && attributes.ppsHierarchy == SET) - || (hierarchy == TPM_RH_OWNER && attributes.spsHierarchy == SET) - || (hierarchy == TPM_RH_ENDORSEMENT - && attributes.epsHierarchy == SET)) - { - // ...then delete the evict object - result = NvDelete(currentAddr); - if(result != TPM_RC_SUCCESS) - break; - // Re-iterate from beginning after a delete - iter = NV_REF_INIT; - } - } - else - { - FAIL(FATAL_ERROR_INTERNAL); - } - } - return result; -} - -//*** NvSetGlobalLock() -// This function is used to SET the TPMA_NV_WRITELOCKED attribute for all -// NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by -// TPM2_NV_GlobalWriteLock(). -// Return Type: TPM_RC -// TPM_RC_NV_RATE NV is unavailable because of rate limit -// TPM_RC_NV_UNAVAILABLE NV is inaccessible -TPM_RC -NvSetGlobalLock( - void - ) -{ - NV_REF iter = NV_REF_INIT; - NV_RAM_REF ramIter = NV_RAM_REF_INIT; - NV_REF currentAddr; - NV_RAM_REF currentRamAddr; - TPM_RC result = TPM_RC_SUCCESS; -// - // Check all normal indexes - while((currentAddr = NvNextIndex(NULL, &iter)) != 0) - { - TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); -// - // See if it should be locked - if(!IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) - && IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) - { - SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); - result = NvWriteNvIndexAttributes(currentAddr, attributes); - if(result != TPM_RC_SUCCESS) - return result; - } - } - // Now search all the orderly attributes - while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) - { - // See if it should be locked - TPMA_NV attributes = NvReadRamIndexAttributes(currentRamAddr); - if(IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) - { - SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); - NvWriteRamIndexAttributes(currentRamAddr, attributes); - } - } - return result; -} - -//***InsertSort() -// Sort a handle into handle list in ascending order. The total handle number in -// the list should not exceed MAX_CAP_HANDLES -static void -InsertSort( - TPML_HANDLE *handleList, // IN/OUT: sorted handle list - UINT32 count, // IN: maximum count in the handle list - TPM_HANDLE entityHandle // IN: handle to be inserted - ) -{ - UINT32 i, j; - UINT32 originalCount; -// - // For a corner case that the maximum count is 0, do nothing - if(count == 0) - return; - // For empty list, add the handle at the beginning and return - if(handleList->count == 0) - { - handleList->handle[0] = entityHandle; - handleList->count++; - return; - } - // Check if the maximum of the list has been reached - originalCount = handleList->count; - if(originalCount < count) - handleList->count++; - // Insert the handle to the list - for(i = 0; i < originalCount; i++) - { - if(handleList->handle[i] > entityHandle) - { - for(j = handleList->count - 1; j > i; j--) - { - handleList->handle[j] = handleList->handle[j - 1]; - } - break; - } - } - // If a slot was found, insert the handle in this position - if(i < originalCount || handleList->count > originalCount) - handleList->handle[i] = entityHandle; - return; -} - -//*** NvCapGetPersistent() -// This function is used to get a list of handles of the persistent objects, -// starting at 'handle'. -// -// 'Handle' must be in valid persistent object handle range, but does not -// have to reference an existing persistent object. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -NvCapGetPersistent( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: maximum number of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - TPM_HANDLE entityHandle; -// - pAssert(HandleGetType(handle) == TPM_HT_PERSISTENT); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - while((currentAddr = NvNextEvict(&entityHandle, &iter)) != 0) - { - // Ignore persistent handles that have values less than the input handle - if(entityHandle < handle) - continue; - // if the handles in the list have reached the requested count, and there - // are still handles need to be inserted, indicate that there are more. - if(handleList->count == count) - more = YES; - // A handle with a value larger than start handle is a candidate - // for return. Insert sort it to the return list. Insert sort algorithm - // is chosen here for simplicity based on the assumption that the total - // number of NV indexes is small. For an implementation that may allow - // large number of NV indexes, a more efficient sorting algorithm may be - // used here. - InsertSort(handleList, count, entityHandle); - } - return more; -} - -//*** NvCapGetIndex() -// This function returns a list of handles of NV indexes, starting from 'handle'. -// 'Handle' must be in the range of NV indexes, but does not have to reference -// an existing NV Index. -// Return Type: TPMI_YES_NO -// YES if there are more handles to report -// NO all the available handles has been reported -TPMI_YES_NO -NvCapGetIndex( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: max number of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - TPM_HANDLE nvHandle; -// - pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) - { - // Ignore index handles that have values less than the 'handle' - if(nvHandle < handle) - continue; - // if the count of handles in the list has reached the requested count, - // and there are still handles to report, set more. - if(handleList->count == count) - more = YES; - // A handle with a value larger than start handle is a candidate - // for return. Insert sort it to the return list. Insert sort algorithm - // is chosen here for simplicity based on the assumption that the total - // number of NV indexes is small. For an implementation that may allow - // large number of NV indexes, a more efficient sorting algorithm may be - // used here. - InsertSort(handleList, count, nvHandle); - } - return more; -} - -//*** NvCapGetIndexNumber() -// This function returns the count of NV Indexes currently defined. -UINT32 -NvCapGetIndexNumber( - void - ) -{ - UINT32 num = 0; - NV_REF iter = NV_REF_INIT; -// - while(NvNextIndex(NULL, &iter) != 0) - num++; - return num; -} - -//*** NvCapGetPersistentNumber() -// Function returns the count of persistent objects currently in NV memory. -UINT32 -NvCapGetPersistentNumber( - void - ) -{ - UINT32 num = 0; - NV_REF iter = NV_REF_INIT; - TPM_HANDLE handle; -// - while(NvNextEvict(&handle, &iter) != 0) - num++; - return num; -} - -//*** NvCapGetPersistentAvail() -// This function returns an estimate of the number of additional persistent -// objects that could be loaded into NV memory. -UINT32 -NvCapGetPersistentAvail( - void - ) -{ - UINT32 availNVSpace; - UINT32 counterNum = NvCapGetCounterNumber(); - UINT32 reserved = sizeof(NV_LIST_TERMINATOR); -// - // Get the available space in NV storage - availNVSpace = NvGetFreeBytes(); - - if(counterNum < MIN_COUNTER_INDICES) - { - // Some space has to be reserved for counter objects. - reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; - if(reserved > availNVSpace) - availNVSpace = 0; - else - availNVSpace -= reserved; - } - return availNVSpace / NV_EVICT_OBJECT_SIZE; -} - -//*** NvCapGetCounterNumber() -// Get the number of defined NV Indexes that are counter indexes. -UINT32 -NvCapGetCounterNumber( - void - ) -{ - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - UINT32 num = 0; -// - while((currentAddr = NvNextIndex(NULL, &iter)) != 0) - { - TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); - if(IsNvCounterIndex(attributes)) - num++; - } - return num; -} - -//*** NvSetStartupAttributes() -// Local function to set the attributes of an Index at TPM Reset and TPM Restart. -static TPMA_NV -NvSetStartupAttributes( - TPMA_NV attributes, // IN: attributes to change - STARTUP_TYPE type // IN: start up type - ) -{ - // Clear read lock - CLEAR_ATTRIBUTE(attributes, TPMA_NV, READLOCKED); - - // Will change a non counter index to the unwritten state if: - // a) TPMA_NV_CLEAR_STCLEAR is SET - // b) orderly and TPM Reset - if(!IsNvCounterIndex(attributes)) - { - if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) - || (IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) - && (type == SU_RESET))) - CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITTEN); - } - // Unlock any index that is not written or that does not have - // TPMA_NV_WRITEDEFINE SET. - if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) - || !IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); - return attributes; -} - -//*** NvEntityStartup() -// This function is called at TPM_Startup(). If the startup completes -// a TPM Resume cycle, no action is taken. If the startup is a TPM Reset -// or a TPM Restart, then this function will: -// 1. clear read/write lock; -// 2. reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and -// 3. set the lower bits in orderly counters to 1 for a non-orderly startup -// -// It is a prerequisite that NV be available for writing before this -// function is called. -BOOL -NvEntityStartup( - STARTUP_TYPE type // IN: start up type - ) -{ - NV_REF iter = NV_REF_INIT; - NV_RAM_REF ramIter = NV_RAM_REF_INIT; - NV_REF currentAddr; // offset points to the current entity - NV_RAM_REF currentRamAddr; - TPM_HANDLE nvHandle; - TPMA_NV attributes; -// - // Restore RAM index data - NvRead(s_indexOrderlyRam, NV_INDEX_RAM_DATA, sizeof(s_indexOrderlyRam)); - - // Initialize the max NV counter value - NvSetMaxCount(NvGetMaxCount()); - - // If recovering from state save, do nothing else - if(type == SU_RESUME) - return TRUE; - // Iterate all the NV Index to clear the locks - while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) - { - attributes = NvReadNvIndexAttributes(currentAddr); - - // If this is an orderly index, defer processing until loop below - if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) - continue; - // Set the attributes appropriate for this startup type - attributes = NvSetStartupAttributes(attributes, type); - NvWriteNvIndexAttributes(currentAddr, attributes); - } - // Iterate all the orderly indexes to clear the locks and initialize counters - while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) - { - attributes = NvReadRamIndexAttributes(currentRamAddr); - - attributes = NvSetStartupAttributes(attributes, type); - - // update attributes in RAM - NvWriteRamIndexAttributes(currentRamAddr, attributes); - - // Set the lower bits in an orderly counter to 1 for a non-orderly startup - if(IsNvCounterIndex(attributes) - && (g_prevOrderlyState == SU_NONE_VALUE)) - { - UINT64 counter; -// - // Read the counter value last saved to NV. - counter = BYTE_ARRAY_TO_UINT64(currentRamAddr + sizeof(NV_RAM_HEADER)); - - // Set the lower bits of counter to 1's - counter |= MAX_ORDERLY_COUNT; - - // Write back to RAM - // NOTE: Do not want to force a write to NV here. The counter value will - // stay in RAM until the next shutdown or rollover. - UINT64_TO_BYTE_ARRAY(counter, currentRamAddr + sizeof(NV_RAM_HEADER)); - } - } - return TRUE; -} - -//*** NvCapGetCounterAvail() -// This function returns an estimate of the number of additional counter type -// NV indexes that can be defined. -UINT32 -NvCapGetCounterAvail( - void - ) -{ - UINT32 availNVSpace; - UINT32 availRAMSpace; - UINT32 persistentNum = NvCapGetPersistentNumber(); - UINT32 reserved = sizeof(NV_LIST_TERMINATOR); -// - // Get the available space in NV storage - availNVSpace = NvGetFreeBytes(); - - if(persistentNum < MIN_EVICT_OBJECTS) - { - // Some space has to be reserved for evict object. Adjust availNVSpace. - reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; - if(reserved > availNVSpace) - availNVSpace = 0; - else - availNVSpace -= reserved; - } - // Compute the available space in RAM - availRAMSpace = (int)(RAM_ORDERLY_END - NvRamGetEnd()); - - // Return the min of counter number in NV and in RAM - if(availNVSpace / NV_INDEX_COUNTER_SIZE - > availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE) - return availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE; - else - return availNVSpace / NV_INDEX_COUNTER_SIZE; -} - -//*** NvFindHandle() -// this function returns the offset in NV memory of the entity associated -// with the input handle. A value of zero indicates that handle does not -// exist reference an existing persistent object or defined NV Index. -NV_REF -NvFindHandle( - TPM_HANDLE handle - ) -{ - NV_REF addr; - NV_REF iter = NV_REF_INIT; - TPM_HANDLE nextHandle; -// - while((addr = NvNext(&iter, &nextHandle)) != 0) - { - if(nextHandle == handle) - break; - } - return addr; -} - -//** NV Max Counter -//*** Introduction -// The TPM keeps track of the highest value of a deleted counter index. When an -// index is deleted, this value is updated if the deleted counter index is greater -// than the previous value. When a new index is created and first incremented, it -// will get a value that is at least one greater than any other index than any -// previously deleted index. This insures that it is not possible to roll back an -// index. -// -// The highest counter value is keep in NV in a special end-of-list marker. This -// marker is only updated when an index is deleted. Otherwise it just moves. -// -// When the TPM starts up, it searches NV for the end of list marker and initializes -// an in memory value (s_maxCounter). - -//*** NvReadMaxCount() -// This function returns the max NV counter value. -// -UINT64 -NvReadMaxCount( - void - ) -{ - return s_maxCounter; -} - -//*** NvUpdateMaxCount() -// This function updates the max counter value to NV memory. This is just staging -// for the actual write that will occur when the NV index memory is modified. -// -void -NvUpdateMaxCount( - UINT64 count - ) -{ - if(count > s_maxCounter) - s_maxCounter = count; -} - -//*** NvSetMaxCount() -// This function is used at NV initialization time to set the initial value of -// the maximum counter. -void -NvSetMaxCount( - UINT64 value - ) -{ - s_maxCounter = value; -} - -//*** NvGetMaxCount() -// Function to get the NV max counter value from the end-of-list marker -UINT64 -NvGetMaxCount( - void - ) -{ - NV_REF iter = NV_REF_INIT; - NV_REF currentAddr; - UINT64 maxCount; -// - // Find the end of list marker and initialize the NV Max Counter value. - while((currentAddr = NvNext(&iter, NULL )) != 0); - // 'iter' should be pointing at the end of list marker so read in the current - // value of the s_maxCounter. - NvRead(&maxCount, iter + sizeof(UINT32), sizeof(maxCount)); - - return maxCount; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c deleted file mode 100644 index 41a789512..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c +++ /dev/null @@ -1,263 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction - -// The NV memory is divided into two areas: dynamic space for user defined NV -// Indices and evict objects, and reserved space for TPM persistent and state save -// data. -// -// The entries in dynamic space are a linked list of entries. Each entry has, as its -// first field, a size. If the size field is zero, it marks the end of the -// list. -// -// An allocation of an Index or evict object may use almost all of the remaining -// NV space such that the size field will not fit. The functions that search the -// list are aware of this and will terminate the search if they either find a zero -// size or recognize that there is insufficient space for the size field. -// -// An Index allocation will contain an NV_INDEX structure. If the Index does not -// have the orderly attribute, the NV_INDEX is followed immediately by the NV data. -// -// An evict object entry contains a handle followed by an OBJECT structure. This -// results in both the Index and Evict Object having an identifying handle as the -// first field following the size field. -// -// When an Index has the orderly attribute, the data is kept in RAM. This RAM is -// saved to backing store in NV memory on any orderly shutdown. The entries in -// orderly memory are also a linked list using a size field as the first entry. As -// with the NV memory, the list is terminated by a zero size field or when the last -// entry leaves insufficient space for the terminating size field. -// -// The attributes of an orderly index are maintained in RAM memory in order to -// reduce the number of NV writes needed for orderly data. When an orderly index -// is created, an entry is made in the dynamic NV memory space that holds the Index -// authorizations (authPolicy and authValue) and the size of the data. This entry is -// only modified if the authValue of the index is changed. The more volatile data -// of the index is kept in RAM. When an orderly Index is created or deleted, the -// RAM data is copied to NV backing store so that the image in the backing store -// matches the layout of RAM. In normal operation. The RAM data is also copied on -// any orderly shutdown. In normal operation, the only other reason for writing -// to the backing store for RAM is when a counter is first written (TPMA_NV_WRITTEN -// changes from CLEAR to SET) or when a counter "rolls over." -// -// Static space contains items that are individually modifiable. The values are in -// the 'gp' PERSISTEND_DATA structure in RAM and mapped to locations in NV. -// - -//** Includes, Defines -#define NV_C -#include "Tpm.h" - -//************************************************ -//** Functions -//************************************************ - - -//*** NvInitStatic() -// This function initializes the static variables used in the NV subsystem. -static void -NvInitStatic( - void - ) -{ - // In some implementations, the end of NV is variable and is set at boot time. - // This value will be the same for each boot, but is not necessarily known - // at compile time. - s_evictNvEnd = (NV_REF)NV_MEMORY_SIZE; - return; -} - -//*** NvCheckState() -// Function to check the NV state by accessing the platform-specific function -// to get the NV state. The result state is registered in s_NvIsAvailable -// that will be reported by NvIsAvailable. -// -// This function is called at the beginning of ExecuteCommand before any potential -// check of g_NvStatus. -void -NvCheckState( - void - ) -{ - int func_return; -// - func_return = _plat__IsNvAvailable(); - if(func_return == 0) - g_NvStatus = TPM_RC_SUCCESS; - else if(func_return == 1) - g_NvStatus = TPM_RC_NV_UNAVAILABLE; - else - g_NvStatus = TPM_RC_NV_RATE; - return; -} - -//*** NvCommit -// This is a wrapper for the platform function to commit pending NV writes. -BOOL -NvCommit( - void - ) -{ - return (_plat__NvCommit() == 0); -} - -//*** NvPowerOn() -// This function is called at _TPM_Init to initialize the NV environment. -// Return Type: BOOL -// TRUE(1) all NV was initialized -// FALSE(0) the NV containing saved state had an error and -// TPM2_Startup(CLEAR) is required -BOOL -NvPowerOn( - void - ) -{ - int nvError = 0; - // If power was lost, need to re-establish the RAM data that is loaded from - // NV and initialize the static variables - if(g_powerWasLost) - { - if((nvError = _plat__NVEnable(0)) < 0) - FAIL(FATAL_ERROR_NV_UNRECOVERABLE); - NvInitStatic(); - } - return nvError == 0; -} - -//*** NvManufacture() -// This function initializes the NV system at pre-install time. -// -// This function should only be called in a manufacturing environment or in a -// simulation. -// -// The layout of NV memory space is an implementation choice. -void -NvManufacture( - void - ) -{ -#if SIMULATION - // Simulate the NV memory being in the erased state. - _plat__NvMemoryClear(0, NV_MEMORY_SIZE); -#endif - // Initialize static variables - NvInitStatic(); - // Clear the RAM used for Orderly Index data - MemorySet(s_indexOrderlyRam, 0, RAM_INDEX_SPACE); - // Write that Orderly Index data to NV - NvUpdateIndexOrderlyData(); - // Initialize the next offset of the first entry in evict/index list to 0 (the - // end of list marker) and the initial s_maxCounterValue; - NvSetMaxCount(0); - // Put the end of list marker at the end of memory. This contains the MaxCount - // value as well as the end marker. - NvWriteNvListEnd(NV_USER_DYNAMIC); - return; -} - -//*** NvRead() -// This function is used to move reserved data from NV memory to RAM. -void -NvRead( - void *outBuffer, // OUT: buffer to receive data - UINT32 nvOffset, // IN: offset in NV of value - UINT32 size // IN: size of the value to read - ) -{ - // Input type should be valid - pAssert(nvOffset + size < NV_MEMORY_SIZE); - _plat__NvMemoryRead(nvOffset, size, outBuffer); - return; -} - -//*** NvWrite() -// This function is used to post reserved data for writing to NV memory. Before -// the TPM completes the operation, the value will be written. -BOOL -NvWrite( - UINT32 nvOffset, // IN: location in NV to receive data - UINT32 size, // IN: size of the data to move - void *inBuffer // IN: location containing data to write - ) -{ - // Input type should be valid - if(nvOffset + size <= NV_MEMORY_SIZE) - { - // Set the flag that a NV write happened - SET_NV_UPDATE(UT_NV); - return _plat__NvMemoryWrite(nvOffset, size, inBuffer); - } - return FALSE; -} - -//*** NvUpdatePersistent() -// This function is used to update a value in the PERSISTENT_DATA structure and -// commits the value to NV. -void -NvUpdatePersistent( - UINT32 offset, // IN: location in PERMANENT_DATA to be updated - UINT32 size, // IN: size of the value - void *buffer // IN: the new data - ) -{ - pAssert(offset + size <= sizeof(gp)); - MemoryCopy(&gp + offset, buffer, size); - NvWrite(offset, size, buffer); -} - -//*** NvClearPersistent() -// This function is used to clear a persistent data entry and commit it to NV -void -NvClearPersistent( - UINT32 offset, // IN: the offset in the PERMANENT_DATA - // structure to be cleared (zeroed) - UINT32 size // IN: number of bytes to clear - ) -{ - pAssert(offset + size <= sizeof(gp)); - MemorySet((&gp) + offset, 0, size); - NvWrite(offset, size, (&gp) + offset); -} - -//*** NvReadPersistent() -// This function reads persistent data to the RAM copy of the 'gp' structure. -void -NvReadPersistent( - void - ) -{ - NvRead(&gp, NV_PERSISTENT_DATA, sizeof(gp)); - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c deleted file mode 100644 index 6fd037087..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c +++ /dev/null @@ -1,989 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions that manage the object store of the TPM. - -//** Includes and Data Definitions -#define OBJECT_C - -#include "Tpm.h" - -//** Functions - -//*** ObjectFlush() -// This function marks an object slot as available. -// Since there is no checking of the input parameters, it should be used -// judiciously. -// Note: This could be converted to a macro. -void -ObjectFlush( - OBJECT *object - ) -{ - object->attributes.occupied = CLEAR; -} - -//*** ObjectSetInUse() -// This access function sets the occupied attribute of an object slot. -void -ObjectSetInUse( - OBJECT *object - ) -{ - object->attributes.occupied = SET; -} - -//*** ObjectStartup() -// This function is called at TPM2_Startup() to initialize the object subsystem. -BOOL -ObjectStartup( - void - ) -{ - UINT32 i; -// - // object slots initialization - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - //Set the slot to not occupied - ObjectFlush(&s_objects[i]); - } - return TRUE; -} - -//*** ObjectCleanupEvict() -// -// In this implementation, a persistent object is moved from NV into an object slot -// for processing. It is flushed after command execution. This function is called -// from ExecuteCommand(). -void -ObjectCleanupEvict( - void - ) -{ - UINT32 i; -// - // This has to be iterated because a command may have two handles - // and they may both be persistent. - // This could be made to be more efficient so that a search is not needed. - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - // If an object is a temporary evict object, flush it from slot - OBJECT *object = &s_objects[i]; - if(object->attributes.evict == SET) - ObjectFlush(object); - } - return; -} - -//*** IsObjectPresent() -// This function checks to see if a transient handle references a loaded -// object. This routine should not be called if the handle is not a -// transient handle. The function validates that the handle is in the -// implementation-dependent allowed in range for loaded transient objects. -// Return Type: BOOL -// TRUE(1) handle references a loaded object -// FALSE(0) handle is not an object handle, or it does not -// reference to a loaded object -BOOL -IsObjectPresent( - TPMI_DH_OBJECT handle // IN: handle to be checked - ) -{ - UINT32 slotIndex = handle - TRANSIENT_FIRST; - // Since the handle is just an index into the array that is zero based, any - // handle value outsize of the range of: - // TRANSIENT_FIRST -- (TRANSIENT_FIRST + MAX_LOADED_OBJECT - 1) - // will now be greater than or equal to MAX_LOADED_OBJECTS - if(slotIndex >= MAX_LOADED_OBJECTS) - return FALSE; - // Indicate if the slot is occupied - return (s_objects[slotIndex].attributes.occupied == TRUE); -} - -//*** ObjectIsSequence() -// This function is used to check if the object is a sequence object. This function -// should not be called if the handle does not reference a loaded object. -// Return Type: BOOL -// TRUE(1) object is an HMAC, hash, or event sequence object -// FALSE(0) object is not an HMAC, hash, or event sequence object -BOOL -ObjectIsSequence( - OBJECT *object // IN: handle to be checked - ) -{ - pAssert(object != NULL); - return (object->attributes.hmacSeq == SET - || object->attributes.hashSeq == SET - || object->attributes.eventSeq == SET); -} - -//*** HandleToObject() -// This function is used to find the object structure associated with a handle. -// -// This function requires that 'handle' references a loaded object or a permanent -// handle. -OBJECT* -HandleToObject( - TPMI_DH_OBJECT handle // IN: handle of the object - ) -{ - UINT32 index; -// - // Return NULL if the handle references a permanent handle because there is no - // associated OBJECT. - if(HandleGetType(handle) == TPM_HT_PERMANENT) - return NULL; - // In this implementation, the handle is determined by the slot occupied by the - // object. - index = handle - TRANSIENT_FIRST; - pAssert(index < MAX_LOADED_OBJECTS); - pAssert(s_objects[index].attributes.occupied); - return &s_objects[index]; -} - - -//*** GetQualifiedName() -// This function returns the Qualified Name of the object. In this implementation, -// the Qualified Name is computed when the object is loaded and is saved in the -// internal representation of the object. The alternative would be to retain the -// Name of the parent and compute the QN when needed. This would take the same -// amount of space so it is not recommended that the alternate be used. -// -// This function requires that 'handle' references a loaded object. -void -GetQualifiedName( - TPMI_DH_OBJECT handle, // IN: handle of the object - TPM2B_NAME *qualifiedName // OUT: qualified name of the object - ) -{ - OBJECT *object; -// - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - qualifiedName->t.size = sizeof(TPM_HANDLE); - UINT32_TO_BYTE_ARRAY(handle, qualifiedName->t.name); - break; - case TPM_HT_TRANSIENT: - object = HandleToObject(handle); - if(object == NULL || object->publicArea.nameAlg == TPM_ALG_NULL) - qualifiedName->t.size = 0; - else - // Copy the name - *qualifiedName = object->qualifiedName; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - } - return; -} - -//*** ObjectGetHierarchy() -// This function returns the handle for the hierarchy of an object. -TPMI_RH_HIERARCHY -ObjectGetHierarchy( - OBJECT *object // IN :object - ) -{ - if(object->attributes.spsHierarchy) - { - return TPM_RH_OWNER; - } - else if(object->attributes.epsHierarchy) - { - return TPM_RH_ENDORSEMENT; - } - else if(object->attributes.ppsHierarchy) - { - return TPM_RH_PLATFORM; - } - else - { - return TPM_RH_NULL; - } -} - -//*** GetHeriarchy() -// This function returns the handle of the hierarchy to which a handle belongs. -// This function is similar to ObjectGetHierarchy() but this routine takes -// a handle but ObjectGetHierarchy() takes an pointer to an object. -// -// This function requires that 'handle' references a loaded object. -TPMI_RH_HIERARCHY -GetHeriarchy( - TPMI_DH_OBJECT handle // IN :object handle - ) -{ - OBJECT *object = HandleToObject(handle); -// - return ObjectGetHierarchy(object); -} - -//*** FindEmptyObjectSlot() -// This function finds an open object slot, if any. It will clear the attributes -// but will not set the occupied attribute. This is so that a slot may be used -// and discarded if everything does not go as planned. -// Return Type: OBJECT * -// NULL no open slot found -// != NULL pointer to available slot -OBJECT * -FindEmptyObjectSlot( - TPMI_DH_OBJECT *handle // OUT: (optional) - ) -{ - UINT32 i; - OBJECT *object; -// - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - object = &s_objects[i]; - if(object->attributes.occupied == CLEAR) - { - if(handle) - *handle = i + TRANSIENT_FIRST; - // Initialize the object attributes - MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); - return object; - } - } - return NULL; -} - -//*** ObjectAllocateSlot() -// This function is used to allocate a slot in internal object array. -OBJECT * -ObjectAllocateSlot( - TPMI_DH_OBJECT *handle // OUT: handle of allocated object - ) -{ - OBJECT *object = FindEmptyObjectSlot(handle); -// - if(object != NULL) - { - // if found, mark as occupied - ObjectSetInUse(object); - } - return object; -} - -//*** ObjectSetLoadedAttributes() -// This function sets the internal attributes for a loaded object. It is called to -// finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded -// object. -void -ObjectSetLoadedAttributes( - OBJECT *object, // IN: object attributes to finalize - TPM_HANDLE parentHandle // IN: the parent handle - ) -{ - OBJECT *parent = HandleToObject(parentHandle); - TPMA_OBJECT objectAttributes = object->publicArea.objectAttributes; -// - // Copy the stClear attribute from the public area. This could be overwritten - // if the parent has stClear SET - object->attributes.stClear = - IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear); - // If parent handle is a permanent handle, it is a primary (unless it is NULL - if(parent == NULL) - { - object->attributes.primary = SET; - switch(parentHandle) - { - case TPM_RH_ENDORSEMENT: - object->attributes.epsHierarchy = SET; - break; - case TPM_RH_OWNER: - object->attributes.spsHierarchy = SET; - break; - case TPM_RH_PLATFORM: - object->attributes.ppsHierarchy = SET; - break; - default: - // Treat the temporary attribute as a hierarchy - object->attributes.temporary = SET; - object->attributes.primary = CLEAR; - break; - } - } - else - { - // is this a stClear object - object->attributes.stClear = - (IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear) - || (parent->attributes.stClear == SET)); - object->attributes.epsHierarchy = parent->attributes.epsHierarchy; - object->attributes.spsHierarchy = parent->attributes.spsHierarchy; - object->attributes.ppsHierarchy = parent->attributes.ppsHierarchy; - // An object is temporary if its parent is temporary or if the object - // is external - object->attributes.temporary = parent->attributes.temporary - || object->attributes.external; - } - // If this is an external object, set the QN == name but don't SET other - // key properties ('parent' or 'derived') - if(object->attributes.external) - object->qualifiedName = object->name; - else - { - // check attributes for different types of parents - if(IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, restricted) - && !object->attributes.publicOnly - && IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, decrypt) - && object->publicArea.nameAlg != TPM_ALG_NULL) - { - // This is a parent. If it is not a KEYEDHASH, it is an ordinary parent. - // Otherwise, it is a derivation parent. - if(object->publicArea.type == TPM_ALG_KEYEDHASH) - object->attributes.derivation = SET; - else - object->attributes.isParent = SET; - } - ComputeQualifiedName(parentHandle, object->publicArea.nameAlg, - &object->name, &object->qualifiedName); - } - // Set slot occupied - ObjectSetInUse(object); - return; -} - -//*** ObjectLoad() -// Common function to load an object. A loaded object has its public area validated -// (unless its 'nameAlg' is TPM_ALG_NULL). If a sensitive part is loaded, it is -// verified to be correct and if both public and sensitive parts are loaded, then -// the cryptographic binding between the objects is validated. This function does -// not cause the allocated slot to be marked as in use. -TPM_RC -ObjectLoad( - OBJECT *object, // IN: pointer to object slot - // object - OBJECT *parent, // IN: (optional) the parent object - TPMT_PUBLIC *publicArea, // IN: public area to be installed in the object - TPMT_SENSITIVE *sensitive, // IN: (optional) sensitive area to be - // installed in the object - TPM_RC blamePublic, // IN: parameter number to associate with the - // publicArea errors - TPM_RC blameSensitive,// IN: parameter number to associate with the - // sensitive area errors - TPM2B_NAME *name // IN: (optional) -) -{ - TPM_RC result = TPM_RC_SUCCESS; -// -// Do validations of public area object descriptions - pAssert(publicArea != NULL); - - // Is this public only or a no-name object? - if(sensitive == NULL || publicArea->nameAlg == TPM_ALG_NULL) - { - // Need to have schemes checked so that we do the right thing with the - // public key. - result = SchemeChecks(NULL, publicArea); - } - else - { - // For any sensitive area, make sure that the seedSize is no larger than the - // digest size of nameAlg - if(sensitive->seedValue.t.size > CryptHashGetDigestSize(publicArea->nameAlg)) - return TPM_RCS_KEY_SIZE + blameSensitive; - // Check attributes and schemes for consistency - result = PublicAttributesValidation(parent, publicArea); - } - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, blamePublic); - -// Sensitive area and binding checks - - // On load, check nothing if the parent is fixedTPM. For all other cases, validate - // the keys. - if((parent == NULL) - || ((parent != NULL) && !IS_ATTRIBUTE(parent->publicArea.objectAttributes, - TPMA_OBJECT, fixedTPM))) - { - // Do the cryptographic key validation - result = CryptValidateKeys(publicArea, sensitive, blamePublic, - blameSensitive); - if(result != TPM_RC_SUCCESS) - return result; - } -#if ALG_RSA - // If this is an RSA key, then expand the private exponent. - // Note: ObjectLoad() is only called by TPM2_Import() if the parent is fixedTPM. - // For any key that does not have a fixedTPM parent, the exponent is computed - // whenever it is loaded - if((publicArea->type == TPM_ALG_RSA) && (sensitive != NULL)) - { - result = CryptRsaLoadPrivateExponent(publicArea, sensitive); - if(result != TPM_RC_SUCCESS) - return result; - } -#endif // ALG_RSA - // See if there is an object to populate - if((result == TPM_RC_SUCCESS) && (object != NULL)) - { - // Initialize public - object->publicArea = *publicArea; - // Copy sensitive if there is one - if(sensitive == NULL) - object->attributes.publicOnly = SET; - else - object->sensitive = *sensitive; - // Set the name, if one was provided - if(name != NULL) - object->name = *name; - else - object->name.t.size = 0; - } - return result; -} - -//*** AllocateSequenceSlot() -// This function allocates a sequence slot and initializes the parts that -// are used by the normal objects so that a sequence object is not inadvertently -// used for an operation that is not appropriate for a sequence. -// -static HASH_OBJECT * -AllocateSequenceSlot( - TPM_HANDLE *newHandle, // OUT: receives the allocated handle - TPM2B_AUTH *auth // IN: the authValue for the slot - ) -{ - HASH_OBJECT *object = (HASH_OBJECT *)ObjectAllocateSlot(newHandle); -// - // Validate that the proper location of the hash state data relative to the - // object state data. It would be good if this could have been done at compile - // time but it can't so do it in something that can be removed after debug. - cAssert(offsetof(HASH_OBJECT, auth) == offsetof(OBJECT, publicArea.authPolicy)); - - if(object != NULL) - { - - // Set the common values that a sequence object shares with an ordinary object - // First, clear all attributes - MemorySet(&object->objectAttributes, 0, sizeof(TPMA_OBJECT)); - - // The type is TPM_ALG_NULL - object->type = TPM_ALG_NULL; - - // This has no name algorithm and the name is the Empty Buffer - object->nameAlg = TPM_ALG_NULL; - - // A sequence object is considered to be in the NULL hierarchy so it should - // be marked as temporary so that it can't be persisted - object->attributes.temporary = SET; - - // A sequence object is DA exempt. - SET_ATTRIBUTE(object->objectAttributes, TPMA_OBJECT, noDA); - - // Copy the authorization value - if(auth != NULL) - object->auth = *auth; - else - object->auth.t.size = 0; - } - return object; -} - - -#if CC_HMAC_Start || CC_MAC_Start -//*** ObjectCreateHMACSequence() -// This function creates an internal HMAC sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateHMACSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - OBJECT *keyObject, // IN: the object containing the HMAC key - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle - ) -{ - HASH_OBJECT *hmacObject; -// - // Try to allocate a slot for new object - hmacObject = AllocateSequenceSlot(newHandle, auth); - - if(hmacObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // Set HMAC sequence bit - hmacObject->attributes.hmacSeq = SET; - -#if !SMAC_IMPLEMENTED - if(CryptHmacStart(&hmacObject->state.hmacState, hashAlg, - keyObject->sensitive.sensitive.bits.b.size, - keyObject->sensitive.sensitive.bits.b.buffer) == 0) -#else - if(CryptMacStart(&hmacObject->state.hmacState, - &keyObject->publicArea.parameters, - hashAlg, &keyObject->sensitive.sensitive.any.b) == 0) -#endif // SMAC_IMPLEMENTED - return TPM_RC_FAILURE; - return TPM_RC_SUCCESS; -} -#endif - -//*** ObjectCreateHashSequence() -// This function creates a hash sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateHashSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: sequence object handle - ) -{ - HASH_OBJECT *hashObject = AllocateSequenceSlot(newHandle, auth); -// - // See if slot allocated - if(hashObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // Set hash sequence bit - hashObject->attributes.hashSeq = SET; - - // Start hash for hash sequence - CryptHashStart(&hashObject->state.hashState[0], hashAlg); - - return TPM_RC_SUCCESS; -} - -//*** ObjectCreateEventSequence() -// This function creates an event sequence object. -// Return Type: TPM_RC -// TPM_RC_OBJECT_MEMORY if there is no free slot for an object -TPM_RC -ObjectCreateEventSequence( - TPM2B_AUTH *auth, // IN: authValue - TPMI_DH_OBJECT *newHandle // OUT: sequence object handle - ) -{ - HASH_OBJECT *hashObject = AllocateSequenceSlot(newHandle, auth); - UINT32 count; - TPM_ALG_ID hash; -// - // See if slot allocated - if(hashObject == NULL) - return TPM_RC_OBJECT_MEMORY; - // Set the event sequence attribute - hashObject->attributes.eventSeq = SET; - - // Initialize hash states for each implemented PCR algorithms - for(count = 0; (hash = CryptHashGetAlgByIndex(count)) != TPM_ALG_NULL; count++) - CryptHashStart(&hashObject->state.hashState[count], hash); - return TPM_RC_SUCCESS; -} - -//*** ObjectTerminateEvent() -// This function is called to close out the event sequence and clean up the hash -// context states. -void -ObjectTerminateEvent( - void - ) -{ - HASH_OBJECT *hashObject; - int count; - BYTE buffer[MAX_DIGEST_SIZE]; -// - hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); - - // Don't assume that this is a proper sequence object - if(hashObject->attributes.eventSeq) - { - // If it is, close any open hash contexts. This is done in case - // the cryptographic implementation has some context values that need to be - // cleaned up (hygiene). - // - for(count = 0; CryptHashGetAlgByIndex(count) != TPM_ALG_NULL; count++) - { - CryptHashEnd(&hashObject->state.hashState[count], 0, buffer); - } - // Flush sequence object - FlushObject(g_DRTMHandle); - } - g_DRTMHandle = TPM_RH_UNASSIGNED; -} - -//*** ObjectContextLoad() -// This function loads an object from a saved object context. -// Return Type: OBJECT * -// NULL if there is no free slot for an object -// != NULL points to the loaded object -OBJECT * -ObjectContextLoad( - ANY_OBJECT_BUFFER *object, // IN: pointer to object structure in saved - // context - TPMI_DH_OBJECT *handle // OUT: object handle - ) -{ - OBJECT *newObject = ObjectAllocateSlot(handle); -// - // Try to allocate a slot for new object - if(newObject != NULL) - { - // Copy the first part of the object - MemoryCopy(newObject, object, offsetof(HASH_OBJECT, state)); - // See if this is a sequence object - if(ObjectIsSequence(newObject)) - { - // If this is a sequence object, import the data - SequenceDataImport((HASH_OBJECT *)newObject, - (HASH_OBJECT_BUFFER *)object); - } - else - { - // Copy input object data to internal structure - MemoryCopy(newObject, object, sizeof(OBJECT)); - } - } - return newObject; -} - -//*** FlushObject() -// This function frees an object slot. -// -// This function requires that the object is loaded. -void -FlushObject( - TPMI_DH_OBJECT handle // IN: handle to be freed - ) -{ - UINT32 index = handle - TRANSIENT_FIRST; -// - pAssert(index < MAX_LOADED_OBJECTS); - // Clear all the object attributes - MemorySet((BYTE*)&(s_objects[index].attributes), - 0, sizeof(OBJECT_ATTRIBUTES)); - return; -} - -//*** ObjectFlushHierarchy() -// This function is called to flush all the loaded transient objects associated -// with a hierarchy when the hierarchy is disabled. -void -ObjectFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush - ) -{ - UINT16 i; -// - // iterate object slots - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied) // If found an occupied slot - { - switch(hierarchy) - { - case TPM_RH_PLATFORM: - if(s_objects[i].attributes.ppsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - case TPM_RH_OWNER: - if(s_objects[i].attributes.spsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - case TPM_RH_ENDORSEMENT: - if(s_objects[i].attributes.epsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - } - } - - return; -} - -//*** ObjectLoadEvict() -// This function loads a persistent object into a transient object slot. -// -// This function requires that 'handle' is associated with a persistent object. -// Return Type: TPM_RC -// TPM_RC_HANDLE the persistent object does not exist -// or the associated hierarchy is disabled. -// TPM_RC_OBJECT_MEMORY no object slot -TPM_RC -ObjectLoadEvict( - TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it - // will be replace by the loaded object handle - COMMAND_INDEX commandIndex // IN: the command being processed - ) -{ - TPM_RC result; - TPM_HANDLE evictHandle = *handle; // Save the evict handle - OBJECT *object; -// - // If this is an index that references a persistent object created by - // the platform, then return TPM_RH_HANDLE if the phEnable is FALSE - if(*handle >= PLATFORM_PERSISTENT) - { - // belongs to platform - if(g_phEnable == CLEAR) - return TPM_RC_HANDLE; - } - // belongs to owner - else if(gc.shEnable == CLEAR) - return TPM_RC_HANDLE; - // Try to allocate a slot for an object - object = ObjectAllocateSlot(handle); - if(object == NULL) - return TPM_RC_OBJECT_MEMORY; - // Copy persistent object to transient object slot. A TPM_RC_HANDLE - // may be returned at this point. This will mark the slot as containing - // a transient object so that it will be flushed at the end of the - // command - result = NvGetEvictObject(evictHandle, object); - - // Bail out if this failed - if(result != TPM_RC_SUCCESS) - return result; - // check the object to see if it is in the endorsement hierarchy - // if it is and this is not a TPM2_EvictControl() command, indicate - // that the hierarchy is disabled. - // If the associated hierarchy is disabled, make it look like the - // handle is not defined - if(ObjectGetHierarchy(object) == TPM_RH_ENDORSEMENT - && gc.ehEnable == CLEAR - && GetCommandCode(commandIndex) != TPM_CC_EvictControl) - return TPM_RC_HANDLE; - - return result; -} - -//*** ObjectComputeName() -// This does the name computation from a public area (can be marshaled or not). -TPM2B_NAME * -ObjectComputeName( - UINT32 size, // IN: the size of the area to digest - BYTE *publicArea, // IN: the public area to digest - TPM_ALG_ID nameAlg, // IN: the hash algorithm to use - TPM2B_NAME *name // OUT: Computed name - ) -{ - // Hash the publicArea into the name buffer leaving room for the nameAlg - name->t.size = CryptHashBlock(nameAlg, size, publicArea, - sizeof(name->t.name) - 2, - &name->t.name[2]); - // set the nameAlg - UINT16_TO_BYTE_ARRAY(nameAlg, name->t.name); - name->t.size += 2; - return name; -} - -//*** PublicMarshalAndComputeName() -// This function computes the Name of an object from its public area. -TPM2B_NAME * -PublicMarshalAndComputeName( - TPMT_PUBLIC *publicArea, // IN: public area of an object - TPM2B_NAME *name // OUT: name of the object - ) -{ - // Will marshal a public area into a template. This is because the internal - // format for a TPM2B_PUBLIC is a structure and not a simple BYTE buffer. - TPM2B_TEMPLATE marshaled; // this is big enough to hold a - // marshaled TPMT_PUBLIC - BYTE *buffer = (BYTE *)&marshaled.t.buffer; -// - // if the nameAlg is NULL then there is no name. - if(publicArea->nameAlg == TPM_ALG_NULL) - name->t.size = 0; - else - { - // Marshal the public area into its canonical form - marshaled.t.size = TPMT_PUBLIC_Marshal(publicArea, &buffer, NULL); - // and compute the name - ObjectComputeName(marshaled.t.size, marshaled.t.buffer, - publicArea->nameAlg, name); - } - return name; -} - -//*** ComputeQualifiedName() -// This function computes the qualified name of an object. -void -ComputeQualifiedName( - TPM_HANDLE parentHandle, // IN: parent's handle - TPM_ALG_ID nameAlg, // IN: name hash - TPM2B_NAME *name, // IN: name of the object - TPM2B_NAME *qualifiedName // OUT: qualified name of the object - ) -{ - HASH_STATE hashState; // hash state - TPM2B_NAME parentName; -// - if(parentHandle == TPM_RH_UNASSIGNED) - { - MemoryCopy2B(&qualifiedName->b, &name->b, sizeof(qualifiedName->t.name)); - *qualifiedName = *name; - } - else - { - GetQualifiedName(parentHandle, &parentName); - - // QN_A = hash_A (QN of parent || NAME_A) - - // Start hash - qualifiedName->t.size = CryptHashStart(&hashState, nameAlg); - - // Add parent's qualified name - CryptDigestUpdate2B(&hashState, &parentName.b); - - // Add self name - CryptDigestUpdate2B(&hashState, &name->b); - - // Complete hash leaving room for the name algorithm - CryptHashEnd(&hashState, qualifiedName->t.size, - &qualifiedName->t.name[2]); - UINT16_TO_BYTE_ARRAY(nameAlg, qualifiedName->t.name); - qualifiedName->t.size += 2; - } - return; -} - -//*** ObjectIsStorage() -// This function determines if an object has the attributes associated -// with a parent. A parent is an asymmetric or symmetric block cipher key -// that has its 'restricted' and 'decrypt' attributes SET, and 'sign' CLEAR. -// Return Type: BOOL -// TRUE(1) object is a storage key -// FALSE(0) object is not a storage key -BOOL -ObjectIsStorage( - TPMI_DH_OBJECT handle // IN: object handle - ) -{ - OBJECT *object = HandleToObject(handle); - TPMT_PUBLIC *publicArea = ((object != NULL) ? &object->publicArea : NULL); -// - return (publicArea != NULL - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) - && !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) - && (object->publicArea.type == ALG_RSA_VALUE - || object->publicArea.type == ALG_ECC_VALUE)); -} - -//*** ObjectCapGetLoaded() -// This function returns a a list of handles of loaded object, starting from -// 'handle'. 'Handle' must be in the range of valid transient object handles, -// but does not have to be the handle of a loaded transient object. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -ObjectCapGetLoaded( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; -// - pAssert(HandleGetType(handle) == TPM_HT_TRANSIENT); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate object slots to get loaded object handles - for(i = handle - TRANSIENT_FIRST; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied == TRUE) - { - // A valid transient object can not be the copy of a persistent object - pAssert(s_objects[i].attributes.evict == CLEAR); - - if(handleList->count < count) - { - // If we have not filled up the return list, add this object - // handle to it - handleList->handle[handleList->count] = i + TRANSIENT_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } - - return more; -} - -//*** ObjectCapGetTransientAvail() -// This function returns an estimate of the number of additional transient -// objects that could be loaded into the TPM. -UINT32 -ObjectCapGetTransientAvail( - void - ) -{ - UINT32 i; - UINT32 num = 0; -// - // Iterate object slot to get the number of unoccupied slots - for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied == FALSE) num++; - } - - return num; -} - -//*** ObjectGetPublicAttributes() -// Returns the attributes associated with an object handles. -TPMA_OBJECT -ObjectGetPublicAttributes( - TPM_HANDLE handle - ) -{ - return HandleToObject(handle)->publicArea.objectAttributes; -} - -OBJECT_ATTRIBUTES -ObjectGetProperties( - TPM_HANDLE handle - ) -{ - return HandleToObject(handle)->attributes; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c deleted file mode 100644 index 10a096878..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c +++ /dev/null @@ -1,1314 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This function contains the functions needed for PCR access and manipulation. -// -// This implementation uses a static allocation for the PCR. The amount of -// memory is allocated based on the number of PCR in the implementation and -// the number of implemented hash algorithms. This is not the expected -// implementation. PCR SPACE DEFINITIONS. -// -// In the definitions below, the g_hashPcrMap is a bit array that indicates -// which of the PCR are implemented. The g_hashPcr array is an array of digests. -// In this implementation, the space is allocated whether the PCR is implemented -// or not. - -//** Includes, Defines, and Data Definitions -#define PCR_C -#include "Tpm.h" - -// The initial value of PCR attributes. The value of these fields should be -// consistent with PC Client specification -// In this implementation, we assume the total number of implemented PCR is 24. -static const PCR_Attributes s_initAttributes[] = -{ - // PCR 0 - 15, static RTM - {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, - {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, - {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, - {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, - - {0, 0x0F, 0x1F}, // PCR 16, Debug - {0, 0x10, 0x1C}, // PCR 17, Locality 4 - {0, 0x10, 0x1C}, // PCR 18, Locality 3 - {0, 0x10, 0x0C}, // PCR 19, Locality 2 - {0, 0x14, 0x0E}, // PCR 20, Locality 1 - {0, 0x14, 0x04}, // PCR 21, Dynamic OS - {0, 0x14, 0x04}, // PCR 22, Dynamic OS - {0, 0x0F, 0x1F}, // PCR 23, Application specific - {0, 0x0F, 0x1F} // PCR 24, testing policy -}; - -//** Functions - -//*** PCRBelongsAuthGroup() -// This function indicates if a PCR belongs to a group that requires an authValue -// in order to modify the PCR. If it does, 'groupIndex' is set to value of -// the group index. This feature of PCR is decided by the platform specification. -// Return Type: BOOL -// TRUE(1) PCR belongs an authorization group -// FALSE(0) PCR does not belong an authorization group -BOOL -PCRBelongsAuthGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32 *groupIndex // OUT: group index if PCR belongs a - // group that allows authValue. If PCR - // does not belong to an authorization - // group, the value in this parameter is - // invalid - ) -{ -#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - // Platform specification determines to which authorization group a PCR belongs - // (if any). In this implementation, we assume there is only - // one authorization group which contains PCR[20-22]. If the platform - // specification requires differently, the implementation should be changed - // accordingly - if(handle >= 20 && handle <= 22) - { - *groupIndex = 0; - return TRUE; - } - -#endif - return FALSE; -} - -//*** PCRBelongsPolicyGroup() -// This function indicates if a PCR belongs to a group that requires a policy -// authorization in order to modify the PCR. If it does, 'groupIndex' is set -// to value of the group index. This feature of PCR is decided by the platform -// specification. -// Return Type: BOOL -// TRUE(1) PCR belongs a policy group -// FALSE(0) PCR does not belong a policy group -BOOL -PCRBelongsPolicyGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32 *groupIndex // OUT: group index if PCR belongs a group that - // allows policy. If PCR does not belong to - // a policy group, the value in this - // parameter is invalid - ) -{ -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - // Platform specification decides if a PCR belongs to a policy group and - // belongs to which group. In this implementation, we assume there is only - // one policy group which contains PCR20-22. If the platform specification - // requires differently, the implementation should be changed accordingly - if(handle >= 20 && handle <= 22) - { - *groupIndex = 0; - return TRUE; - } -#endif - return FALSE; -} - -//*** PCRBelongsTCBGroup() -// This function indicates if a PCR belongs to the TCB group. -// Return Type: BOOL -// TRUE(1) PCR belongs to TCB group -// FALSE(0) PCR does not belong to TCB group -static BOOL -PCRBelongsTCBGroup( - TPMI_DH_PCR handle // IN: handle of PCR - ) -{ -#if ENABLE_PCR_NO_INCREMENT == YES - // Platform specification decides if a PCR belongs to a TCB group. In this - // implementation, we assume PCR[20-22] belong to TCB group. If the platform - // specification requires differently, the implementation should be - // changed accordingly - if(handle >= 20 && handle <= 22) - return TRUE; - -#endif - return FALSE; -} - -//*** PCRPolicyIsAvailable() -// This function indicates if a policy is available for a PCR. -// Return Type: BOOL -// TRUE(1) the PCR should be authorized by policy -// FALSE(0) the PCR does not allow policy -BOOL -PCRPolicyIsAvailable( - TPMI_DH_PCR handle // IN: PCR handle - ) -{ - UINT32 groupIndex; - - return PCRBelongsPolicyGroup(handle, &groupIndex); -} - -//*** PCRGetAuthValue() -// This function is used to access the authValue of a PCR. If PCR does not -// belong to an authValue group, an EmptyAuth will be returned. -TPM2B_AUTH * -PCRGetAuthValue( - TPMI_DH_PCR handle // IN: PCR handle - ) -{ - UINT32 groupIndex; - - if(PCRBelongsAuthGroup(handle, &groupIndex)) - { - return &gc.pcrAuthValues.auth[groupIndex]; - } - else - { - return NULL; - } -} - -//*** PCRGetAuthPolicy() -// This function is used to access the authorization policy of a PCR. It sets -// 'policy' to the authorization policy and returns the hash algorithm for policy -// If the PCR does not allow a policy, TPM_ALG_NULL is returned. -TPMI_ALG_HASH -PCRGetAuthPolicy( - TPMI_DH_PCR handle, // IN: PCR handle - TPM2B_DIGEST *policy // OUT: policy of PCR - ) -{ - UINT32 groupIndex; - - if(PCRBelongsPolicyGroup(handle, &groupIndex)) - { - *policy = gp.pcrPolicies.policy[groupIndex]; - return gp.pcrPolicies.hashAlg[groupIndex]; - } - else - { - policy->t.size = 0; - return TPM_ALG_NULL; - } -} - -//*** PCRSimStart() -// This function is used to initialize the policies when a TPM is manufactured. -// This function would only be called in a manufacturing environment or in -// a TPM simulator. -void -PCRSimStart( - void - ) -{ - UINT32 i; -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) - { - gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; - gp.pcrPolicies.policy[i].t.size = 0; - } -#endif -#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - for(i = 0; i < NUM_AUTHVALUE_PCR_GROUP; i++) - { - gc.pcrAuthValues.auth[i].t.size = 0; - } -#endif - // We need to give an initial configuration on allocated PCR before - // receiving any TPM2_PCR_Allocate command to change this configuration - // When the simulation environment starts, we allocate all the PCRs - for(gp.pcrAllocated.count = 0; gp.pcrAllocated.count < HASH_COUNT; - gp.pcrAllocated.count++) - { - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].hash - = CryptHashGetAlgByIndex(gp.pcrAllocated.count); - - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].sizeofSelect - = PCR_SELECT_MAX; - for(i = 0; i < PCR_SELECT_MAX; i++) - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].pcrSelect[i] - = 0xFF; - } - - // Store the initial configuration to NV - NV_SYNC_PERSISTENT(pcrPolicies); - NV_SYNC_PERSISTENT(pcrAllocated); - - return; -} - -//*** GetSavedPcrPointer() -// This function returns the address of an array of state saved PCR based -// on the hash algorithm. -// Return Type: BYTE * -// NULL no such algorithm -// != NULL pointer to the 0th byte of the 0th PCR -static BYTE * -GetSavedPcrPointer( - TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrIndex // IN: PCR index in PCR_SAVE - ) -{ - BYTE *retVal; - switch(alg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - retVal = gc.pcrSave.sha1[pcrIndex]; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - retVal = gc.pcrSave.sha256[pcrIndex]; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - retVal = gc.pcrSave.sha384[pcrIndex]; - break; -#endif - -#if ALG_SHA512 - case ALG_SHA512_VALUE: - retVal = gc.pcrSave.sha512[pcrIndex]; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - retVal = gc.pcrSave.sm3_256[pcrIndex]; - break; -#endif - default: - FAIL(FATAL_ERROR_INTERNAL); - } - return retVal; -} - -//*** PcrIsAllocated() -// This function indicates if a PCR number for the particular hash algorithm -// is allocated. -// Return Type: BOOL -// TRUE(1) PCR is allocated -// FALSE(0) PCR is not allocated -BOOL -PcrIsAllocated( - UINT32 pcr, // IN: The number of the PCR - TPMI_ALG_HASH hashAlg // IN: The PCR algorithm - ) -{ - UINT32 i; - BOOL allocated = FALSE; - - if(pcr < IMPLEMENTATION_PCR) - { - for(i = 0; i < gp.pcrAllocated.count; i++) - { - if(gp.pcrAllocated.pcrSelections[i].hash == hashAlg) - { - if(((gp.pcrAllocated.pcrSelections[i].pcrSelect[pcr / 8]) - & (1 << (pcr % 8))) != 0) - allocated = TRUE; - else - allocated = FALSE; - break; - } - } - } - return allocated; -} - -//*** GetPcrPointer() -// This function returns the address of an array of PCR based on the -// hash algorithm. -// Return Type: BYTE * -// NULL no such algorithm -// != NULL pointer to the 0th byte of the 0th PCR -static BYTE * -GetPcrPointer( - TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrNumber // IN: PCR number - ) -{ - static BYTE *pcr = NULL; - - if(!PcrIsAllocated(pcrNumber, alg)) - return NULL; - - switch(alg) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - pcr = s_pcrs[pcrNumber].sha1Pcr; - break; -#endif -#if ALG_SHA256 - case ALG_SHA256_VALUE: - pcr = s_pcrs[pcrNumber].sha256Pcr; - break; -#endif -#if ALG_SHA384 - case ALG_SHA384_VALUE: - pcr = s_pcrs[pcrNumber].sha384Pcr; - break; -#endif -#if ALG_SHA512 - case ALG_SHA512_VALUE: - pcr = s_pcrs[pcrNumber].sha512Pcr; - break; -#endif -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - pcr = s_pcrs[pcrNumber].sm3_256Pcr; - break; -#endif - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return pcr; -} - -//*** IsPcrSelected() -// This function indicates if an indicated PCR number is selected by the bit map in -// 'selection'. -// Return Type: BOOL -// TRUE(1) PCR is selected -// FALSE(0) PCR is not selected -static BOOL -IsPcrSelected( - UINT32 pcr, // IN: The number of the PCR - TPMS_PCR_SELECTION *selection // IN: The selection structure - ) -{ - BOOL selected; - selected = (pcr < IMPLEMENTATION_PCR - && ((selection->pcrSelect[pcr / 8]) & (1 << (pcr % 8))) != 0); - return selected; -} - -//*** FilterPcr() -// This function modifies a PCR selection array based on the implemented -// PCR. -static void -FilterPcr( - TPMS_PCR_SELECTION *selection // IN: input PCR selection - ) -{ - UINT32 i; - TPMS_PCR_SELECTION *allocated = NULL; - - // If size of select is less than PCR_SELECT_MAX, zero the unspecified PCR - for(i = selection->sizeofSelect; i < PCR_SELECT_MAX; i++) - selection->pcrSelect[i] = 0; - - // Find the internal configuration for the bank - for(i = 0; i < gp.pcrAllocated.count; i++) - { - if(gp.pcrAllocated.pcrSelections[i].hash == selection->hash) - { - allocated = &gp.pcrAllocated.pcrSelections[i]; - break; - } - } - - for(i = 0; i < selection->sizeofSelect; i++) - { - if(allocated == NULL) - { - // If the required bank does not exist, clear input selection - selection->pcrSelect[i] = 0; - } - else - selection->pcrSelect[i] &= allocated->pcrSelect[i]; - } - - return; -} - -//*** PcrDrtm() -// This function does the DRTM and H-CRTM processing it is called from -// _TPM_Hash_End. -void -PcrDrtm( - const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be - // modified - const TPMI_ALG_HASH hash, // IN: the bank identifier - const TPM2B_DIGEST *digest // IN: the digest to modify the PCR - ) -{ - BYTE *pcrData = GetPcrPointer(hash, pcrHandle); - - if(pcrData != NULL) - { - // Rest the PCR to zeros - MemorySet(pcrData, 0, digest->t.size); - - // if the TPM has not started, then set the PCR to 0...04 and then extend - if(!TPMIsStarted()) - { - pcrData[digest->t.size - 1] = 4; - } - // Now, extend the value - PCRExtend(pcrHandle, hash, digest->t.size, (BYTE *)digest->t.buffer); - } -} - -//*** PCR_ClearAuth() -// This function is used to reset the PCR authorization values. It is called -// on TPM2_Startup(CLEAR) and TPM2_Clear(). -void -PCR_ClearAuth( - void - ) -{ -#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - int j; - for(j = 0; j < NUM_AUTHVALUE_PCR_GROUP; j++) - { - gc.pcrAuthValues.auth[j].t.size = 0; - } -#endif -} - -//*** PCRStartup() -// This function initializes the PCR subsystem at TPM2_Startup(). -BOOL -PCRStartup( - STARTUP_TYPE type, // IN: startup type - BYTE locality // IN: startup locality - ) -{ - UINT32 pcr, j; - UINT32 saveIndex = 0; - - g_pcrReConfig = FALSE; - - // Don't test for SU_RESET because that should be the default when nothing - // else is selected - if(type != SU_RESUME && type != SU_RESTART) - { - // PCR generation counter is cleared at TPM_RESET - gr.pcrCounter = 0; - } - - // Initialize/Restore PCR values - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - // On resume, need to know if this PCR had its state saved or not - UINT32 stateSaved; - - if(type == SU_RESUME - && s_initAttributes[pcr].stateSave == SET) - { - stateSaved = 1; - } - else - { - stateSaved = 0; - PCRChanged(pcr); - } - - // If this is the H-CRTM PCR and we are not doing a resume and we - // had an H-CRTM event, then we don't change this PCR - if(pcr == HCRTM_PCR && type != SU_RESUME && g_DrtmPreStartup == TRUE) - continue; - - // Iterate each hash algorithm bank - for(j = 0; j < gp.pcrAllocated.count; j++) - { - TPMI_ALG_HASH hash = gp.pcrAllocated.pcrSelections[j].hash; - BYTE *pcrData = GetPcrPointer(hash, pcr); - UINT16 pcrSize = CryptHashGetDigestSize(hash); - - if(pcrData != NULL) - { - // if state was saved - if(stateSaved == 1) - { - // Restore saved PCR value - BYTE *pcrSavedData; - pcrSavedData = GetSavedPcrPointer( - gp.pcrAllocated.pcrSelections[j].hash, - saveIndex); - if(pcrSavedData == NULL) - return FALSE; - MemoryCopy(pcrData, pcrSavedData, pcrSize); - } - else - // PCR was not restored by state save - { - // If the reset locality of the PCR is 4, then - // the reset value is all one's, otherwise it is - // all zero. - if((s_initAttributes[pcr].resetLocality & 0x10) != 0) - MemorySet(pcrData, 0xFF, pcrSize); - else - { - MemorySet(pcrData, 0, pcrSize); - if(pcr == HCRTM_PCR) - pcrData[pcrSize - 1] = locality; - } - } - } - } - saveIndex += stateSaved; - } - // Reset authValues on TPM2_Startup(CLEAR) - if(type != SU_RESUME) - PCR_ClearAuth(); - return TRUE; -} - -//*** PCRStateSave() -// This function is used to save the PCR values that will be restored on TPM Resume. -void -PCRStateSave( - TPM_SU type // IN: startup type - ) -{ - UINT32 pcr, j; - UINT32 saveIndex = 0; - - // if state save CLEAR, nothing to be done. Return here - if(type == TPM_SU_CLEAR) - return; - - // Copy PCR values to the structure that should be saved to NV - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - UINT32 stateSaved = (s_initAttributes[pcr].stateSave == SET) ? 1 : 0; - - // Iterate each hash algorithm bank - for(j = 0; j < gp.pcrAllocated.count; j++) - { - BYTE *pcrData; - UINT32 pcrSize; - - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, pcr); - - if(pcrData != NULL) - { - pcrSize - = CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[j].hash); - - if(stateSaved == 1) - { - // Restore saved PCR value - BYTE *pcrSavedData; - pcrSavedData - = GetSavedPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, - saveIndex); - MemoryCopy(pcrSavedData, pcrData, pcrSize); - } - } - } - saveIndex += stateSaved; - } - - return; -} - -//*** PCRIsStateSaved() -// This function indicates if the selected PCR is a PCR that is state saved -// on TPM2_Shutdown(STATE). The return value is based on PCR attributes. -// Return Type: BOOL -// TRUE(1) PCR is state saved -// FALSE(0) PCR is not state saved -BOOL -PCRIsStateSaved( - TPMI_DH_PCR handle // IN: PCR handle to be extended - ) -{ - UINT32 pcr = handle - PCR_FIRST; - - if(s_initAttributes[pcr].stateSave == SET) - return TRUE; - else - return FALSE; -} - -//*** PCRIsResetAllowed() -// This function indicates if a PCR may be reset by the current command locality. -// The return value is based on PCR attributes, and not the PCR allocation. -// Return Type: BOOL -// TRUE(1) TPM2_PCR_Reset is allowed -// FALSE(0) TPM2_PCR_Reset is not allowed -BOOL -PCRIsResetAllowed( - TPMI_DH_PCR handle // IN: PCR handle to be extended - ) -{ - UINT8 commandLocality; - UINT8 localityBits = 1; - UINT32 pcr = handle - PCR_FIRST; - - // Check for the locality - commandLocality = _plat__LocalityGet(); - -#ifdef DRTM_PCR - // For a TPM that does DRTM, Reset is not allowed at locality 4 - if(commandLocality == 4) - return FALSE; -#endif - - localityBits = localityBits << commandLocality; - if((localityBits & s_initAttributes[pcr].resetLocality) == 0) - return FALSE; - else - return TRUE; -} - -//*** PCRChanged() -// This function checks a PCR handle to see if the attributes for the PCR are set -// so that any change to the PCR causes an increment of the pcrCounter. If it does, -// then the function increments the counter. Will also bump the counter if the -// handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero -// is used by TPM2_Clear(). -void -PCRChanged( - TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. - ) -{ - // For the reference implementation, the only change that does not cause - // increment is a change to a PCR in the TCB group. - if((pcrHandle == 0) || !PCRBelongsTCBGroup(pcrHandle)) - { - gr.pcrCounter++; - if(gr.pcrCounter == 0) - FAIL(FATAL_ERROR_COUNTER_OVERFLOW); - } -} - -//*** PCRIsExtendAllowed() -// This function indicates a PCR may be extended at the current command locality. -// The return value is based on PCR attributes, and not the PCR allocation. -// Return Type: BOOL -// TRUE(1) extend is allowed -// FALSE(0) extend is not allowed -BOOL -PCRIsExtendAllowed( - TPMI_DH_PCR handle // IN: PCR handle to be extended - ) -{ - UINT8 commandLocality; - UINT8 localityBits = 1; - UINT32 pcr = handle - PCR_FIRST; - - // Check for the locality - commandLocality = _plat__LocalityGet(); - localityBits = localityBits << commandLocality; - if((localityBits & s_initAttributes[pcr].extendLocality) == 0) - return FALSE; - else - return TRUE; -} - -//*** PCRExtend() -// This function is used to extend a PCR in a specific bank. -void -PCRExtend( - TPMI_DH_PCR handle, // IN: PCR handle to be extended - TPMI_ALG_HASH hash, // IN: hash algorithm of PCR - UINT32 size, // IN: size of data to be extended - BYTE *data // IN: data to be extended - ) -{ - BYTE *pcrData; - HASH_STATE hashState; - UINT16 pcrSize; - - pcrData = GetPcrPointer(hash, handle - PCR_FIRST); - - // Extend PCR if it is allocated - if(pcrData != NULL) - { - pcrSize = CryptHashGetDigestSize(hash); - CryptHashStart(&hashState, hash); - CryptDigestUpdate(&hashState, pcrSize, pcrData); - CryptDigestUpdate(&hashState, size, data); - CryptHashEnd(&hashState, pcrSize, pcrData); - - // PCR has changed so update the pcrCounter if necessary - PCRChanged(handle); - } - - return; -} - -//*** PCRComputeCurrentDigest() -// This function computes the digest of the selected PCR. -// -// As a side-effect, 'selection' is modified so that only the implemented PCR -// will have their bits still set. -void -PCRComputeCurrentDigest( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest - TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on - // output) - TPM2B_DIGEST *digest // OUT: digest - ) -{ - HASH_STATE hashState; - TPMS_PCR_SELECTION *select; - BYTE *pcrData; // will point to a digest - UINT32 pcrSize; - UINT32 pcr; - UINT32 i; - - // Initialize the hash - digest->t.size = CryptHashStart(&hashState, hashAlg); - pAssert(digest->t.size > 0 && digest->t.size < UINT16_MAX); - - // Iterate through the list of PCR selection structures - for(i = 0; i < selection->count; i++) - { - // Point to the current selection - select = &selection->pcrSelections[i]; // Point to the current selection - FilterPcr(select); // Clear out the bits for unimplemented PCR - - // Need the size of each digest - pcrSize = CryptHashGetDigestSize(selection->pcrSelections[i].hash); - - // Iterate through the selection - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - if(IsPcrSelected(pcr, select)) // Is this PCR selected - { - // Get pointer to the digest data for the bank - pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); - pAssert(pcrData != NULL); - CryptDigestUpdate(&hashState, pcrSize, pcrData); // add to digest - } - } - } - // Complete hash stack - CryptHashEnd2B(&hashState, &digest->b); - - return; -} - -//*** PCRRead() -// This function is used to read a list of selected PCR. If the requested PCR -// number exceeds the maximum number that can be output, the 'selection' is -// adjusted to reflect the actual output PCR. -void -PCRRead( - TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on - // output) - TPML_DIGEST *digest, // OUT: digest - UINT32 *pcrCounter // OUT: the current value of PCR generation - // number - ) -{ - TPMS_PCR_SELECTION *select; - BYTE *pcrData; // will point to a digest - UINT32 pcr; - UINT32 i; - - digest->count = 0; - - // Iterate through the list of PCR selection structures - for(i = 0; i < selection->count; i++) - { - // Point to the current selection - select = &selection->pcrSelections[i]; // Point to the current selection - FilterPcr(select); // Clear out the bits for unimplemented PCR - - // Iterate through the selection - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - if(IsPcrSelected(pcr, select)) // Is this PCR selected - { - // Check if number of digest exceed upper bound - if(digest->count > 7) - { - // Clear rest of the current select bitmap - while(pcr < IMPLEMENTATION_PCR - // do not round up! - && (pcr / 8) < select->sizeofSelect) - { - // do not round up! - select->pcrSelect[pcr / 8] &= (BYTE)~(1 << (pcr % 8)); - pcr++; - } - // Exit inner loop - break; - } - // Need the size of each digest - digest->digests[digest->count].t.size = - CryptHashGetDigestSize(selection->pcrSelections[i].hash); - - // Get pointer to the digest data for the bank - pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); - pAssert(pcrData != NULL); - // Add to the data to digest - MemoryCopy(digest->digests[digest->count].t.buffer, - pcrData, - digest->digests[digest->count].t.size); - digest->count++; - } - } - // If we exit inner loop because we have exceed the output upper bound - if(digest->count > 7 && pcr < IMPLEMENTATION_PCR) - { - // Clear rest of the selection - while(i < selection->count) - { - MemorySet(selection->pcrSelections[i].pcrSelect, 0, - selection->pcrSelections[i].sizeofSelect); - i++; - } - // exit outer loop - break; - } - } - - *pcrCounter = gr.pcrCounter; - - return; -} - -//*** PCRAllocate() -// This function is used to change the PCR allocation. -// Return Type: TPM_RC -// TPM_RC_NO_RESULT allocate failed -// TPM_RC_PCR improper allocation -TPM_RC -PCRAllocate( - TPML_PCR_SELECTION *allocate, // IN: required allocation - UINT32 *maxPCR, // OUT: Maximum number of PCR - UINT32 *sizeNeeded, // OUT: required space - UINT32 *sizeAvailable // OUT: available space - ) -{ - UINT32 i, j, k; - TPML_PCR_SELECTION newAllocate; - // Initialize the flags to indicate if HCRTM PCR and DRTM PCR are allocated. - BOOL pcrHcrtm = FALSE; - BOOL pcrDrtm = FALSE; - - // Create the expected new PCR allocation based on the existing allocation - // and the new input: - // 1. if a PCR bank does not appear in the new allocation, the existing - // allocation of this PCR bank will be preserved. - // 2. if a PCR bank appears multiple times in the new allocation, only the - // last one will be in effect. - newAllocate = gp.pcrAllocated; - for(i = 0; i < allocate->count; i++) - { - for(j = 0; j < newAllocate.count; j++) - { - // If hash matches, the new allocation covers the old allocation - // for this particular bank. - // The assumption is the initial PCR allocation (from manufacture) - // has all the supported hash algorithms with an assigned bank - // (possibly empty). So there must be a match for any new bank - // allocation from the input. - if(newAllocate.pcrSelections[j].hash == - allocate->pcrSelections[i].hash) - { - newAllocate.pcrSelections[j] = allocate->pcrSelections[i]; - break; - } - } - // The j loop must exit with a match. - pAssert(j < newAllocate.count); - } - - // Max PCR in a bank is MIN(implemented PCR, PCR with attributes defined) - *maxPCR = sizeof(s_initAttributes) / sizeof(PCR_Attributes); - if(*maxPCR > IMPLEMENTATION_PCR) - *maxPCR = IMPLEMENTATION_PCR; - - // Compute required size for allocation - *sizeNeeded = 0; - for(i = 0; i < newAllocate.count; i++) - { - UINT32 digestSize - = CryptHashGetDigestSize(newAllocate.pcrSelections[i].hash); -#if defined(DRTM_PCR) - // Make sure that we end up with at least one DRTM PCR - pcrDrtm = pcrDrtm || TestBit(DRTM_PCR, - newAllocate.pcrSelections[i].pcrSelect, - newAllocate.pcrSelections[i].sizeofSelect); - -#else // if DRTM PCR is not required, indicate that the allocation is OK - pcrDrtm = TRUE; -#endif - -#if defined(HCRTM_PCR) - // and one HCRTM PCR (since this is usually PCR 0...) - pcrHcrtm = pcrHcrtm || TestBit(HCRTM_PCR, - newAllocate.pcrSelections[i].pcrSelect, - newAllocate.pcrSelections[i].sizeofSelect); -#else - pcrHcrtm = TRUE; -#endif - for(j = 0; j < newAllocate.pcrSelections[i].sizeofSelect; j++) - { - BYTE mask = 1; - for(k = 0; k < 8; k++) - { - if((newAllocate.pcrSelections[i].pcrSelect[j] & mask) != 0) - *sizeNeeded += digestSize; - mask = mask << 1; - } - } - } - - if(!pcrDrtm || !pcrHcrtm) - return TPM_RC_PCR; - - // In this particular implementation, we always have enough space to - // allocate PCR. Different implementation may return a sizeAvailable less - // than the sizeNeed. - *sizeAvailable = sizeof(s_pcrs); - - // Save the required allocation to NV. Note that after NV is written, the - // PCR allocation in NV is no longer consistent with the RAM data - // gp.pcrAllocated. The NV version reflect the allocate after next - // TPM_RESET, while the RAM version reflects the current allocation - NV_WRITE_PERSISTENT(pcrAllocated, newAllocate); - - return TPM_RC_SUCCESS; -} - -//*** PCRSetValue() -// This function is used to set the designated PCR in all banks to an initial value. -// The initial value is signed and will be sign extended into the entire PCR. -// -void -PCRSetValue( - TPM_HANDLE handle, // IN: the handle of the PCR to set - INT8 initialValue // IN: the value to set - ) -{ - int i; - UINT32 pcr = handle - PCR_FIRST; - TPMI_ALG_HASH hash; - UINT16 digestSize; - BYTE *pcrData; - - // Iterate supported PCR bank algorithms to reset - for(i = 0; i < HASH_COUNT; i++) - { - hash = CryptHashGetAlgByIndex(i); - // Prevent runaway - if(hash == TPM_ALG_NULL) - break; - - // Get a pointer to the data - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); - - // If the PCR is allocated - if(pcrData != NULL) - { - // And the size of the digest - digestSize = CryptHashGetDigestSize(hash); - - // Set the LSO to the input value - pcrData[digestSize - 1] = initialValue; - - // Sign extend - if(initialValue >= 0) - MemorySet(pcrData, 0, digestSize - 1); - else - MemorySet(pcrData, -1, digestSize - 1); - } - } -} - -//*** PCRResetDynamics -// This function is used to reset a dynamic PCR to 0. This function is used in -// DRTM sequence. -void -PCRResetDynamics( - void - ) -{ - UINT32 pcr, i; - - // Initialize PCR values - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - // Iterate each hash algorithm bank - for(i = 0; i < gp.pcrAllocated.count; i++) - { - BYTE *pcrData; - UINT32 pcrSize; - - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); - - if(pcrData != NULL) - { - pcrSize = - CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[i].hash); - - // Reset PCR - // Any PCR can be reset by locality 4 should be reset to 0 - if((s_initAttributes[pcr].resetLocality & 0x10) != 0) - MemorySet(pcrData, 0, pcrSize); - } - } - } - return; -} - -//*** PCRCapGetAllocation() -// This function is used to get the current allocation of PCR banks. -// Return Type: TPMI_YES_NO -// YES if the return count is 0 -// NO if the return count is not 0 -TPMI_YES_NO -PCRCapGetAllocation( - UINT32 count, // IN: count of return - TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list - ) -{ - if(count == 0) - { - pcrSelection->count = 0; - return YES; - } - else - { - *pcrSelection = gp.pcrAllocated; - return NO; - } -} - -//*** PCRSetSelectBit() -// This function sets a bit in a bitmap array. -static void -PCRSetSelectBit( - UINT32 pcr, // IN: PCR number - BYTE *bitmap // OUT: bit map to be set - ) -{ - bitmap[pcr / 8] |= (1 << (pcr % 8)); - return; -} - -//*** PCRGetProperty() -// This function returns the selected PCR property. -// Return Type: BOOL -// TRUE(1) the property type is implemented -// FALSE(0) the property type is not implemented -static BOOL -PCRGetProperty( - TPM_PT_PCR property, - TPMS_TAGGED_PCR_SELECT *select - ) -{ - UINT32 pcr; - UINT32 groupIndex; - - select->tag = property; - // Always set the bitmap to be the size of all PCR - select->sizeofSelect = (IMPLEMENTATION_PCR + 7) / 8; - - // Initialize bitmap - MemorySet(select->pcrSelect, 0, select->sizeofSelect); - - // Collecting properties - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - switch(property) - { - case TPM_PT_PCR_SAVE: - if(s_initAttributes[pcr].stateSave == SET) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L0: - if((s_initAttributes[pcr].extendLocality & 0x01) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L0: - if((s_initAttributes[pcr].resetLocality & 0x01) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L1: - if((s_initAttributes[pcr].extendLocality & 0x02) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L1: - if((s_initAttributes[pcr].resetLocality & 0x02) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L2: - if((s_initAttributes[pcr].extendLocality & 0x04) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L2: - if((s_initAttributes[pcr].resetLocality & 0x04) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L3: - if((s_initAttributes[pcr].extendLocality & 0x08) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L3: - if((s_initAttributes[pcr].resetLocality & 0x08) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L4: - if((s_initAttributes[pcr].extendLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L4: - if((s_initAttributes[pcr].resetLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_DRTM_RESET: - // DRTM reset PCRs are the PCR reset by locality 4 - if((s_initAttributes[pcr].resetLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; -#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - case TPM_PT_PCR_POLICY: - if(PCRBelongsPolicyGroup(pcr + PCR_FIRST, &groupIndex)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; -#endif -#if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - case TPM_PT_PCR_AUTH: - if(PCRBelongsAuthGroup(pcr + PCR_FIRST, &groupIndex)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; -#endif -#if ENABLE_PCR_NO_INCREMENT == YES - case TPM_PT_PCR_NO_INCREMENT: - if(PCRBelongsTCBGroup(pcr + PCR_FIRST)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; -#endif - default: - // If property is not supported, stop scanning PCR attributes - // and return. - return FALSE; - break; - } - } - return TRUE; -} - -//*** PCRCapGetProperties() -// This function returns a list of PCR properties starting at 'property'. -// Return Type: TPMI_YES_NO -// YES if no more property is available -// NO if there are more properties not reported -TPMI_YES_NO -PCRCapGetProperties( - TPM_PT_PCR property, // IN: the starting PCR property - UINT32 count, // IN: count of returned properties - TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - - // Initialize output property list - select->count = 0; - - // The maximum count of properties we may return is MAX_PCR_PROPERTIES - if(count > MAX_PCR_PROPERTIES) count = MAX_PCR_PROPERTIES; - - // TPM_PT_PCR_FIRST is defined as 0 in spec. It ensures that property - // value would never be less than TPM_PT_PCR_FIRST - cAssert(TPM_PT_PCR_FIRST == 0); - - // Iterate PCR properties. TPM_PT_PCR_LAST is the index of the last property - // implemented on the TPM. - for(i = property; i <= TPM_PT_PCR_LAST; i++) - { - if(select->count < count) - { - // If we have not filled up the return list, add more properties to it - if(PCRGetProperty(i, &select->pcrProperty[select->count])) - // only increment if the property is implemented - select->count++; - } - else - { - // If the return list is full but we still have properties - // available, report this and stop iterating. - more = YES; - break; - } - } - return more; -} - -//*** PCRCapGetHandles() -// This function is used to get a list of handles of PCR, started from 'handle'. -// If 'handle' exceeds the maximum PCR handle range, an empty list will be -// returned and the return value will be NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PCRCapGetHandles( - TPMI_DH_PCR handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - - pAssert(HandleGetType(handle) == TPM_HT_PCR); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate PCR handle range - for(i = handle & HR_HANDLE_MASK; i <= PCR_LAST; i++) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this PCR - // handle to it - handleList->handle[handleList->count] = i + PCR_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have PCR handle - // available, report this and stop iterating - more = YES; - break; - } - } - return more; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c deleted file mode 100644 index 5d17d2014..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c +++ /dev/null @@ -1,179 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions that support the physical presence operations -// of the TPM. - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** PhysicalPresencePreInstall_Init() -// This function is used to initialize the array of commands that always require -// confirmation with physical presence. The array is an array of bits that -// has a correspondence with the command code. -// -// This command should only ever be executable in a manufacturing setting or in -// a simulation. -// -// When set, these cannot be cleared. -// -void -PhysicalPresencePreInstall_Init( - void - ) -{ - COMMAND_INDEX commandIndex; - // Clear all the PP commands - MemorySet(&gp.ppList, 0, sizeof(gp.ppList)); - - // Any command that is PP_REQUIRED should be SET - for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) - { - if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED - && s_commandAttributes[commandIndex] & PP_REQUIRED) - SET_BIT(commandIndex, gp.ppList); - } - // Write PP list to NV - NV_SYNC_PERSISTENT(ppList); - return; -} - -//*** PhysicalPresenceCommandSet() -// This function is used to set the indicator that a command requires -// PP confirmation. -void -PhysicalPresenceCommandSet( - TPM_CC commandCode // IN: command code - ) -{ - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); - - // if the command isn't implemented, the do nothing - if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) - return; - - // only set the bit if this is a command for which PP is allowed - if(s_commandAttributes[commandIndex] & PP_COMMAND) - SET_BIT(commandIndex, gp.ppList); - return; -} - -//*** PhysicalPresenceCommandClear() -// This function is used to clear the indicator that a command requires PP -// confirmation. -void -PhysicalPresenceCommandClear( - TPM_CC commandCode // IN: command code - ) -{ - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); - - // If the command isn't implemented, then don't do anything - if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) - return; - - // Only clear the bit if the command does not require PP - if((s_commandAttributes[commandIndex] & PP_REQUIRED) == 0) - CLEAR_BIT(commandIndex, gp.ppList); - - return; -} - -//*** PhysicalPresenceIsRequired() -// This function indicates if PP confirmation is required for a command. -// Return Type: BOOL -// TRUE(1) physical presence is required -// FALSE(0) physical presence is not required -BOOL -PhysicalPresenceIsRequired( - COMMAND_INDEX commandIndex // IN: command index - ) -{ - // Check the bit map. If the bit is SET, PP authorization is required - return (TEST_BIT(commandIndex, gp.ppList)); -} - -//*** PhysicalPresenceCapGetCCList() -// This function returns a list of commands that require PP confirmation. The -// list starts from the first implemented command that has a command code that -// the same or greater than 'commandCode'. -// Return Type: TPMI_YES_NO -// YES if there are more command codes available -// NO all the available command codes have been returned -TPMI_YES_NO -PhysicalPresenceCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC - ) -{ - TPMI_YES_NO more = NO; - COMMAND_INDEX commandIndex; - - // Initialize output handle list - commandList->count = 0; - - // The maximum count of command we may return is MAX_CAP_CC - if(count > MAX_CAP_CC) count = MAX_CAP_CC; - - // Collect PP commands - for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - if(PhysicalPresenceIsRequired(commandIndex)) - { - if(commandList->count < count) - { - // If we have not filled up the return list, add this command - // code to it - commandList->commandCodes[commandList->count] - = GetCommandCode(commandIndex); - commandList->count++; - } - else - { - // If the return list is full but we still have PP command - // available, report this and stop iterating - more = YES; - break; - } - } - } - return more; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c deleted file mode 100644 index f0a1b13ce..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c +++ /dev/null @@ -1,1068 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//**Introduction -/* - The code in this file is used to manage the session context counter. - The scheme implemented here is a "truncated counter". - This scheme allows the TPM to not need TPM_SU_CLEAR for a - very long period of time and still not have the context - count for a session repeated. - - The counter (contextCounter)in this implementation is a UINT64 but - can be smaller. The "tracking array" (contextArray) only - has 16-bits per context. The tracking array is the data - that needs to be saved and restored across TPM_SU_STATE so that - sessions are not lost when the system enters the sleep state. - Also, when the TPM is active, the tracking array is kept in - RAM making it important that the number of bytes for each - entry be kept as small as possible. - - The TPM prevents "collisions" of these truncated values by - not allowing a contextID to be assigned if it would be the - same as an existing value. Since the array holds 16 bits, - after a context has been saved, an additional 2^16-1 contexts - may be saved before the count would again match. The normal - expectation is that the context will be flushed before its count - value is needed again but it is always possible to have long-lived - sessions. - - The contextID is assigned when the context is saved (TPM2_ContextSave()). - At that time, the TPM will compare the low-order 16 bits of - contextCounter to the existing values in contextArray and if one - matches, the TPM will return TPM_RC_CONTEXT_GAP (by construction, - the entry that contains the matching value is the oldest - context). - - The expected remediation by the TRM is to load the oldest saved - session context (the one found by the TPM), and save it. Since loading - the oldest session also eliminates its contextID value from - contextArray, there TPM will always be able to load and save the oldest - existing context. - - In the worst case, software may have to load and save several contexts - in order to save an additional one. This should happen very infrequently. - - When the TPM searches contextArray and finds that none of the contextIDs - match the low-order 16-bits of contextCount, the TPM can copy the low bits - to the contextArray associated with the session, and increment contextCount. - - There is one entry in contextArray for each of the active sessions - allowed by the TPM implementation. This array contains either a - context count, an index, or a value indicating the slot is available (0). - - The index into the contextArray is the handle for the session with the region - selector byte of the session set to zero. If an entry in contextArray contains - 0, then the corresponding handle may be assigned to a session. If the entry - contains a value that is less than or equal to the number of loaded sessions - for the TPM, then the array entry is the slot in which the context is loaded. - - EXAMPLE: If the TPM allows 8 loaded sessions, then the slot numbers would - be 1-8 and a contextArrary value in that range would represent the loaded - session. - - NOTE: When the TPM firmware determines that the array entry is for a loaded - session, it will subtract 1 to create the zero-based slot number. - - There is one significant corner case in this scheme. When the contextCount - is equal to a value in the contextArray, the oldest session needs to be - recycled or flushed. In order to recycle the session, it must be loaded. - To be loaded, there must be an available slot. Rather than require that a - spare slot be available all the time, the TPM will check to see if the - contextCount is equal to some value in the contextArray when a session is - created. This prevents the last session slot from being used when it - is likely that a session will need to be recycled. - - If a TPM with both 1.2 and 2.0 functionality uses this scheme for both - 1.2 and 2.0 sessions, and the list of active contexts is read with - TPM_GetCapabiltiy(), the TPM will create 32-bit representations of the - list that contains 16-bit values (the TPM2_GetCapability() returns a list - of handles for active sessions rather than a list of contextID). The full - contextID has high-order bits that are either the same as the current - contextCount or one less. It is one less if the 16-bits - of the contextArray has a value that is larger than the low-order 16 bits - of contextCount. -*/ - -//** Includes, Defines, and Local Variables -#define SESSION_C -#include "Tpm.h" - -//** File Scope Function -- ContextIdSetOldest() -/* - This function is called when the oldest contextID is being loaded or deleted. - Once a saved context becomes the oldest, it stays the oldest until it is - deleted. - - Finding the oldest is a bit tricky. It is not just the numeric comparison of - values but is dependent on the value of contextCounter. - - Assume we have a small contextArray with 8, 4-bit values with values 1 and 2 - used to indicate the loaded context slot number. Also assume that the array - contains hex values of (0 0 1 0 3 0 9 F) and that the contextCounter is an - 8-bit counter with a value of 0x37. Since the low nibble is 7, that means - that values above 7 are older than values below it and, in this example, - 9 is the oldest value. - - Note if we subtract the counter value, from each slot that contains a saved - contextID we get (- - - - B - 2 - 8) and the oldest entry is now easy to find. -*/ -static void -ContextIdSetOldest( - void - ) -{ - CONTEXT_SLOT lowBits; - CONTEXT_SLOT entry; - CONTEXT_SLOT smallest = ((CONTEXT_SLOT)~0); - UINT32 i; - - // Set oldestSaveContext to a value indicating none assigned - s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; - - lowBits = (CONTEXT_SLOT)gr.contextCounter; - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - entry = gr.contextArray[i]; - - // only look at entries that are saved contexts - if(entry > MAX_LOADED_SESSIONS) - { - // Use a less than or equal in case the oldest - // is brand new (= lowBits-1) and equal to our initial - // value for smallest. - if(((CONTEXT_SLOT)(entry - lowBits)) <= smallest) - { - smallest = (entry - lowBits); - s_oldestSavedSession = i; - } - } - } - // When we finish, either the s_oldestSavedSession still has its initial - // value, or it has the index of the oldest saved context. -} - -//** Startup Function -- SessionStartup() -// This function initializes the session subsystem on TPM2_Startup(). -BOOL -SessionStartup( - STARTUP_TYPE type - ) -{ - UINT32 i; - - // Initialize session slots. At startup, all the in-memory session slots - // are cleared and marked as not occupied - for(i = 0; i < MAX_LOADED_SESSIONS; i++) - s_sessions[i].occupied = FALSE; // session slot is not occupied - - // The free session slots the number of maximum allowed loaded sessions - s_freeSessionSlots = MAX_LOADED_SESSIONS; - - // Initialize context ID data. On a ST_SAVE or hibernate sequence, it will - // scan the saved array of session context counts, and clear any entry that - // references a session that was in memory during the state save since that - // memory was not preserved over the ST_SAVE. - if(type == SU_RESUME || type == SU_RESTART) - { - // On ST_SAVE we preserve the contexts that were saved but not the ones - // in memory - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - // If the array value is unused or references a loaded session then - // that loaded session context is lost and the array entry is - // reclaimed. - if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) - gr.contextArray[i] = 0; - } - // Find the oldest session in context ID data and set it in - // s_oldestSavedSession - ContextIdSetOldest(); - } - else - { - // For STARTUP_CLEAR, clear out the contextArray - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - gr.contextArray[i] = 0; - - // reset the context counter - gr.contextCounter = MAX_LOADED_SESSIONS + 1; - - // Initialize oldest saved session - s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; - } - return TRUE; -} - -//************************************************ -//** Access Functions -//************************************************ - -//*** SessionIsLoaded() -// This function test a session handle references a loaded session. The handle -// must have previously been checked to make sure that it is a valid handle for -// an authorization session. -// NOTE: A PWAP authorization does not have a session. -// -// Return Type: BOOL -// TRUE(1) session is loaded -// FALSE(0) session is not loaded -// -BOOL -SessionIsLoaded( - TPM_HANDLE handle // IN: session handle - ) -{ - pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION); - - handle = handle & HR_HANDLE_MASK; - - // if out of range of possible active session, or not assigned to a loaded - // session return false - if(handle >= MAX_ACTIVE_SESSIONS - || gr.contextArray[handle] == 0 - || gr.contextArray[handle] > MAX_LOADED_SESSIONS) - return FALSE; - - return TRUE; -} - -//*** SessionIsSaved() -// This function test a session handle references a saved session. The handle -// must have previously been checked to make sure that it is a valid handle for -// an authorization session. -// NOTE: An password authorization does not have a session. -// -// This function requires that the handle be a valid session handle. -// -// Return Type: BOOL -// TRUE(1) session is saved -// FALSE(0) session is not saved -// -BOOL -SessionIsSaved( - TPM_HANDLE handle // IN: session handle - ) -{ - pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION); - - handle = handle & HR_HANDLE_MASK; - // if out of range of possible active session, or not assigned, or - // assigned to a loaded session, return false - if(handle >= MAX_ACTIVE_SESSIONS - || gr.contextArray[handle] == 0 - || gr.contextArray[handle] <= MAX_LOADED_SESSIONS - ) - return FALSE; - - return TRUE; -} - -//*** SequenceNumberForSavedContextIsValid() -// This function validates that the sequence number and handle value within a -// saved context are valid. -BOOL -SequenceNumberForSavedContextIsValid( - TPMS_CONTEXT *context // IN: pointer to a context structure to be - // validated - ) -{ -#define MAX_CONTEXT_GAP ((UINT64)((CONTEXT_SLOT) ~0) + 1) - - TPM_HANDLE handle = context->savedHandle & HR_HANDLE_MASK; - - if(// Handle must be with the range of active sessions - handle >= MAX_ACTIVE_SESSIONS - // the array entry must be for a saved context - || gr.contextArray[handle] <= MAX_LOADED_SESSIONS - // the array entry must agree with the sequence number - || gr.contextArray[handle] != (CONTEXT_SLOT)context->sequence - // the provided sequence number has to be less than the current counter - || context->sequence > gr.contextCounter - // but not so much that it could not be a valid sequence number - || gr.contextCounter - context->sequence > MAX_CONTEXT_GAP) - return FALSE; - - return TRUE; -} - -//*** SessionPCRValueIsCurrent() -// -// This function is used to check if PCR values have been updated since the -// last time they were checked in a policy session. -// -// This function requires the session is loaded. -// Return Type: BOOL -// TRUE(1) PCR value is current -// FALSE(0) PCR value is not current -BOOL -SessionPCRValueIsCurrent( - SESSION *session // IN: session structure - ) -{ - if(session->pcrCounter != 0 - && session->pcrCounter != gr.pcrCounter - ) - return FALSE; - else - return TRUE; -} - -//*** SessionGet() -// This function returns a pointer to the session object associated with a -// session handle. -// -// The function requires that the session is loaded. -SESSION * -SessionGet( - TPM_HANDLE handle // IN: session handle - ) -{ - size_t slotIndex; - CONTEXT_SLOT sessionIndex; - - pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION - ); - - slotIndex = handle & HR_HANDLE_MASK; - - pAssert(slotIndex < MAX_ACTIVE_SESSIONS); - - // get the contents of the session array. Because session is loaded, we - // should always get a valid sessionIndex - sessionIndex = gr.contextArray[slotIndex] - 1; - - pAssert(sessionIndex < MAX_LOADED_SESSIONS); - - return &s_sessions[sessionIndex].session; -} - -//************************************************ -//** Utility Functions -//************************************************ - -//*** ContextIdSessionCreate() -// -// This function is called when a session is created. It will check -// to see if the current gap would prevent a context from being saved. If -// so it will return TPM_RC_CONTEXT_GAP. Otherwise, it will try to find -// an open slot in contextArray, set contextArray to the slot. -// -// This routine requires that the caller has determined the session array -// index for the session. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP can't assign a new contextID until the oldest -// saved session context is recycled -// TPM_RC_SESSION_HANDLE there is no slot available in the context array -// for tracking of this session context -static TPM_RC -ContextIdSessionCreate( - TPM_HANDLE *handle, // OUT: receives the assigned handle. This will - // be an index that must be adjusted by the - // caller according to the type of the - // session created - UINT32 sessionIndex // IN: The session context array entry that will - // be occupied by the created session - ) -{ - pAssert(sessionIndex < MAX_LOADED_SESSIONS); - - // check to see if creating the context is safe - // Is this going to be an assignment for the last session context - // array entry? If so, then there will be no room to recycle the - // oldest context if needed. If the gap is not at maximum, then - // it will be possible to save a context if it becomes necessary. - if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS - && s_freeSessionSlots == 1) - { - // See if the gap is at maximum - // The current value of the contextCounter will be assigned to the next - // saved context. If the value to be assigned would make the same as an - // existing context, then we can't use it because of the ambiguity it would - // create. - if((CONTEXT_SLOT)gr.contextCounter - == gr.contextArray[s_oldestSavedSession]) - return TPM_RC_CONTEXT_GAP; - } - - // Find an unoccupied entry in the contextArray - for(*handle = 0; *handle < MAX_ACTIVE_SESSIONS; (*handle)++) - { - if(gr.contextArray[*handle] == 0) - { - // indicate that the session associated with this handle - // references a loaded session - gr.contextArray[*handle] = (CONTEXT_SLOT)(sessionIndex + 1); - return TPM_RC_SUCCESS; - } - } - return TPM_RC_SESSION_HANDLES; -} - -//*** SessionCreate() -// -// This function does the detailed work for starting an authorization session. -// This is done in a support routine rather than in the action code because -// the session management may differ in implementations. This implementation -// uses a fixed memory allocation to hold sessions and a fixed allocation -// to hold the contextID for the saved contexts. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP need to recycle sessions -// TPM_RC_SESSION_HANDLE active session space is full -// TPM_RC_SESSION_MEMORY loaded session space is full -TPM_RC -SessionCreate( - TPM_SE sessionType, // IN: the session type - TPMI_ALG_HASH authHash, // IN: the hash algorithm - TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller - TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm - TPMI_DH_ENTITY bind, // IN: the bind object - TPM2B_DATA *seed, // IN: seed data - TPM_HANDLE *sessionHandle, // OUT: the session handle - TPM2B_NONCE *nonceTpm // OUT: the session nonce - ) -{ - TPM_RC result = TPM_RC_SUCCESS; - CONTEXT_SLOT slotIndex; - SESSION *session = NULL; - - pAssert(sessionType == TPM_SE_HMAC - || sessionType == TPM_SE_POLICY - || sessionType == TPM_SE_TRIAL); - - // If there are no open spots in the session array, then no point in searching - if(s_freeSessionSlots == 0) - return TPM_RC_SESSION_MEMORY; - - // Find a space for loading a session - for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) - { - // Is this available? - if(s_sessions[slotIndex].occupied == FALSE) - { - session = &s_sessions[slotIndex].session; - break; - } - } - // if no spot found, then this is an internal error - if(slotIndex >= MAX_LOADED_SESSIONS) - FAIL(FATAL_ERROR_INTERNAL); - - // Call context ID function to get a handle. TPM_RC_SESSION_HANDLE may be - // returned from ContextIdHandelAssign() - result = ContextIdSessionCreate(sessionHandle, slotIndex); - if(result != TPM_RC_SUCCESS) - return result; - - //*** Only return from this point on is TPM_RC_SUCCESS - - // Can now indicate that the session array entry is occupied. - s_freeSessionSlots--; - s_sessions[slotIndex].occupied = TRUE; - - // Initialize the session data - MemorySet(session, 0, sizeof(SESSION)); - - // Initialize internal session data - session->authHashAlg = authHash; - // Initialize session type - if(sessionType == TPM_SE_HMAC) - { - *sessionHandle += HMAC_SESSION_FIRST; - } - else - { - *sessionHandle += POLICY_SESSION_FIRST; - - // For TPM_SE_POLICY or TPM_SE_TRIAL - session->attributes.isPolicy = SET; - if(sessionType == TPM_SE_TRIAL) - session->attributes.isTrialPolicy = SET; - - SessionSetStartTime(session); - - // Initialize policyDigest. policyDigest is initialized with a string of 0 - // of session algorithm digest size. Since the session is already clear. - // Just need to set the size - session->u2.policyDigest.t.size = - CryptHashGetDigestSize(session->authHashAlg); - } - // Create initial session nonce - session->nonceTPM.t.size = nonceCaller->t.size; - CryptRandomGenerate(session->nonceTPM.t.size, session->nonceTPM.t.buffer); - MemoryCopy2B(&nonceTpm->b, &session->nonceTPM.b, - sizeof(nonceTpm->t.buffer)); - - // Set up session parameter encryption algorithm - session->symmetric = *symmetric; - - // If there is a bind object or a session secret, then need to compute - // a sessionKey. - if(bind != TPM_RH_NULL || seed->t.size != 0) - { - // sessionKey = KDFa(hash, (authValue || seed), "ATH", nonceTPM, - // nonceCaller, bits) - // The HMAC key for generating the sessionSecret can be the concatenation - // of an authorization value and a seed value - TPM2B_TYPE(KEY, (sizeof(TPMT_HA) + sizeof(seed->t.buffer))); - TPM2B_KEY key; - - // Get hash size, which is also the length of sessionKey - session->sessionKey.t.size = CryptHashGetDigestSize(session->authHashAlg); - - // Get authValue of associated entity - EntityGetAuthValue(bind, (TPM2B_AUTH *)&key); - pAssert(key.t.size + seed->t.size <= sizeof(key.t.buffer)); - - // Concatenate authValue and seed - MemoryConcat2B(&key.b, &seed->b, sizeof(key.t.buffer)); - - // Compute the session key - CryptKDFa(session->authHashAlg, &key.b, SESSION_KEY, &session->nonceTPM.b, - &nonceCaller->b, - session->sessionKey.t.size * 8, session->sessionKey.t.buffer, - NULL, FALSE); - } - - // Copy the name of the entity that the HMAC session is bound to - // Policy session is not bound to an entity - if(bind != TPM_RH_NULL && sessionType == TPM_SE_HMAC) - { - session->attributes.isBound = SET; - SessionComputeBoundEntity(bind, &session->u1.boundEntity); - } - // If there is a bind object and it is subject to DA, then use of this session - // is subject to DA regardless of how it is used. - session->attributes.isDaBound = (bind != TPM_RH_NULL) - && (IsDAExempted(bind) == FALSE); - -// If the session is bound, then check to see if it is bound to lockoutAuth - session->attributes.isLockoutBound = (session->attributes.isDaBound == SET) - && (bind == TPM_RH_LOCKOUT); - return TPM_RC_SUCCESS; -} - -//*** SessionContextSave() -// This function is called when a session context is to be saved. The -// contextID of the saved session is returned. If no contextID can be -// assigned, then the routine returns TPM_RC_CONTEXT_GAP. -// If the function completes normally, the session slot will be freed. -// -// This function requires that 'handle' references a loaded session. -// Otherwise, it should not be called at the first place. -// -// Return Type: TPM_RC -// TPM_RC_CONTEXT_GAP a contextID could not be assigned -// TPM_RC_TOO_MANY_CONTEXTS the counter maxed out -// -TPM_RC -SessionContextSave( - TPM_HANDLE handle, // IN: session handle - CONTEXT_COUNTER *contextID // OUT: assigned contextID - ) -{ - UINT32 contextIndex; - CONTEXT_SLOT slotIndex; - - pAssert(SessionIsLoaded(handle)); - - // check to see if the gap is already maxed out - // Need to have a saved session - if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS - // if the oldest saved session has the same value as the low bits - // of the contextCounter, then the GAP is maxed out. - && gr.contextArray[s_oldestSavedSession] == (CONTEXT_SLOT)gr.contextCounter) - return TPM_RC_CONTEXT_GAP; - - // if the caller wants the context counter, set it - if(contextID != NULL) - *contextID = gr.contextCounter; - - contextIndex = handle & HR_HANDLE_MASK; - pAssert(contextIndex < MAX_ACTIVE_SESSIONS); - - // Extract the session slot number referenced by the contextArray - // because we are going to overwrite this with the low order - // contextID value. - slotIndex = gr.contextArray[contextIndex] - 1; - - // Set the contextID for the contextArray - gr.contextArray[contextIndex] = (CONTEXT_SLOT)gr.contextCounter; - - // Increment the counter - gr.contextCounter++; - - // In the unlikely event that the 64-bit context counter rolls over... - if(gr.contextCounter == 0) - { - // back it up - gr.contextCounter--; - // return an error - return TPM_RC_TOO_MANY_CONTEXTS; - } - // if the low-order bits wrapped, need to advance the value to skip over - // the values used to indicate that a session is loaded - if(((CONTEXT_SLOT)gr.contextCounter) == 0) - gr.contextCounter += MAX_LOADED_SESSIONS + 1; - - // If no other sessions are saved, this is now the oldest. - if(s_oldestSavedSession >= MAX_ACTIVE_SESSIONS) - s_oldestSavedSession = contextIndex; - - // Mark the session slot as unoccupied - s_sessions[slotIndex].occupied = FALSE; - - // and indicate that there is an additional open slot - s_freeSessionSlots++; - - return TPM_RC_SUCCESS; -} - -//*** SessionContextLoad() -// This function is used to load a session from saved context. The session -// handle must be for a saved context. -// -// If the gap is at a maximum, then the only session that can be loaded is -// the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. -/// -// This function requires that 'handle' references a valid saved session. -// -// Return Type: TPM_RC -// TPM_RC_SESSION_MEMORY no free session slots -// TPM_RC_CONTEXT_GAP the gap count is maximum and this -// is not the oldest saved context -// -TPM_RC -SessionContextLoad( - SESSION_BUF *session, // IN: session structure from saved context - TPM_HANDLE *handle // IN/OUT: session handle - ) -{ - UINT32 contextIndex; - CONTEXT_SLOT slotIndex; - - pAssert(HandleGetType(*handle) == TPM_HT_POLICY_SESSION - || HandleGetType(*handle) == TPM_HT_HMAC_SESSION); - - // Don't bother looking if no openings - if(s_freeSessionSlots == 0) - return TPM_RC_SESSION_MEMORY; - - // Find a free session slot to load the session - for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) - if(s_sessions[slotIndex].occupied == FALSE) break; - - // if no spot found, then this is an internal error - pAssert(slotIndex < MAX_LOADED_SESSIONS); - - contextIndex = *handle & HR_HANDLE_MASK; // extract the index - - // If there is only one slot left, and the gap is at maximum, the only session - // context that we can safely load is the oldest one. - if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS - && s_freeSessionSlots == 1 - && (CONTEXT_SLOT)gr.contextCounter == gr.contextArray[s_oldestSavedSession] - && contextIndex != s_oldestSavedSession) - return TPM_RC_CONTEXT_GAP; - - pAssert(contextIndex < MAX_ACTIVE_SESSIONS); - - // set the contextArray value to point to the session slot where - // the context is loaded - gr.contextArray[contextIndex] = slotIndex + 1; - - // if this was the oldest context, find the new oldest - if(contextIndex == s_oldestSavedSession) - ContextIdSetOldest(); - - // Copy session data to session slot - MemoryCopy(&s_sessions[slotIndex].session, session, sizeof(SESSION)); - - // Set session slot as occupied - s_sessions[slotIndex].occupied = TRUE; - - // Reduce the number of open spots - s_freeSessionSlots--; - - return TPM_RC_SUCCESS; -} - -//*** SessionFlush() -// This function is used to flush a session referenced by its handle. If the -// session associated with 'handle' is loaded, the session array entry is -// marked as available. -// -// This function requires that 'handle' be a valid active session. -// -void -SessionFlush( - TPM_HANDLE handle // IN: loaded or saved session handle - ) -{ - CONTEXT_SLOT slotIndex; - UINT32 contextIndex; // Index into contextArray - - pAssert((HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION - ) - && (SessionIsLoaded(handle) || SessionIsSaved(handle)) - ); - - // Flush context ID of this session - // Convert handle to an index into the contextArray - contextIndex = handle & HR_HANDLE_MASK; - - pAssert(contextIndex < sizeof(gr.contextArray) / sizeof(gr.contextArray[0])); - - // Get the current contents of the array - slotIndex = gr.contextArray[contextIndex]; - - // Mark context array entry as available - gr.contextArray[contextIndex] = 0; - - // Is this a saved session being flushed - if(slotIndex > MAX_LOADED_SESSIONS) - { - // Flushing the oldest session? - if(contextIndex == s_oldestSavedSession) - // If so, find a new value for oldest. - ContextIdSetOldest(); - } - else - { - // Adjust slot index to point to session array index - slotIndex -= 1; - - // Free session array index - s_sessions[slotIndex].occupied = FALSE; - s_freeSessionSlots++; - } - - return; -} - -//*** SessionComputeBoundEntity() -// This function computes the binding value for a session. The binding value -// for a reserved handle is the handle itself. For all the other entities, -// the authValue at the time of binding is included to prevent squatting. -// For those values, the Name and the authValue are concatenated -// into the bind buffer. If they will not both fit, the will be overlapped -// by XORing bytes. If XOR is required, the bind value will be full. -void -SessionComputeBoundEntity( - TPMI_DH_ENTITY entityHandle, // IN: handle of entity - TPM2B_NAME *bind // OUT: binding value - ) -{ - TPM2B_AUTH auth; - BYTE *pAuth = auth.t.buffer; - UINT16 i; - - // Get name - EntityGetName(entityHandle, bind); - -// // The bound value of a reserved handle is the handle itself -// if(bind->t.size == sizeof(TPM_HANDLE)) return; - - // For all the other entities, concatenate the authorization value to the name. - // Get a local copy of the authorization value because some overlapping - // may be necessary. - EntityGetAuthValue(entityHandle, &auth); - - // Make sure that the extra space is zeroed - MemorySet(&bind->t.name[bind->t.size], 0, sizeof(bind->t.name) - bind->t.size); - // XOR the authValue at the end of the name - for(i = sizeof(bind->t.name) - auth.t.size; i < sizeof(bind->t.name); i++) - bind->t.name[i] ^= *pAuth++; - - // Set the bind value to the maximum size - bind->t.size = sizeof(bind->t.name); - - return; -} - - -//*** SessionSetStartTime() -// This function is used to initialize the session timing -void -SessionSetStartTime( - SESSION *session // IN: the session to update - ) -{ - session->startTime = g_time; - session->epoch = g_timeEpoch; - session->timeout = 0; -} - -//*** SessionResetPolicyData() -// This function is used to reset the policy data without changing the nonce -// or the start time of the session. -void -SessionResetPolicyData( - SESSION *session // IN: the session to reset - ) -{ - SESSION_ATTRIBUTES oldAttributes; - pAssert(session != NULL); - - // Will need later - oldAttributes = session->attributes; - - // No command - session->commandCode = 0; - - // No locality selected - MemorySet(&session->commandLocality, 0, sizeof(session->commandLocality)); - - // The cpHash size to zero - session->u1.cpHash.b.size = 0; - - // No timeout - session->timeout = 0; - - // Reset the pcrCounter - session->pcrCounter = 0; - - // Reset the policy hash - MemorySet(&session->u2.policyDigest.t.buffer, 0, - session->u2.policyDigest.t.size); - - // Reset the session attributes - MemorySet(&session->attributes, 0, sizeof(SESSION_ATTRIBUTES)); - - // Restore the policy attributes - session->attributes.isPolicy = SET; - session->attributes.isTrialPolicy = oldAttributes.isTrialPolicy; - - // Restore the bind attributes - session->attributes.isDaBound = oldAttributes.isDaBound; - session->attributes.isLockoutBound = oldAttributes.isLockoutBound; -} - -//*** SessionCapGetLoaded() -// This function returns a list of handles of loaded session, started -// from input 'handle' -// -// 'Handle' must be in valid loaded session handle range, but does not -// have to point to a loaded session. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -SessionCapGetLoaded( - TPMI_SH_POLICY handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - - pAssert(HandleGetType(handle) == TPM_HT_LOADED_SESSION); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate session context ID slots to get loaded session handles - for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) - { - // If session is active - if(gr.contextArray[i] != 0) - { - // If session is loaded - if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) - { - if(handleList->count < count) - { - SESSION *session; - - // If we have not filled up the return list, add this - // session handle to it - // assume that this is going to be an HMAC session - handle = i + HMAC_SESSION_FIRST; - session = SessionGet(handle); - if(session->attributes.isPolicy) - handle = i + POLICY_SESSION_FIRST; - handleList->handle[handleList->count] = handle; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } - } - - return more; -} - -//*** SessionCapGetSaved() -// This function returns a list of handles for saved session, starting at -// 'handle'. -// -// 'Handle' must be in a valid handle range, but does not have to point to a -// saved session -// -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -SessionCapGetSaved( - TPMI_SH_HMAC handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - -#ifdef TPM_HT_SAVED_SESSION - pAssert(HandleGetType(handle) == TPM_HT_SAVED_SESSION); -#else - pAssert(HandleGetType(handle) == TPM_HT_ACTIVE_SESSION); -#endif - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate session context ID slots to get loaded session handles - for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) - { - // If session is active - if(gr.contextArray[i] != 0) - { - // If session is saved - if(gr.contextArray[i] > MAX_LOADED_SESSIONS) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this - // session handle to it - handleList->handle[handleList->count] = i + HMAC_SESSION_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } - } - - return more; -} - -//*** SessionCapGetLoadedNumber() -// This function return the number of authorization sessions currently -// loaded into TPM RAM. -UINT32 -SessionCapGetLoadedNumber( - void - ) -{ - return MAX_LOADED_SESSIONS - s_freeSessionSlots; -} - -//*** SessionCapGetLoadedAvail() -// This function returns the number of additional authorization sessions, of -// any type, that could be loaded into TPM RAM. -// NOTE: In other implementations, this number may just be an estimate. The only -// requirement for the estimate is, if it is one or more, then at least one -// session must be loadable. -UINT32 -SessionCapGetLoadedAvail( - void - ) -{ - return s_freeSessionSlots; -} - -//*** SessionCapGetActiveNumber() -// This function returns the number of active authorization sessions currently -// being tracked by the TPM. -UINT32 -SessionCapGetActiveNumber( - void - ) -{ - UINT32 i; - UINT32 num = 0; - - // Iterate the context array to find the number of non-zero slots - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - if(gr.contextArray[i] != 0) num++; - } - - return num; -} - -//*** SessionCapGetActiveAvail() -// This function returns the number of additional authorization sessions, of any -// type, that could be created. This not the number of slots for sessions, but -// the number of additional sessions that the TPM is capable of tracking. -UINT32 -SessionCapGetActiveAvail( - void - ) -{ - UINT32 i; - UINT32 num = 0; - - // Iterate the context array to find the number of zero slots - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - if(gr.contextArray[i] == 0) num++; - } - - return num; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c deleted file mode 100644 index 41d50076e..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c +++ /dev/null @@ -1,276 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions relating to the TPM's time functions including -// the interface to the implementation-specific time functions. -// -//** Includes -#include "Tpm.h" -#include "PlatformData.h" - -//** Functions - -//*** TimePowerOn() -// This function initialize time info at _TPM_Init(). -// -// This function is called at _TPM_Init() so that the TPM time can start counting -// as soon as the TPM comes out of reset and doesn't have to wait until -// TPM2_Startup() in order to begin the new time epoch. This could be significant -// for systems that could get powered up but not run any TPM commands for some -// period of time. -// -void -TimePowerOn( - void - ) -{ - g_time = _plat__TimerRead(); -} - -//*** TimeNewEpoch() -// This function does the processing to generate a new time epoch nonce and -// set NV for update. This function is only called when NV is known to be available -// and the clock is running. The epoch is updated to persistent data. -static void -TimeNewEpoch( - void - ) -{ -#if CLOCK_STOPS - CryptRandomGenerate(sizeof(CLOCK_NONCE), (BYTE *)&g_timeEpoch); -#else - // if the epoch is kept in NV, update it. - gp.timeEpoch++; - NV_SYNC_PERSISTENT(timeEpoch); -#endif - // Clean out any lingering state - _plat__TimerWasStopped(); -} - -//*** TimeStartup() -// This function updates the resetCount and restartCount components of -// TPMS_CLOCK_INFO structure at TPM2_Startup(). -// -// This function will deal with the deferred creation of a new epoch. -// TimeUpdateToCurrent() will not start a new epoch even if one is due when -// TPM_Startup() has not been run. This is because the state of NV is not known -// until startup completes. When Startup is done, then it will create the epoch -// nonce to complete the initializations by calling this function. -BOOL -TimeStartup( - STARTUP_TYPE type // IN: start up type - ) -{ - NOT_REFERENCED(type); - // If the previous cycle is orderly shut down, the value of the safe bit - // the same as previously saved. Otherwise, it is not safe. - if(!NV_IS_ORDERLY) - go.clockSafe = NO; - return TRUE; -} - -//*** TimeClockUpdate() -// This function updates go.clock. If 'newTime' requires an update of NV, then -// NV is checked for availability. If it is not available or is rate limiting, then -// go.clock is not updated and the function returns an error. If 'newTime' would -// not cause an NV write, then go.clock is updated. If an NV write occurs, then -// go.safe is SET. -void -TimeClockUpdate( - UINT64 newTime // IN: New time value in mS. - ) -{ -#define CLOCK_UPDATE_MASK ((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1) - - // Check to see if the update will cause a need for an nvClock update - if((newTime | CLOCK_UPDATE_MASK) > (go.clock | CLOCK_UPDATE_MASK)) - { - pAssert(g_NvStatus == TPM_RC_SUCCESS); - - // Going to update the NV time state so SET the safe flag - go.clockSafe = YES; - - // update the time - go.clock = newTime; - - NvWrite(NV_ORDERLY_DATA, sizeof(go), &go); - } - else - // No NV update needed so just update - go.clock = newTime; - -} - -//*** TimeUpdate() -// This function is used to update the time and clock values. If the TPM -// has run TPM2_Startup(), this function is called at the start of each command. -// If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to -// get the clock values initialized. It is not called on command entry because, in -// this implementation, the go structure is not read from NV until TPM2_Startup(). -// The reason for this is that the initialization code (_TPM_Init()) may run before -// NV is accessible. -void -TimeUpdate( - void - ) -{ - UINT64 elapsed; -// - // Make sure that we consume the current _plat__TimerWasStopped() state. - if(_plat__TimerWasStopped()) - { - TimeNewEpoch(); - } - // Get the difference between this call and the last time we updated the tick - // timer. - elapsed = _plat__TimerRead() - g_time; - // Don't read + - g_time += elapsed; - - // Don't need to check the result because it has to be success because have - // already checked that NV is available. - TimeClockUpdate(go.clock + elapsed); - - // Call self healing logic for dictionary attack parameters - DASelfHeal(); -} - -//*** TimeUpdateToCurrent() -// This function updates the 'Time' and 'Clock' in the global -// TPMS_TIME_INFO structure. -// -// In this implementation, 'Time' and 'Clock' are updated at the beginning -// of each command and the values are unchanged for the duration of the -// command. -// -// Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock' -// are not allowed to advance if NV is not available. When clock is not advancing, -// any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or -// TPM_RC_NV_RATE. -// -// This implementation does not do rate limiting. If the implementation does do -// rate limiting, then the 'Clock' update should not be inhibited even when doing -// rate limiting. -void -TimeUpdateToCurrent( - void -) -{ - // Can't update time during the dark interval or when rate limiting so don't - // make any modifications to the internal clock value. Also, defer any clock - // processing until TPM has run TPM2_Startup() - if(!NV_IS_AVAILABLE || !TPMIsStarted()) - return; - - TimeUpdate(); -} - - -//*** TimeSetAdjustRate() -// This function is used to perform rate adjustment on 'Time' and 'Clock'. -void -TimeSetAdjustRate( - TPM_CLOCK_ADJUST adjust // IN: adjust constant - ) -{ - switch(adjust) - { - case TPM_CLOCK_COARSE_SLOWER: - _plat__ClockAdjustRate(CLOCK_ADJUST_COARSE); - break; - case TPM_CLOCK_COARSE_FASTER: - _plat__ClockAdjustRate(-CLOCK_ADJUST_COARSE); - break; - case TPM_CLOCK_MEDIUM_SLOWER: - _plat__ClockAdjustRate(CLOCK_ADJUST_MEDIUM); - break; - case TPM_CLOCK_MEDIUM_FASTER: - _plat__ClockAdjustRate(-CLOCK_ADJUST_MEDIUM); - break; - case TPM_CLOCK_FINE_SLOWER: - _plat__ClockAdjustRate(CLOCK_ADJUST_FINE); - break; - case TPM_CLOCK_FINE_FASTER: - _plat__ClockAdjustRate(-CLOCK_ADJUST_FINE); - break; - case TPM_CLOCK_NO_CHANGE: - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - - return; -} - -//*** TimeGetMarshaled() -// This function is used to access TPMS_TIME_INFO in canonical form. -// The function collects the time information and marshals it into 'dataBuffer' -// and returns the marshaled size -UINT16 -TimeGetMarshaled( - TIME_INFO *dataBuffer // OUT: result buffer - ) -{ - TPMS_TIME_INFO timeInfo; - - // Fill TPMS_TIME_INFO structure - timeInfo.time = g_time; - TimeFillInfo(&timeInfo.clockInfo); - - // Marshal TPMS_TIME_INFO to canonical form - return TPMS_TIME_INFO_Marshal(&timeInfo, (BYTE **)&dataBuffer, NULL); -} - -//*** TimeFillInfo -// This function gathers information to fill in a TPMS_CLOCK_INFO structure. -void -TimeFillInfo( - TPMS_CLOCK_INFO *clockInfo - ) -{ - clockInfo->clock = go.clock; - clockInfo->resetCount = gp.resetCount; - clockInfo->restartCount = gr.restartCount; - - // If NV is not available, clock stopped advancing and the value reported is - // not "safe". - if(NV_IS_AVAILABLE) - clockInfo->safe = go.clockSafe; - else - clockInfo->safe = NO; - - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c deleted file mode 100644 index f46648abe..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c +++ /dev/null @@ -1,234 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the algorithm property definitions for the algorithms and the -// code for the TPM2_GetCapability() to return the algorithm properties. - -//** Includes and Defines - -#include "Tpm.h" - -typedef struct -{ - TPM_ALG_ID algID; - TPMA_ALGORITHM attributes; -} ALGORITHM; - -static const ALGORITHM s_algorithms[] = -{ -// The entries in this table need to be in ascending order but the table doesn't -// need to be full (gaps are allowed). One day, a tool might exist to fill in the -// table from the TPM_ALG description -#if ALG_RSA - {TPM_ALG_RSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, -#endif -#if ALG_TDES - {TPM_ALG_TDES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SHA1 - {TPM_ALG_SHA1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif - - {TPM_ALG_HMAC, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 1, 0, 0, 0)}, - -#if ALG_AES - {TPM_ALG_AES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_MGF1 - {TPM_ALG_MGF1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, -#endif - - {TPM_ALG_KEYEDHASH, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 1, 0, 1, 1, 0, 0)}, - -#if ALG_XOR - {TPM_ALG_XOR, TPMA_ALGORITHM_INITIALIZER(0, 1, 1, 0, 0, 0, 0, 0, 0)}, -#endif - -#if ALG_SHA256 - {TPM_ALG_SHA256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SHA384 - {TPM_ALG_SHA384, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SHA512 - {TPM_ALG_SHA512, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SM3_256 - {TPM_ALG_SM3_256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_SM4 - {TPM_ALG_SM4, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_RSASSA - {TPM_ALG_RSASSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_RSAES - {TPM_ALG_RSAES, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_RSAPSS - {TPM_ALG_RSAPSS, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_OAEP - {TPM_ALG_OAEP, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_ECDSA - {TPM_ALG_ECDSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, -#endif -#if ALG_ECDH - {TPM_ALG_ECDH, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_ECDAA - {TPM_ALG_ECDAA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_SM2 - {TPM_ALG_SM2, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, -#endif -#if ALG_ECSCHNORR - {TPM_ALG_ECSCHNORR, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_ECMQV - {TPM_ALG_ECMQV, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_KDF1_SP800_56A - {TPM_ALG_KDF1_SP800_56A, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_KDF2 - {TPM_ALG_KDF2, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_KDF1_SP800_108 - {TPM_ALG_KDF1_SP800_108, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, -#endif -#if ALG_ECC - {TPM_ALG_ECC, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, -#endif - - {TPM_ALG_SYMCIPHER, TPMA_ALGORITHM_INITIALIZER(0, 0, 0, 1, 0, 0, 0, 0, 0)}, - -#if ALG_CAMELLIA - {TPM_ALG_CAMELLIA, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif -#if ALG_CMAC - {TPM_ALG_CMAC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 1, 0, 0, 0)}, -#endif -#if ALG_CTR - {TPM_ALG_CTR, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_OFB - {TPM_ALG_OFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_CBC - {TPM_ALG_CBC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_CFB - {TPM_ALG_CFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -#if ALG_ECB - {TPM_ALG_ECB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, -#endif -}; - -//** AlgorithmCapGetImplemented() -// This function is used by TPM2_GetCapability() to return a list of the -// implemented algorithms. -// Return Type: TPMI_YES_NO -// YES more algorithms to report -// NO no more algorithms to report -TPMI_YES_NO -AlgorithmCapGetImplemented( - TPM_ALG_ID algID, // IN: the starting algorithm ID - UINT32 count, // IN: count of returned algorithms - TPML_ALG_PROPERTY *algList // OUT: algorithm list - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - UINT32 algNum; - - // initialize output algorithm list - algList->count = 0; - - // The maximum count of algorithms we may return is MAX_CAP_ALGS. - if(count > MAX_CAP_ALGS) - count = MAX_CAP_ALGS; - - // Compute how many algorithms are defined in s_algorithms array. - algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]); - - // Scan the implemented algorithm list to see if there is a match to 'algID'. - for(i = 0; i < algNum; i++) - { - // If algID is less than the starting algorithm ID, skip it - if(s_algorithms[i].algID < algID) - continue; - if(algList->count < count) - { - // If we have not filled up the return list, add more algorithms - // to it - algList->algProperties[algList->count].alg = s_algorithms[i].algID; - algList->algProperties[algList->count].algProperties = - s_algorithms[i].attributes; - algList->count++; - } - else - { - // If the return list is full but we still have algorithms - // available, report this and stop scanning. - more = YES; - break; - } - } - - return more; -} - -//** AlgorithmGetImplementedVector() -// This function returns the bit vector of the implemented algorithms. -LIB_EXPORT -void -AlgorithmGetImplementedVector( - ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET - ) -{ - int index; - - // Nothing implemented until we say it is - MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR)); - - for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1; - index >= 0; - index--) - SET_BIT(s_algorithms[index].algID, *implemented); - return; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c deleted file mode 100644 index 4670cc524..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c +++ /dev/null @@ -1,92 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains bit manipulation routines. They operate on bit arrays. -// -// The 0th bit in the array is the right-most bit in the 0th octet in -// the array. -// -// NOTE: If pAssert() is defined, the functions will assert if the indicated bit -// number is outside of the range of 'bArray'. How the assert is handled is -// implementation dependent. - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** TestBit() -// This function is used to check the setting of a bit in an array of bits. -// Return Type: BOOL -// TRUE(1) bit is set -// FALSE(0) bit is not set -BOOL -TestBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) -{ - pAssert(bytesInArray > (bitNum >> 3)); - return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0); -} - -//*** SetBit() -// This function will set the indicated bit in 'bArray'. -void -SetBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) -{ - pAssert(bytesInArray > (bitNum >> 3)); - bArray[bitNum >> 3] |= (1 << (bitNum & 7)); -} - -//*** ClearBit() -// This function will clear the indicated bit in 'bArray'. -void -ClearBit( - unsigned int bitNum, // IN: number of the bit in 'bArray'. - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) -{ - pAssert(bytesInArray > (bitNum >> 3)); - bArray[bitNum >> 3] &= ~(1 << (bitNum & 7)); -} - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c deleted file mode 100644 index 81284428a..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c +++ /dev/null @@ -1,553 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// This file contains the functions for testing various command properties. - -//** Includes and Defines - -#include "Tpm.h" -#include "CommandCodeAttributes_fp.h" - -// Set the default value for CC_VEND if not already set -#ifndef CC_VEND -#define CC_VEND (TPM_CC)(0x20000000) -#endif - -typedef UINT16 ATTRIBUTE_TYPE; - -// The following file is produced from the command tables in part 3 of the -// specification. It defines the attributes for each of the commands. -// NOTE: This file is currently produced by an automated process. Files -// produced from Part 2 or Part 3 tables through automated processes are not -// included in the specification so that their is no ambiguity about the -// table containing the information being the normative definition. -#define _COMMAND_CODE_ATTRIBUTES_ -#include "CommandAttributeData.h" - -//** Command Attribute Functions - -//*** NextImplementedIndex() -// This function is used when the lists are not compressed. In a compressed list, -// only the implemented commands are present. So, a search might find a value -// but that value may not be implemented. This function checks to see if the input -// commandIndex points to an implemented command and, if not, it searches upwards -// until it finds one. When the list is compressed, this function gets defined -// as a no-op. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of the command -#if !COMPRESSED_LISTS -static COMMAND_INDEX -NextImplementedIndex( - COMMAND_INDEX commandIndex - ) -{ - for(;commandIndex < COMMAND_COUNT; commandIndex++) - { - if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) - return commandIndex; - } - return UNIMPLEMENTED_COMMAND_INDEX; -} -#else -#define NextImplementedIndex(x) (x) -#endif - -//*** GetClosestCommandIndex() -// This function returns the command index for the command with a value that is -// equal to or greater than the input value -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of a command -COMMAND_INDEX -GetClosestCommandIndex( - TPM_CC commandCode // IN: the command code to start at - ) -{ - BOOL vendor = (commandCode & CC_VEND) != 0; - COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; - - // The commandCode is a UINT32 and the search index is UINT16. We are going to - // search for a match but need to make sure that the commandCode value is not - // out of range. To do this, need to clear the vendor bit of the commandCode - // (if set) and compare the result to the 16-bit searchIndex value. If it is - // out of range, indicate that the command is not implemented - if((commandCode & ~CC_VEND) != searchIndex) - return UNIMPLEMENTED_COMMAND_INDEX; - - // if there is at least one vendor command, the last entry in the array will - // have the v bit set. If the input commandCode is larger than the last - // vendor-command, then it is out of range. - if(vendor) - { -#if VENDOR_COMMAND_ARRAY_SIZE > 0 - COMMAND_INDEX commandIndex; - COMMAND_INDEX min; - COMMAND_INDEX max; - int diff; -#if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT -#error "Constants are not consistent." -#endif - // Check to see if the value is equal to or below the minimum - // entry. - // Note: Put this check first so that the typical case of only one vendor- - // specific command doesn't waste any more time. - if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE], TPMA_CC, - commandIndex) >= searchIndex) - { - // the vendor array is always assumed to be packed so there is - // no need to check to see if the command is implemented - return LIBRARY_COMMAND_ARRAY_SIZE; - } - // See if this is out of range on the top - if(GET_ATTRIBUTE(s_ccAttr[COMMAND_COUNT - 1], TPMA_CC, commandIndex) - < searchIndex) - { - return UNIMPLEMENTED_COMMAND_INDEX; - } - commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep - // compiler happy - min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command - max = COMMAND_COUNT - 1; // last vendor command - diff = 1; // needs initialization to keep - // compiler happy - while(min <= max) - { - commandIndex = (min + max + 1) / 2; - diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) - - searchIndex; - if(diff == 0) - return commandIndex; - if(diff > 0) - max = commandIndex - 1; - else - min = commandIndex + 1; - } - // didn't find and exact match. commandIndex will be pointing at the last - // item tested. If 'diff' is positive, then the last item tested was - // larger index of the command code so it is the smallest value - // larger than the requested value. - if(diff > 0) - return commandIndex; - // if 'diff' is negative, then the value tested was smaller than - // the commandCode index and the next higher value is the correct one. - // Note: this will necessarily be in range because of the earlier check - // that the index was within range. - return commandIndex + 1; -#else - // If there are no vendor commands so anything with the vendor bit set is out - // of range - return UNIMPLEMENTED_COMMAND_INDEX; -#endif - } - // Get here if the V-Bit was not set in 'commandCode' - - if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1], TPMA_CC, - commandIndex) < searchIndex) - { - // requested index is out of the range to the top -#if VENDOR_COMMAND_ARRAY_SIZE > 0 - // If there are vendor commands, then the first vendor command - // is the next value greater than the commandCode. - // NOTE: we got here if the starting index did not have the V bit but we - // reached the end of the array of library commands (non-vendor). Since - // there is at least one vendor command, and vendor commands are always - // in a compressed list that starts after the library list, the next - // index value contains a valid vendor command. - return LIBRARY_COMMAND_ARRAY_SIZE; -#else - // if there are no vendor commands, then this is out of range - return UNIMPLEMENTED_COMMAND_INDEX; -#endif - } - // If the request is lower than any value in the array, then return - // the lowest value (needs to be an index for an implemented command - if(GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex) >= searchIndex) - { - return NextImplementedIndex(0); - } - else - { -#if COMPRESSED_LISTS - COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX; - COMMAND_INDEX min = 0; - COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1; - int diff = 1; -#if LIBRARY_COMMAND_ARRAY_SIZE == 0 -#error "Something is terribly wrong" -#endif - // The s_ccAttr array contains an extra entry at the end (a zero value). - // Don't count this as an array entry. This means that max should start - // out pointing to the last valid entry in the array which is - 2 - pAssert(max == (sizeof(s_ccAttr) / sizeof(TPMA_CC) - - VENDOR_COMMAND_ARRAY_SIZE - 2)); - while(min <= max) - { - commandIndex = (min + max + 1) / 2; - diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, - commandIndex) - searchIndex; - if(diff == 0) - return commandIndex; - if(diff > 0) - max = commandIndex - 1; - else - min = commandIndex + 1; - } - // didn't find and exact match. commandIndex will be pointing at the - // last item tested. If diff is positive, then the last item tested was - // larger index of the command code so it is the smallest value - // larger than the requested value. - if(diff > 0) - return commandIndex; - // if diff is negative, then the value tested was smaller than - // the commandCode index and the next higher value is the correct one. - // Note: this will necessarily be in range because of the earlier check - // that the index was within range. - return commandIndex + 1; -#else - // The list is not compressed so offset into the array by the command - // code value of the first entry in the list. Then go find the first - // implemented command. - return NextImplementedIndex(searchIndex - - (COMMAND_INDEX)s_ccAttr[0].commandIndex); -#endif - } -} - -//*** CommandCodeToComandIndex() -// This function returns the index in the various attributes arrays of the -// command. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX command is not implemented -// other index of the command -COMMAND_INDEX -CommandCodeToCommandIndex( - TPM_CC commandCode // IN: the command code to look up - ) -{ - // Extract the low 16-bits of the command code to get the starting search index - COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; - BOOL vendor = (commandCode & CC_VEND) != 0; - COMMAND_INDEX commandIndex; -#if !COMPRESSED_LISTS - if(!vendor) - { - commandIndex = searchIndex - (COMMAND_INDEX)s_ccAttr[0].commandIndex; - // Check for out of range or unimplemented. - // Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than - // the lowest value of command, it will become a 'negative' number making - // it look like a large unsigned number, this will cause it to fail - // the unsigned check below. - if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE - || (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0) - return UNIMPLEMENTED_COMMAND_INDEX; - return commandIndex; - } -#endif - // Need this code for any vendor code lookup or for compressed lists - commandIndex = GetClosestCommandIndex(commandCode); - - // Look at the returned value from get closest. If it isn't the one that was - // requested, then the command is not implemented. - if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - if((GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) - != searchIndex) - || (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) != vendor) - commandIndex = UNIMPLEMENTED_COMMAND_INDEX; - } - return commandIndex; -} - -//*** GetNextCommandIndex() -// This function returns the index of the next implemented command. -// Return Type: COMMAND_INDEX -// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands -// other the index of the next implemented command -COMMAND_INDEX -GetNextCommandIndex( - COMMAND_INDEX commandIndex // IN: the starting index - ) -{ - while(++commandIndex < COMMAND_COUNT) - { -#if !COMPRESSED_LISTS - if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) -#endif - return commandIndex; - } - return UNIMPLEMENTED_COMMAND_INDEX; -} - -//*** GetCommandCode() -// This function returns the commandCode associated with the command index -TPM_CC -GetCommandCode( - COMMAND_INDEX commandIndex // IN: the command index - ) -{ - TPM_CC commandCode = GET_ATTRIBUTE(s_ccAttr[commandIndex], - TPMA_CC, commandIndex); - if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - commandCode += CC_VEND; - return commandCode; -} - -//*** CommandAuthRole() -// -// This function returns the authorization role required of a handle. -// -// Return Type: AUTH_ROLE -// AUTH_NONE no authorization is required -// AUTH_USER user role authorization is required -// AUTH_ADMIN admin role authorization is required -// AUTH_DUP duplication role authorization is required -AUTH_ROLE -CommandAuthRole( - COMMAND_INDEX commandIndex, // IN: command index - UINT32 handleIndex // IN: handle index (zero based) - ) -{ - if(0 == handleIndex) - { - // Any authorization role set? - COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; - - if(properties & HANDLE_1_USER) - return AUTH_USER; - if(properties & HANDLE_1_ADMIN) - return AUTH_ADMIN; - if(properties & HANDLE_1_DUP) - return AUTH_DUP; - } - else if(1 == handleIndex) - { - if(s_commandAttributes[commandIndex] & HANDLE_2_USER) - return AUTH_USER; - } - return AUTH_NONE; -} - -//*** EncryptSize() -// This function returns the size of the decrypt size field. This function returns -// 0 if encryption is not allowed -// Return Type: int -// 0 encryption not allowed -// 2 size field is two bytes -// 4 size field is four bytes -int -EncryptSize( - COMMAND_INDEX commandIndex // IN: command index - ) -{ - return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 : - (s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 : 0); -} - -//*** DecryptSize() -// This function returns the size of the decrypt size field. This function returns -// 0 if decryption is not allowed -// Return Type: int -// 0 encryption not allowed -// 2 size field is two bytes -// 4 size field is four bytes -int -DecryptSize( - COMMAND_INDEX commandIndex // IN: command index - ) -{ - return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 : - (s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 : 0); -} - -//*** IsSessionAllowed() -// -// This function indicates if the command is allowed to have sessions. -// -// This function must not be called if the command is not known to be implemented. -// -// Return Type: BOOL -// TRUE(1) session is allowed with this command -// FALSE(0) session is not allowed with this command -BOOL -IsSessionAllowed( - COMMAND_INDEX commandIndex // IN: the command to be checked - ) -{ - return ((s_commandAttributes[commandIndex] & NO_SESSIONS) == 0); -} - -//*** IsHandleInResponse() -// This function determines if a command has a handle in the response -BOOL -IsHandleInResponse( - COMMAND_INDEX commandIndex - ) -{ - return ((s_commandAttributes[commandIndex] & R_HANDLE) != 0); -} - -//*** IsWriteOperation() -// Checks to see if an operation will write to an NV Index and is subject to being -// blocked by read-lock -BOOL -IsWriteOperation( - COMMAND_INDEX commandIndex // IN: Command to check - ) -{ -#ifdef WRITE_LOCK - return ((s_commandAttributes[commandIndex] & WRITE_LOCK) != 0); -#else - if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - { - switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) - { - case TPM_CC_NV_Write: -#if CC_NV_Increment - case TPM_CC_NV_Increment: -#endif -#if CC_NV_SetBits - case TPM_CC_NV_SetBits: -#endif -#if CC_NV_Extend - case TPM_CC_NV_Extend: -#endif -#if CC_AC_Send - case TPM_CC_AC_Send: -#endif - // NV write lock counts as a write operation for authorization purposes. - // We check to see if the NV is write locked before we do the - // authorization. If it is locked, we fail the command early. - case TPM_CC_NV_WriteLock: - return TRUE; - default: - break; - } - } - return FALSE; -#endif -} - -//*** IsReadOperation() -// Checks to see if an operation will write to an NV Index and is -// subject to being blocked by write-lock. -BOOL -IsReadOperation( - COMMAND_INDEX commandIndex // IN: Command to check - ) -{ -#ifdef READ_LOCK - return ((s_commandAttributes[commandIndex] & READ_LOCK) != 0); -#else - - if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - { - switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) - { - case TPM_CC_NV_Read: - case TPM_CC_PolicyNV: - case TPM_CC_NV_Certify: - // NV read lock counts as a read operation for authorization purposes. - // We check to see if the NV is read locked before we do the - // authorization. If it is locked, we fail the command early. - case TPM_CC_NV_ReadLock: - return TRUE; - default: - break; - } - } - return FALSE; -#endif -} - -//*** CommandCapGetCCList() -// This function returns a list of implemented commands and command attributes -// starting from the command in 'commandCode'. -// Return Type: TPMI_YES_NO -// YES more command attributes are available -// NO no more command attributes are available -TPMI_YES_NO -CommandCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: maximum count for number of entries in - // 'commandList' - TPML_CCA *commandList // OUT: list of TPMA_CC - ) -{ - TPMI_YES_NO more = NO; - COMMAND_INDEX commandIndex; - - // initialize output handle list count - commandList->count = 0; - - for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { -#if !COMPRESSED_LISTS - // this check isn't needed for compressed lists. - if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)) - continue; -#endif - if(commandList->count < count) - { - // If the list is not full, add the attributes for this command. - commandList->commandAttributes[commandList->count] - = s_ccAttr[commandIndex]; - commandList->count++; - } - else - { - // If the list is full but there are more commands to report, - // indicate this and return. - more = YES; - break; - } - } - return more; -} - -//*** IsVendorCommand() -// Function indicates if a command index references a vendor command. -// Return Type: BOOL -// TRUE(1) command is a vendor command -// FALSE(0) command is not a vendor command -BOOL -IsVendorCommand( - COMMAND_INDEX commandIndex // IN: command index to check - ) -{ - return (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)); -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c deleted file mode 100644 index 246a3a784..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c +++ /dev/null @@ -1,478 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// The functions in this file are used for accessing properties for handles of -// various types. Functions in other files require handles of a specific -// type but the functions in this file allow use of any handle type. - -//** Includes - -#include "Tpm.h" - -//** Functions -//*** EntityGetLoadStatus() -// This function will check that all the handles access loaded entities. -// Return Type: TPM_RC -// TPM_RC_HANDLE handle type does not match -// TPM_RC_REFERENCE_Hx entity is not present -// TPM_RC_HIERARCHY entity belongs to a disabled hierarchy -// TPM_RC_OBJECT_MEMORY handle is an evict object but there is no -// space to load it to RAM -TPM_RC -EntityGetLoadStatus( - COMMAND *command // IN/OUT: command parsing structure - ) -{ - UINT32 i; - TPM_RC result = TPM_RC_SUCCESS; -// - for(i = 0; i < command->handleNum; i++) - { - TPM_HANDLE handle = command->handles[i]; - switch(HandleGetType(handle)) - { - // For handles associated with hierarchies, the entity is present - // only if the associated enable is SET. - case TPM_HT_PERMANENT: - switch(handle) - { - case TPM_RH_OWNER: - if(!gc.shEnable) - result = TPM_RC_HIERARCHY; - break; - -#ifdef VENDOR_PERMANENT - case VENDOR_PERMANENT: -#endif - case TPM_RH_ENDORSEMENT: - if(!gc.ehEnable) - result = TPM_RC_HIERARCHY; - break; - case TPM_RH_PLATFORM: - if(!g_phEnable) - result = TPM_RC_HIERARCHY; - break; - // null handle, PW session handle and lockout - // handle are always available - case TPM_RH_NULL: - case TPM_RS_PW: - // Need to be careful for lockout. Lockout is always available - // for policy checks but not always available when authValue - // is being checked. - case TPM_RH_LOCKOUT: - break; - default: - // handling of the manufacture_specific handles - if(((TPM_RH)handle >= TPM_RH_AUTH_00) - && ((TPM_RH)handle <= TPM_RH_AUTH_FF)) - // use the value that would have been returned from - // unmarshaling if it did the handle filtering - result = TPM_RC_VALUE; - else - FAIL(FATAL_ERROR_INTERNAL); - break; - } - break; - case TPM_HT_TRANSIENT: - // For a transient object, check if the handle is associated - // with a loaded object. - if(!IsObjectPresent(handle)) - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_PERSISTENT: - // Persistent object - // Copy the persistent object to RAM and replace the handle with the - // handle of the assigned slot. A TPM_RC_OBJECT_MEMORY, - // TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by - // ObjectLoadEvict() - result = ObjectLoadEvict(&command->handles[i], command->index); - break; - case TPM_HT_HMAC_SESSION: - // For an HMAC session, see if the session is loaded - // and if the session in the session slot is actually - // an HMAC session. - if(SessionIsLoaded(handle)) - { - SESSION *session; - session = SessionGet(handle); - // Check if the session is a HMAC session - if(session->attributes.isPolicy == SET) - result = TPM_RC_HANDLE; - } - else - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_POLICY_SESSION: - // For a policy session, see if the session is loaded - // and if the session in the session slot is actually - // a policy session. - if(SessionIsLoaded(handle)) - { - SESSION *session; - session = SessionGet(handle); - // Check if the session is a policy session - if(session->attributes.isPolicy == CLEAR) - result = TPM_RC_HANDLE; - } - else - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_NV_INDEX: - // For an NV Index, use the TPM-specific routine - // to search the IN Index space. - result = NvIndexIsAccessible(handle); - break; - case TPM_HT_PCR: - // Any PCR handle that is unmarshaled successfully referenced - // a PCR that is defined. - break; -#if CC_AC_Send - case TPM_HT_AC: - // Use the TPM-specific routine to search for the AC - result = AcIsAccessible(handle); - break; -#endif - default: - // Any other handle type is a defect in the unmarshaling code. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - if(result != TPM_RC_SUCCESS) - { - if(result == TPM_RC_REFERENCE_H0) - result = result + i; - else - result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]); - break; - } - } - return result; -} - -//*** EntityGetAuthValue() -// This function is used to access the 'authValue' associated with a handle. -// This function assumes that the handle references an entity that is accessible -// and the handle is not for a persistent objects. That is EntityGetLoadStatus() -// should have been called. Also, the accessibility of the authValue should have -// been verified by IsAuthValueAvailable(). -// -// This function copies the authorization value of the entity to 'auth'. -// Return Type: UINT16 -// count number of bytes in the authValue with 0's stripped -UINT16 -EntityGetAuthValue( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_AUTH *auth // OUT: authValue of the entity - ) -{ - TPM2B_AUTH *pAuth = NULL; - - auth->t.size = 0; - - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - { - switch(handle) - { - case TPM_RH_OWNER: - // ownerAuth for TPM_RH_OWNER - pAuth = &gp.ownerAuth; - break; - case TPM_RH_ENDORSEMENT: - // endorsementAuth for TPM_RH_ENDORSEMENT - pAuth = &gp.endorsementAuth; - break; - case TPM_RH_PLATFORM: - // platformAuth for TPM_RH_PLATFORM - pAuth = &gc.platformAuth; - break; - case TPM_RH_LOCKOUT: - // lockoutAuth for TPM_RH_LOCKOUT - pAuth = &gp.lockoutAuth; - break; - case TPM_RH_NULL: - // nullAuth for TPM_RH_NULL. Return 0 directly here - return 0; - break; -#ifdef VENDOR_PERMANENT - case VENDOR_PERMANENT: - // vendor authorization value - pAauth = &g_platformUniqueDetails; -#endif - default: - // If any other permanent handle is present it is - // a code defect. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - break; - } - case TPM_HT_TRANSIENT: - // authValue for an object - // A persistent object would have been copied into RAM - // and would have an transient object handle here. - { - OBJECT *object; - - object = HandleToObject(handle); - // special handling if this is a sequence object - if(ObjectIsSequence(object)) - { - pAuth = &((HASH_OBJECT *)object)->auth; - } - else - { - // Authorization is available only when the private portion of - // the object is loaded. The check should be made before - // this function is called - pAssert(object->attributes.publicOnly == CLEAR); - pAuth = &object->sensitive.authValue; - } - } - break; - case TPM_HT_NV_INDEX: - // authValue for an NV index - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != NULL); - pAuth = &nvIndex->authValue; - } - break; - case TPM_HT_PCR: - // authValue for PCR - pAuth = PCRGetAuthValue(handle); - break; - default: - // If any other handle type is present here, then there is a defect - // in the unmarshaling code. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - // Copy the authValue - MemoryCopy2B(&auth->b, &pAuth->b, sizeof(auth->t.buffer)); - MemoryRemoveTrailingZeros(auth); - return auth->t.size; -} - -//*** EntityGetAuthPolicy() -// This function is used to access the 'authPolicy' associated with a handle. -// This function assumes that the handle references an entity that is accessible -// and the handle is not for a persistent objects. That is EntityGetLoadStatus() -// should have been called. Also, the accessibility of the authPolicy should have -// been verified by IsAuthPolicyAvailable(). -// -// This function copies the authorization policy of the entity to 'authPolicy'. -// -// The return value is the hash algorithm for the policy. -TPMI_ALG_HASH -EntityGetAuthPolicy( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity - ) -{ - TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; - authPolicy->t.size = 0; - - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - switch(handle) - { - case TPM_RH_OWNER: - // ownerPolicy for TPM_RH_OWNER - *authPolicy = gp.ownerPolicy; - hashAlg = gp.ownerAlg; - break; - case TPM_RH_ENDORSEMENT: - // endorsementPolicy for TPM_RH_ENDORSEMENT - *authPolicy = gp.endorsementPolicy; - hashAlg = gp.endorsementAlg; - break; - case TPM_RH_PLATFORM: - // platformPolicy for TPM_RH_PLATFORM - *authPolicy = gc.platformPolicy; - hashAlg = gc.platformAlg; - break; - case TPM_RH_LOCKOUT: - // lockoutPolicy for TPM_RH_LOCKOUT - *authPolicy = gp.lockoutPolicy; - hashAlg = gp.lockoutAlg; - break; - default: - return TPM_ALG_ERROR; - break; - } - break; - case TPM_HT_TRANSIENT: - // authPolicy for an object - { - OBJECT *object = HandleToObject(handle); - *authPolicy = object->publicArea.authPolicy; - hashAlg = object->publicArea.nameAlg; - } - break; - case TPM_HT_NV_INDEX: - // authPolicy for a NV index - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != 0); - *authPolicy = nvIndex->publicArea.authPolicy; - hashAlg = nvIndex->publicArea.nameAlg; - } - break; - case TPM_HT_PCR: - // authPolicy for a PCR - hashAlg = PCRGetAuthPolicy(handle, authPolicy); - break; - default: - // If any other handle type is present it is a code defect. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - return hashAlg; -} - -//*** EntityGetName() -// This function returns the Name associated with a handle. -TPM2B_NAME * -EntityGetName( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_NAME *name // OUT: name of entity - ) -{ - switch(HandleGetType(handle)) - { - case TPM_HT_TRANSIENT: - { - // Name for an object - OBJECT *object = HandleToObject(handle); - // an object with no nameAlg has no name - if(object->publicArea.nameAlg == TPM_ALG_NULL) - name->b.size = 0; - else - *name = object->name; - break; - } - case TPM_HT_NV_INDEX: - // Name for a NV index - NvGetNameByIndexHandle(handle, name); - break; - default: - // For all other types, the handle is the Name - name->t.size = sizeof(TPM_HANDLE); - UINT32_TO_BYTE_ARRAY(handle, name->t.name); - break; - } - return name; -} - -//*** EntityGetHierarchy() -// This function returns the hierarchy handle associated with an entity. -// 1. A handle that is a hierarchy handle is associated with itself. -// 2. An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, -// is SET, otherwise it belongs to TPM_RH_OWNER -// 3. An object handle belongs to its hierarchy. -TPMI_RH_HIERARCHY -EntityGetHierarchy( - TPMI_DH_ENTITY handle // IN :handle of entity - ) -{ - TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; - - switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - // hierarchy for a permanent handle - switch(handle) - { - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - case TPM_RH_NULL: - hierarchy = handle; - break; - // all other permanent handles are associated with the owner - // hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT) - default: - hierarchy = TPM_RH_OWNER; - break; - } - break; - case TPM_HT_NV_INDEX: - // hierarchy for NV index - { - NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != NULL); - - // If only the platform can delete the index, then it is - // considered to be in the platform hierarchy, otherwise it - // is in the owner hierarchy. - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, - PLATFORMCREATE)) - hierarchy = TPM_RH_PLATFORM; - else - hierarchy = TPM_RH_OWNER; - } - break; - case TPM_HT_TRANSIENT: - // hierarchy for an object - { - OBJECT *object; - object = HandleToObject(handle); - if(object->attributes.ppsHierarchy) - { - hierarchy = TPM_RH_PLATFORM; - } - else if(object->attributes.epsHierarchy) - { - hierarchy = TPM_RH_ENDORSEMENT; - } - else if(object->attributes.spsHierarchy) - { - hierarchy = TPM_RH_OWNER; - } - } - break; - case TPM_HT_PCR: - hierarchy = TPM_RH_OWNER; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - // this is unreachable but it provides a return value for the default - // case which makes the complier happy - return hierarchy; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c deleted file mode 100644 index 4caa4a598..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c +++ /dev/null @@ -1,59 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file will instance the TPM variables that are not stack allocated. - -// Descriptions of global variables are in Global.h. There macro macro definitions -// that allows a variable to be instanced or simply defined as an external variable. -// When global.h is included from this .c file, GLOBAL_C is defined and values are -// instanced (and possibly initialized), but when global.h is included by any other -// file, they are simply defined as external values. DO NOT DEFINE GLOBAL_C IN ANY -// OTHER FILE. -// -// NOTE: This is a change from previous implementations where Global.h just contained -// the extern declaration and values were instanced in this file. This change keeps -// the definition and instance in one file making maintenance easier. The instanced -// data will still be in the global.obj file. -// -// The OIDs.h file works in a way that is similar to the Global.h with the definition -// of the values in OIDs.h such that they are instanced in global.obj. The macros -// that are defined in Global.h are used in OIDs.h in the same way as they are in -// Global.h. - -//** Defines and Includes -#define GLOBAL_C -#include "Tpm.h" -#include "OIDs.h" - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c deleted file mode 100644 index 3ef3b532b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c +++ /dev/null @@ -1,195 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the functions that return the type of a handle. - -//** Includes -#include "Tpm.h" - -//** Functions - -//*** HandleGetType() -// This function returns the type of a handle which is the MSO of the handle. -TPM_HT -HandleGetType( - TPM_HANDLE handle // IN: a handle to be checked - ) -{ - // return the upper bytes of input data - return (TPM_HT)((handle & HR_RANGE_MASK) >> HR_SHIFT); -} - -//*** NextPermanentHandle() -// This function returns the permanent handle that is equal to the input value or -// is the next higher value. If there is no handle with the input value and there -// is no next higher value, it returns 0: -TPM_HANDLE -NextPermanentHandle( - TPM_HANDLE inHandle // IN: the handle to check - ) -{ - // If inHandle is below the start of the range of permanent handles - // set it to the start and scan from there - if(inHandle < TPM_RH_FIRST) - inHandle = TPM_RH_FIRST; - // scan from input value until we find an implemented permanent handle - // or go out of range - for(; inHandle <= TPM_RH_LAST; inHandle++) - { - switch(inHandle) - { - case TPM_RH_OWNER: - case TPM_RH_NULL: - case TPM_RS_PW: - case TPM_RH_LOCKOUT: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM: - case TPM_RH_PLATFORM_NV: -#ifdef VENDOR_PERMANENT - case VENDOR_PERMANENT: -#endif - return inHandle; - break; - default: - break; - } - } - // Out of range on the top - return 0; -} - -//*** PermanentCapGetHandles() -// This function returns a list of the permanent handles of PCR, started from -// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list -// will be returned with 'more' set to NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PermanentCapGetHandles( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - - pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); - - // Initialize output handle list - handleList->count = 0; - - // The maximum count of handles we may return is MAX_CAP_HANDLES - if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; - - // Iterate permanent handle range - for(i = NextPermanentHandle(handle); - i != 0; i = NextPermanentHandle(i + 1)) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this permanent - // handle to it - handleList->handle[handleList->count] = i; - handleList->count++; - } - else - { - // If the return list is full but we still have permanent handle - // available, report this and stop iterating - more = YES; - break; - } - } - return more; -} - -//*** PermanentHandleGetPolicy() -// This function returns a list of the permanent handles of PCR, started from -// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list -// will be returned with 'more' set to NO. -// Return Type: TPMI_YES_NO -// YES if there are more handles available -// NO all the available handles has been returned -TPMI_YES_NO -PermanentHandleGetPolicy( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: max count of returned handles - TPML_TAGGED_POLICY *policyList // OUT: list of handle - ) -{ - TPMI_YES_NO more = NO; - - pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); - - // Initialize output handle list - policyList->count = 0; - - // The maximum count of policies we may return is MAX_TAGGED_POLICIES - if(count > MAX_TAGGED_POLICIES) - count = MAX_TAGGED_POLICIES; - - // Iterate permanent handle range - for(handle = NextPermanentHandle(handle); - handle != 0; - handle = NextPermanentHandle(handle + 1)) - { - TPM2B_DIGEST policyDigest; - TPM_ALG_ID policyAlg; - // Check to see if this permanent handle has a policy - policyAlg = EntityGetAuthPolicy(handle, &policyDigest); - if(policyAlg == TPM_ALG_ERROR) - continue; - if(policyList->count < count) - { - // If we have not filled up the return list, add this - // policy to the list; - policyList->policies[policyList->count].handle = handle; - policyList->policies[policyList->count].policyHash.hashAlg = policyAlg; - MemoryCopy(&policyList->policies[policyList->count].policyHash.digest, - policyDigest.t.buffer, policyDigest.t.size); - policyList->count++; - } - else - { - // If the return list is full but we still have permanent handle - // available, report this and stop iterating - more = YES; - break; - } - } - return more; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c deleted file mode 100644 index 49d0561c3..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c +++ /dev/null @@ -1,125 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -//** Includes and Data Definitions - -// This definition allows this module to "see" the values that are private -// to this module but kept in Global.c for ease of state migration. -#define IO_BUFFER_C -#include "Tpm.h" -#include "IoBuffers_fp.h" - -//** Buffers and Functions - -// These buffers are set aside to hold command and response values. In this -// implementation, it is not guaranteed that the code will stop accessing -// the s_actionInputBuffer before starting to put values in the -// s_actionOutputBuffer so different buffers are required. -// - -//*** MemoryIoBufferAllocationReset() -// This function is used to reset the allocation of buffers. -void -MemoryIoBufferAllocationReset( - void -) -{ - s_actionIoAllocation = 0; -} - -//*** MemoryIoBufferZero() -// Function zeros the action I/O buffer at the end of a command. Calling this is -// not mandatory for proper functionality. -void -MemoryIoBufferZero( - void -) -{ - memset(s_actionIoBuffer, 0, s_actionIoAllocation); -} - -//*** MemoryGetInBuffer() -// This function returns the address of the buffer into which the -// command parameters will be unmarshaled in preparation for calling -// the command actions. -BYTE * -MemoryGetInBuffer( - UINT32 size // Size, in bytes, required for the input - // unmarshaling - ) -{ - pAssert(size <= sizeof(s_actionIoBuffer)); - // In this implementation, a static buffer is set aside for the command action - // buffers. The buffer is shared between input and output. This is because - // there is no need to allocate for the worst case input and worst case output - // at the same time. - // Round size up - #define UoM (sizeof(s_actionIoBuffer[0])) - size = (size + (UoM - 1)) & (UINT32_MAX - (UoM - 1)); - memset(s_actionIoBuffer, 0, size); - s_actionIoAllocation = size; - return (BYTE *)&s_actionIoBuffer[0]; -} - -//*** MemoryGetOutBuffer() -// This function returns the address of the buffer into which the command -// action code places its output values. -BYTE * -MemoryGetOutBuffer( - UINT32 size // required size of the buffer - ) -{ - BYTE *retVal = (BYTE *)(&s_actionIoBuffer[s_actionIoAllocation / UoM]); - pAssert((size + s_actionIoAllocation) < (sizeof(s_actionIoBuffer))); - // In this implementation, a static buffer is set aside for the command action - // output buffer. - memset(retVal, 0, size); - s_actionIoAllocation += size; - return retVal; -} - -//*** IsLabelProperlyFormatted() -// This function checks that a label is a null-terminated string. -// NOTE: this function is here because there was no better place for it. -// Return Type: BOOL -// TRUE(1) string is null terminated -// FALSE(0) string is not null terminated -BOOL -IsLabelProperlyFormatted( - TPM2B *x - ) -{ - return (((x)->size == 0) || ((x)->buffer[(x)->size - 1] == 0)); -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c deleted file mode 100644 index e2d1bfd94..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c +++ /dev/null @@ -1,75 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes -#include "Tpm.h" - -//** LocalityGetAttributes() -// This function will convert a locality expressed as an integer into -// TPMA_LOCALITY form. -// -// The function returns the locality attribute. -TPMA_LOCALITY -LocalityGetAttributes( - UINT8 locality // IN: locality value - ) -{ - TPMA_LOCALITY locality_attributes; - BYTE *localityAsByte = (BYTE *)&locality_attributes; - - MemorySet(&locality_attributes, 0, sizeof(TPMA_LOCALITY)); - switch(locality) - { - case 0: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ZERO); - break; - case 1: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ONE); - break; - case 2: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_TWO); - break; - case 3: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_THREE); - break; - case 4: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_FOUR); - break; - default: - pAssert(locality > 31); - *localityAsByte = locality; - break; - } - return locality_attributes; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c deleted file mode 100644 index 19361a96b..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c +++ /dev/null @@ -1,177 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the function that performs the "manufacturing" of the TPM -// in a simulated environment. These functions should not be used outside of -// a manufacturing or simulation environment. - -//** Includes and Data Definitions -#define MANUFACTURE_C -#include "Tpm.h" -#include "TpmSizeChecks_fp.h" - -//** Functions - -//*** TPM_Manufacture() -// This function initializes the TPM values in preparation for the TPM's first -// use. This function will fail if previously called. The TPM can be re-manufactured -// by calling TPM_Teardown() first and then calling this function again. -// Return Type: int -// 0 success -// 1 manufacturing process previously performed -LIB_EXPORT int -TPM_Manufacture( - int firstTime // IN: indicates if this is the first call from - // main() - ) -{ - TPM_SU orderlyShutdown; - -#if RUNTIME_SIZE_CHECKS - // Call the function to verify the sizes of values that result from different - // compile options. - TpmSizeChecks(); -#endif - - // If TPM has been manufactured, return indication. - if(!firstTime && g_manufactured) - return 1; - - // Do power on initializations of the cryptographic libraries. - CryptInit(); - - s_DAPendingOnNV = FALSE; - - // initialize NV - NvManufacture(); - - // Clear the magic value in the DRBG state - go.drbgState.magic = 0; - - CryptStartup(SU_RESET); - - // default configuration for PCR - PCRSimStart(); - - // initialize pre-installed hierarchy data - // This should happen after NV is initialized because hierarchy data is - // stored in NV. - HierarchyPreInstall_Init(); - - // initialize dictionary attack parameters - DAPreInstall_Init(); - - // initialize PP list - PhysicalPresencePreInstall_Init(); - - // initialize command audit list - CommandAuditPreInstall_Init(); - - // first start up is required to be Startup(CLEAR) - orderlyShutdown = TPM_SU_CLEAR; - NV_WRITE_PERSISTENT(orderlyState, orderlyShutdown); - - // initialize the firmware version - gp.firmwareV1 = FIRMWARE_V1; -#ifdef FIRMWARE_V2 - gp.firmwareV2 = FIRMWARE_V2; -#else - gp.firmwareV2 = 0; -#endif - NV_SYNC_PERSISTENT(firmwareV1); - NV_SYNC_PERSISTENT(firmwareV2); - - // initialize the total reset counter to 0 - gp.totalResetCount = 0; - NV_SYNC_PERSISTENT(totalResetCount); - - // initialize the clock stuff - go.clock = 0; - go.clockSafe = YES; - - NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); - - // Commit NV writes. Manufacture process is an artificial process existing - // only in simulator environment and it is not defined in the specification - // that what should be the expected behavior if the NV write fails at this - // point. Therefore, it is assumed the NV write here is always success and - // no return code of this function is checked. - NvCommit(); - - g_manufactured = TRUE; - - return 0; -} - -//*** TPM_TearDown() -// This function prepares the TPM for re-manufacture. It should not be implemented -// in anything other than a simulated TPM. -// -// In this implementation, all that is needs is to stop the cryptographic units -// and set a flag to indicate that the TPM can be re-manufactured. This should -// be all that is necessary to start the manufacturing process again. -// Return Type: int -// 0 success -// 1 TPM not previously manufactured -LIB_EXPORT int -TPM_TearDown( - void - ) -{ - g_manufactured = FALSE; - return 0; -} - - -//*** TpmEndSimulation() -// This function is called at the end of the simulation run. It is used to provoke -// printing of any statistics that might be needed. -LIB_EXPORT void -TpmEndSimulation( - void - ) -{ -#if SIMULATION - HashLibSimulationEnd(); - SymLibSimulationEnd(); - MathLibSimulationEnd(); -#if ALG_RSA - RsaSimulationEnd(); -#endif -#if ALG_ECC - EccSimulationEnd(); -#endif -#endif // SIMULATION -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c deleted file mode 100644 index ba96696db..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c +++ /dev/null @@ -1,5811 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/*(Auto-generated) - * Created by TpmMarshal; Version 4.1 Dec 10, 2018 - * Date: Apr 2, 2019 Time: 11:00:48AM - */ - -#include "Tpm.h" -#include "Marshal_fp.h" - -// Table 2:3 - Definition of Base Types -// UINT8 definition from table 2:3 -TPM_RC -UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size) -{ - if((*size -= 1) < 0) - return TPM_RC_INSUFFICIENT; - *target = BYTE_ARRAY_TO_UINT8(*buffer); - *buffer += 1; - return TPM_RC_SUCCESS; -} -UINT16 -UINT8_Marshal(UINT8 *source, BYTE **buffer, INT32 *size) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= 1) >= 0)) - { - UINT8_TO_BYTE_ARRAY(*source, *buffer); - *buffer += 1; - } - pAssert(size == 0 || (*size >= 0)); - } - return (1); -} - -// BYTE definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -BYTE_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size) -{ - return UINT8_Unmarshal((UINT8 *)target, buffer, size); -} -UINT16 -BYTE_Marshal(BYTE *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// INT8 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size) -{ - return UINT8_Unmarshal((UINT8 *)target, buffer, size); -} -UINT16 -INT8_Marshal(INT8 *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// UINT16 definition from table 2:3 -TPM_RC -UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size) -{ - if((*size -= 2) < 0) - return TPM_RC_INSUFFICIENT; - *target = BYTE_ARRAY_TO_UINT16(*buffer); - *buffer += 2; - return TPM_RC_SUCCESS; -} -UINT16 -UINT16_Marshal(UINT16 *source, BYTE **buffer, INT32 *size) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= 2) >= 0)) - { - UINT16_TO_BYTE_ARRAY(*source, *buffer); - *buffer += 2; - } - pAssert(size == 0 || (*size >= 0)); - } - return (2); -} - -// INT16 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT16_Unmarshal(INT16 *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -INT16_Marshal(INT16 *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// UINT32 definition from table 2:3 -TPM_RC -UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size) -{ - if((*size -= 4) < 0) - return TPM_RC_INSUFFICIENT; - *target = BYTE_ARRAY_TO_UINT32(*buffer); - *buffer += 4; - return TPM_RC_SUCCESS; -} -UINT16 -UINT32_Marshal(UINT32 *source, BYTE **buffer, INT32 *size) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= 4) >= 0)) - { - UINT32_TO_BYTE_ARRAY(*source, *buffer); - *buffer += 4; - } - pAssert(size == 0 || (*size >= 0)); - } - return (4); -} - -// INT32 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -INT32_Marshal(INT32 *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// UINT64 definition from table 2:3 -TPM_RC -UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size) -{ - if((*size -= 8) < 0) - return TPM_RC_INSUFFICIENT; - *target = BYTE_ARRAY_TO_UINT64(*buffer); - *buffer += 8; - return TPM_RC_SUCCESS; -} -UINT16 -UINT64_Marshal(UINT64 *source, BYTE **buffer, INT32 *size) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= 8) >= 0)) - { - UINT64_TO_BYTE_ARRAY(*source, *buffer); - *buffer += 8; - } - pAssert(size == 0 || (*size >= 0)); - } - return (8); -} - -// INT64 definition from table 2:3 -#if !USE_MARSHALING_DEFINES -TPM_RC -INT64_Unmarshal(INT64 *target, BYTE **buffer, INT32 *size) -{ - return UINT64_Unmarshal((UINT64 *)target, buffer, size); -} -UINT16 -INT64_Marshal(INT64 *source, BYTE **buffer, INT32 *size) -{ - return UINT64_Marshal((UINT64 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:4 - Defines for Logic Values -// Table 2:5 - Definition of Types for Documentation Clarity -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ALGORITHM_ID_Unmarshal(TPM_ALGORITHM_ID *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_ALGORITHM_ID_Marshal(TPM_ALGORITHM_ID *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -TPM_RC -TPM_MODIFIER_INDICATOR_Unmarshal(TPM_MODIFIER_INDICATOR *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_MODIFIER_INDICATOR_Marshal(TPM_MODIFIER_INDICATOR *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -TPM_RC -TPM_AUTHORIZATION_SIZE_Unmarshal(TPM_AUTHORIZATION_SIZE *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_AUTHORIZATION_SIZE_Marshal(TPM_AUTHORIZATION_SIZE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -TPM_RC -TPM_PARAMETER_SIZE_Unmarshal(TPM_PARAMETER_SIZE *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_PARAMETER_SIZE_Marshal(TPM_PARAMETER_SIZE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -TPM_RC -TPM_KEY_SIZE_Unmarshal(TPM_KEY_SIZE *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -TPM_KEY_SIZE_Marshal(TPM_KEY_SIZE *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -TPM_RC -TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:6 - Definition of TPM_SPEC Constants -// Table 2:7 - Definition of TPM_GENERATED Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_GENERATED_Marshal(TPM_GENERATED *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:9 - Definition of TPM_ALG_ID Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -TPM_ALG_ID_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:10 - Definition of TPM_ECC_CURVE Constants -#if ALG_ECC -TPM_RC -TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_ECC_NIST_P192 : - case TPM_ECC_NIST_P224 : - case TPM_ECC_NIST_P256 : - case TPM_ECC_NIST_P384 : - case TPM_ECC_NIST_P521 : - case TPM_ECC_BN_P256 : - case TPM_ECC_BN_P638 : - case TPM_ECC_SM2_P256 : - break; - default : - result = TPM_RC_CURVE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_ECC_CURVE_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:12 - Definition of TPM_CC Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_CC_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_CC_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:16 - Definition of TPM_RC Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_RC_Marshal(TPM_RC *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants -TPM_RC -TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = INT8_Unmarshal((INT8 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_CLOCK_COARSE_SLOWER : - case TPM_CLOCK_MEDIUM_SLOWER : - case TPM_CLOCK_FINE_SLOWER : - case TPM_CLOCK_NO_CHANGE : - case TPM_CLOCK_FINE_FASTER : - case TPM_CLOCK_MEDIUM_FASTER : - case TPM_CLOCK_COARSE_FASTER : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:18 - Definition of TPM_EO Constants -TPM_RC -TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_EO_EQ : - case TPM_EO_NEQ : - case TPM_EO_SIGNED_GT : - case TPM_EO_UNSIGNED_GT : - case TPM_EO_SIGNED_LT : - case TPM_EO_UNSIGNED_LT : - case TPM_EO_SIGNED_GE : - case TPM_EO_UNSIGNED_GE : - case TPM_EO_SIGNED_LE : - case TPM_EO_UNSIGNED_LE : - case TPM_EO_BITSET : - case TPM_EO_BITCLEAR : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_EO_Marshal(TPM_EO *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:19 - Definition of TPM_ST Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) -{ - return UINT16_Unmarshal((UINT16 *)target, buffer, size); -} -UINT16 -TPM_ST_Marshal(TPM_ST *source, BYTE **buffer, INT32 *size) -{ - return UINT16_Marshal((UINT16 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:20 - Definition of TPM_SU Constants -TPM_RC -TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_SU_CLEAR : - case TPM_SU_STATE : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:21 - Definition of TPM_SE Constants -TPM_RC -TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT8_Unmarshal((UINT8 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_SE_HMAC : - case TPM_SE_POLICY : - case TPM_SE_TRIAL : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:22 - Definition of TPM_CAP Constants -TPM_RC -TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_CAP_ALGS : - case TPM_CAP_HANDLES : - case TPM_CAP_COMMANDS : - case TPM_CAP_PP_COMMANDS : - case TPM_CAP_AUDIT_COMMANDS : - case TPM_CAP_PCRS : - case TPM_CAP_TPM_PROPERTIES : - case TPM_CAP_PCR_PROPERTIES : - case TPM_CAP_ECC_CURVES : - case TPM_CAP_AUTH_POLICIES : - case TPM_CAP_VENDOR_PROPERTY : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_CAP_Marshal(TPM_CAP *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:23 - Definition of TPM_PT Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PT_Unmarshal(TPM_PT *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_PT_Marshal(TPM_PT *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:24 - Definition of TPM_PT_PCR Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_PT_PCR_Marshal(TPM_PT_PCR *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:25 - Definition of TPM_PS Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_PS_Marshal(TPM_PS *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:26 - Definition of Types for Handles -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size) -{ - return UINT32_Unmarshal((UINT32 *)target, buffer, size); -} -UINT16 -TPM_HANDLE_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:27 - Definition of TPM_HT Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HT_Unmarshal(TPM_HT *target, BYTE **buffer, INT32 *size) -{ - return UINT8_Unmarshal((UINT8 *)target, buffer, size); -} -UINT16 -TPM_HT_Marshal(TPM_HT *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:28 - Definition of TPM_RH Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_RH_Unmarshal(TPM_RH *target, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); -} -UINT16 -TPM_RH_Marshal(TPM_RH *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:29 - Definition of TPM_HC Constants -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM_HC_Unmarshal(TPM_HC *target, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); -} -UINT16 -TPM_HC_Marshal(TPM_HC *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:30 - Definition of TPMA_ALGORITHM Bits -TPM_RC -TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*((UINT32 *)target) & (UINT32)0xfffff8f0) - result = TPM_RC_RESERVED_BITS; - } - return result; -} - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_ALGORITHM_Marshal(TPMA_ALGORITHM *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:31 - Definition of TPMA_OBJECT Bits -TPM_RC -TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*((UINT32 *)target) & (UINT32)0xfff0f309) - result = TPM_RC_RESERVED_BITS; - } - return result; -} - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_OBJECT_Marshal(TPMA_OBJECT *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:32 - Definition of TPMA_SESSION Bits -TPM_RC -TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT8_Unmarshal((UINT8 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*((UINT8 *)target) & (UINT8)0x18) - result = TPM_RC_RESERVED_BITS; - } - return result; -} - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_SESSION_Marshal(TPMA_SESSION *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:33 - Definition of TPMA_LOCALITY Bits -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size) -{ - return UINT8_Unmarshal((UINT8 *)target, buffer, size); -} -UINT16 -TPMA_LOCALITY_Marshal(TPMA_LOCALITY *source, BYTE **buffer, INT32 *size) -{ - return UINT8_Marshal((UINT8 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:34 - Definition of TPMA_PERMANENT Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_PERMANENT_Marshal(TPMA_PERMANENT *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:35 - Definition of TPMA_STARTUP_CLEAR Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_STARTUP_CLEAR_Marshal(TPMA_STARTUP_CLEAR *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:36 - Definition of TPMA_MEMORY Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_MEMORY_Marshal(TPMA_MEMORY *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:37 - Definition of TPMA_CC Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_CC_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size) -{ - return TPM_CC_Marshal((TPM_CC *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:38 - Definition of TPMA_MODES Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_MODES_Marshal(TPMA_MODES *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:39 - Definition of TPMA_X509_KEY_USAGE Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_X509_KEY_USAGE_Marshal(TPMA_X509_KEY_USAGE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:40 - Definition of TPMI_YES_NO Type -TPM_RC -TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = BYTE_Unmarshal((BYTE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case NO: - case YES: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_YES_NO_Marshal(TPMI_YES_NO *source, BYTE **buffer, INT32 *size) -{ - return BYTE_Marshal((BYTE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:41 - Definition of TPMI_DH_OBJECT Type -TPM_RC -TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*target == TPM_RH_NULL) - { - if(!flag) - result = TPM_RC_VALUE; - } - else if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) - && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST))) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:42 - Definition of TPMI_DH_PARENT Type -TPM_RC -TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) - && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST))) - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_PARENT_Marshal(TPMI_DH_PARENT *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:43 - Definition of TPMI_DH_PERSISTENT Type -TPM_RC -TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_PERSISTENT_Marshal(TPMI_DH_PERSISTENT *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:44 - Definition of TPMI_DH_ENTITY Type -TPM_RC -TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM: - case TPM_RH_LOCKOUT: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) - && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) - && ((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) - && (*target > PCR_LAST) - && ((*target < TPM_RH_AUTH_00) || (*target > TPM_RH_AUTH_FF))) - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:45 - Definition of TPMI_DH_PCR Type -TPM_RC -TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*target == TPM_RH_NULL) - { - if(!flag) - result = TPM_RC_VALUE; - } - else if(*target > PCR_LAST) - result = TPM_RC_VALUE; - } - return result; -} - -// Table 2:46 - Definition of TPMI_SH_AUTH_SESSION Type -TPM_RC -TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*target == TPM_RS_PW) - { - if(!flag) - result = TPM_RC_VALUE; - } - else if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) - && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST))) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_AUTH_SESSION_Marshal(TPMI_SH_AUTH_SESSION *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:47 - Definition of TPMI_SH_HMAC Type -TPM_RC -TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_HMAC_Marshal(TPMI_SH_HMAC *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:48 - Definition of TPMI_SH_POLICY Type -TPM_RC -TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST)) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SH_POLICY_Marshal(TPMI_SH_POLICY *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:49 - Definition of TPMI_DH_CONTEXT Type -TPM_RC -TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) - && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST)) - && ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST))) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_CONTEXT_Marshal(TPMI_DH_CONTEXT *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:50 - Definition of TPMI_DH_SAVED Type -TPM_RC -TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case 0x80000000: - case 0x80000001: - case 0x80000002: - break; - default: - if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) - && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST))) - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_DH_SAVED_Marshal(TPMI_DH_SAVED *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:51 - Definition of TPMI_RH_HIERARCHY Type -TPM_RC -TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_HIERARCHY_Marshal(TPMI_RH_HIERARCHY *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:52 - Definition of TPMI_RH_ENABLES Type -TPM_RC -TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM_NV: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_ENABLES_Marshal(TPMI_RH_ENABLES *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:53 - Definition of TPMI_RH_HIERARCHY_AUTH Type -TPM_RC -TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - case TPM_RH_LOCKOUT: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:54 - Definition of TPMI_RH_PLATFORM Type -TPM_RC -TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_PLATFORM: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:55 - Definition of TPMI_RH_OWNER Type -TPM_RC -TPMI_RH_OWNER_Unmarshal(TPMI_RH_OWNER *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:56 - Definition of TPMI_RH_ENDORSEMENT Type -TPM_RC -TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_ENDORSEMENT: - break; - case TPM_RH_NULL: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:57 - Definition of TPMI_RH_PROVISION Type -TPM_RC -TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_OWNER: - case TPM_RH_PLATFORM: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:58 - Definition of TPMI_RH_CLEAR Type -TPM_RC -TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_LOCKOUT: - case TPM_RH_PLATFORM: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:59 - Definition of TPMI_RH_NV_AUTH Type -TPM_RC -TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_PLATFORM: - case TPM_RH_OWNER: - break; - default: - if((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:60 - Definition of TPMI_RH_LOCKOUT Type -TPM_RC -TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_RH_LOCKOUT: - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} - -// Table 2:61 - Definition of TPMI_RH_NV_INDEX Type -TPM_RC -TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) - result = TPM_RC_VALUE; - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RH_NV_INDEX_Marshal(TPMI_RH_NV_INDEX *source, BYTE **buffer, INT32 *size) -{ - return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:62 - Definition of TPMI_RH_AC Type -TPM_RC -TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((*target < AC_FIRST) || (*target > AC_LAST)) - result = TPM_RC_VALUE; - } - return result; -} - -// Table 2:63 - Definition of TPMI_ALG_HASH Type -TPM_RC -TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_SHA1 - case ALG_SHA1_VALUE: -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: -#endif // ALG_SHA512 -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: -#endif // ALG_SM3_256 -#if ALG_SHA3_256 - case ALG_SHA3_256_VALUE: -#endif // ALG_SHA3_256 -#if ALG_SHA3_384 - case ALG_SHA3_384_VALUE: -#endif // ALG_SHA3_384 -#if ALG_SHA3_512 - case ALG_SHA3_512_VALUE: -#endif // ALG_SHA3_512 - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_HASH; - break; - default: - result = TPM_RC_HASH; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_HASH_Marshal(TPMI_ALG_HASH *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:64 - Definition of TPMI_ALG_ASYM Type -TPM_RC -TPMI_ALG_ASYM_Unmarshal(TPMI_ALG_ASYM *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_RSA - case ALG_RSA_VALUE: -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: -#endif // ALG_ECC - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_ASYMMETRIC; - break; - default: - result = TPM_RC_ASYMMETRIC; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ASYM_Marshal(TPMI_ALG_ASYM *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:65 - Definition of TPMI_ALG_SYM Type -TPM_RC -TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_TDES - case ALG_TDES_VALUE: -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: -#endif // ALG_XOR - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SYMMETRIC; - break; - default: - result = TPM_RC_SYMMETRIC; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_Marshal(TPMI_ALG_SYM *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:66 - Definition of TPMI_ALG_SYM_OBJECT Type -TPM_RC -TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_TDES - case ALG_TDES_VALUE: -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: -#endif // ALG_CAMELLIA - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SYMMETRIC; - break; - default: - result = TPM_RC_SYMMETRIC; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_OBJECT_Marshal(TPMI_ALG_SYM_OBJECT *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:67 - Definition of TPMI_ALG_SYM_MODE Type -TPM_RC -TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_CTR - case ALG_CTR_VALUE: -#endif // ALG_CTR -#if ALG_OFB - case ALG_OFB_VALUE: -#endif // ALG_OFB -#if ALG_CBC - case ALG_CBC_VALUE: -#endif // ALG_CBC -#if ALG_CFB - case ALG_CFB_VALUE: -#endif // ALG_CFB -#if ALG_ECB - case ALG_ECB_VALUE: -#endif // ALG_ECB -#if ALG_CMAC - case ALG_CMAC_VALUE: -#endif // ALG_CMAC - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_MODE; - break; - default: - result = TPM_RC_MODE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SYM_MODE_Marshal(TPMI_ALG_SYM_MODE *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:68 - Definition of TPMI_ALG_KDF Type -TPM_RC -TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_MGF1 - case ALG_MGF1_VALUE: -#endif // ALG_MGF1 -#if ALG_KDF1_SP800_56A - case ALG_KDF1_SP800_56A_VALUE: -#endif // ALG_KDF1_SP800_56A -#if ALG_KDF2 - case ALG_KDF2_VALUE: -#endif // ALG_KDF2 -#if ALG_KDF1_SP800_108 - case ALG_KDF1_SP800_108_VALUE: -#endif // ALG_KDF1_SP800_108 - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_KDF; - break; - default: - result = TPM_RC_KDF; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_KDF_Marshal(TPMI_ALG_KDF *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:69 - Definition of TPMI_ALG_SIG_SCHEME Type -TPM_RC -TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: -#endif // ALG_HMAC - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SCHEME; - break; - default: - result = TPM_RC_SCHEME; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_SIG_SCHEME_Marshal(TPMI_ALG_SIG_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:70 - Definition of TPMI_ECC_KEY_EXCHANGE Type -#if ALG_ECC -TPM_RC -TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_ECDH - case ALG_ECDH_VALUE: -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: -#endif // ALG_ECMQV -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif // ALG_SM2 - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SCHEME; - break; - default: - result = TPM_RC_SCHEME; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ECC_KEY_EXCHANGE_Marshal(TPMI_ECC_KEY_EXCHANGE *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:71 - Definition of TPMI_ST_COMMAND_TAG Type -TPM_RC -TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { - case TPM_ST_NO_SESSIONS: - case TPM_ST_SESSIONS: - break; - default: - result = TPM_RC_BAD_TAG; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ST_COMMAND_TAG_Marshal(TPMI_ST_COMMAND_TAG *source, BYTE **buffer, INT32 *size) -{ - return TPM_ST_Marshal((TPM_ST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:72 - Definition of TPMI_ALG_MAC_SCHEME Type -TPM_RC -TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_CMAC - case ALG_CMAC_VALUE: -#endif // ALG_CMAC -#if ALG_SHA1 - case ALG_SHA1_VALUE: -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: -#endif // ALG_SHA512 -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: -#endif // ALG_SM3_256 -#if ALG_SHA3_256 - case ALG_SHA3_256_VALUE: -#endif // ALG_SHA3_256 -#if ALG_SHA3_384 - case ALG_SHA3_384_VALUE: -#endif // ALG_SHA3_384 -#if ALG_SHA3_512 - case ALG_SHA3_512_VALUE: -#endif // ALG_SHA3_512 - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SYMMETRIC; - break; - default: - result = TPM_RC_SYMMETRIC; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_MAC_SCHEME_Marshal(TPMI_ALG_MAC_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:73 - Definition of TPMI_ALG_CIPHER_MODE Type -TPM_RC -TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_CTR - case ALG_CTR_VALUE: -#endif // ALG_CTR -#if ALG_OFB - case ALG_OFB_VALUE: -#endif // ALG_OFB -#if ALG_CBC - case ALG_CBC_VALUE: -#endif // ALG_CBC -#if ALG_CFB - case ALG_CFB_VALUE: -#endif // ALG_CFB -#if ALG_ECB - case ALG_ECB_VALUE: -#endif // ALG_ECB - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_MODE; - break; - default: - result = TPM_RC_MODE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_CIPHER_MODE_Marshal(TPMI_ALG_CIPHER_MODE *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:74 - Definition of TPMS_EMPTY Structure -TPM_RC -TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size) -{ - // to prevent the compiler from complaining - NOT_REFERENCED(target); - NOT_REFERENCED(buffer); - NOT_REFERENCED(size); - return TPM_RC_SUCCESS; -} -UINT16 -TPMS_EMPTY_Marshal(TPMS_EMPTY *source, BYTE **buffer, INT32 *size) -{ - // to prevent the compiler from complaining - NOT_REFERENCED(source); - NOT_REFERENCED(buffer); - NOT_REFERENCED(size); - return 0; -} - -// Table 2:75 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure -UINT16 -TPMS_ALGORITHM_DESCRIPTION_Marshal(TPMS_ALGORITHM_DESCRIPTION *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->alg), buffer, size)); - result = (UINT16)(result + TPMA_ALGORITHM_Marshal((TPMA_ALGORITHM *)&(source->attributes), buffer, size)); - return result; -} - -// Table 2:76 - Definition of TPMU_HA Union -TPM_RC -TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha1), buffer, size, (INT32)SHA1_DIGEST_SIZE); -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha256), buffer, size, (INT32)SHA256_DIGEST_SIZE); -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha384), buffer, size, (INT32)SHA384_DIGEST_SIZE); -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha512), buffer, size, (INT32)SHA512_DIGEST_SIZE); -#endif // ALG_SHA512 -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sm3_256), buffer, size, (INT32)SM3_256_DIGEST_SIZE); -#endif // ALG_SM3_256 -#if ALG_SHA3_256 - case ALG_SHA3_256_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha3_256), buffer, size, (INT32)SHA3_256_DIGEST_SIZE); -#endif // ALG_SHA3_256 -#if ALG_SHA3_384 - case ALG_SHA3_384_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha3_384), buffer, size, (INT32)SHA3_384_DIGEST_SIZE); -#endif // ALG_SHA3_384 -#if ALG_SHA3_512 - case ALG_SHA3_512_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->sha3_512), buffer, size, (INT32)SHA3_512_DIGEST_SIZE); -#endif // ALG_SHA3_512 - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_HA_Marshal(TPMU_HA *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_SHA1 - case ALG_SHA1_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha1), buffer, size, (INT32)SHA1_DIGEST_SIZE); -#endif // ALG_SHA1 -#if ALG_SHA256 - case ALG_SHA256_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha256), buffer, size, (INT32)SHA256_DIGEST_SIZE); -#endif // ALG_SHA256 -#if ALG_SHA384 - case ALG_SHA384_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha384), buffer, size, (INT32)SHA384_DIGEST_SIZE); -#endif // ALG_SHA384 -#if ALG_SHA512 - case ALG_SHA512_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha512), buffer, size, (INT32)SHA512_DIGEST_SIZE); -#endif // ALG_SHA512 -#if ALG_SM3_256 - case ALG_SM3_256_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sm3_256), buffer, size, (INT32)SM3_256_DIGEST_SIZE); -#endif // ALG_SM3_256 -#if ALG_SHA3_256 - case ALG_SHA3_256_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha3_256), buffer, size, (INT32)SHA3_256_DIGEST_SIZE); -#endif // ALG_SHA3_256 -#if ALG_SHA3_384 - case ALG_SHA3_384_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha3_384), buffer, size, (INT32)SHA3_384_DIGEST_SIZE); -#endif // ALG_SHA3_384 -#if ALG_SHA3_512 - case ALG_SHA3_512_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->sha3_512), buffer, size, (INT32)SHA3_512_DIGEST_SIZE); -#endif // ALG_SHA3_512 - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:77 - Definition of TPMT_HA Structure -TPM_RC -TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_HA_Unmarshal((TPMU_HA *)&(target->digest), buffer, size, (UINT32)target->hashAlg); - return result; -} -UINT16 -TPMT_HA_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); - result = (UINT16)(result + TPMU_HA_Marshal((TPMU_HA *)&(source->digest), buffer, size, (UINT32)source->hashAlg)); - return result; -} - -// Table 2:78 - Definition of TPM2B_DIGEST Structure -TPM_RC -TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMU_HA)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:79 - Definition of TPM2B_DATA Structure -TPM_RC -TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMT_HA)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:80 - Definition of Types for TPM2B_NONCE -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); -} -UINT16 -TPM2B_NONCE_Marshal(TPM2B_NONCE *source, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:81 - Definition of Types for TPM2B_AUTH -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); -} -UINT16 -TPM2B_AUTH_Marshal(TPM2B_AUTH *source, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:82 - Definition of Types for TPM2B_OPERAND -#if !USE_MARSHALING_DEFINES -TPM_RC -TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); -} -UINT16 -TPM2B_OPERAND_Marshal(TPM2B_OPERAND *source, BYTE **buffer, INT32 *size) -{ - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:83 - Definition of TPM2B_EVENT Structure -TPM_RC -TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > 1024) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_EVENT_Marshal(TPM2B_EVENT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:84 - Definition of TPM2B_MAX_BUFFER Structure -TPM_RC -TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_DIGEST_BUFFER) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:85 - Definition of TPM2B_MAX_NV_BUFFER Structure -TPM_RC -TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_NV_BUFFER_SIZE) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:86 - Definition of TPM2B_TIMEOUT Structure -TPM_RC -TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(UINT64)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:87 - Definition of TPM2B_IV Structure -TPM_RC -TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_SYM_BLOCK_SIZE) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:88 - Definition of TPMU_NAME Union -// Table 2:89 - Definition of TPM2B_NAME Structure -TPM_RC -TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMU_NAME)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.name), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.name), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:90 - Definition of TPMS_PCR_SELECT Structure -TPM_RC -TPMS_PCR_SELECT_Unmarshal(TPMS_PCR_SELECT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT8_Unmarshal((UINT8 *)&(target->sizeofSelect), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->sizeofSelect < PCR_SELECT_MIN)) - result = TPM_RC_VALUE; - if(result == TPM_RC_SUCCESS) - { - if((target->sizeofSelect) > PCR_SELECT_MAX) - result = TPM_RC_VALUE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->pcrSelect), buffer, size, (INT32)(target->sizeofSelect)); - } - return result; -} -UINT16 -TPMS_PCR_SELECT_Marshal(TPMS_PCR_SELECT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); - return result; -} - -// Table 2:91 - Definition of TPMS_PCR_SELECTION Structure -TPM_RC -TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = UINT8_Unmarshal((UINT8 *)&(target->sizeofSelect), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->sizeofSelect < PCR_SELECT_MIN)) - result = TPM_RC_VALUE; - if(result == TPM_RC_SUCCESS) - { - if((target->sizeofSelect) > PCR_SELECT_MAX) - result = TPM_RC_VALUE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->pcrSelect), buffer, size, (INT32)(target->sizeofSelect)); - } - return result; -} -UINT16 -TPMS_PCR_SELECTION_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); - result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); - return result; -} - -// Table 2:94 - Definition of TPMT_TK_CREATION Structure -TPM_RC -TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->tag != TPM_ST_CREATION)) - result = TPM_RC_TAG; - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); - return result; -} -UINT16 -TPMT_TK_CREATION_Marshal(TPMT_TK_CREATION *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); - return result; -} - -// Table 2:95 - Definition of TPMT_TK_VERIFIED Structure -TPM_RC -TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->tag != TPM_ST_VERIFIED)) - result = TPM_RC_TAG; - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); - return result; -} -UINT16 -TPMT_TK_VERIFIED_Marshal(TPMT_TK_VERIFIED *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); - return result; -} - -// Table 2:96 - Definition of TPMT_TK_AUTH Structure -TPM_RC -TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->tag != TPM_ST_AUTH_SIGNED) - && (target->tag != TPM_ST_AUTH_SECRET)) - result = TPM_RC_TAG; - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); - return result; -} -UINT16 -TPMT_TK_AUTH_Marshal(TPMT_TK_AUTH *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); - return result; -} - -// Table 2:97 - Definition of TPMT_TK_HASHCHECK Structure -TPM_RC -TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->tag != TPM_ST_HASHCHECK)) - result = TPM_RC_TAG; - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); - return result; -} -UINT16 -TPMT_TK_HASHCHECK_Marshal(TPMT_TK_HASHCHECK *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); - return result; -} - -// Table 2:98 - Definition of TPMS_ALG_PROPERTY Structure -UINT16 -TPMS_ALG_PROPERTY_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->alg), buffer, size)); - result = (UINT16)(result + TPMA_ALGORITHM_Marshal((TPMA_ALGORITHM *)&(source->algProperties), buffer, size)); - return result; -} - -// Table 2:99 - Definition of TPMS_TAGGED_PROPERTY Structure -UINT16 -TPMS_TAGGED_PROPERTY_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_PT_Marshal((TPM_PT *)&(source->property), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->value), buffer, size)); - return result; -} - -// Table 2:100 - Definition of TPMS_TAGGED_PCR_SELECT Structure -UINT16 -TPMS_TAGGED_PCR_SELECT_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_PT_PCR_Marshal((TPM_PT_PCR *)&(source->tag), buffer, size)); - result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); - return result; -} - -// Table 2:101 - Definition of TPMS_TAGGED_POLICY Structure -UINT16 -TPMS_TAGGED_POLICY_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_HANDLE_Marshal((TPM_HANDLE *)&(source->handle), buffer, size)); - result = (UINT16)(result + TPMT_HA_Marshal((TPMT_HA *)&(source->policyHash), buffer, size)); - return result; -} - -// Table 2:102 - Definition of TPML_CC Structure -TPM_RC -TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->count) > MAX_CAP_CC) - result = TPM_RC_SIZE; - else - result = TPM_CC_Array_Unmarshal((TPM_CC *)(target->commandCodes), buffer, size, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_CC_Marshal(TPML_CC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM_CC_Array_Marshal((TPM_CC *)(source->commandCodes), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:103 - Definition of TPML_CCA Structure -UINT16 -TPML_CCA_Marshal(TPML_CCA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMA_CC_Array_Marshal((TPMA_CC *)(source->commandAttributes), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:104 - Definition of TPML_ALG Structure -TPM_RC -TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->count) > MAX_ALG_LIST_SIZE) - result = TPM_RC_SIZE; - else - result = TPM_ALG_ID_Array_Unmarshal((TPM_ALG_ID *)(target->algorithms), buffer, size, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_ALG_Marshal(TPML_ALG *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM_ALG_ID_Array_Marshal((TPM_ALG_ID *)(source->algorithms), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:105 - Definition of TPML_HANDLE Structure -UINT16 -TPML_HANDLE_Marshal(TPML_HANDLE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM_HANDLE_Array_Marshal((TPM_HANDLE *)(source->handle), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:106 - Definition of TPML_DIGEST Structure -TPM_RC -TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->count < 2)) - result = TPM_RC_SIZE; - if(result == TPM_RC_SUCCESS) - { - if((target->count) > 8) - result = TPM_RC_SIZE; - else - result = TPM2B_DIGEST_Array_Unmarshal((TPM2B_DIGEST *)(target->digests), buffer, size, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Array_Marshal((TPM2B_DIGEST *)(source->digests), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:107 - Definition of TPML_DIGEST_VALUES Structure -TPM_RC -TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->count) > HASH_COUNT) - result = TPM_RC_SIZE; - else - result = TPMT_HA_Array_Unmarshal((TPMT_HA *)(target->digests), buffer, size, 0, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_DIGEST_VALUES_Marshal(TPML_DIGEST_VALUES *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMT_HA_Array_Marshal((TPMT_HA *)(source->digests), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:108 - Definition of TPML_PCR_SELECTION Structure -TPM_RC -TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->count) > HASH_COUNT) - result = TPM_RC_SIZE; - else - result = TPMS_PCR_SELECTION_Array_Unmarshal((TPMS_PCR_SELECTION *)(target->pcrSelections), buffer, size, (INT32)(target->count)); - } - return result; -} -UINT16 -TPML_PCR_SELECTION_Marshal(TPML_PCR_SELECTION *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_PCR_SELECTION_Array_Marshal((TPMS_PCR_SELECTION *)(source->pcrSelections), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:109 - Definition of TPML_ALG_PROPERTY Structure -UINT16 -TPML_ALG_PROPERTY_Marshal(TPML_ALG_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_ALG_PROPERTY_Array_Marshal((TPMS_ALG_PROPERTY *)(source->algProperties), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:110 - Definition of TPML_TAGGED_TPM_PROPERTY Structure -UINT16 -TPML_TAGGED_TPM_PROPERTY_Marshal(TPML_TAGGED_TPM_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_TAGGED_PROPERTY_Array_Marshal((TPMS_TAGGED_PROPERTY *)(source->tpmProperty), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:111 - Definition of TPML_TAGGED_PCR_PROPERTY Structure -UINT16 -TPML_TAGGED_PCR_PROPERTY_Marshal(TPML_TAGGED_PCR_PROPERTY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_TAGGED_PCR_SELECT_Array_Marshal((TPMS_TAGGED_PCR_SELECT *)(source->pcrProperty), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:112 - Definition of TPML_ECC_CURVE Structure -#if ALG_ECC -UINT16 -TPML_ECC_CURVE_Marshal(TPML_ECC_CURVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPM_ECC_CURVE_Array_Marshal((TPM_ECC_CURVE *)(source->eccCurves), buffer, size, (INT32)(source->count))); - return result; -} -#endif // ALG_ECC - -// Table 2:113 - Definition of TPML_TAGGED_POLICY Structure -UINT16 -TPML_TAGGED_POLICY_Marshal(TPML_TAGGED_POLICY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_TAGGED_POLICY_Array_Marshal((TPMS_TAGGED_POLICY *)(source->policies), buffer, size, (INT32)(source->count))); - return result; -} - -// Table 2:114 - Definition of TPMU_CAPABILITIES Union -UINT16 -TPMU_CAPABILITIES_Marshal(TPMU_CAPABILITIES *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { - case TPM_CAP_ALGS: - return TPML_ALG_PROPERTY_Marshal((TPML_ALG_PROPERTY *)&(source->algorithms), buffer, size); - case TPM_CAP_HANDLES: - return TPML_HANDLE_Marshal((TPML_HANDLE *)&(source->handles), buffer, size); - case TPM_CAP_COMMANDS: - return TPML_CCA_Marshal((TPML_CCA *)&(source->command), buffer, size); - case TPM_CAP_PP_COMMANDS: - return TPML_CC_Marshal((TPML_CC *)&(source->ppCommands), buffer, size); - case TPM_CAP_AUDIT_COMMANDS: - return TPML_CC_Marshal((TPML_CC *)&(source->auditCommands), buffer, size); - case TPM_CAP_PCRS: - return TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->assignedPCR), buffer, size); - case TPM_CAP_TPM_PROPERTIES: - return TPML_TAGGED_TPM_PROPERTY_Marshal((TPML_TAGGED_TPM_PROPERTY *)&(source->tpmProperties), buffer, size); - case TPM_CAP_PCR_PROPERTIES: - return TPML_TAGGED_PCR_PROPERTY_Marshal((TPML_TAGGED_PCR_PROPERTY *)&(source->pcrProperties), buffer, size); -#if ALG_ECC - case TPM_CAP_ECC_CURVES: - return TPML_ECC_CURVE_Marshal((TPML_ECC_CURVE *)&(source->eccCurves), buffer, size); -#endif // ALG_ECC - case TPM_CAP_AUTH_POLICIES: - return TPML_TAGGED_POLICY_Marshal((TPML_TAGGED_POLICY *)&(source->authPolicies), buffer, size); - } - return 0; -} - -// Table 2:115 - Definition of TPMS_CAPABILITY_DATA Structure -UINT16 -TPMS_CAPABILITY_DATA_Marshal(TPMS_CAPABILITY_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_CAP_Marshal((TPM_CAP *)&(source->capability), buffer, size)); - result = (UINT16)(result + TPMU_CAPABILITIES_Marshal((TPMU_CAPABILITIES *)&(source->data), buffer, size, (UINT32)source->capability)); - return result; -} - -// Table 2:116 - Definition of TPMS_CLOCK_INFO Structure -TPM_RC -TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT64_Unmarshal((UINT64 *)&(target->clock), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT32_Unmarshal((UINT32 *)&(target->resetCount), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT32_Unmarshal((UINT32 *)&(target->restartCount), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_YES_NO_Unmarshal((TPMI_YES_NO *)&(target->safe), buffer, size); - return result; -} -UINT16 -TPMS_CLOCK_INFO_Marshal(TPMS_CLOCK_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->clock), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->resetCount), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->restartCount), buffer, size)); - result = (UINT16)(result + TPMI_YES_NO_Marshal((TPMI_YES_NO *)&(source->safe), buffer, size)); - return result; -} - -// Table 2:117 - Definition of TPMS_TIME_INFO Structure -TPM_RC -TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT64_Unmarshal((UINT64 *)&(target->time), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMS_CLOCK_INFO_Unmarshal((TPMS_CLOCK_INFO *)&(target->clockInfo), buffer, size); - return result; -} -UINT16 -TPMS_TIME_INFO_Marshal(TPMS_TIME_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->time), buffer, size)); - result = (UINT16)(result + TPMS_CLOCK_INFO_Marshal((TPMS_CLOCK_INFO *)&(source->clockInfo), buffer, size)); - return result; -} - -// Table 2:118 - Definition of TPMS_TIME_ATTEST_INFO Structure -UINT16 -TPMS_TIME_ATTEST_INFO_Marshal(TPMS_TIME_ATTEST_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMS_TIME_INFO_Marshal((TPMS_TIME_INFO *)&(source->time), buffer, size)); - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->firmwareVersion), buffer, size)); - return result; -} - -// Table 2:119 - Definition of TPMS_CERTIFY_INFO Structure -UINT16 -TPMS_CERTIFY_INFO_Marshal(TPMS_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->name), buffer, size)); - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->qualifiedName), buffer, size)); - return result; -} - -// Table 2:120 - Definition of TPMS_QUOTE_INFO Structure -UINT16 -TPMS_QUOTE_INFO_Marshal(TPMS_QUOTE_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->pcrSelect), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->pcrDigest), buffer, size)); - return result; -} - -// Table 2:121 - Definition of TPMS_COMMAND_AUDIT_INFO Structure -UINT16 -TPMS_COMMAND_AUDIT_INFO_Marshal(TPMS_COMMAND_AUDIT_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->auditCounter), buffer, size)); - result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->digestAlg), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->auditDigest), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->commandDigest), buffer, size)); - return result; -} - -// Table 2:122 - Definition of TPMS_SESSION_AUDIT_INFO Structure -UINT16 -TPMS_SESSION_AUDIT_INFO_Marshal(TPMS_SESSION_AUDIT_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_YES_NO_Marshal((TPMI_YES_NO *)&(source->exclusiveSession), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->sessionDigest), buffer, size)); - return result; -} - -// Table 2:123 - Definition of TPMS_CREATION_INFO Structure -UINT16 -TPMS_CREATION_INFO_Marshal(TPMS_CREATION_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->objectName), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->creationHash), buffer, size)); - return result; -} - -// Table 2:124 - Definition of TPMS_NV_CERTIFY_INFO Structure -UINT16 -TPMS_NV_CERTIFY_INFO_Marshal(TPMS_NV_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->indexName), buffer, size)); - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->offset), buffer, size)); - result = (UINT16)(result + TPM2B_MAX_NV_BUFFER_Marshal((TPM2B_MAX_NV_BUFFER *)&(source->nvContents), buffer, size)); - return result; -} - -// Table 2:125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure -UINT16 -TPMS_NV_DIGEST_CERTIFY_INFO_Marshal(TPMS_NV_DIGEST_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->indexName), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->nvDigest), buffer, size)); - return result; -} - -// Table 2:126 - Definition of TPMI_ST_ATTEST Type -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ST_ATTEST_Marshal(TPMI_ST_ATTEST *source, BYTE **buffer, INT32 *size) -{ - return TPM_ST_Marshal((TPM_ST *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:127 - Definition of TPMU_ATTEST Union -UINT16 -TPMU_ATTEST_Marshal(TPMU_ATTEST *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { - case TPM_ST_ATTEST_CERTIFY: - return TPMS_CERTIFY_INFO_Marshal((TPMS_CERTIFY_INFO *)&(source->certify), buffer, size); - case TPM_ST_ATTEST_CREATION: - return TPMS_CREATION_INFO_Marshal((TPMS_CREATION_INFO *)&(source->creation), buffer, size); - case TPM_ST_ATTEST_QUOTE: - return TPMS_QUOTE_INFO_Marshal((TPMS_QUOTE_INFO *)&(source->quote), buffer, size); - case TPM_ST_ATTEST_COMMAND_AUDIT: - return TPMS_COMMAND_AUDIT_INFO_Marshal((TPMS_COMMAND_AUDIT_INFO *)&(source->commandAudit), buffer, size); - case TPM_ST_ATTEST_SESSION_AUDIT: - return TPMS_SESSION_AUDIT_INFO_Marshal((TPMS_SESSION_AUDIT_INFO *)&(source->sessionAudit), buffer, size); - case TPM_ST_ATTEST_TIME: - return TPMS_TIME_ATTEST_INFO_Marshal((TPMS_TIME_ATTEST_INFO *)&(source->time), buffer, size); - case TPM_ST_ATTEST_NV: - return TPMS_NV_CERTIFY_INFO_Marshal((TPMS_NV_CERTIFY_INFO *)&(source->nv), buffer, size); - case TPM_ST_ATTEST_NV_DIGEST: - return TPMS_NV_DIGEST_CERTIFY_INFO_Marshal((TPMS_NV_DIGEST_CERTIFY_INFO *)&(source->nvDigest), buffer, size); - } - return 0; -} - -// Table 2:128 - Definition of TPMS_ATTEST Structure -UINT16 -TPMS_ATTEST_Marshal(TPMS_ATTEST *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_GENERATED_Marshal((TPM_GENERATED *)&(source->magic), buffer, size)); - result = (UINT16)(result + TPMI_ST_ATTEST_Marshal((TPMI_ST_ATTEST *)&(source->type), buffer, size)); - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->qualifiedSigner), buffer, size)); - result = (UINT16)(result + TPM2B_DATA_Marshal((TPM2B_DATA *)&(source->extraData), buffer, size)); - result = (UINT16)(result + TPMS_CLOCK_INFO_Marshal((TPMS_CLOCK_INFO *)&(source->clockInfo), buffer, size)); - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->firmwareVersion), buffer, size)); - result = (UINT16)(result + TPMU_ATTEST_Marshal((TPMU_ATTEST *)&(source->attested), buffer, size, (UINT32)source->type)); - return result; -} - -// Table 2:129 - Definition of TPM2B_ATTEST Structure -UINT16 -TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.attestationData), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:130 - Definition of TPMS_AUTH_COMMAND Structure -TPM_RC -TPMS_AUTH_COMMAND_Unmarshal(TPMS_AUTH_COMMAND *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_SH_AUTH_SESSION_Unmarshal((TPMI_SH_AUTH_SESSION *)&(target->sessionHandle), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_NONCE_Unmarshal((TPM2B_NONCE *)&(target->nonce), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMA_SESSION_Unmarshal((TPMA_SESSION *)&(target->sessionAttributes), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->hmac), buffer, size); - return result; -} - -// Table 2:131 - Definition of TPMS_AUTH_RESPONSE Structure -UINT16 -TPMS_AUTH_RESPONSE_Marshal(TPMS_AUTH_RESPONSE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_NONCE_Marshal((TPM2B_NONCE *)&(source->nonce), buffer, size)); - result = (UINT16)(result + TPMA_SESSION_Marshal((TPMA_SESSION *)&(source->sessionAttributes), buffer, size)); - result = (UINT16)(result + TPM2B_AUTH_Marshal((TPM2B_AUTH *)&(source->hmac), buffer, size)); - return result; -} - -// Table 2:132 - Definition of TPMI_TDES_KEY_BITS Type -#if ALG_TDES -TPM_RC -TPMI_TDES_KEY_BITS_Unmarshal(TPMI_TDES_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if TDES_128 - case 128: -#endif // TDES_128 -#if TDES_192 - case 192: -#endif // TDES_192 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_TDES - -// Table 2:132 - Definition of TPMI_AES_KEY_BITS Type -#if ALG_AES -TPM_RC -TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if AES_128 - case 128: -#endif // AES_128 -#if AES_192 - case 192: -#endif // AES_192 -#if AES_256 - case 256: -#endif // AES_256 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_AES - -// Table 2:132 - Definition of TPMI_SM4_KEY_BITS Type -#if ALG_SM4 -TPM_RC -TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if SM4_128 - case 128: -#endif // SM4_128 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_SM4 - -// Table 2:132 - Definition of TPMI_CAMELLIA_KEY_BITS Type -#if ALG_CAMELLIA -TPM_RC -TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if CAMELLIA_128 - case 128: -#endif // CAMELLIA_128 -#if CAMELLIA_192 - case 192: -#endif // CAMELLIA_192 -#if CAMELLIA_256 - case 256: -#endif // CAMELLIA_256 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_CAMELLIA - -// Table 2:133 - Definition of TPMU_SYM_KEY_BITS Union -TPM_RC -TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_TDES - case ALG_TDES_VALUE: - return TPMI_TDES_KEY_BITS_Unmarshal((TPMI_TDES_KEY_BITS *)&(target->tdes), buffer, size); -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: - return TPMI_AES_KEY_BITS_Unmarshal((TPMI_AES_KEY_BITS *)&(target->aes), buffer, size); -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: - return TPMI_SM4_KEY_BITS_Unmarshal((TPMI_SM4_KEY_BITS *)&(target->sm4), buffer, size); -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: - return TPMI_CAMELLIA_KEY_BITS_Unmarshal((TPMI_CAMELLIA_KEY_BITS *)&(target->camellia), buffer, size); -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: - return TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->xor), buffer, size, 0); -#endif // ALG_XOR - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SYM_KEY_BITS_Marshal(TPMU_SYM_KEY_BITS *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_TDES - case ALG_TDES_VALUE: - return TPMI_TDES_KEY_BITS_Marshal((TPMI_TDES_KEY_BITS *)&(source->tdes), buffer, size); -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: - return TPMI_AES_KEY_BITS_Marshal((TPMI_AES_KEY_BITS *)&(source->aes), buffer, size); -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: - return TPMI_SM4_KEY_BITS_Marshal((TPMI_SM4_KEY_BITS *)&(source->sm4), buffer, size); -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: - return TPMI_CAMELLIA_KEY_BITS_Marshal((TPMI_CAMELLIA_KEY_BITS *)&(source->camellia), buffer, size); -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: - return TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->xor), buffer, size); -#endif // ALG_XOR - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:134 - Definition of TPMU_SYM_MODE Union -TPM_RC -TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_TDES - case ALG_TDES_VALUE: - return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->tdes), buffer, size, 1); -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: - return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->aes), buffer, size, 1); -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: - return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->sm4), buffer, size, 1); -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: - return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->camellia), buffer, size, 1); -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: - return TPM_RC_SUCCESS; -#endif // ALG_XOR - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SYM_MODE_Marshal(TPMU_SYM_MODE *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_TDES - case ALG_TDES_VALUE: - return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->tdes), buffer, size); -#endif // ALG_TDES -#if ALG_AES - case ALG_AES_VALUE: - return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->aes), buffer, size); -#endif // ALG_AES -#if ALG_SM4 - case ALG_SM4_VALUE: - return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->sm4), buffer, size); -#endif // ALG_SM4 -#if ALG_CAMELLIA - case ALG_CAMELLIA_VALUE: - return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->camellia), buffer, size); -#endif // ALG_CAMELLIA -#if ALG_XOR - case ALG_XOR_VALUE: - return 0; -#endif // ALG_XOR - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:136 - Definition of TPMT_SYM_DEF Structure -TPM_RC -TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_SYM_Unmarshal((TPMI_ALG_SYM *)&(target->algorithm), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SYM_KEY_BITS_Unmarshal((TPMU_SYM_KEY_BITS *)&(target->keyBits), buffer, size, (UINT32)target->algorithm); - if(result == TPM_RC_SUCCESS) - result = TPMU_SYM_MODE_Unmarshal((TPMU_SYM_MODE *)&(target->mode), buffer, size, (UINT32)target->algorithm); - return result; -} -UINT16 -TPMT_SYM_DEF_Marshal(TPMT_SYM_DEF *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_SYM_Marshal((TPMI_ALG_SYM *)&(source->algorithm), buffer, size)); - result = (UINT16)(result + TPMU_SYM_KEY_BITS_Marshal((TPMU_SYM_KEY_BITS *)&(source->keyBits), buffer, size, (UINT32)source->algorithm)); - result = (UINT16)(result + TPMU_SYM_MODE_Marshal((TPMU_SYM_MODE *)&(source->mode), buffer, size, (UINT32)source->algorithm)); - return result; -} - -// Table 2:137 - Definition of TPMT_SYM_DEF_OBJECT Structure -TPM_RC -TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_SYM_OBJECT_Unmarshal((TPMI_ALG_SYM_OBJECT *)&(target->algorithm), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SYM_KEY_BITS_Unmarshal((TPMU_SYM_KEY_BITS *)&(target->keyBits), buffer, size, (UINT32)target->algorithm); - if(result == TPM_RC_SUCCESS) - result = TPMU_SYM_MODE_Unmarshal((TPMU_SYM_MODE *)&(target->mode), buffer, size, (UINT32)target->algorithm); - return result; -} -UINT16 -TPMT_SYM_DEF_OBJECT_Marshal(TPMT_SYM_DEF_OBJECT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_SYM_OBJECT_Marshal((TPMI_ALG_SYM_OBJECT *)&(source->algorithm), buffer, size)); - result = (UINT16)(result + TPMU_SYM_KEY_BITS_Marshal((TPMU_SYM_KEY_BITS *)&(source->keyBits), buffer, size, (UINT32)source->algorithm)); - result = (UINT16)(result + TPMU_SYM_MODE_Marshal((TPMU_SYM_MODE *)&(source->mode), buffer, size, (UINT32)source->algorithm)); - return result; -} - -// Table 2:138 - Definition of TPM2B_SYM_KEY Structure -TPM_RC -TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_SYM_KEY_BYTES) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:139 - Definition of TPMS_SYMCIPHER_PARMS Structure -TPM_RC -TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size) -{ - return TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->sym), buffer, size, 0); -} -UINT16 -TPMS_SYMCIPHER_PARMS_Marshal(TPMS_SYMCIPHER_PARMS *source, BYTE **buffer, INT32 *size) -{ - return TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->sym), buffer, size); -} - -// Table 2:140 - Definition of TPM2B_LABEL Structure -TPM_RC -TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > LABEL_MAX_BUFFER) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_LABEL_Marshal(TPM2B_LABEL *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:141 - Definition of TPMS_DERIVE Structure -TPM_RC -TPMS_DERIVE_Unmarshal(TPMS_DERIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM2B_LABEL_Unmarshal((TPM2B_LABEL *)&(target->label), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_LABEL_Unmarshal((TPM2B_LABEL *)&(target->context), buffer, size); - return result; -} -UINT16 -TPMS_DERIVE_Marshal(TPMS_DERIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_LABEL_Marshal((TPM2B_LABEL *)&(source->label), buffer, size)); - result = (UINT16)(result + TPM2B_LABEL_Marshal((TPM2B_LABEL *)&(source->context), buffer, size)); - return result; -} - -// Table 2:142 - Definition of TPM2B_DERIVE Structure -TPM_RC -TPM2B_DERIVE_Unmarshal(TPM2B_DERIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMS_DERIVE)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_DERIVE_Marshal(TPM2B_DERIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:143 - Definition of TPMU_SENSITIVE_CREATE Union -// Table 2:144 - Definition of TPM2B_SENSITIVE_DATA Structure -TPM_RC -TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMU_SENSITIVE_CREATE)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:145 - Definition of TPMS_SENSITIVE_CREATE Structure -TPM_RC -TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->userAuth), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_SENSITIVE_DATA_Unmarshal((TPM2B_SENSITIVE_DATA *)&(target->data), buffer, size); - return result; -} - -// Table 2:146 - Definition of TPM2B_SENSITIVE_CREATE Structure -TPM_RC -TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - if(result == TPM_RC_SUCCESS) - { - // if size is zero, then the required structure is missing - if(target->size == 0) - result = TPM_RC_SIZE; - else - { - INT32 startSize = *size; - result = TPMS_SENSITIVE_CREATE_Unmarshal((TPMS_SENSITIVE_CREATE *)&(target->sensitive), buffer, size); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - } - return result; -} - -// Table 2:147 - Definition of TPMS_SCHEME_HASH Structure -TPM_RC -TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size) -{ - return TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); -} -UINT16 -TPMS_SCHEME_HASH_Marshal(TPMS_SCHEME_HASH *source, BYTE **buffer, INT32 *size) -{ - return TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size); -} - -// Table 2:148 - Definition of TPMS_SCHEME_ECDAA Structure -#if ALG_ECC -TPM_RC -TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = UINT16_Unmarshal((UINT16 *)&(target->count), buffer, size); - return result; -} -UINT16 -TPMS_SCHEME_ECDAA_Marshal(TPMS_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->count), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:149 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type -TPM_RC -TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_HMAC - case ALG_HMAC_VALUE: -#endif // ALG_HMAC -#if ALG_XOR - case ALG_XOR_VALUE: -#endif // ALG_XOR - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_KEYEDHASH_SCHEME_Marshal(TPMI_ALG_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:150 - Definition of Types for HMAC_SIG_SCHEME -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_HMAC_Marshal(TPMS_SCHEME_HMAC *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:151 - Definition of TPMS_SCHEME_XOR Structure -TPM_RC -TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = TPMI_ALG_KDF_Unmarshal((TPMI_ALG_KDF *)&(target->kdf), buffer, size, 1); - return result; -} -UINT16 -TPMS_SCHEME_XOR_Marshal(TPMS_SCHEME_XOR *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); - result = (UINT16)(result + TPMI_ALG_KDF_Marshal((TPMI_ALG_KDF *)&(source->kdf), buffer, size)); - return result; -} - -// Table 2:152 - Definition of TPMU_SCHEME_KEYEDHASH Union -TPM_RC -TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMS_SCHEME_HMAC_Unmarshal((TPMS_SCHEME_HMAC *)&(target->hmac), buffer, size); -#endif // ALG_HMAC -#if ALG_XOR - case ALG_XOR_VALUE: - return TPMS_SCHEME_XOR_Unmarshal((TPMS_SCHEME_XOR *)&(target->xor), buffer, size); -#endif // ALG_XOR - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SCHEME_KEYEDHASH_Marshal(TPMU_SCHEME_KEYEDHASH *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMS_SCHEME_HMAC_Marshal((TPMS_SCHEME_HMAC *)&(source->hmac), buffer, size); -#endif // ALG_HMAC -#if ALG_XOR - case ALG_XOR_VALUE: - return TPMS_SCHEME_XOR_Marshal((TPMS_SCHEME_XOR *)&(source->xor), buffer, size); -#endif // ALG_XOR - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:153 - Definition of TPMT_KEYEDHASH_SCHEME Structure -TPM_RC -TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal((TPMI_ALG_KEYEDHASH_SCHEME *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SCHEME_KEYEDHASH_Unmarshal((TPMU_SCHEME_KEYEDHASH *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_KEYEDHASH_SCHEME_Marshal(TPMT_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_KEYEDHASH_SCHEME_Marshal((TPMI_ALG_KEYEDHASH_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_SCHEME_KEYEDHASH_Marshal((TPMU_SCHEME_KEYEDHASH *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} - -// Table 2:154 - Definition of Types for RSA Signature Schemes -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_RSAPSS_Marshal(TPMS_SIG_SCHEME_RSAPSS *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:155 - Definition of Types for ECC Signature Schemes -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_ECDSA_Marshal(TPMS_SIG_SCHEME_ECDSA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_SM2_Marshal(TPMS_SIG_SCHEME_SM2 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_ECSCHNORR_Marshal(TPMS_SIG_SCHEME_ECSCHNORR *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_ECDAA_Unmarshal((TPMS_SCHEME_ECDAA *)target, buffer, size); -} -UINT16 -TPMS_SIG_SCHEME_ECDAA_Marshal(TPMS_SIG_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_ECDAA_Marshal((TPMS_SCHEME_ECDAA *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:156 - Definition of TPMU_SIG_SCHEME Union -TPM_RC -TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIG_SCHEME_ECDAA_Unmarshal((TPMS_SIG_SCHEME_ECDAA *)&(target->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIG_SCHEME_RSASSA_Unmarshal((TPMS_SIG_SCHEME_RSASSA *)&(target->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIG_SCHEME_RSAPSS_Unmarshal((TPMS_SIG_SCHEME_RSAPSS *)&(target->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIG_SCHEME_ECDSA_Unmarshal((TPMS_SIG_SCHEME_ECDSA *)&(target->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIG_SCHEME_SM2_Unmarshal((TPMS_SIG_SCHEME_SM2 *)&(target->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(target->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMS_SCHEME_HMAC_Unmarshal((TPMS_SCHEME_HMAC *)&(target->hmac), buffer, size); -#endif // ALG_HMAC - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SIG_SCHEME_Marshal(TPMU_SIG_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIG_SCHEME_ECDAA_Marshal((TPMS_SIG_SCHEME_ECDAA *)&(source->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIG_SCHEME_RSASSA_Marshal((TPMS_SIG_SCHEME_RSASSA *)&(source->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIG_SCHEME_RSAPSS_Marshal((TPMS_SIG_SCHEME_RSAPSS *)&(source->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIG_SCHEME_ECDSA_Marshal((TPMS_SIG_SCHEME_ECDSA *)&(source->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIG_SCHEME_SM2_Marshal((TPMS_SIG_SCHEME_SM2 *)&(source->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIG_SCHEME_ECSCHNORR_Marshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(source->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMS_SCHEME_HMAC_Marshal((TPMS_SCHEME_HMAC *)&(source->hmac), buffer, size); -#endif // ALG_HMAC - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:157 - Definition of TPMT_SIG_SCHEME Structure -TPM_RC -TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_SIG_SCHEME_Unmarshal((TPMI_ALG_SIG_SCHEME *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SIG_SCHEME_Unmarshal((TPMU_SIG_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_SIG_SCHEME_Marshal(TPMT_SIG_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_SIG_SCHEME_Marshal((TPMI_ALG_SIG_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_SIG_SCHEME_Marshal((TPMU_SIG_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} - -// Table 2:158 - Definition of Types for Encryption Schemes -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size) -{ - return TPMS_EMPTY_Unmarshal((TPMS_EMPTY *)target, buffer, size); -} -UINT16 -TPMS_ENC_SCHEME_RSAES_Marshal(TPMS_ENC_SCHEME_RSAES *source, BYTE **buffer, INT32 *size) -{ - return TPMS_EMPTY_Marshal((TPMS_EMPTY *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:159 - Definition of Types for ECC Key Exchange -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_KEY_SCHEME_ECDH_Marshal(TPMS_KEY_SCHEME_ECDH *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_KEY_SCHEME_ECMQV_Marshal(TPMS_KEY_SCHEME_ECMQV *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:160 - Definition of Types for KDF Schemes -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_MGF1_Marshal(TPMS_SCHEME_MGF1 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_KDF1_SP800_56A_Marshal(TPMS_SCHEME_KDF1_SP800_56A *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_KDF2_Marshal(TPMS_SCHEME_KDF2 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -TPM_RC -TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); -} -UINT16 -TPMS_SCHEME_KDF1_SP800_108_Marshal(TPMS_SCHEME_KDF1_SP800_108 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:161 - Definition of TPMU_KDF_SCHEME Union -TPM_RC -TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_MGF1 - case ALG_MGF1_VALUE: - return TPMS_SCHEME_MGF1_Unmarshal((TPMS_SCHEME_MGF1 *)&(target->mgf1), buffer, size); -#endif // ALG_MGF1 -#if ALG_KDF1_SP800_56A - case ALG_KDF1_SP800_56A_VALUE: - return TPMS_SCHEME_KDF1_SP800_56A_Unmarshal((TPMS_SCHEME_KDF1_SP800_56A *)&(target->kdf1_sp800_56a), buffer, size); -#endif // ALG_KDF1_SP800_56A -#if ALG_KDF2 - case ALG_KDF2_VALUE: - return TPMS_SCHEME_KDF2_Unmarshal((TPMS_SCHEME_KDF2 *)&(target->kdf2), buffer, size); -#endif // ALG_KDF2 -#if ALG_KDF1_SP800_108 - case ALG_KDF1_SP800_108_VALUE: - return TPMS_SCHEME_KDF1_SP800_108_Unmarshal((TPMS_SCHEME_KDF1_SP800_108 *)&(target->kdf1_sp800_108), buffer, size); -#endif // ALG_KDF1_SP800_108 - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_KDF_SCHEME_Marshal(TPMU_KDF_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_MGF1 - case ALG_MGF1_VALUE: - return TPMS_SCHEME_MGF1_Marshal((TPMS_SCHEME_MGF1 *)&(source->mgf1), buffer, size); -#endif // ALG_MGF1 -#if ALG_KDF1_SP800_56A - case ALG_KDF1_SP800_56A_VALUE: - return TPMS_SCHEME_KDF1_SP800_56A_Marshal((TPMS_SCHEME_KDF1_SP800_56A *)&(source->kdf1_sp800_56a), buffer, size); -#endif // ALG_KDF1_SP800_56A -#if ALG_KDF2 - case ALG_KDF2_VALUE: - return TPMS_SCHEME_KDF2_Marshal((TPMS_SCHEME_KDF2 *)&(source->kdf2), buffer, size); -#endif // ALG_KDF2 -#if ALG_KDF1_SP800_108 - case ALG_KDF1_SP800_108_VALUE: - return TPMS_SCHEME_KDF1_SP800_108_Marshal((TPMS_SCHEME_KDF1_SP800_108 *)&(source->kdf1_sp800_108), buffer, size); -#endif // ALG_KDF1_SP800_108 - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:162 - Definition of TPMT_KDF_SCHEME Structure -TPM_RC -TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_KDF_Unmarshal((TPMI_ALG_KDF *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_KDF_SCHEME_Unmarshal((TPMU_KDF_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_KDF_SCHEME_Marshal(TPMT_KDF_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_KDF_Marshal((TPMI_ALG_KDF *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_KDF_SCHEME_Marshal((TPMU_KDF_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} - -// Table 2:163 - Definition of TPMI_ALG_ASYM_SCHEME Type -TPM_RC -TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_ECDH - case ALG_ECDH_VALUE: -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: -#endif // ALG_ECMQV -#if ALG_ECDAA - case ALG_ECDAA_VALUE: -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -#endif // ALG_ECSCHNORR -#if ALG_RSAES - case ALG_RSAES_VALUE: -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: -#endif // ALG_OAEP - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ASYM_SCHEME_Marshal(TPMI_ALG_ASYM_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:164 - Definition of TPMU_ASYM_SCHEME Union -TPM_RC -TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDH - case ALG_ECDH_VALUE: - return TPMS_KEY_SCHEME_ECDH_Unmarshal((TPMS_KEY_SCHEME_ECDH *)&(target->ecdh), buffer, size); -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: - return TPMS_KEY_SCHEME_ECMQV_Unmarshal((TPMS_KEY_SCHEME_ECMQV *)&(target->ecmqv), buffer, size); -#endif // ALG_ECMQV -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIG_SCHEME_ECDAA_Unmarshal((TPMS_SIG_SCHEME_ECDAA *)&(target->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIG_SCHEME_RSASSA_Unmarshal((TPMS_SIG_SCHEME_RSASSA *)&(target->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIG_SCHEME_RSAPSS_Unmarshal((TPMS_SIG_SCHEME_RSAPSS *)&(target->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIG_SCHEME_ECDSA_Unmarshal((TPMS_SIG_SCHEME_ECDSA *)&(target->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIG_SCHEME_SM2_Unmarshal((TPMS_SIG_SCHEME_SM2 *)&(target->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(target->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_RSAES - case ALG_RSAES_VALUE: - return TPMS_ENC_SCHEME_RSAES_Unmarshal((TPMS_ENC_SCHEME_RSAES *)&(target->rsaes), buffer, size); -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: - return TPMS_ENC_SCHEME_OAEP_Unmarshal((TPMS_ENC_SCHEME_OAEP *)&(target->oaep), buffer, size); -#endif // ALG_OAEP - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_ASYM_SCHEME_Marshal(TPMU_ASYM_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDH - case ALG_ECDH_VALUE: - return TPMS_KEY_SCHEME_ECDH_Marshal((TPMS_KEY_SCHEME_ECDH *)&(source->ecdh), buffer, size); -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: - return TPMS_KEY_SCHEME_ECMQV_Marshal((TPMS_KEY_SCHEME_ECMQV *)&(source->ecmqv), buffer, size); -#endif // ALG_ECMQV -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIG_SCHEME_ECDAA_Marshal((TPMS_SIG_SCHEME_ECDAA *)&(source->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIG_SCHEME_RSASSA_Marshal((TPMS_SIG_SCHEME_RSASSA *)&(source->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIG_SCHEME_RSAPSS_Marshal((TPMS_SIG_SCHEME_RSAPSS *)&(source->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIG_SCHEME_ECDSA_Marshal((TPMS_SIG_SCHEME_ECDSA *)&(source->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIG_SCHEME_SM2_Marshal((TPMS_SIG_SCHEME_SM2 *)&(source->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIG_SCHEME_ECSCHNORR_Marshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(source->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_RSAES - case ALG_RSAES_VALUE: - return TPMS_ENC_SCHEME_RSAES_Marshal((TPMS_ENC_SCHEME_RSAES *)&(source->rsaes), buffer, size); -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: - return TPMS_ENC_SCHEME_OAEP_Marshal((TPMS_ENC_SCHEME_OAEP *)&(source->oaep), buffer, size); -#endif // ALG_OAEP - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:165 - Definition of TPMT_ASYM_SCHEME Structure -// Table 2:166 - Definition of TPMI_ALG_RSA_SCHEME Type -#if ALG_RSA -TPM_RC -TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_RSAES - case ALG_RSAES_VALUE: -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: -#endif // ALG_OAEP -#if ALG_RSASSA - case ALG_RSASSA_VALUE: -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: -#endif // ALG_RSAPSS - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_RSA_SCHEME_Marshal(TPMI_ALG_RSA_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:167 - Definition of TPMT_RSA_SCHEME Structure -#if ALG_RSA -TPM_RC -TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_RSA_SCHEME_Unmarshal((TPMI_ALG_RSA_SCHEME *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_RSA_SCHEME_Marshal(TPMT_RSA_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_RSA_SCHEME_Marshal((TPMI_ALG_RSA_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} -#endif // ALG_RSA - -// Table 2:168 - Definition of TPMI_ALG_RSA_DECRYPT Type -#if ALG_RSA -TPM_RC -TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_RSAES - case ALG_RSAES_VALUE: -#endif // ALG_RSAES -#if ALG_OAEP - case ALG_OAEP_VALUE: -#endif // ALG_OAEP - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_VALUE; - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_RSA_DECRYPT_Marshal(TPMI_ALG_RSA_DECRYPT *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:169 - Definition of TPMT_RSA_DECRYPT Structure -#if ALG_RSA -TPM_RC -TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_RSA_DECRYPT_Unmarshal((TPMI_ALG_RSA_DECRYPT *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_RSA_DECRYPT_Marshal(TPMT_RSA_DECRYPT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_RSA_DECRYPT_Marshal((TPMI_ALG_RSA_DECRYPT *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} -#endif // ALG_RSA - -// Table 2:170 - Definition of TPM2B_PUBLIC_KEY_RSA Structure -#if ALG_RSA -TPM_RC -TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_RSA_KEY_BYTES) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} -#endif // ALG_RSA - -// Table 2:171 - Definition of TPMI_RSA_KEY_BITS Type -#if ALG_RSA -TPM_RC -TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if RSA_1024 - case 1024: -#endif // RSA_1024 -#if RSA_2048 - case 2048: -#endif // RSA_2048 -#if RSA_3072 - case 3072: -#endif // RSA_3072 -#if RSA_4096 - case 4096: -#endif // RSA_4096 - break; - default: - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_RSA_KEY_BITS_Marshal(TPMI_RSA_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:172 - Definition of TPM2B_PRIVATE_KEY_RSA Structure -#if ALG_RSA -TPM_RC -TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > RSA_PRIVATE_SIZE) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} -#endif // ALG_RSA - -// Table 2:173 - Definition of TPM2B_ECC_PARAMETER Structure -TPM_RC -TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_ECC_KEY_BYTES) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:174 - Definition of TPMS_ECC_POINT Structure -#if ALG_ECC -TPM_RC -TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->x), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->y), buffer, size); - return result; -} -UINT16 -TPMS_ECC_POINT_Marshal(TPMS_ECC_POINT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->x), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->y), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:175 - Definition of TPM2B_ECC_POINT Structure -#if ALG_ECC -TPM_RC -TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - if(result == TPM_RC_SUCCESS) - { - // if size is zero, then the required structure is missing - if(target->size == 0) - result = TPM_RC_SIZE; - else - { - INT32 startSize = *size; - result = TPMS_ECC_POINT_Unmarshal((TPMS_ECC_POINT *)&(target->point), buffer, size); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - } - return result; -} -UINT16 -TPM2B_ECC_POINT_Marshal(TPM2B_ECC_POINT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMS_ECC_POINT_Marshal((TPMS_ECC_POINT *)&(source->point), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} -#endif // ALG_ECC - -// Table 2:176 - Definition of TPMI_ALG_ECC_SCHEME Type -#if ALG_ECC -TPM_RC -TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: -#endif // ALG_ECDAA -#if ALG_ECDSA - case ALG_ECDSA_VALUE: -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: -#endif // ALG_ECSCHNORR -#if ALG_ECDH - case ALG_ECDH_VALUE: -#endif // ALG_ECDH -#if ALG_ECMQV - case ALG_ECMQV_VALUE: -#endif // ALG_ECMQV - break; - case ALG_NULL_VALUE: - if(!flag) - result = TPM_RC_SCHEME; - break; - default: - result = TPM_RC_SCHEME; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_ECC_SCHEME_Marshal(TPMI_ALG_ECC_SCHEME *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:177 - Definition of TPMI_ECC_CURVE Type -#if ALG_ECC -TPM_RC -TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ECC_CURVE_Unmarshal((TPM_ECC_CURVE *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ECC_BN_P256 - case TPM_ECC_BN_P256: -#endif // ECC_BN_P256 -#if ECC_BN_P638 - case TPM_ECC_BN_P638: -#endif // ECC_BN_P638 -#if ECC_NIST_P192 - case TPM_ECC_NIST_P192: -#endif // ECC_NIST_P192 -#if ECC_NIST_P224 - case TPM_ECC_NIST_P224: -#endif // ECC_NIST_P224 -#if ECC_NIST_P256 - case TPM_ECC_NIST_P256: -#endif // ECC_NIST_P256 -#if ECC_NIST_P384 - case TPM_ECC_NIST_P384: -#endif // ECC_NIST_P384 -#if ECC_NIST_P521 - case TPM_ECC_NIST_P521: -#endif // ECC_NIST_P521 -#if ECC_SM2_P256 - case TPM_ECC_SM2_P256: -#endif // ECC_SM2_P256 - break; - default: - result = TPM_RC_CURVE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ECC_CURVE_Marshal(TPMI_ECC_CURVE *source, BYTE **buffer, INT32 *size) -{ - return TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:178 - Definition of TPMT_ECC_SCHEME Structure -#if ALG_ECC -TPM_RC -TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_ECC_SCHEME_Unmarshal((TPMI_ALG_ECC_SCHEME *)&(target->scheme), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); - return result; -} -UINT16 -TPMT_ECC_SCHEME_Marshal(TPMT_ECC_SCHEME *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_ECC_SCHEME_Marshal((TPMI_ALG_ECC_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); - return result; -} -#endif // ALG_ECC - -// Table 2:179 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure -#if ALG_ECC -UINT16 -TPMS_ALGORITHM_DETAIL_ECC_Marshal(TPMS_ALGORITHM_DETAIL_ECC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)&(source->curveID), buffer, size)); - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->keySize), buffer, size)); - result = (UINT16)(result + TPMT_KDF_SCHEME_Marshal((TPMT_KDF_SCHEME *)&(source->kdf), buffer, size)); - result = (UINT16)(result + TPMT_ECC_SCHEME_Marshal((TPMT_ECC_SCHEME *)&(source->sign), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->p), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->a), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->b), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->gX), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->gY), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->n), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->h), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:180 - Definition of TPMS_SIGNATURE_RSA Structure -#if ALG_RSA -TPM_RC -TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = TPM2B_PUBLIC_KEY_RSA_Unmarshal((TPM2B_PUBLIC_KEY_RSA *)&(target->sig), buffer, size); - return result; -} -UINT16 -TPMS_SIGNATURE_RSA_Marshal(TPMS_SIGNATURE_RSA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); - result = (UINT16)(result + TPM2B_PUBLIC_KEY_RSA_Marshal((TPM2B_PUBLIC_KEY_RSA *)&(source->sig), buffer, size)); - return result; -} -#endif // ALG_RSA - -// Table 2:181 - Definition of Types for Signature -#if ALG_RSA -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_RSASSA_Marshal(TPMS_SIGNATURE_RSASSA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)source, buffer, size); -} -TPM_RC -TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_RSAPSS_Marshal(TPMS_SIGNATURE_RSAPSS *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_RSA - -// Table 2:182 - Definition of TPMS_SIGNATURE_ECC Structure -#if ALG_ECC -TPM_RC -TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->signatureR), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->signatureS), buffer, size); - return result; -} -UINT16 -TPMS_SIGNATURE_ECC_Marshal(TPMS_SIGNATURE_ECC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->signatureR), buffer, size)); - result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->signatureS), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:183 - Definition of Types for TPMS_SIGNATURE_ECC -#if ALG_ECC -#if !USE_MARSHALING_DEFINES -TPM_RC -TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_ECDAA_Marshal(TPMS_SIGNATURE_ECDAA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); -} -TPM_RC -TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_ECDSA_Marshal(TPMS_SIGNATURE_ECDSA *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); -} -TPM_RC -TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_SM2_Marshal(TPMS_SIGNATURE_SM2 *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); -} -TPM_RC -TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); -} -UINT16 -TPMS_SIGNATURE_ECSCHNORR_Marshal(TPMS_SIGNATURE_ECSCHNORR *source, BYTE **buffer, INT32 *size) -{ - return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES -#endif // ALG_ECC - -// Table 2:184 - Definition of TPMU_SIGNATURE Union -TPM_RC -TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIGNATURE_ECDAA_Unmarshal((TPMS_SIGNATURE_ECDAA *)&(target->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIGNATURE_RSASSA_Unmarshal((TPMS_SIGNATURE_RSASSA *)&(target->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIGNATURE_RSAPSS_Unmarshal((TPMS_SIGNATURE_RSAPSS *)&(target->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIGNATURE_ECDSA_Unmarshal((TPMS_SIGNATURE_ECDSA *)&(target->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIGNATURE_SM2_Unmarshal((TPMS_SIGNATURE_SM2 *)&(target->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIGNATURE_ECSCHNORR_Unmarshal((TPMS_SIGNATURE_ECSCHNORR *)&(target->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMT_HA_Unmarshal((TPMT_HA *)&(target->hmac), buffer, size, 0); -#endif // ALG_HMAC - case ALG_NULL_VALUE: - return TPM_RC_SUCCESS; - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SIGNATURE_Marshal(TPMU_SIGNATURE *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECDAA - case ALG_ECDAA_VALUE: - return TPMS_SIGNATURE_ECDAA_Marshal((TPMS_SIGNATURE_ECDAA *)&(source->ecdaa), buffer, size); -#endif // ALG_ECDAA -#if ALG_RSASSA - case ALG_RSASSA_VALUE: - return TPMS_SIGNATURE_RSASSA_Marshal((TPMS_SIGNATURE_RSASSA *)&(source->rsassa), buffer, size); -#endif // ALG_RSASSA -#if ALG_RSAPSS - case ALG_RSAPSS_VALUE: - return TPMS_SIGNATURE_RSAPSS_Marshal((TPMS_SIGNATURE_RSAPSS *)&(source->rsapss), buffer, size); -#endif // ALG_RSAPSS -#if ALG_ECDSA - case ALG_ECDSA_VALUE: - return TPMS_SIGNATURE_ECDSA_Marshal((TPMS_SIGNATURE_ECDSA *)&(source->ecdsa), buffer, size); -#endif // ALG_ECDSA -#if ALG_SM2 - case ALG_SM2_VALUE: - return TPMS_SIGNATURE_SM2_Marshal((TPMS_SIGNATURE_SM2 *)&(source->sm2), buffer, size); -#endif // ALG_SM2 -#if ALG_ECSCHNORR - case ALG_ECSCHNORR_VALUE: - return TPMS_SIGNATURE_ECSCHNORR_Marshal((TPMS_SIGNATURE_ECSCHNORR *)&(source->ecschnorr), buffer, size); -#endif // ALG_ECSCHNORR -#if ALG_HMAC - case ALG_HMAC_VALUE: - return TPMT_HA_Marshal((TPMT_HA *)&(source->hmac), buffer, size); -#endif // ALG_HMAC - case ALG_NULL_VALUE: - return 0; - } - return 0; -} - -// Table 2:185 - Definition of TPMT_SIGNATURE Structure -TPM_RC -TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_SIG_SCHEME_Unmarshal((TPMI_ALG_SIG_SCHEME *)&(target->sigAlg), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMU_SIGNATURE_Unmarshal((TPMU_SIGNATURE *)&(target->signature), buffer, size, (UINT32)target->sigAlg); - return result; -} -UINT16 -TPMT_SIGNATURE_Marshal(TPMT_SIGNATURE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_SIG_SCHEME_Marshal((TPMI_ALG_SIG_SCHEME *)&(source->sigAlg), buffer, size)); - result = (UINT16)(result + TPMU_SIGNATURE_Marshal((TPMU_SIGNATURE *)&(source->signature), buffer, size, (UINT32)source->sigAlg)); - return result; -} - -// Table 2:186 - Definition of TPMU_ENCRYPTED_SECRET Union -TPM_RC -TPMU_ENCRYPTED_SECRET_Unmarshal(TPMU_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECC - case ALG_ECC_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->ecc), buffer, size, (INT32)sizeof(TPMS_ECC_POINT)); -#endif // ALG_ECC -#if ALG_RSA - case ALG_RSA_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->rsa), buffer, size, (INT32)MAX_RSA_KEY_BYTES); -#endif // ALG_RSA -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->symmetric), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); -#endif // ALG_SYMCIPHER -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return BYTE_Array_Unmarshal((BYTE *)(target->keyedHash), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); -#endif // ALG_KEYEDHASH - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_ENCRYPTED_SECRET_Marshal(TPMU_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_ECC - case ALG_ECC_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->ecc), buffer, size, (INT32)sizeof(TPMS_ECC_POINT)); -#endif // ALG_ECC -#if ALG_RSA - case ALG_RSA_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->rsa), buffer, size, (INT32)MAX_RSA_KEY_BYTES); -#endif // ALG_RSA -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->symmetric), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); -#endif // ALG_SYMCIPHER -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return BYTE_Array_Marshal((BYTE *)(source->keyedHash), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); -#endif // ALG_KEYEDHASH - } - return 0; -} - -// Table 2:187 - Definition of TPM2B_ENCRYPTED_SECRET Structure -TPM_RC -TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMU_ENCRYPTED_SECRET)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.secret), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.secret), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:188 - Definition of TPMI_ALG_PUBLIC Type -TPM_RC -TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch (*target) - { -#if ALG_RSA - case ALG_RSA_VALUE: -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: -#endif // ALG_ECC -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: -#endif // ALG_SYMCIPHER - break; - default: - result = TPM_RC_TYPE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPMI_ALG_PUBLIC_Marshal(TPMI_ALG_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:189 - Definition of TPMU_PUBLIC_ID Union -TPM_RC -TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->keyedHash), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->sym), buffer, size); -#endif // ALG_SYMCIPHER -#if ALG_RSA - case ALG_RSA_VALUE: - return TPM2B_PUBLIC_KEY_RSA_Unmarshal((TPM2B_PUBLIC_KEY_RSA *)&(target->rsa), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPMS_ECC_POINT_Unmarshal((TPMS_ECC_POINT *)&(target->ecc), buffer, size); -#endif // ALG_ECC - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_PUBLIC_ID_Marshal(TPMU_PUBLIC_ID *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->keyedHash), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->sym), buffer, size); -#endif // ALG_SYMCIPHER -#if ALG_RSA - case ALG_RSA_VALUE: - return TPM2B_PUBLIC_KEY_RSA_Marshal((TPM2B_PUBLIC_KEY_RSA *)&(source->rsa), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPMS_ECC_POINT_Marshal((TPMS_ECC_POINT *)&(source->ecc), buffer, size); -#endif // ALG_ECC - } - return 0; -} - -// Table 2:190 - Definition of TPMS_KEYEDHASH_PARMS Structure -TPM_RC -TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size) -{ - return TPMT_KEYEDHASH_SCHEME_Unmarshal((TPMT_KEYEDHASH_SCHEME *)&(target->scheme), buffer, size, 1); -} -UINT16 -TPMS_KEYEDHASH_PARMS_Marshal(TPMS_KEYEDHASH_PARMS *source, BYTE **buffer, INT32 *size) -{ - return TPMT_KEYEDHASH_SCHEME_Marshal((TPMT_KEYEDHASH_SCHEME *)&(source->scheme), buffer, size); -} - -// Table 2:191 - Definition of TPMS_ASYM_PARMS Structure -// Table 2:192 - Definition of TPMS_RSA_PARMS Structure -#if ALG_RSA -TPM_RC -TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->symmetric), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPMT_RSA_SCHEME_Unmarshal((TPMT_RSA_SCHEME *)&(target->scheme), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPMI_RSA_KEY_BITS_Unmarshal((TPMI_RSA_KEY_BITS *)&(target->keyBits), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT32_Unmarshal((UINT32 *)&(target->exponent), buffer, size); - return result; -} -UINT16 -TPMS_RSA_PARMS_Marshal(TPMS_RSA_PARMS *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->symmetric), buffer, size)); - result = (UINT16)(result + TPMT_RSA_SCHEME_Marshal((TPMT_RSA_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMI_RSA_KEY_BITS_Marshal((TPMI_RSA_KEY_BITS *)&(source->keyBits), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->exponent), buffer, size)); - return result; -} -#endif // ALG_RSA - -// Table 2:193 - Definition of TPMS_ECC_PARMS Structure -#if ALG_ECC -TPM_RC -TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->symmetric), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPMT_ECC_SCHEME_Unmarshal((TPMT_ECC_SCHEME *)&(target->scheme), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPMI_ECC_CURVE_Unmarshal((TPMI_ECC_CURVE *)&(target->curveID), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMT_KDF_SCHEME_Unmarshal((TPMT_KDF_SCHEME *)&(target->kdf), buffer, size, 1); - return result; -} -UINT16 -TPMS_ECC_PARMS_Marshal(TPMS_ECC_PARMS *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->symmetric), buffer, size)); - result = (UINT16)(result + TPMT_ECC_SCHEME_Marshal((TPMT_ECC_SCHEME *)&(source->scheme), buffer, size)); - result = (UINT16)(result + TPMI_ECC_CURVE_Marshal((TPMI_ECC_CURVE *)&(source->curveID), buffer, size)); - result = (UINT16)(result + TPMT_KDF_SCHEME_Marshal((TPMT_KDF_SCHEME *)&(source->kdf), buffer, size)); - return result; -} -#endif // ALG_ECC - -// Table 2:194 - Definition of TPMU_PUBLIC_PARMS Union -TPM_RC -TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPMS_KEYEDHASH_PARMS_Unmarshal((TPMS_KEYEDHASH_PARMS *)&(target->keyedHashDetail), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPMS_SYMCIPHER_PARMS_Unmarshal((TPMS_SYMCIPHER_PARMS *)&(target->symDetail), buffer, size); -#endif // ALG_SYMCIPHER -#if ALG_RSA - case ALG_RSA_VALUE: - return TPMS_RSA_PARMS_Unmarshal((TPMS_RSA_PARMS *)&(target->rsaDetail), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPMS_ECC_PARMS_Unmarshal((TPMS_ECC_PARMS *)&(target->eccDetail), buffer, size); -#endif // ALG_ECC - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPMS_KEYEDHASH_PARMS_Marshal((TPMS_KEYEDHASH_PARMS *)&(source->keyedHashDetail), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPMS_SYMCIPHER_PARMS_Marshal((TPMS_SYMCIPHER_PARMS *)&(source->symDetail), buffer, size); -#endif // ALG_SYMCIPHER -#if ALG_RSA - case ALG_RSA_VALUE: - return TPMS_RSA_PARMS_Marshal((TPMS_RSA_PARMS *)&(source->rsaDetail), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPMS_ECC_PARMS_Marshal((TPMS_ECC_PARMS *)&(source->eccDetail), buffer, size); -#endif // ALG_ECC - } - return 0; -} - -// Table 2:195 - Definition of TPMT_PUBLIC_PARMS Structure -TPM_RC -TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), buffer, size, (UINT32)target->type); - return result; -} -UINT16 -TPMT_PUBLIC_PARMS_Marshal(TPMT_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); - result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal((TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, (UINT32)source->type)); - return result; -} - -// Table 2:196 - Definition of TPMT_PUBLIC Structure -TPM_RC -TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), buffer, size, flag); - if(result == TPM_RC_SUCCESS) - result = TPMA_OBJECT_Unmarshal((TPMA_OBJECT *)&(target->objectAttributes), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), buffer, size, (UINT32)target->type); - if(result == TPM_RC_SUCCESS) - result = TPMU_PUBLIC_ID_Unmarshal((TPMU_PUBLIC_ID *)&(target->unique), buffer, size, (UINT32)target->type); - return result; -} -UINT16 -TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)); - result = (UINT16)(result + TPMA_OBJECT_Marshal((TPMA_OBJECT *)&(source->objectAttributes), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); - result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal((TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, (UINT32)source->type)); - result = (UINT16)(result + TPMU_PUBLIC_ID_Marshal((TPMU_PUBLIC_ID *)&(source->unique), buffer, size, (UINT32)source->type)); - return result; -} - -// Table 2:197 - Definition of TPM2B_PUBLIC Structure -TPM_RC -TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - if(result == TPM_RC_SUCCESS) - { - // if size is zero, then the required structure is missing - if(target->size == 0) - result = TPM_RC_SIZE; - else - { - INT32 startSize = *size; - result = TPMT_PUBLIC_Unmarshal((TPMT_PUBLIC *)&(target->publicArea), buffer, size, flag); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - } - return result; -} -UINT16 -TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMT_PUBLIC_Marshal((TPMT_PUBLIC *)&(source->publicArea), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} - -// Table 2:198 - Definition of TPM2B_TEMPLATE Structure -TPM_RC -TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMT_PUBLIC)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_TEMPLATE_Marshal(TPM2B_TEMPLATE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:199 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure -TPM_RC -TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > PRIVATE_VENDOR_SPECIFIC_BYTES) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_PRIVATE_VENDOR_SPECIFIC_Marshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:200 - Definition of TPMU_SENSITIVE_COMPOSITE Union -TPM_RC -TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_RSA - case ALG_RSA_VALUE: - return TPM2B_PRIVATE_KEY_RSA_Unmarshal((TPM2B_PRIVATE_KEY_RSA *)&(target->rsa), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->ecc), buffer, size); -#endif // ALG_ECC -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPM2B_SENSITIVE_DATA_Unmarshal((TPM2B_SENSITIVE_DATA *)&(target->bits), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPM2B_SYM_KEY_Unmarshal((TPM2B_SYM_KEY *)&(target->sym), buffer, size); -#endif // ALG_SYMCIPHER - } - return TPM_RC_SELECTOR; -} -UINT16 -TPMU_SENSITIVE_COMPOSITE_Marshal(TPMU_SENSITIVE_COMPOSITE *source, BYTE **buffer, INT32 *size, UINT32 selector) -{ - switch(selector) { -#if ALG_RSA - case ALG_RSA_VALUE: - return TPM2B_PRIVATE_KEY_RSA_Marshal((TPM2B_PRIVATE_KEY_RSA *)&(source->rsa), buffer, size); -#endif // ALG_RSA -#if ALG_ECC - case ALG_ECC_VALUE: - return TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->ecc), buffer, size); -#endif // ALG_ECC -#if ALG_KEYEDHASH - case ALG_KEYEDHASH_VALUE: - return TPM2B_SENSITIVE_DATA_Marshal((TPM2B_SENSITIVE_DATA *)&(source->bits), buffer, size); -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - case ALG_SYMCIPHER_VALUE: - return TPM2B_SYM_KEY_Marshal((TPM2B_SYM_KEY *)&(source->sym), buffer, size); -#endif // ALG_SYMCIPHER - } - return 0; -} - -// Table 2:201 - Definition of TPMT_SENSITIVE Structure -TPM_RC -TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->sensitiveType), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->authValue), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->seedValue), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMU_SENSITIVE_COMPOSITE_Unmarshal((TPMU_SENSITIVE_COMPOSITE *)&(target->sensitive), buffer, size, (UINT32)target->sensitiveType); - return result; -} -UINT16 -TPMT_SENSITIVE_Marshal(TPMT_SENSITIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->sensitiveType), buffer, size)); - result = (UINT16)(result + TPM2B_AUTH_Marshal((TPM2B_AUTH *)&(source->authValue), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->seedValue), buffer, size)); - result = (UINT16)(result + TPMU_SENSITIVE_COMPOSITE_Marshal((TPMU_SENSITIVE_COMPOSITE *)&(source->sensitive), buffer, size, (UINT32)source->sensitiveType)); - return result; -} - -// Table 2:202 - Definition of TPM2B_SENSITIVE Structure -TPM_RC -TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - // if there was an error or if target->size equal to 0, - // skip unmarshaling of the structure - if((result == TPM_RC_SUCCESS) && (target->size != 0)) - { - INT32 startSize = *size; - result = TPMT_SENSITIVE_Unmarshal((TPMT_SENSITIVE *)&(target->sensitiveArea), buffer, size); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - return result; -} -UINT16 -TPM2B_SENSITIVE_Marshal(TPM2B_SENSITIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMT_SENSITIVE_Marshal((TPMT_SENSITIVE *)&(source->sensitiveArea), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} - -// Table 2:203 - Definition of _PRIVATE Structure -// Table 2:204 - Definition of TPM2B_PRIVATE Structure -TPM_RC -TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(_PRIVATE)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:205 - Definition of TPMS_ID_OBJECT Structure -// Table 2:206 - Definition of TPM2B_ID_OBJECT Structure -TPM_RC -TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMS_ID_OBJECT)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.credential), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.credential), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:207 - Definition of TPM_NV_INDEX Bits -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_NV_INDEX_Marshal(TPM_NV_INDEX *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:208 - Definition of TPM_NT Constants -// Table 2:209 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure -TPM_RC -TPMS_NV_PIN_COUNTER_PARAMETERS_Unmarshal(TPMS_NV_PIN_COUNTER_PARAMETERS *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)&(target->pinCount), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT32_Unmarshal((UINT32 *)&(target->pinLimit), buffer, size); - return result; -} -UINT16 -TPMS_NV_PIN_COUNTER_PARAMETERS_Marshal(TPMS_NV_PIN_COUNTER_PARAMETERS *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->pinCount), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->pinLimit), buffer, size)); - return result; -} - -// Table 2:210 - Definition of TPMA_NV Bits -TPM_RC -TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - if(*((UINT32 *)target) & (UINT32)0x01f00300) - result = TPM_RC_RESERVED_BITS; - } - return result; -} - -#if !USE_MARSHALING_DEFINES -UINT16 -TPMA_NV_Marshal(TPMA_NV *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:211 - Definition of TPMS_NV_PUBLIC Structure -TPM_RC -TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPMI_RH_NV_INDEX_Unmarshal((TPMI_RH_NV_INDEX *)&(target->nvIndex), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), buffer, size, 0); - if(result == TPM_RC_SUCCESS) - result = TPMA_NV_Unmarshal((TPMA_NV *)&(target->attributes), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), buffer, size); - if(result == TPM_RC_SUCCESS) - result = UINT16_Unmarshal((UINT16 *)&(target->dataSize), buffer, size); - if( (result == TPM_RC_SUCCESS) - && (target->dataSize > MAX_NV_INDEX_SIZE)) - result = TPM_RC_SIZE; - return result; -} -UINT16 -TPMS_NV_PUBLIC_Marshal(TPMS_NV_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPMI_RH_NV_INDEX_Marshal((TPMI_RH_NV_INDEX *)&(source->nvIndex), buffer, size)); - result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)); - result = (UINT16)(result + TPMA_NV_Marshal((TPMA_NV *)&(source->attributes), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->dataSize), buffer, size)); - return result; -} - -// Table 2:212 - Definition of TPM2B_NV_PUBLIC Structure -TPM_RC -TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a - if(result == TPM_RC_SUCCESS) - { - // if size is zero, then the required structure is missing - if(target->size == 0) - result = TPM_RC_SIZE; - else - { - INT32 startSize = *size; - result = TPMS_NV_PUBLIC_Unmarshal((TPMS_NV_PUBLIC *)&(target->nvPublic), buffer, size); // =b - if(result == TPM_RC_SUCCESS) - { - if(target->size != (startSize - *size)) - result = TPM_RC_SIZE; - } - } - } - return result; -} -UINT16 -TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMS_NV_PUBLIC_Marshal((TPMS_NV_PUBLIC *)&(source->nvPublic), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} - -// Table 2:213 - Definition of TPM2B_CONTEXT_SENSITIVE Structure -TPM_RC -TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > MAX_CONTEXT_SIZE) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_CONTEXT_SENSITIVE_Marshal(TPM2B_CONTEXT_SENSITIVE *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:214 - Definition of TPMS_CONTEXT_DATA Structure -TPM_RC -TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->integrity), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPM2B_CONTEXT_SENSITIVE_Unmarshal((TPM2B_CONTEXT_SENSITIVE *)&(target->encrypted), buffer, size); - return result; -} -UINT16 -TPMS_CONTEXT_DATA_Marshal(TPMS_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->integrity), buffer, size)); - result = (UINT16)(result + TPM2B_CONTEXT_SENSITIVE_Marshal((TPM2B_CONTEXT_SENSITIVE *)&(source->encrypted), buffer, size)); - return result; -} - -// Table 2:215 - Definition of TPM2B_CONTEXT_DATA Structure -TPM_RC -TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); - if(result == TPM_RC_SUCCESS) - { - if((target->t.size) > sizeof(TPMS_CONTEXT_DATA)) - result = TPM_RC_SIZE; - else - result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); - } - return result; -} -UINT16 -TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); - // if size equal to 0, the rest of the structure is a zero buffer. Stop processing - if(source->t.size == 0) - return result; - result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); - return result; -} - -// Table 2:216 - Definition of TPMS_CONTEXT Structure -TPM_RC -TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT64_Unmarshal((UINT64 *)&(target->sequence), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_DH_SAVED_Unmarshal((TPMI_DH_SAVED *)&(target->savedHandle), buffer, size); - if(result == TPM_RC_SUCCESS) - result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); - if(result == TPM_RC_SUCCESS) - result = TPM2B_CONTEXT_DATA_Unmarshal((TPM2B_CONTEXT_DATA *)&(target->contextBlob), buffer, size); - return result; -} -UINT16 -TPMS_CONTEXT_Marshal(TPMS_CONTEXT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->sequence), buffer, size)); - result = (UINT16)(result + TPMI_DH_SAVED_Marshal((TPMI_DH_SAVED *)&(source->savedHandle), buffer, size)); - result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); - result = (UINT16)(result + TPM2B_CONTEXT_DATA_Marshal((TPM2B_CONTEXT_DATA *)&(source->contextBlob), buffer, size)); - return result; -} - -// Table 2:218 - Definition of TPMS_CREATION_DATA Structure -UINT16 -TPMS_CREATION_DATA_Marshal(TPMS_CREATION_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->pcrSelect), buffer, size)); - result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->pcrDigest), buffer, size)); - result = (UINT16)(result + TPMA_LOCALITY_Marshal((TPMA_LOCALITY *)&(source->locality), buffer, size)); - result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->parentNameAlg), buffer, size)); - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->parentName), buffer, size)); - result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->parentQualifiedName), buffer, size)); - result = (UINT16)(result + TPM2B_DATA_Marshal((TPM2B_DATA *)&(source->outsideInfo), buffer, size)); - return result; -} - -// Table 2:219 - Definition of TPM2B_CREATION_DATA Structure -UINT16 -TPM2B_CREATION_DATA_Marshal(TPM2B_CREATION_DATA *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - // Marshal a dummy value of the 2B size. This makes sure that 'buffer' - // and 'size' are advanced as necessary (i.e., if they are present) - result = UINT16_Marshal(&result, buffer, size); - // Marshal the structure - result = (UINT16)(result + TPMS_CREATION_DATA_Marshal((TPMS_CREATION_DATA *)&(source->creationData), buffer, size)); - // if a buffer was provided, go back and fill in the actual size - if(buffer != NULL) - UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); - return result; -} - -// Table 2:220 - Definition of TPM_AT Constants -TPM_RC -TPM_AT_Unmarshal(TPM_AT *target, BYTE **buffer, INT32 *size) -{ - TPM_RC result; - result = UINT32_Unmarshal((UINT32 *)target, buffer, size); - if(result == TPM_RC_SUCCESS) - { - switch(*target) - { - case TPM_AT_ANY : - case TPM_AT_ERROR : - case TPM_AT_PV1 : - case TPM_AT_VEND : - break; - default : - result = TPM_RC_VALUE; - break; - } - } - return result; -} -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AT_Marshal(TPM_AT *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:221 - Definition of TPM_AE Constants -#if !USE_MARSHALING_DEFINES -UINT16 -TPM_AE_Marshal(TPM_AE *source, BYTE **buffer, INT32 *size) -{ - return UINT32_Marshal((UINT32 *)source, buffer, size); -} -#endif // !USE_MARSHALING_DEFINES - -// Table 2:222 - Definition of TPMS_AC_OUTPUT Structure -UINT16 -TPMS_AC_OUTPUT_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + TPM_AT_Marshal((TPM_AT *)&(source->tag), buffer, size)); - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->data), buffer, size)); - return result; -} - -// Table 2:223 - Definition of TPML_AC_CAPABILITIES Structure -UINT16 -TPML_AC_CAPABILITIES_Marshal(TPML_AC_CAPABILITIES *source, BYTE **buffer, INT32 *size) -{ - UINT16 result = 0; - result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); - result = (UINT16)(result + TPMS_AC_OUTPUT_Array_Marshal((TPMS_AC_OUTPUT *)(source->acCapabilities), buffer, size, (INT32)(source->count))); - return result; -} - -// Array Marshal/Unmarshal for BYTE -TPM_RC -BYTE_Array_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size, INT32 count) -{ - if(*size < count) - return TPM_RC_INSUFFICIENT; - memcpy(target, *buffer, count); - *size -= count; - *buffer += count; - return TPM_RC_SUCCESS; -} -UINT16 -BYTE_Array_Marshal(BYTE *source, BYTE **buffer, INT32 *size, INT32 count) -{ - if (buffer != 0) - { - if ((size == 0) || ((*size -= count) >= 0)) - { - memcpy(*buffer, source, count); - *buffer += count; - } - pAssert(size == 0 || (*size >= 0)); - } - pAssert(count < INT16_MAX); - return ((UINT16)count); -} - -// Array Marshal/Unmarshal for TPM2B_DIGEST -TPM_RC -TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM2B_DIGEST_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM2B_DIGEST_Array_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM2B_DIGEST_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMA_CC -UINT16 -TPMA_CC_Array_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMA_CC_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_AC_OUTPUT -UINT16 -TPMS_AC_OUTPUT_Array_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_AC_OUTPUT_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_ALG_PROPERTY -UINT16 -TPMS_ALG_PROPERTY_Array_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_ALG_PROPERTY_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPMS_PCR_SELECTION -TPM_RC -TPMS_PCR_SELECTION_Array_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPMS_PCR_SELECTION_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPMS_PCR_SELECTION_Array_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_PCR_SELECTION_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_TAGGED_PCR_SELECT -UINT16 -TPMS_TAGGED_PCR_SELECT_Array_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_TAGGED_PCR_SELECT_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_TAGGED_POLICY -UINT16 -TPMS_TAGGED_POLICY_Array_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_TAGGED_POLICY_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal for TPMS_TAGGED_PROPERTY -UINT16 -TPMS_TAGGED_PROPERTY_Array_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMS_TAGGED_PROPERTY_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPMT_HA -TPM_RC -TPMT_HA_Array_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPMT_HA_Unmarshal(&target[i], buffer, size, flag); - } - return result; -} -UINT16 -TPMT_HA_Array_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPMT_HA_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPM_ALG_ID -TPM_RC -TPM_ALG_ID_Array_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM_ALG_ID_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM_ALG_ID_Array_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM_ALG_ID_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPM_CC -TPM_RC -TPM_CC_Array_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM_CC_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM_CC_Array_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM_CC_Marshal(&source[i], buffer, size)); - } - return result; -} - -// Array Marshal/Unmarshal for TPM_ECC_CURVE -#if ALG_ECC -TPM_RC -TPM_ECC_CURVE_Array_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM_ECC_CURVE_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM_ECC_CURVE_Array_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM_ECC_CURVE_Marshal(&source[i], buffer, size)); - } - return result; -} -#endif // ALG_ECC - -// Array Marshal/Unmarshal for TPM_HANDLE -TPM_RC -TPM_HANDLE_Array_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size, INT32 count) -{ - TPM_RC result; - INT32 i; - for(result = TPM_RC_SUCCESS, i = 0; - ((result == TPM_RC_SUCCESS) && (i < count)); i++) - { - result = TPM_HANDLE_Unmarshal(&target[i], buffer, size); - } - return result; -} -UINT16 -TPM_HANDLE_Array_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size, INT32 count) -{ - UINT16 result = 0; - INT32 i; - for(i = 0; i < count; i++) - { - result = (UINT16)(result + TPM_HANDLE_Marshal(&source[i], buffer, size)); - } - return result; -} - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c deleted file mode 100644 index 5e68e2376..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c +++ /dev/null @@ -1,265 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Introduction -// -// This file contains implementation of the math functions that are performed -// with canonical integers in byte buffers. The canonical integer is -// big-endian bytes. -// -#include "Tpm.h" - -//** Functions - -//*** UnsignedCmpB -// This function compare two unsigned values. The values are byte-aligned, -// big-endian numbers (e.g, a hash). -// Return Type: int -// 1 if (a > b) -// 0 if (a = b) -// -1 if (a < b) -LIB_EXPORT int -UnsignedCompareB( - UINT32 aSize, // IN: size of a - const BYTE *a, // IN: a - UINT32 bSize, // IN: size of b - const BYTE *b // IN: b - ) -{ - UINT32 i; - if(aSize > bSize) - return 1; - else if(aSize < bSize) - return -1; - else - { - for(i = 0; i < aSize; i++) - { - if(a[i] != b[i]) - return (a[i] > b[i]) ? 1 : -1; - } - } - return 0; -} - -//***SignedCompareB() -// Compare two signed integers: -// Return Type: int -// 1 if a > b -// 0 if a = b -// -1 if a < b -int -SignedCompareB( - const UINT32 aSize, // IN: size of a - const BYTE *a, // IN: a buffer - const UINT32 bSize, // IN: size of b - const BYTE *b // IN: b buffer - ) -{ - int signA, signB; // sign of a and b - - // For positive or 0, sign_a is 1 - // for negative, sign_a is 0 - signA = ((a[0] & 0x80) == 0) ? 1 : 0; - - // For positive or 0, sign_b is 1 - // for negative, sign_b is 0 - signB = ((b[0] & 0x80) == 0) ? 1 : 0; - - if(signA != signB) - { - return signA - signB; - } - if(signA == 1) - // do unsigned compare function - return UnsignedCompareB(aSize, a, bSize, b); - else - // do unsigned compare the other way - return 0 - UnsignedCompareB(aSize, a, bSize, b); -} - -//*** ModExpB -// This function is used to do modular exponentiation in support of RSA. -// The most typical uses are: 'c' = 'm'^'e' mod 'n' (RSA encrypt) and -// 'm' = 'c'^'d' mod 'n' (RSA decrypt). When doing decryption, the 'e' parameter -// of the function will contain the private exponent 'd' instead of the public -// exponent 'e'. -// -// If the results will not fit in the provided buffer, -// an error is returned (CRYPT_ERROR_UNDERFLOW). If the results is smaller -// than the buffer, the results is de-normalized. -// -// This version is intended for use with RSA and requires that 'm' be -// less than 'n'. -// -// Return Type: TPM_RC -// TPM_RC_SIZE number to exponentiate is larger than the modulus -// TPM_RC_NO_RESULT result will not fit into the provided buffer -// -TPM_RC -ModExpB( - UINT32 cSize, // IN: the size of the output buffer. It will - // need to be the same size as the modulus - BYTE *c, // OUT: the buffer to receive the results - // (c->size must be set to the maximum size - // for the returned value) - const UINT32 mSize, - const BYTE *m, // IN: number to exponentiate - const UINT32 eSize, - const BYTE *e, // IN: power - const UINT32 nSize, - const BYTE *n // IN: modulus - ) -{ - BN_MAX(bnC); - BN_MAX(bnM); - BN_MAX(bnE); - BN_MAX(bnN); - NUMBYTES tSize = (NUMBYTES)nSize; - TPM_RC retVal = TPM_RC_SUCCESS; - - // Convert input parameters - BnFromBytes(bnM, m, (NUMBYTES)mSize); - BnFromBytes(bnE, e, (NUMBYTES)eSize); - BnFromBytes(bnN, n, (NUMBYTES)nSize); - - - // Make sure that the output is big enough to hold the result - // and that 'm' is less than 'n' (the modulus) - if(cSize < nSize) - ERROR_RETURN(TPM_RC_NO_RESULT); - if(BnUnsignedCmp(bnM, bnN) >= 0) - ERROR_RETURN(TPM_RC_SIZE); - BnModExp(bnC, bnM, bnE, bnN); - BnToBytes(bnC, c, &tSize); -Exit: - return retVal; -} - -//*** DivideB() -// Divide an integer ('n') by an integer ('d') producing a quotient ('q') and -// a remainder ('r'). If 'q' or 'r' is not needed, then the pointer to them -// may be set to NULL. -// -// Return Type: TPM_RC -// TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result -// -LIB_EXPORT TPM_RC -DivideB( - const TPM2B *n, // IN: numerator - const TPM2B *d, // IN: denominator - TPM2B *q, // OUT: quotient - TPM2B *r // OUT: remainder - ) -{ - BN_MAX_INITIALIZED(bnN, n); - BN_MAX_INITIALIZED(bnD, d); - BN_MAX(bnQ); - BN_MAX(bnR); -// - // Do divide with converted values - BnDiv(bnQ, bnR, bnN, bnD); - - // Convert the BIGNUM result back to 2B format using the size of the original - // number - if(q != NULL) - if(!BnTo2B(bnQ, q, q->size)) - return TPM_RC_NO_RESULT; - if(r != NULL) - if(!BnTo2B(bnR, r, r->size)) - return TPM_RC_NO_RESULT; - return TPM_RC_SUCCESS; -} - -//*** AdjustNumberB() -// Remove/add leading zeros from a number in a TPM2B. Will try to make the number -// by adding or removing leading zeros. If the number is larger than the requested -// size, it will make the number as small as possible. Setting 'requestedSize' to -// zero is equivalent to requesting that the number be normalized. -UINT16 -AdjustNumberB( - TPM2B *num, - UINT16 requestedSize - ) -{ - BYTE *from; - UINT16 i; - // See if number is already the requested size - if(num->size == requestedSize) - return requestedSize; - from = num->buffer; - if (num->size > requestedSize) - { - // This is a request to shift the number to the left (remove leading zeros) - // Find the first non-zero byte. Don't look past the point where removing - // more zeros would make the number smaller than requested, and don't throw - // away any significant digits. - for(i = num->size; *from == 0 && i > requestedSize; from++, i--); - if(i < num->size) - { - num->size = i; - MemoryCopy(num->buffer, from, i); - } - } - // This is a request to shift the number to the right (add leading zeros) - else - { - MemoryCopy(&num->buffer[requestedSize - num->size], num->buffer, num->size); - MemorySet(num->buffer, 0, requestedSize- num->size); - num->size = requestedSize; - } - return num->size; -} - -//*** ShiftLeft() -// This function shifts a byte buffer (a TPM2B) one byte to the left. That is, -// the most significant bit of the most significant byte is lost. -TPM2B * -ShiftLeft( - TPM2B *value // IN/OUT: value to shift and shifted value out -) -{ - UINT16 count = value->size; - BYTE *buffer = value->buffer; - if(count > 0) - { - for(count -= 1; count > 0; buffer++, count--) - { - buffer[0] = (buffer[0] << 1) + ((buffer[1] & 0x80) ? 1 : 0); - } - *buffer <<= 1; - } - return value; -} - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c deleted file mode 100644 index cbfa41d32..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c +++ /dev/null @@ -1,269 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains a set of miscellaneous memory manipulation routines. Many -// of the functions have the same semantics as functions defined in string.h. -// Those functions are not used directly in the TPM because they are not 'safe' -// -// This version uses string.h after adding guards. This is because the math -// libraries invariably use those functions so it is not practical to prevent -// those library functions from being pulled into the build. - -//** Includes and Data Definitions -#include "Tpm.h" -#include "Memory_fp.h" - -//** Functions - -//*** MemoryCopy() -// This is an alias for memmove. This is used in place of memcpy because -// some of the moves may overlap and rather than try to make sure that -// memmove is used when necessary, it is always used. -void -MemoryCopy( - void *dest, - const void *src, - int sSize - ) -{ - if(dest != src) - memmove(dest, src, sSize); -} - - -//*** MemoryEqual() -// This function indicates if two buffers have the same values in the indicated -// number of bytes. -// Return Type: BOOL -// TRUE(1) all octets are the same -// FALSE(0) all octets are not the same -BOOL -MemoryEqual( - const void *buffer1, // IN: compare buffer1 - const void *buffer2, // IN: compare buffer2 - unsigned int size // IN: size of bytes being compared - ) -{ - BYTE equal = 0; - const BYTE *b1 = (BYTE *)buffer1; - const BYTE *b2 = (BYTE *)buffer2; -// - // Compare all bytes so that there is no leakage of information - // due to timing differences. - for(; size > 0; size--) - equal |= (*b1++ ^ *b2++); - return (equal == 0); -} - -//*** MemoryCopy2B() -// This function copies a TPM2B. This can be used when the TPM2B types are -// the same or different. -// -// This function returns the number of octets in the data buffer of the TPM2B. -LIB_EXPORT INT16 -MemoryCopy2B( - TPM2B *dest, // OUT: receiving TPM2B - const TPM2B *source, // IN: source TPM2B - unsigned int dSize // IN: size of the receiving buffer - ) -{ - pAssert(dest != NULL); - if(source == NULL) - dest->size = 0; - else - { - pAssert(source->size <= dSize); - MemoryCopy(dest->buffer, source->buffer, source->size); - dest->size = source->size; - } - return dest->size; -} - -//*** MemoryConcat2B() -// This function will concatenate the buffer contents of a TPM2B to an -// the buffer contents of another TPM2B and adjust the size accordingly -// ('a' := ('a' | 'b')). -void -MemoryConcat2B( - TPM2B *aInOut, // IN/OUT: destination 2B - TPM2B *bIn, // IN: second 2B - unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for - // aInOut.size) - ) -{ - pAssert(bIn->size <= aMaxSize - aInOut->size); - MemoryCopy(&aInOut->buffer[aInOut->size], &bIn->buffer, bIn->size); - aInOut->size = aInOut->size + bIn->size; - return; -} - -//*** MemoryEqual2B() -// This function will compare two TPM2B structures. To be equal, they -// need to be the same size and the buffer contexts need to be the same -// in all octets. -// Return Type: BOOL -// TRUE(1) size and buffer contents are the same -// FALSE(0) size or buffer contents are not the same -BOOL -MemoryEqual2B( - const TPM2B *aIn, // IN: compare value - const TPM2B *bIn // IN: compare value - ) -{ - if(aIn->size != bIn->size) - return FALSE; - return MemoryEqual(aIn->buffer, bIn->buffer, aIn->size); -} - -//*** MemorySet() -// This function will set all the octets in the specified memory range to -// the specified octet value. -// Note: A previous version had an additional parameter (dSize) that was -// intended to make sure that the destination would not be overrun. The -// problem is that, in use, all that was happening was that the value of -// size was used for dSize so there was no benefit in the extra parameter. -void -MemorySet( - void *dest, - int value, - size_t size - ) -{ - memset(dest, value, size); -} - -//*** MemoryPad2B() -// Function to pad a TPM2B with zeros and adjust the size. -void -MemoryPad2B( - TPM2B *b, - UINT16 newSize - ) -{ - MemorySet(&b->buffer[b->size], 0, newSize - b->size); - b->size = newSize; -} - - -//*** Uint16ToByteArray() -// Function to write an integer to a byte array -void -Uint16ToByteArray( - UINT16 i, - BYTE *a - ) -{ - a[1] = (BYTE)(i); i >>= 8; - a[0] = (BYTE)(i); -} - -//*** Uint32ToByteArray() -// Function to write an integer to a byte array -void -Uint32ToByteArray( - UINT32 i, - BYTE *a - ) -{ - a[3] = (BYTE)(i); i >>= 8; - a[2] = (BYTE)(i); i >>= 8; - a[1] = (BYTE)(i); i >>= 8; - a[0] = (BYTE)(i); -} - -//*** Uint64ToByteArray() -// Function to write an integer to a byte array -void -Uint64ToByteArray( - UINT64 i, - BYTE *a - ) -{ - a[7] = (BYTE)(i); i >>= 8; - a[6] = (BYTE)(i); i >>= 8; - a[5] = (BYTE)(i); i >>= 8; - a[4] = (BYTE)(i); i >>= 8; - a[3] = (BYTE)(i); i >>= 8; - a[2] = (BYTE)(i); i >>= 8; - a[1] = (BYTE)(i); i >>= 8; - a[0] = (BYTE)(i); -} - -//*** ByteArrayToUint8() -// Function to write a UINT8 to a byte array. This is included for completeness -// and to allow certain macro expansions -UINT8 -ByteArrayToUint8( - BYTE *a -) -{ - return *a; -} - - -//*** ByteArrayToUint16() -// Function to write an integer to a byte array -UINT16 -ByteArrayToUint16( - BYTE *a -) -{ - return ((UINT16)a[0] << 8) + a[1]; -} - -//*** ByteArrayToUint32() -// Function to write an integer to a byte array -UINT32 -ByteArrayToUint32( - BYTE *a -) -{ - return (UINT32)((((((UINT32)a[0] << 8) + a[1]) << 8) + (UINT32)a[2]) << 8) + a[3]; -} - -//*** ByteArrayToUint64() -// Function to write an integer to a byte array -UINT64 -ByteArrayToUint64( - BYTE *a - ) -{ - return (((UINT64)BYTE_ARRAY_TO_UINT32(a)) << 32) + BYTE_ARRAY_TO_UINT32(&a[4]); -} - - - - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c deleted file mode 100644 index 163cd4e7d..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c +++ /dev/null @@ -1,82 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description - -// This file contains functions that receive the simulated power state -// transitions of the TPM. - -//** Includes and Data Definitions -#define POWER_C -#include "Tpm.h" - -//** Functions - -//*** TPMInit() -// This function is used to process a power on event. -void -TPMInit( - void - ) -{ - // Set state as not initialized. This means that Startup is required - g_initialized = FALSE; - return; -} - -//*** TPMRegisterStartup() -// This function registers the fact that the TPM has been initialized -// (a TPM2_Startup() has completed successfully). -BOOL -TPMRegisterStartup( - void - ) -{ - g_initialized = TRUE; - return TRUE; -} - -//*** TPMIsStarted() -// Indicates if the TPM has been initialized (a TPM2_Startup() has completed -// successfully after a _TPM_Init). -// Return Type: BOOL -// TRUE(1) TPM has been initialized -// FALSE(0) TPM has not been initialized -BOOL -TPMIsStarted( - void - ) -{ - return g_initialized; -} diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c deleted file mode 100644 index 11ea8592c..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c +++ /dev/null @@ -1,597 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the functions that are used for accessing the -// TPM_CAP_TPM_PROPERTY values. - -//** Includes - -#include "Tpm.h" - -//** Functions - -//*** TPMPropertyIsDefined() -// This function accepts a property selection and, if so, sets 'value' -// to the value of the property. -// -// All the fixed values are vendor dependent or determined by a -// platform-specific specification. The values in the table below -// are examples and should be changed by the vendor. -// Return Type: BOOL -// TRUE(1) referenced property exists and 'value' set -// FALSE(0) referenced property does not exist -static BOOL -TPMPropertyIsDefined( - TPM_PT property, // IN: property - UINT32 *value // OUT: property value - ) -{ - switch(property) - { - case TPM_PT_FAMILY_INDICATOR: - // from the title page of the specification - // For this specification, the value is "2.0". - *value = TPM_SPEC_FAMILY; - break; - case TPM_PT_LEVEL: - // from the title page of the specification - *value = TPM_SPEC_LEVEL; - break; - case TPM_PT_REVISION: - // from the title page of the specification - *value = TPM_SPEC_VERSION; - break; - case TPM_PT_DAY_OF_YEAR: - // computed from the date value on the title page of the specification - *value = TPM_SPEC_DAY_OF_YEAR; - break; - case TPM_PT_YEAR: - // from the title page of the specification - *value = TPM_SPEC_YEAR; - break; - case TPM_PT_MANUFACTURER: - // vendor ID unique to each TPM manufacturer - *value = BYTE_ARRAY_TO_UINT32(MANUFACTURER); - break; - case TPM_PT_VENDOR_STRING_1: - // first four characters of the vendor ID string - *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_1); - break; - case TPM_PT_VENDOR_STRING_2: - // second four characters of the vendor ID string -#ifdef VENDOR_STRING_2 - *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_2); -#else - *value = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_3: - // third four characters of the vendor ID string -#ifdef VENDOR_STRING_3 - *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_3); -#else - *value = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_4: - // fourth four characters of the vendor ID string -#ifdef VENDOR_STRING_4 - *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_4); -#else - *value = 0; -#endif - break; - case TPM_PT_VENDOR_TPM_TYPE: - // vendor-defined value indicating the TPM model - *value = 1; - break; - case TPM_PT_FIRMWARE_VERSION_1: - // more significant 32-bits of a vendor-specific value - *value = gp.firmwareV1; - break; - case TPM_PT_FIRMWARE_VERSION_2: - // less significant 32-bits of a vendor-specific value - *value = gp.firmwareV2; - break; - case TPM_PT_INPUT_BUFFER: - // maximum size of TPM2B_MAX_BUFFER - *value = MAX_DIGEST_BUFFER; - break; - case TPM_PT_HR_TRANSIENT_MIN: - // minimum number of transient objects that can be held in TPM - // RAM - *value = MAX_LOADED_OBJECTS; - break; - case TPM_PT_HR_PERSISTENT_MIN: - // minimum number of persistent objects that can be held in - // TPM NV memory - // In this implementation, there is no minimum number of - // persistent objects. - *value = MIN_EVICT_OBJECTS; - break; - case TPM_PT_HR_LOADED_MIN: - // minimum number of authorization sessions that can be held in - // TPM RAM - *value = MAX_LOADED_SESSIONS; - break; - case TPM_PT_ACTIVE_SESSIONS_MAX: - // number of authorization sessions that may be active at a time - *value = MAX_ACTIVE_SESSIONS; - break; - case TPM_PT_PCR_COUNT: - // number of PCR implemented - *value = IMPLEMENTATION_PCR; - break; - case TPM_PT_PCR_SELECT_MIN: - // minimum number of bytes in a TPMS_PCR_SELECT.sizeOfSelect - *value = PCR_SELECT_MIN; - break; - case TPM_PT_CONTEXT_GAP_MAX: - // maximum allowed difference (unsigned) between the contextID - // values of two saved session contexts - *value = ((UINT32)1 << (sizeof(CONTEXT_SLOT) * 8)) - 1; - break; - case TPM_PT_NV_COUNTERS_MAX: - // maximum number of NV indexes that are allowed to have the - // TPMA_NV_COUNTER attribute SET - // In this implementation, there is no limitation on the number - // of counters, except for the size of the NV Index memory. - *value = 0; - break; - case TPM_PT_NV_INDEX_MAX: - // maximum size of an NV index data area - *value = MAX_NV_INDEX_SIZE; - break; - case TPM_PT_MEMORY: - // a TPMA_MEMORY indicating the memory management method for the TPM - { - union - { - TPMA_MEMORY att; - UINT32 u32; - } attributes = { TPMA_ZERO_INITIALIZER() }; - SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, sharedNV); - SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, objectCopiedToRam); - - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // be NO) so the bits are manipulate correctly. - *value = attributes.u32; - break; - } - case TPM_PT_CLOCK_UPDATE: - // interval, in seconds, between updates to the copy of - // TPMS_TIME_INFO .clock in NV - *value = (1 << NV_CLOCK_UPDATE_INTERVAL); - break; - case TPM_PT_CONTEXT_HASH: - // algorithm used for the integrity hash on saved contexts and - // for digesting the fuData of TPM2_FirmwareRead() - *value = CONTEXT_INTEGRITY_HASH_ALG; - break; - case TPM_PT_CONTEXT_SYM: - // algorithm used for encryption of saved contexts - *value = CONTEXT_ENCRYPT_ALG; - break; - case TPM_PT_CONTEXT_SYM_SIZE: - // size of the key used for encryption of saved contexts - *value = CONTEXT_ENCRYPT_KEY_BITS; - break; - case TPM_PT_ORDERLY_COUNT: - // maximum difference between the volatile and non-volatile - // versions of TPMA_NV_COUNTER that have TPMA_NV_ORDERLY SET - *value = MAX_ORDERLY_COUNT; - break; - case TPM_PT_MAX_COMMAND_SIZE: - // maximum value for 'commandSize' - *value = MAX_COMMAND_SIZE; - break; - case TPM_PT_MAX_RESPONSE_SIZE: - // maximum value for 'responseSize' - *value = MAX_RESPONSE_SIZE; - break; - case TPM_PT_MAX_DIGEST: - // maximum size of a digest that can be produced by the TPM - *value = sizeof(TPMU_HA); - break; - case TPM_PT_MAX_OBJECT_CONTEXT: -// Header has 'sequence', 'handle' and 'hierarchy' -#define SIZE_OF_CONTEXT_HEADER \ - sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + sizeof(TPMI_RH_HIERARCHY) -#define SIZE_OF_CONTEXT_INTEGRITY (sizeof(UINT16) + CONTEXT_INTEGRITY_HASH_SIZE) -#define SIZE_OF_FINGERPRINT sizeof(UINT64) -#define SIZE_OF_CONTEXT_BLOB_OVERHEAD \ - (sizeof(UINT16) + SIZE_OF_CONTEXT_INTEGRITY + SIZE_OF_FINGERPRINT) -#define SIZE_OF_CONTEXT_OVERHEAD \ - (SIZE_OF_CONTEXT_HEADER + SIZE_OF_CONTEXT_BLOB_OVERHEAD) -#if 0 - // maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = 0; - // adding sequence, saved handle and hierarchy - *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + - sizeof(TPMI_RH_HIERARCHY); - // add size field in TPM2B_CONTEXT - *value += sizeof(UINT16); - // add integrity hash size - *value += sizeof(UINT16) + - CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - // Add fingerprint size, which is the same as sequence size - *value += sizeof(UINT64); - // Add OBJECT structure size - *value += sizeof(OBJECT); -#else - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(OBJECT); -#endif - break; - case TPM_PT_MAX_SESSION_CONTEXT: -#if 0 - - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = 0; - // adding sequence, saved handle and hierarchy - *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + - sizeof(TPMI_RH_HIERARCHY); - // Add size field in TPM2B_CONTEXT - *value += sizeof(UINT16); -// Add integrity hash size - *value += sizeof(UINT16) + - CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - // Add fingerprint size, which is the same as sequence size - *value += sizeof(UINT64); - // Add SESSION structure size - *value += sizeof(SESSION); -#else - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(SESSION); -#endif - break; - case TPM_PT_PS_FAMILY_INDICATOR: - // platform specific values for the TPM_PT_PS parameters from - // the relevant platform-specific specification - // In this reference implementation, all of these values are 0. - *value = PLATFORM_FAMILY; - break; - case TPM_PT_PS_LEVEL: - // level of the platform-specific specification - *value = PLATFORM_LEVEL; - break; - case TPM_PT_PS_REVISION: - // specification Revision times 100 for the platform-specific - // specification - *value = PLATFORM_VERSION; - break; - case TPM_PT_PS_DAY_OF_YEAR: - // platform-specific specification day of year using TCG calendar - *value = PLATFORM_DAY_OF_YEAR; - break; - case TPM_PT_PS_YEAR: - // platform-specific specification year using the CE - *value = PLATFORM_YEAR; - break; - case TPM_PT_SPLIT_MAX: - // number of split signing operations supported by the TPM - *value = 0; -#if ALG_ECC - *value = sizeof(gr.commitArray) * 8; -#endif - break; - case TPM_PT_TOTAL_COMMANDS: - // total number of commands implemented in the TPM - // Since the reference implementation does not have any - // vendor-defined commands, this will be the same as the - // number of library commands. - { -#if COMPRESSED_LISTS - (*value) = COMMAND_COUNT; -#else - COMMAND_INDEX commandIndex; - *value = 0; - - // scan all implemented commands - for(commandIndex = GetClosestCommandIndex(0); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - (*value)++; // count of all implemented - } -#endif - break; - } - case TPM_PT_LIBRARY_COMMANDS: - // number of commands from the TPM library that are implemented - { -#if COMPRESSED_LISTS - *value = LIBRARY_COMMAND_ARRAY_SIZE; -#else - COMMAND_INDEX commandIndex; - *value = 0; - - // scan all implemented commands - for(commandIndex = GetClosestCommandIndex(0); - commandIndex < LIBRARY_COMMAND_ARRAY_SIZE; - commandIndex = GetNextCommandIndex(commandIndex)) - { - (*value)++; - } -#endif - break; - } - case TPM_PT_VENDOR_COMMANDS: - // number of vendor commands that are implemented - *value = VENDOR_COMMAND_ARRAY_SIZE; - break; - case TPM_PT_NV_BUFFER_MAX: - // Maximum data size in an NV write command - *value = MAX_NV_BUFFER_SIZE; - break; - case TPM_PT_MODES: -#if FIPS_COMPLIANT - *value = 1; -#else - *value = 0; -#endif - break; - case TPM_PT_MAX_CAP_BUFFER: - *value = MAX_CAP_BUFFER; - break; - - // Start of variable commands - case TPM_PT_PERMANENT: - // TPMA_PERMANENT - { - union { - TPMA_PERMANENT attr; - UINT32 u32; - } flags = { TPMA_ZERO_INITIALIZER() }; - if(gp.ownerAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, ownerAuthSet); - if(gp.endorsementAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, endorsementAuthSet); - if(gp.lockoutAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, lockoutAuthSet); - if(gp.disableClear) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, disableClear); - if(gp.failedTries >= gp.maxTries) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, inLockout); - // In this implementation, EPS is always generated by TPM - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, tpmGeneratedEPS); - - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // be NO) so the bits are manipulate correctly. - *value = flags.u32; - break; - } - case TPM_PT_STARTUP_CLEAR: - // TPMA_STARTUP_CLEAR - { - union { - TPMA_STARTUP_CLEAR attr; - UINT32 u32; - } flags = { TPMA_ZERO_INITIALIZER() }; -// - if(g_phEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnable); - if(gc.shEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, shEnable); - if(gc.ehEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, ehEnable); - if(gc.phEnableNV) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnableNV); - if(g_prevOrderlyState != SU_NONE_VALUE) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, orderly); - - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // be NO) so the bits are manipulate correctly. - *value = flags.u32; - break; - } - case TPM_PT_HR_NV_INDEX: - // number of NV indexes currently defined - *value = NvCapGetIndexNumber(); - break; - case TPM_PT_HR_LOADED: - // number of authorization sessions currently loaded into TPM - // RAM - *value = SessionCapGetLoadedNumber(); - break; - case TPM_PT_HR_LOADED_AVAIL: - // number of additional authorization sessions, of any type, - // that could be loaded into TPM RAM - *value = SessionCapGetLoadedAvail(); - break; - case TPM_PT_HR_ACTIVE: - // number of active authorization sessions currently being - // tracked by the TPM - *value = SessionCapGetActiveNumber(); - break; - case TPM_PT_HR_ACTIVE_AVAIL: - // number of additional authorization sessions, of any type, - // that could be created - *value = SessionCapGetActiveAvail(); - break; - case TPM_PT_HR_TRANSIENT_AVAIL: - // estimate of the number of additional transient objects that - // could be loaded into TPM RAM - *value = ObjectCapGetTransientAvail(); - break; - case TPM_PT_HR_PERSISTENT: - // number of persistent objects currently loaded into TPM - // NV memory - *value = NvCapGetPersistentNumber(); - break; - case TPM_PT_HR_PERSISTENT_AVAIL: - // number of additional persistent objects that could be loaded - // into NV memory - *value = NvCapGetPersistentAvail(); - break; - case TPM_PT_NV_COUNTERS: - // number of defined NV indexes that have NV TPMA_NV_COUNTER - // attribute SET - *value = NvCapGetCounterNumber(); - break; - case TPM_PT_NV_COUNTERS_AVAIL: - // number of additional NV indexes that can be defined with their - // TPMA_NV_COUNTER attribute SET - *value = NvCapGetCounterAvail(); - break; - case TPM_PT_ALGORITHM_SET: - // region code for the TPM - *value = gp.algorithmSet; - break; - case TPM_PT_LOADED_CURVES: -#if ALG_ECC - // number of loaded ECC curves - *value = ECC_CURVE_COUNT; -#else // ALG_ECC - *value = 0; -#endif // ALG_ECC - break; - case TPM_PT_LOCKOUT_COUNTER: - // current value of the lockout counter - *value = gp.failedTries; - break; - case TPM_PT_MAX_AUTH_FAIL: - // number of authorization failures before DA lockout is invoked - *value = gp.maxTries; - break; - case TPM_PT_LOCKOUT_INTERVAL: - // number of seconds before the value reported by - // TPM_PT_LOCKOUT_COUNTER is decremented - *value = gp.recoveryTime; - break; - case TPM_PT_LOCKOUT_RECOVERY: - // number of seconds after a lockoutAuth failure before use of - // lockoutAuth may be attempted again - *value = gp.lockoutRecovery; - break; - case TPM_PT_NV_WRITE_RECOVERY: - // number of milliseconds before the TPM will accept another command - // that will modify NV. - // This should make a call to the platform code that is doing rate - // limiting of NV. Rate limiting is not implemented in the reference - // code so no call is made. - *value = 0; - break; - case TPM_PT_AUDIT_COUNTER_0: - // high-order 32 bits of the command audit counter - *value = (UINT32)(gp.auditCounter >> 32); - break; - case TPM_PT_AUDIT_COUNTER_1: - // low-order 32 bits of the command audit counter - *value = (UINT32)(gp.auditCounter); - break; - default: - // property is not defined - return FALSE; - break; - } - return TRUE; -} - -//*** TPMCapGetProperties() -// This function is used to get the TPM_PT values. The search of properties will -// start at 'property' and continue until 'propertyList' has as many values as -// will fit, or the last property has been reported, or the list has as many -// values as requested in 'count'. -// Return Type: TPMI_YES_NO -// YES more properties are available -// NO no more properties to be reported -TPMI_YES_NO -TPMCapGetProperties( - TPM_PT property, // IN: the starting TPM property - UINT32 count, // IN: maximum number of returned - // properties - TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list - ) -{ - TPMI_YES_NO more = NO; - UINT32 i; - UINT32 nextGroup; - - // initialize output property list - propertyList->count = 0; - - // maximum count of properties we may return is MAX_PCR_PROPERTIES - if(count > MAX_TPM_PROPERTIES) count = MAX_TPM_PROPERTIES; - - // if property is less than PT_FIXED, start from PT_FIXED - if(property < PT_FIXED) - property = PT_FIXED; - // There is only the fixed and variable groups with the variable group coming - // last - if(property >= (PT_VAR + PT_GROUP)) - return more; - - // Don't read past the end of the selected group - nextGroup = ((property / PT_GROUP) * PT_GROUP) + PT_GROUP; - - // Scan through the TPM properties of the requested group. - for(i = property; i < nextGroup; i++) - { - UINT32 value; - // if we have hit the end of the group, quit - if(i != property && ((i % PT_GROUP) == 0)) - break; - if(TPMPropertyIsDefined((TPM_PT)i, &value)) - { - if(propertyList->count < count) - { - // If the list is not full, add this property - propertyList->tpmProperty[propertyList->count].property = - (TPM_PT)i; - propertyList->tpmProperty[propertyList->count].value = value; - propertyList->count++; - } - else - { - // If the return list is full but there are more properties - // available, set the indication and exit the loop. - more = YES; - break; - } - } - } - return more; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c deleted file mode 100644 index 273182eb1..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c +++ /dev/null @@ -1,81 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the common code for building a response header, including -// setting the size of the structure. 'command' may be NULL if result is -// not TPM_RC_SUCCESS. - -//** Includes and Defines -#include "Tpm.h" - -//** BuildResponseHeader() -// Adds the response header to the response. It will update command->parameterSize -// to indicate the total size of the response. -void -BuildResponseHeader( - COMMAND *command, // IN: main control structure - BYTE *buffer, // OUT: the output buffer - TPM_RC result // IN: the response code - ) -{ - TPM_ST tag; - UINT32 size; - - if(result != TPM_RC_SUCCESS) - { - tag = TPM_ST_NO_SESSIONS; - size = 10; - } - else - { - tag = command->tag; - // Compute the overall size of the response - size = STD_RESPONSE_HEADER + command->handleNum * sizeof(TPM_HANDLE); - size += command->parameterSize; - size += (command->tag == TPM_ST_SESSIONS) ? - command->authSize + sizeof(UINT32) : 0; - } - TPM_ST_Marshal(&tag, &buffer, NULL); - UINT32_Marshal(&size, &buffer, NULL); - TPM_RC_Marshal(&result, &buffer, NULL); - if(result == TPM_RC_SUCCESS) - { - if(command->handleNum > 0) - TPM_HANDLE_Marshal(&command->handles[0], &buffer, NULL); - if(tag == TPM_ST_SESSIONS) - UINT32_Marshal((UINT32 *)&command->parameterSize, &buffer, NULL); - } - command->parameterSize = size; -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c deleted file mode 100644 index 24ff447a7..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c +++ /dev/null @@ -1,57 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Description -// This file contains the miscellaneous functions for processing response codes. -// NOTE: Currently, there is only one. - -//** Includes and Defines -#include "Tpm.h" - -//** RcSafeAddToResult() -// Adds a modifier to a response code as long as the response code allows a modifier -// and no modifier has already been added. -TPM_RC -RcSafeAddToResult( - TPM_RC responseCode, - TPM_RC modifier - ) -{ - if((responseCode & RC_FMT1) && !(responseCode & 0xf40)) - return responseCode + modifier; - else - return responseCode; -} - - diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c deleted file mode 100644 index b4463d3d0..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c +++ /dev/null @@ -1,454 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes, Defines, and Types -#define TPM_FAIL_C -#include "Tpm.h" -#include - -// On MS C compiler, can save the alignment state and set the alignment to 1 for -// the duration of the TpmTypes.h include. This will avoid a lot of alignment -// warnings from the compiler for the unaligned structures. The alignment of the -// structures is not important as this function does not use any of the structures -// in TpmTypes.h and only include it for the #defines of the capabilities, -// properties, and command code values. -#include "TpmTypes.h" - -//** Typedefs -// These defines are used primarily for sizing of the local response buffer. -typedef struct -{ - TPM_ST tag; - UINT32 size; - TPM_RC code; -} HEADER; - -typedef struct -{ - BYTE tag[sizeof(TPM_ST)]; - BYTE size[sizeof(UINT32)]; - BYTE code[sizeof(TPM_RC)]; -} PACKED_HEADER; - -typedef struct -{ - BYTE size[sizeof(UINT16)]; - struct - { - BYTE function[sizeof(UINT32)]; - BYTE line[sizeof(UINT32)]; - BYTE code[sizeof(UINT32)]; - } values; - BYTE returnCode[sizeof(TPM_RC)]; -} GET_TEST_RESULT_PARAMETERS; - -typedef struct -{ - BYTE moreData[sizeof(TPMI_YES_NO)]; - BYTE capability[sizeof(TPM_CAP)]; // Always TPM_CAP_TPM_PROPERTIES - BYTE tpmProperty[sizeof(TPML_TAGGED_TPM_PROPERTY)]; -} GET_CAPABILITY_PARAMETERS; - -typedef struct -{ - BYTE header[sizeof(PACKED_HEADER)]; - BYTE getTestResult[sizeof(GET_TEST_RESULT_PARAMETERS)]; -} TEST_RESPONSE; - -typedef struct -{ - BYTE header[sizeof(PACKED_HEADER)]; - BYTE getCap[sizeof(GET_CAPABILITY_PARAMETERS)]; -} CAPABILITY_RESPONSE; - -typedef union -{ - BYTE test[sizeof(TEST_RESPONSE)]; - BYTE cap[sizeof(CAPABILITY_RESPONSE)]; -} RESPONSES; - -// Buffer to hold the responses. This may be a little larger than -// required due to padding that a compiler might add. -// Note: This is not in Global.c because of the specialized data definitions above. -// Since the data contained in this structure is not relevant outside of the -// execution of a single command (when the TPM is in failure mode. There is no -// compelling reason to move all the typedefs to Global.h and this structure -// to Global.c. -#ifndef __IGNORE_STATE__ // Don't define this value -static BYTE response[sizeof(RESPONSES)]; -#endif - -//** Local Functions - -//*** MarshalUint16() -// Function to marshal a 16 bit value to the output buffer. -static INT32 -MarshalUint16( - UINT16 integer, - BYTE **buffer - ) -{ - UINT16_TO_BYTE_ARRAY(integer, *buffer); - *buffer += 2; - return 2; -} - -//*** MarshalUint32() -// Function to marshal a 32 bit value to the output buffer. -static INT32 -MarshalUint32( - UINT32 integer, - BYTE **buffer - ) -{ - UINT32_TO_BYTE_ARRAY(integer, *buffer); - *buffer += 4; - return 4; -} - -//***Unmarshal32() -static BOOL Unmarshal32( - UINT32 *target, - BYTE **buffer, - INT32 *size - ) -{ - if((*size -= 4) < 0) - return FALSE; - *target = BYTE_ARRAY_TO_UINT32(*buffer); - *buffer += 4; - return TRUE; -} - -//***Unmarshal16() -static BOOL Unmarshal16( - UINT16 *target, - BYTE **buffer, - INT32 *size -) -{ - if((*size -= 2) < 0) - return FALSE; - *target = BYTE_ARRAY_TO_UINT16(*buffer); - *buffer += 2; - return TRUE; -} - -//** Public Functions - -//*** SetForceFailureMode() -// This function is called by the simulator to enable failure mode testing. -#if SIMULATION -LIB_EXPORT void -SetForceFailureMode( - void - ) -{ - g_forceFailureMode = TRUE; - return; -} -#endif - -//*** TpmLogFailure() -// This function saves the failure values when the code will continue to operate. It -// if similar to TpmFail() but returns to the caller. The assumption is that the -// caller will propagate a failure back up the stack. -void -TpmLogFailure( -#if FAIL_TRACE - const char *function, - int line, -#endif - int code -) -{ - // Save the values that indicate where the error occurred. - // On a 64-bit machine, this may truncate the address of the string - // of the function name where the error occurred. -#if FAIL_TRACE - s_failFunction = (UINT32)(ptrdiff_t)function; - s_failLine = line; -#else - s_failFunction = 0; - s_failLine = 0; -#endif - s_failCode = code; - - // We are in failure mode - g_inFailureMode = TRUE; - - return; -} - -//*** TpmFail() -// This function is called by TPM.lib when a failure occurs. It will set up the -// failure values to be returned on TPM2_GetTestResult(). -NORETURN void -TpmFail( -#if FAIL_TRACE - const char *function, - int line, -#endif - int code - ) -{ - // Save the values that indicate where the error occurred. - // On a 64-bit machine, this may truncate the address of the string - // of the function name where the error occurred. -#if FAIL_TRACE - s_failFunction = (UINT32)(ptrdiff_t)function; - s_failLine = line; -#else - s_failFunction = (UINT32)(ptrdiff_t)NULL; - s_failLine = 0; -#endif - s_failCode = code; - - // We are in failure mode - g_inFailureMode = TRUE; - - // if asserts are enabled, then do an assert unless the failure mode code - // is being tested. -#if SIMULATION -# ifndef NDEBUG - assert(g_forceFailureMode); -# endif - // Clear this flag - g_forceFailureMode = FALSE; -#endif - // Jump to the failure mode code. - // Note: only get here if asserts are off or if we are testing failure mode - _plat__Fail(); -} - -//*** TpmFailureMode( -// This function is called by the interface code when the platform is in failure -// mode. -void -TpmFailureMode( - unsigned int inRequestSize, // IN: command buffer size - unsigned char *inRequest, // IN: command buffer - unsigned int *outResponseSize, // OUT: response buffer size - unsigned char **outResponse // OUT: response buffer - ) -{ - UINT32 marshalSize; - UINT32 capability; - HEADER header; // unmarshaled command header - UINT32 pt; // unmarshaled property type - UINT32 count; // unmarshaled property count - UINT8 *buffer = inRequest; - INT32 size = inRequestSize; - - // If there is no command buffer, then just return TPM_RC_FAILURE - if(inRequestSize == 0 || inRequest == NULL) - goto FailureModeReturn; - // If the header is not correct for TPM2_GetCapability() or - // TPM2_GetTestResult() then just return the in failure mode response; - if(! (Unmarshal16(&header.tag, &buffer, &size) - && Unmarshal32(&header.size, &buffer, &size) - && Unmarshal32(&header.code, &buffer, &size))) - goto FailureModeReturn; - if(header.tag != TPM_ST_NO_SESSIONS - || header.size < 10) - goto FailureModeReturn; - switch(header.code) - { - case TPM_CC_GetTestResult: - // make sure that the command size is correct - if(header.size != 10) - goto FailureModeReturn; - buffer = &response[10]; - marshalSize = MarshalUint16(3 * sizeof(UINT32), &buffer); - marshalSize += MarshalUint32(s_failFunction, &buffer); - marshalSize += MarshalUint32(s_failLine, &buffer); - marshalSize += MarshalUint32(s_failCode, &buffer); - if(s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) - marshalSize += MarshalUint32(TPM_RC_NV_UNINITIALIZED, &buffer); - else - marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); - break; - case TPM_CC_GetCapability: - // make sure that the size of the command is exactly the size - // returned for the capability, property, and count - if(header.size != (10 + (3 * sizeof(UINT32))) - // also verify that this is requesting TPM properties - || !Unmarshal32(&capability, &buffer, &size) - || capability != TPM_CAP_TPM_PROPERTIES - || !Unmarshal32(&pt, &buffer, &size) - || !Unmarshal32(&count, &buffer, &size)) - goto FailureModeReturn; - // If in failure mode because of an unrecoverable read error, and the - // property is 0 and the count is 0, then this is an indication to - // re-manufacture the TPM. Do the re-manufacture but stay in failure - // mode until the TPM is reset. - // Note: this behavior is not required by the specification and it is - // OK to leave the TPM permanently bricked due to an unrecoverable NV - // error. - if(count == 0 && pt == 0 && s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) - { - g_manufactured = FALSE; - TPM_Manufacture(0); - } - if(count > 0) - count = 1; - else if(pt > TPM_PT_FIRMWARE_VERSION_2) - count = 0; - if(pt < TPM_PT_MANUFACTURER) - pt = TPM_PT_MANUFACTURER; - // set up for return - buffer = &response[10]; - // if the request was for a PT less than the last one - // then we indicate more, otherwise, not. - if(pt < TPM_PT_FIRMWARE_VERSION_2) - *buffer++ = YES; - else - *buffer++ = NO; - marshalSize = 1; - - // indicate the capability type - marshalSize += MarshalUint32(capability, &buffer); - // indicate the number of values that are being returned (0 or 1) - marshalSize += MarshalUint32(count, &buffer); - // indicate the property - marshalSize += MarshalUint32(pt, &buffer); - - if(count > 0) - switch(pt) - { - case TPM_PT_MANUFACTURER: - // the vendor ID unique to each TPM manufacturer -#ifdef MANUFACTURER - pt = *(UINT32*)MANUFACTURER; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_1: - // the first four characters of the vendor ID string -#ifdef VENDOR_STRING_1 - pt = *(UINT32*)VENDOR_STRING_1; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_2: - // the second four characters of the vendor ID string -#ifdef VENDOR_STRING_2 - pt = *(UINT32*)VENDOR_STRING_2; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_3: - // the third four characters of the vendor ID string -#ifdef VENDOR_STRING_3 - pt = *(UINT32*)VENDOR_STRING_3; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_STRING_4: - // the fourth four characters of the vendor ID string -#ifdef VENDOR_STRING_4 - pt = *(UINT32*)VENDOR_STRING_4; -#else - pt = 0; -#endif - break; - case TPM_PT_VENDOR_TPM_TYPE: - // vendor-defined value indicating the TPM model - // We just make up a number here - pt = 1; - break; - case TPM_PT_FIRMWARE_VERSION_1: - // the more significant 32-bits of a vendor-specific value - // indicating the version of the firmware -#ifdef FIRMWARE_V1 - pt = FIRMWARE_V1; -#else - pt = 0; -#endif - break; - default: // TPM_PT_FIRMWARE_VERSION_2: - // the less significant 32-bits of a vendor-specific value - // indicating the version of the firmware -#ifdef FIRMWARE_V2 - pt = FIRMWARE_V2; -#else - pt = 0; -#endif - break; - } - marshalSize += MarshalUint32(pt, &buffer); - break; - default: // default for switch (cc) - goto FailureModeReturn; - } - // Now do the header - buffer = response; - marshalSize = marshalSize + 10; // Add the header size to the - // stuff already marshaled - MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); // structure tag - MarshalUint32(marshalSize, &buffer); // responseSize - MarshalUint32(TPM_RC_SUCCESS, &buffer); // response code - - *outResponseSize = marshalSize; - *outResponse = (unsigned char *)&response; - return; -FailureModeReturn: - buffer = response; - marshalSize = MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); - marshalSize += MarshalUint32(10, &buffer); - marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); - *outResponseSize = marshalSize; - *outResponse = (unsigned char *)response; - return; -} - -//*** UnmarshalFail() -// This is a stub that is used to catch an attempt to unmarshal an entry -// that is not defined. Don't ever expect this to be called but... -void -UnmarshalFail( - void *type, - BYTE **buffer, - INT32 *size - ) -{ - NOT_REFERENCED(type); - NOT_REFERENCED(buffer); - NOT_REFERENCED(size); - FAIL(FATAL_ERROR_INTERNAL); -} \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c b/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c deleted file mode 100644 index e8a0e76a4..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c +++ /dev/null @@ -1,171 +0,0 @@ -/* Microsoft Reference Implementation for TPM 2.0 - * - * The copyright in this software is being made available under the BSD License, - * included below. This software may be subject to other third party and - * contributor rights, including patent rights, and no such rights are granted - * under this license. - * - * Copyright (c) Microsoft Corporation - * - * All rights reserved. - * - * BSD License - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this list - * of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, this - * list of conditions and the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -//** Includes, Defines, and Types -#include "Tpm.h" -#include - -#if RUNTIME_SIZE_CHECKS - -static int once = 0; - -//** TpmSizeChecks() -// This function is used during the development process to make sure that the -// vendor-specific values result in a consistent implementation. When possible, -// the code contains #if to do compile-time checks. However, in some cases, the -// values require the use of "sizeof()" and that can't be used in an #if. -void -TpmSizeChecks( - void - ) -{ -#if DEBUG - if(once++ != 0) return; - { - BOOL PASS = TRUE; - UINT32 maxAsymSecurityStrength = MAX_ASYM_SECURITY_STRENGTH; - UINT32 maxHashSecurityStrength = MAX_HASH_SECURITY_STRENGTH; - UINT32 maxSymSecurityStrength = MAX_SYM_SECURITY_STRENGTH; - UINT32 maxSecurityStrengthBits = MAX_SECURITY_STRENGTH_BITS; - UINT32 proofSize = PROOF_SIZE; - UINT32 compliantProofSize = COMPLIANT_PROOF_SIZE; - UINT32 compliantPrimarySeedSize = COMPLIANT_PRIMARY_SEED_SIZE; - UINT32 primarySeedSize = PRIMARY_SEED_SIZE; - - UINT32 cmacState = sizeof(tpmCmacState_t); - UINT32 hashState = sizeof(HASH_STATE); - UINT32 keyScheduleSize = sizeof(tpmCryptKeySchedule_t); - // - NOT_REFERENCED(cmacState); - NOT_REFERENCED(hashState); - NOT_REFERENCED(keyScheduleSize); - NOT_REFERENCED(maxAsymSecurityStrength); - NOT_REFERENCED(maxHashSecurityStrength); - NOT_REFERENCED(maxSymSecurityStrength); - NOT_REFERENCED(maxSecurityStrengthBits); - NOT_REFERENCED(proofSize); - NOT_REFERENCED(compliantProofSize); - NOT_REFERENCED(compliantPrimarySeedSize); - NOT_REFERENCED(primarySeedSize); - - - { - TPMT_SENSITIVE *p; - // This assignment keeps compiler from complaining about a conditional - // comparison being between two constants - UINT16 max_rsa_key_bytes = MAX_RSA_KEY_BYTES; - if((max_rsa_key_bytes / 2) != (sizeof(p->sensitive.rsa.t.buffer) / 5)) - { - printf("Sensitive part of TPMT_SENSITIVE is undersized. May be caused by" - "use of wrong version of Part 2.\n"); - PASS = FALSE; - } - } - -#if 0 - printf("Size of OBJECT = %d\n", sizeof(OBJECT)); - printf("Size of components in TPMT_SENSITIVE = %d\n", sizeof(TPMT_SENSITIVE)); - printf(" TPMI_ALG_PUBLIC %d\n", sizeof(TPMI_ALG_PUBLIC)); - printf(" TPM2B_AUTH %d\n", sizeof(TPM2B_AUTH)); - printf(" TPM2B_DIGEST %d\n", sizeof(TPM2B_DIGEST)); - printf(" TPMU_SENSITIVE_COMPOSITE %d\n", - sizeof(TPMU_SENSITIVE_COMPOSITE)); -#endif - // Make sure that the size of the context blob is large enough for the largest - // context - // TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is - // implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to - // determine the amount of data in the encrypted data. That part is not - // independently sized. This makes the actual size 2 bytes smaller than - // calculated using Part 2. Since this is opaque to the caller, it is not - // necessary to fix. The actual size is returned by TPM2_GetCapabilties(). - - // Initialize output handle. At the end of command action, the output - // handle of an object will be replaced, while the output handle - // for a session will be the same as input - - // Get the size of fingerprint in context blob. The sequence value in - // TPMS_CONTEXT structure is used as the fingerprint - { - UINT32 fingerprintSize = sizeof(UINT64); - UINT32 integritySize = sizeof(UINT16) - + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - UINT32 biggestObject = MAX(MAX(sizeof(HASH_OBJECT), sizeof(OBJECT)), - sizeof(SESSION)); - UINT32 biggestContext = fingerprintSize + integritySize + biggestObject; - - // round required size up to nearest 8 byte boundary. - biggestContext = 8 * ((biggestContext + 7) / 8); - - if(MAX_CONTEXT_SIZE != biggestContext) - { - printf("MAX_CONTEXT_SIZE should be changed to %d (%d)\n", biggestContext, MAX_CONTEXT_SIZE); - PASS = FALSE; - } - } - { - union u - { - TPMA_OBJECT attributes; - UINT32 uint32Value; - } u; - // these are defined so that compiler doesn't complain about conditional - // expressions comparing two constants. - int aSize = sizeof(u.attributes); - int uSize = sizeof(u.uint32Value); - u.uint32Value = 0; - SET_ATTRIBUTE(u.attributes, TPMA_OBJECT, Reserved_bit_at_0); - if(u.uint32Value != 1) - { - printf("The bit allocation in a TPMA_OBJECT is not as expected"); - PASS = FALSE; - } - if(aSize != uSize) // comparison of two sizeof() values annoys compiler - { - printf("A TPMA_OBJECT is not the expected size."); - PASS = FALSE; - } - } - - // Make sure that the size of the Capability buffer can hold the largest - // TPML_PCR_SELECTION. The list length is nominally set by the number of hash - // algorithms implemented on the TPM. A requirement of this implementation is - // that a list of all allowed TPMS_PCR_SELECTIONS fits in MAX_CAP_DATA. - // TBD - pAssert(PASS); - } -#endif // DEBUG -} - -#endif // RUNTIME_SIZE_CHECKS \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go b/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go deleted file mode 100644 index b5c15fbb8..000000000 --- a/vendor/github.com/google/go-tpm-tools/simulator/simulator_test.go +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy of - * the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations under - * the License. - */ - -package simulator - -import ( - "crypto/rsa" - "io" - "math/big" - "testing" - - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm/legacy/tpm2" -) - -func getSimulator(t *testing.T) *Simulator { - t.Helper() - simulator, err := Get() - if err != nil { - t.Fatal(err) - } - return simulator -} - -func getEKModulus(t *testing.T, rwc io.ReadWriteCloser) *big.Int { - t.Helper() - ek, err := client.EndorsementKeyRSA(rwc) - if err != nil { - t.Fatal(err) - } - defer ek.Close() - - return ek.PublicKey().(*rsa.PublicKey).N -} - -func TestResetDoesntChangeEK(t *testing.T) { - s := getSimulator(t) - defer client.CheckedClose(t, s) - - modulus1 := getEKModulus(t, s) - if err := s.Reset(); err != nil { - t.Fatal(err) - } - modulus2 := getEKModulus(t, s) - - if modulus1.Cmp(modulus2) != 0 { - t.Fatal("Reset() should not change the EK") - } -} -func TestManufactureResetChangesEK(t *testing.T) { - s := getSimulator(t) - defer client.CheckedClose(t, s) - - modulus1 := getEKModulus(t, s) - if err := s.ManufactureReset(); err != nil { - t.Fatal(err) - } - modulus2 := getEKModulus(t, s) - - if modulus1.Cmp(modulus2) == 0 { - t.Fatal("ManufactureReset() should change the EK") - } -} - -func TestGetRandom(t *testing.T) { - s := getSimulator(t) - defer client.CheckedClose(t, s) - result, err := tpm2.GetRandom(s, 10) - if err != nil { - t.Fatalf("GetRandom: %v", err) - } - t.Log(result) -} - -// The default EK modulus returned by the simulator when using a seed of 0. -func zeroSeedModulus() *big.Int { - mod := new(big.Int) - mod.SetString("16916951631746795233120676661491589156159944041454533323301360736206690950055927665898258850365255777475324525235640153431219834851979041935421083247812345676551677241639541392158486693550125570954276972465867114995062336740464652481116557477039581976647612151813804384773839359390083864432536639577227083497558006614244043011423717921293964465162166865351126036685960128739613171620392174911624095420039156957292384191548425395162459332733115699189854006301807847331248289929021522087915411000598437989788501679617747304391662751900488011803826205901900186771991702576478232121332699862815915856148442279432061762451", 10) - return mod -} - -func TestFixedSeedExpectedModulus(t *testing.T) { - s, err := GetWithFixedSeedInsecure(0) - if err != nil { - t.Fatal(err) - } - defer client.CheckedClose(t, s) - - modulus := getEKModulus(t, s) - if modulus.Cmp(zeroSeedModulus()) != 0 { - t.Fatalf("getEKModulus() = %v, want %v", modulus, zeroSeedModulus()) - } -} - -func TestDifferentSeedDifferentModulus(t *testing.T) { - s, err := GetWithFixedSeedInsecure(1) - if err != nil { - t.Fatal(err) - } - defer client.CheckedClose(t, s) - - modulus := getEKModulus(t, s) - if modulus.Cmp(zeroSeedModulus()) == 0 { - t.Fatalf("Moduli should not be equal when using different seeds") - } -} diff --git a/vendor/github.com/google/go-tpm-tools/testutil/utils.go b/vendor/github.com/google/go-tpm-tools/testutil/utils.go deleted file mode 100644 index 52af1d06b..000000000 --- a/vendor/github.com/google/go-tpm-tools/testutil/utils.go +++ /dev/null @@ -1,18 +0,0 @@ -// Package testutil wraps select test utilities to make them externally usable. -package testutil - -import ( - "io" - "testing" - - "github.com/google/go-tpm-tools/internal/test" -) - -// GetTPM is a cross-platform testing helper function that retrives the -// appropriate TPM device from the flags passed into "go test". -// -// If using a test TPM, this will also retrieve a test eventlog. In this case, -// GetTPM extends the test event log's events into the test TPM. -func GetTPM(tb testing.TB) io.ReadWriteCloser { - return test.GetTPM(tb) -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/client.go b/vendor/github.com/google/go-tpm-tools/verifier/client.go deleted file mode 100644 index da9a43b07..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/client.go +++ /dev/null @@ -1,87 +0,0 @@ -// Package verifier contains clients for various attestation verifiers. -// It is meant for launcher use and testing; the API is not stable. -package verifier - -import ( - "context" - - attestpb "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm-tools/verifier/models" - "google.golang.org/genproto/googleapis/rpc/status" -) - -// Client is a common interface to various attestation verifiers. -type Client interface { - CreateChallenge(ctx context.Context) (*Challenge, error) - VerifyAttestation(ctx context.Context, request VerifyAttestationRequest) (*VerifyAttestationResponse, error) - VerifyConfidentialSpace(ctx context.Context, request VerifyAttestationRequest) (*VerifyAttestationResponse, error) -} - -// Challenge is the response for CreateChallenge. It is used in the -// get challenge part of a remote attestation protocol. The challenge -// will be verified as part of VerifyAttestation. -type Challenge struct { - // Used as audience for GCP credential tokens. - Name string - // Used to generate attestation. - Nonce []byte - ConnID string - Val []byte - Iat []byte - Signature []byte -} - -type ContainerSignature struct { - Payload []byte - Signature []byte -} - -// VerifyAttestationRequest is passed in on VerifyAttestation. It contains the -// Challenge from CreateChallenge, optional GcpCredentials linked to the -// attestation, the Attestation generated from the TPM, and optional container image signatures associated with the workload. -type VerifyAttestationRequest struct { - Challenge *Challenge - GcpCredentials [][]byte - // Attestation is for TPM attestation - Attestation *attestpb.Attestation - ContainerImageSignatures []*ContainerSignature - TokenOptions *models.TokenOptions - // TDCCELAttestation is for TDX CCEL RTMR attestation - TDCCELAttestation *TDCCELAttestation -} - -type TDCCELAttestation struct { - CcelAcpiTable []byte - CcelData []byte - CanonicalEventLog []byte - TdQuote []byte - // still needs following two for GCE info - AkCert []byte - IntermediateCerts [][]byte -} - -// VerifyAttestationResponse is the response from a successful -// VerifyAttestation call. -type VerifyAttestationResponse struct { - ClaimsToken []byte - PartialErrs []*status.Status -} - -// ITAConfig represents the configuration needed to integrate with ITA as a verifier. -type ITAConfig struct { - ITARegion string - ITAKey string -} - -// AttestClients contains clients for supported verifier services that can be used to -// get attestation tokens. -type AttestClients struct { - GCA Client - ITA Client -} - -// HasThirdPartyClient returns true if AttestClients contains an initialzied -// third-party verifier client. -func (ac *AttestClients) HasThirdPartyClient() bool { - return ac.ITA != nil -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/fake/fakeclaims.go b/vendor/github.com/google/go-tpm-tools/verifier/fake/fakeclaims.go deleted file mode 100644 index 64fc49fef..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/fake/fakeclaims.go +++ /dev/null @@ -1,30 +0,0 @@ -package fake - -import "github.com/golang-jwt/jwt/v4" - -// Verify that Claims implements jwt.Claims. -var _ jwt.Claims = Claims{} - -// Claims contains information to be formatted into a fake JWT. -type Claims struct { - jwt.RegisteredClaims - ContainerImageSignatures []ContainerImageSignatureClaims `json:"container_image_signatures"` - MachineStateMarshaled string - OEMID string `json:"oemid"` - HWModel string `json:"hwmodel"` - SecBoot bool `json:"secboot"` - SWName string `json:"swname"` -} - -// ContainerImageSignatureClaims contains claims about a container image signature. -type ContainerImageSignatureClaims struct { - Payload string `json:"payload"` - Signature string `json:"signature"` - PubKey string `json:"public_key"` - SigAlg string `json:"signature_algorithm"` -} - -// Valid is necessary to implement the jwt.Claims interface. -func (c Claims) Valid() error { - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/fake/fakeverifier.go b/vendor/github.com/google/go-tpm-tools/verifier/fake/fakeverifier.go deleted file mode 100644 index 3cdb646b9..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/fake/fakeverifier.go +++ /dev/null @@ -1,199 +0,0 @@ -// Package fake is a fake implementation of the Client interface for testing. -package fake - -import ( - "context" - "crypto" - "encoding/base64" - "encoding/binary" - "fmt" - "strings" - "time" - - "github.com/golang-jwt/jwt/v4" - "github.com/google/go-eventlog/proto/state" - "github.com/google/go-eventlog/register" - "github.com/google/go-tpm-tools/proto/attest" - "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm-tools/server" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/oci" - "github.com/google/go-tpm/legacy/tpm2" - "google.golang.org/genproto/googleapis/rpc/code" - "google.golang.org/genproto/googleapis/rpc/status" - "google.golang.org/protobuf/encoding/protojson" -) - -type fakeClient struct { - signer crypto.Signer - nonce []byte -} - -// NewClient constructs a new fake client given a crypto.Signer. -func NewClient(signer crypto.Signer) verifier.Client { - nonce := make([]byte, 2) - binary.LittleEndian.PutUint16(nonce, 15) - - // If signer is nil, test keys found in verifier/fake/ will be used. - if signer == nil { - signer = TestPrivateKey() - } - - return &fakeClient{signer, nonce} -} - -// CreateChallenge returns a hard coded, basic challenge. -// -// If you have found this method is insufficient for your tests, this class must be updated to -// allow for better testing. -func (fc *fakeClient) CreateChallenge(_ context.Context) (*verifier.Challenge, error) { - return &verifier.Challenge{ - Name: "projects/fakeProject/locations/fakeRegion/challenges/d882c62f-452f-4709-9335-0cccaf64eee1", - Nonce: fc.nonce, - }, nil -} - -// VerifyAttestation calls server.VerifyAttestation against the request's public key. -// It returns the marshaled MachineState as a claim. -func (fc *fakeClient) VerifyAttestation(_ context.Context, req verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { - // Determine signing algorithm. - signingMethod := jwt.SigningMethodRS256 - now := jwt.TimeFunc() - akPub, err := tpm2.DecodePublic(req.Attestation.GetAkPub()) - if err != nil { - return nil, fmt.Errorf("failed to decode AKPub as TPMT_PUBLIC: %v", err) - } - akCrypto, err := akPub.Key() - if err != nil { - return nil, fmt.Errorf("failed to convert TPMT_PUBLIC to crypto.PublicKey: %v", err) - } - ms, err := server.VerifyAttestation(req.Attestation, server.VerifyOpts{Nonce: fc.nonce, TrustedAKs: []crypto.PublicKey{akCrypto}}) - if err != nil { - return nil, fmt.Errorf("failed to verify attestation: %v", err) - } - - pcrBank, err := extractPCRBank(req.Attestation, ms.GetHash()) - if err != nil { - return nil, fmt.Errorf("failed to extract PCR bank: %w", err) - } - - cosState, err := server.ParseCosCELPCR(req.Attestation.GetCanonicalEventLog(), *pcrBank) - if err != nil { - return nil, fmt.Errorf("failed to validate the Canonical event log: %w", err) - } - ms.Cos = cosState - - msJSON, err := protojson.Marshal(ms) - if err != nil { - return nil, fmt.Errorf("failed to convert proto object to JSON: %v", err) - } - - audience := "https://sts.googleapis.com/" - if req.TokenOptions != nil && req.TokenOptions.Audience != "" { - audience = req.TokenOptions.Audience - } - - claims := Claims{ - RegisteredClaims: jwt.RegisteredClaims{ - IssuedAt: &jwt.NumericDate{Time: now}, - NotBefore: &jwt.NumericDate{Time: now}, - ExpiresAt: &jwt.NumericDate{Time: now.Add(time.Hour)}, - Audience: []string{audience}, - Issuer: "fake-issuer-for-testing", - Subject: "https://www.googleapis.com/compute/v1/projects/fakeProject/zones/fakeZone/instances/fakeInstance", - }, - MachineStateMarshaled: string(msJSON), - OEMID: "fake-oem-id", - HWModel: "fake-hw-model", - SecBoot: true, - SWName: "fake-sw-name", - } - - var signatureClaims []ContainerImageSignatureClaims - var partialErrs []*status.Status - for _, signature := range req.ContainerImageSignatures { - claims, err := extractClaims(signature) - if err != nil { - partialErrs = append(partialErrs, &status.Status{Code: int32(code.Code_INVALID_ARGUMENT), Message: err.Error()}) - } else { - signatureClaims = append(signatureClaims, claims) - } - } - claims.ContainerImageSignatures = signatureClaims - - token := jwt.NewWithClaims(signingMethod, claims) - - // Instead of a private key, provide the signer. - signed, err := token.SignedString(fc.signer) - if err != nil { - return nil, err - } - - response := verifier.VerifyAttestationResponse{ - ClaimsToken: []byte(signed), - PartialErrs: partialErrs, - } - - return &response, nil -} - -// VerifyConfidentialSpace is identical in behavior to VerifyAttestation, necessary for implementing verifier.Client. -func (fc *fakeClient) VerifyConfidentialSpace(ctx context.Context, req verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { - return fc.VerifyAttestation(ctx, req) -} - -type payload struct { - Optional map[string]any `json:"optional"` // Optional represents optional metadata about the image, and its value shouldn't contain any "=" signs. -} - -func isValid(alg string) bool { - switch alg { - case string(oci.ECDSAP256SHA256), string(oci.RSASSAPKCS1V152048SHA256), string(oci.RSASSAPSS2048SHA256): - return true - default: - return false - } -} - -// Note: this is only compatible with the fake signature implementation. -func extractClaims(signature *verifier.ContainerSignature) (ContainerImageSignatureClaims, error) { - payloadStr := string(signature.Payload) - - // Fake payload consists of the expected pubkey and sigalg separated by a comma. - separatorIndex := strings.LastIndex(payloadStr, ",") - - sigAlg := payloadStr[separatorIndex+1:] - if !isValid(sigAlg) { - return ContainerImageSignatureClaims{}, fmt.Errorf("unsupported algorithm %v", sigAlg) - } - - return ContainerImageSignatureClaims{ - Payload: payloadStr, - Signature: base64.StdEncoding.EncodeToString(signature.Signature), - PubKey: payloadStr[:separatorIndex], - SigAlg: sigAlg, - }, nil -} - -// extractPCRBank finds the quote matching the given hash algorithm and returns the PCR bank. -func extractPCRBank(attestation *attest.Attestation, hashAlgo tpm.HashAlgo) (*register.PCRBank, error) { - for _, quote := range attestation.GetQuotes() { - pcrs := quote.GetPcrs() - if pcrs.GetHash() == hashAlgo { - pcrBank := ®ister.PCRBank{TCGHashAlgo: state.HashAlgo(pcrs.Hash)} - digestAlg, err := pcrBank.TCGHashAlgo.CryptoHash() - if err != nil { - return nil, fmt.Errorf("invalid digest algorithm: %w", err) - } - - for pcrIndex, digest := range pcrs.GetPcrs() { - pcrBank.PCRs = append(pcrBank.PCRs, register.PCR{ - Index: int(pcrIndex), - Digest: digest, - DigestAlg: digestAlg}) - } - return pcrBank, nil - } - } - return nil, fmt.Errorf("no PCRs found matching hash %s", hashAlgo.String()) -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/fake/signer_rsa b/vendor/github.com/google/go-tpm-tools/verifier/fake/signer_rsa deleted file mode 100644 index c6b3a4ffa..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/fake/signer_rsa +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCPP/HUg2GdF86b -Z4TvVgQUHIH2YPLKPJAngc35WFry+q+2Mz1PkNoWC4bcsaUD2xMoTPvZVY+zQrl+ -2Vwj78ZxsXgnjAf6PhP1VOmu9DxYT7evop36CqaZMNfwf+VlCp/8SCqZnytfNRJp -cQa20ERkqK0KmBu5wTjv3zV2ESp1fvM8YlQi4pblP4lxFXBnYjmxnKpdXtxVf3H9 -Sj6LYH59ZL7NAXPepc3yh4QAc+2GsV8K/zb5NFqohZf0E7MlajpOQKH6SREbisxx -ZdCoT5m2xHBEOjfrZ4xRCqyjBySblcCwtZsdTP8nBUk08upPnN5Cfuu7TGUCGLTB -xvfU4BRHAgMBAAECggEABx59bTtOSZlaSjzdzWsv7rPv/YeZ6VUTMPNxghfTBUpS -GzL2tBKV1Aykmik18zga/qC8z3NCHf2N7HDu9FZBPXs9ZnG+H8CgC0w6BNjceuMT -VOY3Basr1mcoBCrHAruBce9ANrxDUor3rEfStpkpHPuJBgLDNfsVUk58gK6ftpES -ijhTcmCIv+f1KwPD243tUYOEKQRYZXTRKUKaji58d3zk3dp+G0TsZnGP3ptxkc8T -4DJu3vHlwrEofcw26QZtJLZGleyJxWpCw3jQP1ZfqHYF+B6bY4pQ/Fh0GmfC1hbw -fxx6j2Mm0Wvq41JRSSssIyZAo72vlboR2ugLvw4jmQKBgQDCap40mwNJ3WkON0H9 -ijiH7DU1AJU911jhUFhOeVJEcNK65GJGaeChDKk3rJ02veYWjpxlnuixyLuStC6u -0kxkVdCv1BfOoroh8UAJDaC9QFKBOoMvWMHwHFpxz0FowH62ZJLrMpAa819wwvuw -PveyrEANfe3GS3Ov3zMK13O5QwKBgQC8oC4aIXVCdq/N6knAar0ALeBe62gfaYpq -yMm1h8uF5mvJr5vNCGDoaJVBEww6BsIwuiQrFYnvGJ+P50HJq5f3hZHgry6wmBhp -6ZVVx5fpDTmLNG2UyJbzAbiazxErtxveCqnnp6Lb0zn7Z0KOcXG96ijgcOfUcYD5 -fW1wZq12rQKBgQCABp/Z+n5m5OPqlZ7iLGRftb+wAItG5wnDjhooyyHOqhFLO1ww -DEb9Jw5D+GqrAtCC6DS7grKvaIWE7RyUyS2/IPfE4cEvtN8nvOuzSoMgPTxXl0WO -Jz/HM5Snv5jON3z59S7+rRRSexPNeMkvXbfVtDKV7+hlnYg4N54wNIMjawKBgQCP -GtN/Pa0RzKvahIqJsjFMBoI4YU7wrgi2tTjbQXg2UTern1CLwHSNPnMmGMZo66G+ -iCpSiZfJTxwXeDLgRxAXWT3wgdfhYLL8/5stpizpQgBLTW5pt7lWChM9WCXFzbkV -v29h8jvLnThbNN845HaPyCxVAzPPaIGaRv+VjEDETQKBgQCrO7kQ23tpxjE1lroz -4NRPPI/doB50sHCdPXfxuxD1enKxYvST3WLn6QJGyoJIJoDAg/GUNhu2XITMrccm -a8ZOkTZhk55bLFIsJkk6GZyQ75Fa2FKlUEnlpniGCCTv3jR9rj1yWXL0buBkmL3s -NOhW0NUnzS1AjSY7pDIRBpA6gA== ------END PRIVATE KEY----- \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/verifier/fake/signer_rsa.pub b/vendor/github.com/google/go-tpm-tools/verifier/fake/signer_rsa.pub deleted file mode 100644 index f3eae2a7e..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/fake/signer_rsa.pub +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjz/x1INhnRfOm2eE71YE -FByB9mDyyjyQJ4HN+Vha8vqvtjM9T5DaFguG3LGlA9sTKEz72VWPs0K5ftlcI+/G -cbF4J4wH+j4T9VTprvQ8WE+3r6Kd+gqmmTDX8H/lZQqf/EgqmZ8rXzUSaXEGttBE -ZKitCpgbucE47981dhEqdX7zPGJUIuKW5T+JcRVwZ2I5sZyqXV7cVX9x/Uo+i2B+ -fWS+zQFz3qXN8oeEAHPthrFfCv82+TRaqIWX9BOzJWo6TkCh+kkRG4rMcWXQqE+Z -tsRwRDo362eMUQqsowckm5XAsLWbHUz/JwVJNPLqT5zeQn7ru0xlAhi0wcb31OAU -RwIDAQAB ------END PUBLIC KEY----- \ No newline at end of file diff --git a/vendor/github.com/google/go-tpm-tools/verifier/fake/testkeys.go b/vendor/github.com/google/go-tpm-tools/verifier/fake/testkeys.go deleted file mode 100644 index 79e6afd9c..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/fake/testkeys.go +++ /dev/null @@ -1,40 +0,0 @@ -package fake - -import ( - "crypto" - _ "embed" - "fmt" - - "github.com/golang-jwt/jwt/v4" -) - -//go:embed signer_rsa -var testPrivateKeyBytes []byte - -//go:embed signer_rsa.pub -var testPublicKeyBytes []byte - -var testPrivateKey crypto.Signer -var testPublicKey crypto.PublicKey - -func init() { - var err error - testPrivateKey, err = jwt.ParseRSAPrivateKeyFromPEM(testPrivateKeyBytes) - if err != nil { - panic(fmt.Sprintf("failed to parse embedded private key: %v", err)) - } - testPublicKey, err = jwt.ParseRSAPublicKeyFromPEM(testPublicKeyBytes) - if err != nil { - panic(fmt.Sprintf("failed to parse embedded public key: %v", err)) - } -} - -// TestPrivateKey returns the fake private key used for signing. -func TestPrivateKey() crypto.Signer { - return testPrivateKey -} - -// TestPublicKey returns the public key corresponding to the fake private key. -func TestPublicKey() any { - return testPublicKey -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/go.mod b/vendor/github.com/google/go-tpm-tools/verifier/go.mod deleted file mode 100644 index 6f93cea1e..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/go.mod +++ /dev/null @@ -1,58 +0,0 @@ -module github.com/google/go-tpm-tools/verifier - -go 1.23.0 - -toolchain go1.24.4 - -replace github.com/google/go-tpm-tools v0.4.4 => ../ - -require ( - cloud.google.com/go/compute/metadata v0.8.0 - cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 - github.com/golang-jwt/jwt/v4 v4.5.1 - github.com/google/go-cmp v0.7.0 - github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba - github.com/google/go-sev-guest v0.14.0 - github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 - github.com/google/go-tpm v0.9.6 - github.com/google/go-tpm-tools v0.4.4 - github.com/google/uuid v1.6.0 - github.com/googleapis/gax-go/v2 v2.15.0 - github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.1.0 - golang.org/x/net v0.43.0 - golang.org/x/oauth2 v0.30.0 - google.golang.org/api v0.247.0 - google.golang.org/genproto v0.0.0-20250603155806-513f23925822 - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c - google.golang.org/grpc v1.74.2 - google.golang.org/protobuf v1.36.7 -) - -require ( - cloud.google.com/go/auth v0.16.4 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect - github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-logr/logr v1.4.3 // indirect - github.com/go-logr/stdr v1.2.2 // indirect - github.com/google/certificate-transparency-go v1.1.2 // indirect - github.com/google/go-attestation v0.5.1 // indirect - github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc // indirect - github.com/google/go-tspi v0.3.0 // indirect - github.com/google/logger v1.1.1 // indirect - github.com/google/s2a-go v0.1.9 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect - go.opentelemetry.io/otel v1.36.0 // indirect - go.opentelemetry.io/otel/metric v1.36.0 // indirect - go.opentelemetry.io/otel/trace v1.36.0 // indirect - go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - golang.org/x/time v0.12.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect -) diff --git a/vendor/github.com/google/go-tpm-tools/verifier/go.sum b/vendor/github.com/google/go-tpm-tools/verifier/go.sum deleted file mode 100644 index 02e8a3fcd..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/go.sum +++ /dev/null @@ -1,1317 +0,0 @@ -bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= -bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go/auth v0.16.4 h1:fXOAIQmkApVvcIn7Pc2+5J8QTMVbUGLscnSVNl11su8= -cloud.google.com/go/auth v0.16.4/go.mod h1:j10ncYwjX/g3cdX7GpEzsdM+d+ZNsXAbb6qXA7p1Y5M= -cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= -cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute/metadata v0.8.0 h1:HxMRIbao8w17ZX6wBnjhcDkW6lTFpgcaobyVfZWqRLA= -cloud.google.com/go/compute/metadata v0.8.0/go.mod h1:sYOGTp851OV9bOFJ9CH7elVvyzopvWQFNNghtDQ/Biw= -cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 h1:5sgtvzlC80YG1mSB535USESeIQBbpKXMMFzwcIIDX2M= -cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8/go.mod h1:u2iGBWSZ9hlgQAwwpwoz2U9V4UBYRysd/vAW7Tg7WPI= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= -cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= -cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= -code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= -contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= -contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= -contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= -contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= -contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= -contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= -contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= -github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= -github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= -github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= -github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= -github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= -github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= -github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= -github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= -github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= -github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= -github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= -github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= -github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= -github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= -github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= -github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= -github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= -github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= -github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= -github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= -github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= -github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= -github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= -github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= -github.com/google/go-attestation v0.5.1 h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms= -github.com/google/go-attestation v0.5.1/go.mod h1:KqGatdUhg5kPFkokyzSBDxwSCFyRgIgtRkMp6c3lOBQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc h1:SG12DWUUM5igxm+//YX5Yq4vhdoRnOG9HkCodkOn+YU= -github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba h1:05m5+kgZjxYUZrx3bZfkKHl6wkch+Khao6N21rFHInk= -github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= -github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= -github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= -github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= -github.com/google/go-sev-guest v0.14.0 h1:dCb4F3YrHTtrDX3cYIPTifEDz7XagZmXQioxRBW4wOo= -github.com/google/go-sev-guest v0.14.0/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= -github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= -github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= -github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= -github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= -github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= -github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= -github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= -github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= -github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= -github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= -github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= -github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= -github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= -github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= -github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= -github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= -github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= -github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= -github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= -github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= -github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= -github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= -github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= -github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= -github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= -github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= -github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= -github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= -github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= -github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= -github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= -github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= -github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= -github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= -github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= -github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= -github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= -github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= -github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= -github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= -github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= -github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= -github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= -github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= -github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= -go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= -go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= -go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= -go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= -go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= -go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= -go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= -go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= -go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= -go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= -go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= -go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= -go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= -golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.247.0 h1:tSd/e0QrUlLsrwMKmkbQhYVa109qIintOls2Wh6bngc= -google.golang.org/api v0.247.0/go.mod h1:r1qZOPmxXffXg6xS5uhx16Fa/UFY8QU/K4bfKrnvovM= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= -google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= -google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= -google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= -google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= -gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= -gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= -gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= -gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/vendor/github.com/google/go-tpm-tools/verifier/ita/client.go b/vendor/github.com/google/go-tpm-tools/verifier/ita/client.go deleted file mode 100644 index 942ad69d1..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/ita/client.go +++ /dev/null @@ -1,266 +0,0 @@ -package ita - -import ( - "bytes" - "context" - "crypto/sha512" - "crypto/tls" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "strings" - - "github.com/google/go-tpm-tools/verifier" -) - -const ( - nonceEndpoint = "/appraisal/v2/nonce" - tokenEndpoint = "/appraisal/v2/attest/gcp/confidentialspace" - - apiKeyHeader = "x-api-key" - acceptHeader = "Accept" - contentTypeHeader = "Content-Type" - applicationJSON = "application/json" - - challengeNamePrefix = "ita://" -) - -var regionalURLs map[string]string = map[string]string{ - "US": "https://api.trustauthority.intel.com", - "EU": "https://api.eu.trustauthority.intel.com", -} - -type client struct { - inner *http.Client - apiURL string - apiKey string -} - -func urlFromRegion(region string) (string, error) { - if region == "" { - return "", errors.New("API region required to initialize ITA client") - } - url, ok := regionalURLs[strings.ToUpper(region)] - if !ok { - // Create list of allowed regions. - keys := []string{} - for k := range regionalURLs { - keys = append(keys, k) - } - return "", fmt.Errorf("unsupported region %v, expect one of %v", region, keys) - } - - return url, nil -} - -// Confirm that client implements verifier.Client interface. -var _ verifier.Client = (*client)(nil) - -type itaNonce struct { - Val []byte `json:"val"` - Iat []byte `json:"iat"` - Signature []byte `json:"signature"` -} - -// The ITA evidence nonce is a concatenation+hash of Val and Iat. See references below: -// https://github.com/intel/trustauthority-client-for-go/blob/main/go-connector/attest.go#L22 -// https://github.com/intel/trustauthority-client-for-go/blob/main/go-tdx/tdx_adapter.go#L37 -func createHashedNonce(nonce *itaNonce) ([]byte, error) { - hash := sha512.New() - _, err := hash.Write(append(nonce.Val, nonce.Iat...)) - if err != nil { - return nil, fmt.Errorf("error hashing ITA nonce: %v", err) - } - - return hash.Sum(nil), err -} - -func NewClient(itaConfig verifier.ITAConfig) (verifier.Client, error) { //region string, key string) (verifier.Client, error) { - url, err := urlFromRegion(itaConfig.ITARegion) - if err != nil { - return nil, err - } - - return &client{ - inner: &http.Client{ - Transport: &http.Transport{ - // https://github.com/intel/trustauthority-client-for-go/blob/main/go-connector/token.go#L130. - TLSClientConfig: &tls.Config{ - CipherSuites: []uint16{ - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - }, - InsecureSkipVerify: false, - MinVersion: tls.VersionTLS12, - }, - Proxy: http.ProxyFromEnvironment, - }, - }, - apiURL: url, - apiKey: itaConfig.ITAKey, - }, nil -} - -func (c *client) CreateChallenge(_ context.Context) (*verifier.Challenge, error) { - url := c.apiURL + nonceEndpoint - - headers := map[string]string{ - acceptHeader: applicationJSON, - } - - resp := &itaNonce{} - if err := c.doHTTPRequest(http.MethodGet, url, nil, headers, &resp); err != nil { - return nil, err - } - - nonce, err := createHashedNonce(resp) - if err != nil { - return nil, err - } - - return &verifier.Challenge{ - Name: challengeNamePrefix + string(resp.Val), - Nonce: nonce, - Val: resp.Val, - Iat: resp.Iat, - Signature: resp.Signature, - }, nil -} - -func (c *client) VerifyAttestation(_ context.Context, request verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { - if request.TDCCELAttestation == nil { - return nil, errors.New("TDX required for ITA attestation") - } - - tokenReq := convertRequestToTokenRequest(request) - - url := c.apiURL + tokenEndpoint - headers := map[string]string{ - apiKeyHeader: c.apiKey, - acceptHeader: applicationJSON, - contentTypeHeader: applicationJSON, - } - - resp := &tokenResponse{} - if err := c.doHTTPRequest(http.MethodPost, url, tokenReq, headers, &resp); err != nil { - return nil, err - } - - return &verifier.VerifyAttestationResponse{ - ClaimsToken: []byte(resp.Token), - }, nil -} - -func (c *client) doHTTPRequest(method string, url string, reqStruct any, headers map[string]string, respStruct any) error { - // Create HTTP request. - var req *http.Request - var err error - if reqStruct != nil { - body, err := json.Marshal(reqStruct) - if err != nil { - return fmt.Errorf("error marshaling request: %v", err) - } - - req, err = http.NewRequest(method, url, bytes.NewReader(body)) - if err != nil { - return fmt.Errorf("error creating HTTP request: %v", err) - } - } else { - req, err = http.NewRequest(method, url, nil) - if err != nil { - return fmt.Errorf("error creating HTTP request: %v", err) - } - } - - // Add headers to request. - headers[apiKeyHeader] = string(c.apiKey) - for key, val := range headers { - req.Header.Add(key, val) - } - - resp, err := c.inner.Do(req) - if err != nil { - return fmt.Errorf("HTTP request error: %v", err) - } - defer resp.Body.Close() - - // Read and unmarshal response body. - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return fmt.Errorf("error reading response body: %v", err) - } - if resp.StatusCode != http.StatusOK { - return fmt.Errorf("HTTP request failed with status code %d, response body %s", resp.StatusCode, string(respBody)) - } - - if err := json.Unmarshal(respBody, respStruct); err != nil { - return fmt.Errorf("error unmarshaling response: %v", err) - } - - return nil -} - -func convertRequestToTokenRequest(request verifier.VerifyAttestationRequest) tokenRequest { - // Trim trailing 0xFF bytes from CCEL Data. - data := request.TDCCELAttestation.CcelData - trimIndex := len(data) - - for ; trimIndex >= 0; trimIndex-- { - c := data[trimIndex-1] - // Proceed until 0xFF padding ends. - if c != byte(255) { - break - } - } - - tokenReq := tokenRequest{ - PolicyMatch: true, - TDX: tdxEvidence{ - EventLog: data[:trimIndex], - CanonicalEventLog: request.TDCCELAttestation.CanonicalEventLog, - Quote: request.TDCCELAttestation.TdQuote, - VerifierNonce: nonce{ - Val: request.Challenge.Val, - Iat: request.Challenge.Iat, - Signature: request.Challenge.Signature, - }, - }, - SigAlg: "RS256", // Figure out what this should be. - GCP: gcpData{ - AKCert: request.TDCCELAttestation.AkCert, - IntermediateCerts: request.TDCCELAttestation.IntermediateCerts, - CSInfo: confidentialSpaceInfo{ - TokenOpts: tokenOptions{}, - }, - }, - } - - if request.TokenOptions != nil { - tokenReq.GCP.CSInfo.TokenOpts = tokenOptions{ - Audience: request.TokenOptions.Audience, - Nonces: request.TokenOptions.Nonces, - TokenType: request.TokenOptions.TokenType, - TokenTypeOpts: tokenTypeOptions{}, - } - } - - for _, token := range request.GcpCredentials { - tokenReq.GCP.GcpCredentials = append(tokenReq.GCP.GcpCredentials, string(token)) - } - - for _, sig := range request.ContainerImageSignatures { - itaSig := containerSignature{ - Payload: sig.Payload, - Signature: sig.Signature, - } - tokenReq.GCP.CSInfo.SignedEntities = append(tokenReq.GCP.CSInfo.SignedEntities, itaSig) - } - - return tokenReq -} - -func (c *client) VerifyConfidentialSpace(ctx context.Context, request verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { - return c.VerifyAttestation(ctx, request) -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/ita/client_test.go b/vendor/github.com/google/go-tpm-tools/verifier/ita/client_test.go deleted file mode 100644 index 77ad3d82f..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/ita/client_test.go +++ /dev/null @@ -1,391 +0,0 @@ -package ita - -import ( - "bytes" - "context" - "encoding/json" - "io" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/models" -) - -var testVerifierRequest = verifier.VerifyAttestationRequest{ - GcpCredentials: [][]byte{ - []byte("test-token1"), - []byte("test-token2"), - }, - ContainerImageSignatures: []*verifier.ContainerSignature{ - { - Payload: []byte("test-payload1"), - Signature: []byte("test-signature1"), - }, - { - Payload: []byte("test-payload2"), - Signature: []byte("test-signature2"), - }, - }, - TDCCELAttestation: &verifier.TDCCELAttestation{ - CcelData: []byte("test-ccelData"), - CanonicalEventLog: []byte("test-cel"), - TdQuote: []byte("test-quote"), - AkCert: []byte("test-akcert"), - IntermediateCerts: [][]byte{ - []byte("test-intermediate1"), - []byte("test-intermediate2"), - }, - }, - Challenge: &verifier.Challenge{ - Val: []byte("test-nonce-val"), - Iat: []byte("123456"), - Signature: []byte("test-nonce-sig"), - }, - TokenOptions: &models.TokenOptions{ - Audience: "testaud", - Nonces: []string{"testnonces"}, - TokenType: "testtokentype", - }, -} - -func validateHTTPRequest(t *testing.T, r *http.Request, expectedMethod string, expectedHeaders map[string]string, expectedPath string) { - // Verify HTTP Method. - if r.Method != expectedMethod { - t.Errorf("HTTP request does not have expected method: got %v, want %v", r.Method, http.MethodGet) - } - - // Verify HTTP headers. - for key, val := range expectedHeaders { - if r.Header.Get(key) != val { - t.Errorf("HTTP request does not have expected Content-Type header: got %s, want %s", r.Header.Get(key), val) - } - } - - // Verify requested path. - if expectedPath != "" && r.URL.Path != expectedPath { - t.Errorf("HTTP request does not have expected endpoint: got %v, want %v", r.URL.Path, nonceEndpoint) - } -} - -func TestCreateChallenge(t *testing.T) { - testNonce := &itaNonce{ - Val: []byte("test-val"), - Iat: []byte("test-iat"), - Signature: []byte("test-signature"), - } - - expectedNonce, err := createHashedNonce(testNonce) - if err != nil { - t.Fatalf("Unable to create expected nonce: %v", err) - } - - expectedAPIKey := "test-api-key" - expectedHeaders := map[string]string{ - apiKeyHeader: expectedAPIKey, - acceptHeader: applicationJSON, - } - - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - validateHTTPRequest(t, r, http.MethodGet, expectedHeaders, nonceEndpoint) - - // Send HTTP Response. - marshaled, err := json.Marshal(testNonce) - if err != nil { - t.Fatalf("Unable to marshal server response: %s", testNonce) - } - - w.Write(marshaled) - })) - - itaClient := &client{ - inner: http.DefaultClient, - apiURL: ts.URL, - apiKey: expectedAPIKey, - } - - challenge, err := itaClient.CreateChallenge(context.Background()) - if err != nil { - t.Fatalf("CreateChallenge() returned error: %v", err) - } - - expectedChallenge := &verifier.Challenge{ - Name: challengeNamePrefix + string(testNonce.Val), - Nonce: expectedNonce, - Val: testNonce.Val, - Iat: testNonce.Iat, - Signature: testNonce.Signature, - } - - if diff := cmp.Diff(*challenge, *expectedChallenge); diff != "" { - t.Errorf("CreateChallenge() did not return the expected challenge: %v", diff) - } -} - -func TestVerifyAttestation(t *testing.T) { - expectedReq := convertRequestToTokenRequest(testVerifierRequest) - - expectedResp := &verifier.VerifyAttestationResponse{ - ClaimsToken: []byte("test-ita-token"), - } - - expectedAPIKey := "test-api-key" - expectedHeaders := map[string]string{ - apiKeyHeader: expectedAPIKey, - acceptHeader: applicationJSON, - contentTypeHeader: applicationJSON, - } - - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - validateHTTPRequest(t, r, http.MethodPost, expectedHeaders, tokenEndpoint) - - // Verify HTTP Request body. - defer r.Body.Close() - reqBody, err := io.ReadAll(r.Body) - if err != nil { - t.Fatalf("Error reading HTTP request body: %s", err) - } - - req := tokenRequest{} - if err = json.Unmarshal(reqBody, &req); err != nil { - t.Fatalf("Error unmarshaling HTTP request body: %s", err) - } - - if diff := cmp.Diff(req, expectedReq); diff != "" { - t.Errorf("Incorrect request recieved by server: %v", diff) - } - - // Send HTTP Response. - resp := tokenResponse{ - Token: string(expectedResp.ClaimsToken), - } - marshaled, err := json.Marshal(resp) - if err != nil { - t.Fatalf("Unable to marshal server response: %s", expectedResp) - } - - w.Write(marshaled) - })) - - itaClient := &client{ - inner: http.DefaultClient, - apiURL: ts.URL, - apiKey: expectedAPIKey, - } - - verifyResp, err := itaClient.VerifyAttestation(context.Background(), testVerifierRequest) - if err != nil { - t.Fatalf("VerifyAttestation() returned error: %v", err) - } - - if diff := cmp.Diff(verifyResp, expectedResp); diff != "" { - t.Errorf("VerifyAttestation did not return expected response: %v", diff) - } -} - -func TestDoHTTPRequest(t *testing.T) { - expectedHeaders := map[string]string{ - apiKeyHeader: "testAPIKey", - acceptHeader: applicationJSON, - } - - expectedMethod := http.MethodPost - expectedReq := tokenRequest{ - PolicyMatch: true, - SigAlg: "testsigalg", - TDX: tdxEvidence{ - EventLog: []byte("test event log"), - CanonicalEventLog: []byte("test CEL"), - Quote: []byte("test quote"), - }, - } - - expectedResp := tokenResponse{ - Token: "test-token", - } - - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - validateHTTPRequest(t, r, expectedMethod, expectedHeaders, "") - - // Verify HTTP Request body. - defer r.Body.Close() - reqBody, err := io.ReadAll(r.Body) - if err != nil { - t.Fatalf("Error reading HTTP request body: %s", err) - } - - req := tokenRequest{} - if err = json.Unmarshal(reqBody, &req); err != nil { - t.Fatalf("Error unmarshaling HTTP request body: %s", err) - } - - if diff := cmp.Diff(req, expectedReq); diff != "" { - t.Errorf("Incorrect request recieved by server: %v", diff) - } - - // Send HTTP Response. - marshaled, err := json.Marshal(expectedResp) - if err != nil { - t.Fatalf("Unable to marshal server response: %s", expectedResp) - } - - w.Write(marshaled) - })) - - itaClient := client{ - inner: http.DefaultClient, - } - - resp := &tokenResponse{} - if err := itaClient.doHTTPRequest(expectedMethod, ts.URL, expectedReq, expectedHeaders, resp); err != nil { - t.Fatalf("doHTTPRequest returned error: %v", err) - } - - if diff := cmp.Diff(*resp, expectedResp); diff != "" { - t.Errorf("doHTTPRequest did not return expected response: %v", diff) - } -} - -func TestConvertRequestToTokenRequest(t *testing.T) { - expectedRequest := tokenRequest{ - PolicyMatch: true, - TDX: tdxEvidence{ - // Add EventLog field. - EventLog: testVerifierRequest.TDCCELAttestation.CcelData, - CanonicalEventLog: testVerifierRequest.TDCCELAttestation.CanonicalEventLog, - Quote: testVerifierRequest.TDCCELAttestation.TdQuote, - VerifierNonce: nonce{ - Val: testVerifierRequest.Challenge.Val, - Iat: testVerifierRequest.Challenge.Iat, - Signature: testVerifierRequest.Challenge.Signature, - }, - }, - SigAlg: "RS256", // Figure out what this should be. - GCP: gcpData{ - GcpCredentials: []string{ - string(testVerifierRequest.GcpCredentials[0]), - string(testVerifierRequest.GcpCredentials[1]), - }, - AKCert: testVerifierRequest.TDCCELAttestation.AkCert, - IntermediateCerts: testVerifierRequest.TDCCELAttestation.IntermediateCerts, - CSInfo: confidentialSpaceInfo{ - SignedEntities: []containerSignature{ - { - Payload: testVerifierRequest.ContainerImageSignatures[0].Payload, - Signature: testVerifierRequest.ContainerImageSignatures[0].Signature, - }, - { - Payload: testVerifierRequest.ContainerImageSignatures[1].Payload, - Signature: testVerifierRequest.ContainerImageSignatures[1].Signature, - }, - }, - TokenOpts: tokenOptions{ - Audience: testVerifierRequest.TokenOptions.Audience, - Nonces: testVerifierRequest.TokenOptions.Nonces, - TokenType: testVerifierRequest.TokenOptions.TokenType, - TokenTypeOpts: tokenTypeOptions{}, - }, - }, - }, - } - - convertedReq := convertRequestToTokenRequest(testVerifierRequest) - - if diff := cmp.Diff(convertedReq, expectedRequest); diff != "" { - t.Errorf("convertRequestToTokenRequest did not return expected tokenRequest: %v", diff) - } -} - -func TestConvertRequestToTokenRequestWithCCELDataPadding(t *testing.T) { - padding := bytes.Repeat([]byte{255}, 20) - - request := verifier.VerifyAttestationRequest{ - TDCCELAttestation: &verifier.TDCCELAttestation{ - CcelData: append(testVerifierRequest.TDCCELAttestation.CcelData, padding...), - CanonicalEventLog: []byte("test-cel"), - TdQuote: []byte("test-quote"), - AkCert: []byte("test-akcert"), - IntermediateCerts: [][]byte{ - []byte("test-intermediate1"), - []byte("test-intermediate2"), - }, - }, - Challenge: testVerifierRequest.Challenge, - } - - expectedRequest := tokenRequest{ - PolicyMatch: true, - TDX: tdxEvidence{ - // Expect padding to be stripped in converted request. - EventLog: testVerifierRequest.TDCCELAttestation.CcelData, - CanonicalEventLog: request.TDCCELAttestation.CanonicalEventLog, - Quote: request.TDCCELAttestation.TdQuote, - VerifierNonce: nonce{ - Val: request.Challenge.Val, - Iat: request.Challenge.Iat, - Signature: request.Challenge.Signature, - }, - }, - SigAlg: "RS256", // Figure out what this should be. - GCP: gcpData{ - AKCert: testVerifierRequest.TDCCELAttestation.AkCert, - IntermediateCerts: testVerifierRequest.TDCCELAttestation.IntermediateCerts, - }, - } - - convertedReq := convertRequestToTokenRequest(request) - - if diff := cmp.Diff(convertedReq, expectedRequest); diff != "" { - t.Errorf("convertRequestToTokenRequest did not return expected tokenRequest: %v", diff) - } -} - -func TestURLFromRegion(t *testing.T) { - for region, expectedURL := range regionalURLs { - t.Run(region+" region", func(t *testing.T) { - url, err := urlFromRegion(region) - if err != nil { - t.Fatalf("urlAndKey returned error: %v", err) - } - - if url != expectedURL { - t.Errorf("urlAndKey did not return expected URL: got %v, want %v", url, expectedURL) - } - }) - } -} - -func TestURLFromRegionError(t *testing.T) { - testcases := []struct { - name string - region string - expectedSubstr string - }{ - { - name: "Unsupported region", - region: "ANTARCTICA", - expectedSubstr: "unsupported region", - }, - { - name: "Empty input", - region: "", - expectedSubstr: "region required", - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - _, err := urlFromRegion(tc.region) - if err == nil { - t.Fatal("urlAndKey returned successfully, expected error") - } - - if !strings.Contains(err.Error(), tc.expectedSubstr) { - t.Errorf("urlAndKey did not return expected error: got %v, want %v", err.Error(), tc.expectedSubstr) - } - }) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/ita/evidence.go b/vendor/github.com/google/go-tpm-tools/verifier/ita/evidence.go deleted file mode 100644 index dd5e55b8c..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/ita/evidence.go +++ /dev/null @@ -1,61 +0,0 @@ -package ita - -type tdxEvidence struct { - EventLog []byte `json:"event_log"` - CanonicalEventLog []byte `json:"canonical_event_log"` - Quote []byte `json:"quote"` - VerifierNonce nonce `json:"verifier_nonce"` -} - -type nonce struct { - Val []byte `json:"val"` - Iat []byte `json:"iat"` - Signature []byte `json:"signature"` -} - -type containerSignature struct { - Payload []byte `json:"payload"` - Signature []byte `json:"signature"` -} - -type keyIDs struct { - IDs map[string][]string `json:"key_ids"` -} - -type principalTags struct { - ContainerSignatureKIDs keyIDs `json:"container_image_signatures"` -} - -type tokenTypeOptions struct { - AllowedPrincipalTags principalTags `json:"allowed_principal_tags"` -} - -type tokenOptions struct { - Audience string `json:"audience"` - Nonces []string `json:"nonce"` - TokenType string `json:"token_type"` - TokenTypeOpts tokenTypeOptions `json:"token_type_options"` -} - -type confidentialSpaceInfo struct { - SignedEntities []containerSignature `json:"signed_entities"` - TokenOpts tokenOptions `json:"token_options"` -} - -type gcpData struct { - GcpCredentials []string `json:"gcp_credentials"` - AKCert []byte `json:"ak_cert"` - IntermediateCerts [][]byte `json:"intermediate_certs"` - CSInfo confidentialSpaceInfo `json:"confidential_space_info"` -} - -type tokenRequest struct { - PolicyMatch bool `json:"policy_must_match"` - TDX tdxEvidence `json:"tdx"` - SigAlg string `json:"token_signing_alg"` - GCP gcpData `json:"gcpcs"` -} - -type tokenResponse struct { - Token string `json:"token"` -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/models/token_options.go b/vendor/github.com/google/go-tpm-tools/verifier/models/token_options.go deleted file mode 100644 index 748646bc6..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/models/token_options.go +++ /dev/null @@ -1,28 +0,0 @@ -// Package models contains models needed in client and server -package models - -// TokenOptions contains fields that will be passed to the Attestation Service TokenOptions field. -// These fields are used to customize several claims in the token from the Attestation service. -type TokenOptions struct { - Audience string `json:"audience"` - Nonces []string `json:"nonces"` - TokenType string `json:"token_type"` - PrincipalTagOptions *AWSPrincipalTagsOptions `json:"aws_principal_tag_options"` -} - -// AWSPrincipalTagsOptions represents the options for the AWSPrincipalTag token type. -type AWSPrincipalTagsOptions struct { - AllowedPrincipalTags *AllowedPrincipalTags `json:"allowed_principal_tags"` -} - -// AllowedPrincipalTags allows for requestors to configure what principal tags are contained in the -// resulting GCA token. -type AllowedPrincipalTags struct { - ContainerImageSignatures *ContainerImageSignatures `json:"container_image_signatures"` -} - -// ContainerImageSignatures represents the configuration for AllowedPrincipalTags for -// ContainerImageSignature claims -type ContainerImageSignatures struct { - KeyIDs []string `json:"key_ids"` -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/fakesignature.go b/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/fakesignature.go deleted file mode 100644 index 012b41c39..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/fakesignature.go +++ /dev/null @@ -1,38 +0,0 @@ -package cosign - -import ( - "encoding/base64" - "fmt" - - "github.com/google/go-tpm-tools/verifier/oci" -) - -type fakeSig struct { - data string - sigAlg oci.SigningAlgorithm -} - -// NewFakeSignature constructs a new fake oci.Signature given data and signature algorithm. -func NewFakeSignature(data string, sigAlg oci.SigningAlgorithm) oci.Signature { - return &fakeSig{data, sigAlg} -} - -// Payload returns a fake payload. -func (f fakeSig) Payload() ([]byte, error) { - return []byte(f.data + "," + string(f.sigAlg)), nil -} - -// Base64Encoded returns a fake base64 encoded signature. -func (f fakeSig) Base64Encoded() (string, error) { - return base64.StdEncoding.EncodeToString([]byte(f.data)), nil -} - -// PublicKey returns a fake public key. -func (f fakeSig) PublicKey() ([]byte, error) { - return nil, fmt.Errorf("not implemented") -} - -// SigningAlgorithm returns a fake signature algorithm. -func (f fakeSig) SigningAlgorithm() (oci.SigningAlgorithm, error) { - return "", fmt.Errorf("not implemented") -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/signature.go b/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/signature.go deleted file mode 100644 index 2d519e071..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/signature.go +++ /dev/null @@ -1,81 +0,0 @@ -// Package cosign contains functionalities to interact with signatures generated by cosign. -// https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md. -package cosign - -import ( - "encoding/base64" - "errors" - "fmt" - - "github.com/google/go-tpm-tools/verifier/oci" - "github.com/opencontainers/go-digest" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -// Sig implements oci.Signature interface for cosign-generated signatures. -type Sig struct { - // Layer represents a layer descriptor for OCI image manifest. - // This contains the simple signing payload digest and Cosign signature, - // collected from the OCI image manifest object found using https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery. - Layer v1.Descriptor - // Blob represents the opaque data uploaded to OCI registry associated with the layer. - // This contains the Simple Signing Payload as described in https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery. - Blob []byte - // SourceRepo represents the location that stores this signature. - SourceRepo string -} - -// CosignSigKey is the key of the cosign-generated signature embedded in OCI image manifest. -const CosignSigKey = "dev.cosignproject.cosign/signature" - -var ( - // Verify that our Sig struct implements the expected public interface. - _ oci.Signature = Sig{} - encoding = base64.StdEncoding -) - -// Payload implements oci.Signature interface. -func (s Sig) Payload() ([]byte, error) { - // The payload bytes are uploaded to an OCI registry as blob, and are referenced by digest. - // This digiest is embedded into the OCI image manifest as a layer via a descriptor (see https://github.com/opencontainers/image-spec/blob/main/descriptor.md). - // Here we compare the digest of the blob data with the layer digest to verify if this blob is associated with the layer. - if digest.FromBytes(s.Blob) != s.Layer.Digest { - return nil, errors.New("an unmatched payload digest is paired with a layer descriptor digest") - } - return s.Blob, nil -} - -// Base64Encoded implements oci.Signature interface. -func (s Sig) Base64Encoded() (string, error) { - sig, ok := s.Layer.Annotations[CosignSigKey] - if !ok { - return "", errors.New("cosign signature not found in the layer annotations") - } - if _, err := encoding.DecodeString(sig); err != nil { - return "", fmt.Errorf("invalid base64 encoded signature: %w", err) - } - return sig, nil -} - -// PublicKey implements oci.Signature interface. -// Since public key is attached to the `optional` field of payload, we don't actually implement this method. -// Instead we send payload directly to the Attestation service and let the service parse the payload. -func (s Sig) PublicKey() ([]byte, error) { - return nil, fmt.Errorf("not implemented") -} - -// SigningAlgorithm implements oci.Signature interface. -// Since signing algorithm is attached to the `optional` field of payload, we don't actually implement this method. -// Instead we send payload directly to the Attestation service and let the service parse the payload. -func (s Sig) SigningAlgorithm() (oci.SigningAlgorithm, error) { - return "", fmt.Errorf("not implemented") -} - -// String returns signature details -func (s Sig) String() string { - sig, err := s.Base64Encoded() - if err != nil { - return fmt.Sprintf("[signature error: %s]", err.Error()) - } - return fmt.Sprintf("[signature: %q, sourceRepo: %q]", sig, s.SourceRepo) -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/signature_test.go b/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/signature_test.go deleted file mode 100644 index 399d503fa..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/oci/cosign/signature_test.go +++ /dev/null @@ -1,180 +0,0 @@ -package cosign - -import ( - "bytes" - "crypto/rand" - "strings" - "testing" - - "github.com/opencontainers/go-digest" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -func TestPayload(t *testing.T) { - testCases := []struct { - name string - blob []byte - wantDigest digest.Digest - wantPayload []byte - wantPass bool - }{ - { - name: "cosign signature Payload() success", - blob: []byte(`{"critical":{"identity":{"docker-reference":"us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/base"},"image":{"docker-manifest-digest":"sha256:9494e567c7c44e8b9f8808c1658a47c9b7979ef3cceef10f48754fc2706802ba"},"type":"cosign container image signature"},"optional":null}`), - wantDigest: "sha256:d1e44a76902409836227b982beb920189949927c2011f196594bd34c5bb8f8b1", - wantPayload: []byte(`{"critical":{"identity":{"docker-reference":"us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/base"},"image":{"docker-manifest-digest":"sha256:9494e567c7c44e8b9f8808c1658a47c9b7979ef3cceef10f48754fc2706802ba"},"type":"cosign container image signature"},"optional":null}`), - wantPass: true, - }, - { - name: "cosign signature Payload() failed with unmatched digest", - blob: []byte(`{"critical":{"identity":{"docker-reference":"us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/base"},"image":{"docker-manifest-digest":"sha256:9494e567c7c44e8b9f8808c1658a47c9b7979ef3cceef10f48754fc2706802ba"},"type":"cosign container image signature"},"optional":null}`), - wantDigest: "sha256:unmatched digest", - wantPayload: []byte{}, - wantPass: false, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - sig := &Sig{ - Layer: v1.Descriptor{ - Digest: tc.wantDigest, - }, - Blob: tc.blob, - } - gotPayload, err := sig.Payload() - if err != nil && tc.wantPass { - t.Errorf("Payload() failed for test case %v: %v", tc.name, err) - } - if !bytes.Equal(gotPayload, tc.wantPayload) { - t.Errorf("Payload() failed for test case %v: got %v, but want %v", tc.name, gotPayload, tc.wantPayload) - } - }) - } -} - -func TestBase64Encoded(t *testing.T) { - testCases := []struct { - name string - wantSignatureKey string - wantSignature string - wantPass bool - }{ - { - name: "cosign signature Base64Encoded() success", - wantSignatureKey: CosignSigKey, - wantSignature: randomBase64EncodedString(32), - wantPass: true, - }, - { - name: "cosign signature Base64Encoded() failed with mismatched signature key", - wantSignatureKey: "mismatched signature key", - wantSignature: "", - wantPass: false, - }, - { - name: "cosign signature Base64Encoded() failed with invalid base64 encoded signature", - wantSignatureKey: CosignSigKey, - wantSignature: "", - wantPass: false, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - sig := &Sig{ - Layer: v1.Descriptor{ - Annotations: map[string]string{ - tc.wantSignatureKey: tc.wantSignature, - }, - }, - } - gotSignature, err := sig.Base64Encoded() - if err != nil && tc.wantPass { - t.Errorf("Base64Encoded() failed for test case %v: %v", tc.name, err) - } - if gotSignature != tc.wantSignature { - t.Errorf("Base64Encoded() failed for test case %v: got %v, but want %v", tc.name, gotSignature, tc.wantSignature) - } - }) - } -} - -func TestWorkflow(t *testing.T) { - wantSig := randomBase64EncodedString(32) - blob := []byte(`{"critical":{"identity":{"docker-reference":"us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/base"},"image":{"docker-manifest-digest":"sha256:9494e567c7c44e8b9f8808c1658a47c9b7979ef3cceef10f48754fc2706802ba"},"type":"cosign container image signature"},"optional":null}`) - - sig := &Sig{ - Layer: v1.Descriptor{ - Digest: digest.FromBytes(blob), - Annotations: map[string]string{ - CosignSigKey: wantSig, - }, - }, - Blob: blob, - } - - gotPayload, err := sig.Payload() - if err != nil { - t.Errorf("Payload() failed: %v", err) - } - if !bytes.Equal(gotPayload, blob) { - t.Errorf("Payload() failed: got %v, but want %v", gotPayload, blob) - } - - gotSig, err := sig.Base64Encoded() - if err != nil { - t.Errorf("Base64Encoded() failed: %v", err) - } - if gotSig != wantSig { - t.Errorf("Base64Encoded() failed, got %s, but want %s", gotSig, wantSig) - } -} - -func TestString(t *testing.T) { - testCases := []struct { - name string - sourceRepo string - b64Sig string - wantString string - }{ - { - name: "successful signature details", - sourceRepo: "gcr.io/hello_world", - b64Sig: "aGVsbG8gd29ybGQ=", // base64 encoded "hello world" - wantString: `signature: "aGVsbG8gd29ybGQ=", sourceRepo: "gcr.io/hello_world"`, - }, - { - name: "erronous signature details", - sourceRepo: "gcr.io/hello_world", - b64Sig: "invalid", - wantString: `signature error: invalid base64 encoded signature`, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - sig := &Sig{ - Layer: v1.Descriptor{ - Annotations: map[string]string{ - CosignSigKey: tc.b64Sig, - }, - }, - SourceRepo: tc.sourceRepo, - } - gotString := sig.String() - if !strings.Contains(gotString, tc.wantString) { - t.Errorf("String() failed, got %s, but want %s", gotString, tc.wantString) - } - }) - } -} - -func randomBase64EncodedString(n int) string { - b := make([]byte, n) - _, err := rand.Read(b) - if err != nil { - return "" - } - return encoding.EncodeToString(b) -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/oci/interface.go b/vendor/github.com/google/go-tpm-tools/verifier/oci/interface.go deleted file mode 100644 index 064a73ef5..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/oci/interface.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package oci contains functionalities to interact with OCI image signatures. -// https://github.com/opencontainers/image-spec/tree/main#readme. -package oci - -// SigningAlgorithm is a specific type for string constants used for sigature signing and verification. -type SigningAlgorithm string - -const ( - // RSASSAPSS2048SHA256 is RSASSA-PSS 2048 bit key with a SHA256 digest supported for cosign sign. - RSASSAPSS2048SHA256 SigningAlgorithm = "RSASSA_PSS_SHA256" - // RSASSAPSS3072SHA256 is RSASSA-PSS 3072 bit key with a SHA256 digest supported for cosign sign. - RSASSAPSS3072SHA256 SigningAlgorithm = "RSASSA_PSS_SHA256" - // RSASSAPSS4096SHA256 is RSASSA-PSS 4096 bit key with a SHA256 digest supported for cosign sign. - RSASSAPSS4096SHA256 SigningAlgorithm = "RSASSA_PSS_SHA256" - // RSASSAPKCS1V152048SHA256 is RSASSA-PKCS1 v1.5 2048 bit key with a SHA256 digest supported for cosign sign. - RSASSAPKCS1V152048SHA256 SigningAlgorithm = "RSASSA_PKCS1V15_SHA256" - // RSASSAPKCS1V153072SHA256 is RSASSA-PKCS1 v1.5 3072 bit key with a SHA256 digest supported for cosign sign. - RSASSAPKCS1V153072SHA256 SigningAlgorithm = "RSASSA_PKCS1V15_SHA256" - // RSASSAPKCS1V154096SHA256 is RSASSA-PKCS1 v1.5 4096 bit key with a SHA256 digest supported for cosign sign. - RSASSAPKCS1V154096SHA256 SigningAlgorithm = "RSASSA_PKCS1V15_SHA256" - // ECDSAP256SHA256 is ECDSA on the P-256 Curve with a SHA256 digest supported for cosign sign. - ECDSAP256SHA256 SigningAlgorithm = "ECDSA_P256_SHA256" -) - -// Signature represents a single OCI image signature. -type Signature interface { - // Payload returns the blob data associated with a signature uploaded to an OCI registry. - Payload() ([]byte, error) - - // Base64Encoded returns the base64-encoded signature of the signed payload. - Base64Encoded() (string, error) - - // PublicKey returns a public key in the format of PEM-encoded byte slice. - PublicKey() ([]byte, error) - - // SigningAlgorithm returns the signing algorithm specifications in the format of: - // 1. RSASSAPSS2048SHA256 (RSASSA algorithm with PSS padding 2048 bit key with a SHA256 digest) - // 2. RSASSAPSS3072SHA256 (RSASSA algorithm with PSS padding 3072 bit key with a SHA256 digest) - // 3. RSASSAPSS4096SHA256 (RSASSA algorithm with PSS padding 4096 bit key with a SHA256 digest) - // 4. RSASSAPKCS1V152048SHA256 (RSASSA algorithm with PKCS #1 v1.5 padding 2048 bit key with a SHA256 digest) - // 5. RSASSAPKCS1V153072SHA256 (RSASSA algorithm with PKCS #1 v1.5 padding 3072 bit key with a SHA256 digest) - // 6. RSASSAPKCS1V154096SHA256 (RSASSA algorithm with PKCS #1 v1.5 padding 4096 bit key with a SHA256 digest) - // 7. ECDSAP256SHA256 (ECDSA on the P-256 Curve with a SHA256 digest) - SigningAlgorithm() (SigningAlgorithm, error) -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/rest/errors.go b/vendor/github.com/google/go-tpm-tools/verifier/rest/errors.go deleted file mode 100644 index a6e2c5d2a..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/rest/errors.go +++ /dev/null @@ -1,26 +0,0 @@ -package rest - -import ( - "fmt" - "strings" -) - -// BadRegionError indicates that: -// - the requested Region cannot be used with this API -// - other Regions _can_ be used with this API -type BadRegionError struct { - RequestedRegion string - AvailableRegions []string - err error -} - -func (e *BadRegionError) Error() string { - return fmt.Sprintf( - "invalid region %q, available regions are [%s]: %v", - e.RequestedRegion, strings.Join(e.AvailableRegions, ", "), e.err, - ) -} - -func (e *BadRegionError) Unwrap() error { - return e.err -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/rest/rest.go b/vendor/github.com/google/go-tpm-tools/verifier/rest/rest.go deleted file mode 100644 index 75c65bd1e..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/rest/rest.go +++ /dev/null @@ -1,448 +0,0 @@ -// Package rest contains the code to use the REST-based Google API -package rest - -import ( - "context" - "encoding/base64" - "fmt" - "log" - "time" - - sabi "github.com/google/go-sev-guest/abi" - spb "github.com/google/go-sev-guest/proto/sevsnp" - tabi "github.com/google/go-tdx-guest/abi" - tpb "github.com/google/go-tdx-guest/proto/tdx" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/models" - "github.com/google/go-tpm-tools/verifier/oci" - "github.com/googleapis/gax-go/v2" - - v1 "cloud.google.com/go/confidentialcomputing/apiv1" - ccpb "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb" - "google.golang.org/api/iterator" - "google.golang.org/api/option" - locationpb "google.golang.org/genproto/googleapis/cloud/location" - "google.golang.org/grpc/codes" -) - -/* -confComputeCallOptions retries as follows for all confidential computing APIs: - - Timeout = 1000 milliseconds - Initial interval = 500 milliseconds - Maximum interval = 1000 milliseconds - Maximum retries = 2 -*/ -func confComputeCallOptions() *v1.CallOptions { - callOption := []gax.CallOption{ - gax.WithTimeout(1000 * time.Millisecond), - gax.WithRetry(func() gax.Retryer { - return gax.OnCodes([]codes.Code{ - codes.Unavailable, - codes.Internal, - }, gax.Backoff{ - Initial: 500 * time.Millisecond, - Max: 1000 * time.Millisecond, - Multiplier: 2.0, - }) - }), - } - return &v1.CallOptions{ - CreateChallenge: callOption, - VerifyAttestation: callOption, - GetLocation: callOption, - ListLocations: callOption, - } -} - -// NewClient creates a new REST client which is configured to perform -// attestations in a particular project and region. Returns a *BadRegionError -// if the requested project is valid, but the region is invalid. -func NewClient(ctx context.Context, projectID string, region string, opts ...option.ClientOption) (verifier.Client, error) { - client, err := v1.NewRESTClient(ctx, opts...) - if err != nil { - return nil, fmt.Errorf("can't create ConfidentialComputing v1 API client: %w", err) - } - - // Override the default retry CallOptions with specific retry policies. - client.CallOptions = confComputeCallOptions() - - projectName := fmt.Sprintf("projects/%s", projectID) - locationName := fmt.Sprintf("%s/locations/%v", projectName, region) - - getReq := &locationpb.GetLocationRequest{ - Name: locationName, - } - location, getErr := client.GetLocation(ctx, getReq) - if getErr == nil { - return &restClient{client, location}, nil - } - - // If we can't get the location, try to list the locations. This handles - // situations where the projectID is invalid. - listReq := &locationpb.ListLocationsRequest{ - Name: projectName, - } - listIter := client.ListLocations(ctx, listReq) - - // The project is valid, but can't get the desired region. - var regions []string - for { - resp, err := listIter.Next() - if err == iterator.Done { - break - } - if err != nil { - return nil, fmt.Errorf("listing regions in project %q: %w", projectID, err) - } - regions = append(regions, resp.LocationId) - } - return nil, &BadRegionError{ - RequestedRegion: region, - AvailableRegions: regions, - err: getErr, - } -} - -type restClient struct { - v1Client *v1.Client - location *locationpb.Location -} - -// CreateChallenge implements verifier.Client -func (c *restClient) CreateChallenge(ctx context.Context) (*verifier.Challenge, error) { - // Pass an empty Challenge for the input (all params are output-only) - req := &ccpb.CreateChallengeRequest{ - Parent: c.location.Name, - Challenge: &ccpb.Challenge{}, - } - chal, err := c.v1Client.CreateChallenge(ctx, req) - if err != nil { - return nil, fmt.Errorf("calling v1.CreateChallenge in %v: %w", c.location.LocationId, err) - } - return convertChallengeFromREST(chal) -} - -// VerifyAttestation implements verifier.Client -func (c *restClient) VerifyAttestation(ctx context.Context, request verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { - if request.Challenge == nil { - return nil, fmt.Errorf("nil value provided in challenge") - } - - if request.Attestation == nil && request.TDCCELAttestation == nil { - return nil, fmt.Errorf("neither TPM nor TDX attestation is present") - } - - req := convertRequestToREST(request) - req.Challenge = request.Challenge.Name - - response, err := c.v1Client.VerifyAttestation(ctx, req) - if err != nil { - return nil, fmt.Errorf("calling v1.VerifyAttestation in %v: %w", c.location.LocationId, err) - } - return convertResponseFromREST(response) -} - -func (c *restClient) VerifyConfidentialSpace(ctx context.Context, request verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { - if request.Challenge == nil { - return nil, fmt.Errorf("nil value provided in challenge") - } - - if request.Attestation == nil && request.TDCCELAttestation == nil { - return nil, fmt.Errorf("neither TPM nor TDX attestation is present") - } - - csReq := convertCSRequestToREST(request) - csReq.Challenge = request.Challenge.Name - - response, err := c.v1Client.VerifyConfidentialSpace(ctx, csReq) - if err != nil { - return nil, fmt.Errorf("calling v1.VerifyConfidentialSpace in %v: %w", c.location.LocationId, err) - } - - return convertCSResponseFromREST(response), nil -} - -var encoding = base64.StdEncoding - -func convertChallengeFromREST(chal *ccpb.Challenge) (*verifier.Challenge, error) { - nonce, err := encoding.DecodeString(chal.TpmNonce) - if err != nil { - return nil, fmt.Errorf("failed to decode Challenge.Nonce: %w", err) - } - return &verifier.Challenge{ - Name: chal.Name, - Nonce: nonce, - }, nil -} - -func convertTokenOptionsToREST(tokenOpts *models.TokenOptions) *ccpb.TokenOptions { - if tokenOpts == nil { - return nil - } - - optsPb := &ccpb.TokenOptions{ - Audience: tokenOpts.Audience, - Nonce: tokenOpts.Nonces, - } - - switch tokenOpts.TokenType { - case "OIDC": - optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_OIDC - case "PKI": - optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_PKI - case "LIMITED_AWS": - optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_LIMITED_AWS - case "AWS_PRINCIPALTAGS": - optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS - optsPb.TokenTypeOptions = setAwsPrincipalTagOptions(tokenOpts) - default: - optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_UNSPECIFIED - } - - return optsPb -} - -func convertRequestToREST(request verifier.VerifyAttestationRequest) *ccpb.VerifyAttestationRequest { - idTokens := make([]string, len(request.GcpCredentials)) - for i, token := range request.GcpCredentials { - idTokens[i] = string(token) - } - - signatures := make([]*ccpb.ContainerImageSignature, len(request.ContainerImageSignatures)) - for i, sig := range request.ContainerImageSignatures { - signatures[i] = &ccpb.ContainerImageSignature{ - Payload: sig.Payload, - Signature: sig.Signature, - } - } - - verifyReq := &ccpb.VerifyAttestationRequest{ - GcpCredentials: &ccpb.GcpCredentials{ - ServiceAccountIdTokens: idTokens, - }, - ConfidentialSpaceInfo: &ccpb.ConfidentialSpaceInfo{ - SignedEntities: []*ccpb.SignedEntity{{ContainerImageSignatures: signatures}}, - }, - TokenOptions: convertTokenOptionsToREST(request.TokenOptions), - } - - if request.Attestation != nil { - // TPM attestation route - quotes := make([]*ccpb.TpmAttestation_Quote, len(request.Attestation.GetQuotes())) - for i, quote := range request.Attestation.GetQuotes() { - pcrVals := map[int32][]byte{} - for idx, val := range quote.GetPcrs().GetPcrs() { - pcrVals[int32(idx)] = val - } - - quotes[i] = &ccpb.TpmAttestation_Quote{ - RawQuote: quote.GetQuote(), - RawSignature: quote.GetRawSig(), - HashAlgo: int32(quote.GetPcrs().GetHash()), - PcrValues: pcrVals, - } - } - - certs := make([][]byte, len(request.Attestation.GetIntermediateCerts())) - for i, cert := range request.Attestation.GetIntermediateCerts() { - certs[i] = cert - } - - verifyReq.TpmAttestation = &ccpb.TpmAttestation{ - Quotes: quotes, - TcgEventLog: request.Attestation.GetEventLog(), - CanonicalEventLog: request.Attestation.GetCanonicalEventLog(), - AkCert: request.Attestation.GetAkCert(), - CertChain: certs, - } - - if request.Attestation.GetSevSnpAttestation() != nil { - sevsnp, err := convertSEVSNPProtoToREST(request.Attestation.GetSevSnpAttestation()) - if err != nil { - log.Fatalf("Failed to convert SEVSNP proto to API proto: %v", err) - } - verifyReq.TeeAttestation = sevsnp - } - - if request.Attestation.GetTdxAttestation() != nil { - tdx, err := convertTDXProtoToREST(request.Attestation.GetTdxAttestation()) - if err != nil { - log.Fatalf("Failed to convert TD quote proto to API proto: %v", err) - } - verifyReq.TeeAttestation = tdx - } - } else if request.TDCCELAttestation != nil { - // TDX attestation route - // still need AK for GCE info! - verifyReq.TpmAttestation = &ccpb.TpmAttestation{ - AkCert: request.TDCCELAttestation.AkCert, - CertChain: request.TDCCELAttestation.IntermediateCerts, - } - - verifyReq.TeeAttestation = &ccpb.VerifyAttestationRequest_TdCcel{ - TdCcel: &ccpb.TdxCcelAttestation{ - TdQuote: request.TDCCELAttestation.TdQuote, - CcelAcpiTable: request.TDCCELAttestation.CcelAcpiTable, - CcelData: request.TDCCELAttestation.CcelData, - CanonicalEventLog: request.TDCCELAttestation.CanonicalEventLog, - }, - } - } - - return verifyReq -} - -func convertResponseFromREST(resp *ccpb.VerifyAttestationResponse) (*verifier.VerifyAttestationResponse, error) { - token := []byte(resp.GetOidcClaimsToken()) - return &verifier.VerifyAttestationResponse{ - ClaimsToken: token, - PartialErrs: resp.PartialErrors, - }, nil -} - -func convertOCISignatureToREST(signature oci.Signature) (*ccpb.ContainerImageSignature, error) { - payload, err := signature.Payload() - if err != nil { - return nil, err - } - b64Sig, err := signature.Base64Encoded() - if err != nil { - return nil, err - } - sigBytes, err := encoding.DecodeString(b64Sig) - if err != nil { - return nil, err - } - return &ccpb.ContainerImageSignature{ - Payload: payload, - Signature: sigBytes, - }, nil -} - -func convertSEVSNPProtoToREST(att *spb.Attestation) (*ccpb.VerifyAttestationRequest_SevSnpAttestation, error) { - auxBlob := sabi.CertsFromProto(att.GetCertificateChain()).Marshal() - rawReport, err := sabi.ReportToAbiBytes(att.GetReport()) - if err != nil { - return nil, err - } - return &ccpb.VerifyAttestationRequest_SevSnpAttestation{ - SevSnpAttestation: &ccpb.SevSnpAttestation{ - AuxBlob: auxBlob, - Report: rawReport, - }, - }, nil -} - -func convertTDXProtoToREST(att *tpb.QuoteV4) (*ccpb.VerifyAttestationRequest_TdCcel, error) { - rawQuote, err := tabi.QuoteToAbiBytes(att) - if err != nil { - return nil, err - } - return &ccpb.VerifyAttestationRequest_TdCcel{ - TdCcel: &ccpb.TdxCcelAttestation{ - TdQuote: rawQuote, - }, - }, nil -} - -func setAwsPrincipalTagOptions(requestTokenOptions *models.TokenOptions) *ccpb.TokenOptions_AwsPrincipalTagsOptions { - if requestTokenOptions.PrincipalTagOptions == nil { - return nil - } - options := &ccpb.TokenOptions_AwsPrincipalTagsOptions{ - AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{}, - } - - if requestTokenOptions.PrincipalTagOptions.AllowedPrincipalTags == nil { - return options - } - options.AwsPrincipalTagsOptions.AllowedPrincipalTags = &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{} - - if requestTokenOptions.PrincipalTagOptions.AllowedPrincipalTags.ContainerImageSignatures == nil { - return options - } - - options.AwsPrincipalTagsOptions.GetAllowedPrincipalTags().ContainerImageSignatures = &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ - KeyIds: requestTokenOptions.PrincipalTagOptions.AllowedPrincipalTags.ContainerImageSignatures.KeyIDs, - } - - return options -} - -func convertCSRequestToREST(request verifier.VerifyAttestationRequest) *ccpb.VerifyConfidentialSpaceRequest { - // Use convertRequestToREST to avoid duplicating conversion logic. - verifyAttRequest := convertRequestToREST(request) - - csReq := &ccpb.VerifyConfidentialSpaceRequest{ - Challenge: verifyAttRequest.Challenge, - GcpCredentials: verifyAttRequest.GcpCredentials, - SignedEntities: verifyAttRequest.ConfidentialSpaceInfo.SignedEntities, - } - - if request.TDCCELAttestation != nil { // TDX Attestation. - csReq.TeeAttestation = &ccpb.VerifyConfidentialSpaceRequest_TdCcel{ - TdCcel: verifyAttRequest.GetTdCcel(), - } - - // Set AK cert info. - csReq.GceShieldedIdentity = &ccpb.GceShieldedIdentity{ - AkCert: verifyAttRequest.TpmAttestation.AkCert, - AkCertChain: verifyAttRequest.TpmAttestation.CertChain, - } - } else { // TPM Attestation. - csReq.TeeAttestation = &ccpb.VerifyConfidentialSpaceRequest_TpmAttestation{ - TpmAttestation: verifyAttRequest.TpmAttestation, - } - } - - csReq.Options = convertToCSOpts(verifyAttRequest.TokenOptions) - - return csReq -} - -func convertToCSOpts(tokenOpts *ccpb.TokenOptions) *ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions { - if tokenOpts == nil { - return &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, - } - } - - csOpts := &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - Audience: tokenOpts.Audience, - Nonce: tokenOpts.Nonce, - } - - switch tokenOpts.TokenType { - case ccpb.TokenType_TOKEN_TYPE_OIDC: - csOpts.SignatureType = ccpb.SignatureType_SIGNATURE_TYPE_OIDC - csOpts.TokenProfile = ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT - - case ccpb.TokenType_TOKEN_TYPE_PKI: - csOpts.SignatureType = ccpb.SignatureType_SIGNATURE_TYPE_PKI - csOpts.TokenProfile = ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT - - case ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, ccpb.TokenType_TOKEN_TYPE_LIMITED_AWS: - csOpts.SignatureType = ccpb.SignatureType_SIGNATURE_TYPE_OIDC - csOpts.TokenProfile = ccpb.TokenProfile_TOKEN_PROFILE_AWS - - if tokenOpts.TokenTypeOptions != nil { - csOpts.TokenProfileOptions = &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions_AwsPrincipalTagsOptions{ - AwsPrincipalTagsOptions: tokenOpts.GetAwsPrincipalTagsOptions(), - } - } - default: - // TokenProfile must be specified. - csOpts.TokenProfile = ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT - } - - return csOpts -} - -func convertCSResponseFromREST(resp *ccpb.VerifyConfidentialSpaceResponse) *verifier.VerifyAttestationResponse { - token := []byte(resp.GetAttestationToken()) - return &verifier.VerifyAttestationResponse{ - ClaimsToken: token, - PartialErrs: resp.PartialErrors, - } -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/rest/rest_test.go b/vendor/github.com/google/go-tpm-tools/verifier/rest/rest_test.go deleted file mode 100644 index a91509527..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/rest/rest_test.go +++ /dev/null @@ -1,616 +0,0 @@ -package rest - -import ( - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/google/go-tpm-tools/proto/tpm" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/models" - "github.com/google/uuid" - "google.golang.org/genproto/googleapis/rpc/status" - "google.golang.org/protobuf/encoding/prototext" - "google.golang.org/protobuf/testing/protocmp" - - ccpb "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb" - sabi "github.com/google/go-sev-guest/abi" - spb "github.com/google/go-sev-guest/proto/sevsnp" - tabi "github.com/google/go-tdx-guest/abi" - tpb "github.com/google/go-tdx-guest/proto/tdx" - tgtestdata "github.com/google/go-tdx-guest/testing/testdata" - attestpb "github.com/google/go-tpm-tools/proto/attest" -) - -var ( - tokenOptionsCompareOpts = []cmp.Option{ - cmpopts.IgnoreUnexported(ccpb.TokenOptions{}), - cmpopts.IgnoreUnexported(ccpb.TokenOptions_AwsPrincipalTagsOptions{}), - cmpopts.IgnoreUnexported(ccpb.AwsPrincipalTagsOptions{}), - cmpopts.IgnoreUnexported(ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{}), - cmpopts.IgnoreUnexported(ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{}), - cmpopts.IgnoreUnexported(ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{}), - } -) - -// Make sure our conversion function can handle empty values. -func TestConvertEmpty(t *testing.T) { - if _, err := convertChallengeFromREST(&ccpb.Challenge{}); err != nil { - t.Errorf("Converting empty challenge: %v", err) - } - _ = convertRequestToREST(verifier.VerifyAttestationRequest{}) - if _, err := convertResponseFromREST(&ccpb.VerifyAttestationResponse{}); err != nil { - t.Errorf("Converting empty challenge: %v", err) - } -} - -const ( - emptyReport = ` - version: 2 - policy: 0xa0000 - signature_algo: 1 - report_data: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - family_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - image_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - measurement: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - host_data: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - id_key_digest: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - author_key_digest: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - report_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - report_id_ma: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - chip_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - signature: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - ` - extraGUID = "00000000-0000-c0de-0000-000000000000" -) - -func TestConvertSEVSNPProtoToREST(t *testing.T) { - report := &spb.Report{} - if err := prototext.Unmarshal([]byte(emptyReport), report); err != nil { - t.Fatalf("Unable to unmarshal SEV-SNP report proto: %v", err) - } - - rawCertTable := testRawCertTable(t) - certTable := &sabi.CertTable{} - if err := certTable.Unmarshal(rawCertTable.table); err != nil { - t.Fatalf("Failed to unmarshal certTable bytes: %v", err) - } - sevsnp := &spb.Attestation{Report: report, CertificateChain: certTable.Proto()} - - got, err := convertSEVSNPProtoToREST(sevsnp) - if err != nil { - t.Errorf("failed to convert SEVSNP proto to API proto: %v", err) - } - - wantReport, err := sabi.ReportToAbiBytes(report) - if err != nil { - t.Fatalf("Unable to convert SEV-SNP report proto to ABI bytes: %v", err) - } - - want := &ccpb.VerifyAttestationRequest_SevSnpAttestation{ - SevSnpAttestation: &ccpb.SevSnpAttestation{ - AuxBlob: rawCertTable.table, - Report: wantReport, - }, - } - - if diff := cmp.Diff(got, want, protocmp.Transform()); diff != "" { - t.Errorf("SEVSNP API proto mismatch: %s", diff) - } -} - -type testCertTable struct { - table []byte - extraraw []byte -} - -func testRawCertTable(t testing.TB) *testCertTable { - t.Helper() - headers := make([]sabi.CertTableHeaderEntry, 6) // ARK, ASK, VCEK, VLEK, extra, NULL - arkraw := []byte("ark") - askraw := []byte("ask") - vcekraw := []byte("vcek") - vlekraw := []byte("vlek") - extraraw := []byte("extra") - - var err error - headers[0].GUID, err = uuid.Parse(sabi.ArkGUID) - if err != nil { - t.Fatalf("cannot parse uuid: %v", err) - } - headers[0].Offset = uint32(len(headers) * sabi.CertTableEntrySize) - headers[0].Length = uint32(len(arkraw)) - - headers[1].GUID, err = uuid.Parse(sabi.AskGUID) - - if err != nil { - t.Fatalf("cannot parse uuid: %v", err) - } - headers[1].Offset = headers[0].Offset + headers[0].Length - headers[1].Length = uint32(len(askraw)) - - headers[2].GUID, err = uuid.Parse(sabi.VcekGUID) - if err != nil { - t.Fatalf("cannot parse uuid: %v", err) - } - headers[2].Offset = headers[1].Offset + headers[1].Length - headers[2].Length = uint32(len(vcekraw)) - - headers[3].GUID, err = uuid.Parse(sabi.VlekGUID) - if err != nil { - t.Fatalf("cannot parse uuid: %v", err) - } - headers[3].Offset = headers[2].Offset + headers[2].Length - headers[3].Length = uint32(len(vlekraw)) - - headers[4].GUID, err = uuid.Parse(extraGUID) - if err != nil { - t.Fatalf("cannot parse uuid: %v", err) - } - headers[4].Offset = headers[3].Offset + headers[3].Length - headers[4].Length = uint32(len(extraraw)) - - result := &testCertTable{ - table: make([]byte, headers[4].Offset+headers[4].Length), - extraraw: extraraw, - } - for i, cert := range [][]byte{arkraw, askraw, vcekraw, vlekraw, extraraw} { - if err := (&headers[i]).Write(result.table[i*sabi.CertTableEntrySize:]); err != nil { - t.Fatalf("could not write header %d: %v", i, err) - } - copy(result.table[headers[i].Offset:], cert) - } - return result -} - -func TestConvertTDXProtoToREST(t *testing.T) { - testCases := []struct { - name string - quote func() *tpb.QuoteV4 - wantPass bool - }{ - { - name: "successful TD quote conversion", - quote: func() *tpb.QuoteV4 { - tdx, err := tabi.QuoteToProto(tgtestdata.RawQuote) - if err != nil { - t.Fatalf("Unable to convert Raw TD Quote to TDX V4 quote: %v", err) - } - - quote, ok := tdx.(*tpb.QuoteV4) - if !ok { - t.Fatal("Quote format not supported, want QuoteV4 format") - } - return quote - }, - wantPass: true, - }, - { - name: "nil TD quote conversion", - quote: func() *tpb.QuoteV4 { return nil }, - wantPass: false, - }, - } - - for _, tc := range testCases { - got, err := convertTDXProtoToREST(tc.quote()) - if err != nil && tc.wantPass { - t.Errorf("failed to convert TDX proto to API proto: %v", err) - } - - if tc.wantPass { - want := &ccpb.VerifyAttestationRequest_TdCcel{ - TdCcel: &ccpb.TdxCcelAttestation{ - TdQuote: tgtestdata.RawQuote, - }, - } - - if diff := cmp.Diff(got, want, protocmp.Transform()); diff != "" { - t.Errorf("TDX API proto mismatch: %s", diff) - } - } - } -} - -func TestConvertTokenOptionsToREST(t *testing.T) { - testCases := []struct { - name string - tokenOptions *models.TokenOptions - wantpb *ccpb.TokenOptions - }{ - { - name: "NilTokenOptions", - tokenOptions: nil, - wantpb: nil, - }, - { - name: "EmptyTokenOptions", - tokenOptions: &models.TokenOptions{}, - wantpb: &ccpb.TokenOptions{}, - }, - { - name: "TokenOptionsHappyPath", - tokenOptions: &models.TokenOptions{ - Audience: "TestingAudience", - Nonces: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, - TokenType: "AWS_PRINCIPALTAGS", - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ - AllowedPrincipalTags: &models.AllowedPrincipalTags{ - ContainerImageSignatures: &models.ContainerImageSignatures{ - KeyIDs: []string{"abcdefg", "12345"}, - }, - }, - }, - }, - wantpb: &ccpb.TokenOptions{ - Audience: "TestingAudience", - Nonce: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, - TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, - TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ - AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ - AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{ - ContainerImageSignatures: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ - KeyIds: []string{"abcdefg", "12345"}, - }, - }, - }, - }, - }, - }, - { - name: "TokenTypeOptionsMissingSubClasses", - tokenOptions: &models.TokenOptions{ - Audience: "TestingAudience", - Nonces: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, - TokenType: "AWS_PRINCIPALTAGS", - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ - AllowedPrincipalTags: &models.AllowedPrincipalTags{}, - }, - }, - wantpb: &ccpb.TokenOptions{ - Audience: "TestingAudience", - Nonce: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, - TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, - TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ - AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ - AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{}, - }, - }, - }, - }, - { - name: "MissingAudNonceTokenType", - tokenOptions: &models.TokenOptions{ - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ - AllowedPrincipalTags: &models.AllowedPrincipalTags{}, - }, - }, - wantpb: &ccpb.TokenOptions{ - TokenTypeOptions: nil, - }, - }, - { - name: "MissingAudNonce", - tokenOptions: &models.TokenOptions{ - TokenType: "AWS_PRINCIPALTAGS", - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ - AllowedPrincipalTags: &models.AllowedPrincipalTags{}, - }, - }, - wantpb: &ccpb.TokenOptions{ - TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, - TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ - AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ - AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{}, - }, - }, - }, - }, - { - name: "TokenOptionsHappyPath", - tokenOptions: &models.TokenOptions{ - Audience: "TestingAudience", - Nonces: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, - TokenType: "AWS_PRINCIPALTAGS", - PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ - AllowedPrincipalTags: &models.AllowedPrincipalTags{ - ContainerImageSignatures: &models.ContainerImageSignatures{ - KeyIDs: []string{"abcdefg", "12345"}, - }, - }, - }, - }, - wantpb: &ccpb.TokenOptions{ - Audience: "TestingAudience", - Nonce: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, - TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, - TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ - AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ - AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{ - ContainerImageSignatures: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ - KeyIds: []string{"abcdefg", "12345"}, - }, - }, - }, - }, - }, - }, - { - name: "OIDCTokenType", - tokenOptions: &models.TokenOptions{ - TokenType: "OIDC", - }, - wantpb: &ccpb.TokenOptions{ - TokenType: ccpb.TokenType_TOKEN_TYPE_OIDC, - }, - }, - { - name: "OIDCTokenType", - tokenOptions: &models.TokenOptions{ - TokenType: "OIDC", - }, - wantpb: &ccpb.TokenOptions{ - TokenType: ccpb.TokenType_TOKEN_TYPE_OIDC, - }, - }, - { - name: "LimitedAWSTokenType", - tokenOptions: &models.TokenOptions{ - TokenType: "LIMITED_AWS", - }, - wantpb: &ccpb.TokenOptions{ - TokenType: ccpb.TokenType_TOKEN_TYPE_LIMITED_AWS, - }, - }, - { - name: "SingleNonce", - tokenOptions: &models.TokenOptions{ - Nonces: []string{"thisistheonlynonce"}, - }, - wantpb: &ccpb.TokenOptions{ - Nonce: []string{"thisistheonlynonce"}, - }, - }, - } - - for _, tc := range testCases { - pbTokenOpts := convertTokenOptionsToREST(tc.tokenOptions) - diff := cmp.Diff(tc.wantpb, pbTokenOpts, tokenOptionsCompareOpts...) - if diff != "" { - t.Errorf("%v: %s", tc.name, diff) - } - } -} - -func TestConvertTokenOptionsToCSOptions(t *testing.T) { - testcases := []struct { - name string - tokenOpts *ccpb.TokenOptions - expectedOpts *ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions - }{ - { - name: "nil input", - tokenOpts: nil, - expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, - }, - }, - { - name: "custom audience and nonce", - tokenOpts: &ccpb.TokenOptions{ - Audience: "test-audience", - Nonce: []string{"test-nonce-1", "test-nonce-2"}, - }, - expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - Audience: "test-audience", - Nonce: []string{"test-nonce-1", "test-nonce-2"}, - TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, - }, - }, - { - name: "OIDC token type", - tokenOpts: &ccpb.TokenOptions{ - TokenType: ccpb.TokenType_TOKEN_TYPE_OIDC, - }, - expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - SignatureType: ccpb.SignatureType_SIGNATURE_TYPE_OIDC, - TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, - }, - }, - { - name: "PKI token type", - tokenOpts: &ccpb.TokenOptions{ - TokenType: ccpb.TokenType_TOKEN_TYPE_PKI, - }, - expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - SignatureType: ccpb.SignatureType_SIGNATURE_TYPE_PKI, - TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, - }, - }, - { - name: "AWS token type", - tokenOpts: &ccpb.TokenOptions{ - TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, - TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ - AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ - AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{ - ContainerImageSignatures: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ - KeyIds: []string{"keyid1", "keyid2"}, - }, - }, - }, - }, - }, - expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - SignatureType: ccpb.SignatureType_SIGNATURE_TYPE_OIDC, - TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_AWS, - TokenProfileOptions: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions_AwsPrincipalTagsOptions{ - AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ - AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{ - ContainerImageSignatures: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ - KeyIds: []string{"keyid1", "keyid2"}, - }, - }, - }, - }, - }, - }, - } - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - gotOpts := convertToCSOpts(tc.tokenOpts) - if diff := cmp.Diff(gotOpts, tc.expectedOpts, tokenOptionsCompareOpts...); diff != "" { - t.Errorf("convertToCSOpts did not return expected opts (-got, +want): %v", diff) - } - }) - } -} - -func TestConvertCSRequestToREST(t *testing.T) { - testcases := []struct { - name string - verifierReq verifier.VerifyAttestationRequest - expectedReq *ccpb.VerifyConfidentialSpaceRequest - }{ - { - name: "TPM attestation request", - verifierReq: verifier.VerifyAttestationRequest{ - Attestation: &attestpb.Attestation{ - Quotes: []*tpm.Quote{{ - Quote: []byte("raw quote 1"), - RawSig: []byte("raw sig 1"), - Pcrs: &tpm.PCRs{ - Hash: tpm.HashAlgo_SHA1, - Pcrs: map[uint32][]byte{ - 1: []byte("PCR A"), - 2: []byte("PCR B"), - }, - }, - }}, - EventLog: []byte("test-tcg-event-log"), - CanonicalEventLog: []byte("test-canonical-event-log"), - AkCert: []byte("test-ak-cert"), - IntermediateCerts: [][]byte{[]byte("chain-1"), []byte("chain-2")}, - }, - ContainerImageSignatures: []*verifier.ContainerSignature{{ - Payload: []byte("test-payload"), - Signature: []byte("test-signature"), - }}, - GcpCredentials: [][]byte{[]byte("testcredentials@google.com")}, - TokenOptions: &models.TokenOptions{ - Audience: "test-aud", - Nonces: []string{"test-nonce"}, - TokenType: "PKI", - }, - }, - expectedReq: &ccpb.VerifyConfidentialSpaceRequest{ - TeeAttestation: &ccpb.VerifyConfidentialSpaceRequest_TpmAttestation{ - TpmAttestation: &ccpb.TpmAttestation{ - Quotes: []*ccpb.TpmAttestation_Quote{ - { - RawQuote: []byte("raw quote 1"), - RawSignature: []byte("raw sig 1"), - HashAlgo: int32(tpm.HashAlgo_SHA1), - PcrValues: map[int32][]byte{ - 1: []byte("PCR A"), - 2: []byte("PCR B"), - }, - }, - }, - TcgEventLog: []byte("test-tcg-event-log"), - CanonicalEventLog: []byte("test-canonical-event-log"), - AkCert: []byte("test-ak-cert"), - CertChain: [][]byte{[]byte("chain-1"), []byte("chain-2")}, - }, - }, - SignedEntities: []*ccpb.SignedEntity{{ - ContainerImageSignatures: []*ccpb.ContainerImageSignature{{ - Payload: []byte("test-payload"), - Signature: []byte("test-signature"), - }}, - }}, - GcpCredentials: &ccpb.GcpCredentials{ServiceAccountIdTokens: []string{"testcredentials@google.com"}}, - Options: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - Audience: "test-aud", - Nonce: []string{"test-nonce"}, - TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, - SignatureType: ccpb.SignatureType_SIGNATURE_TYPE_PKI, - }, - }, - }, - { - name: "TDCCEL Attestation", - verifierReq: verifier.VerifyAttestationRequest{ - TDCCELAttestation: &verifier.TDCCELAttestation{ - TdQuote: []byte("test td quote"), - CcelAcpiTable: []byte("test CCEL table"), - CcelData: []byte("test CCEL data"), - CanonicalEventLog: []byte("test CEL"), - AkCert: []byte("test-ak-cert"), - IntermediateCerts: [][]byte{[]byte("chain-1"), []byte("chain-2")}, - }, - }, - expectedReq: &ccpb.VerifyConfidentialSpaceRequest{ - TeeAttestation: &ccpb.VerifyConfidentialSpaceRequest_TdCcel{ - TdCcel: &ccpb.TdxCcelAttestation{ - TdQuote: []byte("test td quote"), - CcelAcpiTable: []byte("test CCEL table"), - CcelData: []byte("test CCEL data"), - CanonicalEventLog: []byte("test CEL"), - }, - }, - GceShieldedIdentity: &ccpb.GceShieldedIdentity{ - AkCert: []byte("test-ak-cert"), - AkCertChain: [][]byte{[]byte("chain-1"), []byte("chain-2")}, - }, - Options: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ - TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, - }, - GcpCredentials: &ccpb.GcpCredentials{ServiceAccountIdTokens: []string{}}, - SignedEntities: []*ccpb.SignedEntity{{ContainerImageSignatures: []*ccpb.ContainerImageSignature{}}}, - }, - }, - } - - cmpOpts := append( - tokenOptionsCompareOpts, - cmpopts.IgnoreUnexported(ccpb.VerifyConfidentialSpaceRequest{}), - cmpopts.IgnoreUnexported(ccpb.TpmAttestation{}), - cmpopts.IgnoreUnexported(ccpb.TpmAttestation_Quote{}), - cmpopts.IgnoreUnexported(ccpb.TdxCcelAttestation{}), - cmpopts.IgnoreUnexported(ccpb.GceShieldedIdentity{}), - cmpopts.IgnoreUnexported(ccpb.GcpCredentials{}), - cmpopts.IgnoreUnexported(ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{}), - cmpopts.IgnoreUnexported(ccpb.ContainerImageSignature{}), - cmpopts.IgnoreUnexported(ccpb.SignedEntity{}), - ) - - for _, tc := range testcases { - t.Run(tc.name, func(t *testing.T) { - gotReq := convertCSRequestToREST(tc.verifierReq) - if diff := cmp.Diff(gotReq, tc.expectedReq, cmpOpts...); diff != "" { - t.Errorf("convertCSRequestToREST returned unexpected output (-got, +want): %v", diff) - } - }) - } -} - -func TestConvertCSResponseFromREST(t *testing.T) { - expectedResp := &verifier.VerifyAttestationResponse{ - ClaimsToken: []byte("test-token"), - PartialErrs: []*status.Status{ - {Code: 404, Message: "Partial Error Message"}, - }, - } - - csResp := &ccpb.VerifyConfidentialSpaceResponse{ - AttestationToken: string(expectedResp.ClaimsToken), - PartialErrors: expectedResp.PartialErrs, - } - - gotResp := convertCSResponseFromREST(csResp) - if diff := cmp.Diff(gotResp, expectedResp, cmpopts.IgnoreUnexported(status.Status{})); diff != "" { - t.Errorf("convertCSResponseFromREST(%v) did not return expected output(-got, +want): %v", csResp, diff) - } -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/util/fake_attestation_server.go b/vendor/github.com/google/go-tpm-tools/verifier/util/fake_attestation_server.go deleted file mode 100644 index 5b83b2bb1..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/util/fake_attestation_server.go +++ /dev/null @@ -1,120 +0,0 @@ -package util - -import ( - "fmt" - "io" - "net/http" - "net/http/httptest" - - "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb" - "github.com/golang-jwt/jwt/v4" - "golang.org/x/net/http2" - "google.golang.org/protobuf/encoding/protojson" -) - -// FakeChallengeUUID is the challenge for fake attestation server -const FakeChallengeUUID = "947b4f7b-e6d4-4cfe-971c-39ffe00268ba" - -// FakeTpmNonce is the tpm nonce for fake attestation server -const FakeTpmNonce = "R29vZ0F0dGVzdFYxeGtJUGlRejFPOFRfTzg4QTRjdjRpQQ==" - -// FakeCustomNonce is the custom nonce for fake attestation server -var FakeCustomNonce = []string{"1234567890", "1234567890"} - -// FakeCustomNonce is the custom audience for fake attestation server -const FakeCustomAudience = "https://api.test.com" - -// MockAttestationServer provides fake implementation for the GCE attestation server. -type MockAttestationServer struct { - Server *httptest.Server -} - -type fakeOidcTokenPayload struct { - Audience string `json:"aud"` - IssuedAt int64 `json:"iat"` - ExpiredAt int64 `json:"exp"` -} - -func (payload *fakeOidcTokenPayload) Valid() error { - return nil -} - -// NewMockAttestationServer creates a mock verifier -func NewMockAttestationServer() (*MockAttestationServer, error) { - handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - locationPath := "/v1/projects/test-project/locations/us-central" - if r.URL.Path == locationPath { - location := "{\n \"name\": \"projects/test-project/locations/us-central-1\",\n \"locationId\": \"us-central-1\"\n}\n" - w.Write([]byte(location)) - } - challengePath := locationPath + "-1/challenges" - if r.URL.Path == challengePath { - challenge := "{\n \"name\": \"projects/test-project/locations/us-central-1/challenges/" + FakeChallengeUUID + "\",\n \"createTime\": \"2023-09-21T01:04:48.230111757Z\",\n \"expireTime\": \"2023-09-21T02:04:48.230111757Z\",\n \"tpmNonce\": \"" + FakeTpmNonce + "\"\n}\n" - w.Write([]byte(challenge)) - } - verifyAttestationPath := challengePath + "/" + FakeChallengeUUID + ":verifyAttestation" - if r.URL.Path == verifyAttestationPath { - err := validateCustomNonceAndAudienceFromRequest(r) - if err != nil { - fmt.Print("error validating Custom Nonce and Custom Audience") - http.Error(w, "Invalid Nonce or Audience", http.StatusBadRequest) // Return 400 Bad Request - return - } - payload := &fakeOidcTokenPayload{ - Audience: "test", - IssuedAt: 1709752525, - ExpiredAt: 1919752525, - } - jwtTokenUnsigned := jwt.NewWithClaims(jwt.SigningMethodHS256, payload) - fakeJwtToken, err := jwtTokenUnsigned.SignedString([]byte("kcxjxnalpraetgccnnwhpnfwocxscaih")) - if err != nil { - fmt.Print("error creating test OIDC token") - http.Error(w, "Invalid OIDC token creation", http.StatusBadRequest) // Return 400 Bad Request - return - } - w.Write([]byte("{\n \"oidcClaimsToken\": \"" + fakeJwtToken + "\"\n}\n")) - } - }) - httpServer := httptest.NewUnstartedServer(handler) - if err := http2.ConfigureServer(httpServer.Config, new(http2.Server)); err != nil { - return nil, fmt.Errorf("failed to configure HTTP/2 server: %v", err) - } - httpServer.Start() - - return &MockAttestationServer{Server: httpServer}, nil -} - -// Stop shuts down the server. -func (s *MockAttestationServer) Stop() { - s.Server.Close() - -} - -// validateCustomNonceAndAudienceFromRequest validates the custom nonce and custom audience from a VerifyAttestationRequest. -func validateCustomNonceAndAudienceFromRequest(r *http.Request) error { - req := &confidentialcomputingpb.VerifyAttestationRequest{} - body, err := io.ReadAll(r.Body) - if err != nil { - return fmt.Errorf("error reading request body: %v", err) - } - defer r.Body.Close() - - if err := protojson.Unmarshal(body, req); err != nil { - return fmt.Errorf("error decoding attestation request: %v", err) - } - - if req.TokenOptions != nil { - if req.TokenOptions.Nonce != nil { - if req.TokenOptions.Nonce[0] != FakeCustomNonce[0] || req.TokenOptions.Nonce[1] != FakeCustomNonce[1] { - return fmt.Errorf("error comparing custom nonce: %v", err) - } - } - if req.TokenOptions.Audience != "" { - if req.TokenOptions.Audience != FakeCustomAudience { - return fmt.Errorf("error comparing custom audience: %v", err) - } - } - } - - return nil -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/util/fake_metadata.go b/vendor/github.com/google/go-tpm-tools/verifier/util/fake_metadata.go deleted file mode 100644 index aa5e1e9b7..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/util/fake_metadata.go +++ /dev/null @@ -1,73 +0,0 @@ -package util - -import ( - "fmt" - "net/http" - "net/http/httptest" - "os" - "strings" - - "cloud.google.com/go/compute/metadata" -) - -const metadataHostEnv = "GCE_METADATA_HOST" - -// Instance struct for supported fake values for metadata server. -type Instance struct { - ProjectID string - ProjectNumber string - InstanceID string - InstanceName string - Zone string -} - -// MetadataServer provides fake implementation for the GCE metadata server. -type MetadataServer struct { - server *httptest.Server - oldMetadataHostEnv string - responses map[string]string -} - -// NewMetadataServer starts and hooks up a Server, serving env. -// data is the mock Instance data the metadata server will respond with. -func NewMetadataServer(data Instance) (*MetadataServer, error) { - resp := map[string]string{} - resp["project/project-id"] = data.ProjectID - resp["project/numeric-project-id"] = data.ProjectNumber - resp["instance/id"] = data.InstanceID - resp["instance/zone"] = data.Zone - resp["instance/name"] = data.InstanceName - resp["instance/service-accounts/default/identity"] = "test_jwt_token" - - handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - path := "/computeMetadata/v1/" - uri := strings.TrimPrefix(r.URL.Path, path) - if uri != "" { - res, found := resp[uri] - if found { - w.Write([]byte(res)) - return - } - } - http.Error(w, http.StatusText(http.StatusNotImplemented), http.StatusNotImplemented) - }) - httpServer := httptest.NewServer(handler) - - old := os.Getenv(metadataHostEnv) - s := &MetadataServer{oldMetadataHostEnv: old, server: httpServer, responses: resp} - - os.Setenv(metadataHostEnv, strings.TrimPrefix(s.server.URL, "http://")) - - if !metadata.OnGCE() { - s.Stop() - return nil, fmt.Errorf("gcpmocks.NewMetadataServer: failed to fake being on a GCE instance") - } - return s, nil -} - -// Stop shuts down the server and restores original metadataHostEnv env var. -func (s *MetadataServer) Stop() { - os.Setenv(metadataHostEnv, s.oldMetadataHostEnv) - - s.server.Close() -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/util/fake_oauth2_server.go b/vendor/github.com/google/go-tpm-tools/verifier/util/fake_oauth2_server.go deleted file mode 100644 index cd8a53e0a..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/util/fake_oauth2_server.go +++ /dev/null @@ -1,71 +0,0 @@ -package util - -import ( - "encoding/json" - "net/http" - "net/http/httptest" - "os" -) - -// Application Default Credentials (ADC) is a strategy used by the Google authentication libraries to automatically find credentials based on the application environment. -// ADC searches for credentials in GOOGLE_APPLICATION_CREDENTIALS environment variable first (https://cloud.google.com/docs/authentication/application-default-credentials) -// We use fakeAsHostEnv to let ADC find fake credential. -const oauth2CredentialHostEnv = "GOOGLE_APPLICATION_CREDENTIALS" - -// MockOauth2Server is a struct for mocking Oauth2Server -type MockOauth2Server struct { - Server *httptest.Server - OriginalCred string -} - -// NewMockOauth2Server creates a mock Oauth2 server for testing purpose -func NewMockOauth2Server() (*MockOauth2Server, error) { - mux := http.NewServeMux() - mux.HandleFunc("/o/oauth2/auth", func(_ http.ResponseWriter, _ *http.Request) { - // Unimplemented: Should return authorization code back to the user - }) - - mux.HandleFunc("/token", func(w http.ResponseWriter, _ *http.Request) { - // Should return acccess token back to the user - w.Header().Set("Content-Type", "application/x-www-form-urlencoded") - w.Write([]byte("access_token=mocktoken&scope=user&token_type=bearer")) - }) - - server := httptest.NewServer(mux) - - // create test oauth2 credentials - testCredentials := map[string]string{ - "client_id": "id", - "client_secret": "testdata", - "refresh_token": "testdata", - "type": "authorized_user", - } - - fakeOauthCredentialData, err := json.MarshalIndent(testCredentials, "", " ") // Indent for readability - if err != nil { - return nil, err - } - - file, err := os.CreateTemp("", "fake_oauth2_test_credentials") - if err != nil { - return nil, err - } - defer file.Close() - - _, err = file.Write(fakeOauthCredentialData) - if err != nil { - return nil, err - } - - old := os.Getenv(oauth2CredentialHostEnv) - os.Setenv(oauth2CredentialHostEnv, file.Name()) - - return &MockOauth2Server{Server: server, OriginalCred: old}, nil -} - -// Stop cleans up the fake credential, reset the original one, and shuts down the server. -func (s *MockOauth2Server) Stop() { - os.Remove(os.Getenv(oauth2CredentialHostEnv)) - os.Setenv(oauth2CredentialHostEnv, s.OriginalCred) - s.Server.Close() -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/util/util.go b/vendor/github.com/google/go-tpm-tools/verifier/util/util.go deleted file mode 100644 index b7ab8f4f3..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/util/util.go +++ /dev/null @@ -1,73 +0,0 @@ -// Package util provides helper funtions to prepare materials for talking to attestation verifiers. -package util - -import ( - "context" - "fmt" - "io" - "net/url" - "strings" - - "cloud.google.com/go/compute/metadata" - "github.com/google/go-tpm-tools/client" - "github.com/google/go-tpm-tools/verifier" - "github.com/google/go-tpm-tools/verifier/rest" - "golang.org/x/oauth2/google" - "google.golang.org/api/option" -) - -// TpmKeyFetcher abstracts the fetching of various types of Attestation Key from TPM -type TpmKeyFetcher func(rw io.ReadWriter) (*client.Key, error) - -// PrincipalFetcher fetch ID token with specific audience from Metadata server. -// See https://cloud.google.com/functions/docs/securing/authenticating#functions-bearer-token-example-go. -func PrincipalFetcher(audience string, mdsClient *metadata.Client) ([][]byte, error) { - u := url.URL{ - Path: "instance/service-accounts/default/identity", - RawQuery: url.Values{ - "audience": {audience}, - "format": {"full"}, - }.Encode(), - } - idToken, err := mdsClient.Get(u.String()) - if err != nil { - return nil, fmt.Errorf("failed to get principal tokens: %w", err) - } - - tokens := [][]byte{[]byte(idToken)} - return tokens, nil -} - -// NewRESTClient returns a REST verifier.Client that points to the given address. -// It defaults to the Attestation Verifier instance at -// https://confidentialcomputing.googleapis.com. -func NewRESTClient(ctx context.Context, asAddr string, ProjectID string, Region string) (verifier.Client, error) { - httpClient, err := google.DefaultClient(ctx) - if err != nil { - return nil, fmt.Errorf("failed to create HTTP client: %v", err) - } - - opts := []option.ClientOption{option.WithHTTPClient(httpClient)} - if asAddr != "" { - opts = append(opts, option.WithEndpoint(asAddr)) - } - - restClient, err := rest.NewClient(ctx, ProjectID, Region, opts...) - if err != nil { - return nil, err - } - return restClient, nil -} - -// GetRegion retrieves region information from GCE metadata server -func GetRegion(client *metadata.Client) (string, error) { - zone, err := client.Zone() - if err != nil { - return "", fmt.Errorf("failed to retrieve zone from MDS: %v", err) - } - lastDash := strings.LastIndex(zone, "-") - if lastDash == -1 { - return "", fmt.Errorf("got malformed zone from MDS: %v", zone) - } - return zone[:lastDash], nil -} diff --git a/vendor/github.com/google/go-tpm-tools/verifier/util/util_test.go b/vendor/github.com/google/go-tpm-tools/verifier/util/util_test.go deleted file mode 100644 index 3e83e0fad..000000000 --- a/vendor/github.com/google/go-tpm-tools/verifier/util/util_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package util - -import ( - "testing" - - "cloud.google.com/go/compute/metadata" - "github.com/google/go-cmp/cmp" -) - -func TestPrincipleFetcher(t *testing.T) { - var dummyMetaInstance = Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} - mockMdsServer, err := NewMetadataServer(dummyMetaInstance) - if err != nil { - t.Error(err) - } - defer mockMdsServer.Stop() - mdsClient := metadata.NewClient(nil) - gotTokens, err := PrincipalFetcher("test_audience", mdsClient) - if err != nil { - t.Error(err) - } - wantTokens := [][]byte{[]byte("test_jwt_token")} - if !cmp.Equal(wantTokens, gotTokens) { - t.Error("ID Token Mismatch") - } -} - -func TestGetRegion(t *testing.T) { - var dummyMetaInstance = Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} - mockMdsServer, err := NewMetadataServer(dummyMetaInstance) - if err != nil { - t.Error(err) - } - defer mockMdsServer.Stop() - // Metadata Server (MDS). A GCP specific client. - mdsClient := metadata.NewClient(nil) - region, err := GetRegion(mdsClient) - if err != nil { - t.Errorf("Failed to GetRegion %s", err) - } - if region != "us-central" { - t.Error("Region Mismatch") - } -} diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go index e854d7e84..2950fdb42 100644 --- a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go +++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go @@ -82,7 +82,7 @@ func marshalJSON(id []byte) ([]byte, error) { } // unmarshalJSON inflates trace id from hex string, possibly enclosed in quotes. -func unmarshalJSON(dst []byte, src []byte) error { +func unmarshalJSON(dst, src []byte) error { if l := len(src); l >= 2 && src[0] == '"' && src[l-1] == '"' { src = src[1 : l-1] } diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go index 29e629d66..5bb3b16c7 100644 --- a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go +++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go @@ -41,7 +41,7 @@ func (i *protoInt64) UnmarshalJSON(data []byte) error { // strings or integers. type protoUint64 uint64 -// Int64 returns the protoUint64 as a uint64. +// Uint64 returns the protoUint64 as a uint64. func (i *protoUint64) Uint64() uint64 { return uint64(*i) } // UnmarshalJSON decodes both strings and integers. diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go index a13a6b733..67f80b6aa 100644 --- a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go +++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go @@ -10,6 +10,7 @@ import ( "errors" "fmt" "io" + "math" "time" ) @@ -151,8 +152,8 @@ func (s Span) MarshalJSON() ([]byte, error) { }{ Alias: Alias(s), ParentSpanID: parentSpanId, - StartTime: uint64(startT), - EndTime: uint64(endT), + StartTime: uint64(startT), // nolint:gosec // >0 checked above. + EndTime: uint64(endT), // nolint:gosec // >0 checked above. }) } @@ -201,11 +202,13 @@ func (s *Span) UnmarshalJSON(data []byte) error { case "startTimeUnixNano", "start_time_unix_nano": var val protoUint64 err = decoder.Decode(&val) - s.StartTime = time.Unix(0, int64(val.Uint64())) + v := int64(min(val.Uint64(), math.MaxInt64)) //nolint:gosec // Overflow checked. + s.StartTime = time.Unix(0, v) case "endTimeUnixNano", "end_time_unix_nano": var val protoUint64 err = decoder.Decode(&val) - s.EndTime = time.Unix(0, int64(val.Uint64())) + v := int64(min(val.Uint64(), math.MaxInt64)) //nolint:gosec // Overflow checked. + s.EndTime = time.Unix(0, v) case "attributes": err = decoder.Decode(&s.Attrs) case "droppedAttributesCount", "dropped_attributes_count": @@ -248,13 +251,20 @@ func (s *Span) UnmarshalJSON(data []byte) error { type SpanFlags int32 const ( + // SpanFlagsTraceFlagsMask is a mask for trace-flags. + // // Bits 0-7 are used for trace flags. SpanFlagsTraceFlagsMask SpanFlags = 255 - // Bits 8 and 9 are used to indicate that the parent span or link span is remote. - // Bit 8 (`HAS_IS_REMOTE`) indicates whether the value is known. - // Bit 9 (`IS_REMOTE`) indicates whether the span or link is remote. + // SpanFlagsContextHasIsRemoteMask is a mask for HAS_IS_REMOTE status. + // + // Bits 8 and 9 are used to indicate that the parent span or link span is + // remote. Bit 8 (`HAS_IS_REMOTE`) indicates whether the value is known. SpanFlagsContextHasIsRemoteMask SpanFlags = 256 - // SpanFlagsContextHasIsRemoteMask indicates the Span is remote. + // SpanFlagsContextIsRemoteMask is a mask for IS_REMOTE status. + // + // Bits 8 and 9 are used to indicate that the parent span or link span is + // remote. Bit 9 (`IS_REMOTE`) indicates whether the span or link is + // remote. SpanFlagsContextIsRemoteMask SpanFlags = 512 ) @@ -263,26 +273,30 @@ const ( type SpanKind int32 const ( - // Indicates that the span represents an internal operation within an application, - // as opposed to an operation happening at the boundaries. Default value. + // SpanKindInternal indicates that the span represents an internal + // operation within an application, as opposed to an operation happening at + // the boundaries. SpanKindInternal SpanKind = 1 - // Indicates that the span covers server-side handling of an RPC or other - // remote network request. + // SpanKindServer indicates that the span covers server-side handling of an + // RPC or other remote network request. SpanKindServer SpanKind = 2 - // Indicates that the span describes a request to some remote service. + // SpanKindClient indicates that the span describes a request to some + // remote service. SpanKindClient SpanKind = 3 - // Indicates that the span describes a producer sending a message to a broker. - // Unlike CLIENT and SERVER, there is often no direct critical path latency relationship - // between producer and consumer spans. A PRODUCER span ends when the message was accepted - // by the broker while the logical processing of the message might span a much longer time. + // SpanKindProducer indicates that the span describes a producer sending a + // message to a broker. Unlike SpanKindClient and SpanKindServer, there is + // often no direct critical path latency relationship between producer and + // consumer spans. A SpanKindProducer span ends when the message was + // accepted by the broker while the logical processing of the message might + // span a much longer time. SpanKindProducer SpanKind = 4 - // Indicates that the span describes consumer receiving a message from a broker. - // Like the PRODUCER kind, there is often no direct critical path latency relationship - // between producer and consumer spans. + // SpanKindConsumer indicates that the span describes a consumer receiving + // a message from a broker. Like SpanKindProducer, there is often no direct + // critical path latency relationship between producer and consumer spans. SpanKindConsumer SpanKind = 5 ) -// Event is a time-stamped annotation of the span, consisting of user-supplied +// SpanEvent is a time-stamped annotation of the span, consisting of user-supplied // text description and key-value pairs. type SpanEvent struct { // time_unix_nano is the time the event occurred. @@ -312,7 +326,7 @@ func (e SpanEvent) MarshalJSON() ([]byte, error) { Time uint64 `json:"timeUnixNano,omitempty"` }{ Alias: Alias(e), - Time: uint64(t), + Time: uint64(t), //nolint:gosec // >0 checked above }) } @@ -347,7 +361,8 @@ func (se *SpanEvent) UnmarshalJSON(data []byte) error { case "timeUnixNano", "time_unix_nano": var val protoUint64 err = decoder.Decode(&val) - se.Time = time.Unix(0, int64(val.Uint64())) + v := int64(min(val.Uint64(), math.MaxInt64)) //nolint:gosec // Overflow checked. + se.Time = time.Unix(0, v) case "name": err = decoder.Decode(&se.Name) case "attributes": @@ -365,10 +380,11 @@ func (se *SpanEvent) UnmarshalJSON(data []byte) error { return nil } -// A pointer from the current span to another span in the same trace or in a -// different trace. For example, this can be used in batching operations, -// where a single batch handler processes multiple requests from different -// traces or when the handler receives a request from a different project. +// SpanLink is a reference from the current span to another span in the same +// trace or in a different trace. For example, this can be used in batching +// operations, where a single batch handler processes multiple requests from +// different traces or when the handler receives a request from a different +// project. type SpanLink struct { // A unique identifier of a trace that this linked span is part of. The ID is a // 16-byte array. diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go index 1217776ea..a2802764f 100644 --- a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go +++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go @@ -3,17 +3,19 @@ package telemetry +// StatusCode is the status of a Span. +// // For the semantics of status codes see // https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api.md#set-status type StatusCode int32 const ( - // The default status. + // StatusCodeUnset is the default status. StatusCodeUnset StatusCode = 0 - // The Span has been validated by an Application developer or Operator to - // have completed successfully. + // StatusCodeOK is used when the Span has been validated by an Application + // developer or Operator to have completed successfully. StatusCodeOK StatusCode = 1 - // The Span contains an error. + // StatusCodeError is used when the Span contains an error. StatusCodeError StatusCode = 2 ) diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go index 69a348f0f..44197b808 100644 --- a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go +++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go @@ -71,7 +71,7 @@ func (td *Traces) UnmarshalJSON(data []byte) error { return nil } -// A collection of ScopeSpans from a Resource. +// ResourceSpans is a collection of ScopeSpans from a Resource. type ResourceSpans struct { // The resource for the spans in this message. // If this field is not set then no resource info is known. @@ -128,7 +128,7 @@ func (rs *ResourceSpans) UnmarshalJSON(data []byte) error { return nil } -// A collection of Spans produced by an InstrumentationScope. +// ScopeSpans is a collection of Spans produced by an InstrumentationScope. type ScopeSpans struct { // The instrumentation scope information for the spans in this message. // Semantically when InstrumentationScope isn't set, it is equivalent with diff --git a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go index 0dd01b063..022768bb5 100644 --- a/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go +++ b/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go @@ -1,8 +1,6 @@ // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 -//go:generate stringer -type=ValueKind -trimprefix=ValueKind - package telemetry import ( @@ -23,7 +21,7 @@ import ( // A zero value is valid and represents an empty value. type Value struct { // Ensure forward compatibility by explicitly making this not comparable. - noCmp [0]func() //nolint: unused // This is indeed used. + noCmp [0]func() //nolint:unused // This is indeed used. // num holds the value for Int64, Float64, and Bool. It holds the length // for String, Bytes, Slice, Map. @@ -92,7 +90,7 @@ func IntValue(v int) Value { return Int64Value(int64(v)) } // Int64Value returns a [Value] for an int64. func Int64Value(v int64) Value { - return Value{num: uint64(v), any: ValueKindInt64} + return Value{num: uint64(v), any: ValueKindInt64} //nolint:gosec // Raw value conv. } // Float64Value returns a [Value] for a float64. @@ -164,7 +162,7 @@ func (v Value) AsInt64() int64 { // this will return garbage. func (v Value) asInt64() int64 { // Assumes v.num was a valid int64 (overflow not checked). - return int64(v.num) // nolint: gosec + return int64(v.num) //nolint:gosec // Bounded. } // AsBool returns the value held by v as a bool. @@ -309,13 +307,13 @@ func (v Value) String() string { return v.asString() case ValueKindInt64: // Assumes v.num was a valid int64 (overflow not checked). - return strconv.FormatInt(int64(v.num), 10) // nolint: gosec + return strconv.FormatInt(int64(v.num), 10) //nolint:gosec // Bounded. case ValueKindFloat64: return strconv.FormatFloat(v.asFloat64(), 'g', -1, 64) case ValueKindBool: return strconv.FormatBool(v.asBool()) case ValueKindBytes: - return fmt.Sprint(v.asBytes()) + return string(v.asBytes()) case ValueKindMap: return fmt.Sprint(v.asMap()) case ValueKindSlice: @@ -343,7 +341,7 @@ func (v *Value) MarshalJSON() ([]byte, error) { case ValueKindInt64: return json.Marshal(struct { Value string `json:"intValue"` - }{strconv.FormatInt(int64(v.num), 10)}) + }{strconv.FormatInt(int64(v.num), 10)}) //nolint:gosec // Raw value conv. case ValueKindFloat64: return json.Marshal(struct { Value float64 `json:"doubleValue"` diff --git a/vendor/go.opentelemetry.io/auto/sdk/span.go b/vendor/go.opentelemetry.io/auto/sdk/span.go index 6ebea12a9..815d271ff 100644 --- a/vendor/go.opentelemetry.io/auto/sdk/span.go +++ b/vendor/go.opentelemetry.io/auto/sdk/span.go @@ -6,6 +6,7 @@ package sdk import ( "encoding/json" "fmt" + "math" "reflect" "runtime" "strings" @@ -16,7 +17,7 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" - semconv "go.opentelemetry.io/otel/semconv/v1.26.0" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" "go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace/noop" @@ -85,7 +86,12 @@ func (s *span) SetAttributes(attrs ...attribute.KeyValue) { limit := maxSpan.Attrs if limit == 0 { // No attributes allowed. - s.span.DroppedAttrs += uint32(len(attrs)) + n := int64(len(attrs)) + if n > 0 { + s.span.DroppedAttrs += uint32( //nolint:gosec // Bounds checked. + min(n, math.MaxUint32), + ) + } return } @@ -121,8 +127,13 @@ func (s *span) SetAttributes(attrs ...attribute.KeyValue) { // convCappedAttrs converts up to limit attrs into a []telemetry.Attr. The // number of dropped attributes is also returned. func convCappedAttrs(limit int, attrs []attribute.KeyValue) ([]telemetry.Attr, uint32) { + n := len(attrs) if limit == 0 { - return nil, uint32(len(attrs)) + var out uint32 + if n > 0 { + out = uint32(min(int64(n), math.MaxUint32)) //nolint:gosec // Bounds checked. + } + return nil, out } if limit < 0 { @@ -130,8 +141,12 @@ func convCappedAttrs(limit int, attrs []attribute.KeyValue) ([]telemetry.Attr, u return convAttrs(attrs), 0 } - limit = min(len(attrs), limit) - return convAttrs(attrs[:limit]), uint32(len(attrs) - limit) + if n < 0 { + n = 0 + } + + limit = min(n, limit) + return convAttrs(attrs[:limit]), uint32(n - limit) //nolint:gosec // Bounds checked. } func convAttrs(attrs []attribute.KeyValue) []telemetry.Attr { diff --git a/vendor/go.opentelemetry.io/auto/sdk/tracer.go b/vendor/go.opentelemetry.io/auto/sdk/tracer.go index cbcfabde3..e09acf022 100644 --- a/vendor/go.opentelemetry.io/auto/sdk/tracer.go +++ b/vendor/go.opentelemetry.io/auto/sdk/tracer.go @@ -5,6 +5,7 @@ package sdk import ( "context" + "math" "time" "go.opentelemetry.io/otel/trace" @@ -21,15 +22,20 @@ type tracer struct { var _ trace.Tracer = tracer{} -func (t tracer) Start(ctx context.Context, name string, opts ...trace.SpanStartOption) (context.Context, trace.Span) { - var psc trace.SpanContext +func (t tracer) Start( + ctx context.Context, + name string, + opts ...trace.SpanStartOption, +) (context.Context, trace.Span) { + var psc, sc trace.SpanContext sampled := true span := new(span) // Ask eBPF for sampling decision and span context info. - t.start(ctx, span, &psc, &sampled, &span.spanContext) + t.start(ctx, span, &psc, &sampled, &sc) span.sampled.Store(sampled) + span.spanContext = sc ctx = trace.ContextWithSpan(ctx, span) @@ -58,7 +64,13 @@ func (t *tracer) start( // start is used for testing. var start = func(context.Context, *span, *trace.SpanContext, *bool, *trace.SpanContext) {} -func (t tracer) traces(name string, cfg trace.SpanConfig, sc, psc trace.SpanContext) (*telemetry.Traces, *telemetry.Span) { +var intToUint32Bound = min(math.MaxInt, math.MaxUint32) + +func (t tracer) traces( + name string, + cfg trace.SpanConfig, + sc, psc trace.SpanContext, +) (*telemetry.Traces, *telemetry.Span) { span := &telemetry.Span{ TraceID: telemetry.TraceID(sc.TraceID()), SpanID: telemetry.SpanID(sc.SpanID()), @@ -73,11 +85,16 @@ func (t tracer) traces(name string, cfg trace.SpanConfig, sc, psc trace.SpanCont links := cfg.Links() if limit := maxSpan.Links; limit == 0 { - span.DroppedLinks = uint32(len(links)) + n := len(links) + if n > 0 { + bounded := max(min(n, intToUint32Bound), 0) + span.DroppedLinks = uint32(bounded) //nolint:gosec // Bounds checked. + } } else { if limit > 0 { n := max(len(links)-limit, 0) - span.DroppedLinks = uint32(n) + bounded := min(n, intToUint32Bound) + span.DroppedLinks = uint32(bounded) //nolint:gosec // Bounds checked. links = links[n:] } span.Links = convLinks(links) diff --git a/vendor/go.opentelemetry.io/otel/.clomonitor.yml b/vendor/go.opentelemetry.io/otel/.clomonitor.yml new file mode 100644 index 000000000..128d61a22 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/.clomonitor.yml @@ -0,0 +1,3 @@ +exemptions: + - check: artifacthub_badge + reason: "Artifact Hub doesn't support Go packages" diff --git a/vendor/go.opentelemetry.io/otel/.codespellignore b/vendor/go.opentelemetry.io/otel/.codespellignore index 6bf3abc41..a6d0cbcc9 100644 --- a/vendor/go.opentelemetry.io/otel/.codespellignore +++ b/vendor/go.opentelemetry.io/otel/.codespellignore @@ -7,3 +7,5 @@ ans nam valu thirdparty +addOpt +observ diff --git a/vendor/go.opentelemetry.io/otel/.gitignore b/vendor/go.opentelemetry.io/otel/.gitignore index ae8577ef3..749e8e881 100644 --- a/vendor/go.opentelemetry.io/otel/.gitignore +++ b/vendor/go.opentelemetry.io/otel/.gitignore @@ -1,6 +1,7 @@ .DS_Store Thumbs.db +.cache/ .tools/ venv/ .idea/ diff --git a/vendor/go.opentelemetry.io/otel/.golangci.yml b/vendor/go.opentelemetry.io/otel/.golangci.yml index ce3f40b60..1b1b2aff9 100644 --- a/vendor/go.opentelemetry.io/otel/.golangci.yml +++ b/vendor/go.opentelemetry.io/otel/.golangci.yml @@ -1,325 +1,263 @@ -# See https://github.com/golangci/golangci-lint#config-file +version: "2" run: - issues-exit-code: 1 #Default - tests: true #Default - + issues-exit-code: 1 + tests: true linters: - # Disable everything by default so upgrades to not include new "default - # enabled" linters. - disable-all: true - # Specifically enable linters we want to use. + default: none enable: - asasalint - bodyclose - depguard - errcheck - errorlint + - gocritic - godot - - gofumpt - - goimports - gosec - - gosimple - govet - ineffassign - misspell - perfsprint - revive - staticcheck - - tenv - testifylint - - typecheck - unconvert - - unused - unparam + - unused - usestdlibvars - + - usetesting + settings: + depguard: + rules: + auto/sdk: + files: + - '!internal/global/trace.go' + - ~internal/global/trace_test.go + deny: + - pkg: go.opentelemetry.io/auto/sdk + desc: Do not use SDK from automatic instrumentation. + non-tests: + files: + - '!$test' + - '!**/*test/*.go' + - '!**/internal/matchers/*.go' + deny: + - pkg: testing + - pkg: github.com/stretchr/testify + - pkg: crypto/md5 + - pkg: crypto/sha1 + - pkg: crypto/**/pkix + otel-internal: + files: + - '**/sdk/*.go' + - '**/sdk/**/*.go' + - '**/exporters/*.go' + - '**/exporters/**/*.go' + - '**/schema/*.go' + - '**/schema/**/*.go' + - '**/metric/*.go' + - '**/metric/**/*.go' + - '**/bridge/*.go' + - '**/bridge/**/*.go' + - '**/trace/*.go' + - '**/trace/**/*.go' + - '**/log/*.go' + - '**/log/**/*.go' + deny: + - pkg: go.opentelemetry.io/otel/internal$ + desc: Do not use cross-module internal packages. + - pkg: go.opentelemetry.io/otel/internal/internaltest + desc: Do not use cross-module internal packages. + otlp-internal: + files: + - '!**/exporters/otlp/internal/**/*.go' + deny: + - pkg: go.opentelemetry.io/otel/exporters/otlp/internal + desc: Do not use cross-module internal packages. + otlpmetric-internal: + files: + - '!**/exporters/otlp/otlpmetric/internal/*.go' + - '!**/exporters/otlp/otlpmetric/internal/**/*.go' + deny: + - pkg: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal + desc: Do not use cross-module internal packages. + otlptrace-internal: + files: + - '!**/exporters/otlp/otlptrace/*.go' + - '!**/exporters/otlp/otlptrace/internal/**.go' + deny: + - pkg: go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal + desc: Do not use cross-module internal packages. + gocritic: + disabled-checks: + - appendAssign + - commentedOutCode + - dupArg + - hugeParam + - importShadow + - preferDecodeRune + - rangeValCopy + - unnamedResult + - whyNoLint + enable-all: true + godot: + exclude: + # Exclude links. + - '^ *\[[^]]+\]:' + # Exclude sentence fragments for lists. + - ^[ ]*[-•] + # Exclude sentences prefixing a list. + - :$ + misspell: + locale: US + ignore-rules: + - cancelled + perfsprint: + int-conversion: true + err-error: true + errorf: true + sprintf1: true + strconcat: true + revive: + confidence: 0.01 + rules: + - name: blank-imports + - name: bool-literal-in-expr + - name: constant-logical-expr + - name: context-as-argument + arguments: + - allowTypesBefore: '*testing.T' + disabled: true + - name: context-keys-type + - name: deep-exit + - name: defer + arguments: + - - call-chain + - loop + - name: dot-imports + - name: duplicated-imports + - name: early-return + arguments: + - preserveScope + - name: empty-block + - name: empty-lines + - name: error-naming + - name: error-return + - name: error-strings + - name: errorf + - name: exported + arguments: + - sayRepetitiveInsteadOfStutters + - name: flag-parameter + - name: identical-branches + - name: if-return + - name: import-shadowing + - name: increment-decrement + - name: indent-error-flow + arguments: + - preserveScope + - name: package-comments + - name: range + - name: range-val-in-closure + - name: range-val-address + - name: redefines-builtin-id + - name: string-format + arguments: + - - panic + - /^[^\n]*$/ + - must not contain line breaks + - name: struct-tag + - name: superfluous-else + arguments: + - preserveScope + - name: time-equal + - name: unconditional-recursion + - name: unexported-return + - name: unhandled-error + arguments: + - fmt.Fprint + - fmt.Fprintf + - fmt.Fprintln + - fmt.Print + - fmt.Printf + - fmt.Println + - name: unused-parameter + - name: unused-receiver + - name: unnecessary-stmt + - name: use-any + - name: useless-break + - name: var-declaration + - name: var-naming + arguments: + - ["ID"] # AllowList + - ["Otel", "Aws", "Gcp"] # DenyList + - name: waitgroup-by-value + testifylint: + enable-all: true + disable: + - float-compare + - go-require + - require-error + usetesting: + context-background: true + context-todo: true + exclusions: + generated: lax + presets: + - common-false-positives + - legacy + - std-error-handling + rules: + - linters: + - revive + path: schema/v.*/types/.* + text: avoid meaningless package names + # TODO: Having appropriate comments for exported objects helps development, + # even for objects in internal packages. Appropriate comments for all + # exported objects should be added and this exclusion removed. + - linters: + - revive + path: .*internal/.* + text: exported (method|function|type|const) (.+) should have comment or be unexported + # Yes, they are, but it's okay in a test. + - linters: + - revive + path: _test\.go + text: exported func.*returns unexported type.*which can be annoying to use + # Example test functions should be treated like main. + - linters: + - revive + path: example.*_test\.go + text: calls to (.+) only in main[(][)] or init[(][)] functions + # It's okay to not run gosec and perfsprint in a test. + - linters: + - gosec + - perfsprint + path: _test\.go + # Ignoring gosec G404: Use of weak random number generator (math/rand instead of crypto/rand) + # as we commonly use it in tests and examples. + - linters: + - gosec + text: 'G404:' + # Ignoring gosec G402: TLS MinVersion too low + # as the https://pkg.go.dev/crypto/tls#Config handles MinVersion default well. + - linters: + - gosec + text: 'G402: TLS MinVersion too low.' issues: - # Maximum issues count per one linter. - # Set to 0 to disable. - # Default: 50 - # Setting to unlimited so the linter only is run once to debug all issues. max-issues-per-linter: 0 - # Maximum count of issues with the same text. - # Set to 0 to disable. - # Default: 3 - # Setting to unlimited so the linter only is run once to debug all issues. max-same-issues: 0 - # Excluding configuration per-path, per-linter, per-text and per-source. - exclude-rules: - # TODO: Having appropriate comments for exported objects helps development, - # even for objects in internal packages. Appropriate comments for all - # exported objects should be added and this exclusion removed. - - path: '.*internal/.*' - text: "exported (method|function|type|const) (.+) should have comment or be unexported" - linters: - - revive - # Yes, they are, but it's okay in a test. - - path: _test\.go - text: "exported func.*returns unexported type.*which can be annoying to use" - linters: - - revive - # Example test functions should be treated like main. - - path: example.*_test\.go - text: "calls to (.+) only in main[(][)] or init[(][)] functions" - linters: - - revive - # It's okay to not run gosec and perfsprint in a test. - - path: _test\.go - linters: - - gosec - - perfsprint - # Ignoring gosec G404: Use of weak random number generator (math/rand instead of crypto/rand) - # as we commonly use it in tests and examples. - - text: "G404:" - linters: - - gosec - # Ignoring gosec G402: TLS MinVersion too low - # as the https://pkg.go.dev/crypto/tls#Config handles MinVersion default well. - - text: "G402: TLS MinVersion too low." - linters: - - gosec - include: - # revive exported should have comment or be unexported. - - EXC0012 - # revive package comment should be of the form ... - - EXC0013 - -linters-settings: - depguard: - rules: - non-tests: - files: - - "!$test" - - "!**/*test/*.go" - - "!**/internal/matchers/*.go" - deny: - - pkg: "testing" - - pkg: "github.com/stretchr/testify" - - pkg: "crypto/md5" - - pkg: "crypto/sha1" - - pkg: "crypto/**/pkix" - auto/sdk: - files: - - "!internal/global/trace.go" - - "~internal/global/trace_test.go" - deny: - - pkg: "go.opentelemetry.io/auto/sdk" - desc: Do not use SDK from automatic instrumentation. - otlp-internal: - files: - - "!**/exporters/otlp/internal/**/*.go" - deny: - - pkg: "go.opentelemetry.io/otel/exporters/otlp/internal" - desc: Do not use cross-module internal packages. - otlptrace-internal: - files: - - "!**/exporters/otlp/otlptrace/*.go" - - "!**/exporters/otlp/otlptrace/internal/**.go" - deny: - - pkg: "go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal" - desc: Do not use cross-module internal packages. - otlpmetric-internal: - files: - - "!**/exporters/otlp/otlpmetric/internal/*.go" - - "!**/exporters/otlp/otlpmetric/internal/**/*.go" - deny: - - pkg: "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/internal" - desc: Do not use cross-module internal packages. - otel-internal: - files: - - "**/sdk/*.go" - - "**/sdk/**/*.go" - - "**/exporters/*.go" - - "**/exporters/**/*.go" - - "**/schema/*.go" - - "**/schema/**/*.go" - - "**/metric/*.go" - - "**/metric/**/*.go" - - "**/bridge/*.go" - - "**/bridge/**/*.go" - - "**/trace/*.go" - - "**/trace/**/*.go" - - "**/log/*.go" - - "**/log/**/*.go" - deny: - - pkg: "go.opentelemetry.io/otel/internal$" - desc: Do not use cross-module internal packages. - - pkg: "go.opentelemetry.io/otel/internal/attribute" - desc: Do not use cross-module internal packages. - - pkg: "go.opentelemetry.io/otel/internal/internaltest" - desc: Do not use cross-module internal packages. - - pkg: "go.opentelemetry.io/otel/internal/matchers" - desc: Do not use cross-module internal packages. - godot: - exclude: - # Exclude links. - - '^ *\[[^]]+\]:' - # Exclude sentence fragments for lists. - - '^[ ]*[-•]' - # Exclude sentences prefixing a list. - - ':$' - goimports: - local-prefixes: go.opentelemetry.io - misspell: - locale: US - ignore-words: - - cancelled - perfsprint: - err-error: true - errorf: true - int-conversion: true - sprintf1: true - strconcat: true - revive: - # Sets the default failure confidence. - # This means that linting errors with less than 0.8 confidence will be ignored. - # Default: 0.8 - confidence: 0.01 - rules: - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#blank-imports - - name: blank-imports - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#bool-literal-in-expr - - name: bool-literal-in-expr - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#constant-logical-expr - - name: constant-logical-expr - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#context-as-argument - # TODO (#3372) re-enable linter when it is compatible. https://github.com/golangci/golangci-lint/issues/3280 - - name: context-as-argument - disabled: true - arguments: - allowTypesBefore: "*testing.T" - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#context-keys-type - - name: context-keys-type - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#deep-exit - - name: deep-exit - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#defer - - name: defer - disabled: false - arguments: - - ["call-chain", "loop"] - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#dot-imports - - name: dot-imports - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#duplicated-imports - - name: duplicated-imports - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#early-return - - name: early-return - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-block - - name: empty-block - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#empty-lines - - name: empty-lines - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#error-naming - - name: error-naming - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#error-return - - name: error-return - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#error-strings - - name: error-strings - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#errorf - - name: errorf - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#exported - - name: exported - disabled: false - arguments: - - "sayRepetitiveInsteadOfStutters" - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#flag-parameter - - name: flag-parameter - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#identical-branches - - name: identical-branches - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#if-return - - name: if-return - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#increment-decrement - - name: increment-decrement - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#indent-error-flow - - name: indent-error-flow - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#import-shadowing - - name: import-shadowing - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#package-comments - - name: package-comments - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#range - - name: range - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#range-val-in-closure - - name: range-val-in-closure - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#range-val-address - - name: range-val-address - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#redefines-builtin-id - - name: redefines-builtin-id - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#string-format - - name: string-format - disabled: false - arguments: - - - panic - - '/^[^\n]*$/' - - must not contain line breaks - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#struct-tag - - name: struct-tag - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#superfluous-else - - name: superfluous-else - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#time-equal - - name: time-equal - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#var-naming - - name: var-naming - disabled: false - arguments: - - ["ID"] # AllowList - - ["Otel", "Aws", "Gcp"] # DenyList - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#var-declaration - - name: var-declaration - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unconditional-recursion - - name: unconditional-recursion - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unexported-return - - name: unexported-return - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unhandled-error - - name: unhandled-error - disabled: false - arguments: - - "fmt.Fprint" - - "fmt.Fprintf" - - "fmt.Fprintln" - - "fmt.Print" - - "fmt.Printf" - - "fmt.Println" - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unnecessary-stmt - - name: unnecessary-stmt - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#useless-break - - name: useless-break - disabled: false - # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#waitgroup-by-value - - name: waitgroup-by-value - disabled: false - testifylint: - enable-all: true - disable: - - float-compare - - go-require - - require-error +formatters: + enable: + - gofumpt + - goimports + - golines + settings: + gofumpt: + extra-rules: true + goimports: + local-prefixes: + - go.opentelemetry.io/otel + golines: + max-len: 120 + exclusions: + generated: lax diff --git a/vendor/go.opentelemetry.io/otel/.lycheeignore b/vendor/go.opentelemetry.io/otel/.lycheeignore index 40d62fa2e..994b677df 100644 --- a/vendor/go.opentelemetry.io/otel/.lycheeignore +++ b/vendor/go.opentelemetry.io/otel/.lycheeignore @@ -1,6 +1,13 @@ http://localhost +https://localhost http://jaeger-collector https://github.com/open-telemetry/opentelemetry-go/milestone/ https://github.com/open-telemetry/opentelemetry-go/projects +# Weaver model URL for semantic-conventions repository. +https?:\/\/github\.com\/open-telemetry\/semantic-conventions\/archive\/refs\/tags\/[^.]+\.zip\[[^]]+] file:///home/runner/work/opentelemetry-go/opentelemetry-go/libraries file:///home/runner/work/opentelemetry-go/opentelemetry-go/manual +http://4.3.2.1:78/user/123 +file:///home/runner/work/opentelemetry-go/opentelemetry-go/exporters/otlp/otlptrace/otlptracegrpc/internal/observ/dns:/:4317 +# URL works, but it has blocked link checkers. +https://dl.acm.org/doi/10.1145/198429.198435 diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md index 599d59cd1..ecbe0582c 100644 --- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md +++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md @@ -11,6 +11,307 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm +## [1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05 + +### Added + +- Greatly reduce the cost of recording metrics in `go.opentelemetry.io/otel/sdk/metric` using hashing for map keys. (#7175) +- Add `WithInstrumentationAttributeSet` option to `go.opentelemetry.io/otel/log`, `go.opentelemetry.io/otel/metric`, and `go.opentelemetry.io/otel/trace` packages. + This provides a concurrent-safe and performant alternative to `WithInstrumentationAttributes` by accepting a pre-constructed `attribute.Set`. (#7287) +- Add experimental observability for the Prometheus exporter in `go.opentelemetry.io/otel/exporters/prometheus`. + Check the `go.opentelemetry.io/otel/exporters/prometheus/internal/x` package documentation for more information. (#7345) +- Add experimental observability metrics in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. (#7353) +- Add temporality selector functions `DeltaTemporalitySelector`, `CumulativeTemporalitySelector`, `LowMemoryTemporalitySelector` to `go.opentelemetry.io/otel/sdk/metric`. (#7434) +- Add experimental observability metrics for simple log processor in `go.opentelemetry.io/otel/sdk/log`. (#7548) +- Add experimental observability metrics in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#7459) +- Add experimental observability metrics in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#7486) +- Add experimental observability metrics for simple span processor in `go.opentelemetry.io/otel/sdk/trace`. (#7374) +- Add experimental observability metrics in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#7512) +- Add experimental observability metrics for manual reader in `go.opentelemetry.io/otel/sdk/metric`. (#7524) +- Add experimental observability metrics for periodic reader in `go.opentelemetry.io/otel/sdk/metric`. (#7571) +- Support `OTEL_EXPORTER_OTLP_LOGS_INSECURE` and `OTEL_EXPORTER_OTLP_INSECURE` environmental variables in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#7608) +- Add `Enabled` method to the `Processor` interface in `go.opentelemetry.io/otel/sdk/log`. + All `Processor` implementations now include an `Enabled` method. (#7639) +- The `go.opentelemetry.io/otel/semconv/v1.38.0` package. + The package contains semantic conventions from the `v1.38.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.38.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.37.0.`(#7648) + +### Changed + +- `Distinct` in `go.opentelemetry.io/otel/attribute` is no longer guaranteed to uniquely identify an attribute set. + Collisions between `Distinct` values for different Sets are possible with extremely high cardinality (billions of series per instrument), but are highly unlikely. (#7175) +- `WithInstrumentationAttributes` in `go.opentelemetry.io/otel/trace` synchronously de-duplicates the passed attributes instead of delegating it to the returned `TracerOption`. (#7266) +- `WithInstrumentationAttributes` in `go.opentelemetry.io/otel/meter` synchronously de-duplicates the passed attributes instead of delegating it to the returned `MeterOption`. (#7266) +- `WithInstrumentationAttributes` in `go.opentelemetry.io/otel/log` synchronously de-duplicates the passed attributes instead of delegating it to the returned `LoggerOption`. (#7266) +- Rename the `OTEL_GO_X_SELF_OBSERVABILITY` environment variable to `OTEL_GO_X_OBSERVABILITY` in `go.opentelemetry.io/otel/sdk/trace`, `go.opentelemetry.io/otel/sdk/log`, and `go.opentelemetry.io/otel/exporters/stdout/stdouttrace`. (#7302) +- Improve performance of histogram `Record` in `go.opentelemetry.io/otel/sdk/metric` when min and max are disabled using `NoMinMax`. (#7306) +- Improve error handling for dropped data during translation by using `prometheus.NewInvalidMetric` in `go.opentelemetry.io/otel/exporters/prometheus`. + âš ï¸ **Breaking Change:** Previously, these cases were only logged and scrapes succeeded. + Now, when translation would drop data (e.g., invalid label/value), the exporter emits a `NewInvalidMetric`, and Prometheus scrapes **fail with HTTP 500** by default. + To preserve the prior behavior (scrapes succeed while errors are logged), configure your Prometheus HTTP handler with: `promhttp.HandlerOpts{ ErrorHandling: promhttp.ContinueOnError }`. (#7363) +- Replace fnv hash with xxhash in `go.opentelemetry.io/otel/attribute` for better performance. (#7371) +- The default `TranslationStrategy` in `go.opentelemetry.io/exporters/prometheus` is changed from `otlptranslator.NoUTF8EscapingWithSuffixes` to `otlptranslator.UnderscoreEscapingWithSuffixes`. (#7421) +- Improve performance of concurrent measurements in `go.opentelemetry.io/otel/sdk/metric`. (#7427) +- Include W3C TraceFlags (bits 0–7) in the OTLP `Span.Flags` field in `go.opentelemetry.io/exporters/otlp/otlptrace/otlptracehttp` and `go.opentelemetry.io/exporters/otlp/otlptrace/otlptracegrpc`. (#7438) +- The `ErrorType` function in `go.opentelemetry.io/otel/semconv/v1.37.0` now handles custom error types. + If an error implements an `ErrorType() string` method, the return value of that method will be used as the error type. (#7442) + +### Fixed + +- Fix `WithInstrumentationAttributes` options in `go.opentelemetry.io/otel/trace`, `go.opentelemetry.io/otel/metric`, and `go.opentelemetry.io/otel/log` to properly merge attributes when passed multiple times instead of replacing them. + Attributes with duplicate keys will use the last value passed. (#7300) +- The equality of `attribute.Set` when using the `Equal` method is not affected by the user overriding the empty set pointed to by `attribute.EmptySet` in `go.opentelemetry.io/otel/attribute`. (#7357) +- Return partial OTLP export errors to the caller in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. (#7372) +- Return partial OTLP export errors to the caller in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#7372) +- Return partial OTLP export errors to the caller in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#7372) +- Return partial OTLP export errors to the caller in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#7372) +- Return partial OTLP export errors to the caller in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#7372) +- Return partial OTLP export errors to the caller in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#7372) +- Fix `AddAttributes`, `SetAttributes`, `SetBody` on `Record` in `go.opentelemetry.io/otel/sdk/log` to not mutate input. (#7403) +- Do not double record measurements of `RecordSet` methods in `go.opentelemetry.io/otel/semconv/v1.37.0`. (#7655) +- Do not double record measurements of `RecordSet` methods in `go.opentelemetry.io/otel/semconv/v1.36.0`. (#7656) + +### Removed + +- Drop support for [Go 1.23]. (#7274) +- Remove the `FilterProcessor` interface in `go.opentelemetry.io/otel/sdk/log`. + The `Enabled` method has been added to the `Processor` interface instead. + All `Processor` implementations must now implement the `Enabled` method. + Custom processors that do not filter records can implement `Enabled` to return `true`. (#7639) + +## [1.38.0/0.60.0/0.14.0/0.0.13] 2025-08-29 + +This release is the last to support [Go 1.23]. +The next release will require at least [Go 1.24]. + +### Added + +- Add native histogram exemplar support in `go.opentelemetry.io/otel/exporters/prometheus`. (#6772) +- Add template attribute functions to the `go.opentelmetry.io/otel/semconv/v1.34.0` package. (#6939) + - `ContainerLabel` + - `DBOperationParameter` + - `DBSystemParameter` + - `HTTPRequestHeader` + - `HTTPResponseHeader` + - `K8SCronJobAnnotation` + - `K8SCronJobLabel` + - `K8SDaemonSetAnnotation` + - `K8SDaemonSetLabel` + - `K8SDeploymentAnnotation` + - `K8SDeploymentLabel` + - `K8SJobAnnotation` + - `K8SJobLabel` + - `K8SNamespaceAnnotation` + - `K8SNamespaceLabel` + - `K8SNodeAnnotation` + - `K8SNodeLabel` + - `K8SPodAnnotation` + - `K8SPodLabel` + - `K8SReplicaSetAnnotation` + - `K8SReplicaSetLabel` + - `K8SStatefulSetAnnotation` + - `K8SStatefulSetLabel` + - `ProcessEnvironmentVariable` + - `RPCConnectRPCRequestMetadata` + - `RPCConnectRPCResponseMetadata` + - `RPCGRPCRequestMetadata` + - `RPCGRPCResponseMetadata` +- Add `ErrorType` attribute helper function to the `go.opentelmetry.io/otel/semconv/v1.34.0` package. (#6962) +- Add `WithAllowKeyDuplication` in `go.opentelemetry.io/otel/sdk/log` which can be used to disable deduplication for log records. (#6968) +- Add `WithCardinalityLimit` option to configure the cardinality limit in `go.opentelemetry.io/otel/sdk/metric`. (#6996, #7065, #7081, #7164, #7165, #7179) +- Add `Clone` method to `Record` in `go.opentelemetry.io/otel/log` that returns a copy of the record with no shared state. (#7001) +- Add experimental self-observability span and batch span processor metrics in `go.opentelemetry.io/otel/sdk/trace`. + Check the `go.opentelemetry.io/otel/sdk/trace/internal/x` package documentation for more information. (#7027, #6393, #7209) +- The `go.opentelemetry.io/otel/semconv/v1.36.0` package. + The package contains semantic conventions from the `v1.36.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.36.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.34.0.`(#7032, #7041) +- Add support for configuring Prometheus name translation using `WithTranslationStrategy` option in `go.opentelemetry.io/otel/exporters/prometheus`. The current default translation strategy when UTF-8 mode is enabled is `NoUTF8EscapingWithSuffixes`, but a future release will change the default strategy to `UnderscoreEscapingWithSuffixes` for compliance with the specification. (#7111) +- Add experimental self-observability log metrics in `go.opentelemetry.io/otel/sdk/log`. + Check the `go.opentelemetry.io/otel/sdk/log/internal/x` package documentation for more information. (#7121) +- Add experimental self-observability trace exporter metrics in `go.opentelemetry.io/otel/exporters/stdout/stdouttrace`. + Check the `go.opentelemetry.io/otel/exporters/stdout/stdouttrace/internal/x` package documentation for more information. (#7133) +- Support testing of [Go 1.25]. (#7187) +- The `go.opentelemetry.io/otel/semconv/v1.37.0` package. + The package contains semantic conventions from the `v1.37.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.37.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.36.0.`(#7254) + +### Changed + +- Optimize `TraceIDFromHex` and `SpanIDFromHex` in `go.opentelemetry.io/otel/sdk/trace`. (#6791) +- Change `AssertEqual` in `go.opentelemetry.io/otel/log/logtest` to accept `TestingT` in order to support benchmarks and fuzz tests. (#6908) +- Change `DefaultExemplarReservoirProviderSelector` in `go.opentelemetry.io/otel/sdk/metric` to use `runtime.GOMAXPROCS(0)` instead of `runtime.NumCPU()` for the `FixedSizeReservoirProvider` default size. (#7094) + +### Fixed + +- `SetBody` method of `Record` in `go.opentelemetry.io/otel/sdk/log` now deduplicates key-value collections (`log.Value` of `log.KindMap` from `go.opentelemetry.io/otel/log`). (#7002) +- Fix `go.opentelemetry.io/otel/exporters/prometheus` to not append a suffix if it's already present in metric name. (#7088) +- Fix the `go.opentelemetry.io/otel/exporters/stdout/stdouttrace` self-observability component type and name. (#7195) +- Fix partial export count metric in `go.opentelemetry.io/otel/exporters/stdout/stdouttrace`. (#7199) + +### Deprecated + +- Deprecate `WithoutUnits` and `WithoutCounterSuffixes` options, preferring `WithTranslationStrategy` instead. (#7111) +- Deprecate support for `OTEL_GO_X_CARDINALITY_LIMIT` environment variable in `go.opentelemetry.io/otel/sdk/metric`. Use `WithCardinalityLimit` option instead. (#7166) + +## [0.59.1] 2025-07-21 + +### Changed + +- Retract `v0.59.0` release of `go.opentelemetry.io/otel/exporters/prometheus` module which appends incorrect unit suffixes. (#7046) +- Change `go.opentelemetry.io/otel/exporters/prometheus` to no longer deduplicate suffixes when UTF8 is enabled. + It is recommended to disable unit and counter suffixes in the exporter, and manually add suffixes if you rely on the existing behavior. (#7044) + +### Fixed + +- Fix `go.opentelemetry.io/otel/exporters/prometheus` to properly handle unit suffixes when the unit is in brackets. + E.g. `{spans}`. (#7044) + +## [1.37.0/0.59.0/0.13.0] 2025-06-25 + +### Added + +- The `go.opentelemetry.io/otel/semconv/v1.33.0` package. + The package contains semantic conventions from the `v1.33.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.33.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.32.0.`(#6799) +- The `go.opentelemetry.io/otel/semconv/v1.34.0` package. + The package contains semantic conventions from the `v1.34.0` version of the OpenTelemetry Semantic Conventions. (#6812) +- Add metric's schema URL as `otel_scope_schema_url` label in `go.opentelemetry.io/otel/exporters/prometheus`. (#5947) +- Add metric's scope attributes as `otel_scope_[attribute]` labels in `go.opentelemetry.io/otel/exporters/prometheus`. (#5947) +- Add `EventName` to `EnabledParameters` in `go.opentelemetry.io/otel/log`. (#6825) +- Add `EventName` to `EnabledParameters` in `go.opentelemetry.io/otel/sdk/log`. (#6825) +- Changed handling of `go.opentelemetry.io/otel/exporters/prometheus` metric renaming to add unit suffixes when it doesn't match one of the pre-defined values in the unit suffix map. (#6839) + +### Changed + +- The semantic conventions have been upgraded from `v1.26.0` to `v1.34.0` in `go.opentelemetry.io/otel/bridge/opentracing`. (#6827) +- The semantic conventions have been upgraded from `v1.26.0` to `v1.34.0` in `go.opentelemetry.io/otel/exporters/zipkin`. (#6829) +- The semantic conventions have been upgraded from `v1.26.0` to `v1.34.0` in `go.opentelemetry.io/otel/metric`. (#6832) +- The semantic conventions have been upgraded from `v1.26.0` to `v1.34.0` in `go.opentelemetry.io/otel/sdk/resource`. (#6834) +- The semantic conventions have been upgraded from `v1.26.0` to `v1.34.0` in `go.opentelemetry.io/otel/sdk/trace`. (#6835) +- The semantic conventions have been upgraded from `v1.26.0` to `v1.34.0` in `go.opentelemetry.io/otel/trace`. (#6836) +- `Record.Resource` now returns `*resource.Resource` instead of `resource.Resource` in `go.opentelemetry.io/otel/sdk/log`. (#6864) +- Retry now shows error cause for context timeout in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`, `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`, `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`, `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`, `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`, `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#6898) + +### Fixed + +- Stop stripping trailing slashes from configured endpoint URL in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#6710) +- Stop stripping trailing slashes from configured endpoint URL in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#6710) +- Stop stripping trailing slashes from configured endpoint URL in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. (#6710) +- Stop stripping trailing slashes from configured endpoint URL in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#6710) +- Validate exponential histogram scale range for Prometheus compatibility in `go.opentelemetry.io/otel/exporters/prometheus`. (#6822) +- Context cancellation during metric pipeline produce does not corrupt data in `go.opentelemetry.io/otel/sdk/metric`. (#6914) + +### Removed + +- `go.opentelemetry.io/otel/exporters/prometheus` no longer exports `otel_scope_info` metric. (#6770) + +## [0.12.2] 2025-05-22 + +### Fixed + +- Retract `v0.12.0` release of `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc` module that contains invalid dependencies. (#6804) +- Retract `v0.12.0` release of `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` module that contains invalid dependencies. (#6804) +- Retract `v0.12.0` release of `go.opentelemetry.io/otel/exporters/stdout/stdoutlog` module that contains invalid dependencies. (#6804) + +## [0.12.1] 2025-05-21 + +### Fixes + +- Use the proper dependency version of `go.opentelemetry.io/otel/sdk/log/logtest` in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. (#6800) +- Use the proper dependency version of `go.opentelemetry.io/otel/sdk/log/logtest` in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#6800) +- Use the proper dependency version of `go.opentelemetry.io/otel/sdk/log/logtest` in `go.opentelemetry.io/otel/exporters/stdout/stdoutlog`. (#6800) + +## [1.36.0/0.58.0/0.12.0] 2025-05-20 + +### Added + +- Add exponential histogram support in `go.opentelemetry.io/otel/exporters/prometheus`. (#6421) +- The `go.opentelemetry.io/otel/semconv/v1.31.0` package. + The package contains semantic conventions from the `v1.31.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.31.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.30.0`. (#6479) +- Add `Recording`, `Scope`, and `Record` types in `go.opentelemetry.io/otel/log/logtest`. (#6507) +- Add `WithHTTPClient` option to configure the `http.Client` used by `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. (#6751) +- Add `WithHTTPClient` option to configure the `http.Client` used by `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. (#6752) +- Add `WithHTTPClient` option to configure the `http.Client` used by `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#6688) +- Add `ValuesGetter` in `go.opentelemetry.io/otel/propagation`, a `TextMapCarrier` that supports retrieving multiple values for a single key. (#5973) +- Add `Values` method to `HeaderCarrier` to implement the new `ValuesGetter` interface in `go.opentelemetry.io/otel/propagation`. (#5973) +- Update `Baggage` in `go.opentelemetry.io/otel/propagation` to retrieve multiple values for a key when the carrier implements `ValuesGetter`. (#5973) +- Add `AssertEqual` function in `go.opentelemetry.io/otel/log/logtest`. (#6662) +- The `go.opentelemetry.io/otel/semconv/v1.32.0` package. + The package contains semantic conventions from the `v1.32.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.32.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.31.0`(#6782) +- Add `Transform` option in `go.opentelemetry.io/otel/log/logtest`. (#6794) +- Add `Desc` option in `go.opentelemetry.io/otel/log/logtest`. (#6796) + +### Removed + +- Drop support for [Go 1.22]. (#6381, #6418) +- Remove `Resource` field from `EnabledParameters` in `go.opentelemetry.io/otel/sdk/log`. (#6494) +- Remove `RecordFactory` type from `go.opentelemetry.io/otel/log/logtest`. (#6492) +- Remove `ScopeRecords`, `EmittedRecord`, and `RecordFactory` types from `go.opentelemetry.io/otel/log/logtest`. (#6507) +- Remove `AssertRecordEqual` function in `go.opentelemetry.io/otel/log/logtest`, use `AssertEqual` instead. (#6662) + +### Changed + +- âš ï¸ Update `github.com/prometheus/client_golang` to `v1.21.1`, which changes the `NameValidationScheme` to `UTF8Validation`. + This allows metrics names to keep original delimiters (e.g. `.`), rather than replacing with underscores. + This can be reverted by setting `github.com/prometheus/common/model.NameValidationScheme` to `LegacyValidation` in `github.com/prometheus/common/model`. (#6433) +- Initialize map with `len(keys)` in `NewAllowKeysFilter` and `NewDenyKeysFilter` to avoid unnecessary allocations in `go.opentelemetry.io/otel/attribute`. (#6455) +- `go.opentelemetry.io/otel/log/logtest` is now a separate Go module. (#6465) +- `go.opentelemetry.io/otel/sdk/log/logtest` is now a separate Go module. (#6466) +- `Recorder` in `go.opentelemetry.io/otel/log/logtest` no longer separately stores records emitted by loggers with the same instrumentation scope. (#6507) +- Improve performance of `BatchProcessor` in `go.opentelemetry.io/otel/sdk/log` by not exporting when exporter cannot accept more. (#6569, #6641) + +### Deprecated + +- Deprecate support for `model.LegacyValidation` for `go.opentelemetry.io/otel/exporters/prometheus`. (#6449) + +### Fixes + +- Stop percent encoding header environment variables in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc` and `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#6392) +- Ensure the `noopSpan.tracerProvider` method is not inlined in `go.opentelemetry.io/otel/trace` so the `go.opentelemetry.io/auto` instrumentation can instrument non-recording spans. (#6456) +- Use a `sync.Pool` instead of allocating `metricdata.ResourceMetrics` in `go.opentelemetry.io/otel/exporters/prometheus`. (#6472) + +## [1.35.0/0.57.0/0.11.0] 2025-03-05 + +This release is the last to support [Go 1.22]. +The next release will require at least [Go 1.23]. + +### Added + +- Add `ValueFromAttribute` and `KeyValueFromAttribute` in `go.opentelemetry.io/otel/log`. (#6180) +- Add `EventName` and `SetEventName` to `Record` in `go.opentelemetry.io/otel/log`. (#6187) +- Add `EventName` to `RecordFactory` in `go.opentelemetry.io/otel/log/logtest`. (#6187) +- `AssertRecordEqual` in `go.opentelemetry.io/otel/log/logtest` checks `Record.EventName`. (#6187) +- Add `EventName` and `SetEventName` to `Record` in `go.opentelemetry.io/otel/sdk/log`. (#6193) +- Add `EventName` to `RecordFactory` in `go.opentelemetry.io/otel/sdk/log/logtest`. (#6193) +- Emit `Record.EventName` field in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. (#6211) +- Emit `Record.EventName` field in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. (#6211) +- Emit `Record.EventName` field in `go.opentelemetry.io/otel/exporters/stdout/stdoutlog` (#6210) +- The `go.opentelemetry.io/otel/semconv/v1.28.0` package. + The package contains semantic conventions from the `v1.28.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.28.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.27.0`(#6236) +- The `go.opentelemetry.io/otel/semconv/v1.30.0` package. + The package contains semantic conventions from the `v1.30.0` version of the OpenTelemetry Semantic Conventions. + See the [migration documentation](./semconv/v1.30.0/MIGRATION.md) for information on how to upgrade from `go.opentelemetry.io/otel/semconv/v1.28.0`(#6240) +- Document the pitfalls of using `Resource` as a comparable type. + `Resource.Equal` and `Resource.Equivalent` should be used instead. (#6272) +- Support [Go 1.24]. (#6304) +- Add `FilterProcessor` and `EnabledParameters` in `go.opentelemetry.io/otel/sdk/log`. + It replaces `go.opentelemetry.io/otel/sdk/log/internal/x.FilterProcessor`. + Compared to previous version it additionally gives the possibility to filter by resource and instrumentation scope. (#6317) + +### Changed + +- Update `github.com/prometheus/common` to `v0.62.0`, which changes the `NameValidationScheme` to `NoEscaping`. + This allows metrics names to keep original delimiters (e.g. `.`), rather than replacing with underscores. + This is controlled by the `Content-Type` header, or can be reverted by setting `NameValidationScheme` to `LegacyValidation` in `github.com/prometheus/common/model`. (#6198) + +### Fixes + +- Eliminate goroutine leak for the processor returned by `NewSimpleSpanProcessor` in `go.opentelemetry.io/otel/sdk/trace` when `Shutdown` is called and the passed `ctx` is canceled and `SpanExporter.Shutdown` has not returned. (#6368) +- Eliminate goroutine leak for the processor returned by `NewBatchSpanProcessor` in `go.opentelemetry.io/otel/sdk/trace` when `ForceFlush` is called and the passed `ctx` is canceled and `SpanExporter.Export` has not returned. (#6369) + ## [1.34.0/0.56.0/0.10.0] 2025-01-17 ### Changed @@ -3197,7 +3498,15 @@ It contains api and sdk for trace and meter. - CircleCI build CI manifest files. - CODEOWNERS file to track owners of this project. -[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...HEAD +[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...HEAD +[1.39.0/0.61.0/0.15.0/0.0.14]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.39.0 +[1.38.0/0.60.0/0.14.0/0.0.13]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.38.0 +[0.59.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/exporters/prometheus/v0.59.1 +[1.37.0/0.59.0/0.13.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.37.0 +[0.12.2]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/log/v0.12.2 +[0.12.1]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/log/v0.12.1 +[1.36.0/0.58.0/0.12.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.36.0 +[1.35.0/0.57.0/0.11.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.35.0 [1.34.0/0.56.0/0.10.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.34.0 [1.33.0/0.55.0/0.9.0/0.0.12]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.33.0 [1.32.0/0.54.0/0.8.0/0.0.11]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.32.0 @@ -3288,6 +3597,8 @@ It contains api and sdk for trace and meter. +[Go 1.25]: https://go.dev/doc/go1.25 +[Go 1.24]: https://go.dev/doc/go1.24 [Go 1.23]: https://go.dev/doc/go1.23 [Go 1.22]: https://go.dev/doc/go1.22 [Go 1.21]: https://go.dev/doc/go1.21 diff --git a/vendor/go.opentelemetry.io/otel/CODEOWNERS b/vendor/go.opentelemetry.io/otel/CODEOWNERS index 945a07d2b..26a03aed1 100644 --- a/vendor/go.opentelemetry.io/otel/CODEOWNERS +++ b/vendor/go.opentelemetry.io/otel/CODEOWNERS @@ -12,6 +12,6 @@ # https://help.github.com/en/articles/about-code-owners # -* @MrAlias @XSAM @dashpole @pellared @dmathieu +* @MrAlias @XSAM @dashpole @pellared @dmathieu @flc1125 CODEOWNERS @MrAlias @pellared @dashpole @XSAM @dmathieu diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md index 22a2e9dbd..ff5e1f76e 100644 --- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md +++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md @@ -54,8 +54,8 @@ go get -d go.opentelemetry.io/otel (This may print some warning about "build constraints exclude all Go files", just ignore it.) -This will put the project in `${GOPATH}/src/go.opentelemetry.io/otel`. You -can alternatively use `git` directly with: +This will put the project in `${GOPATH}/src/go.opentelemetry.io/otel`. +Alternatively, you can use `git` directly with: ```sh git clone https://github.com/open-telemetry/opentelemetry-go @@ -65,8 +65,7 @@ git clone https://github.com/open-telemetry/opentelemetry-go that name is a kind of a redirector to GitHub that `go get` can understand, but `git` does not.) -This would put the project in the `opentelemetry-go` directory in -current working directory. +This will add the project as `opentelemetry-go` within the current directory. Enter the newly created directory and add your fork as a new remote: @@ -109,10 +108,9 @@ A PR is considered **ready to merge** when: This is not enforced through automation, but needs to be validated by the maintainer merging. - * The qualified approvals need to be from [Approver]s/[Maintainer]s - affiliated with different companies. Two qualified approvals from - [Approver]s or [Maintainer]s affiliated with the same company counts as a - single qualified approval. + * At least one of the qualified approvals needs to be from an + [Approver]/[Maintainer] affiliated with a different company than the author + of the PR. * PRs introducing changes that have already been discussed and consensus reached only need one qualified approval. The discussion and resolution needs to be linked to the PR. @@ -167,11 +165,11 @@ guidelines](https://opentelemetry.io/docs/specs/otel/library-guidelines). ### Focus on Capabilities, Not Structure Compliance OpenTelemetry is an evolving specification, one where the desires and -use cases are clear, but the method to satisfy those uses cases are +use cases are clear, but the methods to satisfy those use cases are not. As such, Contributions should provide functionality and behavior that -conforms to the specification, but the interface and structure is +conforms to the specification, but the interface and structure are flexible. It is preferable to have contributions follow the idioms of the @@ -181,6 +179,47 @@ patterns in the spec. For a deeper discussion, see [this](https://github.com/open-telemetry/opentelemetry-specification/issues/165). +## Tests + +Each functionality should be covered by tests. + +Performance-critical functionality should also be covered by benchmarks. + +- Pull requests adding a performance-critical functionality +should have `go test -bench` output in their description. +- Pull requests changing a performance-critical functionality +should have [`benchstat`](https://pkg.go.dev/golang.org/x/perf/cmd/benchstat) +output in their description. + +## Dependencies + +This project uses [Go Modules] for dependency management. All modules will use +`go.mod` to explicitly list all direct and indirect dependencies, ensuring a +clear dependency graph. The `go.sum` file for each module will be committed to +the repository and used to verify the integrity of downloaded modules, +preventing malicious tampering. + +This project uses automated dependency update tools (i.e. dependabot, +renovatebot) to manage updates to dependencies. This ensures that dependencies +are kept up-to-date with the latest security patches and features and are +reviewed before being merged. If you would like to propose a change to a +dependency it should be done through a pull request that updates the `go.mod` +file and includes a description of the change. + +See the [versioning and compatibility](./VERSIONING.md) policy for more details +about dependency compatibility. + +[Go Modules]: https://pkg.go.dev/cmd/go#hdr-Modules__module_versions__and_more + +### Environment Dependencies + +This project does not partition dependencies based on the environment (i.e. +`development`, `staging`, `production`). + +Only the dependencies explicitly included in the released modules have been +tested and verified to work with the released code. No other guarantee is made +about the compatibility of other dependencies. + ## Documentation Each (non-internal, non-test) package must be documented using @@ -222,6 +261,10 @@ For a non-comprehensive but foundational overview of these best practices the [Effective Go](https://golang.org/doc/effective_go.html) documentation is an excellent starting place. +We also recommend following the +[Go Code Review Comments](https://go.dev/wiki/CodeReviewComments) +that collects common comments made during reviews of Go code. + As a convenience for developers building this project the `make precommit` will format, lint, validate, and in some cases fix the changes you plan to submit. This check will need to pass for your changes to be able to be @@ -575,6 +618,10 @@ See also: ### Testing +We allow using [`testify`](https://github.com/stretchr/testify) even though +it is seen as non-idiomatic according to +the [Go Test Comments](https://go.dev/wiki/TestComments#assert-libraries) page. + The tests should never leak goroutines. Use the term `ConcurrentSafe` in the test name when it aims to verify the @@ -587,8 +634,8 @@ is not in their root name. The use of internal packages should be scoped to a single module. A sub-module should never import from a parent internal package. This creates a coupling -between the two modules where a user can upgrade the parent without the child -and if the internal package API has changed it will fail to upgrade[^3]. +between the two modules where a user can upgrade the parent without the child, +and if the internal package API has changed, it will fail to upgrade[^3]. There are two known exceptions to this rule: @@ -609,7 +656,7 @@ this. ### Ignoring context cancellation -OpenTelemetry API implementations need to ignore the cancellation of the context that are +OpenTelemetry API implementations need to ignore the cancellation of the context that is passed when recording a value (e.g. starting a span, recording a measurement, emitting a log). Recording methods should not return an error describing the cancellation state of the context when they complete, nor should they abort any work. @@ -627,32 +674,478 @@ force flushing telemetry, shutting down a signal provider) the context cancellat should be honored. This means all work done on behalf of the user provided context should be canceled. +### Observability + +OpenTelemetry Go SDK components should be instrumented to enable users observability for the health and performance of the telemetry pipeline itself. +This allows operators to understand how well their observability infrastructure is functioning and to identify potential issues before they impact their applications. + +This section outlines the best practices for building instrumentation in OpenTelemetry Go SDK components. + +#### Environment Variable Activation + +Observability features are currently experimental. +They should be disabled by default and activated through the `OTEL_GO_X_OBSERVABILITY` environment variable. +This follows the established experimental feature pattern used throughout the SDK. + +Components should check for this environment variable using a consistent pattern: + +```go +import "go.opentelemetry.io/otel/*/internal/x" + +if x.Observability.Enabled() { + // Initialize observability metrics +} +``` + +**References**: + +- [stdouttrace exporter](./exporters/stdout/stdouttrace/internal/x/x.go) +- [sdk](./sdk/internal/x/x.go) + +#### Encapsulation + +Instrumentation should be encapsulated within a dedicated `struct` (e.g. `instrumentation`). +It should not be mixed into the instrumented component. + +Prefer this: + +```go +type SDKComponent struct { + inst *instrumentation +} + +type instrumentation struct { + inflight otelconv.SDKComponentInflight + exported otelconv.SDKComponentExported +} +``` + +To this: + +```go +// ⌠Avoid this pattern. +type SDKComponent struct { + /* other SDKComponent fields... */ + + inflight otelconv.SDKComponentInflight + exported otelconv.SDKComponentExported +} +``` + +The instrumentation code should not bloat the code being instrumented. +Likely, this means its own file, or its own package if it is complex or reused. + +#### Initialization + +Instrumentation setup should be explicit, side-effect free, and local to the relevant component. +Avoid relying on global or implicit [side effects][side-effect] for initialization. + +Encapsulate setup in constructor functions, ensuring clear ownership and scope: + +```go +import ( + "errors" + + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" + "go.opentelemetry.io/otel/semconv/v1.37.0/otelconv" +) + +type SDKComponent struct { + inst *instrumentation +} + +func NewSDKComponent(config Config) (*SDKComponent, error) { + inst, err := newInstrumentation() + if err != nil { + return nil, err + } + return &SDKComponent{inst: inst}, nil +} + +type instrumentation struct { + inflight otelconv.SDKComponentInflight + exported otelconv.SDKComponentExported +} + +func newInstrumentation() (*instrumentation, error) { + if !x.Observability.Enabled() { + return nil, nil + } + + meter := otel.GetMeterProvider().Meter( + "", + metric.WithInstrumentationVersion(sdk.Version()), + metric.WithSchemaURL(semconv.SchemaURL), + ) + + inst := &instrumentation{} + + var err, e error + inst.inflight, e = otelconv.NewSDKComponentInflight(meter) + err = errors.Join(err, e) + + inst.exported, e = otelconv.NewSDKComponentExported(meter) + err = errors.Join(err, e) + + return inst, err +} +``` + +```go +// ⌠Avoid this pattern. +func (c *Component) initObservability() { + // Initialize observability metrics + if !x.Observability.Enabled() { + return + } + + // Initialize observability metrics + c.inst = &instrumentation{/* ... */} +} +``` + +[side-effect]: https://en.wikipedia.org/wiki/Side_effect_(computer_science) + +#### Performance + +When observability is disabled there should be little to no overhead. + +```go +func (e *Exporter) ExportSpans(ctx context.Context, spans []trace.ReadOnlySpan) error { + if e.inst != nil { + attrs := expensiveOperation() + e.inst.recordSpanInflight(ctx, int64(len(spans)), attrs...) + } + // Export spans... +} +``` + +```go +// ⌠Avoid this pattern. +func (e *Exporter) ExportSpans(ctx context.Context, spans []trace.ReadOnlySpan) error { + attrs := expensiveOperation() + e.inst.recordSpanInflight(ctx, int64(len(spans)), attrs...) + // Export spans... +} + +func (i *instrumentation) recordSpanInflight(ctx context.Context, count int64, attrs ...attribute.KeyValue) { + if i == nil || i.inflight == nil { + return + } + i.inflight.Add(ctx, count, metric.WithAttributes(attrs...)) +} +``` + +When observability is enabled, the instrumentation code paths should be optimized to reduce allocation and computation overhead. + +##### Attribute and Option Allocation Management + +Pool attribute slices and options with [`sync.Pool`] to minimize allocations in measurement calls with dynamic attributes. + +```go +var ( + attrPool = sync.Pool{ + New: func() any { + // Pre-allocate common capacity + knownCap := 8 // Adjust based on expected usage + s := make([]attribute.KeyValue, 0, knownCap) + // Return a pointer to avoid extra allocation on Put(). + return &s + }, + } + + addOptPool = &sync.Pool{ + New: func() any { + const n = 1 // WithAttributeSet + o := make([]metric.AddOption, 0, n) + // Return a pointer to avoid extra allocation on Put(). + return &o + }, + } +) + +func (i *instrumentation) record(ctx context.Context, value int64, baseAttrs ...attribute.KeyValue) { + attrs := attrPool.Get().(*[]attribute.KeyValue) + defer func() { + *attrs = (*attrs)[:0] // Reset. + attrPool.Put(attrs) + }() + + *attrs = append(*attrs, baseAttrs...) + // Add any dynamic attributes. + *attrs = append(*attrs, semconv.OTelComponentName("exporter-1")) + + addOpt := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *addOpt = (*addOpt)[:0] + addOptPool.Put(addOpt) + }() + + set := attribute.NewSet(*attrs...) + *addOpt = append(*addOpt, metric.WithAttributeSet(set)) + + i.counter.Add(ctx, value, *addOpt...) +} +``` + +Pools are most effective when there are many pooled objects of the same sufficiently large size, and the objects are repeatedly used. +This amortizes the cost of allocation and synchronization. +Ideally, the pools should be scoped to be used as widely as possible within the component to maximize this efficiency while still ensuring correctness. + +[`sync.Pool`]: https://pkg.go.dev/sync#Pool + +##### Cache common attribute sets for repeated measurements + +If a static set of attributes are used for measurements and they are known at compile time, pre-compute and cache these attributes. + +```go +type spanLiveSetKey struct { + sampled bool +} + +var spanLiveSetCache = map[spanLiveSetKey]attribute.Set{ + {true}: attribute.NewSet( + otelconv.SDKSpanLive{}.AttrSpanSamplingResult( + otelconv.SpanSamplingResultRecordAndSample, + ), + ), + {false}: attribute.NewSet( + otelconv.SDKSpanLive{}.AttrSpanSamplingResult( + otelconv.SpanSamplingResultRecordOnly, + ), + ), +} + +func spanLiveSet(sampled bool) attribute.Set { + key := spanLiveSetKey{sampled: sampled} + return spanLiveSetCache[key] +} +``` + +##### Benchmarking + +Always provide benchmarks when introducing or refactoring instrumentation. +Demonstrate the impact (allocs/op, B/op, ns/op) in enabled/disabled scenarios: + +```go +func BenchmarkExportSpans(b *testing.B) { + scenarios := []struct { + name string + obsEnabled bool + }{ + {"ObsDisabled", false}, + {"ObsEnabled", true}, + } + + for _, scenario := range scenarios { + b.Run(scenario.name, func(b *testing.B) { + b.Setenv( + "OTEL_GO_X_OBSERVABILITY", + strconv.FormatBool(scenario.obsEnabled), + ) + + exporter := NewExporter() + spans := generateTestSpans(100) + + b.ResetTimer() + b.ReportAllocs() + + for i := 0; i < b.N; i++ { + _ = exporter.ExportSpans(context.Background(), spans) + } + }) + } +} +``` + +#### Error Handling and Robustness + +Errors should be reported back to the caller if possible, and partial failures should be handled as gracefully as possible. + +```go +func newInstrumentation() (*instrumentation, error) { + if !x.Observability.Enabled() { + return nil, nil + } + + m := otel.GetMeterProvider().Meter(/* initialize meter */) + counter, err := otelconv.NewSDKComponentCounter(m) + // Use the partially initialized counter if available. + i := &instrumentation{counter: counter} + // Return any error to the caller. + return i, err +} +``` + +```go +// ⌠Avoid this pattern. +func newInstrumentation() *instrumentation { + if !x.Observability.Enabled() { + return nil, nil + } + + m := otel.GetMeterProvider().Meter(/* initialize meter */) + counter, err := otelconv.NewSDKComponentCounter(m) + if err != nil { + // ⌠Do not dump the error to the OTel Handler. Return it to the + // caller. + otel.Handle(err) + // ⌠Do not return nil if we can still use the partially initialized + // counter. + return nil + } + return &instrumentation{counter: counter} +} +``` + +If the instrumented component cannot report the error to the user, let it report the error to `otel.Handle`. + +#### Context Propagation + +Ensure observability measurements receive the correct context, especially for trace exemplars and distributed context: + +```go +func (e *Exporter) ExportSpans(ctx context.Context, spans []trace.ReadOnlySpan) error { + // Use the provided context for observability measurements + e.inst.recordSpanExportStarted(ctx, len(spans)) + + err := e.doExport(ctx, spans) + + if err != nil { + e.inst.recordSpanExportFailed(ctx, len(spans), err) + } else { + e.inst.recordSpanExportSucceeded(ctx, len(spans)) + } + + return err +} +``` + +```go +// ⌠Avoid this pattern. +func (e *Exporter) ExportSpans(ctx context.Context, spans []trace.ReadOnlySpan) error { + // ⌠Do not break the context propagation. + e.inst.recordSpanExportStarted(context.Background(), len(spans)) + + err := e.doExport(ctx, spans) + + /* ... */ + + return err +} +``` + +#### Semantic Conventions Compliance + +All observability metrics should follow the [OpenTelemetry Semantic Conventions for SDK metrics](https://github.com/open-telemetry/semantic-conventions/blob/1cf2476ae5e518225a766990a28a6d5602bd5a30/docs/otel/sdk-metrics.md). + +Use the metric semantic conventions convenience package [otelconv](./semconv/v1.37.0/otelconv/metric.go). + +##### Component Identification + +Component names and types should follow [semantic convention](https://github.com/open-telemetry/semantic-conventions/blob/1cf2476ae5e518225a766990a28a6d5602bd5a30/docs/registry/attributes/otel.md#otel-component-attributes). + +If a component is not a well-known type specified in the semantic conventions, use the package path scope type as a stable identifier. + +```go +componentType := "go.opentelemetry.io/otel/sdk/trace.Span" +``` + +```go +// ⌠Do not do this. +componentType := "trace-span" +``` + +The component name should be a stable unique identifier for the specific instance of the component. + +Use a global counter to ensure uniqueness if necessary. + +```go +// Unique 0-based ID counter for component instances. +var componentIDCounter atomic.Int64 + +// nextID returns the next unique ID for a component. +func nextID() int64 { + return componentIDCounter.Add(1) - 1 +} + +// componentName returns a unique name for the component instance. +func componentName() attribute.KeyValue { + id := nextID() + name := fmt.Sprintf("%s/%d", componentType, id) + return semconv.OTelComponentName(name) +} +``` + +The component ID will need to be resettable for deterministic testing. +If tests are in a different package than the component being tested (i.e. a `_test` package name), use a generated `counter` internal package to manage the counter. +See [stdouttrace exporter example](./exporters/stdout/stdouttrace/internal/gen.go) for reference. + +#### Testing + +Use deterministic testing with isolated state: + +```go +func TestObservability(t *testing.T) { + // Restore state after test to ensure this does not affect other tests. + prev := otel.GetMeterProvider() + t.Cleanup(func() { otel.SetMeterProvider(prev) }) + + // Isolate the meter provider for deterministic testing + reader := metric.NewManualReader() + meterProvider := metric.NewMeterProvider(metric.WithReader(reader)) + otel.SetMeterProvider(meterProvider) + + // Use t.Setenv to ensure environment variable is restored after test. + t.Setenv("OTEL_GO_X_OBSERVABILITY", "true") + + // Reset component ID counter to ensure deterministic component names. + componentIDCounter.Store(0) + + /* ... test code ... */ +} +``` + +Test order should not affect results. +Ensure that any global state (e.g. component ID counters) is reset between tests. + ## Approvers and Maintainers -### Triagers +### Maintainers + +- [Damien Mathieu](https://github.com/dmathieu), Elastic ([GPG](https://keys.openpgp.org/search?q=5A126B972A81A6CE443E5E1B408B8E44F0873832)) +- [David Ashpole](https://github.com/dashpole), Google ([GPG](https://keys.openpgp.org/search?q=C0D1BDDCAAEAE573673085F176327DA4D864DC70)) +- [Robert PajÄ…k](https://github.com/pellared), Splunk ([GPG](https://keys.openpgp.org/search?q=CDAD3A60476A3DE599AA5092E5F7C35A4DBE90C2)) +- [Sam Xie](https://github.com/XSAM), Splunk ([GPG](https://keys.openpgp.org/search?q=AEA033782371ABB18EE39188B8044925D6FEEBEA)) +- [Tyler Yahn](https://github.com/MrAlias), Splunk ([GPG](https://keys.openpgp.org/search?q=0x46B0F3E1A8B1BA5A)) -- [Cheng-Zhen Yang](https://github.com/scorpionknifes), Independent +For more information about the maintainer role, see the [community repository](https://github.com/open-telemetry/community/blob/main/guides/contributor/membership.md#maintainer). ### Approvers -### Maintainers +- [Flc](https://github.com/flc1125), Independent -- [Damien Mathieu](https://github.com/dmathieu), Elastic -- [David Ashpole](https://github.com/dashpole), Google -- [Robert PajÄ…k](https://github.com/pellared), Splunk -- [Sam Xie](https://github.com/XSAM), Cisco/AppDynamics -- [Tyler Yahn](https://github.com/MrAlias), Splunk +For more information about the approver role, see the [community repository](https://github.com/open-telemetry/community/blob/main/guides/contributor/membership.md#approver). + +### Triagers + +- [Alex Kats](https://github.com/akats7), Capital One + +For more information about the triager role, see the [community repository](https://github.com/open-telemetry/community/blob/main/guides/contributor/membership.md#triager). ### Emeritus - [Aaron Clawson](https://github.com/MadVikingGod) - [Anthony Mirabella](https://github.com/Aneurysm9) +- [Cheng-Zhen Yang](https://github.com/scorpionknifes) - [Chester Cheung](https://github.com/hanyuancheung) - [Evan Torrie](https://github.com/evantorrie) - [Gustavo Silva Paiva](https://github.com/paivagustavo) - [Josh MacDonald](https://github.com/jmacd) - [Liz Fong-Jones](https://github.com/lizthegrey) +For more information about the emeritus role, see the [community repository](https://github.com/open-telemetry/community/blob/main/guides/contributor/membership.md#emeritus-maintainerapprovertriager). + ### Become an Approver or a Maintainer See the [community membership document in OpenTelemetry community diff --git a/vendor/go.opentelemetry.io/otel/LICENSE b/vendor/go.opentelemetry.io/otel/LICENSE index 261eeb9e9..f1aee0f11 100644 --- a/vendor/go.opentelemetry.io/otel/LICENSE +++ b/vendor/go.opentelemetry.io/otel/LICENSE @@ -199,3 +199,33 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +-------------------------------------------------------------------------------- + +Copyright 2009 The Go Authors. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google LLC nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile index a7f6d8cc6..44870248c 100644 --- a/vendor/go.opentelemetry.io/otel/Makefile +++ b/vendor/go.opentelemetry.io/otel/Makefile @@ -11,6 +11,10 @@ ALL_COVERAGE_MOD_DIRS := $(shell find . -type f -name 'go.mod' -exec dirname {} GO = go TIMEOUT = 60 +# User to run as in docker images. +DOCKER_USER=$(shell id -u):$(shell id -g) +DEPENDENCIES_DOCKERFILE=./dependencies.Dockerfile + .DEFAULT_GOAL := precommit .PHONY: precommit ci @@ -30,17 +34,17 @@ $(TOOLS)/%: $(TOOLS_MOD_DIR)/go.mod | $(TOOLS) MULTIMOD = $(TOOLS)/multimod $(TOOLS)/multimod: PACKAGE=go.opentelemetry.io/build-tools/multimod -SEMCONVGEN = $(TOOLS)/semconvgen -$(TOOLS)/semconvgen: PACKAGE=go.opentelemetry.io/build-tools/semconvgen - CROSSLINK = $(TOOLS)/crosslink $(TOOLS)/crosslink: PACKAGE=go.opentelemetry.io/build-tools/crosslink SEMCONVKIT = $(TOOLS)/semconvkit $(TOOLS)/semconvkit: PACKAGE=go.opentelemetry.io/otel/$(TOOLS_MOD_DIR)/semconvkit +VERIFYREADMES = $(TOOLS)/verifyreadmes +$(TOOLS)/verifyreadmes: PACKAGE=go.opentelemetry.io/otel/$(TOOLS_MOD_DIR)/verifyreadmes + GOLANGCI_LINT = $(TOOLS)/golangci-lint -$(TOOLS)/golangci-lint: PACKAGE=github.com/golangci/golangci-lint/cmd/golangci-lint +$(TOOLS)/golangci-lint: PACKAGE=github.com/golangci/golangci-lint/v2/cmd/golangci-lint MISSPELL = $(TOOLS)/misspell $(TOOLS)/misspell: PACKAGE=github.com/client9/misspell/cmd/misspell @@ -64,7 +68,7 @@ GOVULNCHECK = $(TOOLS)/govulncheck $(TOOLS)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck .PHONY: tools -tools: $(CROSSLINK) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE) +tools: $(CROSSLINK) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(VERIFYREADMES) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE) # Virtualized python tools via docker @@ -81,20 +85,20 @@ PIP := $(PYTOOLS)/pip WORKDIR := /workdir # The python image to use for the virtual environment. -PYTHONIMAGE := python:3.11.3-slim-bullseye +PYTHONIMAGE := $(shell awk '$$4=="python" {print $$2}' $(DEPENDENCIES_DOCKERFILE)) # Run the python image with the current directory mounted. -DOCKERPY := docker run --rm -v "$(CURDIR):$(WORKDIR)" -w $(WORKDIR) $(PYTHONIMAGE) +DOCKERPY := docker run --rm -u $(DOCKER_USER) -v "$(CURDIR):$(WORKDIR)" -w $(WORKDIR) $(PYTHONIMAGE) # Create a virtual environment for Python tools. $(PYTOOLS): # The `--upgrade` flag is needed to ensure that the virtual environment is # created with the latest pip version. - @$(DOCKERPY) bash -c "python3 -m venv $(VENVDIR) && $(PIP) install --upgrade pip" + @$(DOCKERPY) bash -c "python3 -m venv $(VENVDIR) && $(PIP) install --upgrade --cache-dir=$(WORKDIR)/.cache/pip pip" # Install python packages into the virtual environment. $(PYTOOLS)/%: $(PYTOOLS) - @$(DOCKERPY) $(PIP) install -r requirements.txt + @$(DOCKERPY) $(PIP) install --cache-dir=$(WORKDIR)/.cache/pip -r requirements.txt CODESPELL = $(PYTOOLS)/codespell $(CODESPELL): PACKAGE=codespell @@ -119,7 +123,7 @@ vanity-import-fix: $(PORTO) # Generate go.work file for local development. .PHONY: go-work go-work: $(CROSSLINK) - $(CROSSLINK) work --root=$(shell pwd) + $(CROSSLINK) work --root=$(shell pwd) --go=1.22.7 # Build @@ -142,11 +146,12 @@ build-tests/%: # Tests -TEST_TARGETS := test-default test-bench test-short test-verbose test-race test-concurrent-safe +TEST_TARGETS := test-default test-bench test-short test-verbose test-race test-concurrent-safe test-fuzz .PHONY: $(TEST_TARGETS) test test-default test-race: ARGS=-race test-bench: ARGS=-run=xxxxxMatchNothingxxxxx -test.benchtime=1ms -bench=. test-short: ARGS=-short +test-fuzz: ARGS=-fuzztime=10s -fuzz test-verbose: ARGS=-v -race test-concurrent-safe: ARGS=-run=ConcurrentSafe -count=100 -race test-concurrent-safe: TIMEOUT=120 @@ -209,11 +214,8 @@ go-mod-tidy/%: crosslink && cd $(DIR) \ && $(GO) mod tidy -compat=1.21 -.PHONY: lint-modules -lint-modules: go-mod-tidy - .PHONY: lint -lint: misspell lint-modules golangci-lint govulncheck +lint: misspell go-mod-tidy golangci-lint govulncheck .PHONY: vanity-import-check vanity-import-check: $(PORTO) @@ -265,14 +267,31 @@ check-clean-work-tree: exit 1; \ fi +# The weaver docker image to use for semconv-generate. +WEAVER_IMAGE := $(shell awk '$$4=="weaver" {print $$2}' $(DEPENDENCIES_DOCKERFILE)) + SEMCONVPKG ?= "semconv/" .PHONY: semconv-generate -semconv-generate: $(SEMCONVGEN) $(SEMCONVKIT) +semconv-generate: $(SEMCONVKIT) [ "$(TAG)" ] || ( echo "TAG unset: missing opentelemetry semantic-conventions tag"; exit 1 ) - [ "$(OTEL_SEMCONV_REPO)" ] || ( echo "OTEL_SEMCONV_REPO unset: missing path to opentelemetry semantic-conventions repo"; exit 1 ) - $(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=attribute_group -p conventionType=trace -f attribute_group.go -z "$(SEMCONVPKG)/capitalizations.txt" -t "$(SEMCONVPKG)/template.j2" -s "$(TAG)" - $(SEMCONVGEN) -i "$(OTEL_SEMCONV_REPO)/model/." --only=metric -f metric.go -t "$(SEMCONVPKG)/metric_template.j2" -s "$(TAG)" - $(SEMCONVKIT) -output "$(SEMCONVPKG)/$(TAG)" -tag "$(TAG)" + # Ensure the target directory for source code is available. + mkdir -p $(PWD)/$(SEMCONVPKG)/${TAG} + # Note: We mount a home directory for downloading/storing the semconv repository. + # Weaver will automatically clean the cache when finished, but the directories will remain. + mkdir -p ~/.weaver + docker run --rm \ + -u $(DOCKER_USER) \ + --env HOME=/tmp/weaver \ + --mount 'type=bind,source=$(PWD)/semconv/templates,target=/home/weaver/templates,readonly' \ + --mount 'type=bind,source=$(PWD)/semconv/${TAG},target=/home/weaver/target' \ + --mount 'type=bind,source=$(HOME)/.weaver,target=/tmp/weaver/.weaver' \ + $(WEAVER_IMAGE) registry generate \ + --registry=https://github.com/open-telemetry/semantic-conventions/archive/refs/tags/$(TAG).zip[model] \ + --templates=/home/weaver/templates \ + --param tag=$(TAG) \ + go \ + /home/weaver/target + $(SEMCONVKIT) -semconv "$(SEMCONVPKG)" -tag "$(TAG)" .PHONY: gorelease gorelease: $(OTEL_GO_MOD_DIRS:%=gorelease/%) @@ -298,10 +317,11 @@ add-tags: verify-mods @[ "${MODSET}" ] || ( echo ">> env var MODSET is not set"; exit 1 ) $(MULTIMOD) tag -m ${MODSET} -c ${COMMIT} +MARKDOWNIMAGE := $(shell awk '$$4=="markdown" {print $$2}' $(DEPENDENCIES_DOCKERFILE)) .PHONY: lint-markdown lint-markdown: - docker run -v "$(CURDIR):$(WORKDIR)" avtodev/markdown-lint:v1 -c $(WORKDIR)/.markdownlint.yaml $(WORKDIR)/**/*.md + docker run --rm -u $(DOCKER_USER) -v "$(CURDIR):$(WORKDIR)" $(MARKDOWNIMAGE) -c $(WORKDIR)/.markdownlint.yaml $(WORKDIR)/**/*.md .PHONY: verify-readmes -verify-readmes: - ./verify_readmes.sh +verify-readmes: $(VERIFYREADMES) + $(VERIFYREADMES) diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md index d9a192076..c63359543 100644 --- a/vendor/go.opentelemetry.io/otel/README.md +++ b/vendor/go.opentelemetry.io/otel/README.md @@ -4,6 +4,10 @@ [![codecov.io](https://codecov.io/gh/open-telemetry/opentelemetry-go/coverage.svg?branch=main)](https://app.codecov.io/gh/open-telemetry/opentelemetry-go?branch=main) [![PkgGoDev](https://pkg.go.dev/badge/go.opentelemetry.io/otel)](https://pkg.go.dev/go.opentelemetry.io/otel) [![Go Report Card](https://goreportcard.com/badge/go.opentelemetry.io/otel)](https://goreportcard.com/report/go.opentelemetry.io/otel) +[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/open-telemetry/opentelemetry-go/badge)](https://scorecard.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-go) +[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9996/badge)](https://www.bestpractices.dev/projects/9996) +[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/opentelemetry-go.svg)](https://issues.oss-fuzz.com/issues?q=project:opentelemetry-go) +[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fopen-telemetry%2Fopentelemetry-go.svg?type=shield&issueType=license)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fopen-telemetry%2Fopentelemetry-go?ref=badge_shield&issueType=license) [![Slack](https://img.shields.io/badge/slack-@cncf/otel--go-brightgreen.svg?logo=slack)](https://cloud-native.slack.com/archives/C01NPAXACKT) OpenTelemetry-Go is the [Go](https://golang.org/) implementation of [OpenTelemetry](https://opentelemetry.io/). @@ -49,20 +53,20 @@ Currently, this project supports the following environments. | OS | Go Version | Architecture | |----------|------------|--------------| -| Ubuntu | 1.23 | amd64 | -| Ubuntu | 1.22 | amd64 | -| Ubuntu | 1.23 | 386 | -| Ubuntu | 1.22 | 386 | -| Linux | 1.23 | arm64 | -| Linux | 1.22 | arm64 | -| macOS 13 | 1.23 | amd64 | -| macOS 13 | 1.22 | amd64 | -| macOS | 1.23 | arm64 | -| macOS | 1.22 | arm64 | -| Windows | 1.23 | amd64 | -| Windows | 1.22 | amd64 | -| Windows | 1.23 | 386 | -| Windows | 1.22 | 386 | +| Ubuntu | 1.25 | amd64 | +| Ubuntu | 1.24 | amd64 | +| Ubuntu | 1.25 | 386 | +| Ubuntu | 1.24 | 386 | +| Ubuntu | 1.25 | arm64 | +| Ubuntu | 1.24 | arm64 | +| macOS | 1.25 | amd64 | +| macOS | 1.24 | amd64 | +| macOS | 1.25 | arm64 | +| macOS | 1.24 | arm64 | +| Windows | 1.25 | amd64 | +| Windows | 1.24 | amd64 | +| Windows | 1.25 | 386 | +| Windows | 1.24 | 386 | While this project should work for other systems, no compatibility guarantees are made for those systems currently. diff --git a/vendor/go.opentelemetry.io/otel/RELEASING.md b/vendor/go.opentelemetry.io/otel/RELEASING.md index 4ebef4f9d..861756fd7 100644 --- a/vendor/go.opentelemetry.io/otel/RELEASING.md +++ b/vendor/go.opentelemetry.io/otel/RELEASING.md @@ -1,21 +1,22 @@ # Release Process +## Create a `Version Release` issue + +Create a `Version Release` issue to track the release process. + ## Semantic Convention Generation New versions of the [OpenTelemetry Semantic Conventions] mean new versions of the `semconv` package need to be generated. The `semconv-generate` make target is used for this. -1. Checkout a local copy of the [OpenTelemetry Semantic Conventions] to the desired release tag. -2. Pull the latest `otel/semconvgen` image: `docker pull otel/semconvgen:latest` -3. Run the `make semconv-generate ...` target from this repository. +1. Set the `TAG` environment variable to the semantic convention tag you want to generate. +2. Run the `make semconv-generate ...` target from this repository. For example, ```sh -export TAG="v1.21.0" # Change to the release version you are generating. -export OTEL_SEMCONV_REPO="/absolute/path/to/opentelemetry/semantic-conventions" -docker pull otel/semconvgen:latest -make semconv-generate # Uses the exported TAG and OTEL_SEMCONV_REPO. +export TAG="v1.30.0" # Change to the release version you are generating. +make semconv-generate # Uses the exported TAG. ``` This should create a new sub-package of [`semconv`](./semconv). @@ -23,7 +24,7 @@ Ensure things look correct before submitting a pull request to include the addit ## Breaking changes validation -You can run `make gorelease` that runs [gorelease](https://pkg.go.dev/golang.org/x/exp/cmd/gorelease) to ensure that there are no unwanted changes done in the public API. +You can run `make gorelease` which runs [gorelease](https://pkg.go.dev/golang.org/x/exp/cmd/gorelease) to ensure that there are no unwanted changes made in the public API. You can check/report problems with `gorelease` [here](https://golang.org/issues/26420). @@ -61,7 +62,7 @@ Update go.mod for submodules to depend on the new release which will happen in t ``` 3. Update the [Changelog](./CHANGELOG.md). - - Make sure all relevant changes for this release are included and are in language that non-contributors to the project can understand. + - Make sure all relevant changes for this release are included and are written in language that non-contributors to the project can understand. To verify this, you can look directly at the commits since the ``. ``` @@ -106,11 +107,50 @@ It is critical you make sure the version you push upstream is correct. ... ``` +## Sign artifacts + +To ensure we comply with CNCF best practices, we need to sign the release artifacts. + +Download the `.tar.gz` and `.zip` archives from the [tags page](https://github.com/open-telemetry/opentelemetry-go/tags) for the new release tag. +Both archives need to be signed with your GPG key. + +You can use [this script] to verify the contents of the archives before signing them. + +To find your GPG key ID, run: + +```terminal +gpg --list-secret-keys --keyid-format=long +``` + +The key ID is the 16-character string after `sec rsa4096/` (or similar). + +Set environment variables and sign both artifacts: + +```terminal +export VERSION="" # e.g., v1.32.0 +export KEY_ID="" + +gpg --local-user $KEY_ID --armor --detach-sign opentelemetry-go-$VERSION.tar.gz +gpg --local-user $KEY_ID --armor --detach-sign opentelemetry-go-$VERSION.zip +``` + +You can verify the signatures with: + +```terminal +gpg --verify opentelemetry-go-$VERSION.tar.gz.asc opentelemetry-go-$VERSION.tar.gz +gpg --verify opentelemetry-go-$VERSION.zip.asc opentelemetry-go-$VERSION.zip +``` + +[this script]: https://github.com/MrAlias/attest-sh + ## Release Finally create a Release for the new `` on GitHub. The release body should include all the release notes from the Changelog for this release. +***IMPORTANT***: GitHub Releases are immutable once created. +You must upload the signed artifacts (`.tar.gz`, `.tar.gz.asc`, `.zip`, and `.zip.asc`) when creating the release, as they cannot be added or modified later. + ## Post-Release ### Contrib Repository @@ -126,10 +166,16 @@ Importantly, bump any package versions referenced to be the latest one you just [Go instrumentation documentation]: https://opentelemetry.io/docs/languages/go/ [content/en/docs/languages/go]: https://github.com/open-telemetry/opentelemetry.io/tree/main/content/en/docs/languages/go -### Demo Repository +### Close the milestone + +Once a release is made, ensure all issues that were fixed and PRs that were merged as part of this release are added to the corresponding milestone. +This helps track what changes were included in each release. + +- To find issues that haven't been included in a milestone, use this [GitHub search query](https://github.com/open-telemetry/opentelemetry-go/issues?q=is%3Aissue%20no%3Amilestone%20is%3Aclosed%20sort%3Aupdated-desc%20reason%3Acompleted%20-label%3AStale%20linked%3Apr) +- To find merged PRs that haven't been included in a milestone, use this [GitHub search query](https://github.com/open-telemetry/opentelemetry-go/pulls?q=is%3Apr+no%3Amilestone+is%3Amerged). + +Once all related issues and PRs have been added to the milestone, close the milestone. -Bump the dependencies in the following Go services: +### Close the `Version Release` issue -- [`accounting`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/accounting) -- [`checkoutservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/checkout) -- [`productcatalogservice`](https://github.com/open-telemetry/opentelemetry-demo/tree/main/src/product-catalog) +Once the todo list in the `Version Release` issue is complete, close the issue. diff --git a/vendor/go.opentelemetry.io/otel/SECURITY-INSIGHTS.yml b/vendor/go.opentelemetry.io/otel/SECURITY-INSIGHTS.yml new file mode 100644 index 000000000..8041fc62e --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/SECURITY-INSIGHTS.yml @@ -0,0 +1,203 @@ +header: + schema-version: "1.0.0" + expiration-date: "2026-08-04T00:00:00.000Z" + last-updated: "2025-08-04" + last-reviewed: "2025-08-04" + commit-hash: 69e81088ad40f45a0764597326722dea8f3f00a8 + project-url: https://github.com/open-telemetry/opentelemetry-go + project-release: "v1.37.0" + changelog: https://github.com/open-telemetry/opentelemetry-go/blob/69e81088ad40f45a0764597326722dea8f3f00a8/CHANGELOG.md + license: https://github.com/open-telemetry/opentelemetry-go/blob/69e81088ad40f45a0764597326722dea8f3f00a8/LICENSE + +project-lifecycle: + status: active + bug-fixes-only: false + core-maintainers: + - https://github.com/dmathieu + - https://github.com/dashpole + - https://github.com/pellared + - https://github.com/XSAM + - https://github.com/MrAlias + release-process: | + See https://github.com/open-telemetry/opentelemetry-go/blob/69e81088ad40f45a0764597326722dea8f3f00a8/RELEASING.md + +contribution-policy: + accepts-pull-requests: true + accepts-automated-pull-requests: true + automated-tools-list: + - automated-tool: dependabot + action: allowed + comment: Automated dependency updates are accepted. + - automated-tool: renovatebot + action: allowed + comment: Automated dependency updates are accepted. + - automated-tool: opentelemetrybot + action: allowed + comment: Automated OpenTelemetry actions are accepted. + contributing-policy: https://github.com/open-telemetry/opentelemetry-go/blob/69e81088ad40f45a0764597326722dea8f3f00a8/CONTRIBUTING.md + code-of-conduct: https://github.com/open-telemetry/.github/blob/ffa15f76b65ec7bcc41f6a0b277edbb74f832206/CODE_OF_CONDUCT.md + +documentation: + - https://pkg.go.dev/go.opentelemetry.io/otel + - https://opentelemetry.io/docs/instrumentation/go/ + +distribution-points: + - pkg:golang/go.opentelemetry.io/otel + - pkg:golang/go.opentelemetry.io/otel/bridge/opencensus + - pkg:golang/go.opentelemetry.io/otel/bridge/opencensus/test + - pkg:golang/go.opentelemetry.io/otel/bridge/opentracing + - pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc + - pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp + - pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace + - pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc + - pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp + - pkg:golang/go.opentelemetry.io/otel/exporters/stdout/stdoutmetric + - pkg:golang/go.opentelemetry.io/otel/exporters/stdout/stdouttrace + - pkg:golang/go.opentelemetry.io/otel/exporters/zipkin + - pkg:golang/go.opentelemetry.io/otel/metric + - pkg:golang/go.opentelemetry.io/otel/sdk + - pkg:golang/go.opentelemetry.io/otel/sdk/metric + - pkg:golang/go.opentelemetry.io/otel/trace + - pkg:golang/go.opentelemetry.io/otel/exporters/prometheus + - pkg:golang/go.opentelemetry.io/otel/log + - pkg:golang/go.opentelemetry.io/otel/log/logtest + - pkg:golang/go.opentelemetry.io/otel/sdk/log + - pkg:golang/go.opentelemetry.io/otel/sdk/log/logtest + - pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc + - pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp + - pkg:golang/go.opentelemetry.io/otel/exporters/stdout/stdoutlog + - pkg:golang/go.opentelemetry.io/otel/schema + +security-artifacts: + threat-model: + threat-model-created: false + comment: | + No formal threat model created yet. + self-assessment: + self-assessment-created: false + comment: | + No formal self-assessment yet. + +security-testing: + - tool-type: sca + tool-name: Dependabot + tool-version: latest + tool-url: https://github.com/dependabot + tool-rulesets: + - built-in + integration: + ad-hoc: false + ci: true + before-release: true + comment: | + Automated dependency updates. + - tool-type: sast + tool-name: golangci-lint + tool-version: latest + tool-url: https://github.com/golangci/golangci-lint + tool-rulesets: + - built-in + integration: + ad-hoc: false + ci: true + before-release: true + comment: | + Static analysis in CI. + - tool-type: fuzzing + tool-name: OSS-Fuzz + tool-version: latest + tool-url: https://github.com/google/oss-fuzz + tool-rulesets: + - default + integration: + ad-hoc: false + ci: false + before-release: false + comment: | + OpenTelemetry Go is integrated with OSS-Fuzz for continuous fuzz testing. See https://github.com/google/oss-fuzz/tree/f0f9b221190c6063a773bea606d192ebfc3d00cf/projects/opentelemetry-go for more details. + - tool-type: sast + tool-name: CodeQL + tool-version: latest + tool-url: https://github.com/github/codeql + tool-rulesets: + - default + integration: + ad-hoc: false + ci: true + before-release: true + comment: | + CodeQL static analysis is run in CI for all commits and pull requests to detect security vulnerabilities in the Go source code. See https://github.com/open-telemetry/opentelemetry-go/blob/d5b5b059849720144a03ca5c87561bfbdb940119/.github/workflows/codeql-analysis.yml for workflow details. + - tool-type: sca + tool-name: govulncheck + tool-version: latest + tool-url: https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck + tool-rulesets: + - default + integration: + ad-hoc: false + ci: true + before-release: true + comment: | + govulncheck is run in CI to detect known vulnerabilities in Go modules and code paths. See https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/.github/workflows/ci.yml for workflow configuration. + +security-assessments: + - auditor-name: 7ASecurity + auditor-url: https://7asecurity.com + auditor-report: https://7asecurity.com/reports/pentest-report-opentelemetry.pdf + report-year: 2023 + comment: | + This independent penetration test by 7ASecurity covered OpenTelemetry repositories including opentelemetry-go. The assessment focused on codebase review, threat modeling, and vulnerability identification. See the report for details of findings and recommendations applicable to opentelemetry-go. No critical vulnerabilities were found for this repository. + +security-contacts: + - type: email + value: cncf-opentelemetry-security@lists.cncf.io + primary: true + - type: website + value: https://github.com/open-telemetry/opentelemetry-go/security/policy + primary: false + +vulnerability-reporting: + accepts-vulnerability-reports: true + email-contact: cncf-opentelemetry-security@lists.cncf.io + security-policy: https://github.com/open-telemetry/opentelemetry-go/security/policy + comment: | + Security issues should be reported via email or GitHub security policy page. + +dependencies: + third-party-packages: true + dependencies-lists: + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/bridge/opencensus/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/bridge/opencensus/test/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/bridge/opentracing/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/otlp/otlplog/otlploggrpc/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/otlp/otlplog/otlploghttp/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/otlp/otlpmetric/otlpmetricgrpc/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/otlp/otlpmetric/otlpmetrichttp/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/otlp/otlptrace/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/otlp/otlptrace/otlptracegrpc/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/otlp/otlptrace/otlptracehttp/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/prometheus/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/stdout/stdoutlog/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/stdout/stdoutmetric/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/stdout/stdouttrace/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/exporters/zipkin/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/internal/tools/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/log/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/log/logtest/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/metric/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/schema/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/sdk/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/sdk/log/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/sdk/log/logtest/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/sdk/metric/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/trace/go.mod + - https://github.com/open-telemetry/opentelemetry-go/blob/v1.37.0/trace/internal/telemetry/test/go.mod + dependencies-lifecycle: + policy-url: https://github.com/open-telemetry/opentelemetry-go/blob/69e81088ad40f45a0764597326722dea8f3f00a8/CONTRIBUTING.md + comment: | + Dependency lifecycle managed via go.mod and renovatebot. + env-dependencies-policy: + policy-url: https://github.com/open-telemetry/opentelemetry-go/blob/69e81088ad40f45a0764597326722dea8f3f00a8/CONTRIBUTING.md + comment: | + See contributing policy for environment usage. diff --git a/vendor/go.opentelemetry.io/otel/VERSIONING.md b/vendor/go.opentelemetry.io/otel/VERSIONING.md index b8cb605c1..b27c9e84f 100644 --- a/vendor/go.opentelemetry.io/otel/VERSIONING.md +++ b/vendor/go.opentelemetry.io/otel/VERSIONING.md @@ -83,7 +83,7 @@ is designed so the following goals can be achieved. in either the module path or the import path. * In addition to public APIs, telemetry produced by stable instrumentation will remain stable and backwards compatible. This is to avoid breaking - alerts and dashboard. + alerts and dashboards. * Modules will be used to encapsulate instrumentation, detectors, exporters, propagators, and any other independent sets of related components. * Experimental modules still under active development will be versioned at diff --git a/vendor/go.opentelemetry.io/otel/attribute/encoder.go b/vendor/go.opentelemetry.io/otel/attribute/encoder.go index 318e42fca..6cc1a1655 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/encoder.go +++ b/vendor/go.opentelemetry.io/otel/attribute/encoder.go @@ -16,7 +16,7 @@ type ( // set into a wire representation. Encoder interface { // Encode returns the serialized encoding of the attribute set using - // its Iterator. This result may be cached by a attribute.Set. + // its Iterator. This result may be cached by an attribute.Set. Encode(iterator Iterator) string // ID returns a value that is unique for each class of attribute @@ -78,7 +78,7 @@ func DefaultEncoder() Encoder { defaultEncoderOnce.Do(func() { defaultEncoderInstance = &defaultAttrEncoder{ pool: sync.Pool{ - New: func() interface{} { + New: func() any { return &bytes.Buffer{} }, }, @@ -96,11 +96,11 @@ func (d *defaultAttrEncoder) Encode(iter Iterator) string { for iter.Next() { i, keyValue := iter.IndexedAttribute() if i > 0 { - _, _ = buf.WriteRune(',') + _ = buf.WriteByte(',') } copyAndEscape(buf, string(keyValue.Key)) - _, _ = buf.WriteRune('=') + _ = buf.WriteByte('=') if keyValue.Value.Type() == STRING { copyAndEscape(buf, keyValue.Value.AsString()) @@ -122,14 +122,14 @@ func copyAndEscape(buf *bytes.Buffer, val string) { for _, ch := range val { switch ch { case '=', ',', escapeChar: - _, _ = buf.WriteRune(escapeChar) + _ = buf.WriteByte(escapeChar) } _, _ = buf.WriteRune(ch) } } -// Valid returns true if this encoder ID was allocated by -// `NewEncoderID`. Invalid encoder IDs will not be cached. +// Valid reports whether this encoder ID was allocated by +// [NewEncoderID]. Invalid encoder IDs will not be cached. func (id EncoderID) Valid() bool { return id.value != 0 } diff --git a/vendor/go.opentelemetry.io/otel/attribute/filter.go b/vendor/go.opentelemetry.io/otel/attribute/filter.go index be9cd922d..624ebbe38 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/filter.go +++ b/vendor/go.opentelemetry.io/otel/attribute/filter.go @@ -15,11 +15,11 @@ type Filter func(KeyValue) bool // // If keys is empty a deny-all filter is returned. func NewAllowKeysFilter(keys ...Key) Filter { - if len(keys) <= 0 { - return func(kv KeyValue) bool { return false } + if len(keys) == 0 { + return func(KeyValue) bool { return false } } - allowed := make(map[Key]struct{}) + allowed := make(map[Key]struct{}, len(keys)) for _, k := range keys { allowed[k] = struct{}{} } @@ -34,11 +34,11 @@ func NewAllowKeysFilter(keys ...Key) Filter { // // If keys is empty an allow-all filter is returned. func NewDenyKeysFilter(keys ...Key) Filter { - if len(keys) <= 0 { - return func(kv KeyValue) bool { return true } + if len(keys) == 0 { + return func(KeyValue) bool { return true } } - forbid := make(map[Key]struct{}) + forbid := make(map[Key]struct{}, len(keys)) for _, k := range keys { forbid[k] = struct{}{} } diff --git a/vendor/go.opentelemetry.io/otel/attribute/hash.go b/vendor/go.opentelemetry.io/otel/attribute/hash.go new file mode 100644 index 000000000..6aa69aeae --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/attribute/hash.go @@ -0,0 +1,92 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package attribute // import "go.opentelemetry.io/otel/attribute" + +import ( + "fmt" + "reflect" + + "go.opentelemetry.io/otel/attribute/internal/xxhash" +) + +// Type identifiers. These identifiers are hashed before the value of the +// corresponding type. This is done to distinguish values that are hashed with +// the same value representation (e.g. `int64(1)` and `true`, []int64{0} and +// int64(0)). +// +// These are all 8 byte length strings converted to a uint64 representation. A +// uint64 is used instead of the string directly as an optimization, it avoids +// the for loop in [xxhash] which adds minor overhead. +const ( + boolID uint64 = 7953749933313450591 // "_boolean" (little endian) + int64ID uint64 = 7592915492740740150 // "64_bit_i" (little endian) + float64ID uint64 = 7376742710626956342 // "64_bit_f" (little endian) + stringID uint64 = 6874584755375207263 // "_string_" (little endian) + boolSliceID uint64 = 6875993255270243167 // "_[]bool_" (little endian) + int64SliceID uint64 = 3762322556277578591 // "_[]int64" (little endian) + float64SliceID uint64 = 7308324551835016539 // "[]double" (little endian) + stringSliceID uint64 = 7453010373645655387 // "[]string" (little endian) +) + +// hashKVs returns a new xxHash64 hash of kvs. +func hashKVs(kvs []KeyValue) uint64 { + h := xxhash.New() + for _, kv := range kvs { + h = hashKV(h, kv) + } + return h.Sum64() +} + +// hashKV returns the xxHash64 hash of kv with h as the base. +func hashKV(h xxhash.Hash, kv KeyValue) xxhash.Hash { + h = h.String(string(kv.Key)) + + switch kv.Value.Type() { + case BOOL: + h = h.Uint64(boolID) + h = h.Uint64(kv.Value.numeric) + case INT64: + h = h.Uint64(int64ID) + h = h.Uint64(kv.Value.numeric) + case FLOAT64: + h = h.Uint64(float64ID) + // Assumes numeric stored with math.Float64bits. + h = h.Uint64(kv.Value.numeric) + case STRING: + h = h.Uint64(stringID) + h = h.String(kv.Value.stringly) + case BOOLSLICE: + h = h.Uint64(boolSliceID) + rv := reflect.ValueOf(kv.Value.slice) + for i := 0; i < rv.Len(); i++ { + h = h.Bool(rv.Index(i).Bool()) + } + case INT64SLICE: + h = h.Uint64(int64SliceID) + rv := reflect.ValueOf(kv.Value.slice) + for i := 0; i < rv.Len(); i++ { + h = h.Int64(rv.Index(i).Int()) + } + case FLOAT64SLICE: + h = h.Uint64(float64SliceID) + rv := reflect.ValueOf(kv.Value.slice) + for i := 0; i < rv.Len(); i++ { + h = h.Float64(rv.Index(i).Float()) + } + case STRINGSLICE: + h = h.Uint64(stringSliceID) + rv := reflect.ValueOf(kv.Value.slice) + for i := 0; i < rv.Len(); i++ { + h = h.String(rv.Index(i).String()) + } + case INVALID: + default: + // Logging is an alternative, but using the internal logger here + // causes an import cycle so it is not done. + v := kv.Value.AsInterface() + msg := fmt.Sprintf("unknown value type: %[1]v (%[1]T)", v) + panic(msg) + } + return h +} diff --git a/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go b/vendor/go.opentelemetry.io/otel/attribute/internal/attribute.go similarity index 84% rename from vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go rename to vendor/go.opentelemetry.io/otel/attribute/internal/attribute.go index 691d96c75..087550430 100644 --- a/vendor/go.opentelemetry.io/otel/internal/attribute/attribute.go +++ b/vendor/go.opentelemetry.io/otel/attribute/internal/attribute.go @@ -5,14 +5,14 @@ Package attribute provide several helper functions for some commonly used logic of processing attributes. */ -package attribute // import "go.opentelemetry.io/otel/internal/attribute" +package attribute // import "go.opentelemetry.io/otel/attribute/internal" import ( "reflect" ) // BoolSliceValue converts a bool slice into an array with same elements as slice. -func BoolSliceValue(v []bool) interface{} { +func BoolSliceValue(v []bool) any { var zero bool cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(zero))).Elem() reflect.Copy(cp, reflect.ValueOf(v)) @@ -20,7 +20,7 @@ func BoolSliceValue(v []bool) interface{} { } // Int64SliceValue converts an int64 slice into an array with same elements as slice. -func Int64SliceValue(v []int64) interface{} { +func Int64SliceValue(v []int64) any { var zero int64 cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(zero))).Elem() reflect.Copy(cp, reflect.ValueOf(v)) @@ -28,7 +28,7 @@ func Int64SliceValue(v []int64) interface{} { } // Float64SliceValue converts a float64 slice into an array with same elements as slice. -func Float64SliceValue(v []float64) interface{} { +func Float64SliceValue(v []float64) any { var zero float64 cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(zero))).Elem() reflect.Copy(cp, reflect.ValueOf(v)) @@ -36,7 +36,7 @@ func Float64SliceValue(v []float64) interface{} { } // StringSliceValue converts a string slice into an array with same elements as slice. -func StringSliceValue(v []string) interface{} { +func StringSliceValue(v []string) any { var zero string cp := reflect.New(reflect.ArrayOf(len(v), reflect.TypeOf(zero))).Elem() reflect.Copy(cp, reflect.ValueOf(v)) @@ -44,7 +44,7 @@ func StringSliceValue(v []string) interface{} { } // AsBoolSlice converts a bool array into a slice into with same elements as array. -func AsBoolSlice(v interface{}) []bool { +func AsBoolSlice(v any) []bool { rv := reflect.ValueOf(v) if rv.Type().Kind() != reflect.Array { return nil @@ -57,7 +57,7 @@ func AsBoolSlice(v interface{}) []bool { } // AsInt64Slice converts an int64 array into a slice into with same elements as array. -func AsInt64Slice(v interface{}) []int64 { +func AsInt64Slice(v any) []int64 { rv := reflect.ValueOf(v) if rv.Type().Kind() != reflect.Array { return nil @@ -70,7 +70,7 @@ func AsInt64Slice(v interface{}) []int64 { } // AsFloat64Slice converts a float64 array into a slice into with same elements as array. -func AsFloat64Slice(v interface{}) []float64 { +func AsFloat64Slice(v any) []float64 { rv := reflect.ValueOf(v) if rv.Type().Kind() != reflect.Array { return nil @@ -83,7 +83,7 @@ func AsFloat64Slice(v interface{}) []float64 { } // AsStringSlice converts a string array into a slice into with same elements as array. -func AsStringSlice(v interface{}) []string { +func AsStringSlice(v any) []string { rv := reflect.ValueOf(v) if rv.Type().Kind() != reflect.Array { return nil diff --git a/vendor/go.opentelemetry.io/otel/attribute/internal/xxhash/xxhash.go b/vendor/go.opentelemetry.io/otel/attribute/internal/xxhash/xxhash.go new file mode 100644 index 000000000..113a97838 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/attribute/internal/xxhash/xxhash.go @@ -0,0 +1,64 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package xxhash provides a wrapper around the xxhash library for attribute hashing. +package xxhash // import "go.opentelemetry.io/otel/attribute/internal/xxhash" + +import ( + "encoding/binary" + "math" + + "github.com/cespare/xxhash/v2" +) + +// Hash wraps xxhash.Digest to provide an API friendly for hashing attribute values. +type Hash struct { + d *xxhash.Digest +} + +// New returns a new initialized xxHash64 hasher. +func New() Hash { + return Hash{d: xxhash.New()} +} + +func (h Hash) Uint64(val uint64) Hash { + var buf [8]byte + binary.LittleEndian.PutUint64(buf[:], val) + // errors from Write are always nil for xxhash + // if it returns an err then panic + _, err := h.d.Write(buf[:]) + if err != nil { + panic("xxhash write of uint64 failed: " + err.Error()) + } + return h +} + +func (h Hash) Bool(val bool) Hash { // nolint:revive // This is a hashing function. + if val { + return h.Uint64(1) + } + return h.Uint64(0) +} + +func (h Hash) Float64(val float64) Hash { + return h.Uint64(math.Float64bits(val)) +} + +func (h Hash) Int64(val int64) Hash { + return h.Uint64(uint64(val)) // nolint:gosec // Overflow doesn't matter since we are hashing. +} + +func (h Hash) String(val string) Hash { + // errors from WriteString are always nil for xxhash + // if it returns an err then panic + _, err := h.d.WriteString(val) + if err != nil { + panic("xxhash write of string failed: " + err.Error()) + } + return h +} + +// Sum64 returns the current hash value. +func (h Hash) Sum64() uint64 { + return h.d.Sum64() +} diff --git a/vendor/go.opentelemetry.io/otel/attribute/iterator.go b/vendor/go.opentelemetry.io/otel/attribute/iterator.go index f2ba89ce4..8df6249f0 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/iterator.go +++ b/vendor/go.opentelemetry.io/otel/attribute/iterator.go @@ -25,8 +25,8 @@ type oneIterator struct { attr KeyValue } -// Next moves the iterator to the next position. Returns false if there are no -// more attributes. +// Next moves the iterator to the next position. +// Next reports whether there are more attributes. func (i *Iterator) Next() bool { i.idx++ return i.idx < i.Len() @@ -106,7 +106,8 @@ func (oi *oneIterator) advance() { } } -// Next returns true if there is another attribute available. +// Next moves the iterator to the next position. +// Next reports whether there is another attribute available. func (m *MergeIterator) Next() bool { if m.one.done && m.two.done { return false diff --git a/vendor/go.opentelemetry.io/otel/attribute/key.go b/vendor/go.opentelemetry.io/otel/attribute/key.go index d9a22c650..80a9e5643 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/key.go +++ b/vendor/go.opentelemetry.io/otel/attribute/key.go @@ -117,7 +117,7 @@ func (k Key) StringSlice(v []string) KeyValue { } } -// Defined returns true for non-empty keys. +// Defined reports whether the key is not empty. func (k Key) Defined() bool { return len(k) != 0 } diff --git a/vendor/go.opentelemetry.io/otel/attribute/kv.go b/vendor/go.opentelemetry.io/otel/attribute/kv.go index 3028f9a40..8c6928ca7 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/kv.go +++ b/vendor/go.opentelemetry.io/otel/attribute/kv.go @@ -13,7 +13,7 @@ type KeyValue struct { Value Value } -// Valid returns if kv is a valid OpenTelemetry attribute. +// Valid reports whether kv is a valid OpenTelemetry attribute. func (kv KeyValue) Valid() bool { return kv.Key.Defined() && kv.Value.Type() != INVALID } diff --git a/vendor/go.opentelemetry.io/otel/attribute/rawhelpers.go b/vendor/go.opentelemetry.io/otel/attribute/rawhelpers.go new file mode 100644 index 000000000..5791c6e7a --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/attribute/rawhelpers.go @@ -0,0 +1,37 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package attribute // import "go.opentelemetry.io/otel/attribute" + +import ( + "math" +) + +func boolToRaw(b bool) uint64 { // nolint:revive // b is not a control flag. + if b { + return 1 + } + return 0 +} + +func rawToBool(r uint64) bool { + return r != 0 +} + +func int64ToRaw(i int64) uint64 { + // Assumes original was a valid int64 (overflow not checked). + return uint64(i) // nolint: gosec +} + +func rawToInt64(r uint64) int64 { + // Assumes original was a valid int64 (overflow not checked). + return int64(r) // nolint: gosec +} + +func float64ToRaw(f float64) uint64 { + return math.Float64bits(f) +} + +func rawToFloat64(r uint64) float64 { + return math.Float64frombits(r) +} diff --git a/vendor/go.opentelemetry.io/otel/attribute/set.go b/vendor/go.opentelemetry.io/otel/attribute/set.go index 6cbefcead..911d557ee 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/set.go +++ b/vendor/go.opentelemetry.io/otel/attribute/set.go @@ -9,6 +9,8 @@ import ( "reflect" "slices" "sort" + + "go.opentelemetry.io/otel/attribute/internal/xxhash" ) type ( @@ -23,19 +25,19 @@ type ( // the Equals method to ensure stable equivalence checking. // // Users should also use the Distinct returned from Equivalent as a map key - // instead of a Set directly. In addition to that type providing guarantees - // on stable equivalence, it may also provide performance improvements. + // instead of a Set directly. Set has relatively poor performance when used + // as a map key compared to Distinct. Set struct { - equivalent Distinct + hash uint64 + data any } - // Distinct is a unique identifier of a Set. + // Distinct is an identifier of a Set which is very likely to be unique. // - // Distinct is designed to be ensures equivalence stability: comparisons - // will return the save value across versions. For this reason, Distinct - // should always be used as a map key instead of a Set. + // Distinct should be used as a map key instead of a Set for to provide better + // performance for map operations. Distinct struct { - iface interface{} + hash uint64 } // Sortable implements sort.Interface, used for sorting KeyValue. @@ -46,15 +48,34 @@ type ( Sortable []KeyValue ) +// Compile time check these types remain comparable. +var ( + _ = isComparable(Set{}) + _ = isComparable(Distinct{}) +) + +func isComparable[T comparable](t T) T { return t } + var ( // keyValueType is used in computeDistinctReflect. keyValueType = reflect.TypeOf(KeyValue{}) - // emptySet is returned for empty attribute sets. - emptySet = &Set{ - equivalent: Distinct{ - iface: [0]KeyValue{}, - }, + // emptyHash is the hash of an empty set. + emptyHash = xxhash.New().Sum64() + + // userDefinedEmptySet is an empty set. It was mistakenly exposed to users + // as something they can assign to, so it must remain addressable and + // mutable. + // + // This is kept for backwards compatibility, but should not be used in new code. + userDefinedEmptySet = &Set{ + hash: emptyHash, + data: [0]KeyValue{}, + } + + emptySet = Set{ + hash: emptyHash, + data: [0]KeyValue{}, } ) @@ -62,33 +83,35 @@ var ( // // This is a convenience provided for optimized calling utility. func EmptySet() *Set { - return emptySet + // Continue to return the pointer to the user-defined empty set for + // backwards-compatibility. + // + // New code should not use this, instead use emptySet. + return userDefinedEmptySet } -// reflectValue abbreviates reflect.ValueOf(d). -func (d Distinct) reflectValue() reflect.Value { - return reflect.ValueOf(d.iface) -} +// Valid reports whether this value refers to a valid Set. +func (d Distinct) Valid() bool { return d.hash != 0 } -// Valid returns true if this value refers to a valid Set. -func (d Distinct) Valid() bool { - return d.iface != nil +// reflectValue abbreviates reflect.ValueOf(d). +func (l Set) reflectValue() reflect.Value { + return reflect.ValueOf(l.data) } // Len returns the number of attributes in this set. func (l *Set) Len() int { - if l == nil || !l.equivalent.Valid() { + if l == nil || l.hash == 0 { return 0 } - return l.equivalent.reflectValue().Len() + return l.reflectValue().Len() } // Get returns the KeyValue at ordered position idx in this set. func (l *Set) Get(idx int) (KeyValue, bool) { - if l == nil || !l.equivalent.Valid() { + if l == nil || l.hash == 0 { return KeyValue{}, false } - value := l.equivalent.reflectValue() + value := l.reflectValue() if idx >= 0 && idx < value.Len() { // Note: The Go compiler successfully avoids an allocation for @@ -101,10 +124,10 @@ func (l *Set) Get(idx int) (KeyValue, bool) { // Value returns the value of a specified key in this set. func (l *Set) Value(k Key) (Value, bool) { - if l == nil || !l.equivalent.Valid() { + if l == nil || l.hash == 0 { return Value{}, false } - rValue := l.equivalent.reflectValue() + rValue := l.reflectValue() vlen := rValue.Len() idx := sort.Search(vlen, func(idx int) bool { @@ -120,7 +143,7 @@ func (l *Set) Value(k Key) (Value, bool) { return Value{}, false } -// HasValue tests whether a key is defined in this set. +// HasValue reports whether a key is defined in this set. func (l *Set) HasValue(k Key) bool { if l == nil { return false @@ -144,20 +167,29 @@ func (l *Set) ToSlice() []KeyValue { return iter.ToSlice() } -// Equivalent returns a value that may be used as a map key. The Distinct type -// guarantees that the result will equal the equivalent. Distinct value of any +// Equivalent returns a value that may be used as a map key. Equal Distinct +// values are very likely to be equivalent attribute Sets. Distinct value of any // attribute set with the same elements as this, where sets are made unique by // choosing the last value in the input for any given key. func (l *Set) Equivalent() Distinct { - if l == nil || !l.equivalent.Valid() { - return emptySet.equivalent + if l == nil || l.hash == 0 { + return Distinct{hash: emptySet.hash} } - return l.equivalent + return Distinct{hash: l.hash} } -// Equals returns true if the argument set is equivalent to this set. +// Equals reports whether the argument set is equivalent to this set. func (l *Set) Equals(o *Set) bool { - return l.Equivalent() == o.Equivalent() + if l.Equivalent() != o.Equivalent() { + return false + } + if l == nil || l.hash == 0 { + l = &emptySet + } + if o == nil || o.hash == 0 { + o = &emptySet + } + return l.data == o.data } // Encoded returns the encoded form of this set, according to encoder. @@ -169,12 +201,6 @@ func (l *Set) Encoded(encoder Encoder) string { return encoder.Encode(l.Iter()) } -func empty() Set { - return Set{ - equivalent: emptySet.equivalent, - } -} - // NewSet returns a new Set. See the documentation for // NewSetWithSortableFiltered for more details. // @@ -204,7 +230,7 @@ func NewSetWithSortable(kvs []KeyValue, _ *Sortable) Set { func NewSetWithFiltered(kvs []KeyValue, filter Filter) (Set, []KeyValue) { // Check for empty set. if len(kvs) == 0 { - return empty(), nil + return emptySet, nil } // Stable sort so the following de-duplication can implement @@ -233,10 +259,10 @@ func NewSetWithFiltered(kvs []KeyValue, filter Filter) (Set, []KeyValue) { if filter != nil { if div := filteredToFront(kvs, filter); div != 0 { - return Set{equivalent: computeDistinct(kvs[div:])}, kvs[:div] + return newSet(kvs[div:]), kvs[:div] } } - return Set{equivalent: computeDistinct(kvs)}, nil + return newSet(kvs), nil } // NewSetWithSortableFiltered returns a new Set. @@ -316,7 +342,7 @@ func (l *Set) Filter(re Filter) (Set, []KeyValue) { if first == 0 { // It is safe to assume len(slice) >= 1 given we found at least one // attribute above that needs to be filtered out. - return Set{equivalent: computeDistinct(slice[1:])}, slice[:1] + return newSet(slice[1:]), slice[:1] } // Move the filtered slice[first] to the front (preserving order). @@ -326,25 +352,24 @@ func (l *Set) Filter(re Filter) (Set, []KeyValue) { // Do not re-evaluate re(slice[first+1:]). div := filteredToFront(slice[1:first+1], re) + 1 - return Set{equivalent: computeDistinct(slice[div:])}, slice[:div] + return newSet(slice[div:]), slice[:div] } -// computeDistinct returns a Distinct using either the fixed- or -// reflect-oriented code path, depending on the size of the input. The input -// slice is assumed to already be sorted and de-duplicated. -func computeDistinct(kvs []KeyValue) Distinct { - iface := computeDistinctFixed(kvs) - if iface == nil { - iface = computeDistinctReflect(kvs) +// newSet returns a new set based on the sorted and uniqued kvs. +func newSet(kvs []KeyValue) Set { + s := Set{ + hash: hashKVs(kvs), + data: computeDataFixed(kvs), } - return Distinct{ - iface: iface, + if s.data == nil { + s.data = computeDataReflect(kvs) } + return s } -// computeDistinctFixed computes a Distinct for small slices. It returns nil -// if the input is too large for this code path. -func computeDistinctFixed(kvs []KeyValue) interface{} { +// computeDataFixed computes a Set data for small slices. It returns nil if the +// input is too large for this code path. +func computeDataFixed(kvs []KeyValue) any { switch len(kvs) { case 1: return [1]KeyValue(kvs) @@ -371,9 +396,9 @@ func computeDistinctFixed(kvs []KeyValue) interface{} { } } -// computeDistinctReflect computes a Distinct using reflection, works for any -// size input. -func computeDistinctReflect(kvs []KeyValue) interface{} { +// computeDataReflect computes a Set data using reflection, works for any size +// input. +func computeDataReflect(kvs []KeyValue) any { at := reflect.New(reflect.ArrayOf(len(kvs), keyValueType)).Elem() for i, keyValue := range kvs { *(at.Index(i).Addr().Interface().(*KeyValue)) = keyValue @@ -383,11 +408,11 @@ func computeDistinctReflect(kvs []KeyValue) interface{} { // MarshalJSON returns the JSON encoding of the Set. func (l *Set) MarshalJSON() ([]byte, error) { - return json.Marshal(l.equivalent.iface) + return json.Marshal(l.data) } // MarshalLog is the marshaling function used by the logging system to represent this Set. -func (l Set) MarshalLog() interface{} { +func (l Set) MarshalLog() any { kvs := make(map[string]string) for _, kv := range l.ToSlice() { kvs[string(kv.Key)] = kv.Value.Emit() diff --git a/vendor/go.opentelemetry.io/otel/attribute/type_string.go b/vendor/go.opentelemetry.io/otel/attribute/type_string.go index e584b2477..24f1fa37d 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/type_string.go +++ b/vendor/go.opentelemetry.io/otel/attribute/type_string.go @@ -24,8 +24,9 @@ const _Type_name = "INVALIDBOOLINT64FLOAT64STRINGBOOLSLICEINT64SLICEFLOAT64SLICE var _Type_index = [...]uint8{0, 7, 11, 16, 23, 29, 38, 48, 60, 71} func (i Type) String() string { - if i < 0 || i >= Type(len(_Type_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Type_index)-1 { return "Type(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Type_name[_Type_index[i]:_Type_index[i+1]] + return _Type_name[_Type_index[idx]:_Type_index[idx+1]] } diff --git a/vendor/go.opentelemetry.io/otel/attribute/value.go b/vendor/go.opentelemetry.io/otel/attribute/value.go index 9ea0ecbbd..653c33a86 100644 --- a/vendor/go.opentelemetry.io/otel/attribute/value.go +++ b/vendor/go.opentelemetry.io/otel/attribute/value.go @@ -9,8 +9,7 @@ import ( "reflect" "strconv" - "go.opentelemetry.io/otel/internal" - "go.opentelemetry.io/otel/internal/attribute" + attribute "go.opentelemetry.io/otel/attribute/internal" ) //go:generate stringer -type=Type @@ -23,7 +22,7 @@ type Value struct { vtype Type numeric uint64 stringly string - slice interface{} + slice any } const ( @@ -51,7 +50,7 @@ const ( func BoolValue(v bool) Value { return Value{ vtype: BOOL, - numeric: internal.BoolToRaw(v), + numeric: boolToRaw(v), } } @@ -82,7 +81,7 @@ func IntSliceValue(v []int) Value { func Int64Value(v int64) Value { return Value{ vtype: INT64, - numeric: internal.Int64ToRaw(v), + numeric: int64ToRaw(v), } } @@ -95,7 +94,7 @@ func Int64SliceValue(v []int64) Value { func Float64Value(v float64) Value { return Value{ vtype: FLOAT64, - numeric: internal.Float64ToRaw(v), + numeric: float64ToRaw(v), } } @@ -125,7 +124,7 @@ func (v Value) Type() Type { // AsBool returns the bool value. Make sure that the Value's type is // BOOL. func (v Value) AsBool() bool { - return internal.RawToBool(v.numeric) + return rawToBool(v.numeric) } // AsBoolSlice returns the []bool value. Make sure that the Value's type is @@ -144,7 +143,7 @@ func (v Value) asBoolSlice() []bool { // AsInt64 returns the int64 value. Make sure that the Value's type is // INT64. func (v Value) AsInt64() int64 { - return internal.RawToInt64(v.numeric) + return rawToInt64(v.numeric) } // AsInt64Slice returns the []int64 value. Make sure that the Value's type is @@ -163,7 +162,7 @@ func (v Value) asInt64Slice() []int64 { // AsFloat64 returns the float64 value. Make sure that the Value's // type is FLOAT64. func (v Value) AsFloat64() float64 { - return internal.RawToFloat64(v.numeric) + return rawToFloat64(v.numeric) } // AsFloat64Slice returns the []float64 value. Make sure that the Value's type is @@ -200,8 +199,8 @@ func (v Value) asStringSlice() []string { type unknownValueType struct{} -// AsInterface returns Value's data as interface{}. -func (v Value) AsInterface() interface{} { +// AsInterface returns Value's data as any. +func (v Value) AsInterface() any { switch v.Type() { case BOOL: return v.AsBool() @@ -263,7 +262,7 @@ func (v Value) Emit() string { func (v Value) MarshalJSON() ([]byte, error) { var jsonVal struct { Type string - Value interface{} + Value any } jsonVal.Type = v.Type().String() jsonVal.Value = v.AsInterface() diff --git a/vendor/go.opentelemetry.io/otel/baggage/baggage.go b/vendor/go.opentelemetry.io/otel/baggage/baggage.go index 0e1fe2422..78e98c4c0 100644 --- a/vendor/go.opentelemetry.io/otel/baggage/baggage.go +++ b/vendor/go.opentelemetry.io/otel/baggage/baggage.go @@ -648,7 +648,7 @@ func parsePropertyInternal(s string) (p Property, ok bool) { // If we couldn't find any valid key character, // it means the key is either empty or invalid. if keyStart == keyEnd { - return + return p, ok } // Skip spaces after the key: " key< >= value ". @@ -658,13 +658,13 @@ func parsePropertyInternal(s string) (p Property, ok bool) { // A key can have no value, like: " key ". ok = true p.key = s[keyStart:keyEnd] - return + return p, ok } // If we have not reached the end and we can't find the '=' delimiter, // it means the property is invalid. if s[index] != keyValueDelimiter[0] { - return + return p, ok } // Attempting to parse the value. @@ -690,14 +690,14 @@ func parsePropertyInternal(s string) (p Property, ok bool) { // we have not reached the end, it means the property is // invalid, something like: " key = value value1". if index != len(s) { - return + return p, ok } // Decode a percent-encoded value. rawVal := s[valueStart:valueEnd] unescapeVal, err := url.PathUnescape(rawVal) if err != nil { - return + return p, ok } value := replaceInvalidUTF8Sequences(len(rawVal), unescapeVal) @@ -706,7 +706,7 @@ func parsePropertyInternal(s string) (p Property, ok bool) { p.hasValue = true p.value = value - return + return p, ok } func skipSpace(s string, offset int) int { @@ -812,7 +812,7 @@ var safeKeyCharset = [utf8.RuneSelf]bool{ // validateBaggageName checks if the string is a valid OpenTelemetry Baggage name. // Baggage name is a valid, non-empty UTF-8 string. func validateBaggageName(s string) bool { - if len(s) == 0 { + if s == "" { return false } @@ -828,7 +828,7 @@ func validateBaggageValue(s string) bool { // validateKey checks if the string is a valid W3C Baggage key. func validateKey(s string) bool { - if len(s) == 0 { + if s == "" { return false } diff --git a/vendor/go.opentelemetry.io/otel/codes/codes.go b/vendor/go.opentelemetry.io/otel/codes/codes.go index 49a35b122..d48847ed8 100644 --- a/vendor/go.opentelemetry.io/otel/codes/codes.go +++ b/vendor/go.opentelemetry.io/otel/codes/codes.go @@ -67,7 +67,7 @@ func (c *Code) UnmarshalJSON(b []byte) error { return errors.New("nil receiver passed to UnmarshalJSON") } - var x interface{} + var x any if err := json.Unmarshal(b, &x); err != nil { return err } @@ -102,5 +102,5 @@ func (c *Code) MarshalJSON() ([]byte, error) { if !ok { return nil, fmt.Errorf("invalid code: %d", *c) } - return []byte(fmt.Sprintf("%q", str)), nil + return fmt.Appendf(nil, "%q", str), nil } diff --git a/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile b/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile new file mode 100644 index 000000000..cadb87cc0 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile @@ -0,0 +1,4 @@ +# This is a renovate-friendly source of Docker images. +FROM python:3.13.6-slim-bullseye@sha256:e98b521460ee75bca92175c16247bdf7275637a8faaeb2bcfa19d879ae5c4b9a AS python +FROM otel/weaver:v0.19.0@sha256:3d20814cef548f1d31f27f054fb4cd6a05125641a9f7cc29fc7eb234e8052cd9 AS weaver +FROM avtodev/markdown-lint:v1@sha256:6aeedc2f49138ce7a1cd0adffc1b1c0321b841dc2102408967d9301c031949ee AS markdown diff --git a/vendor/go.opentelemetry.io/otel/get_main_pkgs.sh b/vendor/go.opentelemetry.io/otel/get_main_pkgs.sh deleted file mode 100644 index 93e80ea30..000000000 --- a/vendor/go.opentelemetry.io/otel/get_main_pkgs.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -# Copyright The OpenTelemetry Authors -# SPDX-License-Identifier: Apache-2.0 - -set -euo pipefail - -top_dir='.' -if [[ $# -gt 0 ]]; then - top_dir="${1}" -fi - -p=$(pwd) -mod_dirs=() - -# Note `mapfile` does not exist in older bash versions: -# https://stackoverflow.com/questions/41475261/need-alternative-to-readarray-mapfile-for-script-on-older-version-of-bash - -while IFS= read -r line; do - mod_dirs+=("$line") -done < <(find "${top_dir}" -type f -name 'go.mod' -exec dirname {} \; | sort) - -for mod_dir in "${mod_dirs[@]}"; do - cd "${mod_dir}" - - while IFS= read -r line; do - echo ".${line#${p}}" - done < <(go list --find -f '{{.Name}}|{{.Dir}}' ./... | grep '^main|' | cut -f 2- -d '|') - cd "${p}" -done diff --git a/vendor/go.opentelemetry.io/otel/internal/gen.go b/vendor/go.opentelemetry.io/otel/internal/gen.go deleted file mode 100644 index 4259f0320..000000000 --- a/vendor/go.opentelemetry.io/otel/internal/gen.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright The OpenTelemetry Authors -// SPDX-License-Identifier: Apache-2.0 - -package internal // import "go.opentelemetry.io/otel/internal" - -//go:generate gotmpl --body=./shared/matchers/expectation.go.tmpl "--data={}" --out=matchers/expectation.go -//go:generate gotmpl --body=./shared/matchers/expecter.go.tmpl "--data={}" --out=matchers/expecter.go -//go:generate gotmpl --body=./shared/matchers/temporal_matcher.go.tmpl "--data={}" --out=matchers/temporal_matcher.go - -//go:generate gotmpl --body=./shared/internaltest/alignment.go.tmpl "--data={}" --out=internaltest/alignment.go -//go:generate gotmpl --body=./shared/internaltest/env.go.tmpl "--data={}" --out=internaltest/env.go -//go:generate gotmpl --body=./shared/internaltest/env_test.go.tmpl "--data={}" --out=internaltest/env_test.go -//go:generate gotmpl --body=./shared/internaltest/errors.go.tmpl "--data={}" --out=internaltest/errors.go -//go:generate gotmpl --body=./shared/internaltest/harness.go.tmpl "--data={\"matchersImportPath\": \"go.opentelemetry.io/otel/internal/matchers\"}" --out=internaltest/harness.go -//go:generate gotmpl --body=./shared/internaltest/text_map_carrier.go.tmpl "--data={}" --out=internaltest/text_map_carrier.go -//go:generate gotmpl --body=./shared/internaltest/text_map_carrier_test.go.tmpl "--data={}" --out=internaltest/text_map_carrier_test.go -//go:generate gotmpl --body=./shared/internaltest/text_map_propagator.go.tmpl "--data={}" --out=internaltest/text_map_propagator.go -//go:generate gotmpl --body=./shared/internaltest/text_map_propagator_test.go.tmpl "--data={}" --out=internaltest/text_map_propagator_test.go diff --git a/vendor/go.opentelemetry.io/otel/internal/global/handler.go b/vendor/go.opentelemetry.io/otel/internal/global/handler.go index c657ff8e7..2e47b2964 100644 --- a/vendor/go.opentelemetry.io/otel/internal/global/handler.go +++ b/vendor/go.opentelemetry.io/otel/internal/global/handler.go @@ -1,6 +1,7 @@ // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 +// Package global provides the OpenTelemetry global API. package global // import "go.opentelemetry.io/otel/internal/global" import ( diff --git a/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go b/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go index adbca7d34..86d7f4ba0 100644 --- a/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go +++ b/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go @@ -41,22 +41,22 @@ func GetLogger() logr.Logger { // Info prints messages about the general state of the API or SDK. // This should usually be less than 5 messages a minute. -func Info(msg string, keysAndValues ...interface{}) { +func Info(msg string, keysAndValues ...any) { GetLogger().V(4).Info(msg, keysAndValues...) } // Error prints messages about exceptional states of the API or SDK. -func Error(err error, msg string, keysAndValues ...interface{}) { +func Error(err error, msg string, keysAndValues ...any) { GetLogger().Error(err, msg, keysAndValues...) } // Debug prints messages about all internal changes in the API or SDK. -func Debug(msg string, keysAndValues ...interface{}) { +func Debug(msg string, keysAndValues ...any) { GetLogger().V(8).Info(msg, keysAndValues...) } // Warn prints messages about warnings in the API or SDK. // Not an error but is likely more important than an informational event. -func Warn(msg string, keysAndValues ...interface{}) { +func Warn(msg string, keysAndValues ...any) { GetLogger().V(1).Info(msg, keysAndValues...) } diff --git a/vendor/go.opentelemetry.io/otel/internal/global/meter.go b/vendor/go.opentelemetry.io/otel/internal/global/meter.go index a6acd8dca..6db969f73 100644 --- a/vendor/go.opentelemetry.io/otel/internal/global/meter.go +++ b/vendor/go.opentelemetry.io/otel/internal/global/meter.go @@ -105,7 +105,7 @@ type delegatedInstrument interface { setDelegate(metric.Meter) } -// instID are the identifying properties of a instrument. +// instID are the identifying properties of an instrument. type instID struct { // name is the name of the stream. name string @@ -169,7 +169,10 @@ func (m *meter) Int64Counter(name string, options ...metric.Int64CounterOption) return i, nil } -func (m *meter) Int64UpDownCounter(name string, options ...metric.Int64UpDownCounterOption) (metric.Int64UpDownCounter, error) { +func (m *meter) Int64UpDownCounter( + name string, + options ...metric.Int64UpDownCounterOption, +) (metric.Int64UpDownCounter, error) { m.mtx.Lock() defer m.mtx.Unlock() @@ -238,7 +241,10 @@ func (m *meter) Int64Gauge(name string, options ...metric.Int64GaugeOption) (met return i, nil } -func (m *meter) Int64ObservableCounter(name string, options ...metric.Int64ObservableCounterOption) (metric.Int64ObservableCounter, error) { +func (m *meter) Int64ObservableCounter( + name string, + options ...metric.Int64ObservableCounterOption, +) (metric.Int64ObservableCounter, error) { m.mtx.Lock() defer m.mtx.Unlock() @@ -261,7 +267,10 @@ func (m *meter) Int64ObservableCounter(name string, options ...metric.Int64Obser return i, nil } -func (m *meter) Int64ObservableUpDownCounter(name string, options ...metric.Int64ObservableUpDownCounterOption) (metric.Int64ObservableUpDownCounter, error) { +func (m *meter) Int64ObservableUpDownCounter( + name string, + options ...metric.Int64ObservableUpDownCounterOption, +) (metric.Int64ObservableUpDownCounter, error) { m.mtx.Lock() defer m.mtx.Unlock() @@ -284,7 +293,10 @@ func (m *meter) Int64ObservableUpDownCounter(name string, options ...metric.Int6 return i, nil } -func (m *meter) Int64ObservableGauge(name string, options ...metric.Int64ObservableGaugeOption) (metric.Int64ObservableGauge, error) { +func (m *meter) Int64ObservableGauge( + name string, + options ...metric.Int64ObservableGaugeOption, +) (metric.Int64ObservableGauge, error) { m.mtx.Lock() defer m.mtx.Unlock() @@ -330,7 +342,10 @@ func (m *meter) Float64Counter(name string, options ...metric.Float64CounterOpti return i, nil } -func (m *meter) Float64UpDownCounter(name string, options ...metric.Float64UpDownCounterOption) (metric.Float64UpDownCounter, error) { +func (m *meter) Float64UpDownCounter( + name string, + options ...metric.Float64UpDownCounterOption, +) (metric.Float64UpDownCounter, error) { m.mtx.Lock() defer m.mtx.Unlock() @@ -353,7 +368,10 @@ func (m *meter) Float64UpDownCounter(name string, options ...metric.Float64UpDow return i, nil } -func (m *meter) Float64Histogram(name string, options ...metric.Float64HistogramOption) (metric.Float64Histogram, error) { +func (m *meter) Float64Histogram( + name string, + options ...metric.Float64HistogramOption, +) (metric.Float64Histogram, error) { m.mtx.Lock() defer m.mtx.Unlock() @@ -399,7 +417,10 @@ func (m *meter) Float64Gauge(name string, options ...metric.Float64GaugeOption) return i, nil } -func (m *meter) Float64ObservableCounter(name string, options ...metric.Float64ObservableCounterOption) (metric.Float64ObservableCounter, error) { +func (m *meter) Float64ObservableCounter( + name string, + options ...metric.Float64ObservableCounterOption, +) (metric.Float64ObservableCounter, error) { m.mtx.Lock() defer m.mtx.Unlock() @@ -422,7 +443,10 @@ func (m *meter) Float64ObservableCounter(name string, options ...metric.Float64O return i, nil } -func (m *meter) Float64ObservableUpDownCounter(name string, options ...metric.Float64ObservableUpDownCounterOption) (metric.Float64ObservableUpDownCounter, error) { +func (m *meter) Float64ObservableUpDownCounter( + name string, + options ...metric.Float64ObservableUpDownCounterOption, +) (metric.Float64ObservableUpDownCounter, error) { m.mtx.Lock() defer m.mtx.Unlock() @@ -445,7 +469,10 @@ func (m *meter) Float64ObservableUpDownCounter(name string, options ...metric.Fl return i, nil } -func (m *meter) Float64ObservableGauge(name string, options ...metric.Float64ObservableGaugeOption) (metric.Float64ObservableGauge, error) { +func (m *meter) Float64ObservableGauge( + name string, + options ...metric.Float64ObservableGaugeOption, +) (metric.Float64ObservableGauge, error) { m.mtx.Lock() defer m.mtx.Unlock() diff --git a/vendor/go.opentelemetry.io/otel/internal/global/trace.go b/vendor/go.opentelemetry.io/otel/internal/global/trace.go index 8982aa0dc..bf5cf3119 100644 --- a/vendor/go.opentelemetry.io/otel/internal/global/trace.go +++ b/vendor/go.opentelemetry.io/otel/internal/global/trace.go @@ -26,6 +26,7 @@ import ( "sync/atomic" "go.opentelemetry.io/auto/sdk" + "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" "go.opentelemetry.io/otel/trace" @@ -158,7 +159,18 @@ func (t *tracer) Start(ctx context.Context, name string, opts ...trace.SpanStart // a nonRecordingSpan by default. var autoInstEnabled = new(bool) -func (t *tracer) newSpan(ctx context.Context, autoSpan *bool, name string, opts []trace.SpanStartOption) (context.Context, trace.Span) { +// newSpan is called by tracer.Start so auto-instrumentation can attach an eBPF +// uprobe to this code. +// +// "noinline" pragma prevents the method from ever being inlined. +// +//go:noinline +func (t *tracer) newSpan( + ctx context.Context, + autoSpan *bool, + name string, + opts []trace.SpanStartOption, +) (context.Context, trace.Span) { // autoInstEnabled is passed to newSpan via the autoSpan parameter. This is // so the auto-instrumentation can define a uprobe for (*t).newSpan and be // provided with the address of the bool autoInstEnabled points to. It diff --git a/vendor/go.opentelemetry.io/otel/internal/rawhelpers.go b/vendor/go.opentelemetry.io/otel/internal/rawhelpers.go deleted file mode 100644 index b2fe3e41d..000000000 --- a/vendor/go.opentelemetry.io/otel/internal/rawhelpers.go +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright The OpenTelemetry Authors -// SPDX-License-Identifier: Apache-2.0 - -package internal // import "go.opentelemetry.io/otel/internal" - -import ( - "math" - "unsafe" -) - -func BoolToRaw(b bool) uint64 { // nolint:revive // b is not a control flag. - if b { - return 1 - } - return 0 -} - -func RawToBool(r uint64) bool { - return r != 0 -} - -func Int64ToRaw(i int64) uint64 { - // Assumes original was a valid int64 (overflow not checked). - return uint64(i) // nolint: gosec -} - -func RawToInt64(r uint64) int64 { - // Assumes original was a valid int64 (overflow not checked). - return int64(r) // nolint: gosec -} - -func Float64ToRaw(f float64) uint64 { - return math.Float64bits(f) -} - -func RawToFloat64(r uint64) float64 { - return math.Float64frombits(r) -} - -func RawPtrToFloat64Ptr(r *uint64) *float64 { - // Assumes original was a valid *float64 (overflow not checked). - return (*float64)(unsafe.Pointer(r)) // nolint: gosec -} - -func RawPtrToInt64Ptr(r *uint64) *int64 { - // Assumes original was a valid *int64 (overflow not checked). - return (*int64)(unsafe.Pointer(r)) // nolint: gosec -} diff --git a/vendor/go.opentelemetry.io/otel/metric.go b/vendor/go.opentelemetry.io/otel/metric.go index 1e6473b32..527d9aec8 100644 --- a/vendor/go.opentelemetry.io/otel/metric.go +++ b/vendor/go.opentelemetry.io/otel/metric.go @@ -11,7 +11,7 @@ import ( // Meter returns a Meter from the global MeterProvider. The name must be the // name of the library providing instrumentation. This name may be the same as // the instrumented code only if that code provides built-in instrumentation. -// If the name is empty, then a implementation defined default name will be +// If the name is empty, then an implementation defined default name will be // used instead. // // If this is called before a global MeterProvider is registered the returned diff --git a/vendor/go.opentelemetry.io/otel/metric/LICENSE b/vendor/go.opentelemetry.io/otel/metric/LICENSE index 261eeb9e9..f1aee0f11 100644 --- a/vendor/go.opentelemetry.io/otel/metric/LICENSE +++ b/vendor/go.opentelemetry.io/otel/metric/LICENSE @@ -199,3 +199,33 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +-------------------------------------------------------------------------------- + +Copyright 2009 The Go Authors. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google LLC nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go b/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go index f8435d8f2..b7fc973a6 100644 --- a/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go +++ b/vendor/go.opentelemetry.io/otel/metric/asyncfloat64.go @@ -106,7 +106,9 @@ type Float64ObservableUpDownCounterConfig struct { // NewFloat64ObservableUpDownCounterConfig returns a new // [Float64ObservableUpDownCounterConfig] with all opts applied. -func NewFloat64ObservableUpDownCounterConfig(opts ...Float64ObservableUpDownCounterOption) Float64ObservableUpDownCounterConfig { +func NewFloat64ObservableUpDownCounterConfig( + opts ...Float64ObservableUpDownCounterOption, +) Float64ObservableUpDownCounterConfig { var config Float64ObservableUpDownCounterConfig for _, o := range opts { config = o.applyFloat64ObservableUpDownCounter(config) @@ -239,12 +241,16 @@ type float64CallbackOpt struct { cback Float64Callback } -func (o float64CallbackOpt) applyFloat64ObservableCounter(cfg Float64ObservableCounterConfig) Float64ObservableCounterConfig { +func (o float64CallbackOpt) applyFloat64ObservableCounter( + cfg Float64ObservableCounterConfig, +) Float64ObservableCounterConfig { cfg.callbacks = append(cfg.callbacks, o.cback) return cfg } -func (o float64CallbackOpt) applyFloat64ObservableUpDownCounter(cfg Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig { +func (o float64CallbackOpt) applyFloat64ObservableUpDownCounter( + cfg Float64ObservableUpDownCounterConfig, +) Float64ObservableUpDownCounterConfig { cfg.callbacks = append(cfg.callbacks, o.cback) return cfg } diff --git a/vendor/go.opentelemetry.io/otel/metric/asyncint64.go b/vendor/go.opentelemetry.io/otel/metric/asyncint64.go index e079aaef1..4404b71a2 100644 --- a/vendor/go.opentelemetry.io/otel/metric/asyncint64.go +++ b/vendor/go.opentelemetry.io/otel/metric/asyncint64.go @@ -105,7 +105,9 @@ type Int64ObservableUpDownCounterConfig struct { // NewInt64ObservableUpDownCounterConfig returns a new // [Int64ObservableUpDownCounterConfig] with all opts applied. -func NewInt64ObservableUpDownCounterConfig(opts ...Int64ObservableUpDownCounterOption) Int64ObservableUpDownCounterConfig { +func NewInt64ObservableUpDownCounterConfig( + opts ...Int64ObservableUpDownCounterOption, +) Int64ObservableUpDownCounterConfig { var config Int64ObservableUpDownCounterConfig for _, o := range opts { config = o.applyInt64ObservableUpDownCounter(config) @@ -242,7 +244,9 @@ func (o int64CallbackOpt) applyInt64ObservableCounter(cfg Int64ObservableCounter return cfg } -func (o int64CallbackOpt) applyInt64ObservableUpDownCounter(cfg Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig { +func (o int64CallbackOpt) applyInt64ObservableUpDownCounter( + cfg Int64ObservableUpDownCounterConfig, +) Int64ObservableUpDownCounterConfig { cfg.callbacks = append(cfg.callbacks, o.cback) return cfg } diff --git a/vendor/go.opentelemetry.io/otel/metric/config.go b/vendor/go.opentelemetry.io/otel/metric/config.go index d9e3b13e4..e42dd6e70 100644 --- a/vendor/go.opentelemetry.io/otel/metric/config.go +++ b/vendor/go.opentelemetry.io/otel/metric/config.go @@ -3,7 +3,11 @@ package metric // import "go.opentelemetry.io/otel/metric" -import "go.opentelemetry.io/otel/attribute" +import ( + "slices" + + "go.opentelemetry.io/otel/attribute" +) // MeterConfig contains options for Meters. type MeterConfig struct { @@ -62,12 +66,38 @@ func WithInstrumentationVersion(version string) MeterOption { }) } -// WithInstrumentationAttributes sets the instrumentation attributes. +// WithInstrumentationAttributes adds the instrumentation attributes. +// +// This is equivalent to calling [WithInstrumentationAttributeSet] with an +// [attribute.Set] created from a clone of the passed attributes. +// [WithInstrumentationAttributeSet] is recommended for more control. // -// The passed attributes will be de-duplicated. +// If multiple [WithInstrumentationAttributes] or [WithInstrumentationAttributeSet] +// options are passed, the attributes will be merged together in the order +// they are passed. Attributes with duplicate keys will use the last value passed. func WithInstrumentationAttributes(attr ...attribute.KeyValue) MeterOption { + set := attribute.NewSet(slices.Clone(attr)...) + return WithInstrumentationAttributeSet(set) +} + +// WithInstrumentationAttributeSet adds the instrumentation attributes. +// +// If multiple [WithInstrumentationAttributes] or [WithInstrumentationAttributeSet] +// options are passed, the attributes will be merged together in the order +// they are passed. Attributes with duplicate keys will use the last value passed. +func WithInstrumentationAttributeSet(set attribute.Set) MeterOption { + if set.Len() == 0 { + return meterOptionFunc(func(config MeterConfig) MeterConfig { + return config + }) + } + return meterOptionFunc(func(config MeterConfig) MeterConfig { - config.attrs = attribute.NewSet(attr...) + if config.attrs.Len() == 0 { + config.attrs = set + } else { + config.attrs = mergeSets(config.attrs, set) + } return config }) } diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument.go b/vendor/go.opentelemetry.io/otel/metric/instrument.go index a535782e1..9f48d5f11 100644 --- a/vendor/go.opentelemetry.io/otel/metric/instrument.go +++ b/vendor/go.opentelemetry.io/otel/metric/instrument.go @@ -63,7 +63,9 @@ func (o descOpt) applyFloat64ObservableCounter(c Float64ObservableCounterConfig) return c } -func (o descOpt) applyFloat64ObservableUpDownCounter(c Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig { +func (o descOpt) applyFloat64ObservableUpDownCounter( + c Float64ObservableUpDownCounterConfig, +) Float64ObservableUpDownCounterConfig { c.description = string(o) return c } @@ -98,7 +100,9 @@ func (o descOpt) applyInt64ObservableCounter(c Int64ObservableCounterConfig) Int return c } -func (o descOpt) applyInt64ObservableUpDownCounter(c Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig { +func (o descOpt) applyInt64ObservableUpDownCounter( + c Int64ObservableUpDownCounterConfig, +) Int64ObservableUpDownCounterConfig { c.description = string(o) return c } @@ -138,7 +142,9 @@ func (o unitOpt) applyFloat64ObservableCounter(c Float64ObservableCounterConfig) return c } -func (o unitOpt) applyFloat64ObservableUpDownCounter(c Float64ObservableUpDownCounterConfig) Float64ObservableUpDownCounterConfig { +func (o unitOpt) applyFloat64ObservableUpDownCounter( + c Float64ObservableUpDownCounterConfig, +) Float64ObservableUpDownCounterConfig { c.unit = string(o) return c } @@ -173,7 +179,9 @@ func (o unitOpt) applyInt64ObservableCounter(c Int64ObservableCounterConfig) Int return c } -func (o unitOpt) applyInt64ObservableUpDownCounter(c Int64ObservableUpDownCounterConfig) Int64ObservableUpDownCounterConfig { +func (o unitOpt) applyInt64ObservableUpDownCounter( + c Int64ObservableUpDownCounterConfig, +) Int64ObservableUpDownCounterConfig { c.unit = string(o) return c } diff --git a/vendor/go.opentelemetry.io/otel/metric/meter.go b/vendor/go.opentelemetry.io/otel/metric/meter.go index 14e08c24a..fdd2a7011 100644 --- a/vendor/go.opentelemetry.io/otel/metric/meter.go +++ b/vendor/go.opentelemetry.io/otel/metric/meter.go @@ -110,7 +110,10 @@ type Meter interface { // The name needs to conform to the OpenTelemetry instrument name syntax. // See the Instrument Name section of the package documentation for more // information. - Int64ObservableUpDownCounter(name string, options ...Int64ObservableUpDownCounterOption) (Int64ObservableUpDownCounter, error) + Int64ObservableUpDownCounter( + name string, + options ...Int64ObservableUpDownCounterOption, + ) (Int64ObservableUpDownCounter, error) // Int64ObservableGauge returns a new Int64ObservableGauge instrument // identified by name and configured with options. The instrument is used @@ -194,7 +197,10 @@ type Meter interface { // The name needs to conform to the OpenTelemetry instrument name syntax. // See the Instrument Name section of the package documentation for more // information. - Float64ObservableUpDownCounter(name string, options ...Float64ObservableUpDownCounterOption) (Float64ObservableUpDownCounter, error) + Float64ObservableUpDownCounter( + name string, + options ...Float64ObservableUpDownCounterOption, + ) (Float64ObservableUpDownCounter, error) // Float64ObservableGauge returns a new Float64ObservableGauge instrument // identified by name and configured with options. The instrument is used diff --git a/vendor/go.opentelemetry.io/otel/metric/noop/noop.go b/vendor/go.opentelemetry.io/otel/metric/noop/noop.go index ca6fcbdc0..9afb69e58 100644 --- a/vendor/go.opentelemetry.io/otel/metric/noop/noop.go +++ b/vendor/go.opentelemetry.io/otel/metric/noop/noop.go @@ -86,13 +86,19 @@ func (Meter) Int64Gauge(string, ...metric.Int64GaugeOption) (metric.Int64Gauge, // Int64ObservableCounter returns an ObservableCounter used to record int64 // measurements that produces no telemetry. -func (Meter) Int64ObservableCounter(string, ...metric.Int64ObservableCounterOption) (metric.Int64ObservableCounter, error) { +func (Meter) Int64ObservableCounter( + string, + ...metric.Int64ObservableCounterOption, +) (metric.Int64ObservableCounter, error) { return Int64ObservableCounter{}, nil } // Int64ObservableUpDownCounter returns an ObservableUpDownCounter used to // record int64 measurements that produces no telemetry. -func (Meter) Int64ObservableUpDownCounter(string, ...metric.Int64ObservableUpDownCounterOption) (metric.Int64ObservableUpDownCounter, error) { +func (Meter) Int64ObservableUpDownCounter( + string, + ...metric.Int64ObservableUpDownCounterOption, +) (metric.Int64ObservableUpDownCounter, error) { return Int64ObservableUpDownCounter{}, nil } @@ -128,19 +134,28 @@ func (Meter) Float64Gauge(string, ...metric.Float64GaugeOption) (metric.Float64G // Float64ObservableCounter returns an ObservableCounter used to record int64 // measurements that produces no telemetry. -func (Meter) Float64ObservableCounter(string, ...metric.Float64ObservableCounterOption) (metric.Float64ObservableCounter, error) { +func (Meter) Float64ObservableCounter( + string, + ...metric.Float64ObservableCounterOption, +) (metric.Float64ObservableCounter, error) { return Float64ObservableCounter{}, nil } // Float64ObservableUpDownCounter returns an ObservableUpDownCounter used to // record int64 measurements that produces no telemetry. -func (Meter) Float64ObservableUpDownCounter(string, ...metric.Float64ObservableUpDownCounterOption) (metric.Float64ObservableUpDownCounter, error) { +func (Meter) Float64ObservableUpDownCounter( + string, + ...metric.Float64ObservableUpDownCounterOption, +) (metric.Float64ObservableUpDownCounter, error) { return Float64ObservableUpDownCounter{}, nil } // Float64ObservableGauge returns an ObservableGauge used to record int64 // measurements that produces no telemetry. -func (Meter) Float64ObservableGauge(string, ...metric.Float64ObservableGaugeOption) (metric.Float64ObservableGauge, error) { +func (Meter) Float64ObservableGauge( + string, + ...metric.Float64ObservableGaugeOption, +) (metric.Float64ObservableGauge, error) { return Float64ObservableGauge{}, nil } diff --git a/vendor/go.opentelemetry.io/otel/propagation/baggage.go b/vendor/go.opentelemetry.io/otel/propagation/baggage.go index 552263ba7..051882602 100644 --- a/vendor/go.opentelemetry.io/otel/propagation/baggage.go +++ b/vendor/go.opentelemetry.io/otel/propagation/baggage.go @@ -20,7 +20,7 @@ type Baggage struct{} var _ TextMapPropagator = Baggage{} // Inject sets baggage key-values from ctx into the carrier. -func (b Baggage) Inject(ctx context.Context, carrier TextMapCarrier) { +func (Baggage) Inject(ctx context.Context, carrier TextMapCarrier) { bStr := baggage.FromContext(ctx).String() if bStr != "" { carrier.Set(baggageHeader, bStr) @@ -28,7 +28,21 @@ func (b Baggage) Inject(ctx context.Context, carrier TextMapCarrier) { } // Extract returns a copy of parent with the baggage from the carrier added. -func (b Baggage) Extract(parent context.Context, carrier TextMapCarrier) context.Context { +// If carrier implements [ValuesGetter] (e.g. [HeaderCarrier]), Values is invoked +// for multiple values extraction. Otherwise, Get is called. +func (Baggage) Extract(parent context.Context, carrier TextMapCarrier) context.Context { + if multiCarrier, ok := carrier.(ValuesGetter); ok { + return extractMultiBaggage(parent, multiCarrier) + } + return extractSingleBaggage(parent, carrier) +} + +// Fields returns the keys who's values are set with Inject. +func (Baggage) Fields() []string { + return []string{baggageHeader} +} + +func extractSingleBaggage(parent context.Context, carrier TextMapCarrier) context.Context { bStr := carrier.Get(baggageHeader) if bStr == "" { return parent @@ -41,7 +55,23 @@ func (b Baggage) Extract(parent context.Context, carrier TextMapCarrier) context return baggage.ContextWithBaggage(parent, bag) } -// Fields returns the keys who's values are set with Inject. -func (b Baggage) Fields() []string { - return []string{baggageHeader} +func extractMultiBaggage(parent context.Context, carrier ValuesGetter) context.Context { + bVals := carrier.Values(baggageHeader) + if len(bVals) == 0 { + return parent + } + var members []baggage.Member + for _, bStr := range bVals { + currBag, err := baggage.Parse(bStr) + if err != nil { + continue + } + members = append(members, currBag.Members()...) + } + + b, err := baggage.New(members...) + if err != nil || b.Len() == 0 { + return parent + } + return baggage.ContextWithBaggage(parent, b) } diff --git a/vendor/go.opentelemetry.io/otel/propagation/propagation.go b/vendor/go.opentelemetry.io/otel/propagation/propagation.go index 8c8286aab..0a32c59aa 100644 --- a/vendor/go.opentelemetry.io/otel/propagation/propagation.go +++ b/vendor/go.opentelemetry.io/otel/propagation/propagation.go @@ -9,6 +9,7 @@ import ( ) // TextMapCarrier is the storage medium used by a TextMapPropagator. +// See ValuesGetter for how a TextMapCarrier can get multiple values for a key. type TextMapCarrier interface { // DO NOT CHANGE: any modification will not be backwards compatible and // must never be done outside of a new major release. @@ -19,7 +20,7 @@ type TextMapCarrier interface { // must never be done outside of a new major release. // Set stores the key-value pair. - Set(key string, value string) + Set(key, value string) // DO NOT CHANGE: any modification will not be backwards compatible and // must never be done outside of a new major release. @@ -29,6 +30,18 @@ type TextMapCarrier interface { // must never be done outside of a new major release. } +// ValuesGetter can return multiple values for a single key, +// with contrast to TextMapCarrier.Get which returns a single value. +type ValuesGetter interface { + // DO NOT CHANGE: any modification will not be backwards compatible and + // must never be done outside of a new major release. + + // Values returns all values associated with the passed key. + Values(key string) []string + // DO NOT CHANGE: any modification will not be backwards compatible and + // must never be done outside of a new major release. +} + // MapCarrier is a TextMapCarrier that uses a map held in memory as a storage // medium for propagated key-value pairs. type MapCarrier map[string]string @@ -55,16 +68,27 @@ func (c MapCarrier) Keys() []string { return keys } -// HeaderCarrier adapts http.Header to satisfy the TextMapCarrier interface. +// HeaderCarrier adapts http.Header to satisfy the TextMapCarrier and ValuesGetter interfaces. type HeaderCarrier http.Header -// Get returns the value associated with the passed key. +// Compile time check that HeaderCarrier implements ValuesGetter. +var _ TextMapCarrier = HeaderCarrier{} + +// Compile time check that HeaderCarrier implements TextMapCarrier. +var _ ValuesGetter = HeaderCarrier{} + +// Get returns the first value associated with the passed key. func (hc HeaderCarrier) Get(key string) string { return http.Header(hc).Get(key) } +// Values returns all values associated with the passed key. +func (hc HeaderCarrier) Values(key string) []string { + return http.Header(hc).Values(key) +} + // Set stores the key-value pair. -func (hc HeaderCarrier) Set(key string, value string) { +func (hc HeaderCarrier) Set(key, value string) { http.Header(hc).Set(key, value) } @@ -89,6 +113,8 @@ type TextMapPropagator interface { // must never be done outside of a new major release. // Extract reads cross-cutting concerns from the carrier into a Context. + // Implementations may check if the carrier implements ValuesGetter, + // to support extraction of multiple values per key. Extract(ctx context.Context, carrier TextMapCarrier) context.Context // DO NOT CHANGE: any modification will not be backwards compatible and // must never be done outside of a new major release. diff --git a/vendor/go.opentelemetry.io/otel/propagation/trace_context.go b/vendor/go.opentelemetry.io/otel/propagation/trace_context.go index 6870e316d..271ab71f1 100644 --- a/vendor/go.opentelemetry.io/otel/propagation/trace_context.go +++ b/vendor/go.opentelemetry.io/otel/propagation/trace_context.go @@ -36,7 +36,7 @@ var ( ) // Inject injects the trace context from ctx into carrier. -func (tc TraceContext) Inject(ctx context.Context, carrier TextMapCarrier) { +func (TraceContext) Inject(ctx context.Context, carrier TextMapCarrier) { sc := trace.SpanContextFromContext(ctx) if !sc.IsValid() { return @@ -77,7 +77,7 @@ func (tc TraceContext) Extract(ctx context.Context, carrier TextMapCarrier) cont return trace.ContextWithRemoteSpanContext(ctx, sc) } -func (tc TraceContext) extract(carrier TextMapCarrier) trace.SpanContext { +func (TraceContext) extract(carrier TextMapCarrier) trace.SpanContext { h := carrier.Get(traceparentHeader) if h == "" { return trace.SpanContext{} @@ -111,7 +111,7 @@ func (tc TraceContext) extract(carrier TextMapCarrier) trace.SpanContext { } // Clear all flags other than the trace-context supported sampling bit. - scc.TraceFlags = trace.TraceFlags(opts[0]) & trace.FlagsSampled + scc.TraceFlags = trace.TraceFlags(opts[0]) & trace.FlagsSampled // nolint:gosec // slice size already checked. // Ignore the error returned here. Failure to parse tracestate MUST NOT // affect the parsing of traceparent according to the W3C tracecontext @@ -151,6 +151,6 @@ func extractPart(dst []byte, h *string, n int) bool { } // Fields returns the keys who's values are set with Inject. -func (tc TraceContext) Fields() []string { +func (TraceContext) Fields() []string { return []string{traceparentHeader, tracestateHeader} } diff --git a/vendor/go.opentelemetry.io/otel/renovate.json b/vendor/go.opentelemetry.io/otel/renovate.json index 4f80c898a..fa5acf2d3 100644 --- a/vendor/go.opentelemetry.io/otel/renovate.json +++ b/vendor/go.opentelemetry.io/otel/renovate.json @@ -1,7 +1,8 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:recommended" + "config:best-practices", + "helpers:pinGitHubActionDigestsToSemver" ], "ignorePaths": [], "labels": ["Skip Changelog", "dependencies"], @@ -14,6 +15,10 @@ "matchDepTypes": ["indirect"], "enabled": true }, + { + "matchPackageNames": ["go.opentelemetry.io/build-tools/**"], + "groupName": "build-tools" + }, { "matchPackageNames": ["google.golang.org/genproto/googleapis/**"], "groupName": "googleapis" @@ -21,6 +26,10 @@ { "matchPackageNames": ["golang.org/x/**"], "groupName": "golang.org/x" + }, + { + "matchPackageNames": ["go.opentelemetry.io/otel/sdk/log/logtest"], + "enabled": false } ] } diff --git a/vendor/go.opentelemetry.io/otel/requirements.txt b/vendor/go.opentelemetry.io/otel/requirements.txt index ab09daf9d..1bb55fb1c 100644 --- a/vendor/go.opentelemetry.io/otel/requirements.txt +++ b/vendor/go.opentelemetry.io/otel/requirements.txt @@ -1 +1 @@ -codespell==2.3.0 +codespell==2.4.1 diff --git a/vendor/go.opentelemetry.io/otel/sdk/LICENSE b/vendor/go.opentelemetry.io/otel/sdk/LICENSE index 261eeb9e9..f1aee0f11 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/LICENSE +++ b/vendor/go.opentelemetry.io/otel/sdk/LICENSE @@ -199,3 +199,33 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +-------------------------------------------------------------------------------- + +Copyright 2009 The Go Authors. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google LLC nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/vendor/go.opentelemetry.io/otel/sdk/internal/x/features.go b/vendor/go.opentelemetry.io/otel/sdk/internal/x/features.go new file mode 100644 index 000000000..bfeb73e81 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/sdk/internal/x/features.go @@ -0,0 +1,39 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package x documents experimental features for [go.opentelemetry.io/otel/sdk]. +package x // import "go.opentelemetry.io/otel/sdk/internal/x" + +import "strings" + +// Resource is an experimental feature flag that defines if resource detectors +// should be included experimental semantic conventions. +// +// To enable this feature set the OTEL_GO_X_RESOURCE environment variable +// to the case-insensitive string value of "true" (i.e. "True" and "TRUE" +// will also enable this). +var Resource = newFeature( + []string{"RESOURCE"}, + func(v string) (string, bool) { + if strings.EqualFold(v, "true") { + return v, true + } + return "", false + }, +) + +// Observability is an experimental feature flag that determines if SDK +// observability metrics are enabled. +// +// To enable this feature set the OTEL_GO_X_OBSERVABILITY environment variable +// to the case-insensitive string value of "true" (i.e. "True" and "TRUE" +// will also enable this). +var Observability = newFeature( + []string{"OBSERVABILITY", "SELF_OBSERVABILITY"}, + func(v string) (string, bool) { + if strings.EqualFold(v, "true") { + return v, true + } + return "", false + }, +) diff --git a/vendor/go.opentelemetry.io/otel/sdk/internal/x/x.go b/vendor/go.opentelemetry.io/otel/sdk/internal/x/x.go index 68d296cbe..13347e560 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/internal/x/x.go +++ b/vendor/go.opentelemetry.io/otel/sdk/internal/x/x.go @@ -1,48 +1,38 @@ +// Code generated by gotmpl. DO NOT MODIFY. +// source: internal/shared/x/x.go.tmpl + // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 -// Package x contains support for OTel SDK experimental features. -// -// This package should only be used for features defined in the specification. -// It should not be used for experiments or new project ideas. +// Package x documents experimental features for [go.opentelemetry.io/otel/sdk]. package x // import "go.opentelemetry.io/otel/sdk/internal/x" import ( "os" - "strings" ) -// Resource is an experimental feature flag that defines if resource detectors -// should be included experimental semantic conventions. -// -// To enable this feature set the OTEL_GO_X_RESOURCE environment variable -// to the case-insensitive string value of "true" (i.e. "True" and "TRUE" -// will also enable this). -var Resource = newFeature("RESOURCE", func(v string) (string, bool) { - if strings.ToLower(v) == "true" { - return v, true - } - return "", false -}) - // Feature is an experimental feature control flag. It provides a uniform way // to interact with these feature flags and parse their values. type Feature[T any] struct { - key string + keys []string parse func(v string) (T, bool) } -func newFeature[T any](suffix string, parse func(string) (T, bool)) Feature[T] { +func newFeature[T any](suffix []string, parse func(string) (T, bool)) Feature[T] { const envKeyRoot = "OTEL_GO_X_" + keys := make([]string, 0, len(suffix)) + for _, s := range suffix { + keys = append(keys, envKeyRoot+s) + } return Feature[T]{ - key: envKeyRoot + suffix, + keys: keys, parse: parse, } } -// Key returns the environment variable key that needs to be set to enable the +// Keys returns the environment variable keys that can be set to enable the // feature. -func (f Feature[T]) Key() string { return f.key } +func (f Feature[T]) Keys() []string { return f.keys } // Lookup returns the user configured value for the feature and true if the // user has enabled the feature. Otherwise, if the feature is not enabled, a @@ -52,14 +42,16 @@ func (f Feature[T]) Lookup() (v T, ok bool) { // // > The SDK MUST interpret an empty value of an environment variable the // > same way as when the variable is unset. - vRaw := os.Getenv(f.key) - if vRaw == "" { - return v, ok + for _, key := range f.keys { + vRaw := os.Getenv(key) + if vRaw != "" { + return f.parse(vRaw) + } } - return f.parse(vRaw) + return v, ok } -// Enabled returns if the feature is enabled. +// Enabled reports whether the feature is enabled. func (f Feature[T]) Enabled() bool { _, ok := f.Lookup() return ok diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go b/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go index cf3c88e15..3f20eb7a5 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go @@ -13,7 +13,7 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/sdk" - semconv "go.opentelemetry.io/otel/semconv/v1.26.0" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" ) type ( @@ -72,7 +72,7 @@ func StringDetector(schemaURL string, k attribute.Key, f func() (string, error)) // Detect returns a *Resource that describes the string as a value // corresponding to attribute.Key as well as the specific schemaURL. -func (sd stringDetector) Detect(ctx context.Context) (*Resource, error) { +func (sd stringDetector) Detect(context.Context) (*Resource, error) { value, err := sd.F() if err != nil { return nil, fmt.Errorf("%s: %w", string(sd.K), err) diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/container.go b/vendor/go.opentelemetry.io/otel/sdk/resource/container.go index 5ecd859a5..bbe142d20 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/container.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/container.go @@ -11,7 +11,7 @@ import ( "os" "regexp" - semconv "go.opentelemetry.io/otel/semconv/v1.26.0" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" ) type containerIDProvider func() (string, error) @@ -27,7 +27,7 @@ const cgroupPath = "/proc/self/cgroup" // Detect returns a *Resource that describes the id of the container. // If no container id found, an empty resource will be returned. -func (cgroupContainerIDDetector) Detect(ctx context.Context) (*Resource, error) { +func (cgroupContainerIDDetector) Detect(context.Context) (*Resource, error) { containerID, err := containerID() if err != nil { return nil, err diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/env.go b/vendor/go.opentelemetry.io/otel/sdk/resource/env.go index 813f05624..4a1b017ee 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/env.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/env.go @@ -12,7 +12,7 @@ import ( "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/attribute" - semconv "go.opentelemetry.io/otel/semconv/v1.26.0" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" ) const ( diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go index 2d0f65498..5fed33d4f 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go @@ -8,7 +8,7 @@ import ( "errors" "strings" - semconv "go.opentelemetry.io/otel/semconv/v1.26.0" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" ) type hostIDProvider func() (string, error) @@ -96,7 +96,7 @@ func (r *hostIDReaderLinux) read() (string, error) { type hostIDDetector struct{} // Detect returns a *Resource containing the platform specific host id. -func (hostIDDetector) Detect(ctx context.Context) (*Resource, error) { +func (hostIDDetector) Detect(context.Context) (*Resource, error) { hostID, err := hostID() if err != nil { return nil, err diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go index cc8b8938e..4c1c30f25 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go @@ -2,7 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 //go:build dragonfly || freebsd || netbsd || openbsd || solaris -// +build dragonfly freebsd netbsd openbsd solaris package resource // import "go.opentelemetry.io/otel/sdk/resource" diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go index f84f17324..4a26096c8 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go @@ -2,7 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 //go:build linux -// +build linux package resource // import "go.opentelemetry.io/otel/sdk/resource" diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go index df12c44c5..63ad2fa4e 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go @@ -2,7 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 //go:build !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows -// +build !darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows package resource // import "go.opentelemetry.io/otel/sdk/resource" diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go index 3677c83d7..2b8ca20b3 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go @@ -2,7 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 //go:build windows -// +build windows package resource // import "go.opentelemetry.io/otel/sdk/resource" diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os.go index 8a48ab4fa..51da76e80 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/os.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os.go @@ -8,7 +8,7 @@ import ( "strings" "go.opentelemetry.io/otel/attribute" - semconv "go.opentelemetry.io/otel/semconv/v1.26.0" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" ) type osDescriptionProvider func() (string, error) @@ -32,7 +32,7 @@ type ( // Detect returns a *Resource that describes the operating system type the // service is running on. -func (osTypeDetector) Detect(ctx context.Context) (*Resource, error) { +func (osTypeDetector) Detect(context.Context) (*Resource, error) { osType := runtimeOS() osTypeAttribute := mapRuntimeOSToSemconvOSType(osType) @@ -45,7 +45,7 @@ func (osTypeDetector) Detect(ctx context.Context) (*Resource, error) { // Detect returns a *Resource that describes the operating system the // service is running on. -func (osDescriptionDetector) Detect(ctx context.Context) (*Resource, error) { +func (osDescriptionDetector) Detect(context.Context) (*Resource, error) { description, err := osDescription() if err != nil { return nil, err diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_darwin.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_darwin.go index ce455dc54..3d703c5d9 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_darwin.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_darwin.go @@ -5,6 +5,7 @@ package resource // import "go.opentelemetry.io/otel/sdk/resource" import ( "encoding/xml" + "errors" "fmt" "io" "os" @@ -63,7 +64,7 @@ func parsePlistFile(file io.Reader) (map[string]string, error) { } if len(v.Dict.Key) != len(v.Dict.String) { - return nil, fmt.Errorf("the number of and elements doesn't match") + return nil, errors.New("the number of and elements doesn't match") } properties := make(map[string]string, len(v.Dict.Key)) diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go index f537e5ca5..a1763267c 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go @@ -2,7 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix dragonfly freebsd linux netbsd openbsd solaris zos package resource // import "go.opentelemetry.io/otel/sdk/resource" @@ -63,12 +62,12 @@ func parseOSReleaseFile(file io.Reader) map[string]string { return values } -// skip returns true if the line is blank or starts with a '#' character, and +// skip reports whether the line is blank or starts with a '#' character, and // therefore should be skipped from processing. func skip(line string) bool { line = strings.TrimSpace(line) - return len(line) == 0 || strings.HasPrefix(line, "#") + return line == "" || strings.HasPrefix(line, "#") } // parse attempts to split the provided line on the first '=' character, and then @@ -76,7 +75,7 @@ func skip(line string) bool { func parse(line string) (string, string, bool) { k, v, found := strings.Cut(line, "=") - if !found || len(k) == 0 { + if !found || k == "" { return "", "", false } diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go index a6ff26a4d..6c50ab686 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go @@ -2,7 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos package resource // import "go.opentelemetry.io/otel/sdk/resource" diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/os_unsupported.go b/vendor/go.opentelemetry.io/otel/sdk/resource/os_unsupported.go index a77742b07..25f629532 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/os_unsupported.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/os_unsupported.go @@ -2,7 +2,6 @@ // SPDX-License-Identifier: Apache-2.0 //go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris && !windows && !zos -// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!windows,!zos package resource // import "go.opentelemetry.io/otel/sdk/resource" diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/process.go b/vendor/go.opentelemetry.io/otel/sdk/resource/process.go index 085fe68fd..138e57721 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/process.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/process.go @@ -11,7 +11,7 @@ import ( "path/filepath" "runtime" - semconv "go.opentelemetry.io/otel/semconv/v1.26.0" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" ) type ( @@ -112,19 +112,19 @@ type ( // Detect returns a *Resource that describes the process identifier (PID) of the // executing process. -func (processPIDDetector) Detect(ctx context.Context) (*Resource, error) { +func (processPIDDetector) Detect(context.Context) (*Resource, error) { return NewWithAttributes(semconv.SchemaURL, semconv.ProcessPID(pid())), nil } // Detect returns a *Resource that describes the name of the process executable. -func (processExecutableNameDetector) Detect(ctx context.Context) (*Resource, error) { +func (processExecutableNameDetector) Detect(context.Context) (*Resource, error) { executableName := filepath.Base(commandArgs()[0]) return NewWithAttributes(semconv.SchemaURL, semconv.ProcessExecutableName(executableName)), nil } // Detect returns a *Resource that describes the full path of the process executable. -func (processExecutablePathDetector) Detect(ctx context.Context) (*Resource, error) { +func (processExecutablePathDetector) Detect(context.Context) (*Resource, error) { executablePath, err := executablePath() if err != nil { return nil, err @@ -135,13 +135,13 @@ func (processExecutablePathDetector) Detect(ctx context.Context) (*Resource, err // Detect returns a *Resource that describes all the command arguments as received // by the process. -func (processCommandArgsDetector) Detect(ctx context.Context) (*Resource, error) { +func (processCommandArgsDetector) Detect(context.Context) (*Resource, error) { return NewWithAttributes(semconv.SchemaURL, semconv.ProcessCommandArgs(commandArgs()...)), nil } // Detect returns a *Resource that describes the username of the user that owns the // process. -func (processOwnerDetector) Detect(ctx context.Context) (*Resource, error) { +func (processOwnerDetector) Detect(context.Context) (*Resource, error) { owner, err := owner() if err != nil { return nil, err @@ -152,17 +152,17 @@ func (processOwnerDetector) Detect(ctx context.Context) (*Resource, error) { // Detect returns a *Resource that describes the name of the compiler used to compile // this process image. -func (processRuntimeNameDetector) Detect(ctx context.Context) (*Resource, error) { +func (processRuntimeNameDetector) Detect(context.Context) (*Resource, error) { return NewWithAttributes(semconv.SchemaURL, semconv.ProcessRuntimeName(runtimeName())), nil } // Detect returns a *Resource that describes the version of the runtime of this process. -func (processRuntimeVersionDetector) Detect(ctx context.Context) (*Resource, error) { +func (processRuntimeVersionDetector) Detect(context.Context) (*Resource, error) { return NewWithAttributes(semconv.SchemaURL, semconv.ProcessRuntimeVersion(runtimeVersion())), nil } // Detect returns a *Resource that describes the runtime of this process. -func (processRuntimeDescriptionDetector) Detect(ctx context.Context) (*Resource, error) { +func (processRuntimeDescriptionDetector) Detect(context.Context) (*Resource, error) { runtimeDescription := fmt.Sprintf( "go version %s %s/%s", runtimeVersion(), runtimeOS(), runtimeArch()) diff --git a/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go b/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go index ad4b50df4..28e1e4f7e 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go +++ b/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go @@ -21,11 +21,22 @@ import ( // Resources should be passed and stored as pointers // (`*resource.Resource`). The `nil` value is equivalent to an empty // Resource. +// +// Note that the Go == operator compares not just the resource attributes but +// also all other internals of the Resource type. Therefore, Resource values +// should not be used as map or database keys. In general, the [Resource.Equal] +// method should be used instead of direct comparison with ==, since that +// method ensures the correct comparison of resource attributes, and the +// [attribute.Distinct] returned from [Resource.Equivalent] should be used for +// map and database keys instead. type Resource struct { attrs attribute.Set schemaURL string } +// Compile-time check that the Resource remains comparable. +var _ map[Resource]struct{} = nil + var ( defaultResource *Resource defaultResourceOnce sync.Once @@ -101,7 +112,7 @@ func (r *Resource) String() string { } // MarshalLog is the marshaling function used by the logging system to represent this Resource. -func (r *Resource) MarshalLog() interface{} { +func (r *Resource) MarshalLog() any { return struct { Attributes attribute.Set SchemaURL string @@ -137,15 +148,19 @@ func (r *Resource) Iter() attribute.Iterator { return r.attrs.Iter() } -// Equal returns true when a Resource is equivalent to this Resource. -func (r *Resource) Equal(eq *Resource) bool { +// Equal reports whether r and o represent the same resource. Two resources can +// be equal even if they have different schema URLs. +// +// See the documentation on the [Resource] type for the pitfalls of using == +// with Resource values; most code should use Equal instead. +func (r *Resource) Equal(o *Resource) bool { if r == nil { r = Empty() } - if eq == nil { - eq = Empty() + if o == nil { + o = Empty() } - return r.Equivalent() == eq.Equivalent() + return r.Equivalent() == o.Equivalent() } // Merge creates a new [Resource] by merging a and b. diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go index ccc97e1b6..7d15cbb9c 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go @@ -5,20 +5,24 @@ package trace // import "go.opentelemetry.io/otel/sdk/trace" import ( "context" + "errors" "sync" "sync/atomic" "time" "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/internal/global" - "go.opentelemetry.io/otel/sdk/internal/env" + "go.opentelemetry.io/otel/sdk/trace/internal/env" + "go.opentelemetry.io/otel/sdk/trace/internal/observ" "go.opentelemetry.io/otel/trace" ) // Defaults for BatchSpanProcessorOptions. const ( - DefaultMaxQueueSize = 2048 - DefaultScheduleDelay = 5000 + DefaultMaxQueueSize = 2048 + // DefaultScheduleDelay is the delay interval between two consecutive exports, in milliseconds. + DefaultScheduleDelay = 5000 + // DefaultExportTimeout is the duration after which an export is cancelled, in milliseconds. DefaultExportTimeout = 30000 DefaultMaxExportBatchSize = 512 ) @@ -66,6 +70,8 @@ type batchSpanProcessor struct { queue chan ReadOnlySpan dropped uint32 + inst *observ.BSP + batch []ReadOnlySpan batchMutex sync.Mutex timer *time.Timer @@ -86,11 +92,7 @@ func NewBatchSpanProcessor(exporter SpanExporter, options ...BatchSpanProcessorO maxExportBatchSize := env.BatchSpanProcessorMaxExportBatchSize(DefaultMaxExportBatchSize) if maxExportBatchSize > maxQueueSize { - if DefaultMaxExportBatchSize > maxQueueSize { - maxExportBatchSize = maxQueueSize - } else { - maxExportBatchSize = DefaultMaxExportBatchSize - } + maxExportBatchSize = min(DefaultMaxExportBatchSize, maxQueueSize) } o := BatchSpanProcessorOptions{ @@ -111,6 +113,16 @@ func NewBatchSpanProcessor(exporter SpanExporter, options ...BatchSpanProcessorO stopCh: make(chan struct{}), } + var err error + bsp.inst, err = observ.NewBSP( + nextProcessorID(), + func() int64 { return int64(len(bsp.queue)) }, + int64(bsp.o.MaxQueueSize), + ) + if err != nil { + otel.Handle(err) + } + bsp.stopWait.Add(1) go func() { defer bsp.stopWait.Done() @@ -121,8 +133,16 @@ func NewBatchSpanProcessor(exporter SpanExporter, options ...BatchSpanProcessorO return bsp } +var processorIDCounter atomic.Int64 + +// nextProcessorID returns an identifier for this batch span processor, +// starting with 0 and incrementing by 1 each time it is called. +func nextProcessorID() int64 { + return processorIDCounter.Add(1) - 1 +} + // OnStart method does nothing. -func (bsp *batchSpanProcessor) OnStart(parent context.Context, s ReadWriteSpan) {} +func (*batchSpanProcessor) OnStart(context.Context, ReadWriteSpan) {} // OnEnd method enqueues a ReadOnlySpan for later processing. func (bsp *batchSpanProcessor) OnEnd(s ReadOnlySpan) { @@ -161,6 +181,9 @@ func (bsp *batchSpanProcessor) Shutdown(ctx context.Context) error { case <-ctx.Done(): err = ctx.Err() } + if bsp.inst != nil { + err = errors.Join(err, bsp.inst.Shutdown()) + } }) return err } @@ -170,7 +193,7 @@ type forceFlushSpan struct { flushed chan struct{} } -func (f forceFlushSpan) SpanContext() trace.SpanContext { +func (forceFlushSpan) SpanContext() trace.SpanContext { return trace.NewSpanContext(trace.SpanContextConfig{TraceFlags: trace.FlagsSampled}) } @@ -201,10 +224,9 @@ func (bsp *batchSpanProcessor) ForceFlush(ctx context.Context) error { } } - wait := make(chan error) + wait := make(chan error, 1) go func() { wait <- bsp.exportSpans(ctx) - close(wait) }() // Wait until the export is finished or the context is cancelled/timed out select { @@ -268,12 +290,15 @@ func (bsp *batchSpanProcessor) exportSpans(ctx context.Context) error { if bsp.o.ExportTimeout > 0 { var cancel context.CancelFunc - ctx, cancel = context.WithTimeout(ctx, bsp.o.ExportTimeout) + ctx, cancel = context.WithTimeoutCause(ctx, bsp.o.ExportTimeout, errors.New("processor export timeout")) defer cancel() } if l := len(bsp.batch); l > 0 { global.Debug("exporting spans", "count", len(bsp.batch), "total_dropped", atomic.LoadUint32(&bsp.dropped)) + if bsp.inst != nil { + bsp.inst.Processed(ctx, int64(l)) + } err := bsp.e.ExportSpans(ctx, bsp.batch) // A new batch is always created after exporting, even if the batch failed to be exported. @@ -382,11 +407,14 @@ func (bsp *batchSpanProcessor) enqueueBlockOnQueueFull(ctx context.Context, sd R case bsp.queue <- sd: return true case <-ctx.Done(): + if bsp.inst != nil { + bsp.inst.ProcessedQueueFull(ctx, 1) + } return false } } -func (bsp *batchSpanProcessor) enqueueDrop(_ context.Context, sd ReadOnlySpan) bool { +func (bsp *batchSpanProcessor) enqueueDrop(ctx context.Context, sd ReadOnlySpan) bool { if !sd.SpanContext().IsSampled() { return false } @@ -396,12 +424,15 @@ func (bsp *batchSpanProcessor) enqueueDrop(_ context.Context, sd ReadOnlySpan) b return true default: atomic.AddUint32(&bsp.dropped, 1) + if bsp.inst != nil { + bsp.inst.ProcessedQueueFull(ctx, 1) + } } return false } // MarshalLog is the marshaling function used by the logging system to represent this Span Processor. -func (bsp *batchSpanProcessor) MarshalLog() interface{} { +func (bsp *batchSpanProcessor) MarshalLog() any { return struct { Type string SpanExporter SpanExporter diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/doc.go b/vendor/go.opentelemetry.io/otel/sdk/trace/doc.go index 1f60524e3..b502c7d47 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/doc.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/doc.go @@ -6,5 +6,8 @@ Package trace contains support for OpenTelemetry distributed tracing. The following assumes a basic familiarity with OpenTelemetry concepts. See https://opentelemetry.io. + +See [go.opentelemetry.io/otel/sdk/internal/x] for information about +the experimental features. */ package trace // import "go.opentelemetry.io/otel/sdk/trace" diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/id_generator.go b/vendor/go.opentelemetry.io/otel/sdk/trace/id_generator.go index 925bcf993..3649322a6 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/id_generator.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/id_generator.go @@ -5,10 +5,8 @@ package trace // import "go.opentelemetry.io/otel/sdk/trace" import ( "context" - crand "crypto/rand" "encoding/binary" - "math/rand" - "sync" + "math/rand/v2" "go.opentelemetry.io/otel/trace" ) @@ -29,20 +27,15 @@ type IDGenerator interface { // must never be done outside of a new major release. } -type randomIDGenerator struct { - sync.Mutex - randSource *rand.Rand -} +type randomIDGenerator struct{} var _ IDGenerator = &randomIDGenerator{} // NewSpanID returns a non-zero span ID from a randomly-chosen sequence. -func (gen *randomIDGenerator) NewSpanID(ctx context.Context, traceID trace.TraceID) trace.SpanID { - gen.Lock() - defer gen.Unlock() +func (*randomIDGenerator) NewSpanID(context.Context, trace.TraceID) trace.SpanID { sid := trace.SpanID{} for { - _, _ = gen.randSource.Read(sid[:]) + binary.NativeEndian.PutUint64(sid[:], rand.Uint64()) if sid.IsValid() { break } @@ -52,19 +45,18 @@ func (gen *randomIDGenerator) NewSpanID(ctx context.Context, traceID trace.Trace // NewIDs returns a non-zero trace ID and a non-zero span ID from a // randomly-chosen sequence. -func (gen *randomIDGenerator) NewIDs(ctx context.Context) (trace.TraceID, trace.SpanID) { - gen.Lock() - defer gen.Unlock() +func (*randomIDGenerator) NewIDs(context.Context) (trace.TraceID, trace.SpanID) { tid := trace.TraceID{} sid := trace.SpanID{} for { - _, _ = gen.randSource.Read(tid[:]) + binary.NativeEndian.PutUint64(tid[:8], rand.Uint64()) + binary.NativeEndian.PutUint64(tid[8:], rand.Uint64()) if tid.IsValid() { break } } for { - _, _ = gen.randSource.Read(sid[:]) + binary.NativeEndian.PutUint64(sid[:], rand.Uint64()) if sid.IsValid() { break } @@ -73,9 +65,5 @@ func (gen *randomIDGenerator) NewIDs(ctx context.Context) (trace.TraceID, trace. } func defaultIDGenerator() IDGenerator { - gen := &randomIDGenerator{} - var rngSeed int64 - _ = binary.Read(crand.Reader, binary.LittleEndian, &rngSeed) - gen.randSource = rand.New(rand.NewSource(rngSeed)) - return gen + return &randomIDGenerator{} } diff --git a/vendor/go.opentelemetry.io/otel/sdk/internal/env/env.go b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/env/env.go similarity index 97% rename from vendor/go.opentelemetry.io/otel/sdk/internal/env/env.go rename to vendor/go.opentelemetry.io/otel/sdk/trace/internal/env/env.go index 07923ed8d..58f68df44 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/internal/env/env.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/env/env.go @@ -1,7 +1,9 @@ // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 -package env // import "go.opentelemetry.io/otel/sdk/internal/env" +// Package env provides types and functionality for environment variable support +// in the OpenTelemetry SDK. +package env // import "go.opentelemetry.io/otel/sdk/trace/internal/env" import ( "os" diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go new file mode 100644 index 000000000..bd7fe2362 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go @@ -0,0 +1,119 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package observ // import "go.opentelemetry.io/otel/sdk/trace/internal/observ" + +import ( + "context" + "errors" + "fmt" + + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/metric" + "go.opentelemetry.io/otel/sdk" + "go.opentelemetry.io/otel/sdk/internal/x" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" + "go.opentelemetry.io/otel/semconv/v1.37.0/otelconv" +) + +const ( + // ScopeName is the name of the instrumentation scope. + ScopeName = "go.opentelemetry.io/otel/sdk/trace/internal/observ" + + // SchemaURL is the schema URL of the instrumentation. + SchemaURL = semconv.SchemaURL +) + +// ErrQueueFull is the attribute value for the "queue_full" error type. +var ErrQueueFull = otelconv.SDKProcessorSpanProcessed{}.AttrErrorType( + otelconv.ErrorTypeAttr("queue_full"), +) + +// BSPComponentName returns the component name attribute for a +// BatchSpanProcessor with the given ID. +func BSPComponentName(id int64) attribute.KeyValue { + t := otelconv.ComponentTypeBatchingSpanProcessor + name := fmt.Sprintf("%s/%d", t, id) + return semconv.OTelComponentName(name) +} + +// BSP is the instrumentation for an OTel SDK BatchSpanProcessor. +type BSP struct { + reg metric.Registration + + processed metric.Int64Counter + processedOpts []metric.AddOption + processedQueueFullOpts []metric.AddOption +} + +func NewBSP(id int64, qLen func() int64, qMax int64) (*BSP, error) { + if !x.Observability.Enabled() { + return nil, nil + } + + meter := otel.GetMeterProvider().Meter( + ScopeName, + metric.WithInstrumentationVersion(sdk.Version()), + metric.WithSchemaURL(SchemaURL), + ) + + qCap, err := otelconv.NewSDKProcessorSpanQueueCapacity(meter) + if err != nil { + err = fmt.Errorf("failed to create BSP queue capacity metric: %w", err) + } + qCapInst := qCap.Inst() + + qSize, e := otelconv.NewSDKProcessorSpanQueueSize(meter) + if e != nil { + e := fmt.Errorf("failed to create BSP queue size metric: %w", e) + err = errors.Join(err, e) + } + qSizeInst := qSize.Inst() + + cmpntT := semconv.OTelComponentTypeBatchingSpanProcessor + cmpnt := BSPComponentName(id) + set := attribute.NewSet(cmpnt, cmpntT) + + obsOpts := []metric.ObserveOption{metric.WithAttributeSet(set)} + reg, e := meter.RegisterCallback( + func(_ context.Context, o metric.Observer) error { + o.ObserveInt64(qSizeInst, qLen(), obsOpts...) + o.ObserveInt64(qCapInst, qMax, obsOpts...) + return nil + }, + qSizeInst, + qCapInst, + ) + if e != nil { + e := fmt.Errorf("failed to register BSP queue size/capacity callback: %w", e) + err = errors.Join(err, e) + } + + processed, e := otelconv.NewSDKProcessorSpanProcessed(meter) + if e != nil { + e := fmt.Errorf("failed to create BSP processed spans metric: %w", e) + err = errors.Join(err, e) + } + processedOpts := []metric.AddOption{metric.WithAttributeSet(set)} + + set = attribute.NewSet(cmpnt, cmpntT, ErrQueueFull) + processedQueueFullOpts := []metric.AddOption{metric.WithAttributeSet(set)} + + return &BSP{ + reg: reg, + processed: processed.Inst(), + processedOpts: processedOpts, + processedQueueFullOpts: processedQueueFullOpts, + }, err +} + +func (b *BSP) Shutdown() error { return b.reg.Unregister() } + +func (b *BSP) Processed(ctx context.Context, n int64) { + b.processed.Add(ctx, n, b.processedOpts...) +} + +func (b *BSP) ProcessedQueueFull(ctx context.Context, n int64) { + b.processed.Add(ctx, n, b.processedQueueFullOpts...) +} diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/doc.go b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/doc.go new file mode 100644 index 000000000..b542121e6 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/doc.go @@ -0,0 +1,6 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package observ provides observability instrumentation for the OTel trace SDK +// package. +package observ // import "go.opentelemetry.io/otel/sdk/trace/internal/observ" diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go new file mode 100644 index 000000000..7d3387061 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go @@ -0,0 +1,97 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package observ // import "go.opentelemetry.io/otel/sdk/trace/internal/observ" + +import ( + "context" + "fmt" + "sync" + + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/metric" + "go.opentelemetry.io/otel/sdk" + "go.opentelemetry.io/otel/sdk/internal/x" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" + "go.opentelemetry.io/otel/semconv/v1.37.0/otelconv" +) + +var measureAttrsPool = sync.Pool{ + New: func() any { + // "component.name" + "component.type" + "error.type" + const n = 1 + 1 + 1 + s := make([]attribute.KeyValue, 0, n) + // Return a pointer to a slice instead of a slice itself + // to avoid allocations on every call. + return &s + }, +} + +// SSP is the instrumentation for an OTel SDK SimpleSpanProcessor. +type SSP struct { + spansProcessedCounter metric.Int64Counter + addOpts []metric.AddOption + attrs []attribute.KeyValue +} + +// SSPComponentName returns the component name attribute for a +// SimpleSpanProcessor with the given ID. +func SSPComponentName(id int64) attribute.KeyValue { + t := otelconv.ComponentTypeSimpleSpanProcessor + name := fmt.Sprintf("%s/%d", t, id) + return semconv.OTelComponentName(name) +} + +// NewSSP returns instrumentation for an OTel SDK SimpleSpanProcessor with the +// provided ID. +// +// If the experimental observability is disabled, nil is returned. +func NewSSP(id int64) (*SSP, error) { + if !x.Observability.Enabled() { + return nil, nil + } + + meter := otel.GetMeterProvider().Meter( + ScopeName, + metric.WithInstrumentationVersion(sdk.Version()), + metric.WithSchemaURL(SchemaURL), + ) + spansProcessedCounter, err := otelconv.NewSDKProcessorSpanProcessed(meter) + if err != nil { + err = fmt.Errorf("failed to create SSP processed spans metric: %w", err) + } + + componentName := SSPComponentName(id) + componentType := spansProcessedCounter.AttrComponentType(otelconv.ComponentTypeSimpleSpanProcessor) + attrs := []attribute.KeyValue{componentName, componentType} + addOpts := []metric.AddOption{metric.WithAttributeSet(attribute.NewSet(attrs...))} + + return &SSP{ + spansProcessedCounter: spansProcessedCounter.Inst(), + addOpts: addOpts, + attrs: attrs, + }, err +} + +// SpanProcessed records that a span has been processed by the SimpleSpanProcessor. +// If err is non-nil, it records the processing error as an attribute. +func (ssp *SSP) SpanProcessed(ctx context.Context, err error) { + ssp.spansProcessedCounter.Add(ctx, 1, ssp.addOption(err)...) +} + +func (ssp *SSP) addOption(err error) []metric.AddOption { + if err == nil { + return ssp.addOpts + } + attrs := measureAttrsPool.Get().(*[]attribute.KeyValue) + defer func() { + *attrs = (*attrs)[:0] // reset the slice for reuse + measureAttrsPool.Put(attrs) + }() + *attrs = append(*attrs, ssp.attrs...) + *attrs = append(*attrs, semconv.ErrorType(err)) + // Do not inefficiently make a copy of attrs by using + // WithAttributes instead of WithAttributeSet. + return []metric.AddOption{metric.WithAttributeSet(attribute.NewSet(*attrs...))} +} diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go new file mode 100644 index 000000000..a8a164589 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go @@ -0,0 +1,223 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package observ // import "go.opentelemetry.io/otel/sdk/trace/internal/observ" + +import ( + "context" + "errors" + "fmt" + + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/metric" + "go.opentelemetry.io/otel/sdk" + "go.opentelemetry.io/otel/sdk/internal/x" + "go.opentelemetry.io/otel/semconv/v1.37.0/otelconv" + "go.opentelemetry.io/otel/trace" +) + +var meterOpts = []metric.MeterOption{ + metric.WithInstrumentationVersion(sdk.Version()), + metric.WithSchemaURL(SchemaURL), +} + +// Tracer is instrumentation for an OTel SDK Tracer. +type Tracer struct { + enabled bool + + live metric.Int64UpDownCounter + started metric.Int64Counter +} + +func NewTracer() (Tracer, error) { + if !x.Observability.Enabled() { + return Tracer{}, nil + } + meter := otel.GetMeterProvider().Meter(ScopeName, meterOpts...) + + var err error + l, e := otelconv.NewSDKSpanLive(meter) + if e != nil { + e = fmt.Errorf("failed to create span live metric: %w", e) + err = errors.Join(err, e) + } + + s, e := otelconv.NewSDKSpanStarted(meter) + if e != nil { + e = fmt.Errorf("failed to create span started metric: %w", e) + err = errors.Join(err, e) + } + + return Tracer{enabled: true, live: l.Inst(), started: s.Inst()}, err +} + +func (t Tracer) Enabled() bool { return t.enabled } + +func (t Tracer) SpanStarted(ctx context.Context, psc trace.SpanContext, span trace.Span) { + key := spanStartedKey{ + parent: parentStateNoParent, + sampling: samplingStateDrop, + } + + if psc.IsValid() { + if psc.IsRemote() { + key.parent = parentStateRemoteParent + } else { + key.parent = parentStateLocalParent + } + } + + if span.IsRecording() { + if span.SpanContext().IsSampled() { + key.sampling = samplingStateRecordAndSample + } else { + key.sampling = samplingStateRecordOnly + } + } + + opts := spanStartedOpts[key] + t.started.Add(ctx, 1, opts...) +} + +func (t Tracer) SpanLive(ctx context.Context, span trace.Span) { + t.spanLive(ctx, 1, span) +} + +func (t Tracer) SpanEnded(ctx context.Context, span trace.Span) { + t.spanLive(ctx, -1, span) +} + +func (t Tracer) spanLive(ctx context.Context, value int64, span trace.Span) { + key := spanLiveKey{sampled: span.SpanContext().IsSampled()} + opts := spanLiveOpts[key] + t.live.Add(ctx, value, opts...) +} + +type parentState int + +const ( + parentStateNoParent parentState = iota + parentStateLocalParent + parentStateRemoteParent +) + +type samplingState int + +const ( + samplingStateDrop samplingState = iota + samplingStateRecordOnly + samplingStateRecordAndSample +) + +type spanStartedKey struct { + parent parentState + sampling samplingState +} + +var spanStartedOpts = map[spanStartedKey][]metric.AddOption{ + { + parentStateNoParent, + samplingStateDrop, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginNone), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultDrop), + )), + }, + { + parentStateLocalParent, + samplingStateDrop, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginLocal), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultDrop), + )), + }, + { + parentStateRemoteParent, + samplingStateDrop, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginRemote), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultDrop), + )), + }, + + { + parentStateNoParent, + samplingStateRecordOnly, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginNone), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultRecordOnly), + )), + }, + { + parentStateLocalParent, + samplingStateRecordOnly, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginLocal), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultRecordOnly), + )), + }, + { + parentStateRemoteParent, + samplingStateRecordOnly, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginRemote), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultRecordOnly), + )), + }, + + { + parentStateNoParent, + samplingStateRecordAndSample, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginNone), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultRecordAndSample), + )), + }, + { + parentStateLocalParent, + samplingStateRecordAndSample, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginLocal), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultRecordAndSample), + )), + }, + { + parentStateRemoteParent, + samplingStateRecordAndSample, + }: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanStarted{}.AttrSpanParentOrigin(otelconv.SpanParentOriginRemote), + otelconv.SDKSpanStarted{}.AttrSpanSamplingResult(otelconv.SpanSamplingResultRecordAndSample), + )), + }, +} + +type spanLiveKey struct { + sampled bool +} + +var spanLiveOpts = map[spanLiveKey][]metric.AddOption{ + {true}: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanLive{}.AttrSpanSamplingResult( + otelconv.SpanSamplingResultRecordAndSample, + ), + )), + }, + {false}: { + metric.WithAttributeSet(attribute.NewSet( + otelconv.SDKSpanLive{}.AttrSpanSamplingResult( + otelconv.SpanSamplingResultRecordOnly, + ), + )), + }, +} diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go b/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go index 185aa7c08..d2cf4ebd3 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go @@ -13,14 +13,13 @@ import ( "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/sdk/instrumentation" "go.opentelemetry.io/otel/sdk/resource" + "go.opentelemetry.io/otel/sdk/trace/internal/observ" "go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace/embedded" "go.opentelemetry.io/otel/trace/noop" ) -const ( - defaultTracerName = "go.opentelemetry.io/otel/sdk/tracer" -) +const defaultTracerName = "go.opentelemetry.io/otel/sdk/tracer" // tracerProviderConfig. type tracerProviderConfig struct { @@ -45,7 +44,7 @@ type tracerProviderConfig struct { } // MarshalLog is the marshaling function used by the logging system to represent this Provider. -func (cfg tracerProviderConfig) MarshalLog() interface{} { +func (cfg tracerProviderConfig) MarshalLog() any { return struct { SpanProcessors []SpanProcessor SamplerType string @@ -159,6 +158,13 @@ func (p *TracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.T provider: p, instrumentationScope: is, } + + var err error + t.inst, err = observ.NewTracer() + if err != nil { + otel.Handle(err) + } + p.namedTracer[is] = t } return t, ok @@ -169,7 +175,17 @@ func (p *TracerProvider) Tracer(name string, opts ...trace.TracerOption) trace.T // slowing down all tracing consumers. // - Logging code may be instrumented with tracing and deadlock because it could try // acquiring the same non-reentrant mutex. - global.Info("Tracer created", "name", name, "version", is.Version, "schemaURL", is.SchemaURL, "attributes", is.Attributes) + global.Info( + "Tracer created", + "name", + name, + "version", + is.Version, + "schemaURL", + is.SchemaURL, + "attributes", + is.Attributes, + ) } return t } diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go b/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go index ebb6df6c9..689663d48 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go @@ -47,12 +47,12 @@ const ( // Drop will not record the span and all attributes/events will be dropped. Drop SamplingDecision = iota - // Record indicates the span's `IsRecording() == true`, but `Sampled` flag - // *must not* be set. + // RecordOnly indicates the span's IsRecording method returns true, but trace.FlagsSampled flag + // must not be set. RecordOnly - // RecordAndSample has span's `IsRecording() == true` and `Sampled` flag - // *must* be set. + // RecordAndSample indicates the span's IsRecording method returns true and trace.FlagsSampled flag + // must be set. RecordAndSample ) @@ -110,14 +110,14 @@ func TraceIDRatioBased(fraction float64) Sampler { type alwaysOnSampler struct{} -func (as alwaysOnSampler) ShouldSample(p SamplingParameters) SamplingResult { +func (alwaysOnSampler) ShouldSample(p SamplingParameters) SamplingResult { return SamplingResult{ Decision: RecordAndSample, Tracestate: trace.SpanContextFromContext(p.ParentContext).TraceState(), } } -func (as alwaysOnSampler) Description() string { +func (alwaysOnSampler) Description() string { return "AlwaysOnSampler" } @@ -131,14 +131,14 @@ func AlwaysSample() Sampler { type alwaysOffSampler struct{} -func (as alwaysOffSampler) ShouldSample(p SamplingParameters) SamplingResult { +func (alwaysOffSampler) ShouldSample(p SamplingParameters) SamplingResult { return SamplingResult{ Decision: Drop, Tracestate: trace.SpanContextFromContext(p.ParentContext).TraceState(), } } -func (as alwaysOffSampler) Description() string { +func (alwaysOffSampler) Description() string { return "AlwaysOffSampler" } diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go b/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go index 554111bb4..771e427a4 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go @@ -6,9 +6,12 @@ package trace // import "go.opentelemetry.io/otel/sdk/trace" import ( "context" "sync" + "sync/atomic" "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/internal/global" + "go.opentelemetry.io/otel/sdk/trace/internal/observ" + "go.opentelemetry.io/otel/trace" ) // simpleSpanProcessor is a SpanProcessor that synchronously sends all @@ -17,6 +20,8 @@ type simpleSpanProcessor struct { exporterMu sync.Mutex exporter SpanExporter stopOnce sync.Once + + inst *observ.SSP } var _ SpanProcessor = (*simpleSpanProcessor)(nil) @@ -33,24 +38,48 @@ func NewSimpleSpanProcessor(exporter SpanExporter) SpanProcessor { ssp := &simpleSpanProcessor{ exporter: exporter, } + + var err error + ssp.inst, err = observ.NewSSP(nextSimpleProcessorID()) + if err != nil { + otel.Handle(err) + } + global.Warn("SimpleSpanProcessor is not recommended for production use, consider using BatchSpanProcessor instead.") return ssp } +var simpleProcessorIDCounter atomic.Int64 + +// nextSimpleProcessorID returns an identifier for this simple span processor, +// starting with 0 and incrementing by 1 each time it is called. +func nextSimpleProcessorID() int64 { + return simpleProcessorIDCounter.Add(1) - 1 +} + // OnStart does nothing. -func (ssp *simpleSpanProcessor) OnStart(context.Context, ReadWriteSpan) {} +func (*simpleSpanProcessor) OnStart(context.Context, ReadWriteSpan) {} // OnEnd immediately exports a ReadOnlySpan. func (ssp *simpleSpanProcessor) OnEnd(s ReadOnlySpan) { ssp.exporterMu.Lock() defer ssp.exporterMu.Unlock() + var err error if ssp.exporter != nil && s.SpanContext().TraceFlags().IsSampled() { - if err := ssp.exporter.ExportSpans(context.Background(), []ReadOnlySpan{s}); err != nil { + err = ssp.exporter.ExportSpans(context.Background(), []ReadOnlySpan{s}) + if err != nil { otel.Handle(err) } } + + if ssp.inst != nil { + // Add the span to the context to ensure the metric is recorded + // with the correct span context. + ctx := trace.ContextWithSpanContext(context.Background(), s.SpanContext()) + ssp.inst.SpanProcessed(ctx, err) + } } // Shutdown shuts down the exporter this SimpleSpanProcessor exports to. @@ -58,7 +87,7 @@ func (ssp *simpleSpanProcessor) Shutdown(ctx context.Context) error { var err error ssp.stopOnce.Do(func() { stopFunc := func(exp SpanExporter) (<-chan error, func()) { - done := make(chan error) + done := make(chan error, 1) return done, func() { done <- exp.Shutdown(ctx) } } @@ -104,13 +133,13 @@ func (ssp *simpleSpanProcessor) Shutdown(ctx context.Context) error { } // ForceFlush does nothing as there is no data to flush. -func (ssp *simpleSpanProcessor) ForceFlush(context.Context) error { +func (*simpleSpanProcessor) ForceFlush(context.Context) error { return nil } // MarshalLog is the marshaling function used by the logging system to represent // this Span Processor. -func (ssp *simpleSpanProcessor) MarshalLog() interface{} { +func (ssp *simpleSpanProcessor) MarshalLog() any { return struct { Type string Exporter SpanExporter diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/snapshot.go b/vendor/go.opentelemetry.io/otel/sdk/trace/snapshot.go index d511d0f27..63aa33780 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/snapshot.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/snapshot.go @@ -35,7 +35,7 @@ type snapshot struct { var _ ReadOnlySpan = snapshot{} -func (s snapshot) private() {} +func (snapshot) private() {} // Name returns the name of the span. func (s snapshot) Name() string { diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/span.go b/vendor/go.opentelemetry.io/otel/sdk/trace/span.go index 8f4fc3850..8cfd9f62e 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/span.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/span.go @@ -20,7 +20,7 @@ import ( "go.opentelemetry.io/otel/internal/global" "go.opentelemetry.io/otel/sdk/instrumentation" "go.opentelemetry.io/otel/sdk/resource" - semconv "go.opentelemetry.io/otel/semconv/v1.26.0" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" "go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace/embedded" ) @@ -61,6 +61,7 @@ type ReadOnlySpan interface { InstrumentationScope() instrumentation.Scope // InstrumentationLibrary returns information about the instrumentation // library that created the span. + // // Deprecated: please use InstrumentationScope instead. InstrumentationLibrary() instrumentation.Library //nolint:staticcheck // This method needs to be define for backwards compatibility // Resource returns information about the entity that produced the span. @@ -150,6 +151,12 @@ type recordingSpan struct { // tracer is the SDK tracer that created this span. tracer *tracer + + // origCtx is the context used when starting this span that has the + // recordingSpan instance set as the active span. If not nil, it is used + // when ending the span to ensure any metrics are recorded with a context + // containing this span without requiring an additional allocation. + origCtx context.Context } var ( @@ -157,6 +164,10 @@ var ( _ runtimeTracer = (*recordingSpan)(nil) ) +func (s *recordingSpan) setOrigCtx(ctx context.Context) { + s.origCtx = ctx +} + // SpanContext returns the SpanContext of this span. func (s *recordingSpan) SpanContext() trace.SpanContext { if s == nil { @@ -165,7 +176,7 @@ func (s *recordingSpan) SpanContext() trace.SpanContext { return s.spanContext } -// IsRecording returns if this span is being recorded. If this span has ended +// IsRecording reports whether this span is being recorded. If this span has ended // this will return false. func (s *recordingSpan) IsRecording() bool { if s == nil { @@ -177,7 +188,7 @@ func (s *recordingSpan) IsRecording() bool { return s.isRecording() } -// isRecording returns if this span is being recorded. If this span has ended +// isRecording reports whether this span is being recorded. If this span has ended // this will return false. // // This method assumes s.mu.Lock is held by the caller. @@ -495,6 +506,17 @@ func (s *recordingSpan) End(options ...trace.SpanEndOption) { } s.mu.Unlock() + if s.tracer.inst.Enabled() { + ctx := s.origCtx + if ctx == nil { + // This should not happen as the origCtx should be set, but + // ensure trace information is propagated in the case of an + // error. + ctx = trace.ContextWithSpan(context.Background(), s) + } + defer s.tracer.inst.SpanEnded(ctx, s) + } + sps := s.tracer.provider.getSpanProcessors() if len(sps) == 0 { return @@ -545,7 +567,7 @@ func (s *recordingSpan) RecordError(err error, opts ...trace.EventOption) { s.addEvent(semconv.ExceptionEventName, opts...) } -func typeStr(i interface{}) string { +func typeStr(i any) string { t := reflect.TypeOf(i) if t.PkgPath() == "" && t.Name() == "" { // Likely a builtin type. diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go b/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go index bec5e2097..321d97430 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go @@ -3,7 +3,7 @@ package trace // import "go.opentelemetry.io/otel/sdk/trace" -import "go.opentelemetry.io/otel/sdk/internal/env" +import "go.opentelemetry.io/otel/sdk/trace/internal/env" const ( // DefaultAttributeValueLengthLimit is the default maximum allowed diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go b/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go index 43419d3b5..e1d08fd4d 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go +++ b/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go @@ -8,6 +8,7 @@ import ( "time" "go.opentelemetry.io/otel/sdk/instrumentation" + "go.opentelemetry.io/otel/sdk/trace/internal/observ" "go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace/embedded" ) @@ -17,6 +18,8 @@ type tracer struct { provider *TracerProvider instrumentationScope instrumentation.Scope + + inst observ.Tracer } var _ trace.Tracer = &tracer{} @@ -26,7 +29,11 @@ var _ trace.Tracer = &tracer{} // The Span is created with the provided name and as a child of any existing // span context found in the passed context. The created Span will be // configured appropriately by any SpanOption passed. -func (tr *tracer) Start(ctx context.Context, name string, options ...trace.SpanStartOption) (context.Context, trace.Span) { +func (tr *tracer) Start( + ctx context.Context, + name string, + options ...trace.SpanStartOption, +) (context.Context, trace.Span) { config := trace.NewSpanStartConfig(options...) if ctx == nil { @@ -42,17 +49,32 @@ func (tr *tracer) Start(ctx context.Context, name string, options ...trace.SpanS } s := tr.newSpan(ctx, name, &config) + newCtx := trace.ContextWithSpan(ctx, s) + if tr.inst.Enabled() { + if o, ok := s.(interface{ setOrigCtx(context.Context) }); ok { + // If this is a recording span, store the original context. + // This allows later retrieval of baggage and other information + // that may have been stored in the context at span start time and + // to avoid the allocation of repeatedly calling + // trace.ContextWithSpan. + o.setOrigCtx(newCtx) + } + psc := trace.SpanContextFromContext(ctx) + tr.inst.SpanStarted(newCtx, psc, s) + } + if rw, ok := s.(ReadWriteSpan); ok && s.IsRecording() { sps := tr.provider.getSpanProcessors() for _, sp := range sps { + // Use original context. sp.sp.OnStart(ctx, rw) } } if rtt, ok := s.(runtimeTracer); ok { - ctx = rtt.runtimeTrace(ctx) + newCtx = rtt.runtimeTrace(newCtx) } - return trace.ContextWithSpan(ctx, s), s + return newCtx, s } type runtimeTracer interface { @@ -108,11 +130,17 @@ func (tr *tracer) newSpan(ctx context.Context, name string, config *trace.SpanCo if !isRecording(samplingResult) { return tr.newNonRecordingSpan(sc) } - return tr.newRecordingSpan(psc, sc, name, samplingResult, config) + return tr.newRecordingSpan(ctx, psc, sc, name, samplingResult, config) } // newRecordingSpan returns a new configured recordingSpan. -func (tr *tracer) newRecordingSpan(psc, sc trace.SpanContext, name string, sr SamplingResult, config *trace.SpanConfig) *recordingSpan { +func (tr *tracer) newRecordingSpan( + ctx context.Context, + psc, sc trace.SpanContext, + name string, + sr SamplingResult, + config *trace.SpanConfig, +) *recordingSpan { startTime := config.Timestamp() if startTime.IsZero() { startTime = time.Now() @@ -144,6 +172,13 @@ func (tr *tracer) newRecordingSpan(psc, sc trace.SpanContext, name string, sr Sa s.SetAttributes(sr.Attributes...) s.SetAttributes(config.Attributes()...) + if tr.inst.Enabled() { + // Propagate any existing values from the context with the new span to + // the measurement context. + ctx = trace.ContextWithSpan(ctx, s) + tr.inst.SpanLive(ctx, s) + } + return s } diff --git a/vendor/go.opentelemetry.io/otel/sdk/trace/version.go b/vendor/go.opentelemetry.io/otel/sdk/trace/version.go deleted file mode 100644 index b84dd2c5e..000000000 --- a/vendor/go.opentelemetry.io/otel/sdk/trace/version.go +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright The OpenTelemetry Authors -// SPDX-License-Identifier: Apache-2.0 - -package trace // import "go.opentelemetry.io/otel/sdk/trace" - -// version is the current release version of the metric SDK in use. -func version() string { - return "1.16.0-rc.1" -} diff --git a/vendor/go.opentelemetry.io/otel/sdk/version.go b/vendor/go.opentelemetry.io/otel/sdk/version.go index 6b4038510..0a3b36619 100644 --- a/vendor/go.opentelemetry.io/otel/sdk/version.go +++ b/vendor/go.opentelemetry.io/otel/sdk/version.go @@ -1,9 +1,10 @@ // Copyright The OpenTelemetry Authors // SPDX-License-Identifier: Apache-2.0 +// Package sdk provides the OpenTelemetry default SDK for Go. package sdk // import "go.opentelemetry.io/otel/sdk" // Version is the current release version of the OpenTelemetry SDK in use. func Version() string { - return "1.34.0" + return "1.39.0" } diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/MIGRATION.md b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/MIGRATION.md new file mode 100644 index 000000000..248054789 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/MIGRATION.md @@ -0,0 +1,41 @@ + +# Migration from v1.36.0 to v1.37.0 + +The `go.opentelemetry.io/otel/semconv/v1.37.0` package should be a drop-in replacement for `go.opentelemetry.io/otel/semconv/v1.36.0` with the following exceptions. + +## Removed + +The following declarations have been removed. +Refer to the [OpenTelemetry Semantic Conventions documentation] for deprecation instructions. + +If the type is not listed in the documentation as deprecated, it has been removed in this version due to lack of applicability or use. +If you use any of these non-deprecated declarations in your Go application, please [open an issue] describing your use-case. + +- `ContainerRuntime` +- `ContainerRuntimeKey` +- `GenAIOpenAIRequestServiceTierAuto` +- `GenAIOpenAIRequestServiceTierDefault` +- `GenAIOpenAIRequestServiceTierKey` +- `GenAIOpenAIResponseServiceTier` +- `GenAIOpenAIResponseServiceTierKey` +- `GenAIOpenAIResponseSystemFingerprint` +- `GenAIOpenAIResponseSystemFingerprintKey` +- `GenAISystemAWSBedrock` +- `GenAISystemAnthropic` +- `GenAISystemAzureAIInference` +- `GenAISystemAzureAIOpenAI` +- `GenAISystemCohere` +- `GenAISystemDeepseek` +- `GenAISystemGCPGemini` +- `GenAISystemGCPGenAI` +- `GenAISystemGCPVertexAI` +- `GenAISystemGroq` +- `GenAISystemIBMWatsonxAI` +- `GenAISystemKey` +- `GenAISystemMistralAI` +- `GenAISystemOpenAI` +- `GenAISystemPerplexity` +- `GenAISystemXai` + +[OpenTelemetry Semantic Conventions documentation]: https://github.com/open-telemetry/semantic-conventions +[open an issue]: https://github.com/open-telemetry/opentelemetry-go/issues/new?template=Blank+issue diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/README.md b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/README.md new file mode 100644 index 000000000..d795247f3 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/README.md @@ -0,0 +1,3 @@ +# Semconv v1.37.0 + +[![PkgGoDev](https://pkg.go.dev/badge/go.opentelemetry.io/otel/semconv/v1.37.0)](https://pkg.go.dev/go.opentelemetry.io/otel/semconv/v1.37.0) diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go new file mode 100644 index 000000000..b6b27498f --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go @@ -0,0 +1,15193 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Code generated from semantic convention specification. DO NOT EDIT. + +package semconv // import "go.opentelemetry.io/otel/semconv/v1.37.0" + +import "go.opentelemetry.io/otel/attribute" + +// Namespace: android +const ( + // AndroidAppStateKey is the attribute Key conforming to the "android.app.state" + // semantic conventions. It represents the this attribute represents the state + // of the application. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "created" + // Note: The Android lifecycle states are defined in + // [Activity lifecycle callbacks], and from which the `OS identifiers` are + // derived. + // + // [Activity lifecycle callbacks]: https://developer.android.com/guide/components/activities/activity-lifecycle#lc + AndroidAppStateKey = attribute.Key("android.app.state") + + // AndroidOSAPILevelKey is the attribute Key conforming to the + // "android.os.api_level" semantic conventions. It represents the uniquely + // identifies the framework API revision offered by a version (`os.version`) of + // the android operating system. More information can be found in the + // [Android API levels documentation]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "33", "32" + // + // [Android API levels documentation]: https://developer.android.com/guide/topics/manifest/uses-sdk-element#ApiLevels + AndroidOSAPILevelKey = attribute.Key("android.os.api_level") +) + +// AndroidOSAPILevel returns an attribute KeyValue conforming to the +// "android.os.api_level" semantic conventions. It represents the uniquely +// identifies the framework API revision offered by a version (`os.version`) of +// the android operating system. More information can be found in the +// [Android API levels documentation]. +// +// [Android API levels documentation]: https://developer.android.com/guide/topics/manifest/uses-sdk-element#ApiLevels +func AndroidOSAPILevel(val string) attribute.KeyValue { + return AndroidOSAPILevelKey.String(val) +} + +// Enum values for android.app.state +var ( + // Any time before Activity.onResume() or, if the app has no Activity, + // Context.startService() has been called in the app for the first time. + // + // Stability: development + AndroidAppStateCreated = AndroidAppStateKey.String("created") + // Any time after Activity.onPause() or, if the app has no Activity, + // Context.stopService() has been called when the app was in the foreground + // state. + // + // Stability: development + AndroidAppStateBackground = AndroidAppStateKey.String("background") + // Any time after Activity.onResume() or, if the app has no Activity, + // Context.startService() has been called when the app was in either the created + // or background states. + // + // Stability: development + AndroidAppStateForeground = AndroidAppStateKey.String("foreground") +) + +// Namespace: app +const ( + // AppBuildIDKey is the attribute Key conforming to the "app.build_id" semantic + // conventions. It represents the unique identifier for a particular build or + // compilation of the application. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "6cff0a7e-cefc-4668-96f5-1273d8b334d0", + // "9f2b833506aa6973a92fde9733e6271f", "my-app-1.0.0-code-123" + AppBuildIDKey = attribute.Key("app.build_id") + + // AppInstallationIDKey is the attribute Key conforming to the + // "app.installation.id" semantic conventions. It represents a unique identifier + // representing the installation of an application on a specific device. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2ab2916d-a51f-4ac8-80ee-45ac31a28092" + // Note: Its value SHOULD persist across launches of the same application + // installation, including through application upgrades. + // It SHOULD change if the application is uninstalled or if all applications of + // the vendor are uninstalled. + // Additionally, users might be able to reset this value (e.g. by clearing + // application data). + // If an app is installed multiple times on the same device (e.g. in different + // accounts on Android), each `app.installation.id` SHOULD have a different + // value. + // If multiple OpenTelemetry SDKs are used within the same application, they + // SHOULD use the same value for `app.installation.id`. + // Hardware IDs (e.g. serial number, IMEI, MAC address) MUST NOT be used as the + // `app.installation.id`. + // + // For iOS, this value SHOULD be equal to the [vendor identifier]. + // + // For Android, examples of `app.installation.id` implementations include: + // + // - [Firebase Installation ID]. + // - A globally unique UUID which is persisted across sessions in your + // application. + // - [App set ID]. + // - [`Settings.getString(Settings.Secure.ANDROID_ID)`]. + // + // More information about Android identifier best practices can be found in the + // [Android user data IDs guide]. + // + // [vendor identifier]: https://developer.apple.com/documentation/uikit/uidevice/identifierforvendor + // [Firebase Installation ID]: https://firebase.google.com/docs/projects/manage-installations + // [App set ID]: https://developer.android.com/identity/app-set-id + // [`Settings.getString(Settings.Secure.ANDROID_ID)`]: https://developer.android.com/reference/android/provider/Settings.Secure#ANDROID_ID + // [Android user data IDs guide]: https://developer.android.com/training/articles/user-data-ids + AppInstallationIDKey = attribute.Key("app.installation.id") + + // AppJankFrameCountKey is the attribute Key conforming to the + // "app.jank.frame_count" semantic conventions. It represents a number of frame + // renders that experienced jank. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 9, 42 + // Note: Depending on platform limitations, the value provided MAY be + // approximation. + AppJankFrameCountKey = attribute.Key("app.jank.frame_count") + + // AppJankPeriodKey is the attribute Key conforming to the "app.jank.period" + // semantic conventions. It represents the time period, in seconds, for which + // this jank is being reported. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1.0, 5.0, 10.24 + AppJankPeriodKey = attribute.Key("app.jank.period") + + // AppJankThresholdKey is the attribute Key conforming to the + // "app.jank.threshold" semantic conventions. It represents the minimum + // rendering threshold for this jank, in seconds. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0.016, 0.7, 1.024 + AppJankThresholdKey = attribute.Key("app.jank.threshold") + + // AppScreenCoordinateXKey is the attribute Key conforming to the + // "app.screen.coordinate.x" semantic conventions. It represents the x + // (horizontal) coordinate of a screen coordinate, in screen pixels. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0, 131 + AppScreenCoordinateXKey = attribute.Key("app.screen.coordinate.x") + + // AppScreenCoordinateYKey is the attribute Key conforming to the + // "app.screen.coordinate.y" semantic conventions. It represents the y + // (vertical) component of a screen coordinate, in screen pixels. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 12, 99 + AppScreenCoordinateYKey = attribute.Key("app.screen.coordinate.y") + + // AppWidgetIDKey is the attribute Key conforming to the "app.widget.id" + // semantic conventions. It represents an identifier that uniquely + // differentiates this widget from other widgets in the same application. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "f9bc787d-ff05-48ad-90e1-fca1d46130b3", "submit_order_1829" + // Note: A widget is an application component, typically an on-screen visual GUI + // element. + AppWidgetIDKey = attribute.Key("app.widget.id") + + // AppWidgetNameKey is the attribute Key conforming to the "app.widget.name" + // semantic conventions. It represents the name of an application widget. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "submit", "attack", "Clear Cart" + // Note: A widget is an application component, typically an on-screen visual GUI + // element. + AppWidgetNameKey = attribute.Key("app.widget.name") +) + +// AppBuildID returns an attribute KeyValue conforming to the "app.build_id" +// semantic conventions. It represents the unique identifier for a particular +// build or compilation of the application. +func AppBuildID(val string) attribute.KeyValue { + return AppBuildIDKey.String(val) +} + +// AppInstallationID returns an attribute KeyValue conforming to the +// "app.installation.id" semantic conventions. It represents a unique identifier +// representing the installation of an application on a specific device. +func AppInstallationID(val string) attribute.KeyValue { + return AppInstallationIDKey.String(val) +} + +// AppJankFrameCount returns an attribute KeyValue conforming to the +// "app.jank.frame_count" semantic conventions. It represents a number of frame +// renders that experienced jank. +func AppJankFrameCount(val int) attribute.KeyValue { + return AppJankFrameCountKey.Int(val) +} + +// AppJankPeriod returns an attribute KeyValue conforming to the +// "app.jank.period" semantic conventions. It represents the time period, in +// seconds, for which this jank is being reported. +func AppJankPeriod(val float64) attribute.KeyValue { + return AppJankPeriodKey.Float64(val) +} + +// AppJankThreshold returns an attribute KeyValue conforming to the +// "app.jank.threshold" semantic conventions. It represents the minimum rendering +// threshold for this jank, in seconds. +func AppJankThreshold(val float64) attribute.KeyValue { + return AppJankThresholdKey.Float64(val) +} + +// AppScreenCoordinateX returns an attribute KeyValue conforming to the +// "app.screen.coordinate.x" semantic conventions. It represents the x +// (horizontal) coordinate of a screen coordinate, in screen pixels. +func AppScreenCoordinateX(val int) attribute.KeyValue { + return AppScreenCoordinateXKey.Int(val) +} + +// AppScreenCoordinateY returns an attribute KeyValue conforming to the +// "app.screen.coordinate.y" semantic conventions. It represents the y (vertical) +// component of a screen coordinate, in screen pixels. +func AppScreenCoordinateY(val int) attribute.KeyValue { + return AppScreenCoordinateYKey.Int(val) +} + +// AppWidgetID returns an attribute KeyValue conforming to the "app.widget.id" +// semantic conventions. It represents an identifier that uniquely differentiates +// this widget from other widgets in the same application. +func AppWidgetID(val string) attribute.KeyValue { + return AppWidgetIDKey.String(val) +} + +// AppWidgetName returns an attribute KeyValue conforming to the +// "app.widget.name" semantic conventions. It represents the name of an +// application widget. +func AppWidgetName(val string) attribute.KeyValue { + return AppWidgetNameKey.String(val) +} + +// Namespace: artifact +const ( + // ArtifactAttestationFilenameKey is the attribute Key conforming to the + // "artifact.attestation.filename" semantic conventions. It represents the + // provenance filename of the built attestation which directly relates to the + // build artifact filename. This filename SHOULD accompany the artifact at + // publish time. See the [SLSA Relationship] specification for more information. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "golang-binary-amd64-v0.1.0.attestation", + // "docker-image-amd64-v0.1.0.intoto.json1", "release-1.tar.gz.attestation", + // "file-name-package.tar.gz.intoto.json1" + // + // [SLSA Relationship]: https://slsa.dev/spec/v1.0/distributing-provenance#relationship-between-artifacts-and-attestations + ArtifactAttestationFilenameKey = attribute.Key("artifact.attestation.filename") + + // ArtifactAttestationHashKey is the attribute Key conforming to the + // "artifact.attestation.hash" semantic conventions. It represents the full + // [hash value (see glossary)], of the built attestation. Some envelopes in the + // [software attestation space] also refer to this as the **digest**. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1b31dfcd5b7f9267bf2ff47651df1cfb9147b9e4df1f335accf65b4cda498408" + // + // [hash value (see glossary)]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf + // [software attestation space]: https://github.com/in-toto/attestation/tree/main/spec + ArtifactAttestationHashKey = attribute.Key("artifact.attestation.hash") + + // ArtifactAttestationIDKey is the attribute Key conforming to the + // "artifact.attestation.id" semantic conventions. It represents the id of the + // build [software attestation]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "123" + // + // [software attestation]: https://slsa.dev/attestation-model + ArtifactAttestationIDKey = attribute.Key("artifact.attestation.id") + + // ArtifactFilenameKey is the attribute Key conforming to the + // "artifact.filename" semantic conventions. It represents the human readable + // file name of the artifact, typically generated during build and release + // processes. Often includes the package name and version in the file name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "golang-binary-amd64-v0.1.0", "docker-image-amd64-v0.1.0", + // "release-1.tar.gz", "file-name-package.tar.gz" + // Note: This file name can also act as the [Package Name] + // in cases where the package ecosystem maps accordingly. + // Additionally, the artifact [can be published] + // for others, but that is not a guarantee. + // + // [Package Name]: https://slsa.dev/spec/v1.0/terminology#package-model + // [can be published]: https://slsa.dev/spec/v1.0/terminology#software-supply-chain + ArtifactFilenameKey = attribute.Key("artifact.filename") + + // ArtifactHashKey is the attribute Key conforming to the "artifact.hash" + // semantic conventions. It represents the full [hash value (see glossary)], + // often found in checksum.txt on a release of the artifact and used to verify + // package integrity. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "9ff4c52759e2c4ac70b7d517bc7fcdc1cda631ca0045271ddd1b192544f8a3e9" + // Note: The specific algorithm used to create the cryptographic hash value is + // not defined. In situations where an artifact has multiple + // cryptographic hashes, it is up to the implementer to choose which + // hash value to set here; this should be the most secure hash algorithm + // that is suitable for the situation and consistent with the + // corresponding attestation. The implementer can then provide the other + // hash values through an additional set of attribute extensions as they + // deem necessary. + // + // [hash value (see glossary)]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf + ArtifactHashKey = attribute.Key("artifact.hash") + + // ArtifactPurlKey is the attribute Key conforming to the "artifact.purl" + // semantic conventions. It represents the [Package URL] of the + // [package artifact] provides a standard way to identify and locate the + // packaged artifact. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "pkg:github/package-url/purl-spec@1209109710924", + // "pkg:npm/foo@12.12.3" + // + // [Package URL]: https://github.com/package-url/purl-spec + // [package artifact]: https://slsa.dev/spec/v1.0/terminology#package-model + ArtifactPurlKey = attribute.Key("artifact.purl") + + // ArtifactVersionKey is the attribute Key conforming to the "artifact.version" + // semantic conventions. It represents the version of the artifact. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "v0.1.0", "1.2.1", "122691-build" + ArtifactVersionKey = attribute.Key("artifact.version") +) + +// ArtifactAttestationFilename returns an attribute KeyValue conforming to the +// "artifact.attestation.filename" semantic conventions. It represents the +// provenance filename of the built attestation which directly relates to the +// build artifact filename. This filename SHOULD accompany the artifact at +// publish time. See the [SLSA Relationship] specification for more information. +// +// [SLSA Relationship]: https://slsa.dev/spec/v1.0/distributing-provenance#relationship-between-artifacts-and-attestations +func ArtifactAttestationFilename(val string) attribute.KeyValue { + return ArtifactAttestationFilenameKey.String(val) +} + +// ArtifactAttestationHash returns an attribute KeyValue conforming to the +// "artifact.attestation.hash" semantic conventions. It represents the full +// [hash value (see glossary)], of the built attestation. Some envelopes in the +// [software attestation space] also refer to this as the **digest**. +// +// [hash value (see glossary)]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf +// [software attestation space]: https://github.com/in-toto/attestation/tree/main/spec +func ArtifactAttestationHash(val string) attribute.KeyValue { + return ArtifactAttestationHashKey.String(val) +} + +// ArtifactAttestationID returns an attribute KeyValue conforming to the +// "artifact.attestation.id" semantic conventions. It represents the id of the +// build [software attestation]. +// +// [software attestation]: https://slsa.dev/attestation-model +func ArtifactAttestationID(val string) attribute.KeyValue { + return ArtifactAttestationIDKey.String(val) +} + +// ArtifactFilename returns an attribute KeyValue conforming to the +// "artifact.filename" semantic conventions. It represents the human readable +// file name of the artifact, typically generated during build and release +// processes. Often includes the package name and version in the file name. +func ArtifactFilename(val string) attribute.KeyValue { + return ArtifactFilenameKey.String(val) +} + +// ArtifactHash returns an attribute KeyValue conforming to the "artifact.hash" +// semantic conventions. It represents the full [hash value (see glossary)], +// often found in checksum.txt on a release of the artifact and used to verify +// package integrity. +// +// [hash value (see glossary)]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf +func ArtifactHash(val string) attribute.KeyValue { + return ArtifactHashKey.String(val) +} + +// ArtifactPurl returns an attribute KeyValue conforming to the "artifact.purl" +// semantic conventions. It represents the [Package URL] of the +// [package artifact] provides a standard way to identify and locate the packaged +// artifact. +// +// [Package URL]: https://github.com/package-url/purl-spec +// [package artifact]: https://slsa.dev/spec/v1.0/terminology#package-model +func ArtifactPurl(val string) attribute.KeyValue { + return ArtifactPurlKey.String(val) +} + +// ArtifactVersion returns an attribute KeyValue conforming to the +// "artifact.version" semantic conventions. It represents the version of the +// artifact. +func ArtifactVersion(val string) attribute.KeyValue { + return ArtifactVersionKey.String(val) +} + +// Namespace: aws +const ( + // AWSBedrockGuardrailIDKey is the attribute Key conforming to the + // "aws.bedrock.guardrail.id" semantic conventions. It represents the unique + // identifier of the AWS Bedrock Guardrail. A [guardrail] helps safeguard and + // prevent unwanted behavior from model responses or user messages. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "sgi5gkybzqak" + // + // [guardrail]: https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html + AWSBedrockGuardrailIDKey = attribute.Key("aws.bedrock.guardrail.id") + + // AWSBedrockKnowledgeBaseIDKey is the attribute Key conforming to the + // "aws.bedrock.knowledge_base.id" semantic conventions. It represents the + // unique identifier of the AWS Bedrock Knowledge base. A [knowledge base] is a + // bank of information that can be queried by models to generate more relevant + // responses and augment prompts. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "XFWUPB9PAW" + // + // [knowledge base]: https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base.html + AWSBedrockKnowledgeBaseIDKey = attribute.Key("aws.bedrock.knowledge_base.id") + + // AWSDynamoDBAttributeDefinitionsKey is the attribute Key conforming to the + // "aws.dynamodb.attribute_definitions" semantic conventions. It represents the + // JSON-serialized value of each item in the `AttributeDefinitions` request + // field. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "{ "AttributeName": "string", "AttributeType": "string" }" + AWSDynamoDBAttributeDefinitionsKey = attribute.Key("aws.dynamodb.attribute_definitions") + + // AWSDynamoDBAttributesToGetKey is the attribute Key conforming to the + // "aws.dynamodb.attributes_to_get" semantic conventions. It represents the + // value of the `AttributesToGet` request parameter. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "lives", "id" + AWSDynamoDBAttributesToGetKey = attribute.Key("aws.dynamodb.attributes_to_get") + + // AWSDynamoDBConsistentReadKey is the attribute Key conforming to the + // "aws.dynamodb.consistent_read" semantic conventions. It represents the value + // of the `ConsistentRead` request parameter. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + AWSDynamoDBConsistentReadKey = attribute.Key("aws.dynamodb.consistent_read") + + // AWSDynamoDBConsumedCapacityKey is the attribute Key conforming to the + // "aws.dynamodb.consumed_capacity" semantic conventions. It represents the + // JSON-serialized value of each item in the `ConsumedCapacity` response field. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "{ "CapacityUnits": number, "GlobalSecondaryIndexes": { "string" : + // { "CapacityUnits": number, "ReadCapacityUnits": number, "WriteCapacityUnits": + // number } }, "LocalSecondaryIndexes": { "string" : { "CapacityUnits": number, + // "ReadCapacityUnits": number, "WriteCapacityUnits": number } }, + // "ReadCapacityUnits": number, "Table": { "CapacityUnits": number, + // "ReadCapacityUnits": number, "WriteCapacityUnits": number }, "TableName": + // "string", "WriteCapacityUnits": number }" + AWSDynamoDBConsumedCapacityKey = attribute.Key("aws.dynamodb.consumed_capacity") + + // AWSDynamoDBCountKey is the attribute Key conforming to the + // "aws.dynamodb.count" semantic conventions. It represents the value of the + // `Count` response parameter. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 10 + AWSDynamoDBCountKey = attribute.Key("aws.dynamodb.count") + + // AWSDynamoDBExclusiveStartTableKey is the attribute Key conforming to the + // "aws.dynamodb.exclusive_start_table" semantic conventions. It represents the + // value of the `ExclusiveStartTableName` request parameter. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Users", "CatsTable" + AWSDynamoDBExclusiveStartTableKey = attribute.Key("aws.dynamodb.exclusive_start_table") + + // AWSDynamoDBGlobalSecondaryIndexUpdatesKey is the attribute Key conforming to + // the "aws.dynamodb.global_secondary_index_updates" semantic conventions. It + // represents the JSON-serialized value of each item in the + // `GlobalSecondaryIndexUpdates` request field. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "{ "Create": { "IndexName": "string", "KeySchema": [ { + // "AttributeName": "string", "KeyType": "string" } ], "Projection": { + // "NonKeyAttributes": [ "string" ], "ProjectionType": "string" }, + // "ProvisionedThroughput": { "ReadCapacityUnits": number, "WriteCapacityUnits": + // number } }" + AWSDynamoDBGlobalSecondaryIndexUpdatesKey = attribute.Key("aws.dynamodb.global_secondary_index_updates") + + // AWSDynamoDBGlobalSecondaryIndexesKey is the attribute Key conforming to the + // "aws.dynamodb.global_secondary_indexes" semantic conventions. It represents + // the JSON-serialized value of each item of the `GlobalSecondaryIndexes` + // request field. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "{ "IndexName": "string", "KeySchema": [ { "AttributeName": + // "string", "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [ + // "string" ], "ProjectionType": "string" }, "ProvisionedThroughput": { + // "ReadCapacityUnits": number, "WriteCapacityUnits": number } }" + AWSDynamoDBGlobalSecondaryIndexesKey = attribute.Key("aws.dynamodb.global_secondary_indexes") + + // AWSDynamoDBIndexNameKey is the attribute Key conforming to the + // "aws.dynamodb.index_name" semantic conventions. It represents the value of + // the `IndexName` request parameter. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "name_to_group" + AWSDynamoDBIndexNameKey = attribute.Key("aws.dynamodb.index_name") + + // AWSDynamoDBItemCollectionMetricsKey is the attribute Key conforming to the + // "aws.dynamodb.item_collection_metrics" semantic conventions. It represents + // the JSON-serialized value of the `ItemCollectionMetrics` response field. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "{ "string" : [ { "ItemCollectionKey": { "string" : { "B": blob, + // "BOOL": boolean, "BS": [ blob ], "L": [ "AttributeValue" ], "M": { "string" : + // "AttributeValue" }, "N": "string", "NS": [ "string" ], "NULL": boolean, "S": + // "string", "SS": [ "string" ] } }, "SizeEstimateRangeGB": [ number ] } ] }" + AWSDynamoDBItemCollectionMetricsKey = attribute.Key("aws.dynamodb.item_collection_metrics") + + // AWSDynamoDBLimitKey is the attribute Key conforming to the + // "aws.dynamodb.limit" semantic conventions. It represents the value of the + // `Limit` request parameter. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 10 + AWSDynamoDBLimitKey = attribute.Key("aws.dynamodb.limit") + + // AWSDynamoDBLocalSecondaryIndexesKey is the attribute Key conforming to the + // "aws.dynamodb.local_secondary_indexes" semantic conventions. It represents + // the JSON-serialized value of each item of the `LocalSecondaryIndexes` request + // field. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "{ "IndexArn": "string", "IndexName": "string", "IndexSizeBytes": + // number, "ItemCount": number, "KeySchema": [ { "AttributeName": "string", + // "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [ "string" ], + // "ProjectionType": "string" } }" + AWSDynamoDBLocalSecondaryIndexesKey = attribute.Key("aws.dynamodb.local_secondary_indexes") + + // AWSDynamoDBProjectionKey is the attribute Key conforming to the + // "aws.dynamodb.projection" semantic conventions. It represents the value of + // the `ProjectionExpression` request parameter. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Title", "Title, Price, Color", "Title, Description, RelatedItems, + // ProductReviews" + AWSDynamoDBProjectionKey = attribute.Key("aws.dynamodb.projection") + + // AWSDynamoDBProvisionedReadCapacityKey is the attribute Key conforming to the + // "aws.dynamodb.provisioned_read_capacity" semantic conventions. It represents + // the value of the `ProvisionedThroughput.ReadCapacityUnits` request parameter. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1.0, 2.0 + AWSDynamoDBProvisionedReadCapacityKey = attribute.Key("aws.dynamodb.provisioned_read_capacity") + + // AWSDynamoDBProvisionedWriteCapacityKey is the attribute Key conforming to the + // "aws.dynamodb.provisioned_write_capacity" semantic conventions. It represents + // the value of the `ProvisionedThroughput.WriteCapacityUnits` request + // parameter. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1.0, 2.0 + AWSDynamoDBProvisionedWriteCapacityKey = attribute.Key("aws.dynamodb.provisioned_write_capacity") + + // AWSDynamoDBScanForwardKey is the attribute Key conforming to the + // "aws.dynamodb.scan_forward" semantic conventions. It represents the value of + // the `ScanIndexForward` request parameter. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + AWSDynamoDBScanForwardKey = attribute.Key("aws.dynamodb.scan_forward") + + // AWSDynamoDBScannedCountKey is the attribute Key conforming to the + // "aws.dynamodb.scanned_count" semantic conventions. It represents the value of + // the `ScannedCount` response parameter. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 50 + AWSDynamoDBScannedCountKey = attribute.Key("aws.dynamodb.scanned_count") + + // AWSDynamoDBSegmentKey is the attribute Key conforming to the + // "aws.dynamodb.segment" semantic conventions. It represents the value of the + // `Segment` request parameter. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 10 + AWSDynamoDBSegmentKey = attribute.Key("aws.dynamodb.segment") + + // AWSDynamoDBSelectKey is the attribute Key conforming to the + // "aws.dynamodb.select" semantic conventions. It represents the value of the + // `Select` request parameter. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "ALL_ATTRIBUTES", "COUNT" + AWSDynamoDBSelectKey = attribute.Key("aws.dynamodb.select") + + // AWSDynamoDBTableCountKey is the attribute Key conforming to the + // "aws.dynamodb.table_count" semantic conventions. It represents the number of + // items in the `TableNames` response parameter. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 20 + AWSDynamoDBTableCountKey = attribute.Key("aws.dynamodb.table_count") + + // AWSDynamoDBTableNamesKey is the attribute Key conforming to the + // "aws.dynamodb.table_names" semantic conventions. It represents the keys in + // the `RequestItems` object field. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Users", "Cats" + AWSDynamoDBTableNamesKey = attribute.Key("aws.dynamodb.table_names") + + // AWSDynamoDBTotalSegmentsKey is the attribute Key conforming to the + // "aws.dynamodb.total_segments" semantic conventions. It represents the value + // of the `TotalSegments` request parameter. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 100 + AWSDynamoDBTotalSegmentsKey = attribute.Key("aws.dynamodb.total_segments") + + // AWSECSClusterARNKey is the attribute Key conforming to the + // "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an + // [ECS cluster]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster" + // + // [ECS cluster]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html + AWSECSClusterARNKey = attribute.Key("aws.ecs.cluster.arn") + + // AWSECSContainerARNKey is the attribute Key conforming to the + // "aws.ecs.container.arn" semantic conventions. It represents the Amazon + // Resource Name (ARN) of an [ECS container instance]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "arn:aws:ecs:us-west-1:123456789123:container/32624152-9086-4f0e-acae-1a75b14fe4d9" + // + // [ECS container instance]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html + AWSECSContainerARNKey = attribute.Key("aws.ecs.container.arn") + + // AWSECSLaunchtypeKey is the attribute Key conforming to the + // "aws.ecs.launchtype" semantic conventions. It represents the [launch type] + // for an ECS task. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // + // [launch type]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html + AWSECSLaunchtypeKey = attribute.Key("aws.ecs.launchtype") + + // AWSECSTaskARNKey is the attribute Key conforming to the "aws.ecs.task.arn" + // semantic conventions. It represents the ARN of a running [ECS task]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "arn:aws:ecs:us-west-1:123456789123:task/10838bed-421f-43ef-870a-f43feacbbb5b", + // "arn:aws:ecs:us-west-1:123456789123:task/my-cluster/task-id/23ebb8ac-c18f-46c6-8bbe-d55d0e37cfbd" + // + // [ECS task]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#ecs-resource-ids + AWSECSTaskARNKey = attribute.Key("aws.ecs.task.arn") + + // AWSECSTaskFamilyKey is the attribute Key conforming to the + // "aws.ecs.task.family" semantic conventions. It represents the family name of + // the [ECS task definition] used to create the ECS task. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry-family" + // + // [ECS task definition]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html + AWSECSTaskFamilyKey = attribute.Key("aws.ecs.task.family") + + // AWSECSTaskIDKey is the attribute Key conforming to the "aws.ecs.task.id" + // semantic conventions. It represents the ID of a running ECS task. The ID MUST + // be extracted from `task.arn`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "10838bed-421f-43ef-870a-f43feacbbb5b", + // "23ebb8ac-c18f-46c6-8bbe-d55d0e37cfbd" + AWSECSTaskIDKey = attribute.Key("aws.ecs.task.id") + + // AWSECSTaskRevisionKey is the attribute Key conforming to the + // "aws.ecs.task.revision" semantic conventions. It represents the revision for + // the task definition used to create the ECS task. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "8", "26" + AWSECSTaskRevisionKey = attribute.Key("aws.ecs.task.revision") + + // AWSEKSClusterARNKey is the attribute Key conforming to the + // "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an EKS + // cluster. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster" + AWSEKSClusterARNKey = attribute.Key("aws.eks.cluster.arn") + + // AWSExtendedRequestIDKey is the attribute Key conforming to the + // "aws.extended_request_id" semantic conventions. It represents the AWS + // extended request ID as returned in the response header `x-amz-id-2`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "wzHcyEWfmOGDIE5QOhTAqFDoDWP3y8IUvpNINCwL9N4TEHbUw0/gZJ+VZTmCNCWR7fezEN3eCiQ=" + AWSExtendedRequestIDKey = attribute.Key("aws.extended_request_id") + + // AWSKinesisStreamNameKey is the attribute Key conforming to the + // "aws.kinesis.stream_name" semantic conventions. It represents the name of the + // AWS Kinesis [stream] the request refers to. Corresponds to the + // `--stream-name` parameter of the Kinesis [describe-stream] operation. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "some-stream-name" + // + // [stream]: https://docs.aws.amazon.com/streams/latest/dev/introduction.html + // [describe-stream]: https://docs.aws.amazon.com/cli/latest/reference/kinesis/describe-stream.html + AWSKinesisStreamNameKey = attribute.Key("aws.kinesis.stream_name") + + // AWSLambdaInvokedARNKey is the attribute Key conforming to the + // "aws.lambda.invoked_arn" semantic conventions. It represents the full invoked + // ARN as provided on the `Context` passed to the function ( + // `Lambda-Runtime-Invoked-Function-Arn` header on the + // `/runtime/invocation/next` applicable). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "arn:aws:lambda:us-east-1:123456:function:myfunction:myalias" + // Note: This may be different from `cloud.resource_id` if an alias is involved. + AWSLambdaInvokedARNKey = attribute.Key("aws.lambda.invoked_arn") + + // AWSLambdaResourceMappingIDKey is the attribute Key conforming to the + // "aws.lambda.resource_mapping.id" semantic conventions. It represents the UUID + // of the [AWS Lambda EvenSource Mapping]. An event source is mapped to a lambda + // function. It's contents are read by Lambda and used to trigger a function. + // This isn't available in the lambda execution context or the lambda runtime + // environtment. This is going to be populated by the AWS SDK for each language + // when that UUID is present. Some of these operations are + // Create/Delete/Get/List/Update EventSourceMapping. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "587ad24b-03b9-4413-8202-bbd56b36e5b7" + // + // [AWS Lambda EvenSource Mapping]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html + AWSLambdaResourceMappingIDKey = attribute.Key("aws.lambda.resource_mapping.id") + + // AWSLogGroupARNsKey is the attribute Key conforming to the + // "aws.log.group.arns" semantic conventions. It represents the Amazon Resource + // Name(s) (ARN) of the AWS log group(s). + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:*" + // Note: See the [log group ARN format documentation]. + // + // [log group ARN format documentation]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format + AWSLogGroupARNsKey = attribute.Key("aws.log.group.arns") + + // AWSLogGroupNamesKey is the attribute Key conforming to the + // "aws.log.group.names" semantic conventions. It represents the name(s) of the + // AWS log group(s) an application is writing to. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/aws/lambda/my-function", "opentelemetry-service" + // Note: Multiple log groups must be supported for cases like multi-container + // applications, where a single application has sidecar containers, and each + // write to their own log group. + AWSLogGroupNamesKey = attribute.Key("aws.log.group.names") + + // AWSLogStreamARNsKey is the attribute Key conforming to the + // "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of the + // AWS log stream(s). + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:log-stream:logs/main/10838bed-421f-43ef-870a-f43feacbbb5b" + // Note: See the [log stream ARN format documentation]. One log group can + // contain several log streams, so these ARNs necessarily identify both a log + // group and a log stream. + // + // [log stream ARN format documentation]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html#CWL_ARN_Format + AWSLogStreamARNsKey = attribute.Key("aws.log.stream.arns") + + // AWSLogStreamNamesKey is the attribute Key conforming to the + // "aws.log.stream.names" semantic conventions. It represents the name(s) of the + // AWS log stream(s) an application is writing to. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "logs/main/10838bed-421f-43ef-870a-f43feacbbb5b" + AWSLogStreamNamesKey = attribute.Key("aws.log.stream.names") + + // AWSRequestIDKey is the attribute Key conforming to the "aws.request_id" + // semantic conventions. It represents the AWS request ID as returned in the + // response headers `x-amzn-requestid`, `x-amzn-request-id` or + // `x-amz-request-id`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "79b9da39-b7ae-508a-a6bc-864b2829c622", "C9ER4AJX75574TDJ" + AWSRequestIDKey = attribute.Key("aws.request_id") + + // AWSS3BucketKey is the attribute Key conforming to the "aws.s3.bucket" + // semantic conventions. It represents the S3 bucket name the request refers to. + // Corresponds to the `--bucket` parameter of the [S3 API] operations. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "some-bucket-name" + // Note: The `bucket` attribute is applicable to all S3 operations that + // reference a bucket, i.e. that require the bucket name as a mandatory + // parameter. + // This applies to almost all S3 operations except `list-buckets`. + // + // [S3 API]: https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html + AWSS3BucketKey = attribute.Key("aws.s3.bucket") + + // AWSS3CopySourceKey is the attribute Key conforming to the + // "aws.s3.copy_source" semantic conventions. It represents the source object + // (in the form `bucket`/`key`) for the copy operation. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "someFile.yml" + // Note: The `copy_source` attribute applies to S3 copy operations and + // corresponds to the `--copy-source` parameter + // of the [copy-object operation within the S3 API]. + // This applies in particular to the following operations: + // + // - [copy-object] + // - [upload-part-copy] + // + // + // [copy-object operation within the S3 API]: https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html + // [copy-object]: https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html + // [upload-part-copy]: https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html + AWSS3CopySourceKey = attribute.Key("aws.s3.copy_source") + + // AWSS3DeleteKey is the attribute Key conforming to the "aws.s3.delete" + // semantic conventions. It represents the delete request container that + // specifies the objects to be deleted. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "Objects=[{Key=string,VersionId=string},{Key=string,VersionId=string}],Quiet=boolean" + // Note: The `delete` attribute is only applicable to the [delete-object] + // operation. + // The `delete` attribute corresponds to the `--delete` parameter of the + // [delete-objects operation within the S3 API]. + // + // [delete-object]: https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-object.html + // [delete-objects operation within the S3 API]: https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-objects.html + AWSS3DeleteKey = attribute.Key("aws.s3.delete") + + // AWSS3KeyKey is the attribute Key conforming to the "aws.s3.key" semantic + // conventions. It represents the S3 object key the request refers to. + // Corresponds to the `--key` parameter of the [S3 API] operations. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "someFile.yml" + // Note: The `key` attribute is applicable to all object-related S3 operations, + // i.e. that require the object key as a mandatory parameter. + // This applies in particular to the following operations: + // + // - [copy-object] + // - [delete-object] + // - [get-object] + // - [head-object] + // - [put-object] + // - [restore-object] + // - [select-object-content] + // - [abort-multipart-upload] + // - [complete-multipart-upload] + // - [create-multipart-upload] + // - [list-parts] + // - [upload-part] + // - [upload-part-copy] + // + // + // [S3 API]: https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html + // [copy-object]: https://docs.aws.amazon.com/cli/latest/reference/s3api/copy-object.html + // [delete-object]: https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-object.html + // [get-object]: https://docs.aws.amazon.com/cli/latest/reference/s3api/get-object.html + // [head-object]: https://docs.aws.amazon.com/cli/latest/reference/s3api/head-object.html + // [put-object]: https://docs.aws.amazon.com/cli/latest/reference/s3api/put-object.html + // [restore-object]: https://docs.aws.amazon.com/cli/latest/reference/s3api/restore-object.html + // [select-object-content]: https://docs.aws.amazon.com/cli/latest/reference/s3api/select-object-content.html + // [abort-multipart-upload]: https://docs.aws.amazon.com/cli/latest/reference/s3api/abort-multipart-upload.html + // [complete-multipart-upload]: https://docs.aws.amazon.com/cli/latest/reference/s3api/complete-multipart-upload.html + // [create-multipart-upload]: https://docs.aws.amazon.com/cli/latest/reference/s3api/create-multipart-upload.html + // [list-parts]: https://docs.aws.amazon.com/cli/latest/reference/s3api/list-parts.html + // [upload-part]: https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html + // [upload-part-copy]: https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html + AWSS3KeyKey = attribute.Key("aws.s3.key") + + // AWSS3PartNumberKey is the attribute Key conforming to the + // "aws.s3.part_number" semantic conventions. It represents the part number of + // the part being uploaded in a multipart-upload operation. This is a positive + // integer between 1 and 10,000. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 3456 + // Note: The `part_number` attribute is only applicable to the [upload-part] + // and [upload-part-copy] operations. + // The `part_number` attribute corresponds to the `--part-number` parameter of + // the + // [upload-part operation within the S3 API]. + // + // [upload-part]: https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html + // [upload-part-copy]: https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html + // [upload-part operation within the S3 API]: https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html + AWSS3PartNumberKey = attribute.Key("aws.s3.part_number") + + // AWSS3UploadIDKey is the attribute Key conforming to the "aws.s3.upload_id" + // semantic conventions. It represents the upload ID that identifies the + // multipart upload. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "dfRtDYWFbkRONycy.Yxwh66Yjlx.cph0gtNBtJ" + // Note: The `upload_id` attribute applies to S3 multipart-upload operations and + // corresponds to the `--upload-id` parameter + // of the [S3 API] multipart operations. + // This applies in particular to the following operations: + // + // - [abort-multipart-upload] + // - [complete-multipart-upload] + // - [list-parts] + // - [upload-part] + // - [upload-part-copy] + // + // + // [S3 API]: https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html + // [abort-multipart-upload]: https://docs.aws.amazon.com/cli/latest/reference/s3api/abort-multipart-upload.html + // [complete-multipart-upload]: https://docs.aws.amazon.com/cli/latest/reference/s3api/complete-multipart-upload.html + // [list-parts]: https://docs.aws.amazon.com/cli/latest/reference/s3api/list-parts.html + // [upload-part]: https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part.html + // [upload-part-copy]: https://docs.aws.amazon.com/cli/latest/reference/s3api/upload-part-copy.html + AWSS3UploadIDKey = attribute.Key("aws.s3.upload_id") + + // AWSSecretsmanagerSecretARNKey is the attribute Key conforming to the + // "aws.secretsmanager.secret.arn" semantic conventions. It represents the ARN + // of the Secret stored in the Secrets Mangger. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "arn:aws:secretsmanager:us-east-1:123456789012:secret:SecretName-6RandomCharacters" + AWSSecretsmanagerSecretARNKey = attribute.Key("aws.secretsmanager.secret.arn") + + // AWSSNSTopicARNKey is the attribute Key conforming to the "aws.sns.topic.arn" + // semantic conventions. It represents the ARN of the AWS SNS Topic. An Amazon + // SNS [topic] is a logical access point that acts as a communication channel. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "arn:aws:sns:us-east-1:123456789012:mystack-mytopic-NZJ5JSMVGFIE" + // + // [topic]: https://docs.aws.amazon.com/sns/latest/dg/sns-create-topic.html + AWSSNSTopicARNKey = attribute.Key("aws.sns.topic.arn") + + // AWSSQSQueueURLKey is the attribute Key conforming to the "aws.sqs.queue.url" + // semantic conventions. It represents the URL of the AWS SQS Queue. It's a + // unique identifier for a queue in Amazon Simple Queue Service (SQS) and is + // used to access the queue and perform actions on it. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "https://sqs.us-east-1.amazonaws.com/123456789012/MyQueue" + AWSSQSQueueURLKey = attribute.Key("aws.sqs.queue.url") + + // AWSStepFunctionsActivityARNKey is the attribute Key conforming to the + // "aws.step_functions.activity.arn" semantic conventions. It represents the ARN + // of the AWS Step Functions Activity. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "arn:aws:states:us-east-1:123456789012:activity:get-greeting" + AWSStepFunctionsActivityARNKey = attribute.Key("aws.step_functions.activity.arn") + + // AWSStepFunctionsStateMachineARNKey is the attribute Key conforming to the + // "aws.step_functions.state_machine.arn" semantic conventions. It represents + // the ARN of the AWS Step Functions State Machine. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "arn:aws:states:us-east-1:123456789012:stateMachine:myStateMachine:1" + AWSStepFunctionsStateMachineARNKey = attribute.Key("aws.step_functions.state_machine.arn") +) + +// AWSBedrockGuardrailID returns an attribute KeyValue conforming to the +// "aws.bedrock.guardrail.id" semantic conventions. It represents the unique +// identifier of the AWS Bedrock Guardrail. A [guardrail] helps safeguard and +// prevent unwanted behavior from model responses or user messages. +// +// [guardrail]: https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html +func AWSBedrockGuardrailID(val string) attribute.KeyValue { + return AWSBedrockGuardrailIDKey.String(val) +} + +// AWSBedrockKnowledgeBaseID returns an attribute KeyValue conforming to the +// "aws.bedrock.knowledge_base.id" semantic conventions. It represents the unique +// identifier of the AWS Bedrock Knowledge base. A [knowledge base] is a bank of +// information that can be queried by models to generate more relevant responses +// and augment prompts. +// +// [knowledge base]: https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base.html +func AWSBedrockKnowledgeBaseID(val string) attribute.KeyValue { + return AWSBedrockKnowledgeBaseIDKey.String(val) +} + +// AWSDynamoDBAttributeDefinitions returns an attribute KeyValue conforming to +// the "aws.dynamodb.attribute_definitions" semantic conventions. It represents +// the JSON-serialized value of each item in the `AttributeDefinitions` request +// field. +func AWSDynamoDBAttributeDefinitions(val ...string) attribute.KeyValue { + return AWSDynamoDBAttributeDefinitionsKey.StringSlice(val) +} + +// AWSDynamoDBAttributesToGet returns an attribute KeyValue conforming to the +// "aws.dynamodb.attributes_to_get" semantic conventions. It represents the value +// of the `AttributesToGet` request parameter. +func AWSDynamoDBAttributesToGet(val ...string) attribute.KeyValue { + return AWSDynamoDBAttributesToGetKey.StringSlice(val) +} + +// AWSDynamoDBConsistentRead returns an attribute KeyValue conforming to the +// "aws.dynamodb.consistent_read" semantic conventions. It represents the value +// of the `ConsistentRead` request parameter. +func AWSDynamoDBConsistentRead(val bool) attribute.KeyValue { + return AWSDynamoDBConsistentReadKey.Bool(val) +} + +// AWSDynamoDBConsumedCapacity returns an attribute KeyValue conforming to the +// "aws.dynamodb.consumed_capacity" semantic conventions. It represents the +// JSON-serialized value of each item in the `ConsumedCapacity` response field. +func AWSDynamoDBConsumedCapacity(val ...string) attribute.KeyValue { + return AWSDynamoDBConsumedCapacityKey.StringSlice(val) +} + +// AWSDynamoDBCount returns an attribute KeyValue conforming to the +// "aws.dynamodb.count" semantic conventions. It represents the value of the +// `Count` response parameter. +func AWSDynamoDBCount(val int) attribute.KeyValue { + return AWSDynamoDBCountKey.Int(val) +} + +// AWSDynamoDBExclusiveStartTable returns an attribute KeyValue conforming to the +// "aws.dynamodb.exclusive_start_table" semantic conventions. It represents the +// value of the `ExclusiveStartTableName` request parameter. +func AWSDynamoDBExclusiveStartTable(val string) attribute.KeyValue { + return AWSDynamoDBExclusiveStartTableKey.String(val) +} + +// AWSDynamoDBGlobalSecondaryIndexUpdates returns an attribute KeyValue +// conforming to the "aws.dynamodb.global_secondary_index_updates" semantic +// conventions. It represents the JSON-serialized value of each item in the +// `GlobalSecondaryIndexUpdates` request field. +func AWSDynamoDBGlobalSecondaryIndexUpdates(val ...string) attribute.KeyValue { + return AWSDynamoDBGlobalSecondaryIndexUpdatesKey.StringSlice(val) +} + +// AWSDynamoDBGlobalSecondaryIndexes returns an attribute KeyValue conforming to +// the "aws.dynamodb.global_secondary_indexes" semantic conventions. It +// represents the JSON-serialized value of each item of the +// `GlobalSecondaryIndexes` request field. +func AWSDynamoDBGlobalSecondaryIndexes(val ...string) attribute.KeyValue { + return AWSDynamoDBGlobalSecondaryIndexesKey.StringSlice(val) +} + +// AWSDynamoDBIndexName returns an attribute KeyValue conforming to the +// "aws.dynamodb.index_name" semantic conventions. It represents the value of the +// `IndexName` request parameter. +func AWSDynamoDBIndexName(val string) attribute.KeyValue { + return AWSDynamoDBIndexNameKey.String(val) +} + +// AWSDynamoDBItemCollectionMetrics returns an attribute KeyValue conforming to +// the "aws.dynamodb.item_collection_metrics" semantic conventions. It represents +// the JSON-serialized value of the `ItemCollectionMetrics` response field. +func AWSDynamoDBItemCollectionMetrics(val string) attribute.KeyValue { + return AWSDynamoDBItemCollectionMetricsKey.String(val) +} + +// AWSDynamoDBLimit returns an attribute KeyValue conforming to the +// "aws.dynamodb.limit" semantic conventions. It represents the value of the +// `Limit` request parameter. +func AWSDynamoDBLimit(val int) attribute.KeyValue { + return AWSDynamoDBLimitKey.Int(val) +} + +// AWSDynamoDBLocalSecondaryIndexes returns an attribute KeyValue conforming to +// the "aws.dynamodb.local_secondary_indexes" semantic conventions. It represents +// the JSON-serialized value of each item of the `LocalSecondaryIndexes` request +// field. +func AWSDynamoDBLocalSecondaryIndexes(val ...string) attribute.KeyValue { + return AWSDynamoDBLocalSecondaryIndexesKey.StringSlice(val) +} + +// AWSDynamoDBProjection returns an attribute KeyValue conforming to the +// "aws.dynamodb.projection" semantic conventions. It represents the value of the +// `ProjectionExpression` request parameter. +func AWSDynamoDBProjection(val string) attribute.KeyValue { + return AWSDynamoDBProjectionKey.String(val) +} + +// AWSDynamoDBProvisionedReadCapacity returns an attribute KeyValue conforming to +// the "aws.dynamodb.provisioned_read_capacity" semantic conventions. It +// represents the value of the `ProvisionedThroughput.ReadCapacityUnits` request +// parameter. +func AWSDynamoDBProvisionedReadCapacity(val float64) attribute.KeyValue { + return AWSDynamoDBProvisionedReadCapacityKey.Float64(val) +} + +// AWSDynamoDBProvisionedWriteCapacity returns an attribute KeyValue conforming +// to the "aws.dynamodb.provisioned_write_capacity" semantic conventions. It +// represents the value of the `ProvisionedThroughput.WriteCapacityUnits` request +// parameter. +func AWSDynamoDBProvisionedWriteCapacity(val float64) attribute.KeyValue { + return AWSDynamoDBProvisionedWriteCapacityKey.Float64(val) +} + +// AWSDynamoDBScanForward returns an attribute KeyValue conforming to the +// "aws.dynamodb.scan_forward" semantic conventions. It represents the value of +// the `ScanIndexForward` request parameter. +func AWSDynamoDBScanForward(val bool) attribute.KeyValue { + return AWSDynamoDBScanForwardKey.Bool(val) +} + +// AWSDynamoDBScannedCount returns an attribute KeyValue conforming to the +// "aws.dynamodb.scanned_count" semantic conventions. It represents the value of +// the `ScannedCount` response parameter. +func AWSDynamoDBScannedCount(val int) attribute.KeyValue { + return AWSDynamoDBScannedCountKey.Int(val) +} + +// AWSDynamoDBSegment returns an attribute KeyValue conforming to the +// "aws.dynamodb.segment" semantic conventions. It represents the value of the +// `Segment` request parameter. +func AWSDynamoDBSegment(val int) attribute.KeyValue { + return AWSDynamoDBSegmentKey.Int(val) +} + +// AWSDynamoDBSelect returns an attribute KeyValue conforming to the +// "aws.dynamodb.select" semantic conventions. It represents the value of the +// `Select` request parameter. +func AWSDynamoDBSelect(val string) attribute.KeyValue { + return AWSDynamoDBSelectKey.String(val) +} + +// AWSDynamoDBTableCount returns an attribute KeyValue conforming to the +// "aws.dynamodb.table_count" semantic conventions. It represents the number of +// items in the `TableNames` response parameter. +func AWSDynamoDBTableCount(val int) attribute.KeyValue { + return AWSDynamoDBTableCountKey.Int(val) +} + +// AWSDynamoDBTableNames returns an attribute KeyValue conforming to the +// "aws.dynamodb.table_names" semantic conventions. It represents the keys in the +// `RequestItems` object field. +func AWSDynamoDBTableNames(val ...string) attribute.KeyValue { + return AWSDynamoDBTableNamesKey.StringSlice(val) +} + +// AWSDynamoDBTotalSegments returns an attribute KeyValue conforming to the +// "aws.dynamodb.total_segments" semantic conventions. It represents the value of +// the `TotalSegments` request parameter. +func AWSDynamoDBTotalSegments(val int) attribute.KeyValue { + return AWSDynamoDBTotalSegmentsKey.Int(val) +} + +// AWSECSClusterARN returns an attribute KeyValue conforming to the +// "aws.ecs.cluster.arn" semantic conventions. It represents the ARN of an +// [ECS cluster]. +// +// [ECS cluster]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html +func AWSECSClusterARN(val string) attribute.KeyValue { + return AWSECSClusterARNKey.String(val) +} + +// AWSECSContainerARN returns an attribute KeyValue conforming to the +// "aws.ecs.container.arn" semantic conventions. It represents the Amazon +// Resource Name (ARN) of an [ECS container instance]. +// +// [ECS container instance]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_instances.html +func AWSECSContainerARN(val string) attribute.KeyValue { + return AWSECSContainerARNKey.String(val) +} + +// AWSECSTaskARN returns an attribute KeyValue conforming to the +// "aws.ecs.task.arn" semantic conventions. It represents the ARN of a running +// [ECS task]. +// +// [ECS task]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#ecs-resource-ids +func AWSECSTaskARN(val string) attribute.KeyValue { + return AWSECSTaskARNKey.String(val) +} + +// AWSECSTaskFamily returns an attribute KeyValue conforming to the +// "aws.ecs.task.family" semantic conventions. It represents the family name of +// the [ECS task definition] used to create the ECS task. +// +// [ECS task definition]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html +func AWSECSTaskFamily(val string) attribute.KeyValue { + return AWSECSTaskFamilyKey.String(val) +} + +// AWSECSTaskID returns an attribute KeyValue conforming to the "aws.ecs.task.id" +// semantic conventions. It represents the ID of a running ECS task. The ID MUST +// be extracted from `task.arn`. +func AWSECSTaskID(val string) attribute.KeyValue { + return AWSECSTaskIDKey.String(val) +} + +// AWSECSTaskRevision returns an attribute KeyValue conforming to the +// "aws.ecs.task.revision" semantic conventions. It represents the revision for +// the task definition used to create the ECS task. +func AWSECSTaskRevision(val string) attribute.KeyValue { + return AWSECSTaskRevisionKey.String(val) +} + +// AWSEKSClusterARN returns an attribute KeyValue conforming to the +// "aws.eks.cluster.arn" semantic conventions. It represents the ARN of an EKS +// cluster. +func AWSEKSClusterARN(val string) attribute.KeyValue { + return AWSEKSClusterARNKey.String(val) +} + +// AWSExtendedRequestID returns an attribute KeyValue conforming to the +// "aws.extended_request_id" semantic conventions. It represents the AWS extended +// request ID as returned in the response header `x-amz-id-2`. +func AWSExtendedRequestID(val string) attribute.KeyValue { + return AWSExtendedRequestIDKey.String(val) +} + +// AWSKinesisStreamName returns an attribute KeyValue conforming to the +// "aws.kinesis.stream_name" semantic conventions. It represents the name of the +// AWS Kinesis [stream] the request refers to. Corresponds to the `--stream-name` +// parameter of the Kinesis [describe-stream] operation. +// +// [stream]: https://docs.aws.amazon.com/streams/latest/dev/introduction.html +// [describe-stream]: https://docs.aws.amazon.com/cli/latest/reference/kinesis/describe-stream.html +func AWSKinesisStreamName(val string) attribute.KeyValue { + return AWSKinesisStreamNameKey.String(val) +} + +// AWSLambdaInvokedARN returns an attribute KeyValue conforming to the +// "aws.lambda.invoked_arn" semantic conventions. It represents the full invoked +// ARN as provided on the `Context` passed to the function ( +// `Lambda-Runtime-Invoked-Function-Arn` header on the `/runtime/invocation/next` +// applicable). +func AWSLambdaInvokedARN(val string) attribute.KeyValue { + return AWSLambdaInvokedARNKey.String(val) +} + +// AWSLambdaResourceMappingID returns an attribute KeyValue conforming to the +// "aws.lambda.resource_mapping.id" semantic conventions. It represents the UUID +// of the [AWS Lambda EvenSource Mapping]. An event source is mapped to a lambda +// function. It's contents are read by Lambda and used to trigger a function. +// This isn't available in the lambda execution context or the lambda runtime +// environtment. This is going to be populated by the AWS SDK for each language +// when that UUID is present. Some of these operations are +// Create/Delete/Get/List/Update EventSourceMapping. +// +// [AWS Lambda EvenSource Mapping]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html +func AWSLambdaResourceMappingID(val string) attribute.KeyValue { + return AWSLambdaResourceMappingIDKey.String(val) +} + +// AWSLogGroupARNs returns an attribute KeyValue conforming to the +// "aws.log.group.arns" semantic conventions. It represents the Amazon Resource +// Name(s) (ARN) of the AWS log group(s). +func AWSLogGroupARNs(val ...string) attribute.KeyValue { + return AWSLogGroupARNsKey.StringSlice(val) +} + +// AWSLogGroupNames returns an attribute KeyValue conforming to the +// "aws.log.group.names" semantic conventions. It represents the name(s) of the +// AWS log group(s) an application is writing to. +func AWSLogGroupNames(val ...string) attribute.KeyValue { + return AWSLogGroupNamesKey.StringSlice(val) +} + +// AWSLogStreamARNs returns an attribute KeyValue conforming to the +// "aws.log.stream.arns" semantic conventions. It represents the ARN(s) of the +// AWS log stream(s). +func AWSLogStreamARNs(val ...string) attribute.KeyValue { + return AWSLogStreamARNsKey.StringSlice(val) +} + +// AWSLogStreamNames returns an attribute KeyValue conforming to the +// "aws.log.stream.names" semantic conventions. It represents the name(s) of the +// AWS log stream(s) an application is writing to. +func AWSLogStreamNames(val ...string) attribute.KeyValue { + return AWSLogStreamNamesKey.StringSlice(val) +} + +// AWSRequestID returns an attribute KeyValue conforming to the "aws.request_id" +// semantic conventions. It represents the AWS request ID as returned in the +// response headers `x-amzn-requestid`, `x-amzn-request-id` or `x-amz-request-id` +// . +func AWSRequestID(val string) attribute.KeyValue { + return AWSRequestIDKey.String(val) +} + +// AWSS3Bucket returns an attribute KeyValue conforming to the "aws.s3.bucket" +// semantic conventions. It represents the S3 bucket name the request refers to. +// Corresponds to the `--bucket` parameter of the [S3 API] operations. +// +// [S3 API]: https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html +func AWSS3Bucket(val string) attribute.KeyValue { + return AWSS3BucketKey.String(val) +} + +// AWSS3CopySource returns an attribute KeyValue conforming to the +// "aws.s3.copy_source" semantic conventions. It represents the source object (in +// the form `bucket`/`key`) for the copy operation. +func AWSS3CopySource(val string) attribute.KeyValue { + return AWSS3CopySourceKey.String(val) +} + +// AWSS3Delete returns an attribute KeyValue conforming to the "aws.s3.delete" +// semantic conventions. It represents the delete request container that +// specifies the objects to be deleted. +func AWSS3Delete(val string) attribute.KeyValue { + return AWSS3DeleteKey.String(val) +} + +// AWSS3Key returns an attribute KeyValue conforming to the "aws.s3.key" semantic +// conventions. It represents the S3 object key the request refers to. +// Corresponds to the `--key` parameter of the [S3 API] operations. +// +// [S3 API]: https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html +func AWSS3Key(val string) attribute.KeyValue { + return AWSS3KeyKey.String(val) +} + +// AWSS3PartNumber returns an attribute KeyValue conforming to the +// "aws.s3.part_number" semantic conventions. It represents the part number of +// the part being uploaded in a multipart-upload operation. This is a positive +// integer between 1 and 10,000. +func AWSS3PartNumber(val int) attribute.KeyValue { + return AWSS3PartNumberKey.Int(val) +} + +// AWSS3UploadID returns an attribute KeyValue conforming to the +// "aws.s3.upload_id" semantic conventions. It represents the upload ID that +// identifies the multipart upload. +func AWSS3UploadID(val string) attribute.KeyValue { + return AWSS3UploadIDKey.String(val) +} + +// AWSSecretsmanagerSecretARN returns an attribute KeyValue conforming to the +// "aws.secretsmanager.secret.arn" semantic conventions. It represents the ARN of +// the Secret stored in the Secrets Mangger. +func AWSSecretsmanagerSecretARN(val string) attribute.KeyValue { + return AWSSecretsmanagerSecretARNKey.String(val) +} + +// AWSSNSTopicARN returns an attribute KeyValue conforming to the +// "aws.sns.topic.arn" semantic conventions. It represents the ARN of the AWS SNS +// Topic. An Amazon SNS [topic] is a logical access point that acts as a +// communication channel. +// +// [topic]: https://docs.aws.amazon.com/sns/latest/dg/sns-create-topic.html +func AWSSNSTopicARN(val string) attribute.KeyValue { + return AWSSNSTopicARNKey.String(val) +} + +// AWSSQSQueueURL returns an attribute KeyValue conforming to the +// "aws.sqs.queue.url" semantic conventions. It represents the URL of the AWS SQS +// Queue. It's a unique identifier for a queue in Amazon Simple Queue Service +// (SQS) and is used to access the queue and perform actions on it. +func AWSSQSQueueURL(val string) attribute.KeyValue { + return AWSSQSQueueURLKey.String(val) +} + +// AWSStepFunctionsActivityARN returns an attribute KeyValue conforming to the +// "aws.step_functions.activity.arn" semantic conventions. It represents the ARN +// of the AWS Step Functions Activity. +func AWSStepFunctionsActivityARN(val string) attribute.KeyValue { + return AWSStepFunctionsActivityARNKey.String(val) +} + +// AWSStepFunctionsStateMachineARN returns an attribute KeyValue conforming to +// the "aws.step_functions.state_machine.arn" semantic conventions. It represents +// the ARN of the AWS Step Functions State Machine. +func AWSStepFunctionsStateMachineARN(val string) attribute.KeyValue { + return AWSStepFunctionsStateMachineARNKey.String(val) +} + +// Enum values for aws.ecs.launchtype +var ( + // Amazon EC2 + // Stability: development + AWSECSLaunchtypeEC2 = AWSECSLaunchtypeKey.String("ec2") + // Amazon Fargate + // Stability: development + AWSECSLaunchtypeFargate = AWSECSLaunchtypeKey.String("fargate") +) + +// Namespace: azure +const ( + // AzureClientIDKey is the attribute Key conforming to the "azure.client.id" + // semantic conventions. It represents the unique identifier of the client + // instance. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "3ba4827d-4422-483f-b59f-85b74211c11d", "storage-client-1" + AzureClientIDKey = attribute.Key("azure.client.id") + + // AzureCosmosDBConnectionModeKey is the attribute Key conforming to the + // "azure.cosmosdb.connection.mode" semantic conventions. It represents the + // cosmos client connection mode. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + AzureCosmosDBConnectionModeKey = attribute.Key("azure.cosmosdb.connection.mode") + + // AzureCosmosDBConsistencyLevelKey is the attribute Key conforming to the + // "azure.cosmosdb.consistency.level" semantic conventions. It represents the + // account or request [consistency level]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Eventual", "ConsistentPrefix", "BoundedStaleness", "Strong", + // "Session" + // + // [consistency level]: https://learn.microsoft.com/azure/cosmos-db/consistency-levels + AzureCosmosDBConsistencyLevelKey = attribute.Key("azure.cosmosdb.consistency.level") + + // AzureCosmosDBOperationContactedRegionsKey is the attribute Key conforming to + // the "azure.cosmosdb.operation.contacted_regions" semantic conventions. It + // represents the list of regions contacted during operation in the order that + // they were contacted. If there is more than one region listed, it indicates + // that the operation was performed on multiple regions i.e. cross-regional + // call. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "North Central US", "Australia East", "Australia Southeast" + // Note: Region name matches the format of `displayName` in [Azure Location API] + // + // [Azure Location API]: https://learn.microsoft.com/rest/api/subscription/subscriptions/list-locations?view=rest-subscription-2021-10-01&tabs=HTTP#location + AzureCosmosDBOperationContactedRegionsKey = attribute.Key("azure.cosmosdb.operation.contacted_regions") + + // AzureCosmosDBOperationRequestChargeKey is the attribute Key conforming to the + // "azure.cosmosdb.operation.request_charge" semantic conventions. It represents + // the number of request units consumed by the operation. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 46.18, 1.0 + AzureCosmosDBOperationRequestChargeKey = attribute.Key("azure.cosmosdb.operation.request_charge") + + // AzureCosmosDBRequestBodySizeKey is the attribute Key conforming to the + // "azure.cosmosdb.request.body.size" semantic conventions. It represents the + // request payload size in bytes. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + AzureCosmosDBRequestBodySizeKey = attribute.Key("azure.cosmosdb.request.body.size") + + // AzureCosmosDBResponseSubStatusCodeKey is the attribute Key conforming to the + // "azure.cosmosdb.response.sub_status_code" semantic conventions. It represents + // the cosmos DB sub status code. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1000, 1002 + AzureCosmosDBResponseSubStatusCodeKey = attribute.Key("azure.cosmosdb.response.sub_status_code") + + // AzureResourceProviderNamespaceKey is the attribute Key conforming to the + // "azure.resource_provider.namespace" semantic conventions. It represents the + // [Azure Resource Provider Namespace] as recognized by the client. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Microsoft.Storage", "Microsoft.KeyVault", "Microsoft.ServiceBus" + // + // [Azure Resource Provider Namespace]: https://learn.microsoft.com/azure/azure-resource-manager/management/azure-services-resource-providers + AzureResourceProviderNamespaceKey = attribute.Key("azure.resource_provider.namespace") + + // AzureServiceRequestIDKey is the attribute Key conforming to the + // "azure.service.request.id" semantic conventions. It represents the unique + // identifier of the service request. It's generated by the Azure service and + // returned with the response. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "00000000-0000-0000-0000-000000000000" + AzureServiceRequestIDKey = attribute.Key("azure.service.request.id") +) + +// AzureClientID returns an attribute KeyValue conforming to the +// "azure.client.id" semantic conventions. It represents the unique identifier of +// the client instance. +func AzureClientID(val string) attribute.KeyValue { + return AzureClientIDKey.String(val) +} + +// AzureCosmosDBOperationContactedRegions returns an attribute KeyValue +// conforming to the "azure.cosmosdb.operation.contacted_regions" semantic +// conventions. It represents the list of regions contacted during operation in +// the order that they were contacted. If there is more than one region listed, +// it indicates that the operation was performed on multiple regions i.e. +// cross-regional call. +func AzureCosmosDBOperationContactedRegions(val ...string) attribute.KeyValue { + return AzureCosmosDBOperationContactedRegionsKey.StringSlice(val) +} + +// AzureCosmosDBOperationRequestCharge returns an attribute KeyValue conforming +// to the "azure.cosmosdb.operation.request_charge" semantic conventions. It +// represents the number of request units consumed by the operation. +func AzureCosmosDBOperationRequestCharge(val float64) attribute.KeyValue { + return AzureCosmosDBOperationRequestChargeKey.Float64(val) +} + +// AzureCosmosDBRequestBodySize returns an attribute KeyValue conforming to the +// "azure.cosmosdb.request.body.size" semantic conventions. It represents the +// request payload size in bytes. +func AzureCosmosDBRequestBodySize(val int) attribute.KeyValue { + return AzureCosmosDBRequestBodySizeKey.Int(val) +} + +// AzureCosmosDBResponseSubStatusCode returns an attribute KeyValue conforming to +// the "azure.cosmosdb.response.sub_status_code" semantic conventions. It +// represents the cosmos DB sub status code. +func AzureCosmosDBResponseSubStatusCode(val int) attribute.KeyValue { + return AzureCosmosDBResponseSubStatusCodeKey.Int(val) +} + +// AzureResourceProviderNamespace returns an attribute KeyValue conforming to the +// "azure.resource_provider.namespace" semantic conventions. It represents the +// [Azure Resource Provider Namespace] as recognized by the client. +// +// [Azure Resource Provider Namespace]: https://learn.microsoft.com/azure/azure-resource-manager/management/azure-services-resource-providers +func AzureResourceProviderNamespace(val string) attribute.KeyValue { + return AzureResourceProviderNamespaceKey.String(val) +} + +// AzureServiceRequestID returns an attribute KeyValue conforming to the +// "azure.service.request.id" semantic conventions. It represents the unique +// identifier of the service request. It's generated by the Azure service and +// returned with the response. +func AzureServiceRequestID(val string) attribute.KeyValue { + return AzureServiceRequestIDKey.String(val) +} + +// Enum values for azure.cosmosdb.connection.mode +var ( + // Gateway (HTTP) connection. + // Stability: development + AzureCosmosDBConnectionModeGateway = AzureCosmosDBConnectionModeKey.String("gateway") + // Direct connection. + // Stability: development + AzureCosmosDBConnectionModeDirect = AzureCosmosDBConnectionModeKey.String("direct") +) + +// Enum values for azure.cosmosdb.consistency.level +var ( + // Strong + // Stability: development + AzureCosmosDBConsistencyLevelStrong = AzureCosmosDBConsistencyLevelKey.String("Strong") + // Bounded Staleness + // Stability: development + AzureCosmosDBConsistencyLevelBoundedStaleness = AzureCosmosDBConsistencyLevelKey.String("BoundedStaleness") + // Session + // Stability: development + AzureCosmosDBConsistencyLevelSession = AzureCosmosDBConsistencyLevelKey.String("Session") + // Eventual + // Stability: development + AzureCosmosDBConsistencyLevelEventual = AzureCosmosDBConsistencyLevelKey.String("Eventual") + // Consistent Prefix + // Stability: development + AzureCosmosDBConsistencyLevelConsistentPrefix = AzureCosmosDBConsistencyLevelKey.String("ConsistentPrefix") +) + +// Namespace: browser +const ( + // BrowserBrandsKey is the attribute Key conforming to the "browser.brands" + // semantic conventions. It represents the array of brand name and version + // separated by a space. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: " Not A;Brand 99", "Chromium 99", "Chrome 99" + // Note: This value is intended to be taken from the [UA client hints API] ( + // `navigator.userAgentData.brands`). + // + // [UA client hints API]: https://wicg.github.io/ua-client-hints/#interface + BrowserBrandsKey = attribute.Key("browser.brands") + + // BrowserLanguageKey is the attribute Key conforming to the "browser.language" + // semantic conventions. It represents the preferred language of the user using + // the browser. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "en", "en-US", "fr", "fr-FR" + // Note: This value is intended to be taken from the Navigator API + // `navigator.language`. + BrowserLanguageKey = attribute.Key("browser.language") + + // BrowserMobileKey is the attribute Key conforming to the "browser.mobile" + // semantic conventions. It represents a boolean that is true if the browser is + // running on a mobile device. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: This value is intended to be taken from the [UA client hints API] ( + // `navigator.userAgentData.mobile`). If unavailable, this attribute SHOULD be + // left unset. + // + // [UA client hints API]: https://wicg.github.io/ua-client-hints/#interface + BrowserMobileKey = attribute.Key("browser.mobile") + + // BrowserPlatformKey is the attribute Key conforming to the "browser.platform" + // semantic conventions. It represents the platform on which the browser is + // running. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Windows", "macOS", "Android" + // Note: This value is intended to be taken from the [UA client hints API] ( + // `navigator.userAgentData.platform`). If unavailable, the legacy + // `navigator.platform` API SHOULD NOT be used instead and this attribute SHOULD + // be left unset in order for the values to be consistent. + // The list of possible values is defined in the + // [W3C User-Agent Client Hints specification]. Note that some (but not all) of + // these values can overlap with values in the + // [`os.type` and `os.name` attributes]. However, for consistency, the values in + // the `browser.platform` attribute should capture the exact value that the user + // agent provides. + // + // [UA client hints API]: https://wicg.github.io/ua-client-hints/#interface + // [W3C User-Agent Client Hints specification]: https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform + // [`os.type` and `os.name` attributes]: ./os.md + BrowserPlatformKey = attribute.Key("browser.platform") +) + +// BrowserBrands returns an attribute KeyValue conforming to the "browser.brands" +// semantic conventions. It represents the array of brand name and version +// separated by a space. +func BrowserBrands(val ...string) attribute.KeyValue { + return BrowserBrandsKey.StringSlice(val) +} + +// BrowserLanguage returns an attribute KeyValue conforming to the +// "browser.language" semantic conventions. It represents the preferred language +// of the user using the browser. +func BrowserLanguage(val string) attribute.KeyValue { + return BrowserLanguageKey.String(val) +} + +// BrowserMobile returns an attribute KeyValue conforming to the "browser.mobile" +// semantic conventions. It represents a boolean that is true if the browser is +// running on a mobile device. +func BrowserMobile(val bool) attribute.KeyValue { + return BrowserMobileKey.Bool(val) +} + +// BrowserPlatform returns an attribute KeyValue conforming to the +// "browser.platform" semantic conventions. It represents the platform on which +// the browser is running. +func BrowserPlatform(val string) attribute.KeyValue { + return BrowserPlatformKey.String(val) +} + +// Namespace: cassandra +const ( + // CassandraConsistencyLevelKey is the attribute Key conforming to the + // "cassandra.consistency.level" semantic conventions. It represents the + // consistency level of the query. Based on consistency values from [CQL]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // + // [CQL]: https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/dml/dmlConfigConsistency.html + CassandraConsistencyLevelKey = attribute.Key("cassandra.consistency.level") + + // CassandraCoordinatorDCKey is the attribute Key conforming to the + // "cassandra.coordinator.dc" semantic conventions. It represents the data + // center of the coordinating node for a query. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: us-west-2 + CassandraCoordinatorDCKey = attribute.Key("cassandra.coordinator.dc") + + // CassandraCoordinatorIDKey is the attribute Key conforming to the + // "cassandra.coordinator.id" semantic conventions. It represents the ID of the + // coordinating node for a query. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: be13faa2-8574-4d71-926d-27f16cf8a7af + CassandraCoordinatorIDKey = attribute.Key("cassandra.coordinator.id") + + // CassandraPageSizeKey is the attribute Key conforming to the + // "cassandra.page.size" semantic conventions. It represents the fetch size used + // for paging, i.e. how many rows will be returned at once. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 5000 + CassandraPageSizeKey = attribute.Key("cassandra.page.size") + + // CassandraQueryIdempotentKey is the attribute Key conforming to the + // "cassandra.query.idempotent" semantic conventions. It represents the whether + // or not the query is idempotent. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + CassandraQueryIdempotentKey = attribute.Key("cassandra.query.idempotent") + + // CassandraSpeculativeExecutionCountKey is the attribute Key conforming to the + // "cassandra.speculative_execution.count" semantic conventions. It represents + // the number of times a query was speculatively executed. Not set or `0` if the + // query was not executed speculatively. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0, 2 + CassandraSpeculativeExecutionCountKey = attribute.Key("cassandra.speculative_execution.count") +) + +// CassandraCoordinatorDC returns an attribute KeyValue conforming to the +// "cassandra.coordinator.dc" semantic conventions. It represents the data center +// of the coordinating node for a query. +func CassandraCoordinatorDC(val string) attribute.KeyValue { + return CassandraCoordinatorDCKey.String(val) +} + +// CassandraCoordinatorID returns an attribute KeyValue conforming to the +// "cassandra.coordinator.id" semantic conventions. It represents the ID of the +// coordinating node for a query. +func CassandraCoordinatorID(val string) attribute.KeyValue { + return CassandraCoordinatorIDKey.String(val) +} + +// CassandraPageSize returns an attribute KeyValue conforming to the +// "cassandra.page.size" semantic conventions. It represents the fetch size used +// for paging, i.e. how many rows will be returned at once. +func CassandraPageSize(val int) attribute.KeyValue { + return CassandraPageSizeKey.Int(val) +} + +// CassandraQueryIdempotent returns an attribute KeyValue conforming to the +// "cassandra.query.idempotent" semantic conventions. It represents the whether +// or not the query is idempotent. +func CassandraQueryIdempotent(val bool) attribute.KeyValue { + return CassandraQueryIdempotentKey.Bool(val) +} + +// CassandraSpeculativeExecutionCount returns an attribute KeyValue conforming to +// the "cassandra.speculative_execution.count" semantic conventions. It +// represents the number of times a query was speculatively executed. Not set or +// `0` if the query was not executed speculatively. +func CassandraSpeculativeExecutionCount(val int) attribute.KeyValue { + return CassandraSpeculativeExecutionCountKey.Int(val) +} + +// Enum values for cassandra.consistency.level +var ( + // All + // Stability: development + CassandraConsistencyLevelAll = CassandraConsistencyLevelKey.String("all") + // Each Quorum + // Stability: development + CassandraConsistencyLevelEachQuorum = CassandraConsistencyLevelKey.String("each_quorum") + // Quorum + // Stability: development + CassandraConsistencyLevelQuorum = CassandraConsistencyLevelKey.String("quorum") + // Local Quorum + // Stability: development + CassandraConsistencyLevelLocalQuorum = CassandraConsistencyLevelKey.String("local_quorum") + // One + // Stability: development + CassandraConsistencyLevelOne = CassandraConsistencyLevelKey.String("one") + // Two + // Stability: development + CassandraConsistencyLevelTwo = CassandraConsistencyLevelKey.String("two") + // Three + // Stability: development + CassandraConsistencyLevelThree = CassandraConsistencyLevelKey.String("three") + // Local One + // Stability: development + CassandraConsistencyLevelLocalOne = CassandraConsistencyLevelKey.String("local_one") + // Any + // Stability: development + CassandraConsistencyLevelAny = CassandraConsistencyLevelKey.String("any") + // Serial + // Stability: development + CassandraConsistencyLevelSerial = CassandraConsistencyLevelKey.String("serial") + // Local Serial + // Stability: development + CassandraConsistencyLevelLocalSerial = CassandraConsistencyLevelKey.String("local_serial") +) + +// Namespace: cicd +const ( + // CICDPipelineActionNameKey is the attribute Key conforming to the + // "cicd.pipeline.action.name" semantic conventions. It represents the kind of + // action a pipeline run is performing. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "BUILD", "RUN", "SYNC" + CICDPipelineActionNameKey = attribute.Key("cicd.pipeline.action.name") + + // CICDPipelineNameKey is the attribute Key conforming to the + // "cicd.pipeline.name" semantic conventions. It represents the human readable + // name of the pipeline within a CI/CD system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Build and Test", "Lint", "Deploy Go Project", + // "deploy_to_environment" + CICDPipelineNameKey = attribute.Key("cicd.pipeline.name") + + // CICDPipelineResultKey is the attribute Key conforming to the + // "cicd.pipeline.result" semantic conventions. It represents the result of a + // pipeline run. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "success", "failure", "timeout", "skipped" + CICDPipelineResultKey = attribute.Key("cicd.pipeline.result") + + // CICDPipelineRunIDKey is the attribute Key conforming to the + // "cicd.pipeline.run.id" semantic conventions. It represents the unique + // identifier of a pipeline run within a CI/CD system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "120912" + CICDPipelineRunIDKey = attribute.Key("cicd.pipeline.run.id") + + // CICDPipelineRunStateKey is the attribute Key conforming to the + // "cicd.pipeline.run.state" semantic conventions. It represents the pipeline + // run goes through these states during its lifecycle. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "pending", "executing", "finalizing" + CICDPipelineRunStateKey = attribute.Key("cicd.pipeline.run.state") + + // CICDPipelineRunURLFullKey is the attribute Key conforming to the + // "cicd.pipeline.run.url.full" semantic conventions. It represents the [URL] of + // the pipeline run, providing the complete address in order to locate and + // identify the pipeline run. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "https://github.com/open-telemetry/semantic-conventions/actions/runs/9753949763?pr=1075" + // + // [URL]: https://wikipedia.org/wiki/URL + CICDPipelineRunURLFullKey = attribute.Key("cicd.pipeline.run.url.full") + + // CICDPipelineTaskNameKey is the attribute Key conforming to the + // "cicd.pipeline.task.name" semantic conventions. It represents the human + // readable name of a task within a pipeline. Task here most closely aligns with + // a [computing process] in a pipeline. Other terms for tasks include commands, + // steps, and procedures. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Run GoLang Linter", "Go Build", "go-test", "deploy_binary" + // + // [computing process]: https://wikipedia.org/wiki/Pipeline_(computing) + CICDPipelineTaskNameKey = attribute.Key("cicd.pipeline.task.name") + + // CICDPipelineTaskRunIDKey is the attribute Key conforming to the + // "cicd.pipeline.task.run.id" semantic conventions. It represents the unique + // identifier of a task run within a pipeline. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "12097" + CICDPipelineTaskRunIDKey = attribute.Key("cicd.pipeline.task.run.id") + + // CICDPipelineTaskRunResultKey is the attribute Key conforming to the + // "cicd.pipeline.task.run.result" semantic conventions. It represents the + // result of a task run. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "success", "failure", "timeout", "skipped" + CICDPipelineTaskRunResultKey = attribute.Key("cicd.pipeline.task.run.result") + + // CICDPipelineTaskRunURLFullKey is the attribute Key conforming to the + // "cicd.pipeline.task.run.url.full" semantic conventions. It represents the + // [URL] of the pipeline task run, providing the complete address in order to + // locate and identify the pipeline task run. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "https://github.com/open-telemetry/semantic-conventions/actions/runs/9753949763/job/26920038674?pr=1075" + // + // [URL]: https://wikipedia.org/wiki/URL + CICDPipelineTaskRunURLFullKey = attribute.Key("cicd.pipeline.task.run.url.full") + + // CICDPipelineTaskTypeKey is the attribute Key conforming to the + // "cicd.pipeline.task.type" semantic conventions. It represents the type of the + // task within a pipeline. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "build", "test", "deploy" + CICDPipelineTaskTypeKey = attribute.Key("cicd.pipeline.task.type") + + // CICDSystemComponentKey is the attribute Key conforming to the + // "cicd.system.component" semantic conventions. It represents the name of a + // component of the CICD system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "controller", "scheduler", "agent" + CICDSystemComponentKey = attribute.Key("cicd.system.component") + + // CICDWorkerIDKey is the attribute Key conforming to the "cicd.worker.id" + // semantic conventions. It represents the unique identifier of a worker within + // a CICD system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "abc123", "10.0.1.2", "controller" + CICDWorkerIDKey = attribute.Key("cicd.worker.id") + + // CICDWorkerNameKey is the attribute Key conforming to the "cicd.worker.name" + // semantic conventions. It represents the name of a worker within a CICD + // system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "agent-abc", "controller", "Ubuntu LTS" + CICDWorkerNameKey = attribute.Key("cicd.worker.name") + + // CICDWorkerStateKey is the attribute Key conforming to the "cicd.worker.state" + // semantic conventions. It represents the state of a CICD worker / agent. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "idle", "busy", "down" + CICDWorkerStateKey = attribute.Key("cicd.worker.state") + + // CICDWorkerURLFullKey is the attribute Key conforming to the + // "cicd.worker.url.full" semantic conventions. It represents the [URL] of the + // worker, providing the complete address in order to locate and identify the + // worker. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "https://cicd.example.org/worker/abc123" + // + // [URL]: https://wikipedia.org/wiki/URL + CICDWorkerURLFullKey = attribute.Key("cicd.worker.url.full") +) + +// CICDPipelineName returns an attribute KeyValue conforming to the +// "cicd.pipeline.name" semantic conventions. It represents the human readable +// name of the pipeline within a CI/CD system. +func CICDPipelineName(val string) attribute.KeyValue { + return CICDPipelineNameKey.String(val) +} + +// CICDPipelineRunID returns an attribute KeyValue conforming to the +// "cicd.pipeline.run.id" semantic conventions. It represents the unique +// identifier of a pipeline run within a CI/CD system. +func CICDPipelineRunID(val string) attribute.KeyValue { + return CICDPipelineRunIDKey.String(val) +} + +// CICDPipelineRunURLFull returns an attribute KeyValue conforming to the +// "cicd.pipeline.run.url.full" semantic conventions. It represents the [URL] of +// the pipeline run, providing the complete address in order to locate and +// identify the pipeline run. +// +// [URL]: https://wikipedia.org/wiki/URL +func CICDPipelineRunURLFull(val string) attribute.KeyValue { + return CICDPipelineRunURLFullKey.String(val) +} + +// CICDPipelineTaskName returns an attribute KeyValue conforming to the +// "cicd.pipeline.task.name" semantic conventions. It represents the human +// readable name of a task within a pipeline. Task here most closely aligns with +// a [computing process] in a pipeline. Other terms for tasks include commands, +// steps, and procedures. +// +// [computing process]: https://wikipedia.org/wiki/Pipeline_(computing) +func CICDPipelineTaskName(val string) attribute.KeyValue { + return CICDPipelineTaskNameKey.String(val) +} + +// CICDPipelineTaskRunID returns an attribute KeyValue conforming to the +// "cicd.pipeline.task.run.id" semantic conventions. It represents the unique +// identifier of a task run within a pipeline. +func CICDPipelineTaskRunID(val string) attribute.KeyValue { + return CICDPipelineTaskRunIDKey.String(val) +} + +// CICDPipelineTaskRunURLFull returns an attribute KeyValue conforming to the +// "cicd.pipeline.task.run.url.full" semantic conventions. It represents the +// [URL] of the pipeline task run, providing the complete address in order to +// locate and identify the pipeline task run. +// +// [URL]: https://wikipedia.org/wiki/URL +func CICDPipelineTaskRunURLFull(val string) attribute.KeyValue { + return CICDPipelineTaskRunURLFullKey.String(val) +} + +// CICDSystemComponent returns an attribute KeyValue conforming to the +// "cicd.system.component" semantic conventions. It represents the name of a +// component of the CICD system. +func CICDSystemComponent(val string) attribute.KeyValue { + return CICDSystemComponentKey.String(val) +} + +// CICDWorkerID returns an attribute KeyValue conforming to the "cicd.worker.id" +// semantic conventions. It represents the unique identifier of a worker within a +// CICD system. +func CICDWorkerID(val string) attribute.KeyValue { + return CICDWorkerIDKey.String(val) +} + +// CICDWorkerName returns an attribute KeyValue conforming to the +// "cicd.worker.name" semantic conventions. It represents the name of a worker +// within a CICD system. +func CICDWorkerName(val string) attribute.KeyValue { + return CICDWorkerNameKey.String(val) +} + +// CICDWorkerURLFull returns an attribute KeyValue conforming to the +// "cicd.worker.url.full" semantic conventions. It represents the [URL] of the +// worker, providing the complete address in order to locate and identify the +// worker. +// +// [URL]: https://wikipedia.org/wiki/URL +func CICDWorkerURLFull(val string) attribute.KeyValue { + return CICDWorkerURLFullKey.String(val) +} + +// Enum values for cicd.pipeline.action.name +var ( + // The pipeline run is executing a build. + // Stability: development + CICDPipelineActionNameBuild = CICDPipelineActionNameKey.String("BUILD") + // The pipeline run is executing. + // Stability: development + CICDPipelineActionNameRun = CICDPipelineActionNameKey.String("RUN") + // The pipeline run is executing a sync. + // Stability: development + CICDPipelineActionNameSync = CICDPipelineActionNameKey.String("SYNC") +) + +// Enum values for cicd.pipeline.result +var ( + // The pipeline run finished successfully. + // Stability: development + CICDPipelineResultSuccess = CICDPipelineResultKey.String("success") + // The pipeline run did not finish successfully, eg. due to a compile error or a + // failing test. Such failures are usually detected by non-zero exit codes of + // the tools executed in the pipeline run. + // Stability: development + CICDPipelineResultFailure = CICDPipelineResultKey.String("failure") + // The pipeline run failed due to an error in the CICD system, eg. due to the + // worker being killed. + // Stability: development + CICDPipelineResultError = CICDPipelineResultKey.String("error") + // A timeout caused the pipeline run to be interrupted. + // Stability: development + CICDPipelineResultTimeout = CICDPipelineResultKey.String("timeout") + // The pipeline run was cancelled, eg. by a user manually cancelling the + // pipeline run. + // Stability: development + CICDPipelineResultCancellation = CICDPipelineResultKey.String("cancellation") + // The pipeline run was skipped, eg. due to a precondition not being met. + // Stability: development + CICDPipelineResultSkip = CICDPipelineResultKey.String("skip") +) + +// Enum values for cicd.pipeline.run.state +var ( + // The run pending state spans from the event triggering the pipeline run until + // the execution of the run starts (eg. time spent in a queue, provisioning + // agents, creating run resources). + // + // Stability: development + CICDPipelineRunStatePending = CICDPipelineRunStateKey.String("pending") + // The executing state spans the execution of any run tasks (eg. build, test). + // Stability: development + CICDPipelineRunStateExecuting = CICDPipelineRunStateKey.String("executing") + // The finalizing state spans from when the run has finished executing (eg. + // cleanup of run resources). + // Stability: development + CICDPipelineRunStateFinalizing = CICDPipelineRunStateKey.String("finalizing") +) + +// Enum values for cicd.pipeline.task.run.result +var ( + // The task run finished successfully. + // Stability: development + CICDPipelineTaskRunResultSuccess = CICDPipelineTaskRunResultKey.String("success") + // The task run did not finish successfully, eg. due to a compile error or a + // failing test. Such failures are usually detected by non-zero exit codes of + // the tools executed in the task run. + // Stability: development + CICDPipelineTaskRunResultFailure = CICDPipelineTaskRunResultKey.String("failure") + // The task run failed due to an error in the CICD system, eg. due to the worker + // being killed. + // Stability: development + CICDPipelineTaskRunResultError = CICDPipelineTaskRunResultKey.String("error") + // A timeout caused the task run to be interrupted. + // Stability: development + CICDPipelineTaskRunResultTimeout = CICDPipelineTaskRunResultKey.String("timeout") + // The task run was cancelled, eg. by a user manually cancelling the task run. + // Stability: development + CICDPipelineTaskRunResultCancellation = CICDPipelineTaskRunResultKey.String("cancellation") + // The task run was skipped, eg. due to a precondition not being met. + // Stability: development + CICDPipelineTaskRunResultSkip = CICDPipelineTaskRunResultKey.String("skip") +) + +// Enum values for cicd.pipeline.task.type +var ( + // build + // Stability: development + CICDPipelineTaskTypeBuild = CICDPipelineTaskTypeKey.String("build") + // test + // Stability: development + CICDPipelineTaskTypeTest = CICDPipelineTaskTypeKey.String("test") + // deploy + // Stability: development + CICDPipelineTaskTypeDeploy = CICDPipelineTaskTypeKey.String("deploy") +) + +// Enum values for cicd.worker.state +var ( + // The worker is not performing work for the CICD system. It is available to the + // CICD system to perform work on (online / idle). + // Stability: development + CICDWorkerStateAvailable = CICDWorkerStateKey.String("available") + // The worker is performing work for the CICD system. + // Stability: development + CICDWorkerStateBusy = CICDWorkerStateKey.String("busy") + // The worker is not available to the CICD system (disconnected / down). + // Stability: development + CICDWorkerStateOffline = CICDWorkerStateKey.String("offline") +) + +// Namespace: client +const ( + // ClientAddressKey is the attribute Key conforming to the "client.address" + // semantic conventions. It represents the client address - domain name if + // available without reverse DNS lookup; otherwise, IP address or Unix domain + // socket name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "client.example.com", "10.1.2.80", "/tmp/my.sock" + // Note: When observed from the server side, and when communicating through an + // intermediary, `client.address` SHOULD represent the client address behind any + // intermediaries, for example proxies, if it's available. + ClientAddressKey = attribute.Key("client.address") + + // ClientPortKey is the attribute Key conforming to the "client.port" semantic + // conventions. It represents the client port number. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: 65123 + // Note: When observed from the server side, and when communicating through an + // intermediary, `client.port` SHOULD represent the client port behind any + // intermediaries, for example proxies, if it's available. + ClientPortKey = attribute.Key("client.port") +) + +// ClientAddress returns an attribute KeyValue conforming to the "client.address" +// semantic conventions. It represents the client address - domain name if +// available without reverse DNS lookup; otherwise, IP address or Unix domain +// socket name. +func ClientAddress(val string) attribute.KeyValue { + return ClientAddressKey.String(val) +} + +// ClientPort returns an attribute KeyValue conforming to the "client.port" +// semantic conventions. It represents the client port number. +func ClientPort(val int) attribute.KeyValue { + return ClientPortKey.Int(val) +} + +// Namespace: cloud +const ( + // CloudAccountIDKey is the attribute Key conforming to the "cloud.account.id" + // semantic conventions. It represents the cloud account ID the resource is + // assigned to. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "111111111111", "opentelemetry" + CloudAccountIDKey = attribute.Key("cloud.account.id") + + // CloudAvailabilityZoneKey is the attribute Key conforming to the + // "cloud.availability_zone" semantic conventions. It represents the cloud + // regions often have multiple, isolated locations known as zones to increase + // availability. Availability zone represents the zone where the resource is + // running. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "us-east-1c" + // Note: Availability zones are called "zones" on Alibaba Cloud and Google + // Cloud. + CloudAvailabilityZoneKey = attribute.Key("cloud.availability_zone") + + // CloudPlatformKey is the attribute Key conforming to the "cloud.platform" + // semantic conventions. It represents the cloud platform in use. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: The prefix of the service SHOULD match the one specified in + // `cloud.provider`. + CloudPlatformKey = attribute.Key("cloud.platform") + + // CloudProviderKey is the attribute Key conforming to the "cloud.provider" + // semantic conventions. It represents the name of the cloud provider. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + CloudProviderKey = attribute.Key("cloud.provider") + + // CloudRegionKey is the attribute Key conforming to the "cloud.region" semantic + // conventions. It represents the geographical region within a cloud provider. + // When associated with a resource, this attribute specifies the region where + // the resource operates. When calling services or APIs deployed on a cloud, + // this attribute identifies the region where the called destination is + // deployed. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "us-central1", "us-east-1" + // Note: Refer to your provider's docs to see the available regions, for example + // [Alibaba Cloud regions], [AWS regions], [Azure regions], + // [Google Cloud regions], or [Tencent Cloud regions]. + // + // [Alibaba Cloud regions]: https://www.alibabacloud.com/help/doc-detail/40654.htm + // [AWS regions]: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/ + // [Azure regions]: https://azure.microsoft.com/global-infrastructure/geographies/ + // [Google Cloud regions]: https://cloud.google.com/about/locations + // [Tencent Cloud regions]: https://www.tencentcloud.com/document/product/213/6091 + CloudRegionKey = attribute.Key("cloud.region") + + // CloudResourceIDKey is the attribute Key conforming to the "cloud.resource_id" + // semantic conventions. It represents the cloud provider-specific native + // identifier of the monitored cloud resource (e.g. an [ARN] on AWS, a + // [fully qualified resource ID] on Azure, a [full resource name] on GCP). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "arn:aws:lambda:REGION:ACCOUNT_ID:function:my-function", + // "//run.googleapis.com/projects/PROJECT_ID/locations/LOCATION_ID/services/SERVICE_ID", + // "/subscriptions//resourceGroups/ + // /providers/Microsoft.Web/sites//functions/" + // Note: On some cloud providers, it may not be possible to determine the full + // ID at startup, + // so it may be necessary to set `cloud.resource_id` as a span attribute + // instead. + // + // The exact value to use for `cloud.resource_id` depends on the cloud provider. + // The following well-known definitions MUST be used if you set this attribute + // and they apply: + // + // - **AWS Lambda:** The function [ARN]. + // Take care not to use the "invoked ARN" directly but replace any + // [alias suffix] + // with the resolved function version, as the same runtime instance may be + // invocable with + // multiple different aliases. + // - **GCP:** The [URI of the resource] + // - **Azure:** The [Fully Qualified Resource ID] of the invoked function, + // *not* the function app, having the form + // + // `/subscriptions//resourceGroups//providers/Microsoft.Web/sites//functions/` + // . + // This means that a span attribute MUST be used, as an Azure function app + // can host multiple functions that would usually share + // a TracerProvider. + // + // + // [ARN]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html + // [fully qualified resource ID]: https://learn.microsoft.com/rest/api/resources/resources/get-by-id + // [full resource name]: https://google.aip.dev/122#full-resource-names + // [ARN]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html + // [alias suffix]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html + // [URI of the resource]: https://cloud.google.com/iam/docs/full-resource-names + // [Fully Qualified Resource ID]: https://learn.microsoft.com/rest/api/resources/resources/get-by-id + CloudResourceIDKey = attribute.Key("cloud.resource_id") +) + +// CloudAccountID returns an attribute KeyValue conforming to the +// "cloud.account.id" semantic conventions. It represents the cloud account ID +// the resource is assigned to. +func CloudAccountID(val string) attribute.KeyValue { + return CloudAccountIDKey.String(val) +} + +// CloudAvailabilityZone returns an attribute KeyValue conforming to the +// "cloud.availability_zone" semantic conventions. It represents the cloud +// regions often have multiple, isolated locations known as zones to increase +// availability. Availability zone represents the zone where the resource is +// running. +func CloudAvailabilityZone(val string) attribute.KeyValue { + return CloudAvailabilityZoneKey.String(val) +} + +// CloudRegion returns an attribute KeyValue conforming to the "cloud.region" +// semantic conventions. It represents the geographical region within a cloud +// provider. When associated with a resource, this attribute specifies the region +// where the resource operates. When calling services or APIs deployed on a +// cloud, this attribute identifies the region where the called destination is +// deployed. +func CloudRegion(val string) attribute.KeyValue { + return CloudRegionKey.String(val) +} + +// CloudResourceID returns an attribute KeyValue conforming to the +// "cloud.resource_id" semantic conventions. It represents the cloud +// provider-specific native identifier of the monitored cloud resource (e.g. an +// [ARN] on AWS, a [fully qualified resource ID] on Azure, a [full resource name] +// on GCP). +// +// [ARN]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html +// [fully qualified resource ID]: https://learn.microsoft.com/rest/api/resources/resources/get-by-id +// [full resource name]: https://google.aip.dev/122#full-resource-names +func CloudResourceID(val string) attribute.KeyValue { + return CloudResourceIDKey.String(val) +} + +// Enum values for cloud.platform +var ( + // Alibaba Cloud Elastic Compute Service + // Stability: development + CloudPlatformAlibabaCloudECS = CloudPlatformKey.String("alibaba_cloud_ecs") + // Alibaba Cloud Function Compute + // Stability: development + CloudPlatformAlibabaCloudFC = CloudPlatformKey.String("alibaba_cloud_fc") + // Red Hat OpenShift on Alibaba Cloud + // Stability: development + CloudPlatformAlibabaCloudOpenShift = CloudPlatformKey.String("alibaba_cloud_openshift") + // AWS Elastic Compute Cloud + // Stability: development + CloudPlatformAWSEC2 = CloudPlatformKey.String("aws_ec2") + // AWS Elastic Container Service + // Stability: development + CloudPlatformAWSECS = CloudPlatformKey.String("aws_ecs") + // AWS Elastic Kubernetes Service + // Stability: development + CloudPlatformAWSEKS = CloudPlatformKey.String("aws_eks") + // AWS Lambda + // Stability: development + CloudPlatformAWSLambda = CloudPlatformKey.String("aws_lambda") + // AWS Elastic Beanstalk + // Stability: development + CloudPlatformAWSElasticBeanstalk = CloudPlatformKey.String("aws_elastic_beanstalk") + // AWS App Runner + // Stability: development + CloudPlatformAWSAppRunner = CloudPlatformKey.String("aws_app_runner") + // Red Hat OpenShift on AWS (ROSA) + // Stability: development + CloudPlatformAWSOpenShift = CloudPlatformKey.String("aws_openshift") + // Azure Virtual Machines + // Stability: development + CloudPlatformAzureVM = CloudPlatformKey.String("azure.vm") + // Azure Container Apps + // Stability: development + CloudPlatformAzureContainerApps = CloudPlatformKey.String("azure.container_apps") + // Azure Container Instances + // Stability: development + CloudPlatformAzureContainerInstances = CloudPlatformKey.String("azure.container_instances") + // Azure Kubernetes Service + // Stability: development + CloudPlatformAzureAKS = CloudPlatformKey.String("azure.aks") + // Azure Functions + // Stability: development + CloudPlatformAzureFunctions = CloudPlatformKey.String("azure.functions") + // Azure App Service + // Stability: development + CloudPlatformAzureAppService = CloudPlatformKey.String("azure.app_service") + // Azure Red Hat OpenShift + // Stability: development + CloudPlatformAzureOpenShift = CloudPlatformKey.String("azure.openshift") + // Google Bare Metal Solution (BMS) + // Stability: development + CloudPlatformGCPBareMetalSolution = CloudPlatformKey.String("gcp_bare_metal_solution") + // Google Cloud Compute Engine (GCE) + // Stability: development + CloudPlatformGCPComputeEngine = CloudPlatformKey.String("gcp_compute_engine") + // Google Cloud Run + // Stability: development + CloudPlatformGCPCloudRun = CloudPlatformKey.String("gcp_cloud_run") + // Google Cloud Kubernetes Engine (GKE) + // Stability: development + CloudPlatformGCPKubernetesEngine = CloudPlatformKey.String("gcp_kubernetes_engine") + // Google Cloud Functions (GCF) + // Stability: development + CloudPlatformGCPCloudFunctions = CloudPlatformKey.String("gcp_cloud_functions") + // Google Cloud App Engine (GAE) + // Stability: development + CloudPlatformGCPAppEngine = CloudPlatformKey.String("gcp_app_engine") + // Red Hat OpenShift on Google Cloud + // Stability: development + CloudPlatformGCPOpenShift = CloudPlatformKey.String("gcp_openshift") + // Red Hat OpenShift on IBM Cloud + // Stability: development + CloudPlatformIBMCloudOpenShift = CloudPlatformKey.String("ibm_cloud_openshift") + // Compute on Oracle Cloud Infrastructure (OCI) + // Stability: development + CloudPlatformOracleCloudCompute = CloudPlatformKey.String("oracle_cloud_compute") + // Kubernetes Engine (OKE) on Oracle Cloud Infrastructure (OCI) + // Stability: development + CloudPlatformOracleCloudOKE = CloudPlatformKey.String("oracle_cloud_oke") + // Tencent Cloud Cloud Virtual Machine (CVM) + // Stability: development + CloudPlatformTencentCloudCVM = CloudPlatformKey.String("tencent_cloud_cvm") + // Tencent Cloud Elastic Kubernetes Service (EKS) + // Stability: development + CloudPlatformTencentCloudEKS = CloudPlatformKey.String("tencent_cloud_eks") + // Tencent Cloud Serverless Cloud Function (SCF) + // Stability: development + CloudPlatformTencentCloudSCF = CloudPlatformKey.String("tencent_cloud_scf") +) + +// Enum values for cloud.provider +var ( + // Alibaba Cloud + // Stability: development + CloudProviderAlibabaCloud = CloudProviderKey.String("alibaba_cloud") + // Amazon Web Services + // Stability: development + CloudProviderAWS = CloudProviderKey.String("aws") + // Microsoft Azure + // Stability: development + CloudProviderAzure = CloudProviderKey.String("azure") + // Google Cloud Platform + // Stability: development + CloudProviderGCP = CloudProviderKey.String("gcp") + // Heroku Platform as a Service + // Stability: development + CloudProviderHeroku = CloudProviderKey.String("heroku") + // IBM Cloud + // Stability: development + CloudProviderIBMCloud = CloudProviderKey.String("ibm_cloud") + // Oracle Cloud Infrastructure (OCI) + // Stability: development + CloudProviderOracleCloud = CloudProviderKey.String("oracle_cloud") + // Tencent Cloud + // Stability: development + CloudProviderTencentCloud = CloudProviderKey.String("tencent_cloud") +) + +// Namespace: cloudevents +const ( + // CloudEventsEventIDKey is the attribute Key conforming to the + // "cloudevents.event_id" semantic conventions. It represents the [event_id] + // uniquely identifies the event. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "123e4567-e89b-12d3-a456-426614174000", "0001" + // + // [event_id]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#id + CloudEventsEventIDKey = attribute.Key("cloudevents.event_id") + + // CloudEventsEventSourceKey is the attribute Key conforming to the + // "cloudevents.event_source" semantic conventions. It represents the [source] + // identifies the context in which an event happened. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "https://github.com/cloudevents", "/cloudevents/spec/pull/123", + // "my-service" + // + // [source]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#source-1 + CloudEventsEventSourceKey = attribute.Key("cloudevents.event_source") + + // CloudEventsEventSpecVersionKey is the attribute Key conforming to the + // "cloudevents.event_spec_version" semantic conventions. It represents the + // [version of the CloudEvents specification] which the event uses. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1.0 + // + // [version of the CloudEvents specification]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#specversion + CloudEventsEventSpecVersionKey = attribute.Key("cloudevents.event_spec_version") + + // CloudEventsEventSubjectKey is the attribute Key conforming to the + // "cloudevents.event_subject" semantic conventions. It represents the [subject] + // of the event in the context of the event producer (identified by source). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: mynewfile.jpg + // + // [subject]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject + CloudEventsEventSubjectKey = attribute.Key("cloudevents.event_subject") + + // CloudEventsEventTypeKey is the attribute Key conforming to the + // "cloudevents.event_type" semantic conventions. It represents the [event_type] + // contains a value describing the type of event related to the originating + // occurrence. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "com.github.pull_request.opened", "com.example.object.deleted.v2" + // + // [event_type]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#type + CloudEventsEventTypeKey = attribute.Key("cloudevents.event_type") +) + +// CloudEventsEventID returns an attribute KeyValue conforming to the +// "cloudevents.event_id" semantic conventions. It represents the [event_id] +// uniquely identifies the event. +// +// [event_id]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#id +func CloudEventsEventID(val string) attribute.KeyValue { + return CloudEventsEventIDKey.String(val) +} + +// CloudEventsEventSource returns an attribute KeyValue conforming to the +// "cloudevents.event_source" semantic conventions. It represents the [source] +// identifies the context in which an event happened. +// +// [source]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#source-1 +func CloudEventsEventSource(val string) attribute.KeyValue { + return CloudEventsEventSourceKey.String(val) +} + +// CloudEventsEventSpecVersion returns an attribute KeyValue conforming to the +// "cloudevents.event_spec_version" semantic conventions. It represents the +// [version of the CloudEvents specification] which the event uses. +// +// [version of the CloudEvents specification]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#specversion +func CloudEventsEventSpecVersion(val string) attribute.KeyValue { + return CloudEventsEventSpecVersionKey.String(val) +} + +// CloudEventsEventSubject returns an attribute KeyValue conforming to the +// "cloudevents.event_subject" semantic conventions. It represents the [subject] +// of the event in the context of the event producer (identified by source). +// +// [subject]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#subject +func CloudEventsEventSubject(val string) attribute.KeyValue { + return CloudEventsEventSubjectKey.String(val) +} + +// CloudEventsEventType returns an attribute KeyValue conforming to the +// "cloudevents.event_type" semantic conventions. It represents the [event_type] +// contains a value describing the type of event related to the originating +// occurrence. +// +// [event_type]: https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/spec.md#type +func CloudEventsEventType(val string) attribute.KeyValue { + return CloudEventsEventTypeKey.String(val) +} + +// Namespace: cloudfoundry +const ( + // CloudFoundryAppIDKey is the attribute Key conforming to the + // "cloudfoundry.app.id" semantic conventions. It represents the guid of the + // application. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "218fc5a9-a5f1-4b54-aa05-46717d0ab26d" + // Note: Application instrumentation should use the value from environment + // variable `VCAP_APPLICATION.application_id`. This is the same value as + // reported by `cf app --guid`. + CloudFoundryAppIDKey = attribute.Key("cloudfoundry.app.id") + + // CloudFoundryAppInstanceIDKey is the attribute Key conforming to the + // "cloudfoundry.app.instance.id" semantic conventions. It represents the index + // of the application instance. 0 when just one instance is active. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "0", "1" + // Note: CloudFoundry defines the `instance_id` in the [Loggregator v2 envelope] + // . + // It is used for logs and metrics emitted by CloudFoundry. It is + // supposed to contain the application instance index for applications + // deployed on the runtime. + // + // Application instrumentation should use the value from environment + // variable `CF_INSTANCE_INDEX`. + // + // [Loggregator v2 envelope]: https://github.com/cloudfoundry/loggregator-api#v2-envelope + CloudFoundryAppInstanceIDKey = attribute.Key("cloudfoundry.app.instance.id") + + // CloudFoundryAppNameKey is the attribute Key conforming to the + // "cloudfoundry.app.name" semantic conventions. It represents the name of the + // application. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-app-name" + // Note: Application instrumentation should use the value from environment + // variable `VCAP_APPLICATION.application_name`. This is the same value + // as reported by `cf apps`. + CloudFoundryAppNameKey = attribute.Key("cloudfoundry.app.name") + + // CloudFoundryOrgIDKey is the attribute Key conforming to the + // "cloudfoundry.org.id" semantic conventions. It represents the guid of the + // CloudFoundry org the application is running in. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "218fc5a9-a5f1-4b54-aa05-46717d0ab26d" + // Note: Application instrumentation should use the value from environment + // variable `VCAP_APPLICATION.org_id`. This is the same value as + // reported by `cf org --guid`. + CloudFoundryOrgIDKey = attribute.Key("cloudfoundry.org.id") + + // CloudFoundryOrgNameKey is the attribute Key conforming to the + // "cloudfoundry.org.name" semantic conventions. It represents the name of the + // CloudFoundry organization the app is running in. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-org-name" + // Note: Application instrumentation should use the value from environment + // variable `VCAP_APPLICATION.org_name`. This is the same value as + // reported by `cf orgs`. + CloudFoundryOrgNameKey = attribute.Key("cloudfoundry.org.name") + + // CloudFoundryProcessIDKey is the attribute Key conforming to the + // "cloudfoundry.process.id" semantic conventions. It represents the UID + // identifying the process. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "218fc5a9-a5f1-4b54-aa05-46717d0ab26d" + // Note: Application instrumentation should use the value from environment + // variable `VCAP_APPLICATION.process_id`. It is supposed to be equal to + // `VCAP_APPLICATION.app_id` for applications deployed to the runtime. + // For system components, this could be the actual PID. + CloudFoundryProcessIDKey = attribute.Key("cloudfoundry.process.id") + + // CloudFoundryProcessTypeKey is the attribute Key conforming to the + // "cloudfoundry.process.type" semantic conventions. It represents the type of + // process. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "web" + // Note: CloudFoundry applications can consist of multiple jobs. Usually the + // main process will be of type `web`. There can be additional background + // tasks or side-cars with different process types. + CloudFoundryProcessTypeKey = attribute.Key("cloudfoundry.process.type") + + // CloudFoundrySpaceIDKey is the attribute Key conforming to the + // "cloudfoundry.space.id" semantic conventions. It represents the guid of the + // CloudFoundry space the application is running in. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "218fc5a9-a5f1-4b54-aa05-46717d0ab26d" + // Note: Application instrumentation should use the value from environment + // variable `VCAP_APPLICATION.space_id`. This is the same value as + // reported by `cf space --guid`. + CloudFoundrySpaceIDKey = attribute.Key("cloudfoundry.space.id") + + // CloudFoundrySpaceNameKey is the attribute Key conforming to the + // "cloudfoundry.space.name" semantic conventions. It represents the name of the + // CloudFoundry space the application is running in. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-space-name" + // Note: Application instrumentation should use the value from environment + // variable `VCAP_APPLICATION.space_name`. This is the same value as + // reported by `cf spaces`. + CloudFoundrySpaceNameKey = attribute.Key("cloudfoundry.space.name") + + // CloudFoundrySystemIDKey is the attribute Key conforming to the + // "cloudfoundry.system.id" semantic conventions. It represents a guid or + // another name describing the event source. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "cf/gorouter" + // Note: CloudFoundry defines the `source_id` in the [Loggregator v2 envelope]. + // It is used for logs and metrics emitted by CloudFoundry. It is + // supposed to contain the component name, e.g. "gorouter", for + // CloudFoundry components. + // + // When system components are instrumented, values from the + // [Bosh spec] + // should be used. The `system.id` should be set to + // `spec.deployment/spec.name`. + // + // [Loggregator v2 envelope]: https://github.com/cloudfoundry/loggregator-api#v2-envelope + // [Bosh spec]: https://bosh.io/docs/jobs/#properties-spec + CloudFoundrySystemIDKey = attribute.Key("cloudfoundry.system.id") + + // CloudFoundrySystemInstanceIDKey is the attribute Key conforming to the + // "cloudfoundry.system.instance.id" semantic conventions. It represents a guid + // describing the concrete instance of the event source. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "218fc5a9-a5f1-4b54-aa05-46717d0ab26d" + // Note: CloudFoundry defines the `instance_id` in the [Loggregator v2 envelope] + // . + // It is used for logs and metrics emitted by CloudFoundry. It is + // supposed to contain the vm id for CloudFoundry components. + // + // When system components are instrumented, values from the + // [Bosh spec] + // should be used. The `system.instance.id` should be set to `spec.id`. + // + // [Loggregator v2 envelope]: https://github.com/cloudfoundry/loggregator-api#v2-envelope + // [Bosh spec]: https://bosh.io/docs/jobs/#properties-spec + CloudFoundrySystemInstanceIDKey = attribute.Key("cloudfoundry.system.instance.id") +) + +// CloudFoundryAppID returns an attribute KeyValue conforming to the +// "cloudfoundry.app.id" semantic conventions. It represents the guid of the +// application. +func CloudFoundryAppID(val string) attribute.KeyValue { + return CloudFoundryAppIDKey.String(val) +} + +// CloudFoundryAppInstanceID returns an attribute KeyValue conforming to the +// "cloudfoundry.app.instance.id" semantic conventions. It represents the index +// of the application instance. 0 when just one instance is active. +func CloudFoundryAppInstanceID(val string) attribute.KeyValue { + return CloudFoundryAppInstanceIDKey.String(val) +} + +// CloudFoundryAppName returns an attribute KeyValue conforming to the +// "cloudfoundry.app.name" semantic conventions. It represents the name of the +// application. +func CloudFoundryAppName(val string) attribute.KeyValue { + return CloudFoundryAppNameKey.String(val) +} + +// CloudFoundryOrgID returns an attribute KeyValue conforming to the +// "cloudfoundry.org.id" semantic conventions. It represents the guid of the +// CloudFoundry org the application is running in. +func CloudFoundryOrgID(val string) attribute.KeyValue { + return CloudFoundryOrgIDKey.String(val) +} + +// CloudFoundryOrgName returns an attribute KeyValue conforming to the +// "cloudfoundry.org.name" semantic conventions. It represents the name of the +// CloudFoundry organization the app is running in. +func CloudFoundryOrgName(val string) attribute.KeyValue { + return CloudFoundryOrgNameKey.String(val) +} + +// CloudFoundryProcessID returns an attribute KeyValue conforming to the +// "cloudfoundry.process.id" semantic conventions. It represents the UID +// identifying the process. +func CloudFoundryProcessID(val string) attribute.KeyValue { + return CloudFoundryProcessIDKey.String(val) +} + +// CloudFoundryProcessType returns an attribute KeyValue conforming to the +// "cloudfoundry.process.type" semantic conventions. It represents the type of +// process. +func CloudFoundryProcessType(val string) attribute.KeyValue { + return CloudFoundryProcessTypeKey.String(val) +} + +// CloudFoundrySpaceID returns an attribute KeyValue conforming to the +// "cloudfoundry.space.id" semantic conventions. It represents the guid of the +// CloudFoundry space the application is running in. +func CloudFoundrySpaceID(val string) attribute.KeyValue { + return CloudFoundrySpaceIDKey.String(val) +} + +// CloudFoundrySpaceName returns an attribute KeyValue conforming to the +// "cloudfoundry.space.name" semantic conventions. It represents the name of the +// CloudFoundry space the application is running in. +func CloudFoundrySpaceName(val string) attribute.KeyValue { + return CloudFoundrySpaceNameKey.String(val) +} + +// CloudFoundrySystemID returns an attribute KeyValue conforming to the +// "cloudfoundry.system.id" semantic conventions. It represents a guid or another +// name describing the event source. +func CloudFoundrySystemID(val string) attribute.KeyValue { + return CloudFoundrySystemIDKey.String(val) +} + +// CloudFoundrySystemInstanceID returns an attribute KeyValue conforming to the +// "cloudfoundry.system.instance.id" semantic conventions. It represents a guid +// describing the concrete instance of the event source. +func CloudFoundrySystemInstanceID(val string) attribute.KeyValue { + return CloudFoundrySystemInstanceIDKey.String(val) +} + +// Namespace: code +const ( + // CodeColumnNumberKey is the attribute Key conforming to the + // "code.column.number" semantic conventions. It represents the column number in + // `code.file.path` best representing the operation. It SHOULD point within the + // code unit named in `code.function.name`. This attribute MUST NOT be used on + // the Profile signal since the data is already captured in 'message Line'. This + // constraint is imposed to prevent redundancy and maintain data integrity. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + CodeColumnNumberKey = attribute.Key("code.column.number") + + // CodeFilePathKey is the attribute Key conforming to the "code.file.path" + // semantic conventions. It represents the source code file name that identifies + // the code unit as uniquely as possible (preferably an absolute file path). + // This attribute MUST NOT be used on the Profile signal since the data is + // already captured in 'message Function'. This constraint is imposed to prevent + // redundancy and maintain data integrity. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: /usr/local/MyApplication/content_root/app/index.php + CodeFilePathKey = attribute.Key("code.file.path") + + // CodeFunctionNameKey is the attribute Key conforming to the + // "code.function.name" semantic conventions. It represents the method or + // function fully-qualified name without arguments. The value should fit the + // natural representation of the language runtime, which is also likely the same + // used within `code.stacktrace` attribute value. This attribute MUST NOT be + // used on the Profile signal since the data is already captured in 'message + // Function'. This constraint is imposed to prevent redundancy and maintain data + // integrity. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "com.example.MyHttpService.serveRequest", + // "GuzzleHttp\Client::transfer", "fopen" + // Note: Values and format depends on each language runtime, thus it is + // impossible to provide an exhaustive list of examples. + // The values are usually the same (or prefixes of) the ones found in native + // stack trace representation stored in + // `code.stacktrace` without information on arguments. + // + // Examples: + // + // - Java method: `com.example.MyHttpService.serveRequest` + // - Java anonymous class method: `com.mycompany.Main$1.myMethod` + // - Java lambda method: + // `com.mycompany.Main$$Lambda/0x0000748ae4149c00.myMethod` + // - PHP function: `GuzzleHttp\Client::transfer` + // - Go function: `github.com/my/repo/pkg.foo.func5` + // - Elixir: `OpenTelemetry.Ctx.new` + // - Erlang: `opentelemetry_ctx:new` + // - Rust: `playground::my_module::my_cool_func` + // - C function: `fopen` + CodeFunctionNameKey = attribute.Key("code.function.name") + + // CodeLineNumberKey is the attribute Key conforming to the "code.line.number" + // semantic conventions. It represents the line number in `code.file.path` best + // representing the operation. It SHOULD point within the code unit named in + // `code.function.name`. This attribute MUST NOT be used on the Profile signal + // since the data is already captured in 'message Line'. This constraint is + // imposed to prevent redundancy and maintain data integrity. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + CodeLineNumberKey = attribute.Key("code.line.number") + + // CodeStacktraceKey is the attribute Key conforming to the "code.stacktrace" + // semantic conventions. It represents a stacktrace as a string in the natural + // representation for the language runtime. The representation is identical to + // [`exception.stacktrace`]. This attribute MUST NOT be used on the Profile + // signal since the data is already captured in 'message Location'. This + // constraint is imposed to prevent redundancy and maintain data integrity. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: at com.example.GenerateTrace.methodB(GenerateTrace.java:13)\n at + // com.example.GenerateTrace.methodA(GenerateTrace.java:9)\n at + // com.example.GenerateTrace.main(GenerateTrace.java:5) + // + // [`exception.stacktrace`]: /docs/exceptions/exceptions-spans.md#stacktrace-representation + CodeStacktraceKey = attribute.Key("code.stacktrace") +) + +// CodeColumnNumber returns an attribute KeyValue conforming to the +// "code.column.number" semantic conventions. It represents the column number in +// `code.file.path` best representing the operation. It SHOULD point within the +// code unit named in `code.function.name`. This attribute MUST NOT be used on +// the Profile signal since the data is already captured in 'message Line'. This +// constraint is imposed to prevent redundancy and maintain data integrity. +func CodeColumnNumber(val int) attribute.KeyValue { + return CodeColumnNumberKey.Int(val) +} + +// CodeFilePath returns an attribute KeyValue conforming to the "code.file.path" +// semantic conventions. It represents the source code file name that identifies +// the code unit as uniquely as possible (preferably an absolute file path). This +// attribute MUST NOT be used on the Profile signal since the data is already +// captured in 'message Function'. This constraint is imposed to prevent +// redundancy and maintain data integrity. +func CodeFilePath(val string) attribute.KeyValue { + return CodeFilePathKey.String(val) +} + +// CodeFunctionName returns an attribute KeyValue conforming to the +// "code.function.name" semantic conventions. It represents the method or +// function fully-qualified name without arguments. The value should fit the +// natural representation of the language runtime, which is also likely the same +// used within `code.stacktrace` attribute value. This attribute MUST NOT be used +// on the Profile signal since the data is already captured in 'message +// Function'. This constraint is imposed to prevent redundancy and maintain data +// integrity. +func CodeFunctionName(val string) attribute.KeyValue { + return CodeFunctionNameKey.String(val) +} + +// CodeLineNumber returns an attribute KeyValue conforming to the +// "code.line.number" semantic conventions. It represents the line number in +// `code.file.path` best representing the operation. It SHOULD point within the +// code unit named in `code.function.name`. This attribute MUST NOT be used on +// the Profile signal since the data is already captured in 'message Line'. This +// constraint is imposed to prevent redundancy and maintain data integrity. +func CodeLineNumber(val int) attribute.KeyValue { + return CodeLineNumberKey.Int(val) +} + +// CodeStacktrace returns an attribute KeyValue conforming to the +// "code.stacktrace" semantic conventions. It represents a stacktrace as a string +// in the natural representation for the language runtime. The representation is +// identical to [`exception.stacktrace`]. This attribute MUST NOT be used on the +// Profile signal since the data is already captured in 'message Location'. This +// constraint is imposed to prevent redundancy and maintain data integrity. +// +// [`exception.stacktrace`]: /docs/exceptions/exceptions-spans.md#stacktrace-representation +func CodeStacktrace(val string) attribute.KeyValue { + return CodeStacktraceKey.String(val) +} + +// Namespace: container +const ( + // ContainerCommandKey is the attribute Key conforming to the + // "container.command" semantic conventions. It represents the command used to + // run the container (i.e. the command name). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "otelcontribcol" + // Note: If using embedded credentials or sensitive data, it is recommended to + // remove them to prevent potential leakage. + ContainerCommandKey = attribute.Key("container.command") + + // ContainerCommandArgsKey is the attribute Key conforming to the + // "container.command_args" semantic conventions. It represents the all the + // command arguments (including the command/executable itself) run by the + // container. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "otelcontribcol", "--config", "config.yaml" + ContainerCommandArgsKey = attribute.Key("container.command_args") + + // ContainerCommandLineKey is the attribute Key conforming to the + // "container.command_line" semantic conventions. It represents the full command + // run by the container as a single string representing the full command. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "otelcontribcol --config config.yaml" + ContainerCommandLineKey = attribute.Key("container.command_line") + + // ContainerCSIPluginNameKey is the attribute Key conforming to the + // "container.csi.plugin.name" semantic conventions. It represents the name of + // the CSI ([Container Storage Interface]) plugin used by the volume. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "pd.csi.storage.gke.io" + // Note: This can sometimes be referred to as a "driver" in CSI implementations. + // This should represent the `name` field of the GetPluginInfo RPC. + // + // [Container Storage Interface]: https://github.com/container-storage-interface/spec + ContainerCSIPluginNameKey = attribute.Key("container.csi.plugin.name") + + // ContainerCSIVolumeIDKey is the attribute Key conforming to the + // "container.csi.volume.id" semantic conventions. It represents the unique + // volume ID returned by the CSI ([Container Storage Interface]) plugin. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "projects/my-gcp-project/zones/my-gcp-zone/disks/my-gcp-disk" + // Note: This can sometimes be referred to as a "volume handle" in CSI + // implementations. This should represent the `Volume.volume_id` field in CSI + // spec. + // + // [Container Storage Interface]: https://github.com/container-storage-interface/spec + ContainerCSIVolumeIDKey = attribute.Key("container.csi.volume.id") + + // ContainerIDKey is the attribute Key conforming to the "container.id" semantic + // conventions. It represents the container ID. Usually a UUID, as for example + // used to [identify Docker containers]. The UUID might be abbreviated. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "a3bf90e006b2" + // + // [identify Docker containers]: https://docs.docker.com/engine/containers/run/#container-identification + ContainerIDKey = attribute.Key("container.id") + + // ContainerImageIDKey is the attribute Key conforming to the + // "container.image.id" semantic conventions. It represents the runtime specific + // image identifier. Usually a hash algorithm followed by a UUID. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f" + // Note: Docker defines a sha256 of the image id; `container.image.id` + // corresponds to the `Image` field from the Docker container inspect [API] + // endpoint. + // K8s defines a link to the container registry repository with digest + // `"imageID": "registry.azurecr.io /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"` + // . + // The ID is assigned by the container runtime and can vary in different + // environments. Consider using `oci.manifest.digest` if it is important to + // identify the same image in different environments/runtimes. + // + // [API]: https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect + ContainerImageIDKey = attribute.Key("container.image.id") + + // ContainerImageNameKey is the attribute Key conforming to the + // "container.image.name" semantic conventions. It represents the name of the + // image the container was built on. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "gcr.io/opentelemetry/operator" + ContainerImageNameKey = attribute.Key("container.image.name") + + // ContainerImageRepoDigestsKey is the attribute Key conforming to the + // "container.image.repo_digests" semantic conventions. It represents the repo + // digests of the container image as provided by the container runtime. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "example@sha256:afcc7f1ac1b49db317a7196c902e61c6c3c4607d63599ee1a82d702d249a0ccb", + // "internal.registry.example.com:5000/example@sha256:b69959407d21e8a062e0416bf13405bb2b71ed7a84dde4158ebafacfa06f5578" + // Note: [Docker] and [CRI] report those under the `RepoDigests` field. + // + // [Docker]: https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect + // [CRI]: https://github.com/kubernetes/cri-api/blob/c75ef5b473bbe2d0a4fc92f82235efd665ea8e9f/pkg/apis/runtime/v1/api.proto#L1237-L1238 + ContainerImageRepoDigestsKey = attribute.Key("container.image.repo_digests") + + // ContainerImageTagsKey is the attribute Key conforming to the + // "container.image.tags" semantic conventions. It represents the container + // image tags. An example can be found in [Docker Image Inspect]. Should be only + // the `` section of the full name for example from + // `registry.example.com/my-org/my-image:`. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "v1.27.1", "3.5.7-0" + // + // [Docker Image Inspect]: https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect + ContainerImageTagsKey = attribute.Key("container.image.tags") + + // ContainerNameKey is the attribute Key conforming to the "container.name" + // semantic conventions. It represents the container name used by container + // runtime. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry-autoconf" + ContainerNameKey = attribute.Key("container.name") + + // ContainerRuntimeDescriptionKey is the attribute Key conforming to the + // "container.runtime.description" semantic conventions. It represents a + // description about the runtime which could include, for example details about + // the CRI/API version being used or other customisations. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "docker://19.3.1 - CRI: 1.22.0" + ContainerRuntimeDescriptionKey = attribute.Key("container.runtime.description") + + // ContainerRuntimeNameKey is the attribute Key conforming to the + // "container.runtime.name" semantic conventions. It represents the container + // runtime managing this container. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "docker", "containerd", "rkt" + ContainerRuntimeNameKey = attribute.Key("container.runtime.name") + + // ContainerRuntimeVersionKey is the attribute Key conforming to the + // "container.runtime.version" semantic conventions. It represents the version + // of the runtime of this process, as returned by the runtime without + // modification. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1.0.0 + ContainerRuntimeVersionKey = attribute.Key("container.runtime.version") +) + +// ContainerCommand returns an attribute KeyValue conforming to the +// "container.command" semantic conventions. It represents the command used to +// run the container (i.e. the command name). +func ContainerCommand(val string) attribute.KeyValue { + return ContainerCommandKey.String(val) +} + +// ContainerCommandArgs returns an attribute KeyValue conforming to the +// "container.command_args" semantic conventions. It represents the all the +// command arguments (including the command/executable itself) run by the +// container. +func ContainerCommandArgs(val ...string) attribute.KeyValue { + return ContainerCommandArgsKey.StringSlice(val) +} + +// ContainerCommandLine returns an attribute KeyValue conforming to the +// "container.command_line" semantic conventions. It represents the full command +// run by the container as a single string representing the full command. +func ContainerCommandLine(val string) attribute.KeyValue { + return ContainerCommandLineKey.String(val) +} + +// ContainerCSIPluginName returns an attribute KeyValue conforming to the +// "container.csi.plugin.name" semantic conventions. It represents the name of +// the CSI ([Container Storage Interface]) plugin used by the volume. +// +// [Container Storage Interface]: https://github.com/container-storage-interface/spec +func ContainerCSIPluginName(val string) attribute.KeyValue { + return ContainerCSIPluginNameKey.String(val) +} + +// ContainerCSIVolumeID returns an attribute KeyValue conforming to the +// "container.csi.volume.id" semantic conventions. It represents the unique +// volume ID returned by the CSI ([Container Storage Interface]) plugin. +// +// [Container Storage Interface]: https://github.com/container-storage-interface/spec +func ContainerCSIVolumeID(val string) attribute.KeyValue { + return ContainerCSIVolumeIDKey.String(val) +} + +// ContainerID returns an attribute KeyValue conforming to the "container.id" +// semantic conventions. It represents the container ID. Usually a UUID, as for +// example used to [identify Docker containers]. The UUID might be abbreviated. +// +// [identify Docker containers]: https://docs.docker.com/engine/containers/run/#container-identification +func ContainerID(val string) attribute.KeyValue { + return ContainerIDKey.String(val) +} + +// ContainerImageID returns an attribute KeyValue conforming to the +// "container.image.id" semantic conventions. It represents the runtime specific +// image identifier. Usually a hash algorithm followed by a UUID. +func ContainerImageID(val string) attribute.KeyValue { + return ContainerImageIDKey.String(val) +} + +// ContainerImageName returns an attribute KeyValue conforming to the +// "container.image.name" semantic conventions. It represents the name of the +// image the container was built on. +func ContainerImageName(val string) attribute.KeyValue { + return ContainerImageNameKey.String(val) +} + +// ContainerImageRepoDigests returns an attribute KeyValue conforming to the +// "container.image.repo_digests" semantic conventions. It represents the repo +// digests of the container image as provided by the container runtime. +func ContainerImageRepoDigests(val ...string) attribute.KeyValue { + return ContainerImageRepoDigestsKey.StringSlice(val) +} + +// ContainerImageTags returns an attribute KeyValue conforming to the +// "container.image.tags" semantic conventions. It represents the container image +// tags. An example can be found in [Docker Image Inspect]. Should be only the +// `` section of the full name for example from +// `registry.example.com/my-org/my-image:`. +// +// [Docker Image Inspect]: https://docs.docker.com/engine/api/v1.43/#tag/Image/operation/ImageInspect +func ContainerImageTags(val ...string) attribute.KeyValue { + return ContainerImageTagsKey.StringSlice(val) +} + +// ContainerLabel returns an attribute KeyValue conforming to the +// "container.label" semantic conventions. It represents the container labels, +// `` being the label name, the value being the label value. +func ContainerLabel(key string, val string) attribute.KeyValue { + return attribute.String("container.label."+key, val) +} + +// ContainerName returns an attribute KeyValue conforming to the "container.name" +// semantic conventions. It represents the container name used by container +// runtime. +func ContainerName(val string) attribute.KeyValue { + return ContainerNameKey.String(val) +} + +// ContainerRuntimeDescription returns an attribute KeyValue conforming to the +// "container.runtime.description" semantic conventions. It represents a +// description about the runtime which could include, for example details about +// the CRI/API version being used or other customisations. +func ContainerRuntimeDescription(val string) attribute.KeyValue { + return ContainerRuntimeDescriptionKey.String(val) +} + +// ContainerRuntimeName returns an attribute KeyValue conforming to the +// "container.runtime.name" semantic conventions. It represents the container +// runtime managing this container. +func ContainerRuntimeName(val string) attribute.KeyValue { + return ContainerRuntimeNameKey.String(val) +} + +// ContainerRuntimeVersion returns an attribute KeyValue conforming to the +// "container.runtime.version" semantic conventions. It represents the version of +// the runtime of this process, as returned by the runtime without modification. +func ContainerRuntimeVersion(val string) attribute.KeyValue { + return ContainerRuntimeVersionKey.String(val) +} + +// Namespace: cpu +const ( + // CPULogicalNumberKey is the attribute Key conforming to the + // "cpu.logical_number" semantic conventions. It represents the logical CPU + // number [0..n-1]. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1 + CPULogicalNumberKey = attribute.Key("cpu.logical_number") + + // CPUModeKey is the attribute Key conforming to the "cpu.mode" semantic + // conventions. It represents the mode of the CPU. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "user", "system" + CPUModeKey = attribute.Key("cpu.mode") +) + +// CPULogicalNumber returns an attribute KeyValue conforming to the +// "cpu.logical_number" semantic conventions. It represents the logical CPU +// number [0..n-1]. +func CPULogicalNumber(val int) attribute.KeyValue { + return CPULogicalNumberKey.Int(val) +} + +// Enum values for cpu.mode +var ( + // User + // Stability: development + CPUModeUser = CPUModeKey.String("user") + // System + // Stability: development + CPUModeSystem = CPUModeKey.String("system") + // Nice + // Stability: development + CPUModeNice = CPUModeKey.String("nice") + // Idle + // Stability: development + CPUModeIdle = CPUModeKey.String("idle") + // IO Wait + // Stability: development + CPUModeIOWait = CPUModeKey.String("iowait") + // Interrupt + // Stability: development + CPUModeInterrupt = CPUModeKey.String("interrupt") + // Steal + // Stability: development + CPUModeSteal = CPUModeKey.String("steal") + // Kernel + // Stability: development + CPUModeKernel = CPUModeKey.String("kernel") +) + +// Namespace: db +const ( + // DBClientConnectionPoolNameKey is the attribute Key conforming to the + // "db.client.connection.pool.name" semantic conventions. It represents the name + // of the connection pool; unique within the instrumented application. In case + // the connection pool implementation doesn't provide a name, instrumentation + // SHOULD use a combination of parameters that would make the name unique, for + // example, combining attributes `server.address`, `server.port`, and + // `db.namespace`, formatted as `server.address:server.port/db.namespace`. + // Instrumentations that generate connection pool name following different + // patterns SHOULD document it. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "myDataSource" + DBClientConnectionPoolNameKey = attribute.Key("db.client.connection.pool.name") + + // DBClientConnectionStateKey is the attribute Key conforming to the + // "db.client.connection.state" semantic conventions. It represents the state of + // a connection in the pool. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "idle" + DBClientConnectionStateKey = attribute.Key("db.client.connection.state") + + // DBCollectionNameKey is the attribute Key conforming to the + // "db.collection.name" semantic conventions. It represents the name of a + // collection (table, container) within the database. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "public.users", "customers" + // Note: It is RECOMMENDED to capture the value as provided by the application + // without attempting to do any case normalization. + // + // The collection name SHOULD NOT be extracted from `db.query.text`, + // when the database system supports query text with multiple collections + // in non-batch operations. + // + // For batch operations, if the individual operations are known to have the same + // collection name then that collection name SHOULD be used. + DBCollectionNameKey = attribute.Key("db.collection.name") + + // DBNamespaceKey is the attribute Key conforming to the "db.namespace" semantic + // conventions. It represents the name of the database, fully qualified within + // the server address and port. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "customers", "test.users" + // Note: If a database system has multiple namespace components, they SHOULD be + // concatenated from the most general to the most specific namespace component, + // using `|` as a separator between the components. Any missing components (and + // their associated separators) SHOULD be omitted. + // Semantic conventions for individual database systems SHOULD document what + // `db.namespace` means in the context of that system. + // It is RECOMMENDED to capture the value as provided by the application without + // attempting to do any case normalization. + DBNamespaceKey = attribute.Key("db.namespace") + + // DBOperationBatchSizeKey is the attribute Key conforming to the + // "db.operation.batch.size" semantic conventions. It represents the number of + // queries included in a batch operation. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: 2, 3, 4 + // Note: Operations are only considered batches when they contain two or more + // operations, and so `db.operation.batch.size` SHOULD never be `1`. + DBOperationBatchSizeKey = attribute.Key("db.operation.batch.size") + + // DBOperationNameKey is the attribute Key conforming to the "db.operation.name" + // semantic conventions. It represents the name of the operation or command + // being executed. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "findAndModify", "HMSET", "SELECT" + // Note: It is RECOMMENDED to capture the value as provided by the application + // without attempting to do any case normalization. + // + // The operation name SHOULD NOT be extracted from `db.query.text`, + // when the database system supports query text with multiple operations + // in non-batch operations. + // + // If spaces can occur in the operation name, multiple consecutive spaces + // SHOULD be normalized to a single space. + // + // For batch operations, if the individual operations are known to have the same + // operation name + // then that operation name SHOULD be used prepended by `BATCH `, + // otherwise `db.operation.name` SHOULD be `BATCH` or some other database + // system specific term if more applicable. + DBOperationNameKey = attribute.Key("db.operation.name") + + // DBQuerySummaryKey is the attribute Key conforming to the "db.query.summary" + // semantic conventions. It represents the low cardinality summary of a database + // query. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "SELECT wuser_table", "INSERT shipping_details SELECT orders", "get + // user by id" + // Note: The query summary describes a class of database queries and is useful + // as a grouping key, especially when analyzing telemetry for database + // calls involving complex queries. + // + // Summary may be available to the instrumentation through + // instrumentation hooks or other means. If it is not available, + // instrumentations + // that support query parsing SHOULD generate a summary following + // [Generating query summary] + // section. + // + // [Generating query summary]: /docs/database/database-spans.md#generating-a-summary-of-the-query + DBQuerySummaryKey = attribute.Key("db.query.summary") + + // DBQueryTextKey is the attribute Key conforming to the "db.query.text" + // semantic conventions. It represents the database query being executed. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "SELECT * FROM wuser_table where username = ?", "SET mykey ?" + // Note: For sanitization see [Sanitization of `db.query.text`]. + // For batch operations, if the individual operations are known to have the same + // query text then that query text SHOULD be used, otherwise all of the + // individual query texts SHOULD be concatenated with separator `; ` or some + // other database system specific separator if more applicable. + // Parameterized query text SHOULD NOT be sanitized. Even though parameterized + // query text can potentially have sensitive data, by using a parameterized + // query the user is giving a strong signal that any sensitive data will be + // passed as parameter values, and the benefit to observability of capturing the + // static part of the query text by default outweighs the risk. + // + // [Sanitization of `db.query.text`]: /docs/database/database-spans.md#sanitization-of-dbquerytext + DBQueryTextKey = attribute.Key("db.query.text") + + // DBResponseReturnedRowsKey is the attribute Key conforming to the + // "db.response.returned_rows" semantic conventions. It represents the number of + // rows returned by the operation. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 10, 30, 1000 + DBResponseReturnedRowsKey = attribute.Key("db.response.returned_rows") + + // DBResponseStatusCodeKey is the attribute Key conforming to the + // "db.response.status_code" semantic conventions. It represents the database + // response status code. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "102", "ORA-17002", "08P01", "404" + // Note: The status code returned by the database. Usually it represents an + // error code, but may also represent partial success, warning, or differentiate + // between various types of successful outcomes. + // Semantic conventions for individual database systems SHOULD document what + // `db.response.status_code` means in the context of that system. + DBResponseStatusCodeKey = attribute.Key("db.response.status_code") + + // DBStoredProcedureNameKey is the attribute Key conforming to the + // "db.stored_procedure.name" semantic conventions. It represents the name of a + // stored procedure within the database. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "GetCustomer" + // Note: It is RECOMMENDED to capture the value as provided by the application + // without attempting to do any case normalization. + // + // For batch operations, if the individual operations are known to have the same + // stored procedure name then that stored procedure name SHOULD be used. + DBStoredProcedureNameKey = attribute.Key("db.stored_procedure.name") + + // DBSystemNameKey is the attribute Key conforming to the "db.system.name" + // semantic conventions. It represents the database management system (DBMS) + // product as identified by the client instrumentation. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: + // Note: The actual DBMS may differ from the one identified by the client. For + // example, when using PostgreSQL client libraries to connect to a CockroachDB, + // the `db.system.name` is set to `postgresql` based on the instrumentation's + // best knowledge. + DBSystemNameKey = attribute.Key("db.system.name") +) + +// DBClientConnectionPoolName returns an attribute KeyValue conforming to the +// "db.client.connection.pool.name" semantic conventions. It represents the name +// of the connection pool; unique within the instrumented application. In case +// the connection pool implementation doesn't provide a name, instrumentation +// SHOULD use a combination of parameters that would make the name unique, for +// example, combining attributes `server.address`, `server.port`, and +// `db.namespace`, formatted as `server.address:server.port/db.namespace`. +// Instrumentations that generate connection pool name following different +// patterns SHOULD document it. +func DBClientConnectionPoolName(val string) attribute.KeyValue { + return DBClientConnectionPoolNameKey.String(val) +} + +// DBCollectionName returns an attribute KeyValue conforming to the +// "db.collection.name" semantic conventions. It represents the name of a +// collection (table, container) within the database. +func DBCollectionName(val string) attribute.KeyValue { + return DBCollectionNameKey.String(val) +} + +// DBNamespace returns an attribute KeyValue conforming to the "db.namespace" +// semantic conventions. It represents the name of the database, fully qualified +// within the server address and port. +func DBNamespace(val string) attribute.KeyValue { + return DBNamespaceKey.String(val) +} + +// DBOperationBatchSize returns an attribute KeyValue conforming to the +// "db.operation.batch.size" semantic conventions. It represents the number of +// queries included in a batch operation. +func DBOperationBatchSize(val int) attribute.KeyValue { + return DBOperationBatchSizeKey.Int(val) +} + +// DBOperationName returns an attribute KeyValue conforming to the +// "db.operation.name" semantic conventions. It represents the name of the +// operation or command being executed. +func DBOperationName(val string) attribute.KeyValue { + return DBOperationNameKey.String(val) +} + +// DBOperationParameter returns an attribute KeyValue conforming to the +// "db.operation.parameter" semantic conventions. It represents a database +// operation parameter, with `` being the parameter name, and the attribute +// value being a string representation of the parameter value. +func DBOperationParameter(key string, val string) attribute.KeyValue { + return attribute.String("db.operation.parameter."+key, val) +} + +// DBQueryParameter returns an attribute KeyValue conforming to the +// "db.query.parameter" semantic conventions. It represents a database query +// parameter, with `` being the parameter name, and the attribute value +// being a string representation of the parameter value. +func DBQueryParameter(key string, val string) attribute.KeyValue { + return attribute.String("db.query.parameter."+key, val) +} + +// DBQuerySummary returns an attribute KeyValue conforming to the +// "db.query.summary" semantic conventions. It represents the low cardinality +// summary of a database query. +func DBQuerySummary(val string) attribute.KeyValue { + return DBQuerySummaryKey.String(val) +} + +// DBQueryText returns an attribute KeyValue conforming to the "db.query.text" +// semantic conventions. It represents the database query being executed. +func DBQueryText(val string) attribute.KeyValue { + return DBQueryTextKey.String(val) +} + +// DBResponseReturnedRows returns an attribute KeyValue conforming to the +// "db.response.returned_rows" semantic conventions. It represents the number of +// rows returned by the operation. +func DBResponseReturnedRows(val int) attribute.KeyValue { + return DBResponseReturnedRowsKey.Int(val) +} + +// DBResponseStatusCode returns an attribute KeyValue conforming to the +// "db.response.status_code" semantic conventions. It represents the database +// response status code. +func DBResponseStatusCode(val string) attribute.KeyValue { + return DBResponseStatusCodeKey.String(val) +} + +// DBStoredProcedureName returns an attribute KeyValue conforming to the +// "db.stored_procedure.name" semantic conventions. It represents the name of a +// stored procedure within the database. +func DBStoredProcedureName(val string) attribute.KeyValue { + return DBStoredProcedureNameKey.String(val) +} + +// Enum values for db.client.connection.state +var ( + // idle + // Stability: development + DBClientConnectionStateIdle = DBClientConnectionStateKey.String("idle") + // used + // Stability: development + DBClientConnectionStateUsed = DBClientConnectionStateKey.String("used") +) + +// Enum values for db.system.name +var ( + // Some other SQL database. Fallback only. + // Stability: development + DBSystemNameOtherSQL = DBSystemNameKey.String("other_sql") + // [Adabas (Adaptable Database System)] + // Stability: development + // + // [Adabas (Adaptable Database System)]: https://documentation.softwareag.com/?pf=adabas + DBSystemNameSoftwareagAdabas = DBSystemNameKey.String("softwareag.adabas") + // [Actian Ingres] + // Stability: development + // + // [Actian Ingres]: https://www.actian.com/databases/ingres/ + DBSystemNameActianIngres = DBSystemNameKey.String("actian.ingres") + // [Amazon DynamoDB] + // Stability: development + // + // [Amazon DynamoDB]: https://aws.amazon.com/pm/dynamodb/ + DBSystemNameAWSDynamoDB = DBSystemNameKey.String("aws.dynamodb") + // [Amazon Redshift] + // Stability: development + // + // [Amazon Redshift]: https://aws.amazon.com/redshift/ + DBSystemNameAWSRedshift = DBSystemNameKey.String("aws.redshift") + // [Azure Cosmos DB] + // Stability: development + // + // [Azure Cosmos DB]: https://learn.microsoft.com/azure/cosmos-db + DBSystemNameAzureCosmosDB = DBSystemNameKey.String("azure.cosmosdb") + // [InterSystems Caché] + // Stability: development + // + // [InterSystems Caché]: https://www.intersystems.com/products/cache/ + DBSystemNameIntersystemsCache = DBSystemNameKey.String("intersystems.cache") + // [Apache Cassandra] + // Stability: development + // + // [Apache Cassandra]: https://cassandra.apache.org/ + DBSystemNameCassandra = DBSystemNameKey.String("cassandra") + // [ClickHouse] + // Stability: development + // + // [ClickHouse]: https://clickhouse.com/ + DBSystemNameClickHouse = DBSystemNameKey.String("clickhouse") + // [CockroachDB] + // Stability: development + // + // [CockroachDB]: https://www.cockroachlabs.com/ + DBSystemNameCockroachDB = DBSystemNameKey.String("cockroachdb") + // [Couchbase] + // Stability: development + // + // [Couchbase]: https://www.couchbase.com/ + DBSystemNameCouchbase = DBSystemNameKey.String("couchbase") + // [Apache CouchDB] + // Stability: development + // + // [Apache CouchDB]: https://couchdb.apache.org/ + DBSystemNameCouchDB = DBSystemNameKey.String("couchdb") + // [Apache Derby] + // Stability: development + // + // [Apache Derby]: https://db.apache.org/derby/ + DBSystemNameDerby = DBSystemNameKey.String("derby") + // [Elasticsearch] + // Stability: development + // + // [Elasticsearch]: https://www.elastic.co/elasticsearch + DBSystemNameElasticsearch = DBSystemNameKey.String("elasticsearch") + // [Firebird] + // Stability: development + // + // [Firebird]: https://www.firebirdsql.org/ + DBSystemNameFirebirdSQL = DBSystemNameKey.String("firebirdsql") + // [Google Cloud Spanner] + // Stability: development + // + // [Google Cloud Spanner]: https://cloud.google.com/spanner + DBSystemNameGCPSpanner = DBSystemNameKey.String("gcp.spanner") + // [Apache Geode] + // Stability: development + // + // [Apache Geode]: https://geode.apache.org/ + DBSystemNameGeode = DBSystemNameKey.String("geode") + // [H2 Database] + // Stability: development + // + // [H2 Database]: https://h2database.com/ + DBSystemNameH2database = DBSystemNameKey.String("h2database") + // [Apache HBase] + // Stability: development + // + // [Apache HBase]: https://hbase.apache.org/ + DBSystemNameHBase = DBSystemNameKey.String("hbase") + // [Apache Hive] + // Stability: development + // + // [Apache Hive]: https://hive.apache.org/ + DBSystemNameHive = DBSystemNameKey.String("hive") + // [HyperSQL Database] + // Stability: development + // + // [HyperSQL Database]: https://hsqldb.org/ + DBSystemNameHSQLDB = DBSystemNameKey.String("hsqldb") + // [IBM Db2] + // Stability: development + // + // [IBM Db2]: https://www.ibm.com/db2 + DBSystemNameIBMDB2 = DBSystemNameKey.String("ibm.db2") + // [IBM Informix] + // Stability: development + // + // [IBM Informix]: https://www.ibm.com/products/informix + DBSystemNameIBMInformix = DBSystemNameKey.String("ibm.informix") + // [IBM Netezza] + // Stability: development + // + // [IBM Netezza]: https://www.ibm.com/products/netezza + DBSystemNameIBMNetezza = DBSystemNameKey.String("ibm.netezza") + // [InfluxDB] + // Stability: development + // + // [InfluxDB]: https://www.influxdata.com/ + DBSystemNameInfluxDB = DBSystemNameKey.String("influxdb") + // [Instant] + // Stability: development + // + // [Instant]: https://www.instantdb.com/ + DBSystemNameInstantDB = DBSystemNameKey.String("instantdb") + // [MariaDB] + // Stability: stable + // + // [MariaDB]: https://mariadb.org/ + DBSystemNameMariaDB = DBSystemNameKey.String("mariadb") + // [Memcached] + // Stability: development + // + // [Memcached]: https://memcached.org/ + DBSystemNameMemcached = DBSystemNameKey.String("memcached") + // [MongoDB] + // Stability: development + // + // [MongoDB]: https://www.mongodb.com/ + DBSystemNameMongoDB = DBSystemNameKey.String("mongodb") + // [Microsoft SQL Server] + // Stability: stable + // + // [Microsoft SQL Server]: https://www.microsoft.com/sql-server + DBSystemNameMicrosoftSQLServer = DBSystemNameKey.String("microsoft.sql_server") + // [MySQL] + // Stability: stable + // + // [MySQL]: https://www.mysql.com/ + DBSystemNameMySQL = DBSystemNameKey.String("mysql") + // [Neo4j] + // Stability: development + // + // [Neo4j]: https://neo4j.com/ + DBSystemNameNeo4j = DBSystemNameKey.String("neo4j") + // [OpenSearch] + // Stability: development + // + // [OpenSearch]: https://opensearch.org/ + DBSystemNameOpenSearch = DBSystemNameKey.String("opensearch") + // [Oracle Database] + // Stability: development + // + // [Oracle Database]: https://www.oracle.com/database/ + DBSystemNameOracleDB = DBSystemNameKey.String("oracle.db") + // [PostgreSQL] + // Stability: stable + // + // [PostgreSQL]: https://www.postgresql.org/ + DBSystemNamePostgreSQL = DBSystemNameKey.String("postgresql") + // [Redis] + // Stability: development + // + // [Redis]: https://redis.io/ + DBSystemNameRedis = DBSystemNameKey.String("redis") + // [SAP HANA] + // Stability: development + // + // [SAP HANA]: https://www.sap.com/products/technology-platform/hana/what-is-sap-hana.html + DBSystemNameSAPHANA = DBSystemNameKey.String("sap.hana") + // [SAP MaxDB] + // Stability: development + // + // [SAP MaxDB]: https://maxdb.sap.com/ + DBSystemNameSAPMaxDB = DBSystemNameKey.String("sap.maxdb") + // [SQLite] + // Stability: development + // + // [SQLite]: https://www.sqlite.org/ + DBSystemNameSQLite = DBSystemNameKey.String("sqlite") + // [Teradata] + // Stability: development + // + // [Teradata]: https://www.teradata.com/ + DBSystemNameTeradata = DBSystemNameKey.String("teradata") + // [Trino] + // Stability: development + // + // [Trino]: https://trino.io/ + DBSystemNameTrino = DBSystemNameKey.String("trino") +) + +// Namespace: deployment +const ( + // DeploymentEnvironmentNameKey is the attribute Key conforming to the + // "deployment.environment.name" semantic conventions. It represents the name of + // the [deployment environment] (aka deployment tier). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "staging", "production" + // Note: `deployment.environment.name` does not affect the uniqueness + // constraints defined through + // the `service.namespace`, `service.name` and `service.instance.id` resource + // attributes. + // This implies that resources carrying the following attribute combinations + // MUST be + // considered to be identifying the same service: + // + // - `service.name=frontend`, `deployment.environment.name=production` + // - `service.name=frontend`, `deployment.environment.name=staging`. + // + // + // [deployment environment]: https://wikipedia.org/wiki/Deployment_environment + DeploymentEnvironmentNameKey = attribute.Key("deployment.environment.name") + + // DeploymentIDKey is the attribute Key conforming to the "deployment.id" + // semantic conventions. It represents the id of the deployment. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1208" + DeploymentIDKey = attribute.Key("deployment.id") + + // DeploymentNameKey is the attribute Key conforming to the "deployment.name" + // semantic conventions. It represents the name of the deployment. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "deploy my app", "deploy-frontend" + DeploymentNameKey = attribute.Key("deployment.name") + + // DeploymentStatusKey is the attribute Key conforming to the + // "deployment.status" semantic conventions. It represents the status of the + // deployment. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + DeploymentStatusKey = attribute.Key("deployment.status") +) + +// DeploymentEnvironmentName returns an attribute KeyValue conforming to the +// "deployment.environment.name" semantic conventions. It represents the name of +// the [deployment environment] (aka deployment tier). +// +// [deployment environment]: https://wikipedia.org/wiki/Deployment_environment +func DeploymentEnvironmentName(val string) attribute.KeyValue { + return DeploymentEnvironmentNameKey.String(val) +} + +// DeploymentID returns an attribute KeyValue conforming to the "deployment.id" +// semantic conventions. It represents the id of the deployment. +func DeploymentID(val string) attribute.KeyValue { + return DeploymentIDKey.String(val) +} + +// DeploymentName returns an attribute KeyValue conforming to the +// "deployment.name" semantic conventions. It represents the name of the +// deployment. +func DeploymentName(val string) attribute.KeyValue { + return DeploymentNameKey.String(val) +} + +// Enum values for deployment.status +var ( + // failed + // Stability: development + DeploymentStatusFailed = DeploymentStatusKey.String("failed") + // succeeded + // Stability: development + DeploymentStatusSucceeded = DeploymentStatusKey.String("succeeded") +) + +// Namespace: destination +const ( + // DestinationAddressKey is the attribute Key conforming to the + // "destination.address" semantic conventions. It represents the destination + // address - domain name if available without reverse DNS lookup; otherwise, IP + // address or Unix domain socket name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "destination.example.com", "10.1.2.80", "/tmp/my.sock" + // Note: When observed from the source side, and when communicating through an + // intermediary, `destination.address` SHOULD represent the destination address + // behind any intermediaries, for example proxies, if it's available. + DestinationAddressKey = attribute.Key("destination.address") + + // DestinationPortKey is the attribute Key conforming to the "destination.port" + // semantic conventions. It represents the destination port number. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 3389, 2888 + DestinationPortKey = attribute.Key("destination.port") +) + +// DestinationAddress returns an attribute KeyValue conforming to the +// "destination.address" semantic conventions. It represents the destination +// address - domain name if available without reverse DNS lookup; otherwise, IP +// address or Unix domain socket name. +func DestinationAddress(val string) attribute.KeyValue { + return DestinationAddressKey.String(val) +} + +// DestinationPort returns an attribute KeyValue conforming to the +// "destination.port" semantic conventions. It represents the destination port +// number. +func DestinationPort(val int) attribute.KeyValue { + return DestinationPortKey.Int(val) +} + +// Namespace: device +const ( + // DeviceIDKey is the attribute Key conforming to the "device.id" semantic + // conventions. It represents a unique identifier representing the device. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "123456789012345", "01:23:45:67:89:AB" + // Note: Its value SHOULD be identical for all apps on a device and it SHOULD + // NOT change if an app is uninstalled and re-installed. + // However, it might be resettable by the user for all apps on a device. + // Hardware IDs (e.g. vendor-specific serial number, IMEI or MAC address) MAY be + // used as values. + // + // More information about Android identifier best practices can be found in the + // [Android user data IDs guide]. + // + // > [!WARNING]> This attribute may contain sensitive (PII) information. Caution + // > should be taken when storing personal data or anything which can identify a + // > user. GDPR and data protection laws may apply, + // > ensure you do your own due diligence.> Due to these reasons, this + // > identifier is not recommended for consumer applications and will likely + // > result in rejection from both Google Play and App Store. + // > However, it may be appropriate for specific enterprise scenarios, such as + // > kiosk devices or enterprise-managed devices, with appropriate compliance + // > clearance. + // > Any instrumentation providing this identifier MUST implement it as an + // > opt-in feature.> See [`app.installation.id`]> for a more + // > privacy-preserving alternative. + // + // [Android user data IDs guide]: https://developer.android.com/training/articles/user-data-ids + // [`app.installation.id`]: /docs/registry/attributes/app.md#app-installation-id + DeviceIDKey = attribute.Key("device.id") + + // DeviceManufacturerKey is the attribute Key conforming to the + // "device.manufacturer" semantic conventions. It represents the name of the + // device manufacturer. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Apple", "Samsung" + // Note: The Android OS provides this field via [Build]. iOS apps SHOULD + // hardcode the value `Apple`. + // + // [Build]: https://developer.android.com/reference/android/os/Build#MANUFACTURER + DeviceManufacturerKey = attribute.Key("device.manufacturer") + + // DeviceModelIdentifierKey is the attribute Key conforming to the + // "device.model.identifier" semantic conventions. It represents the model + // identifier for the device. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "iPhone3,4", "SM-G920F" + // Note: It's recommended this value represents a machine-readable version of + // the model identifier rather than the market or consumer-friendly name of the + // device. + DeviceModelIdentifierKey = attribute.Key("device.model.identifier") + + // DeviceModelNameKey is the attribute Key conforming to the "device.model.name" + // semantic conventions. It represents the marketing name for the device model. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "iPhone 6s Plus", "Samsung Galaxy S6" + // Note: It's recommended this value represents a human-readable version of the + // device model rather than a machine-readable alternative. + DeviceModelNameKey = attribute.Key("device.model.name") +) + +// DeviceID returns an attribute KeyValue conforming to the "device.id" semantic +// conventions. It represents a unique identifier representing the device. +func DeviceID(val string) attribute.KeyValue { + return DeviceIDKey.String(val) +} + +// DeviceManufacturer returns an attribute KeyValue conforming to the +// "device.manufacturer" semantic conventions. It represents the name of the +// device manufacturer. +func DeviceManufacturer(val string) attribute.KeyValue { + return DeviceManufacturerKey.String(val) +} + +// DeviceModelIdentifier returns an attribute KeyValue conforming to the +// "device.model.identifier" semantic conventions. It represents the model +// identifier for the device. +func DeviceModelIdentifier(val string) attribute.KeyValue { + return DeviceModelIdentifierKey.String(val) +} + +// DeviceModelName returns an attribute KeyValue conforming to the +// "device.model.name" semantic conventions. It represents the marketing name for +// the device model. +func DeviceModelName(val string) attribute.KeyValue { + return DeviceModelNameKey.String(val) +} + +// Namespace: disk +const ( + // DiskIODirectionKey is the attribute Key conforming to the "disk.io.direction" + // semantic conventions. It represents the disk IO operation direction. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "read" + DiskIODirectionKey = attribute.Key("disk.io.direction") +) + +// Enum values for disk.io.direction +var ( + // read + // Stability: development + DiskIODirectionRead = DiskIODirectionKey.String("read") + // write + // Stability: development + DiskIODirectionWrite = DiskIODirectionKey.String("write") +) + +// Namespace: dns +const ( + // DNSAnswersKey is the attribute Key conforming to the "dns.answers" semantic + // conventions. It represents the list of IPv4 or IPv6 addresses resolved during + // DNS lookup. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "10.0.0.1", "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + DNSAnswersKey = attribute.Key("dns.answers") + + // DNSQuestionNameKey is the attribute Key conforming to the "dns.question.name" + // semantic conventions. It represents the name being queried. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "www.example.com", "opentelemetry.io" + // Note: If the name field contains non-printable characters (below 32 or above + // 126), those characters should be represented as escaped base 10 integers + // (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, + // and line feeds should be converted to \t, \r, and \n respectively. + DNSQuestionNameKey = attribute.Key("dns.question.name") +) + +// DNSAnswers returns an attribute KeyValue conforming to the "dns.answers" +// semantic conventions. It represents the list of IPv4 or IPv6 addresses +// resolved during DNS lookup. +func DNSAnswers(val ...string) attribute.KeyValue { + return DNSAnswersKey.StringSlice(val) +} + +// DNSQuestionName returns an attribute KeyValue conforming to the +// "dns.question.name" semantic conventions. It represents the name being +// queried. +func DNSQuestionName(val string) attribute.KeyValue { + return DNSQuestionNameKey.String(val) +} + +// Namespace: elasticsearch +const ( + // ElasticsearchNodeNameKey is the attribute Key conforming to the + // "elasticsearch.node.name" semantic conventions. It represents the represents + // the human-readable identifier of the node/instance to which a request was + // routed. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "instance-0000000001" + ElasticsearchNodeNameKey = attribute.Key("elasticsearch.node.name") +) + +// ElasticsearchNodeName returns an attribute KeyValue conforming to the +// "elasticsearch.node.name" semantic conventions. It represents the represents +// the human-readable identifier of the node/instance to which a request was +// routed. +func ElasticsearchNodeName(val string) attribute.KeyValue { + return ElasticsearchNodeNameKey.String(val) +} + +// Namespace: enduser +const ( + // EnduserIDKey is the attribute Key conforming to the "enduser.id" semantic + // conventions. It represents the unique identifier of an end user in the + // system. It maybe a username, email address, or other identifier. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "username" + // Note: Unique identifier of an end user in the system. + // + // > [!Warning] + // > This field contains sensitive (PII) information. + EnduserIDKey = attribute.Key("enduser.id") + + // EnduserPseudoIDKey is the attribute Key conforming to the "enduser.pseudo.id" + // semantic conventions. It represents the pseudonymous identifier of an end + // user. This identifier should be a random value that is not directly linked or + // associated with the end user's actual identity. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "QdH5CAWJgqVT4rOr0qtumf" + // Note: Pseudonymous identifier of an end user. + // + // > [!Warning] + // > This field contains sensitive (linkable PII) information. + EnduserPseudoIDKey = attribute.Key("enduser.pseudo.id") +) + +// EnduserID returns an attribute KeyValue conforming to the "enduser.id" +// semantic conventions. It represents the unique identifier of an end user in +// the system. It maybe a username, email address, or other identifier. +func EnduserID(val string) attribute.KeyValue { + return EnduserIDKey.String(val) +} + +// EnduserPseudoID returns an attribute KeyValue conforming to the +// "enduser.pseudo.id" semantic conventions. It represents the pseudonymous +// identifier of an end user. This identifier should be a random value that is +// not directly linked or associated with the end user's actual identity. +func EnduserPseudoID(val string) attribute.KeyValue { + return EnduserPseudoIDKey.String(val) +} + +// Namespace: error +const ( + // ErrorMessageKey is the attribute Key conforming to the "error.message" + // semantic conventions. It represents a message providing more detail about an + // error in human-readable form. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Unexpected input type: string", "The user has exceeded their + // storage quota" + // Note: `error.message` should provide additional context and detail about an + // error. + // It is NOT RECOMMENDED to duplicate the value of `error.type` in + // `error.message`. + // It is also NOT RECOMMENDED to duplicate the value of `exception.message` in + // `error.message`. + // + // `error.message` is NOT RECOMMENDED for metrics or spans due to its unbounded + // cardinality and overlap with span status. + ErrorMessageKey = attribute.Key("error.message") + + // ErrorTypeKey is the attribute Key conforming to the "error.type" semantic + // conventions. It represents the describes a class of error the operation ended + // with. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "timeout", "java.net.UnknownHostException", + // "server_certificate_invalid", "500" + // Note: The `error.type` SHOULD be predictable, and SHOULD have low + // cardinality. + // + // When `error.type` is set to a type (e.g., an exception type), its + // canonical class name identifying the type within the artifact SHOULD be used. + // + // Instrumentations SHOULD document the list of errors they report. + // + // The cardinality of `error.type` within one instrumentation library SHOULD be + // low. + // Telemetry consumers that aggregate data from multiple instrumentation + // libraries and applications + // should be prepared for `error.type` to have high cardinality at query time + // when no + // additional filters are applied. + // + // If the operation has completed successfully, instrumentations SHOULD NOT set + // `error.type`. + // + // If a specific domain defines its own set of error identifiers (such as HTTP + // or gRPC status codes), + // it's RECOMMENDED to: + // + // - Use a domain-specific attribute + // - Set `error.type` to capture all errors, regardless of whether they are + // defined within the domain-specific set or not. + ErrorTypeKey = attribute.Key("error.type") +) + +// ErrorMessage returns an attribute KeyValue conforming to the "error.message" +// semantic conventions. It represents a message providing more detail about an +// error in human-readable form. +func ErrorMessage(val string) attribute.KeyValue { + return ErrorMessageKey.String(val) +} + +// Enum values for error.type +var ( + // A fallback error value to be used when the instrumentation doesn't define a + // custom value. + // + // Stability: stable + ErrorTypeOther = ErrorTypeKey.String("_OTHER") +) + +// Namespace: exception +const ( + // ExceptionMessageKey is the attribute Key conforming to the + // "exception.message" semantic conventions. It represents the exception + // message. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "Division by zero", "Can't convert 'int' object to str implicitly" + ExceptionMessageKey = attribute.Key("exception.message") + + // ExceptionStacktraceKey is the attribute Key conforming to the + // "exception.stacktrace" semantic conventions. It represents a stacktrace as a + // string in the natural representation for the language runtime. The + // representation is to be determined and documented by each language SIG. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: Exception in thread "main" java.lang.RuntimeException: Test + // exception\n at com.example.GenerateTrace.methodB(GenerateTrace.java:13)\n at + // com.example.GenerateTrace.methodA(GenerateTrace.java:9)\n at + // com.example.GenerateTrace.main(GenerateTrace.java:5) + ExceptionStacktraceKey = attribute.Key("exception.stacktrace") + + // ExceptionTypeKey is the attribute Key conforming to the "exception.type" + // semantic conventions. It represents the type of the exception (its + // fully-qualified class name, if applicable). The dynamic type of the exception + // should be preferred over the static type in languages that support it. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "java.net.ConnectException", "OSError" + ExceptionTypeKey = attribute.Key("exception.type") +) + +// ExceptionMessage returns an attribute KeyValue conforming to the +// "exception.message" semantic conventions. It represents the exception message. +func ExceptionMessage(val string) attribute.KeyValue { + return ExceptionMessageKey.String(val) +} + +// ExceptionStacktrace returns an attribute KeyValue conforming to the +// "exception.stacktrace" semantic conventions. It represents a stacktrace as a +// string in the natural representation for the language runtime. The +// representation is to be determined and documented by each language SIG. +func ExceptionStacktrace(val string) attribute.KeyValue { + return ExceptionStacktraceKey.String(val) +} + +// ExceptionType returns an attribute KeyValue conforming to the "exception.type" +// semantic conventions. It represents the type of the exception (its +// fully-qualified class name, if applicable). The dynamic type of the exception +// should be preferred over the static type in languages that support it. +func ExceptionType(val string) attribute.KeyValue { + return ExceptionTypeKey.String(val) +} + +// Namespace: faas +const ( + // FaaSColdstartKey is the attribute Key conforming to the "faas.coldstart" + // semantic conventions. It represents a boolean that is true if the serverless + // function is executed for the first time (aka cold-start). + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + FaaSColdstartKey = attribute.Key("faas.coldstart") + + // FaaSCronKey is the attribute Key conforming to the "faas.cron" semantic + // conventions. It represents a string containing the schedule period as + // [Cron Expression]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0/5 * * * ? * + // + // [Cron Expression]: https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm + FaaSCronKey = attribute.Key("faas.cron") + + // FaaSDocumentCollectionKey is the attribute Key conforming to the + // "faas.document.collection" semantic conventions. It represents the name of + // the source on which the triggering operation was performed. For example, in + // Cloud Storage or S3 corresponds to the bucket name, and in Cosmos DB to the + // database name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "myBucketName", "myDbName" + FaaSDocumentCollectionKey = attribute.Key("faas.document.collection") + + // FaaSDocumentNameKey is the attribute Key conforming to the + // "faas.document.name" semantic conventions. It represents the document + // name/table subjected to the operation. For example, in Cloud Storage or S3 is + // the name of the file, and in Cosmos DB the table name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "myFile.txt", "myTableName" + FaaSDocumentNameKey = attribute.Key("faas.document.name") + + // FaaSDocumentOperationKey is the attribute Key conforming to the + // "faas.document.operation" semantic conventions. It represents the describes + // the type of the operation that was performed on the data. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + FaaSDocumentOperationKey = attribute.Key("faas.document.operation") + + // FaaSDocumentTimeKey is the attribute Key conforming to the + // "faas.document.time" semantic conventions. It represents a string containing + // the time when the data was accessed in the [ISO 8601] format expressed in + // [UTC]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 2020-01-23T13:47:06Z + // + // [ISO 8601]: https://www.iso.org/iso-8601-date-and-time-format.html + // [UTC]: https://www.w3.org/TR/NOTE-datetime + FaaSDocumentTimeKey = attribute.Key("faas.document.time") + + // FaaSInstanceKey is the attribute Key conforming to the "faas.instance" + // semantic conventions. It represents the execution environment ID as a string, + // that will be potentially reused for other invocations to the same + // function/function version. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2021/06/28/[$LATEST]2f399eb14537447da05ab2a2e39309de" + // Note: - **AWS Lambda:** Use the (full) log stream name. + FaaSInstanceKey = attribute.Key("faas.instance") + + // FaaSInvocationIDKey is the attribute Key conforming to the + // "faas.invocation_id" semantic conventions. It represents the invocation ID of + // the current function invocation. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: af9d5aa4-a685-4c5f-a22b-444f80b3cc28 + FaaSInvocationIDKey = attribute.Key("faas.invocation_id") + + // FaaSInvokedNameKey is the attribute Key conforming to the "faas.invoked_name" + // semantic conventions. It represents the name of the invoked function. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: my-function + // Note: SHOULD be equal to the `faas.name` resource attribute of the invoked + // function. + FaaSInvokedNameKey = attribute.Key("faas.invoked_name") + + // FaaSInvokedProviderKey is the attribute Key conforming to the + // "faas.invoked_provider" semantic conventions. It represents the cloud + // provider of the invoked function. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: SHOULD be equal to the `cloud.provider` resource attribute of the + // invoked function. + FaaSInvokedProviderKey = attribute.Key("faas.invoked_provider") + + // FaaSInvokedRegionKey is the attribute Key conforming to the + // "faas.invoked_region" semantic conventions. It represents the cloud region of + // the invoked function. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: eu-central-1 + // Note: SHOULD be equal to the `cloud.region` resource attribute of the invoked + // function. + FaaSInvokedRegionKey = attribute.Key("faas.invoked_region") + + // FaaSMaxMemoryKey is the attribute Key conforming to the "faas.max_memory" + // semantic conventions. It represents the amount of memory available to the + // serverless function converted to Bytes. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Note: It's recommended to set this attribute since e.g. too little memory can + // easily stop a Java AWS Lambda function from working correctly. On AWS Lambda, + // the environment variable `AWS_LAMBDA_FUNCTION_MEMORY_SIZE` provides this + // information (which must be multiplied by 1,048,576). + FaaSMaxMemoryKey = attribute.Key("faas.max_memory") + + // FaaSNameKey is the attribute Key conforming to the "faas.name" semantic + // conventions. It represents the name of the single function that this runtime + // instance executes. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-function", "myazurefunctionapp/some-function-name" + // Note: This is the name of the function as configured/deployed on the FaaS + // platform and is usually different from the name of the callback + // function (which may be stored in the + // [`code.namespace`/`code.function.name`] + // span attributes). + // + // For some cloud providers, the above definition is ambiguous. The following + // definition of function name MUST be used for this attribute + // (and consequently the span name) for the listed cloud providers/products: + // + // - **Azure:** The full name `/`, i.e., function app name + // followed by a forward slash followed by the function name (this form + // can also be seen in the resource JSON for the function). + // This means that a span attribute MUST be used, as an Azure function + // app can host multiple functions that would usually share + // a TracerProvider (see also the `cloud.resource_id` attribute). + // + // + // [`code.namespace`/`code.function.name`]: /docs/general/attributes.md#source-code-attributes + FaaSNameKey = attribute.Key("faas.name") + + // FaaSTimeKey is the attribute Key conforming to the "faas.time" semantic + // conventions. It represents a string containing the function invocation time + // in the [ISO 8601] format expressed in [UTC]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 2020-01-23T13:47:06Z + // + // [ISO 8601]: https://www.iso.org/iso-8601-date-and-time-format.html + // [UTC]: https://www.w3.org/TR/NOTE-datetime + FaaSTimeKey = attribute.Key("faas.time") + + // FaaSTriggerKey is the attribute Key conforming to the "faas.trigger" semantic + // conventions. It represents the type of the trigger which caused this function + // invocation. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + FaaSTriggerKey = attribute.Key("faas.trigger") + + // FaaSVersionKey is the attribute Key conforming to the "faas.version" semantic + // conventions. It represents the immutable version of the function being + // executed. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "26", "pinkfroid-00002" + // Note: Depending on the cloud provider and platform, use: + // + // - **AWS Lambda:** The [function version] + // (an integer represented as a decimal string). + // - **Google Cloud Run (Services):** The [revision] + // (i.e., the function name plus the revision suffix). + // - **Google Cloud Functions:** The value of the + // [`K_REVISION` environment variable]. + // - **Azure Functions:** Not applicable. Do not set this attribute. + // + // + // [function version]: https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html + // [revision]: https://cloud.google.com/run/docs/managing/revisions + // [`K_REVISION` environment variable]: https://cloud.google.com/functions/docs/env-var#runtime_environment_variables_set_automatically + FaaSVersionKey = attribute.Key("faas.version") +) + +// FaaSColdstart returns an attribute KeyValue conforming to the "faas.coldstart" +// semantic conventions. It represents a boolean that is true if the serverless +// function is executed for the first time (aka cold-start). +func FaaSColdstart(val bool) attribute.KeyValue { + return FaaSColdstartKey.Bool(val) +} + +// FaaSCron returns an attribute KeyValue conforming to the "faas.cron" semantic +// conventions. It represents a string containing the schedule period as +// [Cron Expression]. +// +// [Cron Expression]: https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm +func FaaSCron(val string) attribute.KeyValue { + return FaaSCronKey.String(val) +} + +// FaaSDocumentCollection returns an attribute KeyValue conforming to the +// "faas.document.collection" semantic conventions. It represents the name of the +// source on which the triggering operation was performed. For example, in Cloud +// Storage or S3 corresponds to the bucket name, and in Cosmos DB to the database +// name. +func FaaSDocumentCollection(val string) attribute.KeyValue { + return FaaSDocumentCollectionKey.String(val) +} + +// FaaSDocumentName returns an attribute KeyValue conforming to the +// "faas.document.name" semantic conventions. It represents the document +// name/table subjected to the operation. For example, in Cloud Storage or S3 is +// the name of the file, and in Cosmos DB the table name. +func FaaSDocumentName(val string) attribute.KeyValue { + return FaaSDocumentNameKey.String(val) +} + +// FaaSDocumentTime returns an attribute KeyValue conforming to the +// "faas.document.time" semantic conventions. It represents a string containing +// the time when the data was accessed in the [ISO 8601] format expressed in +// [UTC]. +// +// [ISO 8601]: https://www.iso.org/iso-8601-date-and-time-format.html +// [UTC]: https://www.w3.org/TR/NOTE-datetime +func FaaSDocumentTime(val string) attribute.KeyValue { + return FaaSDocumentTimeKey.String(val) +} + +// FaaSInstance returns an attribute KeyValue conforming to the "faas.instance" +// semantic conventions. It represents the execution environment ID as a string, +// that will be potentially reused for other invocations to the same +// function/function version. +func FaaSInstance(val string) attribute.KeyValue { + return FaaSInstanceKey.String(val) +} + +// FaaSInvocationID returns an attribute KeyValue conforming to the +// "faas.invocation_id" semantic conventions. It represents the invocation ID of +// the current function invocation. +func FaaSInvocationID(val string) attribute.KeyValue { + return FaaSInvocationIDKey.String(val) +} + +// FaaSInvokedName returns an attribute KeyValue conforming to the +// "faas.invoked_name" semantic conventions. It represents the name of the +// invoked function. +func FaaSInvokedName(val string) attribute.KeyValue { + return FaaSInvokedNameKey.String(val) +} + +// FaaSInvokedRegion returns an attribute KeyValue conforming to the +// "faas.invoked_region" semantic conventions. It represents the cloud region of +// the invoked function. +func FaaSInvokedRegion(val string) attribute.KeyValue { + return FaaSInvokedRegionKey.String(val) +} + +// FaaSMaxMemory returns an attribute KeyValue conforming to the +// "faas.max_memory" semantic conventions. It represents the amount of memory +// available to the serverless function converted to Bytes. +func FaaSMaxMemory(val int) attribute.KeyValue { + return FaaSMaxMemoryKey.Int(val) +} + +// FaaSName returns an attribute KeyValue conforming to the "faas.name" semantic +// conventions. It represents the name of the single function that this runtime +// instance executes. +func FaaSName(val string) attribute.KeyValue { + return FaaSNameKey.String(val) +} + +// FaaSTime returns an attribute KeyValue conforming to the "faas.time" semantic +// conventions. It represents a string containing the function invocation time in +// the [ISO 8601] format expressed in [UTC]. +// +// [ISO 8601]: https://www.iso.org/iso-8601-date-and-time-format.html +// [UTC]: https://www.w3.org/TR/NOTE-datetime +func FaaSTime(val string) attribute.KeyValue { + return FaaSTimeKey.String(val) +} + +// FaaSVersion returns an attribute KeyValue conforming to the "faas.version" +// semantic conventions. It represents the immutable version of the function +// being executed. +func FaaSVersion(val string) attribute.KeyValue { + return FaaSVersionKey.String(val) +} + +// Enum values for faas.document.operation +var ( + // When a new object is created. + // Stability: development + FaaSDocumentOperationInsert = FaaSDocumentOperationKey.String("insert") + // When an object is modified. + // Stability: development + FaaSDocumentOperationEdit = FaaSDocumentOperationKey.String("edit") + // When an object is deleted. + // Stability: development + FaaSDocumentOperationDelete = FaaSDocumentOperationKey.String("delete") +) + +// Enum values for faas.invoked_provider +var ( + // Alibaba Cloud + // Stability: development + FaaSInvokedProviderAlibabaCloud = FaaSInvokedProviderKey.String("alibaba_cloud") + // Amazon Web Services + // Stability: development + FaaSInvokedProviderAWS = FaaSInvokedProviderKey.String("aws") + // Microsoft Azure + // Stability: development + FaaSInvokedProviderAzure = FaaSInvokedProviderKey.String("azure") + // Google Cloud Platform + // Stability: development + FaaSInvokedProviderGCP = FaaSInvokedProviderKey.String("gcp") + // Tencent Cloud + // Stability: development + FaaSInvokedProviderTencentCloud = FaaSInvokedProviderKey.String("tencent_cloud") +) + +// Enum values for faas.trigger +var ( + // A response to some data source operation such as a database or filesystem + // read/write + // Stability: development + FaaSTriggerDatasource = FaaSTriggerKey.String("datasource") + // To provide an answer to an inbound HTTP request + // Stability: development + FaaSTriggerHTTP = FaaSTriggerKey.String("http") + // A function is set to be executed when messages are sent to a messaging system + // Stability: development + FaaSTriggerPubSub = FaaSTriggerKey.String("pubsub") + // A function is scheduled to be executed regularly + // Stability: development + FaaSTriggerTimer = FaaSTriggerKey.String("timer") + // If none of the others apply + // Stability: development + FaaSTriggerOther = FaaSTriggerKey.String("other") +) + +// Namespace: feature_flag +const ( + // FeatureFlagContextIDKey is the attribute Key conforming to the + // "feature_flag.context.id" semantic conventions. It represents the unique + // identifier for the flag evaluation context. For example, the targeting key. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Release_Candidate + // + // Examples: "5157782b-2203-4c80-a857-dbbd5e7761db" + FeatureFlagContextIDKey = attribute.Key("feature_flag.context.id") + + // FeatureFlagKeyKey is the attribute Key conforming to the "feature_flag.key" + // semantic conventions. It represents the lookup key of the feature flag. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Release_Candidate + // + // Examples: "logo-color" + FeatureFlagKeyKey = attribute.Key("feature_flag.key") + + // FeatureFlagProviderNameKey is the attribute Key conforming to the + // "feature_flag.provider.name" semantic conventions. It represents the + // identifies the feature flag provider. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Release_Candidate + // + // Examples: "Flag Manager" + FeatureFlagProviderNameKey = attribute.Key("feature_flag.provider.name") + + // FeatureFlagResultReasonKey is the attribute Key conforming to the + // "feature_flag.result.reason" semantic conventions. It represents the reason + // code which shows how a feature flag value was determined. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Release_Candidate + // + // Examples: "static", "targeting_match", "error", "default" + FeatureFlagResultReasonKey = attribute.Key("feature_flag.result.reason") + + // FeatureFlagResultValueKey is the attribute Key conforming to the + // "feature_flag.result.value" semantic conventions. It represents the evaluated + // value of the feature flag. + // + // Type: any + // RequirementLevel: Recommended + // Stability: Release_Candidate + // + // Examples: "#ff0000", true, 3 + // Note: With some feature flag providers, feature flag results can be quite + // large or contain private or sensitive details. + // Because of this, `feature_flag.result.variant` is often the preferred + // attribute if it is available. + // + // It may be desirable to redact or otherwise limit the size and scope of + // `feature_flag.result.value` if possible. + // Because the evaluated flag value is unstructured and may be any type, it is + // left to the instrumentation author to determine how best to achieve this. + FeatureFlagResultValueKey = attribute.Key("feature_flag.result.value") + + // FeatureFlagResultVariantKey is the attribute Key conforming to the + // "feature_flag.result.variant" semantic conventions. It represents a semantic + // identifier for an evaluated flag value. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Release_Candidate + // + // Examples: "red", "true", "on" + // Note: A semantic identifier, commonly referred to as a variant, provides a + // means + // for referring to a value without including the value itself. This can + // provide additional context for understanding the meaning behind a value. + // For example, the variant `red` maybe be used for the value `#c05543`. + FeatureFlagResultVariantKey = attribute.Key("feature_flag.result.variant") + + // FeatureFlagSetIDKey is the attribute Key conforming to the + // "feature_flag.set.id" semantic conventions. It represents the identifier of + // the [flag set] to which the feature flag belongs. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Release_Candidate + // + // Examples: "proj-1", "ab98sgs", "service1/dev" + // + // [flag set]: https://openfeature.dev/specification/glossary/#flag-set + FeatureFlagSetIDKey = attribute.Key("feature_flag.set.id") + + // FeatureFlagVersionKey is the attribute Key conforming to the + // "feature_flag.version" semantic conventions. It represents the version of the + // ruleset used during the evaluation. This may be any stable value which + // uniquely identifies the ruleset. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Release_Candidate + // + // Examples: "1", "01ABCDEF" + FeatureFlagVersionKey = attribute.Key("feature_flag.version") +) + +// FeatureFlagContextID returns an attribute KeyValue conforming to the +// "feature_flag.context.id" semantic conventions. It represents the unique +// identifier for the flag evaluation context. For example, the targeting key. +func FeatureFlagContextID(val string) attribute.KeyValue { + return FeatureFlagContextIDKey.String(val) +} + +// FeatureFlagKey returns an attribute KeyValue conforming to the +// "feature_flag.key" semantic conventions. It represents the lookup key of the +// feature flag. +func FeatureFlagKey(val string) attribute.KeyValue { + return FeatureFlagKeyKey.String(val) +} + +// FeatureFlagProviderName returns an attribute KeyValue conforming to the +// "feature_flag.provider.name" semantic conventions. It represents the +// identifies the feature flag provider. +func FeatureFlagProviderName(val string) attribute.KeyValue { + return FeatureFlagProviderNameKey.String(val) +} + +// FeatureFlagResultVariant returns an attribute KeyValue conforming to the +// "feature_flag.result.variant" semantic conventions. It represents a semantic +// identifier for an evaluated flag value. +func FeatureFlagResultVariant(val string) attribute.KeyValue { + return FeatureFlagResultVariantKey.String(val) +} + +// FeatureFlagSetID returns an attribute KeyValue conforming to the +// "feature_flag.set.id" semantic conventions. It represents the identifier of +// the [flag set] to which the feature flag belongs. +// +// [flag set]: https://openfeature.dev/specification/glossary/#flag-set +func FeatureFlagSetID(val string) attribute.KeyValue { + return FeatureFlagSetIDKey.String(val) +} + +// FeatureFlagVersion returns an attribute KeyValue conforming to the +// "feature_flag.version" semantic conventions. It represents the version of the +// ruleset used during the evaluation. This may be any stable value which +// uniquely identifies the ruleset. +func FeatureFlagVersion(val string) attribute.KeyValue { + return FeatureFlagVersionKey.String(val) +} + +// Enum values for feature_flag.result.reason +var ( + // The resolved value is static (no dynamic evaluation). + // Stability: release_candidate + FeatureFlagResultReasonStatic = FeatureFlagResultReasonKey.String("static") + // The resolved value fell back to a pre-configured value (no dynamic evaluation + // occurred or dynamic evaluation yielded no result). + // Stability: release_candidate + FeatureFlagResultReasonDefault = FeatureFlagResultReasonKey.String("default") + // The resolved value was the result of a dynamic evaluation, such as a rule or + // specific user-targeting. + // Stability: release_candidate + FeatureFlagResultReasonTargetingMatch = FeatureFlagResultReasonKey.String("targeting_match") + // The resolved value was the result of pseudorandom assignment. + // Stability: release_candidate + FeatureFlagResultReasonSplit = FeatureFlagResultReasonKey.String("split") + // The resolved value was retrieved from cache. + // Stability: release_candidate + FeatureFlagResultReasonCached = FeatureFlagResultReasonKey.String("cached") + // The resolved value was the result of the flag being disabled in the + // management system. + // Stability: release_candidate + FeatureFlagResultReasonDisabled = FeatureFlagResultReasonKey.String("disabled") + // The reason for the resolved value could not be determined. + // Stability: release_candidate + FeatureFlagResultReasonUnknown = FeatureFlagResultReasonKey.String("unknown") + // The resolved value is non-authoritative or possibly out of date + // Stability: release_candidate + FeatureFlagResultReasonStale = FeatureFlagResultReasonKey.String("stale") + // The resolved value was the result of an error. + // Stability: release_candidate + FeatureFlagResultReasonError = FeatureFlagResultReasonKey.String("error") +) + +// Namespace: file +const ( + // FileAccessedKey is the attribute Key conforming to the "file.accessed" + // semantic conventions. It represents the time when the file was last accessed, + // in ISO 8601 format. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2021-01-01T12:00:00Z" + // Note: This attribute might not be supported by some file systems — NFS, + // FAT32, in embedded OS, etc. + FileAccessedKey = attribute.Key("file.accessed") + + // FileAttributesKey is the attribute Key conforming to the "file.attributes" + // semantic conventions. It represents the array of file attributes. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "readonly", "hidden" + // Note: Attributes names depend on the OS or file system. Here’s a + // non-exhaustive list of values expected for this attribute: `archive`, + // `compressed`, `directory`, `encrypted`, `execute`, `hidden`, `immutable`, + // `journaled`, `read`, `readonly`, `symbolic link`, `system`, `temporary`, + // `write`. + FileAttributesKey = attribute.Key("file.attributes") + + // FileChangedKey is the attribute Key conforming to the "file.changed" semantic + // conventions. It represents the time when the file attributes or metadata was + // last changed, in ISO 8601 format. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2021-01-01T12:00:00Z" + // Note: `file.changed` captures the time when any of the file's properties or + // attributes (including the content) are changed, while `file.modified` + // captures the timestamp when the file content is modified. + FileChangedKey = attribute.Key("file.changed") + + // FileCreatedKey is the attribute Key conforming to the "file.created" semantic + // conventions. It represents the time when the file was created, in ISO 8601 + // format. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2021-01-01T12:00:00Z" + // Note: This attribute might not be supported by some file systems — NFS, + // FAT32, in embedded OS, etc. + FileCreatedKey = attribute.Key("file.created") + + // FileDirectoryKey is the attribute Key conforming to the "file.directory" + // semantic conventions. It represents the directory where the file is located. + // It should include the drive letter, when appropriate. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/home/user", "C:\Program Files\MyApp" + FileDirectoryKey = attribute.Key("file.directory") + + // FileExtensionKey is the attribute Key conforming to the "file.extension" + // semantic conventions. It represents the file extension, excluding the leading + // dot. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "png", "gz" + // Note: When the file name has multiple extensions (example.tar.gz), only the + // last one should be captured ("gz", not "tar.gz"). + FileExtensionKey = attribute.Key("file.extension") + + // FileForkNameKey is the attribute Key conforming to the "file.fork_name" + // semantic conventions. It represents the name of the fork. A fork is + // additional data associated with a filesystem object. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Zone.Identifier" + // Note: On Linux, a resource fork is used to store additional data with a + // filesystem object. A file always has at least one fork for the data portion, + // and additional forks may exist. + // On NTFS, this is analogous to an Alternate Data Stream (ADS), and the default + // data stream for a file is just called $DATA. Zone.Identifier is commonly used + // by Windows to track contents downloaded from the Internet. An ADS is + // typically of the form: C:\path\to\filename.extension:some_fork_name, and + // some_fork_name is the value that should populate `fork_name`. + // `filename.extension` should populate `file.name`, and `extension` should + // populate `file.extension`. The full path, `file.path`, will include the fork + // name. + FileForkNameKey = attribute.Key("file.fork_name") + + // FileGroupIDKey is the attribute Key conforming to the "file.group.id" + // semantic conventions. It represents the primary Group ID (GID) of the file. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1000" + FileGroupIDKey = attribute.Key("file.group.id") + + // FileGroupNameKey is the attribute Key conforming to the "file.group.name" + // semantic conventions. It represents the primary group name of the file. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "users" + FileGroupNameKey = attribute.Key("file.group.name") + + // FileInodeKey is the attribute Key conforming to the "file.inode" semantic + // conventions. It represents the inode representing the file in the filesystem. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "256383" + FileInodeKey = attribute.Key("file.inode") + + // FileModeKey is the attribute Key conforming to the "file.mode" semantic + // conventions. It represents the mode of the file in octal representation. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "0640" + FileModeKey = attribute.Key("file.mode") + + // FileModifiedKey is the attribute Key conforming to the "file.modified" + // semantic conventions. It represents the time when the file content was last + // modified, in ISO 8601 format. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2021-01-01T12:00:00Z" + FileModifiedKey = attribute.Key("file.modified") + + // FileNameKey is the attribute Key conforming to the "file.name" semantic + // conventions. It represents the name of the file including the extension, + // without the directory. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "example.png" + FileNameKey = attribute.Key("file.name") + + // FileOwnerIDKey is the attribute Key conforming to the "file.owner.id" + // semantic conventions. It represents the user ID (UID) or security identifier + // (SID) of the file owner. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1000" + FileOwnerIDKey = attribute.Key("file.owner.id") + + // FileOwnerNameKey is the attribute Key conforming to the "file.owner.name" + // semantic conventions. It represents the username of the file owner. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "root" + FileOwnerNameKey = attribute.Key("file.owner.name") + + // FilePathKey is the attribute Key conforming to the "file.path" semantic + // conventions. It represents the full path to the file, including the file + // name. It should include the drive letter, when appropriate. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/home/alice/example.png", "C:\Program Files\MyApp\myapp.exe" + FilePathKey = attribute.Key("file.path") + + // FileSizeKey is the attribute Key conforming to the "file.size" semantic + // conventions. It represents the file size in bytes. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + FileSizeKey = attribute.Key("file.size") + + // FileSymbolicLinkTargetPathKey is the attribute Key conforming to the + // "file.symbolic_link.target_path" semantic conventions. It represents the path + // to the target of a symbolic link. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/usr/bin/python3" + // Note: This attribute is only applicable to symbolic links. + FileSymbolicLinkTargetPathKey = attribute.Key("file.symbolic_link.target_path") +) + +// FileAccessed returns an attribute KeyValue conforming to the "file.accessed" +// semantic conventions. It represents the time when the file was last accessed, +// in ISO 8601 format. +func FileAccessed(val string) attribute.KeyValue { + return FileAccessedKey.String(val) +} + +// FileAttributes returns an attribute KeyValue conforming to the +// "file.attributes" semantic conventions. It represents the array of file +// attributes. +func FileAttributes(val ...string) attribute.KeyValue { + return FileAttributesKey.StringSlice(val) +} + +// FileChanged returns an attribute KeyValue conforming to the "file.changed" +// semantic conventions. It represents the time when the file attributes or +// metadata was last changed, in ISO 8601 format. +func FileChanged(val string) attribute.KeyValue { + return FileChangedKey.String(val) +} + +// FileCreated returns an attribute KeyValue conforming to the "file.created" +// semantic conventions. It represents the time when the file was created, in ISO +// 8601 format. +func FileCreated(val string) attribute.KeyValue { + return FileCreatedKey.String(val) +} + +// FileDirectory returns an attribute KeyValue conforming to the "file.directory" +// semantic conventions. It represents the directory where the file is located. +// It should include the drive letter, when appropriate. +func FileDirectory(val string) attribute.KeyValue { + return FileDirectoryKey.String(val) +} + +// FileExtension returns an attribute KeyValue conforming to the "file.extension" +// semantic conventions. It represents the file extension, excluding the leading +// dot. +func FileExtension(val string) attribute.KeyValue { + return FileExtensionKey.String(val) +} + +// FileForkName returns an attribute KeyValue conforming to the "file.fork_name" +// semantic conventions. It represents the name of the fork. A fork is additional +// data associated with a filesystem object. +func FileForkName(val string) attribute.KeyValue { + return FileForkNameKey.String(val) +} + +// FileGroupID returns an attribute KeyValue conforming to the "file.group.id" +// semantic conventions. It represents the primary Group ID (GID) of the file. +func FileGroupID(val string) attribute.KeyValue { + return FileGroupIDKey.String(val) +} + +// FileGroupName returns an attribute KeyValue conforming to the +// "file.group.name" semantic conventions. It represents the primary group name +// of the file. +func FileGroupName(val string) attribute.KeyValue { + return FileGroupNameKey.String(val) +} + +// FileInode returns an attribute KeyValue conforming to the "file.inode" +// semantic conventions. It represents the inode representing the file in the +// filesystem. +func FileInode(val string) attribute.KeyValue { + return FileInodeKey.String(val) +} + +// FileMode returns an attribute KeyValue conforming to the "file.mode" semantic +// conventions. It represents the mode of the file in octal representation. +func FileMode(val string) attribute.KeyValue { + return FileModeKey.String(val) +} + +// FileModified returns an attribute KeyValue conforming to the "file.modified" +// semantic conventions. It represents the time when the file content was last +// modified, in ISO 8601 format. +func FileModified(val string) attribute.KeyValue { + return FileModifiedKey.String(val) +} + +// FileName returns an attribute KeyValue conforming to the "file.name" semantic +// conventions. It represents the name of the file including the extension, +// without the directory. +func FileName(val string) attribute.KeyValue { + return FileNameKey.String(val) +} + +// FileOwnerID returns an attribute KeyValue conforming to the "file.owner.id" +// semantic conventions. It represents the user ID (UID) or security identifier +// (SID) of the file owner. +func FileOwnerID(val string) attribute.KeyValue { + return FileOwnerIDKey.String(val) +} + +// FileOwnerName returns an attribute KeyValue conforming to the +// "file.owner.name" semantic conventions. It represents the username of the file +// owner. +func FileOwnerName(val string) attribute.KeyValue { + return FileOwnerNameKey.String(val) +} + +// FilePath returns an attribute KeyValue conforming to the "file.path" semantic +// conventions. It represents the full path to the file, including the file name. +// It should include the drive letter, when appropriate. +func FilePath(val string) attribute.KeyValue { + return FilePathKey.String(val) +} + +// FileSize returns an attribute KeyValue conforming to the "file.size" semantic +// conventions. It represents the file size in bytes. +func FileSize(val int) attribute.KeyValue { + return FileSizeKey.Int(val) +} + +// FileSymbolicLinkTargetPath returns an attribute KeyValue conforming to the +// "file.symbolic_link.target_path" semantic conventions. It represents the path +// to the target of a symbolic link. +func FileSymbolicLinkTargetPath(val string) attribute.KeyValue { + return FileSymbolicLinkTargetPathKey.String(val) +} + +// Namespace: gcp +const ( + // GCPAppHubApplicationContainerKey is the attribute Key conforming to the + // "gcp.apphub.application.container" semantic conventions. It represents the + // container within GCP where the AppHub application is defined. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "projects/my-container-project" + GCPAppHubApplicationContainerKey = attribute.Key("gcp.apphub.application.container") + + // GCPAppHubApplicationIDKey is the attribute Key conforming to the + // "gcp.apphub.application.id" semantic conventions. It represents the name of + // the application as configured in AppHub. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-application" + GCPAppHubApplicationIDKey = attribute.Key("gcp.apphub.application.id") + + // GCPAppHubApplicationLocationKey is the attribute Key conforming to the + // "gcp.apphub.application.location" semantic conventions. It represents the GCP + // zone or region where the application is defined. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "us-central1" + GCPAppHubApplicationLocationKey = attribute.Key("gcp.apphub.application.location") + + // GCPAppHubServiceCriticalityTypeKey is the attribute Key conforming to the + // "gcp.apphub.service.criticality_type" semantic conventions. It represents the + // criticality of a service indicates its importance to the business. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: [See AppHub type enum] + // + // [See AppHub type enum]: https://cloud.google.com/app-hub/docs/reference/rest/v1/Attributes#type + GCPAppHubServiceCriticalityTypeKey = attribute.Key("gcp.apphub.service.criticality_type") + + // GCPAppHubServiceEnvironmentTypeKey is the attribute Key conforming to the + // "gcp.apphub.service.environment_type" semantic conventions. It represents the + // environment of a service is the stage of a software lifecycle. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: [See AppHub environment type] + // + // [See AppHub environment type]: https://cloud.google.com/app-hub/docs/reference/rest/v1/Attributes#type_1 + GCPAppHubServiceEnvironmentTypeKey = attribute.Key("gcp.apphub.service.environment_type") + + // GCPAppHubServiceIDKey is the attribute Key conforming to the + // "gcp.apphub.service.id" semantic conventions. It represents the name of the + // service as configured in AppHub. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-service" + GCPAppHubServiceIDKey = attribute.Key("gcp.apphub.service.id") + + // GCPAppHubWorkloadCriticalityTypeKey is the attribute Key conforming to the + // "gcp.apphub.workload.criticality_type" semantic conventions. It represents + // the criticality of a workload indicates its importance to the business. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: [See AppHub type enum] + // + // [See AppHub type enum]: https://cloud.google.com/app-hub/docs/reference/rest/v1/Attributes#type + GCPAppHubWorkloadCriticalityTypeKey = attribute.Key("gcp.apphub.workload.criticality_type") + + // GCPAppHubWorkloadEnvironmentTypeKey is the attribute Key conforming to the + // "gcp.apphub.workload.environment_type" semantic conventions. It represents + // the environment of a workload is the stage of a software lifecycle. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: [See AppHub environment type] + // + // [See AppHub environment type]: https://cloud.google.com/app-hub/docs/reference/rest/v1/Attributes#type_1 + GCPAppHubWorkloadEnvironmentTypeKey = attribute.Key("gcp.apphub.workload.environment_type") + + // GCPAppHubWorkloadIDKey is the attribute Key conforming to the + // "gcp.apphub.workload.id" semantic conventions. It represents the name of the + // workload as configured in AppHub. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-workload" + GCPAppHubWorkloadIDKey = attribute.Key("gcp.apphub.workload.id") + + // GCPClientServiceKey is the attribute Key conforming to the + // "gcp.client.service" semantic conventions. It represents the identifies the + // Google Cloud service for which the official client library is intended. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "appengine", "run", "firestore", "alloydb", "spanner" + // Note: Intended to be a stable identifier for Google Cloud client libraries + // that is uniform across implementation languages. The value should be derived + // from the canonical service domain for the service; for example, + // 'foo.googleapis.com' should result in a value of 'foo'. + GCPClientServiceKey = attribute.Key("gcp.client.service") + + // GCPCloudRunJobExecutionKey is the attribute Key conforming to the + // "gcp.cloud_run.job.execution" semantic conventions. It represents the name of + // the Cloud Run [execution] being run for the Job, as set by the + // [`CLOUD_RUN_EXECUTION`] environment variable. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "job-name-xxxx", "sample-job-mdw84" + // + // [execution]: https://cloud.google.com/run/docs/managing/job-executions + // [`CLOUD_RUN_EXECUTION`]: https://cloud.google.com/run/docs/container-contract#jobs-env-vars + GCPCloudRunJobExecutionKey = attribute.Key("gcp.cloud_run.job.execution") + + // GCPCloudRunJobTaskIndexKey is the attribute Key conforming to the + // "gcp.cloud_run.job.task_index" semantic conventions. It represents the index + // for a task within an execution as provided by the [`CLOUD_RUN_TASK_INDEX`] + // environment variable. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0, 1 + // + // [`CLOUD_RUN_TASK_INDEX`]: https://cloud.google.com/run/docs/container-contract#jobs-env-vars + GCPCloudRunJobTaskIndexKey = attribute.Key("gcp.cloud_run.job.task_index") + + // GCPGCEInstanceHostnameKey is the attribute Key conforming to the + // "gcp.gce.instance.hostname" semantic conventions. It represents the hostname + // of a GCE instance. This is the full value of the default or [custom hostname] + // . + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-host1234.example.com", + // "sample-vm.us-west1-b.c.my-project.internal" + // + // [custom hostname]: https://cloud.google.com/compute/docs/instances/custom-hostname-vm + GCPGCEInstanceHostnameKey = attribute.Key("gcp.gce.instance.hostname") + + // GCPGCEInstanceNameKey is the attribute Key conforming to the + // "gcp.gce.instance.name" semantic conventions. It represents the instance name + // of a GCE instance. This is the value provided by `host.name`, the visible + // name of the instance in the Cloud Console UI, and the prefix for the default + // hostname of the instance as defined by the [default internal DNS name]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "instance-1", "my-vm-name" + // + // [default internal DNS name]: https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names + GCPGCEInstanceNameKey = attribute.Key("gcp.gce.instance.name") +) + +// GCPAppHubApplicationContainer returns an attribute KeyValue conforming to the +// "gcp.apphub.application.container" semantic conventions. It represents the +// container within GCP where the AppHub application is defined. +func GCPAppHubApplicationContainer(val string) attribute.KeyValue { + return GCPAppHubApplicationContainerKey.String(val) +} + +// GCPAppHubApplicationID returns an attribute KeyValue conforming to the +// "gcp.apphub.application.id" semantic conventions. It represents the name of +// the application as configured in AppHub. +func GCPAppHubApplicationID(val string) attribute.KeyValue { + return GCPAppHubApplicationIDKey.String(val) +} + +// GCPAppHubApplicationLocation returns an attribute KeyValue conforming to the +// "gcp.apphub.application.location" semantic conventions. It represents the GCP +// zone or region where the application is defined. +func GCPAppHubApplicationLocation(val string) attribute.KeyValue { + return GCPAppHubApplicationLocationKey.String(val) +} + +// GCPAppHubServiceID returns an attribute KeyValue conforming to the +// "gcp.apphub.service.id" semantic conventions. It represents the name of the +// service as configured in AppHub. +func GCPAppHubServiceID(val string) attribute.KeyValue { + return GCPAppHubServiceIDKey.String(val) +} + +// GCPAppHubWorkloadID returns an attribute KeyValue conforming to the +// "gcp.apphub.workload.id" semantic conventions. It represents the name of the +// workload as configured in AppHub. +func GCPAppHubWorkloadID(val string) attribute.KeyValue { + return GCPAppHubWorkloadIDKey.String(val) +} + +// GCPClientService returns an attribute KeyValue conforming to the +// "gcp.client.service" semantic conventions. It represents the identifies the +// Google Cloud service for which the official client library is intended. +func GCPClientService(val string) attribute.KeyValue { + return GCPClientServiceKey.String(val) +} + +// GCPCloudRunJobExecution returns an attribute KeyValue conforming to the +// "gcp.cloud_run.job.execution" semantic conventions. It represents the name of +// the Cloud Run [execution] being run for the Job, as set by the +// [`CLOUD_RUN_EXECUTION`] environment variable. +// +// [execution]: https://cloud.google.com/run/docs/managing/job-executions +// [`CLOUD_RUN_EXECUTION`]: https://cloud.google.com/run/docs/container-contract#jobs-env-vars +func GCPCloudRunJobExecution(val string) attribute.KeyValue { + return GCPCloudRunJobExecutionKey.String(val) +} + +// GCPCloudRunJobTaskIndex returns an attribute KeyValue conforming to the +// "gcp.cloud_run.job.task_index" semantic conventions. It represents the index +// for a task within an execution as provided by the [`CLOUD_RUN_TASK_INDEX`] +// environment variable. +// +// [`CLOUD_RUN_TASK_INDEX`]: https://cloud.google.com/run/docs/container-contract#jobs-env-vars +func GCPCloudRunJobTaskIndex(val int) attribute.KeyValue { + return GCPCloudRunJobTaskIndexKey.Int(val) +} + +// GCPGCEInstanceHostname returns an attribute KeyValue conforming to the +// "gcp.gce.instance.hostname" semantic conventions. It represents the hostname +// of a GCE instance. This is the full value of the default or [custom hostname] +// . +// +// [custom hostname]: https://cloud.google.com/compute/docs/instances/custom-hostname-vm +func GCPGCEInstanceHostname(val string) attribute.KeyValue { + return GCPGCEInstanceHostnameKey.String(val) +} + +// GCPGCEInstanceName returns an attribute KeyValue conforming to the +// "gcp.gce.instance.name" semantic conventions. It represents the instance name +// of a GCE instance. This is the value provided by `host.name`, the visible name +// of the instance in the Cloud Console UI, and the prefix for the default +// hostname of the instance as defined by the [default internal DNS name]. +// +// [default internal DNS name]: https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names +func GCPGCEInstanceName(val string) attribute.KeyValue { + return GCPGCEInstanceNameKey.String(val) +} + +// Enum values for gcp.apphub.service.criticality_type +var ( + // Mission critical service. + // Stability: development + GCPAppHubServiceCriticalityTypeMissionCritical = GCPAppHubServiceCriticalityTypeKey.String("MISSION_CRITICAL") + // High impact. + // Stability: development + GCPAppHubServiceCriticalityTypeHigh = GCPAppHubServiceCriticalityTypeKey.String("HIGH") + // Medium impact. + // Stability: development + GCPAppHubServiceCriticalityTypeMedium = GCPAppHubServiceCriticalityTypeKey.String("MEDIUM") + // Low impact. + // Stability: development + GCPAppHubServiceCriticalityTypeLow = GCPAppHubServiceCriticalityTypeKey.String("LOW") +) + +// Enum values for gcp.apphub.service.environment_type +var ( + // Production environment. + // Stability: development + GCPAppHubServiceEnvironmentTypeProduction = GCPAppHubServiceEnvironmentTypeKey.String("PRODUCTION") + // Staging environment. + // Stability: development + GCPAppHubServiceEnvironmentTypeStaging = GCPAppHubServiceEnvironmentTypeKey.String("STAGING") + // Test environment. + // Stability: development + GCPAppHubServiceEnvironmentTypeTest = GCPAppHubServiceEnvironmentTypeKey.String("TEST") + // Development environment. + // Stability: development + GCPAppHubServiceEnvironmentTypeDevelopment = GCPAppHubServiceEnvironmentTypeKey.String("DEVELOPMENT") +) + +// Enum values for gcp.apphub.workload.criticality_type +var ( + // Mission critical service. + // Stability: development + GCPAppHubWorkloadCriticalityTypeMissionCritical = GCPAppHubWorkloadCriticalityTypeKey.String("MISSION_CRITICAL") + // High impact. + // Stability: development + GCPAppHubWorkloadCriticalityTypeHigh = GCPAppHubWorkloadCriticalityTypeKey.String("HIGH") + // Medium impact. + // Stability: development + GCPAppHubWorkloadCriticalityTypeMedium = GCPAppHubWorkloadCriticalityTypeKey.String("MEDIUM") + // Low impact. + // Stability: development + GCPAppHubWorkloadCriticalityTypeLow = GCPAppHubWorkloadCriticalityTypeKey.String("LOW") +) + +// Enum values for gcp.apphub.workload.environment_type +var ( + // Production environment. + // Stability: development + GCPAppHubWorkloadEnvironmentTypeProduction = GCPAppHubWorkloadEnvironmentTypeKey.String("PRODUCTION") + // Staging environment. + // Stability: development + GCPAppHubWorkloadEnvironmentTypeStaging = GCPAppHubWorkloadEnvironmentTypeKey.String("STAGING") + // Test environment. + // Stability: development + GCPAppHubWorkloadEnvironmentTypeTest = GCPAppHubWorkloadEnvironmentTypeKey.String("TEST") + // Development environment. + // Stability: development + GCPAppHubWorkloadEnvironmentTypeDevelopment = GCPAppHubWorkloadEnvironmentTypeKey.String("DEVELOPMENT") +) + +// Namespace: gen_ai +const ( + // GenAIAgentDescriptionKey is the attribute Key conforming to the + // "gen_ai.agent.description" semantic conventions. It represents the free-form + // description of the GenAI agent provided by the application. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Helps with math problems", "Generates fiction stories" + GenAIAgentDescriptionKey = attribute.Key("gen_ai.agent.description") + + // GenAIAgentIDKey is the attribute Key conforming to the "gen_ai.agent.id" + // semantic conventions. It represents the unique identifier of the GenAI agent. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "asst_5j66UpCpwteGg4YSxUnt7lPY" + GenAIAgentIDKey = attribute.Key("gen_ai.agent.id") + + // GenAIAgentNameKey is the attribute Key conforming to the "gen_ai.agent.name" + // semantic conventions. It represents the human-readable name of the GenAI + // agent provided by the application. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Math Tutor", "Fiction Writer" + GenAIAgentNameKey = attribute.Key("gen_ai.agent.name") + + // GenAIConversationIDKey is the attribute Key conforming to the + // "gen_ai.conversation.id" semantic conventions. It represents the unique + // identifier for a conversation (session, thread), used to store and correlate + // messages within this conversation. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "conv_5j66UpCpwteGg4YSxUnt7lPY" + GenAIConversationIDKey = attribute.Key("gen_ai.conversation.id") + + // GenAIDataSourceIDKey is the attribute Key conforming to the + // "gen_ai.data_source.id" semantic conventions. It represents the data source + // identifier. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "H7STPQYOND" + // Note: Data sources are used by AI agents and RAG applications to store + // grounding data. A data source may be an external database, object store, + // document collection, website, or any other storage system used by the GenAI + // agent or application. The `gen_ai.data_source.id` SHOULD match the identifier + // used by the GenAI system rather than a name specific to the external storage, + // such as a database or object store. Semantic conventions referencing + // `gen_ai.data_source.id` MAY also leverage additional attributes, such as + // `db.*`, to further identify and describe the data source. + GenAIDataSourceIDKey = attribute.Key("gen_ai.data_source.id") + + // GenAIInputMessagesKey is the attribute Key conforming to the + // "gen_ai.input.messages" semantic conventions. It represents the chat history + // provided to the model as an input. + // + // Type: any + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "[\n {\n "role": "user",\n "parts": [\n {\n "type": "text",\n + // "content": "Weather in Paris?"\n }\n ]\n },\n {\n "role": "assistant",\n + // "parts": [\n {\n "type": "tool_call",\n "id": + // "call_VSPygqKTWdrhaFErNvMV18Yl",\n "name": "get_weather",\n "arguments": {\n + // "location": "Paris"\n }\n }\n ]\n },\n {\n "role": "tool",\n "parts": [\n {\n + // "type": "tool_call_response",\n "id": " call_VSPygqKTWdrhaFErNvMV18Yl",\n + // "result": "rainy, 57°F"\n }\n ]\n }\n]\n" + // Note: Instrumentations MUST follow [Input messages JSON schema]. + // When the attribute is recorded on events, it MUST be recorded in structured + // form. When recorded on spans, it MAY be recorded as a JSON string if + // structured + // format is not supported and SHOULD be recorded in structured form otherwise. + // + // Messages MUST be provided in the order they were sent to the model. + // Instrumentations MAY provide a way for users to filter or truncate + // input messages. + // + // > [!Warning] + // > This attribute is likely to contain sensitive information including + // > user/PII data. + // + // See [Recording content on attributes] + // section for more details. + // + // [Input messages JSON schema]: /docs/gen-ai/gen-ai-input-messages.json + // [Recording content on attributes]: /docs/gen-ai/gen-ai-spans.md#recording-content-on-attributes + GenAIInputMessagesKey = attribute.Key("gen_ai.input.messages") + + // GenAIOperationNameKey is the attribute Key conforming to the + // "gen_ai.operation.name" semantic conventions. It represents the name of the + // operation being performed. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: If one of the predefined values applies, but specific system uses a + // different name it's RECOMMENDED to document it in the semantic conventions + // for specific GenAI system and use system-specific name in the + // instrumentation. If a different name is not documented, instrumentation + // libraries SHOULD use applicable predefined value. + GenAIOperationNameKey = attribute.Key("gen_ai.operation.name") + + // GenAIOutputMessagesKey is the attribute Key conforming to the + // "gen_ai.output.messages" semantic conventions. It represents the messages + // returned by the model where each message represents a specific model response + // (choice, candidate). + // + // Type: any + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "[\n {\n "role": "assistant",\n "parts": [\n {\n "type": "text",\n + // "content": "The weather in Paris is currently rainy with a temperature of + // 57°F."\n }\n ],\n "finish_reason": "stop"\n }\n]\n" + // Note: Instrumentations MUST follow [Output messages JSON schema] + // + // Each message represents a single output choice/candidate generated by + // the model. Each message corresponds to exactly one generation + // (choice/candidate) and vice versa - one choice cannot be split across + // multiple messages or one message cannot contain parts from multiple choices. + // + // When the attribute is recorded on events, it MUST be recorded in structured + // form. When recorded on spans, it MAY be recorded as a JSON string if + // structured + // format is not supported and SHOULD be recorded in structured form otherwise. + // + // Instrumentations MAY provide a way for users to filter or truncate + // output messages. + // + // > [!Warning] + // > This attribute is likely to contain sensitive information including + // > user/PII data. + // + // See [Recording content on attributes] + // section for more details. + // + // [Output messages JSON schema]: /docs/gen-ai/gen-ai-output-messages.json + // [Recording content on attributes]: /docs/gen-ai/gen-ai-spans.md#recording-content-on-attributes + GenAIOutputMessagesKey = attribute.Key("gen_ai.output.messages") + + // GenAIOutputTypeKey is the attribute Key conforming to the + // "gen_ai.output.type" semantic conventions. It represents the represents the + // content type requested by the client. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: This attribute SHOULD be used when the client requests output of a + // specific type. The model may return zero or more outputs of this type. + // This attribute specifies the output modality and not the actual output + // format. For example, if an image is requested, the actual output could be a + // URL pointing to an image file. + // Additional output format details may be recorded in the future in the + // `gen_ai.output.{type}.*` attributes. + GenAIOutputTypeKey = attribute.Key("gen_ai.output.type") + + // GenAIProviderNameKey is the attribute Key conforming to the + // "gen_ai.provider.name" semantic conventions. It represents the Generative AI + // provider as identified by the client or server instrumentation. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: The attribute SHOULD be set based on the instrumentation's best + // knowledge and may differ from the actual model provider. + // + // Multiple providers, including Azure OpenAI, Gemini, and AI hosting platforms + // are accessible using the OpenAI REST API and corresponding client libraries, + // but may proxy or host models from different providers. + // + // The `gen_ai.request.model`, `gen_ai.response.model`, and `server.address` + // attributes may help identify the actual system in use. + // + // The `gen_ai.provider.name` attribute acts as a discriminator that + // identifies the GenAI telemetry format flavor specific to that provider + // within GenAI semantic conventions. + // It SHOULD be set consistently with provider-specific attributes and signals. + // For example, GenAI spans, metrics, and events related to AWS Bedrock + // should have the `gen_ai.provider.name` set to `aws.bedrock` and include + // applicable `aws.bedrock.*` attributes and are not expected to include + // `openai.*` attributes. + GenAIProviderNameKey = attribute.Key("gen_ai.provider.name") + + // GenAIRequestChoiceCountKey is the attribute Key conforming to the + // "gen_ai.request.choice.count" semantic conventions. It represents the target + // number of candidate completions to return. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 3 + GenAIRequestChoiceCountKey = attribute.Key("gen_ai.request.choice.count") + + // GenAIRequestEncodingFormatsKey is the attribute Key conforming to the + // "gen_ai.request.encoding_formats" semantic conventions. It represents the + // encoding formats requested in an embeddings operation, if specified. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "base64"], ["float", "binary" + // Note: In some GenAI systems the encoding formats are called embedding types. + // Also, some GenAI systems only accept a single format per request. + GenAIRequestEncodingFormatsKey = attribute.Key("gen_ai.request.encoding_formats") + + // GenAIRequestFrequencyPenaltyKey is the attribute Key conforming to the + // "gen_ai.request.frequency_penalty" semantic conventions. It represents the + // frequency penalty setting for the GenAI request. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0.1 + GenAIRequestFrequencyPenaltyKey = attribute.Key("gen_ai.request.frequency_penalty") + + // GenAIRequestMaxTokensKey is the attribute Key conforming to the + // "gen_ai.request.max_tokens" semantic conventions. It represents the maximum + // number of tokens the model generates for a request. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 100 + GenAIRequestMaxTokensKey = attribute.Key("gen_ai.request.max_tokens") + + // GenAIRequestModelKey is the attribute Key conforming to the + // "gen_ai.request.model" semantic conventions. It represents the name of the + // GenAI model a request is being made to. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: gpt-4 + GenAIRequestModelKey = attribute.Key("gen_ai.request.model") + + // GenAIRequestPresencePenaltyKey is the attribute Key conforming to the + // "gen_ai.request.presence_penalty" semantic conventions. It represents the + // presence penalty setting for the GenAI request. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0.1 + GenAIRequestPresencePenaltyKey = attribute.Key("gen_ai.request.presence_penalty") + + // GenAIRequestSeedKey is the attribute Key conforming to the + // "gen_ai.request.seed" semantic conventions. It represents the requests with + // same seed value more likely to return same result. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 100 + GenAIRequestSeedKey = attribute.Key("gen_ai.request.seed") + + // GenAIRequestStopSequencesKey is the attribute Key conforming to the + // "gen_ai.request.stop_sequences" semantic conventions. It represents the list + // of sequences that the model will use to stop generating further tokens. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "forest", "lived" + GenAIRequestStopSequencesKey = attribute.Key("gen_ai.request.stop_sequences") + + // GenAIRequestTemperatureKey is the attribute Key conforming to the + // "gen_ai.request.temperature" semantic conventions. It represents the + // temperature setting for the GenAI request. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0.0 + GenAIRequestTemperatureKey = attribute.Key("gen_ai.request.temperature") + + // GenAIRequestTopKKey is the attribute Key conforming to the + // "gen_ai.request.top_k" semantic conventions. It represents the top_k sampling + // setting for the GenAI request. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1.0 + GenAIRequestTopKKey = attribute.Key("gen_ai.request.top_k") + + // GenAIRequestTopPKey is the attribute Key conforming to the + // "gen_ai.request.top_p" semantic conventions. It represents the top_p sampling + // setting for the GenAI request. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1.0 + GenAIRequestTopPKey = attribute.Key("gen_ai.request.top_p") + + // GenAIResponseFinishReasonsKey is the attribute Key conforming to the + // "gen_ai.response.finish_reasons" semantic conventions. It represents the + // array of reasons the model stopped generating tokens, corresponding to each + // generation received. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "stop"], ["stop", "length" + GenAIResponseFinishReasonsKey = attribute.Key("gen_ai.response.finish_reasons") + + // GenAIResponseIDKey is the attribute Key conforming to the + // "gen_ai.response.id" semantic conventions. It represents the unique + // identifier for the completion. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "chatcmpl-123" + GenAIResponseIDKey = attribute.Key("gen_ai.response.id") + + // GenAIResponseModelKey is the attribute Key conforming to the + // "gen_ai.response.model" semantic conventions. It represents the name of the + // model that generated the response. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "gpt-4-0613" + GenAIResponseModelKey = attribute.Key("gen_ai.response.model") + + // GenAISystemInstructionsKey is the attribute Key conforming to the + // "gen_ai.system_instructions" semantic conventions. It represents the system + // message or instructions provided to the GenAI model separately from the chat + // history. + // + // Type: any + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "[\n {\n "type": "text",\n "content": "You are an Agent that greet + // users, always use greetings tool to respond"\n }\n]\n", "[\n {\n "type": + // "text",\n "content": "You are a language translator."\n },\n {\n "type": + // "text",\n "content": "Your mission is to translate text in English to + // French."\n }\n]\n" + // Note: This attribute SHOULD be used when the corresponding provider or API + // allows to provide system instructions or messages separately from the + // chat history. + // + // Instructions that are part of the chat history SHOULD be recorded in + // `gen_ai.input.messages` attribute instead. + // + // Instrumentations MUST follow [System instructions JSON schema]. + // + // When recorded on spans, it MAY be recorded as a JSON string if structured + // format is not supported and SHOULD be recorded in structured form otherwise. + // + // Instrumentations MAY provide a way for users to filter or truncate + // system instructions. + // + // > [!Warning] + // > This attribute may contain sensitive information. + // + // See [Recording content on attributes] + // section for more details. + // + // [System instructions JSON schema]: /docs/gen-ai/gen-ai-system-instructions.json + // [Recording content on attributes]: /docs/gen-ai/gen-ai-spans.md#recording-content-on-attributes + GenAISystemInstructionsKey = attribute.Key("gen_ai.system_instructions") + + // GenAITokenTypeKey is the attribute Key conforming to the "gen_ai.token.type" + // semantic conventions. It represents the type of token being counted. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "input", "output" + GenAITokenTypeKey = attribute.Key("gen_ai.token.type") + + // GenAIToolCallIDKey is the attribute Key conforming to the + // "gen_ai.tool.call.id" semantic conventions. It represents the tool call + // identifier. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "call_mszuSIzqtI65i1wAUOE8w5H4" + GenAIToolCallIDKey = attribute.Key("gen_ai.tool.call.id") + + // GenAIToolDescriptionKey is the attribute Key conforming to the + // "gen_ai.tool.description" semantic conventions. It represents the tool + // description. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Multiply two numbers" + GenAIToolDescriptionKey = attribute.Key("gen_ai.tool.description") + + // GenAIToolNameKey is the attribute Key conforming to the "gen_ai.tool.name" + // semantic conventions. It represents the name of the tool utilized by the + // agent. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Flights" + GenAIToolNameKey = attribute.Key("gen_ai.tool.name") + + // GenAIToolTypeKey is the attribute Key conforming to the "gen_ai.tool.type" + // semantic conventions. It represents the type of the tool utilized by the + // agent. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "function", "extension", "datastore" + // Note: Extension: A tool executed on the agent-side to directly call external + // APIs, bridging the gap between the agent and real-world systems. + // Agent-side operations involve actions that are performed by the agent on the + // server or within the agent's controlled environment. + // Function: A tool executed on the client-side, where the agent generates + // parameters for a predefined function, and the client executes the logic. + // Client-side operations are actions taken on the user's end or within the + // client application. + // Datastore: A tool used by the agent to access and query structured or + // unstructured external data for retrieval-augmented tasks or knowledge + // updates. + GenAIToolTypeKey = attribute.Key("gen_ai.tool.type") + + // GenAIUsageInputTokensKey is the attribute Key conforming to the + // "gen_ai.usage.input_tokens" semantic conventions. It represents the number of + // tokens used in the GenAI input (prompt). + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 100 + GenAIUsageInputTokensKey = attribute.Key("gen_ai.usage.input_tokens") + + // GenAIUsageOutputTokensKey is the attribute Key conforming to the + // "gen_ai.usage.output_tokens" semantic conventions. It represents the number + // of tokens used in the GenAI response (completion). + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 180 + GenAIUsageOutputTokensKey = attribute.Key("gen_ai.usage.output_tokens") +) + +// GenAIAgentDescription returns an attribute KeyValue conforming to the +// "gen_ai.agent.description" semantic conventions. It represents the free-form +// description of the GenAI agent provided by the application. +func GenAIAgentDescription(val string) attribute.KeyValue { + return GenAIAgentDescriptionKey.String(val) +} + +// GenAIAgentID returns an attribute KeyValue conforming to the "gen_ai.agent.id" +// semantic conventions. It represents the unique identifier of the GenAI agent. +func GenAIAgentID(val string) attribute.KeyValue { + return GenAIAgentIDKey.String(val) +} + +// GenAIAgentName returns an attribute KeyValue conforming to the +// "gen_ai.agent.name" semantic conventions. It represents the human-readable +// name of the GenAI agent provided by the application. +func GenAIAgentName(val string) attribute.KeyValue { + return GenAIAgentNameKey.String(val) +} + +// GenAIConversationID returns an attribute KeyValue conforming to the +// "gen_ai.conversation.id" semantic conventions. It represents the unique +// identifier for a conversation (session, thread), used to store and correlate +// messages within this conversation. +func GenAIConversationID(val string) attribute.KeyValue { + return GenAIConversationIDKey.String(val) +} + +// GenAIDataSourceID returns an attribute KeyValue conforming to the +// "gen_ai.data_source.id" semantic conventions. It represents the data source +// identifier. +func GenAIDataSourceID(val string) attribute.KeyValue { + return GenAIDataSourceIDKey.String(val) +} + +// GenAIRequestChoiceCount returns an attribute KeyValue conforming to the +// "gen_ai.request.choice.count" semantic conventions. It represents the target +// number of candidate completions to return. +func GenAIRequestChoiceCount(val int) attribute.KeyValue { + return GenAIRequestChoiceCountKey.Int(val) +} + +// GenAIRequestEncodingFormats returns an attribute KeyValue conforming to the +// "gen_ai.request.encoding_formats" semantic conventions. It represents the +// encoding formats requested in an embeddings operation, if specified. +func GenAIRequestEncodingFormats(val ...string) attribute.KeyValue { + return GenAIRequestEncodingFormatsKey.StringSlice(val) +} + +// GenAIRequestFrequencyPenalty returns an attribute KeyValue conforming to the +// "gen_ai.request.frequency_penalty" semantic conventions. It represents the +// frequency penalty setting for the GenAI request. +func GenAIRequestFrequencyPenalty(val float64) attribute.KeyValue { + return GenAIRequestFrequencyPenaltyKey.Float64(val) +} + +// GenAIRequestMaxTokens returns an attribute KeyValue conforming to the +// "gen_ai.request.max_tokens" semantic conventions. It represents the maximum +// number of tokens the model generates for a request. +func GenAIRequestMaxTokens(val int) attribute.KeyValue { + return GenAIRequestMaxTokensKey.Int(val) +} + +// GenAIRequestModel returns an attribute KeyValue conforming to the +// "gen_ai.request.model" semantic conventions. It represents the name of the +// GenAI model a request is being made to. +func GenAIRequestModel(val string) attribute.KeyValue { + return GenAIRequestModelKey.String(val) +} + +// GenAIRequestPresencePenalty returns an attribute KeyValue conforming to the +// "gen_ai.request.presence_penalty" semantic conventions. It represents the +// presence penalty setting for the GenAI request. +func GenAIRequestPresencePenalty(val float64) attribute.KeyValue { + return GenAIRequestPresencePenaltyKey.Float64(val) +} + +// GenAIRequestSeed returns an attribute KeyValue conforming to the +// "gen_ai.request.seed" semantic conventions. It represents the requests with +// same seed value more likely to return same result. +func GenAIRequestSeed(val int) attribute.KeyValue { + return GenAIRequestSeedKey.Int(val) +} + +// GenAIRequestStopSequences returns an attribute KeyValue conforming to the +// "gen_ai.request.stop_sequences" semantic conventions. It represents the list +// of sequences that the model will use to stop generating further tokens. +func GenAIRequestStopSequences(val ...string) attribute.KeyValue { + return GenAIRequestStopSequencesKey.StringSlice(val) +} + +// GenAIRequestTemperature returns an attribute KeyValue conforming to the +// "gen_ai.request.temperature" semantic conventions. It represents the +// temperature setting for the GenAI request. +func GenAIRequestTemperature(val float64) attribute.KeyValue { + return GenAIRequestTemperatureKey.Float64(val) +} + +// GenAIRequestTopK returns an attribute KeyValue conforming to the +// "gen_ai.request.top_k" semantic conventions. It represents the top_k sampling +// setting for the GenAI request. +func GenAIRequestTopK(val float64) attribute.KeyValue { + return GenAIRequestTopKKey.Float64(val) +} + +// GenAIRequestTopP returns an attribute KeyValue conforming to the +// "gen_ai.request.top_p" semantic conventions. It represents the top_p sampling +// setting for the GenAI request. +func GenAIRequestTopP(val float64) attribute.KeyValue { + return GenAIRequestTopPKey.Float64(val) +} + +// GenAIResponseFinishReasons returns an attribute KeyValue conforming to the +// "gen_ai.response.finish_reasons" semantic conventions. It represents the array +// of reasons the model stopped generating tokens, corresponding to each +// generation received. +func GenAIResponseFinishReasons(val ...string) attribute.KeyValue { + return GenAIResponseFinishReasonsKey.StringSlice(val) +} + +// GenAIResponseID returns an attribute KeyValue conforming to the +// "gen_ai.response.id" semantic conventions. It represents the unique identifier +// for the completion. +func GenAIResponseID(val string) attribute.KeyValue { + return GenAIResponseIDKey.String(val) +} + +// GenAIResponseModel returns an attribute KeyValue conforming to the +// "gen_ai.response.model" semantic conventions. It represents the name of the +// model that generated the response. +func GenAIResponseModel(val string) attribute.KeyValue { + return GenAIResponseModelKey.String(val) +} + +// GenAIToolCallID returns an attribute KeyValue conforming to the +// "gen_ai.tool.call.id" semantic conventions. It represents the tool call +// identifier. +func GenAIToolCallID(val string) attribute.KeyValue { + return GenAIToolCallIDKey.String(val) +} + +// GenAIToolDescription returns an attribute KeyValue conforming to the +// "gen_ai.tool.description" semantic conventions. It represents the tool +// description. +func GenAIToolDescription(val string) attribute.KeyValue { + return GenAIToolDescriptionKey.String(val) +} + +// GenAIToolName returns an attribute KeyValue conforming to the +// "gen_ai.tool.name" semantic conventions. It represents the name of the tool +// utilized by the agent. +func GenAIToolName(val string) attribute.KeyValue { + return GenAIToolNameKey.String(val) +} + +// GenAIToolType returns an attribute KeyValue conforming to the +// "gen_ai.tool.type" semantic conventions. It represents the type of the tool +// utilized by the agent. +func GenAIToolType(val string) attribute.KeyValue { + return GenAIToolTypeKey.String(val) +} + +// GenAIUsageInputTokens returns an attribute KeyValue conforming to the +// "gen_ai.usage.input_tokens" semantic conventions. It represents the number of +// tokens used in the GenAI input (prompt). +func GenAIUsageInputTokens(val int) attribute.KeyValue { + return GenAIUsageInputTokensKey.Int(val) +} + +// GenAIUsageOutputTokens returns an attribute KeyValue conforming to the +// "gen_ai.usage.output_tokens" semantic conventions. It represents the number of +// tokens used in the GenAI response (completion). +func GenAIUsageOutputTokens(val int) attribute.KeyValue { + return GenAIUsageOutputTokensKey.Int(val) +} + +// Enum values for gen_ai.operation.name +var ( + // Chat completion operation such as [OpenAI Chat API] + // Stability: development + // + // [OpenAI Chat API]: https://platform.openai.com/docs/api-reference/chat + GenAIOperationNameChat = GenAIOperationNameKey.String("chat") + // Multimodal content generation operation such as [Gemini Generate Content] + // Stability: development + // + // [Gemini Generate Content]: https://ai.google.dev/api/generate-content + GenAIOperationNameGenerateContent = GenAIOperationNameKey.String("generate_content") + // Text completions operation such as [OpenAI Completions API (Legacy)] + // Stability: development + // + // [OpenAI Completions API (Legacy)]: https://platform.openai.com/docs/api-reference/completions + GenAIOperationNameTextCompletion = GenAIOperationNameKey.String("text_completion") + // Embeddings operation such as [OpenAI Create embeddings API] + // Stability: development + // + // [OpenAI Create embeddings API]: https://platform.openai.com/docs/api-reference/embeddings/create + GenAIOperationNameEmbeddings = GenAIOperationNameKey.String("embeddings") + // Create GenAI agent + // Stability: development + GenAIOperationNameCreateAgent = GenAIOperationNameKey.String("create_agent") + // Invoke GenAI agent + // Stability: development + GenAIOperationNameInvokeAgent = GenAIOperationNameKey.String("invoke_agent") + // Execute a tool + // Stability: development + GenAIOperationNameExecuteTool = GenAIOperationNameKey.String("execute_tool") +) + +// Enum values for gen_ai.output.type +var ( + // Plain text + // Stability: development + GenAIOutputTypeText = GenAIOutputTypeKey.String("text") + // JSON object with known or unknown schema + // Stability: development + GenAIOutputTypeJSON = GenAIOutputTypeKey.String("json") + // Image + // Stability: development + GenAIOutputTypeImage = GenAIOutputTypeKey.String("image") + // Speech + // Stability: development + GenAIOutputTypeSpeech = GenAIOutputTypeKey.String("speech") +) + +// Enum values for gen_ai.provider.name +var ( + // [OpenAI] + // Stability: development + // + // [OpenAI]: https://openai.com/ + GenAIProviderNameOpenAI = GenAIProviderNameKey.String("openai") + // Any Google generative AI endpoint + // Stability: development + GenAIProviderNameGCPGenAI = GenAIProviderNameKey.String("gcp.gen_ai") + // [Vertex AI] + // Stability: development + // + // [Vertex AI]: https://cloud.google.com/vertex-ai + GenAIProviderNameGCPVertexAI = GenAIProviderNameKey.String("gcp.vertex_ai") + // [Gemini] + // Stability: development + // + // [Gemini]: https://cloud.google.com/products/gemini + GenAIProviderNameGCPGemini = GenAIProviderNameKey.String("gcp.gemini") + // [Anthropic] + // Stability: development + // + // [Anthropic]: https://www.anthropic.com/ + GenAIProviderNameAnthropic = GenAIProviderNameKey.String("anthropic") + // [Cohere] + // Stability: development + // + // [Cohere]: https://cohere.com/ + GenAIProviderNameCohere = GenAIProviderNameKey.String("cohere") + // Azure AI Inference + // Stability: development + GenAIProviderNameAzureAIInference = GenAIProviderNameKey.String("azure.ai.inference") + // [Azure OpenAI] + // Stability: development + // + // [Azure OpenAI]: https://azure.microsoft.com/products/ai-services/openai-service/ + GenAIProviderNameAzureAIOpenAI = GenAIProviderNameKey.String("azure.ai.openai") + // [IBM Watsonx AI] + // Stability: development + // + // [IBM Watsonx AI]: https://www.ibm.com/products/watsonx-ai + GenAIProviderNameIBMWatsonxAI = GenAIProviderNameKey.String("ibm.watsonx.ai") + // [AWS Bedrock] + // Stability: development + // + // [AWS Bedrock]: https://aws.amazon.com/bedrock + GenAIProviderNameAWSBedrock = GenAIProviderNameKey.String("aws.bedrock") + // [Perplexity] + // Stability: development + // + // [Perplexity]: https://www.perplexity.ai/ + GenAIProviderNamePerplexity = GenAIProviderNameKey.String("perplexity") + // [xAI] + // Stability: development + // + // [xAI]: https://x.ai/ + GenAIProviderNameXAI = GenAIProviderNameKey.String("x_ai") + // [DeepSeek] + // Stability: development + // + // [DeepSeek]: https://www.deepseek.com/ + GenAIProviderNameDeepseek = GenAIProviderNameKey.String("deepseek") + // [Groq] + // Stability: development + // + // [Groq]: https://groq.com/ + GenAIProviderNameGroq = GenAIProviderNameKey.String("groq") + // [Mistral AI] + // Stability: development + // + // [Mistral AI]: https://mistral.ai/ + GenAIProviderNameMistralAI = GenAIProviderNameKey.String("mistral_ai") +) + +// Enum values for gen_ai.token.type +var ( + // Input tokens (prompt, input, etc.) + // Stability: development + GenAITokenTypeInput = GenAITokenTypeKey.String("input") + // Output tokens (completion, response, etc.) + // Stability: development + GenAITokenTypeOutput = GenAITokenTypeKey.String("output") +) + +// Namespace: geo +const ( + // GeoContinentCodeKey is the attribute Key conforming to the + // "geo.continent.code" semantic conventions. It represents the two-letter code + // representing continent’s name. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + GeoContinentCodeKey = attribute.Key("geo.continent.code") + + // GeoCountryISOCodeKey is the attribute Key conforming to the + // "geo.country.iso_code" semantic conventions. It represents the two-letter ISO + // Country Code ([ISO 3166-1 alpha2]). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "CA" + // + // [ISO 3166-1 alpha2]: https://wikipedia.org/wiki/ISO_3166-1#Codes + GeoCountryISOCodeKey = attribute.Key("geo.country.iso_code") + + // GeoLocalityNameKey is the attribute Key conforming to the "geo.locality.name" + // semantic conventions. It represents the locality name. Represents the name of + // a city, town, village, or similar populated place. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Montreal", "Berlin" + GeoLocalityNameKey = attribute.Key("geo.locality.name") + + // GeoLocationLatKey is the attribute Key conforming to the "geo.location.lat" + // semantic conventions. It represents the latitude of the geo location in + // [WGS84]. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 45.505918 + // + // [WGS84]: https://wikipedia.org/wiki/World_Geodetic_System#WGS84 + GeoLocationLatKey = attribute.Key("geo.location.lat") + + // GeoLocationLonKey is the attribute Key conforming to the "geo.location.lon" + // semantic conventions. It represents the longitude of the geo location in + // [WGS84]. + // + // Type: double + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: -73.61483 + // + // [WGS84]: https://wikipedia.org/wiki/World_Geodetic_System#WGS84 + GeoLocationLonKey = attribute.Key("geo.location.lon") + + // GeoPostalCodeKey is the attribute Key conforming to the "geo.postal_code" + // semantic conventions. It represents the postal code associated with the + // location. Values appropriate for this field may also be known as a postcode + // or ZIP code and will vary widely from country to country. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "94040" + GeoPostalCodeKey = attribute.Key("geo.postal_code") + + // GeoRegionISOCodeKey is the attribute Key conforming to the + // "geo.region.iso_code" semantic conventions. It represents the region ISO code + // ([ISO 3166-2]). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "CA-QC" + // + // [ISO 3166-2]: https://wikipedia.org/wiki/ISO_3166-2 + GeoRegionISOCodeKey = attribute.Key("geo.region.iso_code") +) + +// GeoCountryISOCode returns an attribute KeyValue conforming to the +// "geo.country.iso_code" semantic conventions. It represents the two-letter ISO +// Country Code ([ISO 3166-1 alpha2]). +// +// [ISO 3166-1 alpha2]: https://wikipedia.org/wiki/ISO_3166-1#Codes +func GeoCountryISOCode(val string) attribute.KeyValue { + return GeoCountryISOCodeKey.String(val) +} + +// GeoLocalityName returns an attribute KeyValue conforming to the +// "geo.locality.name" semantic conventions. It represents the locality name. +// Represents the name of a city, town, village, or similar populated place. +func GeoLocalityName(val string) attribute.KeyValue { + return GeoLocalityNameKey.String(val) +} + +// GeoLocationLat returns an attribute KeyValue conforming to the +// "geo.location.lat" semantic conventions. It represents the latitude of the geo +// location in [WGS84]. +// +// [WGS84]: https://wikipedia.org/wiki/World_Geodetic_System#WGS84 +func GeoLocationLat(val float64) attribute.KeyValue { + return GeoLocationLatKey.Float64(val) +} + +// GeoLocationLon returns an attribute KeyValue conforming to the +// "geo.location.lon" semantic conventions. It represents the longitude of the +// geo location in [WGS84]. +// +// [WGS84]: https://wikipedia.org/wiki/World_Geodetic_System#WGS84 +func GeoLocationLon(val float64) attribute.KeyValue { + return GeoLocationLonKey.Float64(val) +} + +// GeoPostalCode returns an attribute KeyValue conforming to the +// "geo.postal_code" semantic conventions. It represents the postal code +// associated with the location. Values appropriate for this field may also be +// known as a postcode or ZIP code and will vary widely from country to country. +func GeoPostalCode(val string) attribute.KeyValue { + return GeoPostalCodeKey.String(val) +} + +// GeoRegionISOCode returns an attribute KeyValue conforming to the +// "geo.region.iso_code" semantic conventions. It represents the region ISO code +// ([ISO 3166-2]). +// +// [ISO 3166-2]: https://wikipedia.org/wiki/ISO_3166-2 +func GeoRegionISOCode(val string) attribute.KeyValue { + return GeoRegionISOCodeKey.String(val) +} + +// Enum values for geo.continent.code +var ( + // Africa + // Stability: development + GeoContinentCodeAf = GeoContinentCodeKey.String("AF") + // Antarctica + // Stability: development + GeoContinentCodeAn = GeoContinentCodeKey.String("AN") + // Asia + // Stability: development + GeoContinentCodeAs = GeoContinentCodeKey.String("AS") + // Europe + // Stability: development + GeoContinentCodeEu = GeoContinentCodeKey.String("EU") + // North America + // Stability: development + GeoContinentCodeNa = GeoContinentCodeKey.String("NA") + // Oceania + // Stability: development + GeoContinentCodeOc = GeoContinentCodeKey.String("OC") + // South America + // Stability: development + GeoContinentCodeSa = GeoContinentCodeKey.String("SA") +) + +// Namespace: go +const ( + // GoMemoryTypeKey is the attribute Key conforming to the "go.memory.type" + // semantic conventions. It represents the type of memory. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "other", "stack" + GoMemoryTypeKey = attribute.Key("go.memory.type") +) + +// Enum values for go.memory.type +var ( + // Memory allocated from the heap that is reserved for stack space, whether or + // not it is currently in-use. + // Stability: development + GoMemoryTypeStack = GoMemoryTypeKey.String("stack") + // Memory used by the Go runtime, excluding other categories of memory usage + // described in this enumeration. + // Stability: development + GoMemoryTypeOther = GoMemoryTypeKey.String("other") +) + +// Namespace: graphql +const ( + // GraphQLDocumentKey is the attribute Key conforming to the "graphql.document" + // semantic conventions. It represents the GraphQL document being executed. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: query findBookById { bookById(id: ?) { name } } + // Note: The value may be sanitized to exclude sensitive information. + GraphQLDocumentKey = attribute.Key("graphql.document") + + // GraphQLOperationNameKey is the attribute Key conforming to the + // "graphql.operation.name" semantic conventions. It represents the name of the + // operation being executed. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: findBookById + GraphQLOperationNameKey = attribute.Key("graphql.operation.name") + + // GraphQLOperationTypeKey is the attribute Key conforming to the + // "graphql.operation.type" semantic conventions. It represents the type of the + // operation being executed. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "query", "mutation", "subscription" + GraphQLOperationTypeKey = attribute.Key("graphql.operation.type") +) + +// GraphQLDocument returns an attribute KeyValue conforming to the +// "graphql.document" semantic conventions. It represents the GraphQL document +// being executed. +func GraphQLDocument(val string) attribute.KeyValue { + return GraphQLDocumentKey.String(val) +} + +// GraphQLOperationName returns an attribute KeyValue conforming to the +// "graphql.operation.name" semantic conventions. It represents the name of the +// operation being executed. +func GraphQLOperationName(val string) attribute.KeyValue { + return GraphQLOperationNameKey.String(val) +} + +// Enum values for graphql.operation.type +var ( + // GraphQL query + // Stability: development + GraphQLOperationTypeQuery = GraphQLOperationTypeKey.String("query") + // GraphQL mutation + // Stability: development + GraphQLOperationTypeMutation = GraphQLOperationTypeKey.String("mutation") + // GraphQL subscription + // Stability: development + GraphQLOperationTypeSubscription = GraphQLOperationTypeKey.String("subscription") +) + +// Namespace: heroku +const ( + // HerokuAppIDKey is the attribute Key conforming to the "heroku.app.id" + // semantic conventions. It represents the unique identifier for the + // application. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2daa2797-e42b-4624-9322-ec3f968df4da" + HerokuAppIDKey = attribute.Key("heroku.app.id") + + // HerokuReleaseCommitKey is the attribute Key conforming to the + // "heroku.release.commit" semantic conventions. It represents the commit hash + // for the current release. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "e6134959463efd8966b20e75b913cafe3f5ec" + HerokuReleaseCommitKey = attribute.Key("heroku.release.commit") + + // HerokuReleaseCreationTimestampKey is the attribute Key conforming to the + // "heroku.release.creation_timestamp" semantic conventions. It represents the + // time and date the release was created. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2022-10-23T18:00:42Z" + HerokuReleaseCreationTimestampKey = attribute.Key("heroku.release.creation_timestamp") +) + +// HerokuAppID returns an attribute KeyValue conforming to the "heroku.app.id" +// semantic conventions. It represents the unique identifier for the application. +func HerokuAppID(val string) attribute.KeyValue { + return HerokuAppIDKey.String(val) +} + +// HerokuReleaseCommit returns an attribute KeyValue conforming to the +// "heroku.release.commit" semantic conventions. It represents the commit hash +// for the current release. +func HerokuReleaseCommit(val string) attribute.KeyValue { + return HerokuReleaseCommitKey.String(val) +} + +// HerokuReleaseCreationTimestamp returns an attribute KeyValue conforming to the +// "heroku.release.creation_timestamp" semantic conventions. It represents the +// time and date the release was created. +func HerokuReleaseCreationTimestamp(val string) attribute.KeyValue { + return HerokuReleaseCreationTimestampKey.String(val) +} + +// Namespace: host +const ( + // HostArchKey is the attribute Key conforming to the "host.arch" semantic + // conventions. It represents the CPU architecture the host system is running + // on. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + HostArchKey = attribute.Key("host.arch") + + // HostCPUCacheL2SizeKey is the attribute Key conforming to the + // "host.cpu.cache.l2.size" semantic conventions. It represents the amount of + // level 2 memory cache available to the processor (in Bytes). + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 12288000 + HostCPUCacheL2SizeKey = attribute.Key("host.cpu.cache.l2.size") + + // HostCPUFamilyKey is the attribute Key conforming to the "host.cpu.family" + // semantic conventions. It represents the family or generation of the CPU. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "6", "PA-RISC 1.1e" + HostCPUFamilyKey = attribute.Key("host.cpu.family") + + // HostCPUModelIDKey is the attribute Key conforming to the "host.cpu.model.id" + // semantic conventions. It represents the model identifier. It provides more + // granular information about the CPU, distinguishing it from other CPUs within + // the same family. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "6", "9000/778/B180L" + HostCPUModelIDKey = attribute.Key("host.cpu.model.id") + + // HostCPUModelNameKey is the attribute Key conforming to the + // "host.cpu.model.name" semantic conventions. It represents the model + // designation of the processor. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz" + HostCPUModelNameKey = attribute.Key("host.cpu.model.name") + + // HostCPUSteppingKey is the attribute Key conforming to the "host.cpu.stepping" + // semantic conventions. It represents the stepping or core revisions. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1", "r1p1" + HostCPUSteppingKey = attribute.Key("host.cpu.stepping") + + // HostCPUVendorIDKey is the attribute Key conforming to the + // "host.cpu.vendor.id" semantic conventions. It represents the processor + // manufacturer identifier. A maximum 12-character string. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "GenuineIntel" + // Note: [CPUID] command returns the vendor ID string in EBX, EDX and ECX + // registers. Writing these to memory in this order results in a 12-character + // string. + // + // [CPUID]: https://wiki.osdev.org/CPUID + HostCPUVendorIDKey = attribute.Key("host.cpu.vendor.id") + + // HostIDKey is the attribute Key conforming to the "host.id" semantic + // conventions. It represents the unique host ID. For Cloud, this must be the + // instance_id assigned by the cloud provider. For non-containerized systems, + // this should be the `machine-id`. See the table below for the sources to use + // to determine the `machine-id` based on operating system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "fdbf79e8af94cb7f9e8df36789187052" + HostIDKey = attribute.Key("host.id") + + // HostImageIDKey is the attribute Key conforming to the "host.image.id" + // semantic conventions. It represents the VM image ID or host OS image ID. For + // Cloud, this value is from the provider. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "ami-07b06b442921831e5" + HostImageIDKey = attribute.Key("host.image.id") + + // HostImageNameKey is the attribute Key conforming to the "host.image.name" + // semantic conventions. It represents the name of the VM image or OS install + // the host was instantiated from. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "infra-ami-eks-worker-node-7d4ec78312", "CentOS-8-x86_64-1905" + HostImageNameKey = attribute.Key("host.image.name") + + // HostImageVersionKey is the attribute Key conforming to the + // "host.image.version" semantic conventions. It represents the version string + // of the VM image or host OS as defined in [Version Attributes]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "0.1" + // + // [Version Attributes]: /docs/resource/README.md#version-attributes + HostImageVersionKey = attribute.Key("host.image.version") + + // HostIPKey is the attribute Key conforming to the "host.ip" semantic + // conventions. It represents the available IP addresses of the host, excluding + // loopback interfaces. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "192.168.1.140", "fe80::abc2:4a28:737a:609e" + // Note: IPv4 Addresses MUST be specified in dotted-quad notation. IPv6 + // addresses MUST be specified in the [RFC 5952] format. + // + // [RFC 5952]: https://www.rfc-editor.org/rfc/rfc5952.html + HostIPKey = attribute.Key("host.ip") + + // HostMacKey is the attribute Key conforming to the "host.mac" semantic + // conventions. It represents the available MAC addresses of the host, excluding + // loopback interfaces. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "AC-DE-48-23-45-67", "AC-DE-48-23-45-67-01-9F" + // Note: MAC Addresses MUST be represented in [IEEE RA hexadecimal form]: as + // hyphen-separated octets in uppercase hexadecimal form from most to least + // significant. + // + // [IEEE RA hexadecimal form]: https://standards.ieee.org/wp-content/uploads/import/documents/tutorials/eui.pdf + HostMacKey = attribute.Key("host.mac") + + // HostNameKey is the attribute Key conforming to the "host.name" semantic + // conventions. It represents the name of the host. On Unix systems, it may + // contain what the hostname command returns, or the fully qualified hostname, + // or another name specified by the user. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry-test" + HostNameKey = attribute.Key("host.name") + + // HostTypeKey is the attribute Key conforming to the "host.type" semantic + // conventions. It represents the type of host. For Cloud, this must be the + // machine type. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "n1-standard-1" + HostTypeKey = attribute.Key("host.type") +) + +// HostCPUCacheL2Size returns an attribute KeyValue conforming to the +// "host.cpu.cache.l2.size" semantic conventions. It represents the amount of +// level 2 memory cache available to the processor (in Bytes). +func HostCPUCacheL2Size(val int) attribute.KeyValue { + return HostCPUCacheL2SizeKey.Int(val) +} + +// HostCPUFamily returns an attribute KeyValue conforming to the +// "host.cpu.family" semantic conventions. It represents the family or generation +// of the CPU. +func HostCPUFamily(val string) attribute.KeyValue { + return HostCPUFamilyKey.String(val) +} + +// HostCPUModelID returns an attribute KeyValue conforming to the +// "host.cpu.model.id" semantic conventions. It represents the model identifier. +// It provides more granular information about the CPU, distinguishing it from +// other CPUs within the same family. +func HostCPUModelID(val string) attribute.KeyValue { + return HostCPUModelIDKey.String(val) +} + +// HostCPUModelName returns an attribute KeyValue conforming to the +// "host.cpu.model.name" semantic conventions. It represents the model +// designation of the processor. +func HostCPUModelName(val string) attribute.KeyValue { + return HostCPUModelNameKey.String(val) +} + +// HostCPUStepping returns an attribute KeyValue conforming to the +// "host.cpu.stepping" semantic conventions. It represents the stepping or core +// revisions. +func HostCPUStepping(val string) attribute.KeyValue { + return HostCPUSteppingKey.String(val) +} + +// HostCPUVendorID returns an attribute KeyValue conforming to the +// "host.cpu.vendor.id" semantic conventions. It represents the processor +// manufacturer identifier. A maximum 12-character string. +func HostCPUVendorID(val string) attribute.KeyValue { + return HostCPUVendorIDKey.String(val) +} + +// HostID returns an attribute KeyValue conforming to the "host.id" semantic +// conventions. It represents the unique host ID. For Cloud, this must be the +// instance_id assigned by the cloud provider. For non-containerized systems, +// this should be the `machine-id`. See the table below for the sources to use to +// determine the `machine-id` based on operating system. +func HostID(val string) attribute.KeyValue { + return HostIDKey.String(val) +} + +// HostImageID returns an attribute KeyValue conforming to the "host.image.id" +// semantic conventions. It represents the VM image ID or host OS image ID. For +// Cloud, this value is from the provider. +func HostImageID(val string) attribute.KeyValue { + return HostImageIDKey.String(val) +} + +// HostImageName returns an attribute KeyValue conforming to the +// "host.image.name" semantic conventions. It represents the name of the VM image +// or OS install the host was instantiated from. +func HostImageName(val string) attribute.KeyValue { + return HostImageNameKey.String(val) +} + +// HostImageVersion returns an attribute KeyValue conforming to the +// "host.image.version" semantic conventions. It represents the version string of +// the VM image or host OS as defined in [Version Attributes]. +// +// [Version Attributes]: /docs/resource/README.md#version-attributes +func HostImageVersion(val string) attribute.KeyValue { + return HostImageVersionKey.String(val) +} + +// HostIP returns an attribute KeyValue conforming to the "host.ip" semantic +// conventions. It represents the available IP addresses of the host, excluding +// loopback interfaces. +func HostIP(val ...string) attribute.KeyValue { + return HostIPKey.StringSlice(val) +} + +// HostMac returns an attribute KeyValue conforming to the "host.mac" semantic +// conventions. It represents the available MAC addresses of the host, excluding +// loopback interfaces. +func HostMac(val ...string) attribute.KeyValue { + return HostMacKey.StringSlice(val) +} + +// HostName returns an attribute KeyValue conforming to the "host.name" semantic +// conventions. It represents the name of the host. On Unix systems, it may +// contain what the hostname command returns, or the fully qualified hostname, or +// another name specified by the user. +func HostName(val string) attribute.KeyValue { + return HostNameKey.String(val) +} + +// HostType returns an attribute KeyValue conforming to the "host.type" semantic +// conventions. It represents the type of host. For Cloud, this must be the +// machine type. +func HostType(val string) attribute.KeyValue { + return HostTypeKey.String(val) +} + +// Enum values for host.arch +var ( + // AMD64 + // Stability: development + HostArchAMD64 = HostArchKey.String("amd64") + // ARM32 + // Stability: development + HostArchARM32 = HostArchKey.String("arm32") + // ARM64 + // Stability: development + HostArchARM64 = HostArchKey.String("arm64") + // Itanium + // Stability: development + HostArchIA64 = HostArchKey.String("ia64") + // 32-bit PowerPC + // Stability: development + HostArchPPC32 = HostArchKey.String("ppc32") + // 64-bit PowerPC + // Stability: development + HostArchPPC64 = HostArchKey.String("ppc64") + // IBM z/Architecture + // Stability: development + HostArchS390x = HostArchKey.String("s390x") + // 32-bit x86 + // Stability: development + HostArchX86 = HostArchKey.String("x86") +) + +// Namespace: http +const ( + // HTTPConnectionStateKey is the attribute Key conforming to the + // "http.connection.state" semantic conventions. It represents the state of the + // HTTP connection in the HTTP connection pool. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "active", "idle" + HTTPConnectionStateKey = attribute.Key("http.connection.state") + + // HTTPRequestBodySizeKey is the attribute Key conforming to the + // "http.request.body.size" semantic conventions. It represents the size of the + // request payload body in bytes. This is the number of bytes transferred + // excluding headers and is often, but not always, present as the + // [Content-Length] header. For requests using transport encoding, this should + // be the compressed size. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // [Content-Length]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length + HTTPRequestBodySizeKey = attribute.Key("http.request.body.size") + + // HTTPRequestMethodKey is the attribute Key conforming to the + // "http.request.method" semantic conventions. It represents the HTTP request + // method. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "GET", "POST", "HEAD" + // Note: HTTP request method value SHOULD be "known" to the instrumentation. + // By default, this convention defines "known" methods as the ones listed in + // [RFC9110] + // and the PATCH method defined in [RFC5789]. + // + // If the HTTP request method is not known to instrumentation, it MUST set the + // `http.request.method` attribute to `_OTHER`. + // + // If the HTTP instrumentation could end up converting valid HTTP request + // methods to `_OTHER`, then it MUST provide a way to override + // the list of known HTTP methods. If this override is done via environment + // variable, then the environment variable MUST be named + // OTEL_INSTRUMENTATION_HTTP_KNOWN_METHODS and support a comma-separated list of + // case-sensitive known HTTP methods + // (this list MUST be a full override of the default known method, it is not a + // list of known methods in addition to the defaults). + // + // HTTP method names are case-sensitive and `http.request.method` attribute + // value MUST match a known HTTP method name exactly. + // Instrumentations for specific web frameworks that consider HTTP methods to be + // case insensitive, SHOULD populate a canonical equivalent. + // Tracing instrumentations that do so, MUST also set + // `http.request.method_original` to the original value. + // + // [RFC9110]: https://www.rfc-editor.org/rfc/rfc9110.html#name-methods + // [RFC5789]: https://www.rfc-editor.org/rfc/rfc5789.html + HTTPRequestMethodKey = attribute.Key("http.request.method") + + // HTTPRequestMethodOriginalKey is the attribute Key conforming to the + // "http.request.method_original" semantic conventions. It represents the + // original HTTP method sent by the client in the request line. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "GeT", "ACL", "foo" + HTTPRequestMethodOriginalKey = attribute.Key("http.request.method_original") + + // HTTPRequestResendCountKey is the attribute Key conforming to the + // "http.request.resend_count" semantic conventions. It represents the ordinal + // number of request resending attempt (for any reason, including redirects). + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + // + // Note: The resend count SHOULD be updated each time an HTTP request gets + // resent by the client, regardless of what was the cause of the resending (e.g. + // redirection, authorization failure, 503 Server Unavailable, network issues, + // or any other). + HTTPRequestResendCountKey = attribute.Key("http.request.resend_count") + + // HTTPRequestSizeKey is the attribute Key conforming to the "http.request.size" + // semantic conventions. It represents the total size of the request in bytes. + // This should be the total number of bytes sent over the wire, including the + // request line (HTTP/1.1), framing (HTTP/2 and HTTP/3), headers, and request + // body if any. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + HTTPRequestSizeKey = attribute.Key("http.request.size") + + // HTTPResponseBodySizeKey is the attribute Key conforming to the + // "http.response.body.size" semantic conventions. It represents the size of the + // response payload body in bytes. This is the number of bytes transferred + // excluding headers and is often, but not always, present as the + // [Content-Length] header. For requests using transport encoding, this should + // be the compressed size. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // [Content-Length]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length + HTTPResponseBodySizeKey = attribute.Key("http.response.body.size") + + // HTTPResponseSizeKey is the attribute Key conforming to the + // "http.response.size" semantic conventions. It represents the total size of + // the response in bytes. This should be the total number of bytes sent over the + // wire, including the status line (HTTP/1.1), framing (HTTP/2 and HTTP/3), + // headers, and response body and trailers if any. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + HTTPResponseSizeKey = attribute.Key("http.response.size") + + // HTTPResponseStatusCodeKey is the attribute Key conforming to the + // "http.response.status_code" semantic conventions. It represents the + // [HTTP response status code]. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: 200 + // + // [HTTP response status code]: https://tools.ietf.org/html/rfc7231#section-6 + HTTPResponseStatusCodeKey = attribute.Key("http.response.status_code") + + // HTTPRouteKey is the attribute Key conforming to the "http.route" semantic + // conventions. It represents the matched route, that is, the path template in + // the format used by the respective server framework. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "/users/:userID?", "{controller}/{action}/{id?}" + // Note: MUST NOT be populated when this is not supported by the HTTP server + // framework as the route attribute should have low-cardinality and the URI path + // can NOT substitute it. + // SHOULD include the [application root] if there is one. + // + // [application root]: /docs/http/http-spans.md#http-server-definitions + HTTPRouteKey = attribute.Key("http.route") +) + +// HTTPRequestBodySize returns an attribute KeyValue conforming to the +// "http.request.body.size" semantic conventions. It represents the size of the +// request payload body in bytes. This is the number of bytes transferred +// excluding headers and is often, but not always, present as the +// [Content-Length] header. For requests using transport encoding, this should be +// the compressed size. +// +// [Content-Length]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length +func HTTPRequestBodySize(val int) attribute.KeyValue { + return HTTPRequestBodySizeKey.Int(val) +} + +// HTTPRequestHeader returns an attribute KeyValue conforming to the +// "http.request.header" semantic conventions. It represents the HTTP request +// headers, `` being the normalized HTTP Header name (lowercase), the value +// being the header values. +func HTTPRequestHeader(key string, val ...string) attribute.KeyValue { + return attribute.StringSlice("http.request.header."+key, val) +} + +// HTTPRequestMethodOriginal returns an attribute KeyValue conforming to the +// "http.request.method_original" semantic conventions. It represents the +// original HTTP method sent by the client in the request line. +func HTTPRequestMethodOriginal(val string) attribute.KeyValue { + return HTTPRequestMethodOriginalKey.String(val) +} + +// HTTPRequestResendCount returns an attribute KeyValue conforming to the +// "http.request.resend_count" semantic conventions. It represents the ordinal +// number of request resending attempt (for any reason, including redirects). +func HTTPRequestResendCount(val int) attribute.KeyValue { + return HTTPRequestResendCountKey.Int(val) +} + +// HTTPRequestSize returns an attribute KeyValue conforming to the +// "http.request.size" semantic conventions. It represents the total size of the +// request in bytes. This should be the total number of bytes sent over the wire, +// including the request line (HTTP/1.1), framing (HTTP/2 and HTTP/3), headers, +// and request body if any. +func HTTPRequestSize(val int) attribute.KeyValue { + return HTTPRequestSizeKey.Int(val) +} + +// HTTPResponseBodySize returns an attribute KeyValue conforming to the +// "http.response.body.size" semantic conventions. It represents the size of the +// response payload body in bytes. This is the number of bytes transferred +// excluding headers and is often, but not always, present as the +// [Content-Length] header. For requests using transport encoding, this should be +// the compressed size. +// +// [Content-Length]: https://www.rfc-editor.org/rfc/rfc9110.html#field.content-length +func HTTPResponseBodySize(val int) attribute.KeyValue { + return HTTPResponseBodySizeKey.Int(val) +} + +// HTTPResponseHeader returns an attribute KeyValue conforming to the +// "http.response.header" semantic conventions. It represents the HTTP response +// headers, `` being the normalized HTTP Header name (lowercase), the value +// being the header values. +func HTTPResponseHeader(key string, val ...string) attribute.KeyValue { + return attribute.StringSlice("http.response.header."+key, val) +} + +// HTTPResponseSize returns an attribute KeyValue conforming to the +// "http.response.size" semantic conventions. It represents the total size of the +// response in bytes. This should be the total number of bytes sent over the +// wire, including the status line (HTTP/1.1), framing (HTTP/2 and HTTP/3), +// headers, and response body and trailers if any. +func HTTPResponseSize(val int) attribute.KeyValue { + return HTTPResponseSizeKey.Int(val) +} + +// HTTPResponseStatusCode returns an attribute KeyValue conforming to the +// "http.response.status_code" semantic conventions. It represents the +// [HTTP response status code]. +// +// [HTTP response status code]: https://tools.ietf.org/html/rfc7231#section-6 +func HTTPResponseStatusCode(val int) attribute.KeyValue { + return HTTPResponseStatusCodeKey.Int(val) +} + +// HTTPRoute returns an attribute KeyValue conforming to the "http.route" +// semantic conventions. It represents the matched route, that is, the path +// template in the format used by the respective server framework. +func HTTPRoute(val string) attribute.KeyValue { + return HTTPRouteKey.String(val) +} + +// Enum values for http.connection.state +var ( + // active state. + // Stability: development + HTTPConnectionStateActive = HTTPConnectionStateKey.String("active") + // idle state. + // Stability: development + HTTPConnectionStateIdle = HTTPConnectionStateKey.String("idle") +) + +// Enum values for http.request.method +var ( + // CONNECT method. + // Stability: stable + HTTPRequestMethodConnect = HTTPRequestMethodKey.String("CONNECT") + // DELETE method. + // Stability: stable + HTTPRequestMethodDelete = HTTPRequestMethodKey.String("DELETE") + // GET method. + // Stability: stable + HTTPRequestMethodGet = HTTPRequestMethodKey.String("GET") + // HEAD method. + // Stability: stable + HTTPRequestMethodHead = HTTPRequestMethodKey.String("HEAD") + // OPTIONS method. + // Stability: stable + HTTPRequestMethodOptions = HTTPRequestMethodKey.String("OPTIONS") + // PATCH method. + // Stability: stable + HTTPRequestMethodPatch = HTTPRequestMethodKey.String("PATCH") + // POST method. + // Stability: stable + HTTPRequestMethodPost = HTTPRequestMethodKey.String("POST") + // PUT method. + // Stability: stable + HTTPRequestMethodPut = HTTPRequestMethodKey.String("PUT") + // TRACE method. + // Stability: stable + HTTPRequestMethodTrace = HTTPRequestMethodKey.String("TRACE") + // Any HTTP method that the instrumentation has no prior knowledge of. + // Stability: stable + HTTPRequestMethodOther = HTTPRequestMethodKey.String("_OTHER") +) + +// Namespace: hw +const ( + // HwBatteryCapacityKey is the attribute Key conforming to the + // "hw.battery.capacity" semantic conventions. It represents the design capacity + // in Watts-hours or Amper-hours. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "9.3Ah", "50Wh" + HwBatteryCapacityKey = attribute.Key("hw.battery.capacity") + + // HwBatteryChemistryKey is the attribute Key conforming to the + // "hw.battery.chemistry" semantic conventions. It represents the battery + // [chemistry], e.g. Lithium-Ion, Nickel-Cadmium, etc. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Li-ion", "NiMH" + // + // [chemistry]: https://schemas.dmtf.org/wbem/cim-html/2.31.0/CIM_Battery.html + HwBatteryChemistryKey = attribute.Key("hw.battery.chemistry") + + // HwBatteryStateKey is the attribute Key conforming to the "hw.battery.state" + // semantic conventions. It represents the current state of the battery. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + HwBatteryStateKey = attribute.Key("hw.battery.state") + + // HwBiosVersionKey is the attribute Key conforming to the "hw.bios_version" + // semantic conventions. It represents the BIOS version of the hardware + // component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1.2.3" + HwBiosVersionKey = attribute.Key("hw.bios_version") + + // HwDriverVersionKey is the attribute Key conforming to the "hw.driver_version" + // semantic conventions. It represents the driver version for the hardware + // component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "10.2.1-3" + HwDriverVersionKey = attribute.Key("hw.driver_version") + + // HwEnclosureTypeKey is the attribute Key conforming to the "hw.enclosure.type" + // semantic conventions. It represents the type of the enclosure (useful for + // modular systems). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Computer", "Storage", "Switch" + HwEnclosureTypeKey = attribute.Key("hw.enclosure.type") + + // HwFirmwareVersionKey is the attribute Key conforming to the + // "hw.firmware_version" semantic conventions. It represents the firmware + // version of the hardware component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2.0.1" + HwFirmwareVersionKey = attribute.Key("hw.firmware_version") + + // HwGpuTaskKey is the attribute Key conforming to the "hw.gpu.task" semantic + // conventions. It represents the type of task the GPU is performing. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + HwGpuTaskKey = attribute.Key("hw.gpu.task") + + // HwIDKey is the attribute Key conforming to the "hw.id" semantic conventions. + // It represents an identifier for the hardware component, unique within the + // monitored host. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "win32battery_battery_testsysa33_1" + HwIDKey = attribute.Key("hw.id") + + // HwLimitTypeKey is the attribute Key conforming to the "hw.limit_type" + // semantic conventions. It represents the type of limit for hardware + // components. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + HwLimitTypeKey = attribute.Key("hw.limit_type") + + // HwLogicalDiskRaidLevelKey is the attribute Key conforming to the + // "hw.logical_disk.raid_level" semantic conventions. It represents the RAID + // Level of the logical disk. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "RAID0+1", "RAID5", "RAID10" + HwLogicalDiskRaidLevelKey = attribute.Key("hw.logical_disk.raid_level") + + // HwLogicalDiskStateKey is the attribute Key conforming to the + // "hw.logical_disk.state" semantic conventions. It represents the state of the + // logical disk space usage. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + HwLogicalDiskStateKey = attribute.Key("hw.logical_disk.state") + + // HwMemoryTypeKey is the attribute Key conforming to the "hw.memory.type" + // semantic conventions. It represents the type of the memory module. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "DDR4", "DDR5", "LPDDR5" + HwMemoryTypeKey = attribute.Key("hw.memory.type") + + // HwModelKey is the attribute Key conforming to the "hw.model" semantic + // conventions. It represents the descriptive model name of the hardware + // component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "PERC H740P", "Intel(R) Core(TM) i7-10700K", "Dell XPS 15 Battery" + HwModelKey = attribute.Key("hw.model") + + // HwNameKey is the attribute Key conforming to the "hw.name" semantic + // conventions. It represents an easily-recognizable name for the hardware + // component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "eth0" + HwNameKey = attribute.Key("hw.name") + + // HwNetworkLogicalAddressesKey is the attribute Key conforming to the + // "hw.network.logical_addresses" semantic conventions. It represents the + // logical addresses of the adapter (e.g. IP address, or WWPN). + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "172.16.8.21", "57.11.193.42" + HwNetworkLogicalAddressesKey = attribute.Key("hw.network.logical_addresses") + + // HwNetworkPhysicalAddressKey is the attribute Key conforming to the + // "hw.network.physical_address" semantic conventions. It represents the + // physical address of the adapter (e.g. MAC address, or WWNN). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "00-90-F5-E9-7B-36" + HwNetworkPhysicalAddressKey = attribute.Key("hw.network.physical_address") + + // HwParentKey is the attribute Key conforming to the "hw.parent" semantic + // conventions. It represents the unique identifier of the parent component + // (typically the `hw.id` attribute of the enclosure, or disk controller). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "dellStorage_perc_0" + HwParentKey = attribute.Key("hw.parent") + + // HwPhysicalDiskSmartAttributeKey is the attribute Key conforming to the + // "hw.physical_disk.smart_attribute" semantic conventions. It represents the + // [S.M.A.R.T.] (Self-Monitoring, Analysis, and Reporting Technology) attribute + // of the physical disk. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Spin Retry Count", "Seek Error Rate", "Raw Read Error Rate" + // + // [S.M.A.R.T.]: https://wikipedia.org/wiki/S.M.A.R.T. + HwPhysicalDiskSmartAttributeKey = attribute.Key("hw.physical_disk.smart_attribute") + + // HwPhysicalDiskStateKey is the attribute Key conforming to the + // "hw.physical_disk.state" semantic conventions. It represents the state of the + // physical disk endurance utilization. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + HwPhysicalDiskStateKey = attribute.Key("hw.physical_disk.state") + + // HwPhysicalDiskTypeKey is the attribute Key conforming to the + // "hw.physical_disk.type" semantic conventions. It represents the type of the + // physical disk. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "HDD", "SSD", "10K" + HwPhysicalDiskTypeKey = attribute.Key("hw.physical_disk.type") + + // HwSensorLocationKey is the attribute Key conforming to the + // "hw.sensor_location" semantic conventions. It represents the location of the + // sensor. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "cpu0", "ps1", "INLET", "CPU0_DIE", "AMBIENT", "MOTHERBOARD", "PS0 + // V3_3", "MAIN_12V", "CPU_VCORE" + HwSensorLocationKey = attribute.Key("hw.sensor_location") + + // HwSerialNumberKey is the attribute Key conforming to the "hw.serial_number" + // semantic conventions. It represents the serial number of the hardware + // component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "CNFCP0123456789" + HwSerialNumberKey = attribute.Key("hw.serial_number") + + // HwStateKey is the attribute Key conforming to the "hw.state" semantic + // conventions. It represents the current state of the component. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + HwStateKey = attribute.Key("hw.state") + + // HwTapeDriveOperationTypeKey is the attribute Key conforming to the + // "hw.tape_drive.operation_type" semantic conventions. It represents the type + // of tape drive operation. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + HwTapeDriveOperationTypeKey = attribute.Key("hw.tape_drive.operation_type") + + // HwTypeKey is the attribute Key conforming to the "hw.type" semantic + // conventions. It represents the type of the component. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: Describes the category of the hardware component for which `hw.state` + // is being reported. For example, `hw.type=temperature` along with + // `hw.state=degraded` would indicate that the temperature of the hardware + // component has been reported as `degraded`. + HwTypeKey = attribute.Key("hw.type") + + // HwVendorKey is the attribute Key conforming to the "hw.vendor" semantic + // conventions. It represents the vendor name of the hardware component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Dell", "HP", "Intel", "AMD", "LSI", "Lenovo" + HwVendorKey = attribute.Key("hw.vendor") +) + +// HwBatteryCapacity returns an attribute KeyValue conforming to the +// "hw.battery.capacity" semantic conventions. It represents the design capacity +// in Watts-hours or Amper-hours. +func HwBatteryCapacity(val string) attribute.KeyValue { + return HwBatteryCapacityKey.String(val) +} + +// HwBatteryChemistry returns an attribute KeyValue conforming to the +// "hw.battery.chemistry" semantic conventions. It represents the battery +// [chemistry], e.g. Lithium-Ion, Nickel-Cadmium, etc. +// +// [chemistry]: https://schemas.dmtf.org/wbem/cim-html/2.31.0/CIM_Battery.html +func HwBatteryChemistry(val string) attribute.KeyValue { + return HwBatteryChemistryKey.String(val) +} + +// HwBiosVersion returns an attribute KeyValue conforming to the +// "hw.bios_version" semantic conventions. It represents the BIOS version of the +// hardware component. +func HwBiosVersion(val string) attribute.KeyValue { + return HwBiosVersionKey.String(val) +} + +// HwDriverVersion returns an attribute KeyValue conforming to the +// "hw.driver_version" semantic conventions. It represents the driver version for +// the hardware component. +func HwDriverVersion(val string) attribute.KeyValue { + return HwDriverVersionKey.String(val) +} + +// HwEnclosureType returns an attribute KeyValue conforming to the +// "hw.enclosure.type" semantic conventions. It represents the type of the +// enclosure (useful for modular systems). +func HwEnclosureType(val string) attribute.KeyValue { + return HwEnclosureTypeKey.String(val) +} + +// HwFirmwareVersion returns an attribute KeyValue conforming to the +// "hw.firmware_version" semantic conventions. It represents the firmware version +// of the hardware component. +func HwFirmwareVersion(val string) attribute.KeyValue { + return HwFirmwareVersionKey.String(val) +} + +// HwID returns an attribute KeyValue conforming to the "hw.id" semantic +// conventions. It represents an identifier for the hardware component, unique +// within the monitored host. +func HwID(val string) attribute.KeyValue { + return HwIDKey.String(val) +} + +// HwLogicalDiskRaidLevel returns an attribute KeyValue conforming to the +// "hw.logical_disk.raid_level" semantic conventions. It represents the RAID +// Level of the logical disk. +func HwLogicalDiskRaidLevel(val string) attribute.KeyValue { + return HwLogicalDiskRaidLevelKey.String(val) +} + +// HwMemoryType returns an attribute KeyValue conforming to the "hw.memory.type" +// semantic conventions. It represents the type of the memory module. +func HwMemoryType(val string) attribute.KeyValue { + return HwMemoryTypeKey.String(val) +} + +// HwModel returns an attribute KeyValue conforming to the "hw.model" semantic +// conventions. It represents the descriptive model name of the hardware +// component. +func HwModel(val string) attribute.KeyValue { + return HwModelKey.String(val) +} + +// HwName returns an attribute KeyValue conforming to the "hw.name" semantic +// conventions. It represents an easily-recognizable name for the hardware +// component. +func HwName(val string) attribute.KeyValue { + return HwNameKey.String(val) +} + +// HwNetworkLogicalAddresses returns an attribute KeyValue conforming to the +// "hw.network.logical_addresses" semantic conventions. It represents the logical +// addresses of the adapter (e.g. IP address, or WWPN). +func HwNetworkLogicalAddresses(val ...string) attribute.KeyValue { + return HwNetworkLogicalAddressesKey.StringSlice(val) +} + +// HwNetworkPhysicalAddress returns an attribute KeyValue conforming to the +// "hw.network.physical_address" semantic conventions. It represents the physical +// address of the adapter (e.g. MAC address, or WWNN). +func HwNetworkPhysicalAddress(val string) attribute.KeyValue { + return HwNetworkPhysicalAddressKey.String(val) +} + +// HwParent returns an attribute KeyValue conforming to the "hw.parent" semantic +// conventions. It represents the unique identifier of the parent component +// (typically the `hw.id` attribute of the enclosure, or disk controller). +func HwParent(val string) attribute.KeyValue { + return HwParentKey.String(val) +} + +// HwPhysicalDiskSmartAttribute returns an attribute KeyValue conforming to the +// "hw.physical_disk.smart_attribute" semantic conventions. It represents the +// [S.M.A.R.T.] (Self-Monitoring, Analysis, and Reporting Technology) attribute +// of the physical disk. +// +// [S.M.A.R.T.]: https://wikipedia.org/wiki/S.M.A.R.T. +func HwPhysicalDiskSmartAttribute(val string) attribute.KeyValue { + return HwPhysicalDiskSmartAttributeKey.String(val) +} + +// HwPhysicalDiskType returns an attribute KeyValue conforming to the +// "hw.physical_disk.type" semantic conventions. It represents the type of the +// physical disk. +func HwPhysicalDiskType(val string) attribute.KeyValue { + return HwPhysicalDiskTypeKey.String(val) +} + +// HwSensorLocation returns an attribute KeyValue conforming to the +// "hw.sensor_location" semantic conventions. It represents the location of the +// sensor. +func HwSensorLocation(val string) attribute.KeyValue { + return HwSensorLocationKey.String(val) +} + +// HwSerialNumber returns an attribute KeyValue conforming to the +// "hw.serial_number" semantic conventions. It represents the serial number of +// the hardware component. +func HwSerialNumber(val string) attribute.KeyValue { + return HwSerialNumberKey.String(val) +} + +// HwVendor returns an attribute KeyValue conforming to the "hw.vendor" semantic +// conventions. It represents the vendor name of the hardware component. +func HwVendor(val string) attribute.KeyValue { + return HwVendorKey.String(val) +} + +// Enum values for hw.battery.state +var ( + // Charging + // Stability: development + HwBatteryStateCharging = HwBatteryStateKey.String("charging") + // Discharging + // Stability: development + HwBatteryStateDischarging = HwBatteryStateKey.String("discharging") +) + +// Enum values for hw.gpu.task +var ( + // Decoder + // Stability: development + HwGpuTaskDecoder = HwGpuTaskKey.String("decoder") + // Encoder + // Stability: development + HwGpuTaskEncoder = HwGpuTaskKey.String("encoder") + // General + // Stability: development + HwGpuTaskGeneral = HwGpuTaskKey.String("general") +) + +// Enum values for hw.limit_type +var ( + // Critical + // Stability: development + HwLimitTypeCritical = HwLimitTypeKey.String("critical") + // Degraded + // Stability: development + HwLimitTypeDegraded = HwLimitTypeKey.String("degraded") + // High Critical + // Stability: development + HwLimitTypeHighCritical = HwLimitTypeKey.String("high.critical") + // High Degraded + // Stability: development + HwLimitTypeHighDegraded = HwLimitTypeKey.String("high.degraded") + // Low Critical + // Stability: development + HwLimitTypeLowCritical = HwLimitTypeKey.String("low.critical") + // Low Degraded + // Stability: development + HwLimitTypeLowDegraded = HwLimitTypeKey.String("low.degraded") + // Maximum + // Stability: development + HwLimitTypeMax = HwLimitTypeKey.String("max") + // Throttled + // Stability: development + HwLimitTypeThrottled = HwLimitTypeKey.String("throttled") + // Turbo + // Stability: development + HwLimitTypeTurbo = HwLimitTypeKey.String("turbo") +) + +// Enum values for hw.logical_disk.state +var ( + // Used + // Stability: development + HwLogicalDiskStateUsed = HwLogicalDiskStateKey.String("used") + // Free + // Stability: development + HwLogicalDiskStateFree = HwLogicalDiskStateKey.String("free") +) + +// Enum values for hw.physical_disk.state +var ( + // Remaining + // Stability: development + HwPhysicalDiskStateRemaining = HwPhysicalDiskStateKey.String("remaining") +) + +// Enum values for hw.state +var ( + // Degraded + // Stability: development + HwStateDegraded = HwStateKey.String("degraded") + // Failed + // Stability: development + HwStateFailed = HwStateKey.String("failed") + // Needs Cleaning + // Stability: development + HwStateNeedsCleaning = HwStateKey.String("needs_cleaning") + // OK + // Stability: development + HwStateOk = HwStateKey.String("ok") + // Predicted Failure + // Stability: development + HwStatePredictedFailure = HwStateKey.String("predicted_failure") +) + +// Enum values for hw.tape_drive.operation_type +var ( + // Mount + // Stability: development + HwTapeDriveOperationTypeMount = HwTapeDriveOperationTypeKey.String("mount") + // Unmount + // Stability: development + HwTapeDriveOperationTypeUnmount = HwTapeDriveOperationTypeKey.String("unmount") + // Clean + // Stability: development + HwTapeDriveOperationTypeClean = HwTapeDriveOperationTypeKey.String("clean") +) + +// Enum values for hw.type +var ( + // Battery + // Stability: development + HwTypeBattery = HwTypeKey.String("battery") + // CPU + // Stability: development + HwTypeCPU = HwTypeKey.String("cpu") + // Disk controller + // Stability: development + HwTypeDiskController = HwTypeKey.String("disk_controller") + // Enclosure + // Stability: development + HwTypeEnclosure = HwTypeKey.String("enclosure") + // Fan + // Stability: development + HwTypeFan = HwTypeKey.String("fan") + // GPU + // Stability: development + HwTypeGpu = HwTypeKey.String("gpu") + // Logical disk + // Stability: development + HwTypeLogicalDisk = HwTypeKey.String("logical_disk") + // Memory + // Stability: development + HwTypeMemory = HwTypeKey.String("memory") + // Network + // Stability: development + HwTypeNetwork = HwTypeKey.String("network") + // Physical disk + // Stability: development + HwTypePhysicalDisk = HwTypeKey.String("physical_disk") + // Power supply + // Stability: development + HwTypePowerSupply = HwTypeKey.String("power_supply") + // Tape drive + // Stability: development + HwTypeTapeDrive = HwTypeKey.String("tape_drive") + // Temperature + // Stability: development + HwTypeTemperature = HwTypeKey.String("temperature") + // Voltage + // Stability: development + HwTypeVoltage = HwTypeKey.String("voltage") +) + +// Namespace: ios +const ( + // IOSAppStateKey is the attribute Key conforming to the "ios.app.state" + // semantic conventions. It represents the this attribute represents the state + // of the application. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: The iOS lifecycle states are defined in the + // [UIApplicationDelegate documentation], and from which the `OS terminology` + // column values are derived. + // + // [UIApplicationDelegate documentation]: https://developer.apple.com/documentation/uikit/uiapplicationdelegate + IOSAppStateKey = attribute.Key("ios.app.state") +) + +// Enum values for ios.app.state +var ( + // The app has become `active`. Associated with UIKit notification + // `applicationDidBecomeActive`. + // + // Stability: development + IOSAppStateActive = IOSAppStateKey.String("active") + // The app is now `inactive`. Associated with UIKit notification + // `applicationWillResignActive`. + // + // Stability: development + IOSAppStateInactive = IOSAppStateKey.String("inactive") + // The app is now in the background. This value is associated with UIKit + // notification `applicationDidEnterBackground`. + // + // Stability: development + IOSAppStateBackground = IOSAppStateKey.String("background") + // The app is now in the foreground. This value is associated with UIKit + // notification `applicationWillEnterForeground`. + // + // Stability: development + IOSAppStateForeground = IOSAppStateKey.String("foreground") + // The app is about to terminate. Associated with UIKit notification + // `applicationWillTerminate`. + // + // Stability: development + IOSAppStateTerminate = IOSAppStateKey.String("terminate") +) + +// Namespace: k8s +const ( + // K8SClusterNameKey is the attribute Key conforming to the "k8s.cluster.name" + // semantic conventions. It represents the name of the cluster. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry-cluster" + K8SClusterNameKey = attribute.Key("k8s.cluster.name") + + // K8SClusterUIDKey is the attribute Key conforming to the "k8s.cluster.uid" + // semantic conventions. It represents a pseudo-ID for the cluster, set to the + // UID of the `kube-system` namespace. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "218fc5a9-a5f1-4b54-aa05-46717d0ab26d" + // Note: K8s doesn't have support for obtaining a cluster ID. If this is ever + // added, we will recommend collecting the `k8s.cluster.uid` through the + // official APIs. In the meantime, we are able to use the `uid` of the + // `kube-system` namespace as a proxy for cluster ID. Read on for the + // rationale. + // + // Every object created in a K8s cluster is assigned a distinct UID. The + // `kube-system` namespace is used by Kubernetes itself and will exist + // for the lifetime of the cluster. Using the `uid` of the `kube-system` + // namespace is a reasonable proxy for the K8s ClusterID as it will only + // change if the cluster is rebuilt. Furthermore, Kubernetes UIDs are + // UUIDs as standardized by + // [ISO/IEC 9834-8 and ITU-T X.667]. + // Which states: + // + // > If generated according to one of the mechanisms defined in Rec. + // > ITU-T X.667 | ISO/IEC 9834-8, a UUID is either guaranteed to be + // > different from all other UUIDs generated before 3603 A.D., or is + // > extremely likely to be different (depending on the mechanism chosen). + // + // Therefore, UIDs between clusters should be extremely unlikely to + // conflict. + // + // [ISO/IEC 9834-8 and ITU-T X.667]: https://www.itu.int/ITU-T/studygroups/com17/oid.html + K8SClusterUIDKey = attribute.Key("k8s.cluster.uid") + + // K8SContainerNameKey is the attribute Key conforming to the + // "k8s.container.name" semantic conventions. It represents the name of the + // Container from Pod specification, must be unique within a Pod. Container + // runtime usually uses different globally unique name (`container.name`). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "redis" + K8SContainerNameKey = attribute.Key("k8s.container.name") + + // K8SContainerRestartCountKey is the attribute Key conforming to the + // "k8s.container.restart_count" semantic conventions. It represents the number + // of times the container was restarted. This attribute can be used to identify + // a particular container (running or stopped) within a container spec. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + K8SContainerRestartCountKey = attribute.Key("k8s.container.restart_count") + + // K8SContainerStatusLastTerminatedReasonKey is the attribute Key conforming to + // the "k8s.container.status.last_terminated_reason" semantic conventions. It + // represents the last terminated reason of the Container. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Evicted", "Error" + K8SContainerStatusLastTerminatedReasonKey = attribute.Key("k8s.container.status.last_terminated_reason") + + // K8SContainerStatusReasonKey is the attribute Key conforming to the + // "k8s.container.status.reason" semantic conventions. It represents the reason + // for the container state. Corresponds to the `reason` field of the: + // [K8s ContainerStateWaiting] or [K8s ContainerStateTerminated]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "ContainerCreating", "CrashLoopBackOff", + // "CreateContainerConfigError", "ErrImagePull", "ImagePullBackOff", + // "OOMKilled", "Completed", "Error", "ContainerCannotRun" + // + // [K8s ContainerStateWaiting]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#containerstatewaiting-v1-core + // [K8s ContainerStateTerminated]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#containerstateterminated-v1-core + K8SContainerStatusReasonKey = attribute.Key("k8s.container.status.reason") + + // K8SContainerStatusStateKey is the attribute Key conforming to the + // "k8s.container.status.state" semantic conventions. It represents the state of + // the container. [K8s ContainerState]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "terminated", "running", "waiting" + // + // [K8s ContainerState]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#containerstate-v1-core + K8SContainerStatusStateKey = attribute.Key("k8s.container.status.state") + + // K8SCronJobNameKey is the attribute Key conforming to the "k8s.cronjob.name" + // semantic conventions. It represents the name of the CronJob. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SCronJobNameKey = attribute.Key("k8s.cronjob.name") + + // K8SCronJobUIDKey is the attribute Key conforming to the "k8s.cronjob.uid" + // semantic conventions. It represents the UID of the CronJob. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SCronJobUIDKey = attribute.Key("k8s.cronjob.uid") + + // K8SDaemonSetNameKey is the attribute Key conforming to the + // "k8s.daemonset.name" semantic conventions. It represents the name of the + // DaemonSet. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SDaemonSetNameKey = attribute.Key("k8s.daemonset.name") + + // K8SDaemonSetUIDKey is the attribute Key conforming to the "k8s.daemonset.uid" + // semantic conventions. It represents the UID of the DaemonSet. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SDaemonSetUIDKey = attribute.Key("k8s.daemonset.uid") + + // K8SDeploymentNameKey is the attribute Key conforming to the + // "k8s.deployment.name" semantic conventions. It represents the name of the + // Deployment. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SDeploymentNameKey = attribute.Key("k8s.deployment.name") + + // K8SDeploymentUIDKey is the attribute Key conforming to the + // "k8s.deployment.uid" semantic conventions. It represents the UID of the + // Deployment. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SDeploymentUIDKey = attribute.Key("k8s.deployment.uid") + + // K8SHPAMetricTypeKey is the attribute Key conforming to the + // "k8s.hpa.metric.type" semantic conventions. It represents the type of metric + // source for the horizontal pod autoscaler. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Resource", "ContainerResource" + // Note: This attribute reflects the `type` field of spec.metrics[] in the HPA. + K8SHPAMetricTypeKey = attribute.Key("k8s.hpa.metric.type") + + // K8SHPANameKey is the attribute Key conforming to the "k8s.hpa.name" semantic + // conventions. It represents the name of the horizontal pod autoscaler. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SHPANameKey = attribute.Key("k8s.hpa.name") + + // K8SHPAScaletargetrefAPIVersionKey is the attribute Key conforming to the + // "k8s.hpa.scaletargetref.api_version" semantic conventions. It represents the + // API version of the target resource to scale for the HorizontalPodAutoscaler. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "apps/v1", "autoscaling/v2" + // Note: This maps to the `apiVersion` field in the `scaleTargetRef` of the HPA + // spec. + K8SHPAScaletargetrefAPIVersionKey = attribute.Key("k8s.hpa.scaletargetref.api_version") + + // K8SHPAScaletargetrefKindKey is the attribute Key conforming to the + // "k8s.hpa.scaletargetref.kind" semantic conventions. It represents the kind of + // the target resource to scale for the HorizontalPodAutoscaler. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Deployment", "StatefulSet" + // Note: This maps to the `kind` field in the `scaleTargetRef` of the HPA spec. + K8SHPAScaletargetrefKindKey = attribute.Key("k8s.hpa.scaletargetref.kind") + + // K8SHPAScaletargetrefNameKey is the attribute Key conforming to the + // "k8s.hpa.scaletargetref.name" semantic conventions. It represents the name of + // the target resource to scale for the HorizontalPodAutoscaler. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-deployment", "my-statefulset" + // Note: This maps to the `name` field in the `scaleTargetRef` of the HPA spec. + K8SHPAScaletargetrefNameKey = attribute.Key("k8s.hpa.scaletargetref.name") + + // K8SHPAUIDKey is the attribute Key conforming to the "k8s.hpa.uid" semantic + // conventions. It represents the UID of the horizontal pod autoscaler. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SHPAUIDKey = attribute.Key("k8s.hpa.uid") + + // K8SHugepageSizeKey is the attribute Key conforming to the "k8s.hugepage.size" + // semantic conventions. It represents the size (identifier) of the K8s huge + // page. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2Mi" + K8SHugepageSizeKey = attribute.Key("k8s.hugepage.size") + + // K8SJobNameKey is the attribute Key conforming to the "k8s.job.name" semantic + // conventions. It represents the name of the Job. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SJobNameKey = attribute.Key("k8s.job.name") + + // K8SJobUIDKey is the attribute Key conforming to the "k8s.job.uid" semantic + // conventions. It represents the UID of the Job. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SJobUIDKey = attribute.Key("k8s.job.uid") + + // K8SNamespaceNameKey is the attribute Key conforming to the + // "k8s.namespace.name" semantic conventions. It represents the name of the + // namespace that the pod is running in. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "default" + K8SNamespaceNameKey = attribute.Key("k8s.namespace.name") + + // K8SNamespacePhaseKey is the attribute Key conforming to the + // "k8s.namespace.phase" semantic conventions. It represents the phase of the + // K8s namespace. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "active", "terminating" + // Note: This attribute aligns with the `phase` field of the + // [K8s NamespaceStatus] + // + // [K8s NamespaceStatus]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#namespacestatus-v1-core + K8SNamespacePhaseKey = attribute.Key("k8s.namespace.phase") + + // K8SNodeConditionStatusKey is the attribute Key conforming to the + // "k8s.node.condition.status" semantic conventions. It represents the status of + // the condition, one of True, False, Unknown. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "true", "false", "unknown" + // Note: This attribute aligns with the `status` field of the + // [NodeCondition] + // + // [NodeCondition]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#nodecondition-v1-core + K8SNodeConditionStatusKey = attribute.Key("k8s.node.condition.status") + + // K8SNodeConditionTypeKey is the attribute Key conforming to the + // "k8s.node.condition.type" semantic conventions. It represents the condition + // type of a K8s Node. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Ready", "DiskPressure" + // Note: K8s Node conditions as described + // by [K8s documentation]. + // + // This attribute aligns with the `type` field of the + // [NodeCondition] + // + // The set of possible values is not limited to those listed here. Managed + // Kubernetes environments, + // or custom controllers MAY introduce additional node condition types. + // When this occurs, the exact value as reported by the Kubernetes API SHOULD be + // used. + // + // [K8s documentation]: https://v1-32.docs.kubernetes.io/docs/reference/node/node-status/#condition + // [NodeCondition]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#nodecondition-v1-core + K8SNodeConditionTypeKey = attribute.Key("k8s.node.condition.type") + + // K8SNodeNameKey is the attribute Key conforming to the "k8s.node.name" + // semantic conventions. It represents the name of the Node. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "node-1" + K8SNodeNameKey = attribute.Key("k8s.node.name") + + // K8SNodeUIDKey is the attribute Key conforming to the "k8s.node.uid" semantic + // conventions. It represents the UID of the Node. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1eb3a0c6-0477-4080-a9cb-0cb7db65c6a2" + K8SNodeUIDKey = attribute.Key("k8s.node.uid") + + // K8SPodNameKey is the attribute Key conforming to the "k8s.pod.name" semantic + // conventions. It represents the name of the Pod. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry-pod-autoconf" + K8SPodNameKey = attribute.Key("k8s.pod.name") + + // K8SPodUIDKey is the attribute Key conforming to the "k8s.pod.uid" semantic + // conventions. It represents the UID of the Pod. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SPodUIDKey = attribute.Key("k8s.pod.uid") + + // K8SReplicaSetNameKey is the attribute Key conforming to the + // "k8s.replicaset.name" semantic conventions. It represents the name of the + // ReplicaSet. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SReplicaSetNameKey = attribute.Key("k8s.replicaset.name") + + // K8SReplicaSetUIDKey is the attribute Key conforming to the + // "k8s.replicaset.uid" semantic conventions. It represents the UID of the + // ReplicaSet. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SReplicaSetUIDKey = attribute.Key("k8s.replicaset.uid") + + // K8SReplicationControllerNameKey is the attribute Key conforming to the + // "k8s.replicationcontroller.name" semantic conventions. It represents the name + // of the replication controller. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SReplicationControllerNameKey = attribute.Key("k8s.replicationcontroller.name") + + // K8SReplicationControllerUIDKey is the attribute Key conforming to the + // "k8s.replicationcontroller.uid" semantic conventions. It represents the UID + // of the replication controller. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SReplicationControllerUIDKey = attribute.Key("k8s.replicationcontroller.uid") + + // K8SResourceQuotaNameKey is the attribute Key conforming to the + // "k8s.resourcequota.name" semantic conventions. It represents the name of the + // resource quota. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SResourceQuotaNameKey = attribute.Key("k8s.resourcequota.name") + + // K8SResourceQuotaResourceNameKey is the attribute Key conforming to the + // "k8s.resourcequota.resource_name" semantic conventions. It represents the + // name of the K8s resource a resource quota defines. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "count/replicationcontrollers" + // Note: The value for this attribute can be either the full + // `count/[.]` string (e.g., count/deployments.apps, + // count/pods), or, for certain core Kubernetes resources, just the resource + // name (e.g., pods, services, configmaps). Both forms are supported by + // Kubernetes for object count quotas. See + // [Kubernetes Resource Quotas documentation] for more details. + // + // [Kubernetes Resource Quotas documentation]: https://kubernetes.io/docs/concepts/policy/resource-quotas/#object-count-quota + K8SResourceQuotaResourceNameKey = attribute.Key("k8s.resourcequota.resource_name") + + // K8SResourceQuotaUIDKey is the attribute Key conforming to the + // "k8s.resourcequota.uid" semantic conventions. It represents the UID of the + // resource quota. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SResourceQuotaUIDKey = attribute.Key("k8s.resourcequota.uid") + + // K8SStatefulSetNameKey is the attribute Key conforming to the + // "k8s.statefulset.name" semantic conventions. It represents the name of the + // StatefulSet. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "opentelemetry" + K8SStatefulSetNameKey = attribute.Key("k8s.statefulset.name") + + // K8SStatefulSetUIDKey is the attribute Key conforming to the + // "k8s.statefulset.uid" semantic conventions. It represents the UID of the + // StatefulSet. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "275ecb36-5aa8-4c2a-9c47-d8bb681b9aff" + K8SStatefulSetUIDKey = attribute.Key("k8s.statefulset.uid") + + // K8SStorageclassNameKey is the attribute Key conforming to the + // "k8s.storageclass.name" semantic conventions. It represents the name of K8s + // [StorageClass] object. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "gold.storageclass.storage.k8s.io" + // + // [StorageClass]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#storageclass-v1-storage-k8s-io + K8SStorageclassNameKey = attribute.Key("k8s.storageclass.name") + + // K8SVolumeNameKey is the attribute Key conforming to the "k8s.volume.name" + // semantic conventions. It represents the name of the K8s volume. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "volume0" + K8SVolumeNameKey = attribute.Key("k8s.volume.name") + + // K8SVolumeTypeKey is the attribute Key conforming to the "k8s.volume.type" + // semantic conventions. It represents the type of the K8s volume. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "emptyDir", "persistentVolumeClaim" + K8SVolumeTypeKey = attribute.Key("k8s.volume.type") +) + +// K8SClusterName returns an attribute KeyValue conforming to the +// "k8s.cluster.name" semantic conventions. It represents the name of the +// cluster. +func K8SClusterName(val string) attribute.KeyValue { + return K8SClusterNameKey.String(val) +} + +// K8SClusterUID returns an attribute KeyValue conforming to the +// "k8s.cluster.uid" semantic conventions. It represents a pseudo-ID for the +// cluster, set to the UID of the `kube-system` namespace. +func K8SClusterUID(val string) attribute.KeyValue { + return K8SClusterUIDKey.String(val) +} + +// K8SContainerName returns an attribute KeyValue conforming to the +// "k8s.container.name" semantic conventions. It represents the name of the +// Container from Pod specification, must be unique within a Pod. Container +// runtime usually uses different globally unique name (`container.name`). +func K8SContainerName(val string) attribute.KeyValue { + return K8SContainerNameKey.String(val) +} + +// K8SContainerRestartCount returns an attribute KeyValue conforming to the +// "k8s.container.restart_count" semantic conventions. It represents the number +// of times the container was restarted. This attribute can be used to identify a +// particular container (running or stopped) within a container spec. +func K8SContainerRestartCount(val int) attribute.KeyValue { + return K8SContainerRestartCountKey.Int(val) +} + +// K8SContainerStatusLastTerminatedReason returns an attribute KeyValue +// conforming to the "k8s.container.status.last_terminated_reason" semantic +// conventions. It represents the last terminated reason of the Container. +func K8SContainerStatusLastTerminatedReason(val string) attribute.KeyValue { + return K8SContainerStatusLastTerminatedReasonKey.String(val) +} + +// K8SCronJobAnnotation returns an attribute KeyValue conforming to the +// "k8s.cronjob.annotation" semantic conventions. It represents the cronjob +// annotation placed on the CronJob, the `` being the annotation name, the +// value being the annotation value. +func K8SCronJobAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.cronjob.annotation."+key, val) +} + +// K8SCronJobLabel returns an attribute KeyValue conforming to the +// "k8s.cronjob.label" semantic conventions. It represents the label placed on +// the CronJob, the `` being the label name, the value being the label +// value. +func K8SCronJobLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.cronjob.label."+key, val) +} + +// K8SCronJobName returns an attribute KeyValue conforming to the +// "k8s.cronjob.name" semantic conventions. It represents the name of the +// CronJob. +func K8SCronJobName(val string) attribute.KeyValue { + return K8SCronJobNameKey.String(val) +} + +// K8SCronJobUID returns an attribute KeyValue conforming to the +// "k8s.cronjob.uid" semantic conventions. It represents the UID of the CronJob. +func K8SCronJobUID(val string) attribute.KeyValue { + return K8SCronJobUIDKey.String(val) +} + +// K8SDaemonSetAnnotation returns an attribute KeyValue conforming to the +// "k8s.daemonset.annotation" semantic conventions. It represents the annotation +// placed on the DaemonSet, the `` being the annotation name, the value +// being the annotation value, even if the value is empty. +func K8SDaemonSetAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.daemonset.annotation."+key, val) +} + +// K8SDaemonSetLabel returns an attribute KeyValue conforming to the +// "k8s.daemonset.label" semantic conventions. It represents the label placed on +// the DaemonSet, the `` being the label name, the value being the label +// value, even if the value is empty. +func K8SDaemonSetLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.daemonset.label."+key, val) +} + +// K8SDaemonSetName returns an attribute KeyValue conforming to the +// "k8s.daemonset.name" semantic conventions. It represents the name of the +// DaemonSet. +func K8SDaemonSetName(val string) attribute.KeyValue { + return K8SDaemonSetNameKey.String(val) +} + +// K8SDaemonSetUID returns an attribute KeyValue conforming to the +// "k8s.daemonset.uid" semantic conventions. It represents the UID of the +// DaemonSet. +func K8SDaemonSetUID(val string) attribute.KeyValue { + return K8SDaemonSetUIDKey.String(val) +} + +// K8SDeploymentAnnotation returns an attribute KeyValue conforming to the +// "k8s.deployment.annotation" semantic conventions. It represents the annotation +// placed on the Deployment, the `` being the annotation name, the value +// being the annotation value, even if the value is empty. +func K8SDeploymentAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.deployment.annotation."+key, val) +} + +// K8SDeploymentLabel returns an attribute KeyValue conforming to the +// "k8s.deployment.label" semantic conventions. It represents the label placed on +// the Deployment, the `` being the label name, the value being the label +// value, even if the value is empty. +func K8SDeploymentLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.deployment.label."+key, val) +} + +// K8SDeploymentName returns an attribute KeyValue conforming to the +// "k8s.deployment.name" semantic conventions. It represents the name of the +// Deployment. +func K8SDeploymentName(val string) attribute.KeyValue { + return K8SDeploymentNameKey.String(val) +} + +// K8SDeploymentUID returns an attribute KeyValue conforming to the +// "k8s.deployment.uid" semantic conventions. It represents the UID of the +// Deployment. +func K8SDeploymentUID(val string) attribute.KeyValue { + return K8SDeploymentUIDKey.String(val) +} + +// K8SHPAMetricType returns an attribute KeyValue conforming to the +// "k8s.hpa.metric.type" semantic conventions. It represents the type of metric +// source for the horizontal pod autoscaler. +func K8SHPAMetricType(val string) attribute.KeyValue { + return K8SHPAMetricTypeKey.String(val) +} + +// K8SHPAName returns an attribute KeyValue conforming to the "k8s.hpa.name" +// semantic conventions. It represents the name of the horizontal pod autoscaler. +func K8SHPAName(val string) attribute.KeyValue { + return K8SHPANameKey.String(val) +} + +// K8SHPAScaletargetrefAPIVersion returns an attribute KeyValue conforming to the +// "k8s.hpa.scaletargetref.api_version" semantic conventions. It represents the +// API version of the target resource to scale for the HorizontalPodAutoscaler. +func K8SHPAScaletargetrefAPIVersion(val string) attribute.KeyValue { + return K8SHPAScaletargetrefAPIVersionKey.String(val) +} + +// K8SHPAScaletargetrefKind returns an attribute KeyValue conforming to the +// "k8s.hpa.scaletargetref.kind" semantic conventions. It represents the kind of +// the target resource to scale for the HorizontalPodAutoscaler. +func K8SHPAScaletargetrefKind(val string) attribute.KeyValue { + return K8SHPAScaletargetrefKindKey.String(val) +} + +// K8SHPAScaletargetrefName returns an attribute KeyValue conforming to the +// "k8s.hpa.scaletargetref.name" semantic conventions. It represents the name of +// the target resource to scale for the HorizontalPodAutoscaler. +func K8SHPAScaletargetrefName(val string) attribute.KeyValue { + return K8SHPAScaletargetrefNameKey.String(val) +} + +// K8SHPAUID returns an attribute KeyValue conforming to the "k8s.hpa.uid" +// semantic conventions. It represents the UID of the horizontal pod autoscaler. +func K8SHPAUID(val string) attribute.KeyValue { + return K8SHPAUIDKey.String(val) +} + +// K8SHugepageSize returns an attribute KeyValue conforming to the +// "k8s.hugepage.size" semantic conventions. It represents the size (identifier) +// of the K8s huge page. +func K8SHugepageSize(val string) attribute.KeyValue { + return K8SHugepageSizeKey.String(val) +} + +// K8SJobAnnotation returns an attribute KeyValue conforming to the +// "k8s.job.annotation" semantic conventions. It represents the annotation placed +// on the Job, the `` being the annotation name, the value being the +// annotation value, even if the value is empty. +func K8SJobAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.job.annotation."+key, val) +} + +// K8SJobLabel returns an attribute KeyValue conforming to the "k8s.job.label" +// semantic conventions. It represents the label placed on the Job, the `` +// being the label name, the value being the label value, even if the value is +// empty. +func K8SJobLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.job.label."+key, val) +} + +// K8SJobName returns an attribute KeyValue conforming to the "k8s.job.name" +// semantic conventions. It represents the name of the Job. +func K8SJobName(val string) attribute.KeyValue { + return K8SJobNameKey.String(val) +} + +// K8SJobUID returns an attribute KeyValue conforming to the "k8s.job.uid" +// semantic conventions. It represents the UID of the Job. +func K8SJobUID(val string) attribute.KeyValue { + return K8SJobUIDKey.String(val) +} + +// K8SNamespaceAnnotation returns an attribute KeyValue conforming to the +// "k8s.namespace.annotation" semantic conventions. It represents the annotation +// placed on the Namespace, the `` being the annotation name, the value +// being the annotation value, even if the value is empty. +func K8SNamespaceAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.namespace.annotation."+key, val) +} + +// K8SNamespaceLabel returns an attribute KeyValue conforming to the +// "k8s.namespace.label" semantic conventions. It represents the label placed on +// the Namespace, the `` being the label name, the value being the label +// value, even if the value is empty. +func K8SNamespaceLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.namespace.label."+key, val) +} + +// K8SNamespaceName returns an attribute KeyValue conforming to the +// "k8s.namespace.name" semantic conventions. It represents the name of the +// namespace that the pod is running in. +func K8SNamespaceName(val string) attribute.KeyValue { + return K8SNamespaceNameKey.String(val) +} + +// K8SNodeAnnotation returns an attribute KeyValue conforming to the +// "k8s.node.annotation" semantic conventions. It represents the annotation +// placed on the Node, the `` being the annotation name, the value being the +// annotation value, even if the value is empty. +func K8SNodeAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.node.annotation."+key, val) +} + +// K8SNodeLabel returns an attribute KeyValue conforming to the "k8s.node.label" +// semantic conventions. It represents the label placed on the Node, the `` +// being the label name, the value being the label value, even if the value is +// empty. +func K8SNodeLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.node.label."+key, val) +} + +// K8SNodeName returns an attribute KeyValue conforming to the "k8s.node.name" +// semantic conventions. It represents the name of the Node. +func K8SNodeName(val string) attribute.KeyValue { + return K8SNodeNameKey.String(val) +} + +// K8SNodeUID returns an attribute KeyValue conforming to the "k8s.node.uid" +// semantic conventions. It represents the UID of the Node. +func K8SNodeUID(val string) attribute.KeyValue { + return K8SNodeUIDKey.String(val) +} + +// K8SPodAnnotation returns an attribute KeyValue conforming to the +// "k8s.pod.annotation" semantic conventions. It represents the annotation placed +// on the Pod, the `` being the annotation name, the value being the +// annotation value. +func K8SPodAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.pod.annotation."+key, val) +} + +// K8SPodLabel returns an attribute KeyValue conforming to the "k8s.pod.label" +// semantic conventions. It represents the label placed on the Pod, the `` +// being the label name, the value being the label value. +func K8SPodLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.pod.label."+key, val) +} + +// K8SPodName returns an attribute KeyValue conforming to the "k8s.pod.name" +// semantic conventions. It represents the name of the Pod. +func K8SPodName(val string) attribute.KeyValue { + return K8SPodNameKey.String(val) +} + +// K8SPodUID returns an attribute KeyValue conforming to the "k8s.pod.uid" +// semantic conventions. It represents the UID of the Pod. +func K8SPodUID(val string) attribute.KeyValue { + return K8SPodUIDKey.String(val) +} + +// K8SReplicaSetAnnotation returns an attribute KeyValue conforming to the +// "k8s.replicaset.annotation" semantic conventions. It represents the annotation +// placed on the ReplicaSet, the `` being the annotation name, the value +// being the annotation value, even if the value is empty. +func K8SReplicaSetAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.replicaset.annotation."+key, val) +} + +// K8SReplicaSetLabel returns an attribute KeyValue conforming to the +// "k8s.replicaset.label" semantic conventions. It represents the label placed on +// the ReplicaSet, the `` being the label name, the value being the label +// value, even if the value is empty. +func K8SReplicaSetLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.replicaset.label."+key, val) +} + +// K8SReplicaSetName returns an attribute KeyValue conforming to the +// "k8s.replicaset.name" semantic conventions. It represents the name of the +// ReplicaSet. +func K8SReplicaSetName(val string) attribute.KeyValue { + return K8SReplicaSetNameKey.String(val) +} + +// K8SReplicaSetUID returns an attribute KeyValue conforming to the +// "k8s.replicaset.uid" semantic conventions. It represents the UID of the +// ReplicaSet. +func K8SReplicaSetUID(val string) attribute.KeyValue { + return K8SReplicaSetUIDKey.String(val) +} + +// K8SReplicationControllerName returns an attribute KeyValue conforming to the +// "k8s.replicationcontroller.name" semantic conventions. It represents the name +// of the replication controller. +func K8SReplicationControllerName(val string) attribute.KeyValue { + return K8SReplicationControllerNameKey.String(val) +} + +// K8SReplicationControllerUID returns an attribute KeyValue conforming to the +// "k8s.replicationcontroller.uid" semantic conventions. It represents the UID of +// the replication controller. +func K8SReplicationControllerUID(val string) attribute.KeyValue { + return K8SReplicationControllerUIDKey.String(val) +} + +// K8SResourceQuotaName returns an attribute KeyValue conforming to the +// "k8s.resourcequota.name" semantic conventions. It represents the name of the +// resource quota. +func K8SResourceQuotaName(val string) attribute.KeyValue { + return K8SResourceQuotaNameKey.String(val) +} + +// K8SResourceQuotaResourceName returns an attribute KeyValue conforming to the +// "k8s.resourcequota.resource_name" semantic conventions. It represents the name +// of the K8s resource a resource quota defines. +func K8SResourceQuotaResourceName(val string) attribute.KeyValue { + return K8SResourceQuotaResourceNameKey.String(val) +} + +// K8SResourceQuotaUID returns an attribute KeyValue conforming to the +// "k8s.resourcequota.uid" semantic conventions. It represents the UID of the +// resource quota. +func K8SResourceQuotaUID(val string) attribute.KeyValue { + return K8SResourceQuotaUIDKey.String(val) +} + +// K8SStatefulSetAnnotation returns an attribute KeyValue conforming to the +// "k8s.statefulset.annotation" semantic conventions. It represents the +// annotation placed on the StatefulSet, the `` being the annotation name, +// the value being the annotation value, even if the value is empty. +func K8SStatefulSetAnnotation(key string, val string) attribute.KeyValue { + return attribute.String("k8s.statefulset.annotation."+key, val) +} + +// K8SStatefulSetLabel returns an attribute KeyValue conforming to the +// "k8s.statefulset.label" semantic conventions. It represents the label placed +// on the StatefulSet, the `` being the label name, the value being the +// label value, even if the value is empty. +func K8SStatefulSetLabel(key string, val string) attribute.KeyValue { + return attribute.String("k8s.statefulset.label."+key, val) +} + +// K8SStatefulSetName returns an attribute KeyValue conforming to the +// "k8s.statefulset.name" semantic conventions. It represents the name of the +// StatefulSet. +func K8SStatefulSetName(val string) attribute.KeyValue { + return K8SStatefulSetNameKey.String(val) +} + +// K8SStatefulSetUID returns an attribute KeyValue conforming to the +// "k8s.statefulset.uid" semantic conventions. It represents the UID of the +// StatefulSet. +func K8SStatefulSetUID(val string) attribute.KeyValue { + return K8SStatefulSetUIDKey.String(val) +} + +// K8SStorageclassName returns an attribute KeyValue conforming to the +// "k8s.storageclass.name" semantic conventions. It represents the name of K8s +// [StorageClass] object. +// +// [StorageClass]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#storageclass-v1-storage-k8s-io +func K8SStorageclassName(val string) attribute.KeyValue { + return K8SStorageclassNameKey.String(val) +} + +// K8SVolumeName returns an attribute KeyValue conforming to the +// "k8s.volume.name" semantic conventions. It represents the name of the K8s +// volume. +func K8SVolumeName(val string) attribute.KeyValue { + return K8SVolumeNameKey.String(val) +} + +// Enum values for k8s.container.status.reason +var ( + // The container is being created. + // Stability: development + K8SContainerStatusReasonContainerCreating = K8SContainerStatusReasonKey.String("ContainerCreating") + // The container is in a crash loop back off state. + // Stability: development + K8SContainerStatusReasonCrashLoopBackOff = K8SContainerStatusReasonKey.String("CrashLoopBackOff") + // There was an error creating the container configuration. + // Stability: development + K8SContainerStatusReasonCreateContainerConfigError = K8SContainerStatusReasonKey.String("CreateContainerConfigError") + // There was an error pulling the container image. + // Stability: development + K8SContainerStatusReasonErrImagePull = K8SContainerStatusReasonKey.String("ErrImagePull") + // The container image pull is in back off state. + // Stability: development + K8SContainerStatusReasonImagePullBackOff = K8SContainerStatusReasonKey.String("ImagePullBackOff") + // The container was killed due to out of memory. + // Stability: development + K8SContainerStatusReasonOomKilled = K8SContainerStatusReasonKey.String("OOMKilled") + // The container has completed execution. + // Stability: development + K8SContainerStatusReasonCompleted = K8SContainerStatusReasonKey.String("Completed") + // There was an error with the container. + // Stability: development + K8SContainerStatusReasonError = K8SContainerStatusReasonKey.String("Error") + // The container cannot run. + // Stability: development + K8SContainerStatusReasonContainerCannotRun = K8SContainerStatusReasonKey.String("ContainerCannotRun") +) + +// Enum values for k8s.container.status.state +var ( + // The container has terminated. + // Stability: development + K8SContainerStatusStateTerminated = K8SContainerStatusStateKey.String("terminated") + // The container is running. + // Stability: development + K8SContainerStatusStateRunning = K8SContainerStatusStateKey.String("running") + // The container is waiting. + // Stability: development + K8SContainerStatusStateWaiting = K8SContainerStatusStateKey.String("waiting") +) + +// Enum values for k8s.namespace.phase +var ( + // Active namespace phase as described by [K8s API] + // Stability: development + // + // [K8s API]: https://pkg.go.dev/k8s.io/api@v0.31.3/core/v1#NamespacePhase + K8SNamespacePhaseActive = K8SNamespacePhaseKey.String("active") + // Terminating namespace phase as described by [K8s API] + // Stability: development + // + // [K8s API]: https://pkg.go.dev/k8s.io/api@v0.31.3/core/v1#NamespacePhase + K8SNamespacePhaseTerminating = K8SNamespacePhaseKey.String("terminating") +) + +// Enum values for k8s.node.condition.status +var ( + // condition_true + // Stability: development + K8SNodeConditionStatusConditionTrue = K8SNodeConditionStatusKey.String("true") + // condition_false + // Stability: development + K8SNodeConditionStatusConditionFalse = K8SNodeConditionStatusKey.String("false") + // condition_unknown + // Stability: development + K8SNodeConditionStatusConditionUnknown = K8SNodeConditionStatusKey.String("unknown") +) + +// Enum values for k8s.node.condition.type +var ( + // The node is healthy and ready to accept pods + // Stability: development + K8SNodeConditionTypeReady = K8SNodeConditionTypeKey.String("Ready") + // Pressure exists on the disk size—that is, if the disk capacity is low + // Stability: development + K8SNodeConditionTypeDiskPressure = K8SNodeConditionTypeKey.String("DiskPressure") + // Pressure exists on the node memory—that is, if the node memory is low + // Stability: development + K8SNodeConditionTypeMemoryPressure = K8SNodeConditionTypeKey.String("MemoryPressure") + // Pressure exists on the processes—that is, if there are too many processes + // on the node + // Stability: development + K8SNodeConditionTypePIDPressure = K8SNodeConditionTypeKey.String("PIDPressure") + // The network for the node is not correctly configured + // Stability: development + K8SNodeConditionTypeNetworkUnavailable = K8SNodeConditionTypeKey.String("NetworkUnavailable") +) + +// Enum values for k8s.volume.type +var ( + // A [persistentVolumeClaim] volume + // Stability: development + // + // [persistentVolumeClaim]: https://v1-30.docs.kubernetes.io/docs/concepts/storage/volumes/#persistentvolumeclaim + K8SVolumeTypePersistentVolumeClaim = K8SVolumeTypeKey.String("persistentVolumeClaim") + // A [configMap] volume + // Stability: development + // + // [configMap]: https://v1-30.docs.kubernetes.io/docs/concepts/storage/volumes/#configmap + K8SVolumeTypeConfigMap = K8SVolumeTypeKey.String("configMap") + // A [downwardAPI] volume + // Stability: development + // + // [downwardAPI]: https://v1-30.docs.kubernetes.io/docs/concepts/storage/volumes/#downwardapi + K8SVolumeTypeDownwardAPI = K8SVolumeTypeKey.String("downwardAPI") + // An [emptyDir] volume + // Stability: development + // + // [emptyDir]: https://v1-30.docs.kubernetes.io/docs/concepts/storage/volumes/#emptydir + K8SVolumeTypeEmptyDir = K8SVolumeTypeKey.String("emptyDir") + // A [secret] volume + // Stability: development + // + // [secret]: https://v1-30.docs.kubernetes.io/docs/concepts/storage/volumes/#secret + K8SVolumeTypeSecret = K8SVolumeTypeKey.String("secret") + // A [local] volume + // Stability: development + // + // [local]: https://v1-30.docs.kubernetes.io/docs/concepts/storage/volumes/#local + K8SVolumeTypeLocal = K8SVolumeTypeKey.String("local") +) + +// Namespace: linux +const ( + // LinuxMemorySlabStateKey is the attribute Key conforming to the + // "linux.memory.slab.state" semantic conventions. It represents the Linux Slab + // memory state. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "reclaimable", "unreclaimable" + LinuxMemorySlabStateKey = attribute.Key("linux.memory.slab.state") +) + +// Enum values for linux.memory.slab.state +var ( + // reclaimable + // Stability: development + LinuxMemorySlabStateReclaimable = LinuxMemorySlabStateKey.String("reclaimable") + // unreclaimable + // Stability: development + LinuxMemorySlabStateUnreclaimable = LinuxMemorySlabStateKey.String("unreclaimable") +) + +// Namespace: log +const ( + // LogFileNameKey is the attribute Key conforming to the "log.file.name" + // semantic conventions. It represents the basename of the file. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "audit.log" + LogFileNameKey = attribute.Key("log.file.name") + + // LogFileNameResolvedKey is the attribute Key conforming to the + // "log.file.name_resolved" semantic conventions. It represents the basename of + // the file, with symlinks resolved. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "uuid.log" + LogFileNameResolvedKey = attribute.Key("log.file.name_resolved") + + // LogFilePathKey is the attribute Key conforming to the "log.file.path" + // semantic conventions. It represents the full path to the file. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/var/log/mysql/audit.log" + LogFilePathKey = attribute.Key("log.file.path") + + // LogFilePathResolvedKey is the attribute Key conforming to the + // "log.file.path_resolved" semantic conventions. It represents the full path to + // the file, with symlinks resolved. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/var/lib/docker/uuid.log" + LogFilePathResolvedKey = attribute.Key("log.file.path_resolved") + + // LogIostreamKey is the attribute Key conforming to the "log.iostream" semantic + // conventions. It represents the stream associated with the log. See below for + // a list of well-known values. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + LogIostreamKey = attribute.Key("log.iostream") + + // LogRecordOriginalKey is the attribute Key conforming to the + // "log.record.original" semantic conventions. It represents the complete + // original Log Record. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "77 <86>1 2015-08-06T21:58:59.694Z 192.168.2.133 inactive - - - + // Something happened", "[INFO] 8/3/24 12:34:56 Something happened" + // Note: This value MAY be added when processing a Log Record which was + // originally transmitted as a string or equivalent data type AND the Body field + // of the Log Record does not contain the same value. (e.g. a syslog or a log + // record read from a file.) + LogRecordOriginalKey = attribute.Key("log.record.original") + + // LogRecordUIDKey is the attribute Key conforming to the "log.record.uid" + // semantic conventions. It represents a unique identifier for the Log Record. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "01ARZ3NDEKTSV4RRFFQ69G5FAV" + // Note: If an id is provided, other log records with the same id will be + // considered duplicates and can be removed safely. This means, that two + // distinguishable log records MUST have different values. + // The id MAY be an + // [Universally Unique Lexicographically Sortable Identifier (ULID)], but other + // identifiers (e.g. UUID) may be used as needed. + // + // [Universally Unique Lexicographically Sortable Identifier (ULID)]: https://github.com/ulid/spec + LogRecordUIDKey = attribute.Key("log.record.uid") +) + +// LogFileName returns an attribute KeyValue conforming to the "log.file.name" +// semantic conventions. It represents the basename of the file. +func LogFileName(val string) attribute.KeyValue { + return LogFileNameKey.String(val) +} + +// LogFileNameResolved returns an attribute KeyValue conforming to the +// "log.file.name_resolved" semantic conventions. It represents the basename of +// the file, with symlinks resolved. +func LogFileNameResolved(val string) attribute.KeyValue { + return LogFileNameResolvedKey.String(val) +} + +// LogFilePath returns an attribute KeyValue conforming to the "log.file.path" +// semantic conventions. It represents the full path to the file. +func LogFilePath(val string) attribute.KeyValue { + return LogFilePathKey.String(val) +} + +// LogFilePathResolved returns an attribute KeyValue conforming to the +// "log.file.path_resolved" semantic conventions. It represents the full path to +// the file, with symlinks resolved. +func LogFilePathResolved(val string) attribute.KeyValue { + return LogFilePathResolvedKey.String(val) +} + +// LogRecordOriginal returns an attribute KeyValue conforming to the +// "log.record.original" semantic conventions. It represents the complete +// original Log Record. +func LogRecordOriginal(val string) attribute.KeyValue { + return LogRecordOriginalKey.String(val) +} + +// LogRecordUID returns an attribute KeyValue conforming to the "log.record.uid" +// semantic conventions. It represents a unique identifier for the Log Record. +func LogRecordUID(val string) attribute.KeyValue { + return LogRecordUIDKey.String(val) +} + +// Enum values for log.iostream +var ( + // Logs from stdout stream + // Stability: development + LogIostreamStdout = LogIostreamKey.String("stdout") + // Events from stderr stream + // Stability: development + LogIostreamStderr = LogIostreamKey.String("stderr") +) + +// Namespace: mainframe +const ( + // MainframeLparNameKey is the attribute Key conforming to the + // "mainframe.lpar.name" semantic conventions. It represents the name of the + // logical partition that hosts a systems with a mainframe operating system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "LPAR01" + MainframeLparNameKey = attribute.Key("mainframe.lpar.name") +) + +// MainframeLparName returns an attribute KeyValue conforming to the +// "mainframe.lpar.name" semantic conventions. It represents the name of the +// logical partition that hosts a systems with a mainframe operating system. +func MainframeLparName(val string) attribute.KeyValue { + return MainframeLparNameKey.String(val) +} + +// Namespace: messaging +const ( + // MessagingBatchMessageCountKey is the attribute Key conforming to the + // "messaging.batch.message_count" semantic conventions. It represents the + // number of messages sent, received, or processed in the scope of the batching + // operation. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 0, 1, 2 + // Note: Instrumentations SHOULD NOT set `messaging.batch.message_count` on + // spans that operate with a single message. When a messaging client library + // supports both batch and single-message API for the same operation, + // instrumentations SHOULD use `messaging.batch.message_count` for batching APIs + // and SHOULD NOT use it for single-message APIs. + MessagingBatchMessageCountKey = attribute.Key("messaging.batch.message_count") + + // MessagingClientIDKey is the attribute Key conforming to the + // "messaging.client.id" semantic conventions. It represents a unique identifier + // for the client that consumes or produces a message. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "client-5", "myhost@8742@s8083jm" + MessagingClientIDKey = attribute.Key("messaging.client.id") + + // MessagingConsumerGroupNameKey is the attribute Key conforming to the + // "messaging.consumer.group.name" semantic conventions. It represents the name + // of the consumer group with which a consumer is associated. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-group", "indexer" + // Note: Semantic conventions for individual messaging systems SHOULD document + // whether `messaging.consumer.group.name` is applicable and what it means in + // the context of that system. + MessagingConsumerGroupNameKey = attribute.Key("messaging.consumer.group.name") + + // MessagingDestinationAnonymousKey is the attribute Key conforming to the + // "messaging.destination.anonymous" semantic conventions. It represents a + // boolean that is true if the message destination is anonymous (could be + // unnamed or have auto-generated name). + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + MessagingDestinationAnonymousKey = attribute.Key("messaging.destination.anonymous") + + // MessagingDestinationNameKey is the attribute Key conforming to the + // "messaging.destination.name" semantic conventions. It represents the message + // destination name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "MyQueue", "MyTopic" + // Note: Destination name SHOULD uniquely identify a specific queue, topic or + // other entity within the broker. If + // the broker doesn't have such notion, the destination name SHOULD uniquely + // identify the broker. + MessagingDestinationNameKey = attribute.Key("messaging.destination.name") + + // MessagingDestinationPartitionIDKey is the attribute Key conforming to the + // "messaging.destination.partition.id" semantic conventions. It represents the + // identifier of the partition messages are sent to or received from, unique + // within the `messaging.destination.name`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1 + MessagingDestinationPartitionIDKey = attribute.Key("messaging.destination.partition.id") + + // MessagingDestinationSubscriptionNameKey is the attribute Key conforming to + // the "messaging.destination.subscription.name" semantic conventions. It + // represents the name of the destination subscription from which a message is + // consumed. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "subscription-a" + // Note: Semantic conventions for individual messaging systems SHOULD document + // whether `messaging.destination.subscription.name` is applicable and what it + // means in the context of that system. + MessagingDestinationSubscriptionNameKey = attribute.Key("messaging.destination.subscription.name") + + // MessagingDestinationTemplateKey is the attribute Key conforming to the + // "messaging.destination.template" semantic conventions. It represents the low + // cardinality representation of the messaging destination name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/customers/{customerId}" + // Note: Destination names could be constructed from templates. An example would + // be a destination name involving a user name or product id. Although the + // destination name in this case is of high cardinality, the underlying template + // is of low cardinality and can be effectively used for grouping and + // aggregation. + MessagingDestinationTemplateKey = attribute.Key("messaging.destination.template") + + // MessagingDestinationTemporaryKey is the attribute Key conforming to the + // "messaging.destination.temporary" semantic conventions. It represents a + // boolean that is true if the message destination is temporary and might not + // exist anymore after messages are processed. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + MessagingDestinationTemporaryKey = attribute.Key("messaging.destination.temporary") + + // MessagingEventHubsMessageEnqueuedTimeKey is the attribute Key conforming to + // the "messaging.eventhubs.message.enqueued_time" semantic conventions. It + // represents the UTC epoch seconds at which the message has been accepted and + // stored in the entity. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingEventHubsMessageEnqueuedTimeKey = attribute.Key("messaging.eventhubs.message.enqueued_time") + + // MessagingGCPPubSubMessageAckDeadlineKey is the attribute Key conforming to + // the "messaging.gcp_pubsub.message.ack_deadline" semantic conventions. It + // represents the ack deadline in seconds set for the modify ack deadline + // request. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingGCPPubSubMessageAckDeadlineKey = attribute.Key("messaging.gcp_pubsub.message.ack_deadline") + + // MessagingGCPPubSubMessageAckIDKey is the attribute Key conforming to the + // "messaging.gcp_pubsub.message.ack_id" semantic conventions. It represents the + // ack id for a given message. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: ack_id + MessagingGCPPubSubMessageAckIDKey = attribute.Key("messaging.gcp_pubsub.message.ack_id") + + // MessagingGCPPubSubMessageDeliveryAttemptKey is the attribute Key conforming + // to the "messaging.gcp_pubsub.message.delivery_attempt" semantic conventions. + // It represents the delivery attempt for a given message. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingGCPPubSubMessageDeliveryAttemptKey = attribute.Key("messaging.gcp_pubsub.message.delivery_attempt") + + // MessagingGCPPubSubMessageOrderingKeyKey is the attribute Key conforming to + // the "messaging.gcp_pubsub.message.ordering_key" semantic conventions. It + // represents the ordering key for a given message. If the attribute is not + // present, the message does not have an ordering key. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: ordering_key + MessagingGCPPubSubMessageOrderingKeyKey = attribute.Key("messaging.gcp_pubsub.message.ordering_key") + + // MessagingKafkaMessageKeyKey is the attribute Key conforming to the + // "messaging.kafka.message.key" semantic conventions. It represents the message + // keys in Kafka are used for grouping alike messages to ensure they're + // processed on the same partition. They differ from `messaging.message.id` in + // that they're not unique. If the key is `null`, the attribute MUST NOT be set. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: myKey + // Note: If the key type is not string, it's string representation has to be + // supplied for the attribute. If the key has no unambiguous, canonical string + // form, don't include its value. + MessagingKafkaMessageKeyKey = attribute.Key("messaging.kafka.message.key") + + // MessagingKafkaMessageTombstoneKey is the attribute Key conforming to the + // "messaging.kafka.message.tombstone" semantic conventions. It represents a + // boolean that is true if the message is a tombstone. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + MessagingKafkaMessageTombstoneKey = attribute.Key("messaging.kafka.message.tombstone") + + // MessagingKafkaOffsetKey is the attribute Key conforming to the + // "messaging.kafka.offset" semantic conventions. It represents the offset of a + // record in the corresponding Kafka partition. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingKafkaOffsetKey = attribute.Key("messaging.kafka.offset") + + // MessagingMessageBodySizeKey is the attribute Key conforming to the + // "messaging.message.body.size" semantic conventions. It represents the size of + // the message body in bytes. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Note: This can refer to both the compressed or uncompressed body size. If + // both sizes are known, the uncompressed + // body size should be used. + MessagingMessageBodySizeKey = attribute.Key("messaging.message.body.size") + + // MessagingMessageConversationIDKey is the attribute Key conforming to the + // "messaging.message.conversation_id" semantic conventions. It represents the + // conversation ID identifying the conversation to which the message belongs, + // represented as a string. Sometimes called "Correlation ID". + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: MyConversationId + MessagingMessageConversationIDKey = attribute.Key("messaging.message.conversation_id") + + // MessagingMessageEnvelopeSizeKey is the attribute Key conforming to the + // "messaging.message.envelope.size" semantic conventions. It represents the + // size of the message body and metadata in bytes. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Note: This can refer to both the compressed or uncompressed size. If both + // sizes are known, the uncompressed + // size should be used. + MessagingMessageEnvelopeSizeKey = attribute.Key("messaging.message.envelope.size") + + // MessagingMessageIDKey is the attribute Key conforming to the + // "messaging.message.id" semantic conventions. It represents a value used by + // the messaging system as an identifier for the message, represented as a + // string. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 452a7c7c7c7048c2f887f61572b18fc2 + MessagingMessageIDKey = attribute.Key("messaging.message.id") + + // MessagingOperationNameKey is the attribute Key conforming to the + // "messaging.operation.name" semantic conventions. It represents the + // system-specific name of the messaging operation. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "ack", "nack", "send" + MessagingOperationNameKey = attribute.Key("messaging.operation.name") + + // MessagingOperationTypeKey is the attribute Key conforming to the + // "messaging.operation.type" semantic conventions. It represents a string + // identifying the type of the messaging operation. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: If a custom value is used, it MUST be of low cardinality. + MessagingOperationTypeKey = attribute.Key("messaging.operation.type") + + // MessagingRabbitMQDestinationRoutingKeyKey is the attribute Key conforming to + // the "messaging.rabbitmq.destination.routing_key" semantic conventions. It + // represents the rabbitMQ message routing key. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: myKey + MessagingRabbitMQDestinationRoutingKeyKey = attribute.Key("messaging.rabbitmq.destination.routing_key") + + // MessagingRabbitMQMessageDeliveryTagKey is the attribute Key conforming to the + // "messaging.rabbitmq.message.delivery_tag" semantic conventions. It represents + // the rabbitMQ message delivery tag. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingRabbitMQMessageDeliveryTagKey = attribute.Key("messaging.rabbitmq.message.delivery_tag") + + // MessagingRocketMQConsumptionModelKey is the attribute Key conforming to the + // "messaging.rocketmq.consumption_model" semantic conventions. It represents + // the model of message consumption. This only applies to consumer spans. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + MessagingRocketMQConsumptionModelKey = attribute.Key("messaging.rocketmq.consumption_model") + + // MessagingRocketMQMessageDelayTimeLevelKey is the attribute Key conforming to + // the "messaging.rocketmq.message.delay_time_level" semantic conventions. It + // represents the delay time level for delay message, which determines the + // message delay time. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingRocketMQMessageDelayTimeLevelKey = attribute.Key("messaging.rocketmq.message.delay_time_level") + + // MessagingRocketMQMessageDeliveryTimestampKey is the attribute Key conforming + // to the "messaging.rocketmq.message.delivery_timestamp" semantic conventions. + // It represents the timestamp in milliseconds that the delay message is + // expected to be delivered to consumer. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingRocketMQMessageDeliveryTimestampKey = attribute.Key("messaging.rocketmq.message.delivery_timestamp") + + // MessagingRocketMQMessageGroupKey is the attribute Key conforming to the + // "messaging.rocketmq.message.group" semantic conventions. It represents the it + // is essential for FIFO message. Messages that belong to the same message group + // are always processed one by one within the same consumer group. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: myMessageGroup + MessagingRocketMQMessageGroupKey = attribute.Key("messaging.rocketmq.message.group") + + // MessagingRocketMQMessageKeysKey is the attribute Key conforming to the + // "messaging.rocketmq.message.keys" semantic conventions. It represents the + // key(s) of message, another way to mark message besides message id. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "keyA", "keyB" + MessagingRocketMQMessageKeysKey = attribute.Key("messaging.rocketmq.message.keys") + + // MessagingRocketMQMessageTagKey is the attribute Key conforming to the + // "messaging.rocketmq.message.tag" semantic conventions. It represents the + // secondary classifier of message besides topic. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: tagA + MessagingRocketMQMessageTagKey = attribute.Key("messaging.rocketmq.message.tag") + + // MessagingRocketMQMessageTypeKey is the attribute Key conforming to the + // "messaging.rocketmq.message.type" semantic conventions. It represents the + // type of message. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + MessagingRocketMQMessageTypeKey = attribute.Key("messaging.rocketmq.message.type") + + // MessagingRocketMQNamespaceKey is the attribute Key conforming to the + // "messaging.rocketmq.namespace" semantic conventions. It represents the + // namespace of RocketMQ resources, resources in different namespaces are + // individual. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: myNamespace + MessagingRocketMQNamespaceKey = attribute.Key("messaging.rocketmq.namespace") + + // MessagingServiceBusDispositionStatusKey is the attribute Key conforming to + // the "messaging.servicebus.disposition_status" semantic conventions. It + // represents the describes the [settlement type]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // + // [settlement type]: https://learn.microsoft.com/azure/service-bus-messaging/message-transfers-locks-settlement#peeklock + MessagingServiceBusDispositionStatusKey = attribute.Key("messaging.servicebus.disposition_status") + + // MessagingServiceBusMessageDeliveryCountKey is the attribute Key conforming to + // the "messaging.servicebus.message.delivery_count" semantic conventions. It + // represents the number of deliveries that have been attempted for this + // message. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingServiceBusMessageDeliveryCountKey = attribute.Key("messaging.servicebus.message.delivery_count") + + // MessagingServiceBusMessageEnqueuedTimeKey is the attribute Key conforming to + // the "messaging.servicebus.message.enqueued_time" semantic conventions. It + // represents the UTC epoch seconds at which the message has been accepted and + // stored in the entity. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + MessagingServiceBusMessageEnqueuedTimeKey = attribute.Key("messaging.servicebus.message.enqueued_time") + + // MessagingSystemKey is the attribute Key conforming to the "messaging.system" + // semantic conventions. It represents the messaging system as identified by the + // client instrumentation. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: The actual messaging system may differ from the one known by the + // client. For example, when using Kafka client libraries to communicate with + // Azure Event Hubs, the `messaging.system` is set to `kafka` based on the + // instrumentation's best knowledge. + MessagingSystemKey = attribute.Key("messaging.system") +) + +// MessagingBatchMessageCount returns an attribute KeyValue conforming to the +// "messaging.batch.message_count" semantic conventions. It represents the number +// of messages sent, received, or processed in the scope of the batching +// operation. +func MessagingBatchMessageCount(val int) attribute.KeyValue { + return MessagingBatchMessageCountKey.Int(val) +} + +// MessagingClientID returns an attribute KeyValue conforming to the +// "messaging.client.id" semantic conventions. It represents a unique identifier +// for the client that consumes or produces a message. +func MessagingClientID(val string) attribute.KeyValue { + return MessagingClientIDKey.String(val) +} + +// MessagingConsumerGroupName returns an attribute KeyValue conforming to the +// "messaging.consumer.group.name" semantic conventions. It represents the name +// of the consumer group with which a consumer is associated. +func MessagingConsumerGroupName(val string) attribute.KeyValue { + return MessagingConsumerGroupNameKey.String(val) +} + +// MessagingDestinationAnonymous returns an attribute KeyValue conforming to the +// "messaging.destination.anonymous" semantic conventions. It represents a +// boolean that is true if the message destination is anonymous (could be unnamed +// or have auto-generated name). +func MessagingDestinationAnonymous(val bool) attribute.KeyValue { + return MessagingDestinationAnonymousKey.Bool(val) +} + +// MessagingDestinationName returns an attribute KeyValue conforming to the +// "messaging.destination.name" semantic conventions. It represents the message +// destination name. +func MessagingDestinationName(val string) attribute.KeyValue { + return MessagingDestinationNameKey.String(val) +} + +// MessagingDestinationPartitionID returns an attribute KeyValue conforming to +// the "messaging.destination.partition.id" semantic conventions. It represents +// the identifier of the partition messages are sent to or received from, unique +// within the `messaging.destination.name`. +func MessagingDestinationPartitionID(val string) attribute.KeyValue { + return MessagingDestinationPartitionIDKey.String(val) +} + +// MessagingDestinationSubscriptionName returns an attribute KeyValue conforming +// to the "messaging.destination.subscription.name" semantic conventions. It +// represents the name of the destination subscription from which a message is +// consumed. +func MessagingDestinationSubscriptionName(val string) attribute.KeyValue { + return MessagingDestinationSubscriptionNameKey.String(val) +} + +// MessagingDestinationTemplate returns an attribute KeyValue conforming to the +// "messaging.destination.template" semantic conventions. It represents the low +// cardinality representation of the messaging destination name. +func MessagingDestinationTemplate(val string) attribute.KeyValue { + return MessagingDestinationTemplateKey.String(val) +} + +// MessagingDestinationTemporary returns an attribute KeyValue conforming to the +// "messaging.destination.temporary" semantic conventions. It represents a +// boolean that is true if the message destination is temporary and might not +// exist anymore after messages are processed. +func MessagingDestinationTemporary(val bool) attribute.KeyValue { + return MessagingDestinationTemporaryKey.Bool(val) +} + +// MessagingEventHubsMessageEnqueuedTime returns an attribute KeyValue conforming +// to the "messaging.eventhubs.message.enqueued_time" semantic conventions. It +// represents the UTC epoch seconds at which the message has been accepted and +// stored in the entity. +func MessagingEventHubsMessageEnqueuedTime(val int) attribute.KeyValue { + return MessagingEventHubsMessageEnqueuedTimeKey.Int(val) +} + +// MessagingGCPPubSubMessageAckDeadline returns an attribute KeyValue conforming +// to the "messaging.gcp_pubsub.message.ack_deadline" semantic conventions. It +// represents the ack deadline in seconds set for the modify ack deadline +// request. +func MessagingGCPPubSubMessageAckDeadline(val int) attribute.KeyValue { + return MessagingGCPPubSubMessageAckDeadlineKey.Int(val) +} + +// MessagingGCPPubSubMessageAckID returns an attribute KeyValue conforming to the +// "messaging.gcp_pubsub.message.ack_id" semantic conventions. It represents the +// ack id for a given message. +func MessagingGCPPubSubMessageAckID(val string) attribute.KeyValue { + return MessagingGCPPubSubMessageAckIDKey.String(val) +} + +// MessagingGCPPubSubMessageDeliveryAttempt returns an attribute KeyValue +// conforming to the "messaging.gcp_pubsub.message.delivery_attempt" semantic +// conventions. It represents the delivery attempt for a given message. +func MessagingGCPPubSubMessageDeliveryAttempt(val int) attribute.KeyValue { + return MessagingGCPPubSubMessageDeliveryAttemptKey.Int(val) +} + +// MessagingGCPPubSubMessageOrderingKey returns an attribute KeyValue conforming +// to the "messaging.gcp_pubsub.message.ordering_key" semantic conventions. It +// represents the ordering key for a given message. If the attribute is not +// present, the message does not have an ordering key. +func MessagingGCPPubSubMessageOrderingKey(val string) attribute.KeyValue { + return MessagingGCPPubSubMessageOrderingKeyKey.String(val) +} + +// MessagingKafkaMessageKey returns an attribute KeyValue conforming to the +// "messaging.kafka.message.key" semantic conventions. It represents the message +// keys in Kafka are used for grouping alike messages to ensure they're processed +// on the same partition. They differ from `messaging.message.id` in that they're +// not unique. If the key is `null`, the attribute MUST NOT be set. +func MessagingKafkaMessageKey(val string) attribute.KeyValue { + return MessagingKafkaMessageKeyKey.String(val) +} + +// MessagingKafkaMessageTombstone returns an attribute KeyValue conforming to the +// "messaging.kafka.message.tombstone" semantic conventions. It represents a +// boolean that is true if the message is a tombstone. +func MessagingKafkaMessageTombstone(val bool) attribute.KeyValue { + return MessagingKafkaMessageTombstoneKey.Bool(val) +} + +// MessagingKafkaOffset returns an attribute KeyValue conforming to the +// "messaging.kafka.offset" semantic conventions. It represents the offset of a +// record in the corresponding Kafka partition. +func MessagingKafkaOffset(val int) attribute.KeyValue { + return MessagingKafkaOffsetKey.Int(val) +} + +// MessagingMessageBodySize returns an attribute KeyValue conforming to the +// "messaging.message.body.size" semantic conventions. It represents the size of +// the message body in bytes. +func MessagingMessageBodySize(val int) attribute.KeyValue { + return MessagingMessageBodySizeKey.Int(val) +} + +// MessagingMessageConversationID returns an attribute KeyValue conforming to the +// "messaging.message.conversation_id" semantic conventions. It represents the +// conversation ID identifying the conversation to which the message belongs, +// represented as a string. Sometimes called "Correlation ID". +func MessagingMessageConversationID(val string) attribute.KeyValue { + return MessagingMessageConversationIDKey.String(val) +} + +// MessagingMessageEnvelopeSize returns an attribute KeyValue conforming to the +// "messaging.message.envelope.size" semantic conventions. It represents the size +// of the message body and metadata in bytes. +func MessagingMessageEnvelopeSize(val int) attribute.KeyValue { + return MessagingMessageEnvelopeSizeKey.Int(val) +} + +// MessagingMessageID returns an attribute KeyValue conforming to the +// "messaging.message.id" semantic conventions. It represents a value used by the +// messaging system as an identifier for the message, represented as a string. +func MessagingMessageID(val string) attribute.KeyValue { + return MessagingMessageIDKey.String(val) +} + +// MessagingOperationName returns an attribute KeyValue conforming to the +// "messaging.operation.name" semantic conventions. It represents the +// system-specific name of the messaging operation. +func MessagingOperationName(val string) attribute.KeyValue { + return MessagingOperationNameKey.String(val) +} + +// MessagingRabbitMQDestinationRoutingKey returns an attribute KeyValue +// conforming to the "messaging.rabbitmq.destination.routing_key" semantic +// conventions. It represents the rabbitMQ message routing key. +func MessagingRabbitMQDestinationRoutingKey(val string) attribute.KeyValue { + return MessagingRabbitMQDestinationRoutingKeyKey.String(val) +} + +// MessagingRabbitMQMessageDeliveryTag returns an attribute KeyValue conforming +// to the "messaging.rabbitmq.message.delivery_tag" semantic conventions. It +// represents the rabbitMQ message delivery tag. +func MessagingRabbitMQMessageDeliveryTag(val int) attribute.KeyValue { + return MessagingRabbitMQMessageDeliveryTagKey.Int(val) +} + +// MessagingRocketMQMessageDelayTimeLevel returns an attribute KeyValue +// conforming to the "messaging.rocketmq.message.delay_time_level" semantic +// conventions. It represents the delay time level for delay message, which +// determines the message delay time. +func MessagingRocketMQMessageDelayTimeLevel(val int) attribute.KeyValue { + return MessagingRocketMQMessageDelayTimeLevelKey.Int(val) +} + +// MessagingRocketMQMessageDeliveryTimestamp returns an attribute KeyValue +// conforming to the "messaging.rocketmq.message.delivery_timestamp" semantic +// conventions. It represents the timestamp in milliseconds that the delay +// message is expected to be delivered to consumer. +func MessagingRocketMQMessageDeliveryTimestamp(val int) attribute.KeyValue { + return MessagingRocketMQMessageDeliveryTimestampKey.Int(val) +} + +// MessagingRocketMQMessageGroup returns an attribute KeyValue conforming to the +// "messaging.rocketmq.message.group" semantic conventions. It represents the it +// is essential for FIFO message. Messages that belong to the same message group +// are always processed one by one within the same consumer group. +func MessagingRocketMQMessageGroup(val string) attribute.KeyValue { + return MessagingRocketMQMessageGroupKey.String(val) +} + +// MessagingRocketMQMessageKeys returns an attribute KeyValue conforming to the +// "messaging.rocketmq.message.keys" semantic conventions. It represents the +// key(s) of message, another way to mark message besides message id. +func MessagingRocketMQMessageKeys(val ...string) attribute.KeyValue { + return MessagingRocketMQMessageKeysKey.StringSlice(val) +} + +// MessagingRocketMQMessageTag returns an attribute KeyValue conforming to the +// "messaging.rocketmq.message.tag" semantic conventions. It represents the +// secondary classifier of message besides topic. +func MessagingRocketMQMessageTag(val string) attribute.KeyValue { + return MessagingRocketMQMessageTagKey.String(val) +} + +// MessagingRocketMQNamespace returns an attribute KeyValue conforming to the +// "messaging.rocketmq.namespace" semantic conventions. It represents the +// namespace of RocketMQ resources, resources in different namespaces are +// individual. +func MessagingRocketMQNamespace(val string) attribute.KeyValue { + return MessagingRocketMQNamespaceKey.String(val) +} + +// MessagingServiceBusMessageDeliveryCount returns an attribute KeyValue +// conforming to the "messaging.servicebus.message.delivery_count" semantic +// conventions. It represents the number of deliveries that have been attempted +// for this message. +func MessagingServiceBusMessageDeliveryCount(val int) attribute.KeyValue { + return MessagingServiceBusMessageDeliveryCountKey.Int(val) +} + +// MessagingServiceBusMessageEnqueuedTime returns an attribute KeyValue +// conforming to the "messaging.servicebus.message.enqueued_time" semantic +// conventions. It represents the UTC epoch seconds at which the message has been +// accepted and stored in the entity. +func MessagingServiceBusMessageEnqueuedTime(val int) attribute.KeyValue { + return MessagingServiceBusMessageEnqueuedTimeKey.Int(val) +} + +// Enum values for messaging.operation.type +var ( + // A message is created. "Create" spans always refer to a single message and are + // used to provide a unique creation context for messages in batch sending + // scenarios. + // + // Stability: development + MessagingOperationTypeCreate = MessagingOperationTypeKey.String("create") + // One or more messages are provided for sending to an intermediary. If a single + // message is sent, the context of the "Send" span can be used as the creation + // context and no "Create" span needs to be created. + // + // Stability: development + MessagingOperationTypeSend = MessagingOperationTypeKey.String("send") + // One or more messages are requested by a consumer. This operation refers to + // pull-based scenarios, where consumers explicitly call methods of messaging + // SDKs to receive messages. + // + // Stability: development + MessagingOperationTypeReceive = MessagingOperationTypeKey.String("receive") + // One or more messages are processed by a consumer. + // + // Stability: development + MessagingOperationTypeProcess = MessagingOperationTypeKey.String("process") + // One or more messages are settled. + // + // Stability: development + MessagingOperationTypeSettle = MessagingOperationTypeKey.String("settle") +) + +// Enum values for messaging.rocketmq.consumption_model +var ( + // Clustering consumption model + // Stability: development + MessagingRocketMQConsumptionModelClustering = MessagingRocketMQConsumptionModelKey.String("clustering") + // Broadcasting consumption model + // Stability: development + MessagingRocketMQConsumptionModelBroadcasting = MessagingRocketMQConsumptionModelKey.String("broadcasting") +) + +// Enum values for messaging.rocketmq.message.type +var ( + // Normal message + // Stability: development + MessagingRocketMQMessageTypeNormal = MessagingRocketMQMessageTypeKey.String("normal") + // FIFO message + // Stability: development + MessagingRocketMQMessageTypeFifo = MessagingRocketMQMessageTypeKey.String("fifo") + // Delay message + // Stability: development + MessagingRocketMQMessageTypeDelay = MessagingRocketMQMessageTypeKey.String("delay") + // Transaction message + // Stability: development + MessagingRocketMQMessageTypeTransaction = MessagingRocketMQMessageTypeKey.String("transaction") +) + +// Enum values for messaging.servicebus.disposition_status +var ( + // Message is completed + // Stability: development + MessagingServiceBusDispositionStatusComplete = MessagingServiceBusDispositionStatusKey.String("complete") + // Message is abandoned + // Stability: development + MessagingServiceBusDispositionStatusAbandon = MessagingServiceBusDispositionStatusKey.String("abandon") + // Message is sent to dead letter queue + // Stability: development + MessagingServiceBusDispositionStatusDeadLetter = MessagingServiceBusDispositionStatusKey.String("dead_letter") + // Message is deferred + // Stability: development + MessagingServiceBusDispositionStatusDefer = MessagingServiceBusDispositionStatusKey.String("defer") +) + +// Enum values for messaging.system +var ( + // Apache ActiveMQ + // Stability: development + MessagingSystemActiveMQ = MessagingSystemKey.String("activemq") + // Amazon Simple Notification Service (SNS) + // Stability: development + MessagingSystemAWSSNS = MessagingSystemKey.String("aws.sns") + // Amazon Simple Queue Service (SQS) + // Stability: development + MessagingSystemAWSSQS = MessagingSystemKey.String("aws_sqs") + // Azure Event Grid + // Stability: development + MessagingSystemEventGrid = MessagingSystemKey.String("eventgrid") + // Azure Event Hubs + // Stability: development + MessagingSystemEventHubs = MessagingSystemKey.String("eventhubs") + // Azure Service Bus + // Stability: development + MessagingSystemServiceBus = MessagingSystemKey.String("servicebus") + // Google Cloud Pub/Sub + // Stability: development + MessagingSystemGCPPubSub = MessagingSystemKey.String("gcp_pubsub") + // Java Message Service + // Stability: development + MessagingSystemJMS = MessagingSystemKey.String("jms") + // Apache Kafka + // Stability: development + MessagingSystemKafka = MessagingSystemKey.String("kafka") + // RabbitMQ + // Stability: development + MessagingSystemRabbitMQ = MessagingSystemKey.String("rabbitmq") + // Apache RocketMQ + // Stability: development + MessagingSystemRocketMQ = MessagingSystemKey.String("rocketmq") + // Apache Pulsar + // Stability: development + MessagingSystemPulsar = MessagingSystemKey.String("pulsar") +) + +// Namespace: network +const ( + // NetworkCarrierICCKey is the attribute Key conforming to the + // "network.carrier.icc" semantic conventions. It represents the ISO 3166-1 + // alpha-2 2-character country code associated with the mobile carrier network. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: DE + NetworkCarrierICCKey = attribute.Key("network.carrier.icc") + + // NetworkCarrierMCCKey is the attribute Key conforming to the + // "network.carrier.mcc" semantic conventions. It represents the mobile carrier + // country code. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 310 + NetworkCarrierMCCKey = attribute.Key("network.carrier.mcc") + + // NetworkCarrierMNCKey is the attribute Key conforming to the + // "network.carrier.mnc" semantic conventions. It represents the mobile carrier + // network code. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 001 + NetworkCarrierMNCKey = attribute.Key("network.carrier.mnc") + + // NetworkCarrierNameKey is the attribute Key conforming to the + // "network.carrier.name" semantic conventions. It represents the name of the + // mobile carrier. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: sprint + NetworkCarrierNameKey = attribute.Key("network.carrier.name") + + // NetworkConnectionStateKey is the attribute Key conforming to the + // "network.connection.state" semantic conventions. It represents the state of + // network connection. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "close_wait" + // Note: Connection states are defined as part of the [rfc9293] + // + // [rfc9293]: https://datatracker.ietf.org/doc/html/rfc9293#section-3.3.2 + NetworkConnectionStateKey = attribute.Key("network.connection.state") + + // NetworkConnectionSubtypeKey is the attribute Key conforming to the + // "network.connection.subtype" semantic conventions. It represents the this + // describes more details regarding the connection.type. It may be the type of + // cell technology connection, but it could be used for describing details about + // a wifi connection. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: LTE + NetworkConnectionSubtypeKey = attribute.Key("network.connection.subtype") + + // NetworkConnectionTypeKey is the attribute Key conforming to the + // "network.connection.type" semantic conventions. It represents the internet + // connection type. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: wifi + NetworkConnectionTypeKey = attribute.Key("network.connection.type") + + // NetworkInterfaceNameKey is the attribute Key conforming to the + // "network.interface.name" semantic conventions. It represents the network + // interface name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "lo", "eth0" + NetworkInterfaceNameKey = attribute.Key("network.interface.name") + + // NetworkIODirectionKey is the attribute Key conforming to the + // "network.io.direction" semantic conventions. It represents the network IO + // operation direction. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "transmit" + NetworkIODirectionKey = attribute.Key("network.io.direction") + + // NetworkLocalAddressKey is the attribute Key conforming to the + // "network.local.address" semantic conventions. It represents the local address + // of the network connection - IP address or Unix domain socket name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "10.1.2.80", "/tmp/my.sock" + NetworkLocalAddressKey = attribute.Key("network.local.address") + + // NetworkLocalPortKey is the attribute Key conforming to the + // "network.local.port" semantic conventions. It represents the local port + // number of the network connection. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: 65123 + NetworkLocalPortKey = attribute.Key("network.local.port") + + // NetworkPeerAddressKey is the attribute Key conforming to the + // "network.peer.address" semantic conventions. It represents the peer address + // of the network connection - IP address or Unix domain socket name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "10.1.2.80", "/tmp/my.sock" + NetworkPeerAddressKey = attribute.Key("network.peer.address") + + // NetworkPeerPortKey is the attribute Key conforming to the "network.peer.port" + // semantic conventions. It represents the peer port number of the network + // connection. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: 65123 + NetworkPeerPortKey = attribute.Key("network.peer.port") + + // NetworkProtocolNameKey is the attribute Key conforming to the + // "network.protocol.name" semantic conventions. It represents the + // [OSI application layer] or non-OSI equivalent. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "amqp", "http", "mqtt" + // Note: The value SHOULD be normalized to lowercase. + // + // [OSI application layer]: https://wikipedia.org/wiki/Application_layer + NetworkProtocolNameKey = attribute.Key("network.protocol.name") + + // NetworkProtocolVersionKey is the attribute Key conforming to the + // "network.protocol.version" semantic conventions. It represents the actual + // version of the protocol used for network communication. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "1.1", "2" + // Note: If protocol version is subject to negotiation (for example using [ALPN] + // ), this attribute SHOULD be set to the negotiated version. If the actual + // protocol version is not known, this attribute SHOULD NOT be set. + // + // [ALPN]: https://www.rfc-editor.org/rfc/rfc7301.html + NetworkProtocolVersionKey = attribute.Key("network.protocol.version") + + // NetworkTransportKey is the attribute Key conforming to the + // "network.transport" semantic conventions. It represents the + // [OSI transport layer] or [inter-process communication method]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "tcp", "udp" + // Note: The value SHOULD be normalized to lowercase. + // + // Consider always setting the transport when setting a port number, since + // a port number is ambiguous without knowing the transport. For example + // different processes could be listening on TCP port 12345 and UDP port 12345. + // + // [OSI transport layer]: https://wikipedia.org/wiki/Transport_layer + // [inter-process communication method]: https://wikipedia.org/wiki/Inter-process_communication + NetworkTransportKey = attribute.Key("network.transport") + + // NetworkTypeKey is the attribute Key conforming to the "network.type" semantic + // conventions. It represents the [OSI network layer] or non-OSI equivalent. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "ipv4", "ipv6" + // Note: The value SHOULD be normalized to lowercase. + // + // [OSI network layer]: https://wikipedia.org/wiki/Network_layer + NetworkTypeKey = attribute.Key("network.type") +) + +// NetworkCarrierICC returns an attribute KeyValue conforming to the +// "network.carrier.icc" semantic conventions. It represents the ISO 3166-1 +// alpha-2 2-character country code associated with the mobile carrier network. +func NetworkCarrierICC(val string) attribute.KeyValue { + return NetworkCarrierICCKey.String(val) +} + +// NetworkCarrierMCC returns an attribute KeyValue conforming to the +// "network.carrier.mcc" semantic conventions. It represents the mobile carrier +// country code. +func NetworkCarrierMCC(val string) attribute.KeyValue { + return NetworkCarrierMCCKey.String(val) +} + +// NetworkCarrierMNC returns an attribute KeyValue conforming to the +// "network.carrier.mnc" semantic conventions. It represents the mobile carrier +// network code. +func NetworkCarrierMNC(val string) attribute.KeyValue { + return NetworkCarrierMNCKey.String(val) +} + +// NetworkCarrierName returns an attribute KeyValue conforming to the +// "network.carrier.name" semantic conventions. It represents the name of the +// mobile carrier. +func NetworkCarrierName(val string) attribute.KeyValue { + return NetworkCarrierNameKey.String(val) +} + +// NetworkInterfaceName returns an attribute KeyValue conforming to the +// "network.interface.name" semantic conventions. It represents the network +// interface name. +func NetworkInterfaceName(val string) attribute.KeyValue { + return NetworkInterfaceNameKey.String(val) +} + +// NetworkLocalAddress returns an attribute KeyValue conforming to the +// "network.local.address" semantic conventions. It represents the local address +// of the network connection - IP address or Unix domain socket name. +func NetworkLocalAddress(val string) attribute.KeyValue { + return NetworkLocalAddressKey.String(val) +} + +// NetworkLocalPort returns an attribute KeyValue conforming to the +// "network.local.port" semantic conventions. It represents the local port number +// of the network connection. +func NetworkLocalPort(val int) attribute.KeyValue { + return NetworkLocalPortKey.Int(val) +} + +// NetworkPeerAddress returns an attribute KeyValue conforming to the +// "network.peer.address" semantic conventions. It represents the peer address of +// the network connection - IP address or Unix domain socket name. +func NetworkPeerAddress(val string) attribute.KeyValue { + return NetworkPeerAddressKey.String(val) +} + +// NetworkPeerPort returns an attribute KeyValue conforming to the +// "network.peer.port" semantic conventions. It represents the peer port number +// of the network connection. +func NetworkPeerPort(val int) attribute.KeyValue { + return NetworkPeerPortKey.Int(val) +} + +// NetworkProtocolName returns an attribute KeyValue conforming to the +// "network.protocol.name" semantic conventions. It represents the +// [OSI application layer] or non-OSI equivalent. +// +// [OSI application layer]: https://wikipedia.org/wiki/Application_layer +func NetworkProtocolName(val string) attribute.KeyValue { + return NetworkProtocolNameKey.String(val) +} + +// NetworkProtocolVersion returns an attribute KeyValue conforming to the +// "network.protocol.version" semantic conventions. It represents the actual +// version of the protocol used for network communication. +func NetworkProtocolVersion(val string) attribute.KeyValue { + return NetworkProtocolVersionKey.String(val) +} + +// Enum values for network.connection.state +var ( + // closed + // Stability: development + NetworkConnectionStateClosed = NetworkConnectionStateKey.String("closed") + // close_wait + // Stability: development + NetworkConnectionStateCloseWait = NetworkConnectionStateKey.String("close_wait") + // closing + // Stability: development + NetworkConnectionStateClosing = NetworkConnectionStateKey.String("closing") + // established + // Stability: development + NetworkConnectionStateEstablished = NetworkConnectionStateKey.String("established") + // fin_wait_1 + // Stability: development + NetworkConnectionStateFinWait1 = NetworkConnectionStateKey.String("fin_wait_1") + // fin_wait_2 + // Stability: development + NetworkConnectionStateFinWait2 = NetworkConnectionStateKey.String("fin_wait_2") + // last_ack + // Stability: development + NetworkConnectionStateLastAck = NetworkConnectionStateKey.String("last_ack") + // listen + // Stability: development + NetworkConnectionStateListen = NetworkConnectionStateKey.String("listen") + // syn_received + // Stability: development + NetworkConnectionStateSynReceived = NetworkConnectionStateKey.String("syn_received") + // syn_sent + // Stability: development + NetworkConnectionStateSynSent = NetworkConnectionStateKey.String("syn_sent") + // time_wait + // Stability: development + NetworkConnectionStateTimeWait = NetworkConnectionStateKey.String("time_wait") +) + +// Enum values for network.connection.subtype +var ( + // GPRS + // Stability: development + NetworkConnectionSubtypeGprs = NetworkConnectionSubtypeKey.String("gprs") + // EDGE + // Stability: development + NetworkConnectionSubtypeEdge = NetworkConnectionSubtypeKey.String("edge") + // UMTS + // Stability: development + NetworkConnectionSubtypeUmts = NetworkConnectionSubtypeKey.String("umts") + // CDMA + // Stability: development + NetworkConnectionSubtypeCdma = NetworkConnectionSubtypeKey.String("cdma") + // EVDO Rel. 0 + // Stability: development + NetworkConnectionSubtypeEvdo0 = NetworkConnectionSubtypeKey.String("evdo_0") + // EVDO Rev. A + // Stability: development + NetworkConnectionSubtypeEvdoA = NetworkConnectionSubtypeKey.String("evdo_a") + // CDMA2000 1XRTT + // Stability: development + NetworkConnectionSubtypeCdma20001xrtt = NetworkConnectionSubtypeKey.String("cdma2000_1xrtt") + // HSDPA + // Stability: development + NetworkConnectionSubtypeHsdpa = NetworkConnectionSubtypeKey.String("hsdpa") + // HSUPA + // Stability: development + NetworkConnectionSubtypeHsupa = NetworkConnectionSubtypeKey.String("hsupa") + // HSPA + // Stability: development + NetworkConnectionSubtypeHspa = NetworkConnectionSubtypeKey.String("hspa") + // IDEN + // Stability: development + NetworkConnectionSubtypeIden = NetworkConnectionSubtypeKey.String("iden") + // EVDO Rev. B + // Stability: development + NetworkConnectionSubtypeEvdoB = NetworkConnectionSubtypeKey.String("evdo_b") + // LTE + // Stability: development + NetworkConnectionSubtypeLte = NetworkConnectionSubtypeKey.String("lte") + // EHRPD + // Stability: development + NetworkConnectionSubtypeEhrpd = NetworkConnectionSubtypeKey.String("ehrpd") + // HSPAP + // Stability: development + NetworkConnectionSubtypeHspap = NetworkConnectionSubtypeKey.String("hspap") + // GSM + // Stability: development + NetworkConnectionSubtypeGsm = NetworkConnectionSubtypeKey.String("gsm") + // TD-SCDMA + // Stability: development + NetworkConnectionSubtypeTdScdma = NetworkConnectionSubtypeKey.String("td_scdma") + // IWLAN + // Stability: development + NetworkConnectionSubtypeIwlan = NetworkConnectionSubtypeKey.String("iwlan") + // 5G NR (New Radio) + // Stability: development + NetworkConnectionSubtypeNr = NetworkConnectionSubtypeKey.String("nr") + // 5G NRNSA (New Radio Non-Standalone) + // Stability: development + NetworkConnectionSubtypeNrnsa = NetworkConnectionSubtypeKey.String("nrnsa") + // LTE CA + // Stability: development + NetworkConnectionSubtypeLteCa = NetworkConnectionSubtypeKey.String("lte_ca") +) + +// Enum values for network.connection.type +var ( + // wifi + // Stability: development + NetworkConnectionTypeWifi = NetworkConnectionTypeKey.String("wifi") + // wired + // Stability: development + NetworkConnectionTypeWired = NetworkConnectionTypeKey.String("wired") + // cell + // Stability: development + NetworkConnectionTypeCell = NetworkConnectionTypeKey.String("cell") + // unavailable + // Stability: development + NetworkConnectionTypeUnavailable = NetworkConnectionTypeKey.String("unavailable") + // unknown + // Stability: development + NetworkConnectionTypeUnknown = NetworkConnectionTypeKey.String("unknown") +) + +// Enum values for network.io.direction +var ( + // transmit + // Stability: development + NetworkIODirectionTransmit = NetworkIODirectionKey.String("transmit") + // receive + // Stability: development + NetworkIODirectionReceive = NetworkIODirectionKey.String("receive") +) + +// Enum values for network.transport +var ( + // TCP + // Stability: stable + NetworkTransportTCP = NetworkTransportKey.String("tcp") + // UDP + // Stability: stable + NetworkTransportUDP = NetworkTransportKey.String("udp") + // Named or anonymous pipe. + // Stability: stable + NetworkTransportPipe = NetworkTransportKey.String("pipe") + // Unix domain socket + // Stability: stable + NetworkTransportUnix = NetworkTransportKey.String("unix") + // QUIC + // Stability: stable + NetworkTransportQUIC = NetworkTransportKey.String("quic") +) + +// Enum values for network.type +var ( + // IPv4 + // Stability: stable + NetworkTypeIPv4 = NetworkTypeKey.String("ipv4") + // IPv6 + // Stability: stable + NetworkTypeIPv6 = NetworkTypeKey.String("ipv6") +) + +// Namespace: oci +const ( + // OCIManifestDigestKey is the attribute Key conforming to the + // "oci.manifest.digest" semantic conventions. It represents the digest of the + // OCI image manifest. For container images specifically is the digest by which + // the container image is known. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "sha256:e4ca62c0d62f3e886e684806dfe9d4e0cda60d54986898173c1083856cfda0f4" + // Note: Follows [OCI Image Manifest Specification], and specifically the + // [Digest property]. + // An example can be found in [Example Image Manifest]. + // + // [OCI Image Manifest Specification]: https://github.com/opencontainers/image-spec/blob/main/manifest.md + // [Digest property]: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests + // [Example Image Manifest]: https://github.com/opencontainers/image-spec/blob/main/manifest.md#example-image-manifest + OCIManifestDigestKey = attribute.Key("oci.manifest.digest") +) + +// OCIManifestDigest returns an attribute KeyValue conforming to the +// "oci.manifest.digest" semantic conventions. It represents the digest of the +// OCI image manifest. For container images specifically is the digest by which +// the container image is known. +func OCIManifestDigest(val string) attribute.KeyValue { + return OCIManifestDigestKey.String(val) +} + +// Namespace: openai +const ( + // OpenAIRequestServiceTierKey is the attribute Key conforming to the + // "openai.request.service_tier" semantic conventions. It represents the service + // tier requested. May be a specific tier, default, or auto. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "auto", "default" + OpenAIRequestServiceTierKey = attribute.Key("openai.request.service_tier") + + // OpenAIResponseServiceTierKey is the attribute Key conforming to the + // "openai.response.service_tier" semantic conventions. It represents the + // service tier used for the response. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "scale", "default" + OpenAIResponseServiceTierKey = attribute.Key("openai.response.service_tier") + + // OpenAIResponseSystemFingerprintKey is the attribute Key conforming to the + // "openai.response.system_fingerprint" semantic conventions. It represents a + // fingerprint to track any eventual change in the Generative AI environment. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "fp_44709d6fcb" + OpenAIResponseSystemFingerprintKey = attribute.Key("openai.response.system_fingerprint") +) + +// OpenAIResponseServiceTier returns an attribute KeyValue conforming to the +// "openai.response.service_tier" semantic conventions. It represents the service +// tier used for the response. +func OpenAIResponseServiceTier(val string) attribute.KeyValue { + return OpenAIResponseServiceTierKey.String(val) +} + +// OpenAIResponseSystemFingerprint returns an attribute KeyValue conforming to +// the "openai.response.system_fingerprint" semantic conventions. It represents a +// fingerprint to track any eventual change in the Generative AI environment. +func OpenAIResponseSystemFingerprint(val string) attribute.KeyValue { + return OpenAIResponseSystemFingerprintKey.String(val) +} + +// Enum values for openai.request.service_tier +var ( + // The system will utilize scale tier credits until they are exhausted. + // Stability: development + OpenAIRequestServiceTierAuto = OpenAIRequestServiceTierKey.String("auto") + // The system will utilize the default scale tier. + // Stability: development + OpenAIRequestServiceTierDefault = OpenAIRequestServiceTierKey.String("default") +) + +// Namespace: opentracing +const ( + // OpenTracingRefTypeKey is the attribute Key conforming to the + // "opentracing.ref_type" semantic conventions. It represents the parent-child + // Reference type. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: The causal relationship between a child Span and a parent Span. + OpenTracingRefTypeKey = attribute.Key("opentracing.ref_type") +) + +// Enum values for opentracing.ref_type +var ( + // The parent Span depends on the child Span in some capacity + // Stability: development + OpenTracingRefTypeChildOf = OpenTracingRefTypeKey.String("child_of") + // The parent Span doesn't depend in any way on the result of the child Span + // Stability: development + OpenTracingRefTypeFollowsFrom = OpenTracingRefTypeKey.String("follows_from") +) + +// Namespace: os +const ( + // OSBuildIDKey is the attribute Key conforming to the "os.build_id" semantic + // conventions. It represents the unique identifier for a particular build or + // compilation of the operating system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "TQ3C.230805.001.B2", "20E247", "22621" + OSBuildIDKey = attribute.Key("os.build_id") + + // OSDescriptionKey is the attribute Key conforming to the "os.description" + // semantic conventions. It represents the human readable (not intended to be + // parsed) OS version information, like e.g. reported by `ver` or + // `lsb_release -a` commands. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Microsoft Windows [Version 10.0.18363.778]", "Ubuntu 18.04.1 LTS" + OSDescriptionKey = attribute.Key("os.description") + + // OSNameKey is the attribute Key conforming to the "os.name" semantic + // conventions. It represents the human readable operating system name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "iOS", "Android", "Ubuntu" + OSNameKey = attribute.Key("os.name") + + // OSTypeKey is the attribute Key conforming to the "os.type" semantic + // conventions. It represents the operating system type. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + OSTypeKey = attribute.Key("os.type") + + // OSVersionKey is the attribute Key conforming to the "os.version" semantic + // conventions. It represents the version string of the operating system as + // defined in [Version Attributes]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "14.2.1", "18.04.1" + // + // [Version Attributes]: /docs/resource/README.md#version-attributes + OSVersionKey = attribute.Key("os.version") +) + +// OSBuildID returns an attribute KeyValue conforming to the "os.build_id" +// semantic conventions. It represents the unique identifier for a particular +// build or compilation of the operating system. +func OSBuildID(val string) attribute.KeyValue { + return OSBuildIDKey.String(val) +} + +// OSDescription returns an attribute KeyValue conforming to the "os.description" +// semantic conventions. It represents the human readable (not intended to be +// parsed) OS version information, like e.g. reported by `ver` or +// `lsb_release -a` commands. +func OSDescription(val string) attribute.KeyValue { + return OSDescriptionKey.String(val) +} + +// OSName returns an attribute KeyValue conforming to the "os.name" semantic +// conventions. It represents the human readable operating system name. +func OSName(val string) attribute.KeyValue { + return OSNameKey.String(val) +} + +// OSVersion returns an attribute KeyValue conforming to the "os.version" +// semantic conventions. It represents the version string of the operating system +// as defined in [Version Attributes]. +// +// [Version Attributes]: /docs/resource/README.md#version-attributes +func OSVersion(val string) attribute.KeyValue { + return OSVersionKey.String(val) +} + +// Enum values for os.type +var ( + // Microsoft Windows + // Stability: development + OSTypeWindows = OSTypeKey.String("windows") + // Linux + // Stability: development + OSTypeLinux = OSTypeKey.String("linux") + // Apple Darwin + // Stability: development + OSTypeDarwin = OSTypeKey.String("darwin") + // FreeBSD + // Stability: development + OSTypeFreeBSD = OSTypeKey.String("freebsd") + // NetBSD + // Stability: development + OSTypeNetBSD = OSTypeKey.String("netbsd") + // OpenBSD + // Stability: development + OSTypeOpenBSD = OSTypeKey.String("openbsd") + // DragonFly BSD + // Stability: development + OSTypeDragonflyBSD = OSTypeKey.String("dragonflybsd") + // HP-UX (Hewlett Packard Unix) + // Stability: development + OSTypeHPUX = OSTypeKey.String("hpux") + // AIX (Advanced Interactive eXecutive) + // Stability: development + OSTypeAIX = OSTypeKey.String("aix") + // SunOS, Oracle Solaris + // Stability: development + OSTypeSolaris = OSTypeKey.String("solaris") + // IBM z/OS + // Stability: development + OSTypeZOS = OSTypeKey.String("zos") +) + +// Namespace: otel +const ( + // OTelComponentNameKey is the attribute Key conforming to the + // "otel.component.name" semantic conventions. It represents a name uniquely + // identifying the instance of the OpenTelemetry component within its containing + // SDK instance. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "otlp_grpc_span_exporter/0", "custom-name" + // Note: Implementations SHOULD ensure a low cardinality for this attribute, + // even across application or SDK restarts. + // E.g. implementations MUST NOT use UUIDs as values for this attribute. + // + // Implementations MAY achieve these goals by following a + // `/` pattern, e.g. + // `batching_span_processor/0`. + // Hereby `otel.component.type` refers to the corresponding attribute value of + // the component. + // + // The value of `instance-counter` MAY be automatically assigned by the + // component and uniqueness within the enclosing SDK instance MUST be + // guaranteed. + // For example, `` MAY be implemented by using a monotonically + // increasing counter (starting with `0`), which is incremented every time an + // instance of the given component type is started. + // + // With this implementation, for example the first Batching Span Processor would + // have `batching_span_processor/0` + // as `otel.component.name`, the second one `batching_span_processor/1` and so + // on. + // These values will therefore be reused in the case of an application restart. + OTelComponentNameKey = attribute.Key("otel.component.name") + + // OTelComponentTypeKey is the attribute Key conforming to the + // "otel.component.type" semantic conventions. It represents a name identifying + // the type of the OpenTelemetry component. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "batching_span_processor", "com.example.MySpanExporter" + // Note: If none of the standardized values apply, implementations SHOULD use + // the language-defined name of the type. + // E.g. for Java the fully qualified classname SHOULD be used in this case. + OTelComponentTypeKey = attribute.Key("otel.component.type") + + // OTelScopeNameKey is the attribute Key conforming to the "otel.scope.name" + // semantic conventions. It represents the name of the instrumentation scope - ( + // `InstrumentationScope.Name` in OTLP). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "io.opentelemetry.contrib.mongodb" + OTelScopeNameKey = attribute.Key("otel.scope.name") + + // OTelScopeSchemaURLKey is the attribute Key conforming to the + // "otel.scope.schema_url" semantic conventions. It represents the schema URL of + // the instrumentation scope. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "https://opentelemetry.io/schemas/1.31.0" + OTelScopeSchemaURLKey = attribute.Key("otel.scope.schema_url") + + // OTelScopeVersionKey is the attribute Key conforming to the + // "otel.scope.version" semantic conventions. It represents the version of the + // instrumentation scope - (`InstrumentationScope.Version` in OTLP). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "1.0.0" + OTelScopeVersionKey = attribute.Key("otel.scope.version") + + // OTelSpanParentOriginKey is the attribute Key conforming to the + // "otel.span.parent.origin" semantic conventions. It represents the determines + // whether the span has a parent span, and if so, + // [whether it is a remote parent]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // + // [whether it is a remote parent]: https://opentelemetry.io/docs/specs/otel/trace/api/#isremote + OTelSpanParentOriginKey = attribute.Key("otel.span.parent.origin") + + // OTelSpanSamplingResultKey is the attribute Key conforming to the + // "otel.span.sampling_result" semantic conventions. It represents the result + // value of the sampler for this span. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + OTelSpanSamplingResultKey = attribute.Key("otel.span.sampling_result") + + // OTelStatusCodeKey is the attribute Key conforming to the "otel.status_code" + // semantic conventions. It represents the name of the code, either "OK" or + // "ERROR". MUST NOT be set if the status code is UNSET. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: + OTelStatusCodeKey = attribute.Key("otel.status_code") + + // OTelStatusDescriptionKey is the attribute Key conforming to the + // "otel.status_description" semantic conventions. It represents the description + // of the Status if it has a value, otherwise not set. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "resource not found" + OTelStatusDescriptionKey = attribute.Key("otel.status_description") +) + +// OTelComponentName returns an attribute KeyValue conforming to the +// "otel.component.name" semantic conventions. It represents a name uniquely +// identifying the instance of the OpenTelemetry component within its containing +// SDK instance. +func OTelComponentName(val string) attribute.KeyValue { + return OTelComponentNameKey.String(val) +} + +// OTelScopeName returns an attribute KeyValue conforming to the +// "otel.scope.name" semantic conventions. It represents the name of the +// instrumentation scope - (`InstrumentationScope.Name` in OTLP). +func OTelScopeName(val string) attribute.KeyValue { + return OTelScopeNameKey.String(val) +} + +// OTelScopeSchemaURL returns an attribute KeyValue conforming to the +// "otel.scope.schema_url" semantic conventions. It represents the schema URL of +// the instrumentation scope. +func OTelScopeSchemaURL(val string) attribute.KeyValue { + return OTelScopeSchemaURLKey.String(val) +} + +// OTelScopeVersion returns an attribute KeyValue conforming to the +// "otel.scope.version" semantic conventions. It represents the version of the +// instrumentation scope - (`InstrumentationScope.Version` in OTLP). +func OTelScopeVersion(val string) attribute.KeyValue { + return OTelScopeVersionKey.String(val) +} + +// OTelStatusDescription returns an attribute KeyValue conforming to the +// "otel.status_description" semantic conventions. It represents the description +// of the Status if it has a value, otherwise not set. +func OTelStatusDescription(val string) attribute.KeyValue { + return OTelStatusDescriptionKey.String(val) +} + +// Enum values for otel.component.type +var ( + // The builtin SDK batching span processor + // + // Stability: development + OTelComponentTypeBatchingSpanProcessor = OTelComponentTypeKey.String("batching_span_processor") + // The builtin SDK simple span processor + // + // Stability: development + OTelComponentTypeSimpleSpanProcessor = OTelComponentTypeKey.String("simple_span_processor") + // The builtin SDK batching log record processor + // + // Stability: development + OTelComponentTypeBatchingLogProcessor = OTelComponentTypeKey.String("batching_log_processor") + // The builtin SDK simple log record processor + // + // Stability: development + OTelComponentTypeSimpleLogProcessor = OTelComponentTypeKey.String("simple_log_processor") + // OTLP span exporter over gRPC with protobuf serialization + // + // Stability: development + OTelComponentTypeOtlpGRPCSpanExporter = OTelComponentTypeKey.String("otlp_grpc_span_exporter") + // OTLP span exporter over HTTP with protobuf serialization + // + // Stability: development + OTelComponentTypeOtlpHTTPSpanExporter = OTelComponentTypeKey.String("otlp_http_span_exporter") + // OTLP span exporter over HTTP with JSON serialization + // + // Stability: development + OTelComponentTypeOtlpHTTPJSONSpanExporter = OTelComponentTypeKey.String("otlp_http_json_span_exporter") + // Zipkin span exporter over HTTP + // + // Stability: development + OTelComponentTypeZipkinHTTPSpanExporter = OTelComponentTypeKey.String("zipkin_http_span_exporter") + // OTLP log record exporter over gRPC with protobuf serialization + // + // Stability: development + OTelComponentTypeOtlpGRPCLogExporter = OTelComponentTypeKey.String("otlp_grpc_log_exporter") + // OTLP log record exporter over HTTP with protobuf serialization + // + // Stability: development + OTelComponentTypeOtlpHTTPLogExporter = OTelComponentTypeKey.String("otlp_http_log_exporter") + // OTLP log record exporter over HTTP with JSON serialization + // + // Stability: development + OTelComponentTypeOtlpHTTPJSONLogExporter = OTelComponentTypeKey.String("otlp_http_json_log_exporter") + // The builtin SDK periodically exporting metric reader + // + // Stability: development + OTelComponentTypePeriodicMetricReader = OTelComponentTypeKey.String("periodic_metric_reader") + // OTLP metric exporter over gRPC with protobuf serialization + // + // Stability: development + OTelComponentTypeOtlpGRPCMetricExporter = OTelComponentTypeKey.String("otlp_grpc_metric_exporter") + // OTLP metric exporter over HTTP with protobuf serialization + // + // Stability: development + OTelComponentTypeOtlpHTTPMetricExporter = OTelComponentTypeKey.String("otlp_http_metric_exporter") + // OTLP metric exporter over HTTP with JSON serialization + // + // Stability: development + OTelComponentTypeOtlpHTTPJSONMetricExporter = OTelComponentTypeKey.String("otlp_http_json_metric_exporter") + // Prometheus metric exporter over HTTP with the default text-based format + // + // Stability: development + OTelComponentTypePrometheusHTTPTextMetricExporter = OTelComponentTypeKey.String("prometheus_http_text_metric_exporter") +) + +// Enum values for otel.span.parent.origin +var ( + // The span does not have a parent, it is a root span + // Stability: development + OTelSpanParentOriginNone = OTelSpanParentOriginKey.String("none") + // The span has a parent and the parent's span context [isRemote()] is false + // Stability: development + // + // [isRemote()]: https://opentelemetry.io/docs/specs/otel/trace/api/#isremote + OTelSpanParentOriginLocal = OTelSpanParentOriginKey.String("local") + // The span has a parent and the parent's span context [isRemote()] is true + // Stability: development + // + // [isRemote()]: https://opentelemetry.io/docs/specs/otel/trace/api/#isremote + OTelSpanParentOriginRemote = OTelSpanParentOriginKey.String("remote") +) + +// Enum values for otel.span.sampling_result +var ( + // The span is not sampled and not recording + // Stability: development + OTelSpanSamplingResultDrop = OTelSpanSamplingResultKey.String("DROP") + // The span is not sampled, but recording + // Stability: development + OTelSpanSamplingResultRecordOnly = OTelSpanSamplingResultKey.String("RECORD_ONLY") + // The span is sampled and recording + // Stability: development + OTelSpanSamplingResultRecordAndSample = OTelSpanSamplingResultKey.String("RECORD_AND_SAMPLE") +) + +// Enum values for otel.status_code +var ( + // The operation has been validated by an Application developer or Operator to + // have completed successfully. + // Stability: stable + OTelStatusCodeOk = OTelStatusCodeKey.String("OK") + // The operation contains an error. + // Stability: stable + OTelStatusCodeError = OTelStatusCodeKey.String("ERROR") +) + +// Namespace: peer +const ( + // PeerServiceKey is the attribute Key conforming to the "peer.service" semantic + // conventions. It represents the [`service.name`] of the remote service. SHOULD + // be equal to the actual `service.name` resource attribute of the remote + // service if any. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: AuthTokenCache + // + // [`service.name`]: /docs/resource/README.md#service + PeerServiceKey = attribute.Key("peer.service") +) + +// PeerService returns an attribute KeyValue conforming to the "peer.service" +// semantic conventions. It represents the [`service.name`] of the remote +// service. SHOULD be equal to the actual `service.name` resource attribute of +// the remote service if any. +// +// [`service.name`]: /docs/resource/README.md#service +func PeerService(val string) attribute.KeyValue { + return PeerServiceKey.String(val) +} + +// Namespace: process +const ( + // ProcessArgsCountKey is the attribute Key conforming to the + // "process.args_count" semantic conventions. It represents the length of the + // process.command_args array. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 4 + // Note: This field can be useful for querying or performing bucket analysis on + // how many arguments were provided to start a process. More arguments may be an + // indication of suspicious activity. + ProcessArgsCountKey = attribute.Key("process.args_count") + + // ProcessCommandKey is the attribute Key conforming to the "process.command" + // semantic conventions. It represents the command used to launch the process + // (i.e. the command name). On Linux based systems, can be set to the zeroth + // string in `proc/[pid]/cmdline`. On Windows, can be set to the first parameter + // extracted from `GetCommandLineW`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "cmd/otelcol" + ProcessCommandKey = attribute.Key("process.command") + + // ProcessCommandArgsKey is the attribute Key conforming to the + // "process.command_args" semantic conventions. It represents the all the + // command arguments (including the command/executable itself) as received by + // the process. On Linux-based systems (and some other Unixoid systems + // supporting procfs), can be set according to the list of null-delimited + // strings extracted from `proc/[pid]/cmdline`. For libc-based executables, this + // would be the full argv vector passed to `main`. SHOULD NOT be collected by + // default unless there is sanitization that excludes sensitive data. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "cmd/otecol", "--config=config.yaml" + ProcessCommandArgsKey = attribute.Key("process.command_args") + + // ProcessCommandLineKey is the attribute Key conforming to the + // "process.command_line" semantic conventions. It represents the full command + // used to launch the process as a single string representing the full command. + // On Windows, can be set to the result of `GetCommandLineW`. Do not set this if + // you have to assemble it just for monitoring; use `process.command_args` + // instead. SHOULD NOT be collected by default unless there is sanitization that + // excludes sensitive data. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "C:\cmd\otecol --config="my directory\config.yaml"" + ProcessCommandLineKey = attribute.Key("process.command_line") + + // ProcessContextSwitchTypeKey is the attribute Key conforming to the + // "process.context_switch_type" semantic conventions. It represents the + // specifies whether the context switches for this data point were voluntary or + // involuntary. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + ProcessContextSwitchTypeKey = attribute.Key("process.context_switch_type") + + // ProcessCreationTimeKey is the attribute Key conforming to the + // "process.creation.time" semantic conventions. It represents the date and time + // the process was created, in ISO 8601 format. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2023-11-21T09:25:34.853Z" + ProcessCreationTimeKey = attribute.Key("process.creation.time") + + // ProcessExecutableBuildIDGNUKey is the attribute Key conforming to the + // "process.executable.build_id.gnu" semantic conventions. It represents the GNU + // build ID as found in the `.note.gnu.build-id` ELF section (hex string). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "c89b11207f6479603b0d49bf291c092c2b719293" + ProcessExecutableBuildIDGNUKey = attribute.Key("process.executable.build_id.gnu") + + // ProcessExecutableBuildIDGoKey is the attribute Key conforming to the + // "process.executable.build_id.go" semantic conventions. It represents the Go + // build ID as retrieved by `go tool buildid `. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "foh3mEXu7BLZjsN9pOwG/kATcXlYVCDEFouRMQed_/WwRFB1hPo9LBkekthSPG/x8hMC8emW2cCjXD0_1aY" + ProcessExecutableBuildIDGoKey = attribute.Key("process.executable.build_id.go") + + // ProcessExecutableBuildIDHtlhashKey is the attribute Key conforming to the + // "process.executable.build_id.htlhash" semantic conventions. It represents the + // profiling specific build ID for executables. See the OTel specification for + // Profiles for more information. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "600DCAFE4A110000F2BF38C493F5FB92" + ProcessExecutableBuildIDHtlhashKey = attribute.Key("process.executable.build_id.htlhash") + + // ProcessExecutableNameKey is the attribute Key conforming to the + // "process.executable.name" semantic conventions. It represents the name of the + // process executable. On Linux based systems, this SHOULD be set to the base + // name of the target of `/proc/[pid]/exe`. On Windows, this SHOULD be set to + // the base name of `GetProcessImageFileNameW`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "otelcol" + ProcessExecutableNameKey = attribute.Key("process.executable.name") + + // ProcessExecutablePathKey is the attribute Key conforming to the + // "process.executable.path" semantic conventions. It represents the full path + // to the process executable. On Linux based systems, can be set to the target + // of `proc/[pid]/exe`. On Windows, can be set to the result of + // `GetProcessImageFileNameW`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/usr/bin/cmd/otelcol" + ProcessExecutablePathKey = attribute.Key("process.executable.path") + + // ProcessExitCodeKey is the attribute Key conforming to the "process.exit.code" + // semantic conventions. It represents the exit code of the process. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 127 + ProcessExitCodeKey = attribute.Key("process.exit.code") + + // ProcessExitTimeKey is the attribute Key conforming to the "process.exit.time" + // semantic conventions. It represents the date and time the process exited, in + // ISO 8601 format. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2023-11-21T09:26:12.315Z" + ProcessExitTimeKey = attribute.Key("process.exit.time") + + // ProcessGroupLeaderPIDKey is the attribute Key conforming to the + // "process.group_leader.pid" semantic conventions. It represents the PID of the + // process's group leader. This is also the process group ID (PGID) of the + // process. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 23 + ProcessGroupLeaderPIDKey = attribute.Key("process.group_leader.pid") + + // ProcessInteractiveKey is the attribute Key conforming to the + // "process.interactive" semantic conventions. It represents the whether the + // process is connected to an interactive shell. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + ProcessInteractiveKey = attribute.Key("process.interactive") + + // ProcessLinuxCgroupKey is the attribute Key conforming to the + // "process.linux.cgroup" semantic conventions. It represents the control group + // associated with the process. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1:name=systemd:/user.slice/user-1000.slice/session-3.scope", + // "0::/user.slice/user-1000.slice/user@1000.service/tmux-spawn-0267755b-4639-4a27-90ed-f19f88e53748.scope" + // Note: Control groups (cgroups) are a kernel feature used to organize and + // manage process resources. This attribute provides the path(s) to the + // cgroup(s) associated with the process, which should match the contents of the + // [/proc/[PID]/cgroup] file. + // + // [/proc/[PID]/cgroup]: https://man7.org/linux/man-pages/man7/cgroups.7.html + ProcessLinuxCgroupKey = attribute.Key("process.linux.cgroup") + + // ProcessOwnerKey is the attribute Key conforming to the "process.owner" + // semantic conventions. It represents the username of the user that owns the + // process. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "root" + ProcessOwnerKey = attribute.Key("process.owner") + + // ProcessPagingFaultTypeKey is the attribute Key conforming to the + // "process.paging.fault_type" semantic conventions. It represents the type of + // page fault for this data point. Type `major` is for major/hard page faults, + // and `minor` is for minor/soft page faults. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + ProcessPagingFaultTypeKey = attribute.Key("process.paging.fault_type") + + // ProcessParentPIDKey is the attribute Key conforming to the + // "process.parent_pid" semantic conventions. It represents the parent Process + // identifier (PPID). + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 111 + ProcessParentPIDKey = attribute.Key("process.parent_pid") + + // ProcessPIDKey is the attribute Key conforming to the "process.pid" semantic + // conventions. It represents the process identifier (PID). + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1234 + ProcessPIDKey = attribute.Key("process.pid") + + // ProcessRealUserIDKey is the attribute Key conforming to the + // "process.real_user.id" semantic conventions. It represents the real user ID + // (RUID) of the process. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1000 + ProcessRealUserIDKey = attribute.Key("process.real_user.id") + + // ProcessRealUserNameKey is the attribute Key conforming to the + // "process.real_user.name" semantic conventions. It represents the username of + // the real user of the process. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "operator" + ProcessRealUserNameKey = attribute.Key("process.real_user.name") + + // ProcessRuntimeDescriptionKey is the attribute Key conforming to the + // "process.runtime.description" semantic conventions. It represents an + // additional description about the runtime of the process, for example a + // specific vendor customization of the runtime environment. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0 + ProcessRuntimeDescriptionKey = attribute.Key("process.runtime.description") + + // ProcessRuntimeNameKey is the attribute Key conforming to the + // "process.runtime.name" semantic conventions. It represents the name of the + // runtime of this process. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "OpenJDK Runtime Environment" + ProcessRuntimeNameKey = attribute.Key("process.runtime.name") + + // ProcessRuntimeVersionKey is the attribute Key conforming to the + // "process.runtime.version" semantic conventions. It represents the version of + // the runtime of this process, as returned by the runtime without modification. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 14.0.2 + ProcessRuntimeVersionKey = attribute.Key("process.runtime.version") + + // ProcessSavedUserIDKey is the attribute Key conforming to the + // "process.saved_user.id" semantic conventions. It represents the saved user ID + // (SUID) of the process. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1002 + ProcessSavedUserIDKey = attribute.Key("process.saved_user.id") + + // ProcessSavedUserNameKey is the attribute Key conforming to the + // "process.saved_user.name" semantic conventions. It represents the username of + // the saved user. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "operator" + ProcessSavedUserNameKey = attribute.Key("process.saved_user.name") + + // ProcessSessionLeaderPIDKey is the attribute Key conforming to the + // "process.session_leader.pid" semantic conventions. It represents the PID of + // the process's session leader. This is also the session ID (SID) of the + // process. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 14 + ProcessSessionLeaderPIDKey = attribute.Key("process.session_leader.pid") + + // ProcessTitleKey is the attribute Key conforming to the "process.title" + // semantic conventions. It represents the process title (proctitle). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "cat /etc/hostname", "xfce4-session", "bash" + // Note: In many Unix-like systems, process title (proctitle), is the string + // that represents the name or command line of a running process, displayed by + // system monitoring tools like ps, top, and htop. + ProcessTitleKey = attribute.Key("process.title") + + // ProcessUserIDKey is the attribute Key conforming to the "process.user.id" + // semantic conventions. It represents the effective user ID (EUID) of the + // process. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1001 + ProcessUserIDKey = attribute.Key("process.user.id") + + // ProcessUserNameKey is the attribute Key conforming to the "process.user.name" + // semantic conventions. It represents the username of the effective user of the + // process. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "root" + ProcessUserNameKey = attribute.Key("process.user.name") + + // ProcessVpidKey is the attribute Key conforming to the "process.vpid" semantic + // conventions. It represents the virtual process identifier. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 12 + // Note: The process ID within a PID namespace. This is not necessarily unique + // across all processes on the host but it is unique within the process + // namespace that the process exists within. + ProcessVpidKey = attribute.Key("process.vpid") + + // ProcessWorkingDirectoryKey is the attribute Key conforming to the + // "process.working_directory" semantic conventions. It represents the working + // directory of the process. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/root" + ProcessWorkingDirectoryKey = attribute.Key("process.working_directory") +) + +// ProcessArgsCount returns an attribute KeyValue conforming to the +// "process.args_count" semantic conventions. It represents the length of the +// process.command_args array. +func ProcessArgsCount(val int) attribute.KeyValue { + return ProcessArgsCountKey.Int(val) +} + +// ProcessCommand returns an attribute KeyValue conforming to the +// "process.command" semantic conventions. It represents the command used to +// launch the process (i.e. the command name). On Linux based systems, can be set +// to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to the +// first parameter extracted from `GetCommandLineW`. +func ProcessCommand(val string) attribute.KeyValue { + return ProcessCommandKey.String(val) +} + +// ProcessCommandArgs returns an attribute KeyValue conforming to the +// "process.command_args" semantic conventions. It represents the all the command +// arguments (including the command/executable itself) as received by the +// process. On Linux-based systems (and some other Unixoid systems supporting +// procfs), can be set according to the list of null-delimited strings extracted +// from `proc/[pid]/cmdline`. For libc-based executables, this would be the full +// argv vector passed to `main`. SHOULD NOT be collected by default unless there +// is sanitization that excludes sensitive data. +func ProcessCommandArgs(val ...string) attribute.KeyValue { + return ProcessCommandArgsKey.StringSlice(val) +} + +// ProcessCommandLine returns an attribute KeyValue conforming to the +// "process.command_line" semantic conventions. It represents the full command +// used to launch the process as a single string representing the full command. +// On Windows, can be set to the result of `GetCommandLineW`. Do not set this if +// you have to assemble it just for monitoring; use `process.command_args` +// instead. SHOULD NOT be collected by default unless there is sanitization that +// excludes sensitive data. +func ProcessCommandLine(val string) attribute.KeyValue { + return ProcessCommandLineKey.String(val) +} + +// ProcessCreationTime returns an attribute KeyValue conforming to the +// "process.creation.time" semantic conventions. It represents the date and time +// the process was created, in ISO 8601 format. +func ProcessCreationTime(val string) attribute.KeyValue { + return ProcessCreationTimeKey.String(val) +} + +// ProcessEnvironmentVariable returns an attribute KeyValue conforming to the +// "process.environment_variable" semantic conventions. It represents the process +// environment variables, `` being the environment variable name, the value +// being the environment variable value. +func ProcessEnvironmentVariable(key string, val string) attribute.KeyValue { + return attribute.String("process.environment_variable."+key, val) +} + +// ProcessExecutableBuildIDGNU returns an attribute KeyValue conforming to the +// "process.executable.build_id.gnu" semantic conventions. It represents the GNU +// build ID as found in the `.note.gnu.build-id` ELF section (hex string). +func ProcessExecutableBuildIDGNU(val string) attribute.KeyValue { + return ProcessExecutableBuildIDGNUKey.String(val) +} + +// ProcessExecutableBuildIDGo returns an attribute KeyValue conforming to the +// "process.executable.build_id.go" semantic conventions. It represents the Go +// build ID as retrieved by `go tool buildid `. +func ProcessExecutableBuildIDGo(val string) attribute.KeyValue { + return ProcessExecutableBuildIDGoKey.String(val) +} + +// ProcessExecutableBuildIDHtlhash returns an attribute KeyValue conforming to +// the "process.executable.build_id.htlhash" semantic conventions. It represents +// the profiling specific build ID for executables. See the OTel specification +// for Profiles for more information. +func ProcessExecutableBuildIDHtlhash(val string) attribute.KeyValue { + return ProcessExecutableBuildIDHtlhashKey.String(val) +} + +// ProcessExecutableName returns an attribute KeyValue conforming to the +// "process.executable.name" semantic conventions. It represents the name of the +// process executable. On Linux based systems, this SHOULD be set to the base +// name of the target of `/proc/[pid]/exe`. On Windows, this SHOULD be set to the +// base name of `GetProcessImageFileNameW`. +func ProcessExecutableName(val string) attribute.KeyValue { + return ProcessExecutableNameKey.String(val) +} + +// ProcessExecutablePath returns an attribute KeyValue conforming to the +// "process.executable.path" semantic conventions. It represents the full path to +// the process executable. On Linux based systems, can be set to the target of +// `proc/[pid]/exe`. On Windows, can be set to the result of +// `GetProcessImageFileNameW`. +func ProcessExecutablePath(val string) attribute.KeyValue { + return ProcessExecutablePathKey.String(val) +} + +// ProcessExitCode returns an attribute KeyValue conforming to the +// "process.exit.code" semantic conventions. It represents the exit code of the +// process. +func ProcessExitCode(val int) attribute.KeyValue { + return ProcessExitCodeKey.Int(val) +} + +// ProcessExitTime returns an attribute KeyValue conforming to the +// "process.exit.time" semantic conventions. It represents the date and time the +// process exited, in ISO 8601 format. +func ProcessExitTime(val string) attribute.KeyValue { + return ProcessExitTimeKey.String(val) +} + +// ProcessGroupLeaderPID returns an attribute KeyValue conforming to the +// "process.group_leader.pid" semantic conventions. It represents the PID of the +// process's group leader. This is also the process group ID (PGID) of the +// process. +func ProcessGroupLeaderPID(val int) attribute.KeyValue { + return ProcessGroupLeaderPIDKey.Int(val) +} + +// ProcessInteractive returns an attribute KeyValue conforming to the +// "process.interactive" semantic conventions. It represents the whether the +// process is connected to an interactive shell. +func ProcessInteractive(val bool) attribute.KeyValue { + return ProcessInteractiveKey.Bool(val) +} + +// ProcessLinuxCgroup returns an attribute KeyValue conforming to the +// "process.linux.cgroup" semantic conventions. It represents the control group +// associated with the process. +func ProcessLinuxCgroup(val string) attribute.KeyValue { + return ProcessLinuxCgroupKey.String(val) +} + +// ProcessOwner returns an attribute KeyValue conforming to the "process.owner" +// semantic conventions. It represents the username of the user that owns the +// process. +func ProcessOwner(val string) attribute.KeyValue { + return ProcessOwnerKey.String(val) +} + +// ProcessParentPID returns an attribute KeyValue conforming to the +// "process.parent_pid" semantic conventions. It represents the parent Process +// identifier (PPID). +func ProcessParentPID(val int) attribute.KeyValue { + return ProcessParentPIDKey.Int(val) +} + +// ProcessPID returns an attribute KeyValue conforming to the "process.pid" +// semantic conventions. It represents the process identifier (PID). +func ProcessPID(val int) attribute.KeyValue { + return ProcessPIDKey.Int(val) +} + +// ProcessRealUserID returns an attribute KeyValue conforming to the +// "process.real_user.id" semantic conventions. It represents the real user ID +// (RUID) of the process. +func ProcessRealUserID(val int) attribute.KeyValue { + return ProcessRealUserIDKey.Int(val) +} + +// ProcessRealUserName returns an attribute KeyValue conforming to the +// "process.real_user.name" semantic conventions. It represents the username of +// the real user of the process. +func ProcessRealUserName(val string) attribute.KeyValue { + return ProcessRealUserNameKey.String(val) +} + +// ProcessRuntimeDescription returns an attribute KeyValue conforming to the +// "process.runtime.description" semantic conventions. It represents an +// additional description about the runtime of the process, for example a +// specific vendor customization of the runtime environment. +func ProcessRuntimeDescription(val string) attribute.KeyValue { + return ProcessRuntimeDescriptionKey.String(val) +} + +// ProcessRuntimeName returns an attribute KeyValue conforming to the +// "process.runtime.name" semantic conventions. It represents the name of the +// runtime of this process. +func ProcessRuntimeName(val string) attribute.KeyValue { + return ProcessRuntimeNameKey.String(val) +} + +// ProcessRuntimeVersion returns an attribute KeyValue conforming to the +// "process.runtime.version" semantic conventions. It represents the version of +// the runtime of this process, as returned by the runtime without modification. +func ProcessRuntimeVersion(val string) attribute.KeyValue { + return ProcessRuntimeVersionKey.String(val) +} + +// ProcessSavedUserID returns an attribute KeyValue conforming to the +// "process.saved_user.id" semantic conventions. It represents the saved user ID +// (SUID) of the process. +func ProcessSavedUserID(val int) attribute.KeyValue { + return ProcessSavedUserIDKey.Int(val) +} + +// ProcessSavedUserName returns an attribute KeyValue conforming to the +// "process.saved_user.name" semantic conventions. It represents the username of +// the saved user. +func ProcessSavedUserName(val string) attribute.KeyValue { + return ProcessSavedUserNameKey.String(val) +} + +// ProcessSessionLeaderPID returns an attribute KeyValue conforming to the +// "process.session_leader.pid" semantic conventions. It represents the PID of +// the process's session leader. This is also the session ID (SID) of the +// process. +func ProcessSessionLeaderPID(val int) attribute.KeyValue { + return ProcessSessionLeaderPIDKey.Int(val) +} + +// ProcessTitle returns an attribute KeyValue conforming to the "process.title" +// semantic conventions. It represents the process title (proctitle). +func ProcessTitle(val string) attribute.KeyValue { + return ProcessTitleKey.String(val) +} + +// ProcessUserID returns an attribute KeyValue conforming to the +// "process.user.id" semantic conventions. It represents the effective user ID +// (EUID) of the process. +func ProcessUserID(val int) attribute.KeyValue { + return ProcessUserIDKey.Int(val) +} + +// ProcessUserName returns an attribute KeyValue conforming to the +// "process.user.name" semantic conventions. It represents the username of the +// effective user of the process. +func ProcessUserName(val string) attribute.KeyValue { + return ProcessUserNameKey.String(val) +} + +// ProcessVpid returns an attribute KeyValue conforming to the "process.vpid" +// semantic conventions. It represents the virtual process identifier. +func ProcessVpid(val int) attribute.KeyValue { + return ProcessVpidKey.Int(val) +} + +// ProcessWorkingDirectory returns an attribute KeyValue conforming to the +// "process.working_directory" semantic conventions. It represents the working +// directory of the process. +func ProcessWorkingDirectory(val string) attribute.KeyValue { + return ProcessWorkingDirectoryKey.String(val) +} + +// Enum values for process.context_switch_type +var ( + // voluntary + // Stability: development + ProcessContextSwitchTypeVoluntary = ProcessContextSwitchTypeKey.String("voluntary") + // involuntary + // Stability: development + ProcessContextSwitchTypeInvoluntary = ProcessContextSwitchTypeKey.String("involuntary") +) + +// Enum values for process.paging.fault_type +var ( + // major + // Stability: development + ProcessPagingFaultTypeMajor = ProcessPagingFaultTypeKey.String("major") + // minor + // Stability: development + ProcessPagingFaultTypeMinor = ProcessPagingFaultTypeKey.String("minor") +) + +// Namespace: profile +const ( + // ProfileFrameTypeKey is the attribute Key conforming to the + // "profile.frame.type" semantic conventions. It represents the describes the + // interpreter or compiler of a single frame. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "cpython" + ProfileFrameTypeKey = attribute.Key("profile.frame.type") +) + +// Enum values for profile.frame.type +var ( + // [.NET] + // + // Stability: development + // + // [.NET]: https://wikipedia.org/wiki/.NET + ProfileFrameTypeDotnet = ProfileFrameTypeKey.String("dotnet") + // [JVM] + // + // Stability: development + // + // [JVM]: https://wikipedia.org/wiki/Java_virtual_machine + ProfileFrameTypeJVM = ProfileFrameTypeKey.String("jvm") + // [Kernel] + // + // Stability: development + // + // [Kernel]: https://wikipedia.org/wiki/Kernel_(operating_system) + ProfileFrameTypeKernel = ProfileFrameTypeKey.String("kernel") + // Can be one of but not limited to [C], [C++], [Go] or [Rust]. If possible, a + // more precise value MUST be used. + // + // Stability: development + // + // [C]: https://wikipedia.org/wiki/C_(programming_language) + // [C++]: https://wikipedia.org/wiki/C%2B%2B + // [Go]: https://wikipedia.org/wiki/Go_(programming_language) + // [Rust]: https://wikipedia.org/wiki/Rust_(programming_language) + ProfileFrameTypeNative = ProfileFrameTypeKey.String("native") + // [Perl] + // + // Stability: development + // + // [Perl]: https://wikipedia.org/wiki/Perl + ProfileFrameTypePerl = ProfileFrameTypeKey.String("perl") + // [PHP] + // + // Stability: development + // + // [PHP]: https://wikipedia.org/wiki/PHP + ProfileFrameTypePHP = ProfileFrameTypeKey.String("php") + // [Python] + // + // Stability: development + // + // [Python]: https://wikipedia.org/wiki/Python_(programming_language) + ProfileFrameTypeCpython = ProfileFrameTypeKey.String("cpython") + // [Ruby] + // + // Stability: development + // + // [Ruby]: https://wikipedia.org/wiki/Ruby_(programming_language) + ProfileFrameTypeRuby = ProfileFrameTypeKey.String("ruby") + // [V8JS] + // + // Stability: development + // + // [V8JS]: https://wikipedia.org/wiki/V8_(JavaScript_engine) + ProfileFrameTypeV8JS = ProfileFrameTypeKey.String("v8js") + // [Erlang] + // + // Stability: development + // + // [Erlang]: https://en.wikipedia.org/wiki/BEAM_(Erlang_virtual_machine) + ProfileFrameTypeBeam = ProfileFrameTypeKey.String("beam") + // [Go], + // + // Stability: development + // + // [Go]: https://wikipedia.org/wiki/Go_(programming_language) + ProfileFrameTypeGo = ProfileFrameTypeKey.String("go") + // [Rust] + // + // Stability: development + // + // [Rust]: https://wikipedia.org/wiki/Rust_(programming_language) + ProfileFrameTypeRust = ProfileFrameTypeKey.String("rust") +) + +// Namespace: rpc +const ( + // RPCConnectRPCErrorCodeKey is the attribute Key conforming to the + // "rpc.connect_rpc.error_code" semantic conventions. It represents the + // [error codes] of the Connect request. Error codes are always string values. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // + // [error codes]: https://connectrpc.com//docs/protocol/#error-codes + RPCConnectRPCErrorCodeKey = attribute.Key("rpc.connect_rpc.error_code") + + // RPCGRPCStatusCodeKey is the attribute Key conforming to the + // "rpc.grpc.status_code" semantic conventions. It represents the + // [numeric status code] of the gRPC request. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // + // [numeric status code]: https://github.com/grpc/grpc/blob/v1.33.2/doc/statuscodes.md + RPCGRPCStatusCodeKey = attribute.Key("rpc.grpc.status_code") + + // RPCJSONRPCErrorCodeKey is the attribute Key conforming to the + // "rpc.jsonrpc.error_code" semantic conventions. It represents the `error.code` + // property of response if it is an error response. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: -32700, 100 + RPCJSONRPCErrorCodeKey = attribute.Key("rpc.jsonrpc.error_code") + + // RPCJSONRPCErrorMessageKey is the attribute Key conforming to the + // "rpc.jsonrpc.error_message" semantic conventions. It represents the + // `error.message` property of response if it is an error response. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Parse error", "User already exists" + RPCJSONRPCErrorMessageKey = attribute.Key("rpc.jsonrpc.error_message") + + // RPCJSONRPCRequestIDKey is the attribute Key conforming to the + // "rpc.jsonrpc.request_id" semantic conventions. It represents the `id` + // property of request or response. Since protocol allows id to be int, string, + // `null` or missing (for notifications), value is expected to be cast to string + // for simplicity. Use empty string in case of `null` value. Omit entirely if + // this is a notification. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "10", "request-7", "" + RPCJSONRPCRequestIDKey = attribute.Key("rpc.jsonrpc.request_id") + + // RPCJSONRPCVersionKey is the attribute Key conforming to the + // "rpc.jsonrpc.version" semantic conventions. It represents the protocol + // version as in `jsonrpc` property of request/response. Since JSON-RPC 1.0 + // doesn't specify this, the value can be omitted. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2.0", "1.0" + RPCJSONRPCVersionKey = attribute.Key("rpc.jsonrpc.version") + + // RPCMessageCompressedSizeKey is the attribute Key conforming to the + // "rpc.message.compressed_size" semantic conventions. It represents the + // compressed size of the message in bytes. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + RPCMessageCompressedSizeKey = attribute.Key("rpc.message.compressed_size") + + // RPCMessageIDKey is the attribute Key conforming to the "rpc.message.id" + // semantic conventions. It MUST be calculated as two different counters + // starting from `1` one for sent messages and one for received message.. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: This way we guarantee that the values will be consistent between + // different implementations. + RPCMessageIDKey = attribute.Key("rpc.message.id") + + // RPCMessageTypeKey is the attribute Key conforming to the "rpc.message.type" + // semantic conventions. It represents the whether this is a received or sent + // message. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + RPCMessageTypeKey = attribute.Key("rpc.message.type") + + // RPCMessageUncompressedSizeKey is the attribute Key conforming to the + // "rpc.message.uncompressed_size" semantic conventions. It represents the + // uncompressed size of the message in bytes. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + RPCMessageUncompressedSizeKey = attribute.Key("rpc.message.uncompressed_size") + + // RPCMethodKey is the attribute Key conforming to the "rpc.method" semantic + // conventions. It represents the name of the (logical) method being called, + // must be equal to the $method part in the span name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: exampleMethod + // Note: This is the logical name of the method from the RPC interface + // perspective, which can be different from the name of any implementing + // method/function. The `code.function.name` attribute may be used to store the + // latter (e.g., method actually executing the call on the server side, RPC + // client stub method on the client side). + RPCMethodKey = attribute.Key("rpc.method") + + // RPCServiceKey is the attribute Key conforming to the "rpc.service" semantic + // conventions. It represents the full (logical) name of the service being + // called, including its package name, if applicable. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: myservice.EchoService + // Note: This is the logical name of the service from the RPC interface + // perspective, which can be different from the name of any implementing class. + // The `code.namespace` attribute may be used to store the latter (despite the + // attribute name, it may include a class name; e.g., class with method actually + // executing the call on the server side, RPC client stub class on the client + // side). + RPCServiceKey = attribute.Key("rpc.service") + + // RPCSystemKey is the attribute Key conforming to the "rpc.system" semantic + // conventions. It represents a string identifying the remoting system. See + // below for a list of well-known identifiers. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + RPCSystemKey = attribute.Key("rpc.system") +) + +// RPCConnectRPCRequestMetadata returns an attribute KeyValue conforming to the +// "rpc.connect_rpc.request.metadata" semantic conventions. It represents the +// connect request metadata, `` being the normalized Connect Metadata key +// (lowercase), the value being the metadata values. +func RPCConnectRPCRequestMetadata(key string, val ...string) attribute.KeyValue { + return attribute.StringSlice("rpc.connect_rpc.request.metadata."+key, val) +} + +// RPCConnectRPCResponseMetadata returns an attribute KeyValue conforming to the +// "rpc.connect_rpc.response.metadata" semantic conventions. It represents the +// connect response metadata, `` being the normalized Connect Metadata key +// (lowercase), the value being the metadata values. +func RPCConnectRPCResponseMetadata(key string, val ...string) attribute.KeyValue { + return attribute.StringSlice("rpc.connect_rpc.response.metadata."+key, val) +} + +// RPCGRPCRequestMetadata returns an attribute KeyValue conforming to the +// "rpc.grpc.request.metadata" semantic conventions. It represents the gRPC +// request metadata, `` being the normalized gRPC Metadata key (lowercase), +// the value being the metadata values. +func RPCGRPCRequestMetadata(key string, val ...string) attribute.KeyValue { + return attribute.StringSlice("rpc.grpc.request.metadata."+key, val) +} + +// RPCGRPCResponseMetadata returns an attribute KeyValue conforming to the +// "rpc.grpc.response.metadata" semantic conventions. It represents the gRPC +// response metadata, `` being the normalized gRPC Metadata key (lowercase), +// the value being the metadata values. +func RPCGRPCResponseMetadata(key string, val ...string) attribute.KeyValue { + return attribute.StringSlice("rpc.grpc.response.metadata."+key, val) +} + +// RPCJSONRPCErrorCode returns an attribute KeyValue conforming to the +// "rpc.jsonrpc.error_code" semantic conventions. It represents the `error.code` +// property of response if it is an error response. +func RPCJSONRPCErrorCode(val int) attribute.KeyValue { + return RPCJSONRPCErrorCodeKey.Int(val) +} + +// RPCJSONRPCErrorMessage returns an attribute KeyValue conforming to the +// "rpc.jsonrpc.error_message" semantic conventions. It represents the +// `error.message` property of response if it is an error response. +func RPCJSONRPCErrorMessage(val string) attribute.KeyValue { + return RPCJSONRPCErrorMessageKey.String(val) +} + +// RPCJSONRPCRequestID returns an attribute KeyValue conforming to the +// "rpc.jsonrpc.request_id" semantic conventions. It represents the `id` property +// of request or response. Since protocol allows id to be int, string, `null` or +// missing (for notifications), value is expected to be cast to string for +// simplicity. Use empty string in case of `null` value. Omit entirely if this is +// a notification. +func RPCJSONRPCRequestID(val string) attribute.KeyValue { + return RPCJSONRPCRequestIDKey.String(val) +} + +// RPCJSONRPCVersion returns an attribute KeyValue conforming to the +// "rpc.jsonrpc.version" semantic conventions. It represents the protocol version +// as in `jsonrpc` property of request/response. Since JSON-RPC 1.0 doesn't +// specify this, the value can be omitted. +func RPCJSONRPCVersion(val string) attribute.KeyValue { + return RPCJSONRPCVersionKey.String(val) +} + +// RPCMessageCompressedSize returns an attribute KeyValue conforming to the +// "rpc.message.compressed_size" semantic conventions. It represents the +// compressed size of the message in bytes. +func RPCMessageCompressedSize(val int) attribute.KeyValue { + return RPCMessageCompressedSizeKey.Int(val) +} + +// RPCMessageID returns an attribute KeyValue conforming to the "rpc.message.id" +// semantic conventions. It MUST be calculated as two different counters starting +// from `1` one for sent messages and one for received message.. +func RPCMessageID(val int) attribute.KeyValue { + return RPCMessageIDKey.Int(val) +} + +// RPCMessageUncompressedSize returns an attribute KeyValue conforming to the +// "rpc.message.uncompressed_size" semantic conventions. It represents the +// uncompressed size of the message in bytes. +func RPCMessageUncompressedSize(val int) attribute.KeyValue { + return RPCMessageUncompressedSizeKey.Int(val) +} + +// RPCMethod returns an attribute KeyValue conforming to the "rpc.method" +// semantic conventions. It represents the name of the (logical) method being +// called, must be equal to the $method part in the span name. +func RPCMethod(val string) attribute.KeyValue { + return RPCMethodKey.String(val) +} + +// RPCService returns an attribute KeyValue conforming to the "rpc.service" +// semantic conventions. It represents the full (logical) name of the service +// being called, including its package name, if applicable. +func RPCService(val string) attribute.KeyValue { + return RPCServiceKey.String(val) +} + +// Enum values for rpc.connect_rpc.error_code +var ( + // cancelled + // Stability: development + RPCConnectRPCErrorCodeCancelled = RPCConnectRPCErrorCodeKey.String("cancelled") + // unknown + // Stability: development + RPCConnectRPCErrorCodeUnknown = RPCConnectRPCErrorCodeKey.String("unknown") + // invalid_argument + // Stability: development + RPCConnectRPCErrorCodeInvalidArgument = RPCConnectRPCErrorCodeKey.String("invalid_argument") + // deadline_exceeded + // Stability: development + RPCConnectRPCErrorCodeDeadlineExceeded = RPCConnectRPCErrorCodeKey.String("deadline_exceeded") + // not_found + // Stability: development + RPCConnectRPCErrorCodeNotFound = RPCConnectRPCErrorCodeKey.String("not_found") + // already_exists + // Stability: development + RPCConnectRPCErrorCodeAlreadyExists = RPCConnectRPCErrorCodeKey.String("already_exists") + // permission_denied + // Stability: development + RPCConnectRPCErrorCodePermissionDenied = RPCConnectRPCErrorCodeKey.String("permission_denied") + // resource_exhausted + // Stability: development + RPCConnectRPCErrorCodeResourceExhausted = RPCConnectRPCErrorCodeKey.String("resource_exhausted") + // failed_precondition + // Stability: development + RPCConnectRPCErrorCodeFailedPrecondition = RPCConnectRPCErrorCodeKey.String("failed_precondition") + // aborted + // Stability: development + RPCConnectRPCErrorCodeAborted = RPCConnectRPCErrorCodeKey.String("aborted") + // out_of_range + // Stability: development + RPCConnectRPCErrorCodeOutOfRange = RPCConnectRPCErrorCodeKey.String("out_of_range") + // unimplemented + // Stability: development + RPCConnectRPCErrorCodeUnimplemented = RPCConnectRPCErrorCodeKey.String("unimplemented") + // internal + // Stability: development + RPCConnectRPCErrorCodeInternal = RPCConnectRPCErrorCodeKey.String("internal") + // unavailable + // Stability: development + RPCConnectRPCErrorCodeUnavailable = RPCConnectRPCErrorCodeKey.String("unavailable") + // data_loss + // Stability: development + RPCConnectRPCErrorCodeDataLoss = RPCConnectRPCErrorCodeKey.String("data_loss") + // unauthenticated + // Stability: development + RPCConnectRPCErrorCodeUnauthenticated = RPCConnectRPCErrorCodeKey.String("unauthenticated") +) + +// Enum values for rpc.grpc.status_code +var ( + // OK + // Stability: development + RPCGRPCStatusCodeOk = RPCGRPCStatusCodeKey.Int(0) + // CANCELLED + // Stability: development + RPCGRPCStatusCodeCancelled = RPCGRPCStatusCodeKey.Int(1) + // UNKNOWN + // Stability: development + RPCGRPCStatusCodeUnknown = RPCGRPCStatusCodeKey.Int(2) + // INVALID_ARGUMENT + // Stability: development + RPCGRPCStatusCodeInvalidArgument = RPCGRPCStatusCodeKey.Int(3) + // DEADLINE_EXCEEDED + // Stability: development + RPCGRPCStatusCodeDeadlineExceeded = RPCGRPCStatusCodeKey.Int(4) + // NOT_FOUND + // Stability: development + RPCGRPCStatusCodeNotFound = RPCGRPCStatusCodeKey.Int(5) + // ALREADY_EXISTS + // Stability: development + RPCGRPCStatusCodeAlreadyExists = RPCGRPCStatusCodeKey.Int(6) + // PERMISSION_DENIED + // Stability: development + RPCGRPCStatusCodePermissionDenied = RPCGRPCStatusCodeKey.Int(7) + // RESOURCE_EXHAUSTED + // Stability: development + RPCGRPCStatusCodeResourceExhausted = RPCGRPCStatusCodeKey.Int(8) + // FAILED_PRECONDITION + // Stability: development + RPCGRPCStatusCodeFailedPrecondition = RPCGRPCStatusCodeKey.Int(9) + // ABORTED + // Stability: development + RPCGRPCStatusCodeAborted = RPCGRPCStatusCodeKey.Int(10) + // OUT_OF_RANGE + // Stability: development + RPCGRPCStatusCodeOutOfRange = RPCGRPCStatusCodeKey.Int(11) + // UNIMPLEMENTED + // Stability: development + RPCGRPCStatusCodeUnimplemented = RPCGRPCStatusCodeKey.Int(12) + // INTERNAL + // Stability: development + RPCGRPCStatusCodeInternal = RPCGRPCStatusCodeKey.Int(13) + // UNAVAILABLE + // Stability: development + RPCGRPCStatusCodeUnavailable = RPCGRPCStatusCodeKey.Int(14) + // DATA_LOSS + // Stability: development + RPCGRPCStatusCodeDataLoss = RPCGRPCStatusCodeKey.Int(15) + // UNAUTHENTICATED + // Stability: development + RPCGRPCStatusCodeUnauthenticated = RPCGRPCStatusCodeKey.Int(16) +) + +// Enum values for rpc.message.type +var ( + // sent + // Stability: development + RPCMessageTypeSent = RPCMessageTypeKey.String("SENT") + // received + // Stability: development + RPCMessageTypeReceived = RPCMessageTypeKey.String("RECEIVED") +) + +// Enum values for rpc.system +var ( + // gRPC + // Stability: development + RPCSystemGRPC = RPCSystemKey.String("grpc") + // Java RMI + // Stability: development + RPCSystemJavaRmi = RPCSystemKey.String("java_rmi") + // .NET WCF + // Stability: development + RPCSystemDotnetWcf = RPCSystemKey.String("dotnet_wcf") + // Apache Dubbo + // Stability: development + RPCSystemApacheDubbo = RPCSystemKey.String("apache_dubbo") + // Connect RPC + // Stability: development + RPCSystemConnectRPC = RPCSystemKey.String("connect_rpc") +) + +// Namespace: security_rule +const ( + // SecurityRuleCategoryKey is the attribute Key conforming to the + // "security_rule.category" semantic conventions. It represents a categorization + // value keyword used by the entity using the rule for detection of this event. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Attempted Information Leak" + SecurityRuleCategoryKey = attribute.Key("security_rule.category") + + // SecurityRuleDescriptionKey is the attribute Key conforming to the + // "security_rule.description" semantic conventions. It represents the + // description of the rule generating the event. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Block requests to public DNS over HTTPS / TLS protocols" + SecurityRuleDescriptionKey = attribute.Key("security_rule.description") + + // SecurityRuleLicenseKey is the attribute Key conforming to the + // "security_rule.license" semantic conventions. It represents the name of the + // license under which the rule used to generate this event is made available. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Apache 2.0" + SecurityRuleLicenseKey = attribute.Key("security_rule.license") + + // SecurityRuleNameKey is the attribute Key conforming to the + // "security_rule.name" semantic conventions. It represents the name of the rule + // or signature generating the event. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "BLOCK_DNS_over_TLS" + SecurityRuleNameKey = attribute.Key("security_rule.name") + + // SecurityRuleReferenceKey is the attribute Key conforming to the + // "security_rule.reference" semantic conventions. It represents the reference + // URL to additional information about the rule used to generate this event. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "https://en.wikipedia.org/wiki/DNS_over_TLS" + // Note: The URL can point to the vendor’s documentation about the rule. If + // that’s not available, it can also be a link to a more general page + // describing this type of alert. + SecurityRuleReferenceKey = attribute.Key("security_rule.reference") + + // SecurityRuleRulesetNameKey is the attribute Key conforming to the + // "security_rule.ruleset.name" semantic conventions. It represents the name of + // the ruleset, policy, group, or parent category in which the rule used to + // generate this event is a member. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Standard_Protocol_Filters" + SecurityRuleRulesetNameKey = attribute.Key("security_rule.ruleset.name") + + // SecurityRuleUUIDKey is the attribute Key conforming to the + // "security_rule.uuid" semantic conventions. It represents a rule ID that is + // unique within the scope of a set or group of agents, observers, or other + // entities using the rule for detection of this event. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "550e8400-e29b-41d4-a716-446655440000", "1100110011" + SecurityRuleUUIDKey = attribute.Key("security_rule.uuid") + + // SecurityRuleVersionKey is the attribute Key conforming to the + // "security_rule.version" semantic conventions. It represents the version / + // revision of the rule being used for analysis. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1.0.0" + SecurityRuleVersionKey = attribute.Key("security_rule.version") +) + +// SecurityRuleCategory returns an attribute KeyValue conforming to the +// "security_rule.category" semantic conventions. It represents a categorization +// value keyword used by the entity using the rule for detection of this event. +func SecurityRuleCategory(val string) attribute.KeyValue { + return SecurityRuleCategoryKey.String(val) +} + +// SecurityRuleDescription returns an attribute KeyValue conforming to the +// "security_rule.description" semantic conventions. It represents the +// description of the rule generating the event. +func SecurityRuleDescription(val string) attribute.KeyValue { + return SecurityRuleDescriptionKey.String(val) +} + +// SecurityRuleLicense returns an attribute KeyValue conforming to the +// "security_rule.license" semantic conventions. It represents the name of the +// license under which the rule used to generate this event is made available. +func SecurityRuleLicense(val string) attribute.KeyValue { + return SecurityRuleLicenseKey.String(val) +} + +// SecurityRuleName returns an attribute KeyValue conforming to the +// "security_rule.name" semantic conventions. It represents the name of the rule +// or signature generating the event. +func SecurityRuleName(val string) attribute.KeyValue { + return SecurityRuleNameKey.String(val) +} + +// SecurityRuleReference returns an attribute KeyValue conforming to the +// "security_rule.reference" semantic conventions. It represents the reference +// URL to additional information about the rule used to generate this event. +func SecurityRuleReference(val string) attribute.KeyValue { + return SecurityRuleReferenceKey.String(val) +} + +// SecurityRuleRulesetName returns an attribute KeyValue conforming to the +// "security_rule.ruleset.name" semantic conventions. It represents the name of +// the ruleset, policy, group, or parent category in which the rule used to +// generate this event is a member. +func SecurityRuleRulesetName(val string) attribute.KeyValue { + return SecurityRuleRulesetNameKey.String(val) +} + +// SecurityRuleUUID returns an attribute KeyValue conforming to the +// "security_rule.uuid" semantic conventions. It represents a rule ID that is +// unique within the scope of a set or group of agents, observers, or other +// entities using the rule for detection of this event. +func SecurityRuleUUID(val string) attribute.KeyValue { + return SecurityRuleUUIDKey.String(val) +} + +// SecurityRuleVersion returns an attribute KeyValue conforming to the +// "security_rule.version" semantic conventions. It represents the version / +// revision of the rule being used for analysis. +func SecurityRuleVersion(val string) attribute.KeyValue { + return SecurityRuleVersionKey.String(val) +} + +// Namespace: server +const ( + // ServerAddressKey is the attribute Key conforming to the "server.address" + // semantic conventions. It represents the server domain name if available + // without reverse DNS lookup; otherwise, IP address or Unix domain socket name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "example.com", "10.1.2.80", "/tmp/my.sock" + // Note: When observed from the client side, and when communicating through an + // intermediary, `server.address` SHOULD represent the server address behind any + // intermediaries, for example proxies, if it's available. + ServerAddressKey = attribute.Key("server.address") + + // ServerPortKey is the attribute Key conforming to the "server.port" semantic + // conventions. It represents the server port number. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: 80, 8080, 443 + // Note: When observed from the client side, and when communicating through an + // intermediary, `server.port` SHOULD represent the server port behind any + // intermediaries, for example proxies, if it's available. + ServerPortKey = attribute.Key("server.port") +) + +// ServerAddress returns an attribute KeyValue conforming to the "server.address" +// semantic conventions. It represents the server domain name if available +// without reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func ServerAddress(val string) attribute.KeyValue { + return ServerAddressKey.String(val) +} + +// ServerPort returns an attribute KeyValue conforming to the "server.port" +// semantic conventions. It represents the server port number. +func ServerPort(val int) attribute.KeyValue { + return ServerPortKey.Int(val) +} + +// Namespace: service +const ( + // ServiceInstanceIDKey is the attribute Key conforming to the + // "service.instance.id" semantic conventions. It represents the string ID of + // the service instance. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "627cc493-f310-47de-96bd-71410b7dec09" + // Note: MUST be unique for each instance of the same + // `service.namespace,service.name` pair (in other words + // `service.namespace,service.name,service.instance.id` triplet MUST be globally + // unique). The ID helps to + // distinguish instances of the same service that exist at the same time (e.g. + // instances of a horizontally scaled + // service). + // + // Implementations, such as SDKs, are recommended to generate a random Version 1 + // or Version 4 [RFC + // 4122] UUID, but are free to use an inherent unique ID as + // the source of + // this value if stability is desirable. In that case, the ID SHOULD be used as + // source of a UUID Version 5 and + // SHOULD use the following UUID as the namespace: + // `4d63009a-8d0f-11ee-aad7-4c796ed8e320`. + // + // UUIDs are typically recommended, as only an opaque value for the purposes of + // identifying a service instance is + // needed. Similar to what can be seen in the man page for the + // [`/etc/machine-id`] file, the underlying + // data, such as pod name and namespace should be treated as confidential, being + // the user's choice to expose it + // or not via another resource attribute. + // + // For applications running behind an application server (like unicorn), we do + // not recommend using one identifier + // for all processes participating in the application. Instead, it's recommended + // each division (e.g. a worker + // thread in unicorn) to have its own instance.id. + // + // It's not recommended for a Collector to set `service.instance.id` if it can't + // unambiguously determine the + // service instance that is generating that telemetry. For instance, creating an + // UUID based on `pod.name` will + // likely be wrong, as the Collector might not know from which container within + // that pod the telemetry originated. + // However, Collectors can set the `service.instance.id` if they can + // unambiguously determine the service instance + // for that telemetry. This is typically the case for scraping receivers, as + // they know the target address and + // port. + // + // [RFC + // 4122]: https://www.ietf.org/rfc/rfc4122.txt + // [`/etc/machine-id`]: https://www.freedesktop.org/software/systemd/man/latest/machine-id.html + ServiceInstanceIDKey = attribute.Key("service.instance.id") + + // ServiceNameKey is the attribute Key conforming to the "service.name" semantic + // conventions. It represents the logical name of the service. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "shoppingcart" + // Note: MUST be the same for all instances of horizontally scaled services. If + // the value was not specified, SDKs MUST fallback to `unknown_service:` + // concatenated with [`process.executable.name`], e.g. `unknown_service:bash`. + // If `process.executable.name` is not available, the value MUST be set to + // `unknown_service`. + // + // [`process.executable.name`]: process.md + ServiceNameKey = attribute.Key("service.name") + + // ServiceNamespaceKey is the attribute Key conforming to the + // "service.namespace" semantic conventions. It represents a namespace for + // `service.name`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Shop" + // Note: A string value having a meaning that helps to distinguish a group of + // services, for example the team name that owns a group of services. + // `service.name` is expected to be unique within the same namespace. If + // `service.namespace` is not specified in the Resource then `service.name` is + // expected to be unique for all services that have no explicit namespace + // defined (so the empty/unspecified namespace is simply one more valid + // namespace). Zero-length namespace string is assumed equal to unspecified + // namespace. + ServiceNamespaceKey = attribute.Key("service.namespace") + + // ServiceVersionKey is the attribute Key conforming to the "service.version" + // semantic conventions. It represents the version string of the service API or + // implementation. The format is not defined by these conventions. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "2.0.0", "a01dbef8a" + ServiceVersionKey = attribute.Key("service.version") +) + +// ServiceInstanceID returns an attribute KeyValue conforming to the +// "service.instance.id" semantic conventions. It represents the string ID of the +// service instance. +func ServiceInstanceID(val string) attribute.KeyValue { + return ServiceInstanceIDKey.String(val) +} + +// ServiceName returns an attribute KeyValue conforming to the "service.name" +// semantic conventions. It represents the logical name of the service. +func ServiceName(val string) attribute.KeyValue { + return ServiceNameKey.String(val) +} + +// ServiceNamespace returns an attribute KeyValue conforming to the +// "service.namespace" semantic conventions. It represents a namespace for +// `service.name`. +func ServiceNamespace(val string) attribute.KeyValue { + return ServiceNamespaceKey.String(val) +} + +// ServiceVersion returns an attribute KeyValue conforming to the +// "service.version" semantic conventions. It represents the version string of +// the service API or implementation. The format is not defined by these +// conventions. +func ServiceVersion(val string) attribute.KeyValue { + return ServiceVersionKey.String(val) +} + +// Namespace: session +const ( + // SessionIDKey is the attribute Key conforming to the "session.id" semantic + // conventions. It represents a unique id to identify a session. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 00112233-4455-6677-8899-aabbccddeeff + SessionIDKey = attribute.Key("session.id") + + // SessionPreviousIDKey is the attribute Key conforming to the + // "session.previous_id" semantic conventions. It represents the previous + // `session.id` for this user, when known. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 00112233-4455-6677-8899-aabbccddeeff + SessionPreviousIDKey = attribute.Key("session.previous_id") +) + +// SessionID returns an attribute KeyValue conforming to the "session.id" +// semantic conventions. It represents a unique id to identify a session. +func SessionID(val string) attribute.KeyValue { + return SessionIDKey.String(val) +} + +// SessionPreviousID returns an attribute KeyValue conforming to the +// "session.previous_id" semantic conventions. It represents the previous +// `session.id` for this user, when known. +func SessionPreviousID(val string) attribute.KeyValue { + return SessionPreviousIDKey.String(val) +} + +// Namespace: signalr +const ( + // SignalRConnectionStatusKey is the attribute Key conforming to the + // "signalr.connection.status" semantic conventions. It represents the signalR + // HTTP connection closure status. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "app_shutdown", "timeout" + SignalRConnectionStatusKey = attribute.Key("signalr.connection.status") + + // SignalRTransportKey is the attribute Key conforming to the + // "signalr.transport" semantic conventions. It represents the + // [SignalR transport type]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "web_sockets", "long_polling" + // + // [SignalR transport type]: https://github.com/dotnet/aspnetcore/blob/main/src/SignalR/docs/specs/TransportProtocols.md + SignalRTransportKey = attribute.Key("signalr.transport") +) + +// Enum values for signalr.connection.status +var ( + // The connection was closed normally. + // Stability: stable + SignalRConnectionStatusNormalClosure = SignalRConnectionStatusKey.String("normal_closure") + // The connection was closed due to a timeout. + // Stability: stable + SignalRConnectionStatusTimeout = SignalRConnectionStatusKey.String("timeout") + // The connection was closed because the app is shutting down. + // Stability: stable + SignalRConnectionStatusAppShutdown = SignalRConnectionStatusKey.String("app_shutdown") +) + +// Enum values for signalr.transport +var ( + // ServerSentEvents protocol + // Stability: stable + SignalRTransportServerSentEvents = SignalRTransportKey.String("server_sent_events") + // LongPolling protocol + // Stability: stable + SignalRTransportLongPolling = SignalRTransportKey.String("long_polling") + // WebSockets protocol + // Stability: stable + SignalRTransportWebSockets = SignalRTransportKey.String("web_sockets") +) + +// Namespace: source +const ( + // SourceAddressKey is the attribute Key conforming to the "source.address" + // semantic conventions. It represents the source address - domain name if + // available without reverse DNS lookup; otherwise, IP address or Unix domain + // socket name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "source.example.com", "10.1.2.80", "/tmp/my.sock" + // Note: When observed from the destination side, and when communicating through + // an intermediary, `source.address` SHOULD represent the source address behind + // any intermediaries, for example proxies, if it's available. + SourceAddressKey = attribute.Key("source.address") + + // SourcePortKey is the attribute Key conforming to the "source.port" semantic + // conventions. It represents the source port number. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 3389, 2888 + SourcePortKey = attribute.Key("source.port") +) + +// SourceAddress returns an attribute KeyValue conforming to the "source.address" +// semantic conventions. It represents the source address - domain name if +// available without reverse DNS lookup; otherwise, IP address or Unix domain +// socket name. +func SourceAddress(val string) attribute.KeyValue { + return SourceAddressKey.String(val) +} + +// SourcePort returns an attribute KeyValue conforming to the "source.port" +// semantic conventions. It represents the source port number. +func SourcePort(val int) attribute.KeyValue { + return SourcePortKey.Int(val) +} + +// Namespace: system +const ( + // SystemCPULogicalNumberKey is the attribute Key conforming to the + // "system.cpu.logical_number" semantic conventions. It represents the + // deprecated, use `cpu.logical_number` instead. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 1 + SystemCPULogicalNumberKey = attribute.Key("system.cpu.logical_number") + + // SystemDeviceKey is the attribute Key conforming to the "system.device" + // semantic conventions. It represents the device identifier. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "(identifier)" + SystemDeviceKey = attribute.Key("system.device") + + // SystemFilesystemModeKey is the attribute Key conforming to the + // "system.filesystem.mode" semantic conventions. It represents the filesystem + // mode. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "rw, ro" + SystemFilesystemModeKey = attribute.Key("system.filesystem.mode") + + // SystemFilesystemMountpointKey is the attribute Key conforming to the + // "system.filesystem.mountpoint" semantic conventions. It represents the + // filesystem mount path. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/mnt/data" + SystemFilesystemMountpointKey = attribute.Key("system.filesystem.mountpoint") + + // SystemFilesystemStateKey is the attribute Key conforming to the + // "system.filesystem.state" semantic conventions. It represents the filesystem + // state. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "used" + SystemFilesystemStateKey = attribute.Key("system.filesystem.state") + + // SystemFilesystemTypeKey is the attribute Key conforming to the + // "system.filesystem.type" semantic conventions. It represents the filesystem + // type. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "ext4" + SystemFilesystemTypeKey = attribute.Key("system.filesystem.type") + + // SystemMemoryStateKey is the attribute Key conforming to the + // "system.memory.state" semantic conventions. It represents the memory state. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "free", "cached" + SystemMemoryStateKey = attribute.Key("system.memory.state") + + // SystemPagingDirectionKey is the attribute Key conforming to the + // "system.paging.direction" semantic conventions. It represents the paging + // access direction. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "in" + SystemPagingDirectionKey = attribute.Key("system.paging.direction") + + // SystemPagingStateKey is the attribute Key conforming to the + // "system.paging.state" semantic conventions. It represents the memory paging + // state. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "free" + SystemPagingStateKey = attribute.Key("system.paging.state") + + // SystemPagingTypeKey is the attribute Key conforming to the + // "system.paging.type" semantic conventions. It represents the memory paging + // type. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "minor" + SystemPagingTypeKey = attribute.Key("system.paging.type") + + // SystemProcessStatusKey is the attribute Key conforming to the + // "system.process.status" semantic conventions. It represents the process + // state, e.g., [Linux Process State Codes]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "running" + // + // [Linux Process State Codes]: https://man7.org/linux/man-pages/man1/ps.1.html#PROCESS_STATE_CODES + SystemProcessStatusKey = attribute.Key("system.process.status") +) + +// SystemCPULogicalNumber returns an attribute KeyValue conforming to the +// "system.cpu.logical_number" semantic conventions. It represents the +// deprecated, use `cpu.logical_number` instead. +func SystemCPULogicalNumber(val int) attribute.KeyValue { + return SystemCPULogicalNumberKey.Int(val) +} + +// SystemDevice returns an attribute KeyValue conforming to the "system.device" +// semantic conventions. It represents the device identifier. +func SystemDevice(val string) attribute.KeyValue { + return SystemDeviceKey.String(val) +} + +// SystemFilesystemMode returns an attribute KeyValue conforming to the +// "system.filesystem.mode" semantic conventions. It represents the filesystem +// mode. +func SystemFilesystemMode(val string) attribute.KeyValue { + return SystemFilesystemModeKey.String(val) +} + +// SystemFilesystemMountpoint returns an attribute KeyValue conforming to the +// "system.filesystem.mountpoint" semantic conventions. It represents the +// filesystem mount path. +func SystemFilesystemMountpoint(val string) attribute.KeyValue { + return SystemFilesystemMountpointKey.String(val) +} + +// Enum values for system.filesystem.state +var ( + // used + // Stability: development + SystemFilesystemStateUsed = SystemFilesystemStateKey.String("used") + // free + // Stability: development + SystemFilesystemStateFree = SystemFilesystemStateKey.String("free") + // reserved + // Stability: development + SystemFilesystemStateReserved = SystemFilesystemStateKey.String("reserved") +) + +// Enum values for system.filesystem.type +var ( + // fat32 + // Stability: development + SystemFilesystemTypeFat32 = SystemFilesystemTypeKey.String("fat32") + // exfat + // Stability: development + SystemFilesystemTypeExfat = SystemFilesystemTypeKey.String("exfat") + // ntfs + // Stability: development + SystemFilesystemTypeNtfs = SystemFilesystemTypeKey.String("ntfs") + // refs + // Stability: development + SystemFilesystemTypeRefs = SystemFilesystemTypeKey.String("refs") + // hfsplus + // Stability: development + SystemFilesystemTypeHfsplus = SystemFilesystemTypeKey.String("hfsplus") + // ext4 + // Stability: development + SystemFilesystemTypeExt4 = SystemFilesystemTypeKey.String("ext4") +) + +// Enum values for system.memory.state +var ( + // Actual used virtual memory in bytes. + // Stability: development + SystemMemoryStateUsed = SystemMemoryStateKey.String("used") + // free + // Stability: development + SystemMemoryStateFree = SystemMemoryStateKey.String("free") + // buffers + // Stability: development + SystemMemoryStateBuffers = SystemMemoryStateKey.String("buffers") + // cached + // Stability: development + SystemMemoryStateCached = SystemMemoryStateKey.String("cached") +) + +// Enum values for system.paging.direction +var ( + // in + // Stability: development + SystemPagingDirectionIn = SystemPagingDirectionKey.String("in") + // out + // Stability: development + SystemPagingDirectionOut = SystemPagingDirectionKey.String("out") +) + +// Enum values for system.paging.state +var ( + // used + // Stability: development + SystemPagingStateUsed = SystemPagingStateKey.String("used") + // free + // Stability: development + SystemPagingStateFree = SystemPagingStateKey.String("free") +) + +// Enum values for system.paging.type +var ( + // major + // Stability: development + SystemPagingTypeMajor = SystemPagingTypeKey.String("major") + // minor + // Stability: development + SystemPagingTypeMinor = SystemPagingTypeKey.String("minor") +) + +// Enum values for system.process.status +var ( + // running + // Stability: development + SystemProcessStatusRunning = SystemProcessStatusKey.String("running") + // sleeping + // Stability: development + SystemProcessStatusSleeping = SystemProcessStatusKey.String("sleeping") + // stopped + // Stability: development + SystemProcessStatusStopped = SystemProcessStatusKey.String("stopped") + // defunct + // Stability: development + SystemProcessStatusDefunct = SystemProcessStatusKey.String("defunct") +) + +// Namespace: telemetry +const ( + // TelemetryDistroNameKey is the attribute Key conforming to the + // "telemetry.distro.name" semantic conventions. It represents the name of the + // auto instrumentation agent or distribution, if used. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "parts-unlimited-java" + // Note: Official auto instrumentation agents and distributions SHOULD set the + // `telemetry.distro.name` attribute to + // a string starting with `opentelemetry-`, e.g. + // `opentelemetry-java-instrumentation`. + TelemetryDistroNameKey = attribute.Key("telemetry.distro.name") + + // TelemetryDistroVersionKey is the attribute Key conforming to the + // "telemetry.distro.version" semantic conventions. It represents the version + // string of the auto instrumentation agent or distribution, if used. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1.2.3" + TelemetryDistroVersionKey = attribute.Key("telemetry.distro.version") + + // TelemetrySDKLanguageKey is the attribute Key conforming to the + // "telemetry.sdk.language" semantic conventions. It represents the language of + // the telemetry SDK. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: + TelemetrySDKLanguageKey = attribute.Key("telemetry.sdk.language") + + // TelemetrySDKNameKey is the attribute Key conforming to the + // "telemetry.sdk.name" semantic conventions. It represents the name of the + // telemetry SDK as defined above. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "opentelemetry" + // Note: The OpenTelemetry SDK MUST set the `telemetry.sdk.name` attribute to + // `opentelemetry`. + // If another SDK, like a fork or a vendor-provided implementation, is used, + // this SDK MUST set the + // `telemetry.sdk.name` attribute to the fully-qualified class or module name of + // this SDK's main entry point + // or another suitable identifier depending on the language. + // The identifier `opentelemetry` is reserved and MUST NOT be used in this case. + // All custom identifiers SHOULD be stable across different versions of an + // implementation. + TelemetrySDKNameKey = attribute.Key("telemetry.sdk.name") + + // TelemetrySDKVersionKey is the attribute Key conforming to the + // "telemetry.sdk.version" semantic conventions. It represents the version + // string of the telemetry SDK. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "1.2.3" + TelemetrySDKVersionKey = attribute.Key("telemetry.sdk.version") +) + +// TelemetryDistroName returns an attribute KeyValue conforming to the +// "telemetry.distro.name" semantic conventions. It represents the name of the +// auto instrumentation agent or distribution, if used. +func TelemetryDistroName(val string) attribute.KeyValue { + return TelemetryDistroNameKey.String(val) +} + +// TelemetryDistroVersion returns an attribute KeyValue conforming to the +// "telemetry.distro.version" semantic conventions. It represents the version +// string of the auto instrumentation agent or distribution, if used. +func TelemetryDistroVersion(val string) attribute.KeyValue { + return TelemetryDistroVersionKey.String(val) +} + +// TelemetrySDKName returns an attribute KeyValue conforming to the +// "telemetry.sdk.name" semantic conventions. It represents the name of the +// telemetry SDK as defined above. +func TelemetrySDKName(val string) attribute.KeyValue { + return TelemetrySDKNameKey.String(val) +} + +// TelemetrySDKVersion returns an attribute KeyValue conforming to the +// "telemetry.sdk.version" semantic conventions. It represents the version string +// of the telemetry SDK. +func TelemetrySDKVersion(val string) attribute.KeyValue { + return TelemetrySDKVersionKey.String(val) +} + +// Enum values for telemetry.sdk.language +var ( + // cpp + // Stability: stable + TelemetrySDKLanguageCPP = TelemetrySDKLanguageKey.String("cpp") + // dotnet + // Stability: stable + TelemetrySDKLanguageDotnet = TelemetrySDKLanguageKey.String("dotnet") + // erlang + // Stability: stable + TelemetrySDKLanguageErlang = TelemetrySDKLanguageKey.String("erlang") + // go + // Stability: stable + TelemetrySDKLanguageGo = TelemetrySDKLanguageKey.String("go") + // java + // Stability: stable + TelemetrySDKLanguageJava = TelemetrySDKLanguageKey.String("java") + // nodejs + // Stability: stable + TelemetrySDKLanguageNodejs = TelemetrySDKLanguageKey.String("nodejs") + // php + // Stability: stable + TelemetrySDKLanguagePHP = TelemetrySDKLanguageKey.String("php") + // python + // Stability: stable + TelemetrySDKLanguagePython = TelemetrySDKLanguageKey.String("python") + // ruby + // Stability: stable + TelemetrySDKLanguageRuby = TelemetrySDKLanguageKey.String("ruby") + // rust + // Stability: stable + TelemetrySDKLanguageRust = TelemetrySDKLanguageKey.String("rust") + // swift + // Stability: stable + TelemetrySDKLanguageSwift = TelemetrySDKLanguageKey.String("swift") + // webjs + // Stability: stable + TelemetrySDKLanguageWebJS = TelemetrySDKLanguageKey.String("webjs") +) + +// Namespace: test +const ( + // TestCaseNameKey is the attribute Key conforming to the "test.case.name" + // semantic conventions. It represents the fully qualified human readable name + // of the [test case]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "org.example.TestCase1.test1", "example/tests/TestCase1.test1", + // "ExampleTestCase1_test1" + // + // [test case]: https://wikipedia.org/wiki/Test_case + TestCaseNameKey = attribute.Key("test.case.name") + + // TestCaseResultStatusKey is the attribute Key conforming to the + // "test.case.result.status" semantic conventions. It represents the status of + // the actual test case result from test execution. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "pass", "fail" + TestCaseResultStatusKey = attribute.Key("test.case.result.status") + + // TestSuiteNameKey is the attribute Key conforming to the "test.suite.name" + // semantic conventions. It represents the human readable name of a [test suite] + // . + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "TestSuite1" + // + // [test suite]: https://wikipedia.org/wiki/Test_suite + TestSuiteNameKey = attribute.Key("test.suite.name") + + // TestSuiteRunStatusKey is the attribute Key conforming to the + // "test.suite.run.status" semantic conventions. It represents the status of the + // test suite run. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "success", "failure", "skipped", "aborted", "timed_out", + // "in_progress" + TestSuiteRunStatusKey = attribute.Key("test.suite.run.status") +) + +// TestCaseName returns an attribute KeyValue conforming to the "test.case.name" +// semantic conventions. It represents the fully qualified human readable name of +// the [test case]. +// +// [test case]: https://wikipedia.org/wiki/Test_case +func TestCaseName(val string) attribute.KeyValue { + return TestCaseNameKey.String(val) +} + +// TestSuiteName returns an attribute KeyValue conforming to the +// "test.suite.name" semantic conventions. It represents the human readable name +// of a [test suite]. +// +// [test suite]: https://wikipedia.org/wiki/Test_suite +func TestSuiteName(val string) attribute.KeyValue { + return TestSuiteNameKey.String(val) +} + +// Enum values for test.case.result.status +var ( + // pass + // Stability: development + TestCaseResultStatusPass = TestCaseResultStatusKey.String("pass") + // fail + // Stability: development + TestCaseResultStatusFail = TestCaseResultStatusKey.String("fail") +) + +// Enum values for test.suite.run.status +var ( + // success + // Stability: development + TestSuiteRunStatusSuccess = TestSuiteRunStatusKey.String("success") + // failure + // Stability: development + TestSuiteRunStatusFailure = TestSuiteRunStatusKey.String("failure") + // skipped + // Stability: development + TestSuiteRunStatusSkipped = TestSuiteRunStatusKey.String("skipped") + // aborted + // Stability: development + TestSuiteRunStatusAborted = TestSuiteRunStatusKey.String("aborted") + // timed_out + // Stability: development + TestSuiteRunStatusTimedOut = TestSuiteRunStatusKey.String("timed_out") + // in_progress + // Stability: development + TestSuiteRunStatusInProgress = TestSuiteRunStatusKey.String("in_progress") +) + +// Namespace: thread +const ( + // ThreadIDKey is the attribute Key conforming to the "thread.id" semantic + // conventions. It represents the current "managed" thread ID (as opposed to OS + // thread ID). + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + ThreadIDKey = attribute.Key("thread.id") + + // ThreadNameKey is the attribute Key conforming to the "thread.name" semantic + // conventions. It represents the current thread name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: main + ThreadNameKey = attribute.Key("thread.name") +) + +// ThreadID returns an attribute KeyValue conforming to the "thread.id" semantic +// conventions. It represents the current "managed" thread ID (as opposed to OS +// thread ID). +func ThreadID(val int) attribute.KeyValue { + return ThreadIDKey.Int(val) +} + +// ThreadName returns an attribute KeyValue conforming to the "thread.name" +// semantic conventions. It represents the current thread name. +func ThreadName(val string) attribute.KeyValue { + return ThreadNameKey.String(val) +} + +// Namespace: tls +const ( + // TLSCipherKey is the attribute Key conforming to the "tls.cipher" semantic + // conventions. It represents the string indicating the [cipher] used during the + // current connection. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" + // Note: The values allowed for `tls.cipher` MUST be one of the `Descriptions` + // of the [registered TLS Cipher Suits]. + // + // [cipher]: https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5 + // [registered TLS Cipher Suits]: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#table-tls-parameters-4 + TLSCipherKey = attribute.Key("tls.cipher") + + // TLSClientCertificateKey is the attribute Key conforming to the + // "tls.client.certificate" semantic conventions. It represents the PEM-encoded + // stand-alone certificate offered by the client. This is usually + // mutually-exclusive of `client.certificate_chain` since this value also exists + // in that list. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "MII..." + TLSClientCertificateKey = attribute.Key("tls.client.certificate") + + // TLSClientCertificateChainKey is the attribute Key conforming to the + // "tls.client.certificate_chain" semantic conventions. It represents the array + // of PEM-encoded certificates that make up the certificate chain offered by the + // client. This is usually mutually-exclusive of `client.certificate` since that + // value should be the first certificate in the chain. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "MII...", "MI..." + TLSClientCertificateChainKey = attribute.Key("tls.client.certificate_chain") + + // TLSClientHashMd5Key is the attribute Key conforming to the + // "tls.client.hash.md5" semantic conventions. It represents the certificate + // fingerprint using the MD5 digest of DER-encoded version of certificate + // offered by the client. For consistency with other hash values, this value + // should be formatted as an uppercase hash. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC" + TLSClientHashMd5Key = attribute.Key("tls.client.hash.md5") + + // TLSClientHashSha1Key is the attribute Key conforming to the + // "tls.client.hash.sha1" semantic conventions. It represents the certificate + // fingerprint using the SHA1 digest of DER-encoded version of certificate + // offered by the client. For consistency with other hash values, this value + // should be formatted as an uppercase hash. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "9E393D93138888D288266C2D915214D1D1CCEB2A" + TLSClientHashSha1Key = attribute.Key("tls.client.hash.sha1") + + // TLSClientHashSha256Key is the attribute Key conforming to the + // "tls.client.hash.sha256" semantic conventions. It represents the certificate + // fingerprint using the SHA256 digest of DER-encoded version of certificate + // offered by the client. For consistency with other hash values, this value + // should be formatted as an uppercase hash. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0" + TLSClientHashSha256Key = attribute.Key("tls.client.hash.sha256") + + // TLSClientIssuerKey is the attribute Key conforming to the "tls.client.issuer" + // semantic conventions. It represents the distinguished name of [subject] of + // the issuer of the x.509 certificate presented by the client. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com" + // + // [subject]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + TLSClientIssuerKey = attribute.Key("tls.client.issuer") + + // TLSClientJa3Key is the attribute Key conforming to the "tls.client.ja3" + // semantic conventions. It represents a hash that identifies clients based on + // how they perform an SSL/TLS handshake. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "d4e5b18d6b55c71272893221c96ba240" + TLSClientJa3Key = attribute.Key("tls.client.ja3") + + // TLSClientNotAfterKey is the attribute Key conforming to the + // "tls.client.not_after" semantic conventions. It represents the date/Time + // indicating when client certificate is no longer considered valid. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2021-01-01T00:00:00.000Z" + TLSClientNotAfterKey = attribute.Key("tls.client.not_after") + + // TLSClientNotBeforeKey is the attribute Key conforming to the + // "tls.client.not_before" semantic conventions. It represents the date/Time + // indicating when client certificate is first considered valid. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1970-01-01T00:00:00.000Z" + TLSClientNotBeforeKey = attribute.Key("tls.client.not_before") + + // TLSClientSubjectKey is the attribute Key conforming to the + // "tls.client.subject" semantic conventions. It represents the distinguished + // name of subject of the x.509 certificate presented by the client. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "CN=myclient, OU=Documentation Team, DC=example, DC=com" + TLSClientSubjectKey = attribute.Key("tls.client.subject") + + // TLSClientSupportedCiphersKey is the attribute Key conforming to the + // "tls.client.supported_ciphers" semantic conventions. It represents the array + // of ciphers offered by the client during the client hello. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + // "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" + TLSClientSupportedCiphersKey = attribute.Key("tls.client.supported_ciphers") + + // TLSCurveKey is the attribute Key conforming to the "tls.curve" semantic + // conventions. It represents the string indicating the curve used for the given + // cipher, when applicable. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "secp256r1" + TLSCurveKey = attribute.Key("tls.curve") + + // TLSEstablishedKey is the attribute Key conforming to the "tls.established" + // semantic conventions. It represents the boolean flag indicating if the TLS + // negotiation was successful and transitioned to an encrypted tunnel. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: true + TLSEstablishedKey = attribute.Key("tls.established") + + // TLSNextProtocolKey is the attribute Key conforming to the "tls.next_protocol" + // semantic conventions. It represents the string indicating the protocol being + // tunneled. Per the values in the [IANA registry], this string should be lower + // case. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "http/1.1" + // + // [IANA registry]: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids + TLSNextProtocolKey = attribute.Key("tls.next_protocol") + + // TLSProtocolNameKey is the attribute Key conforming to the "tls.protocol.name" + // semantic conventions. It represents the normalized lowercase protocol name + // parsed from original string of the negotiated [SSL/TLS protocol version]. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // + // [SSL/TLS protocol version]: https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values + TLSProtocolNameKey = attribute.Key("tls.protocol.name") + + // TLSProtocolVersionKey is the attribute Key conforming to the + // "tls.protocol.version" semantic conventions. It represents the numeric part + // of the version parsed from the original string of the negotiated + // [SSL/TLS protocol version]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1.2", "3" + // + // [SSL/TLS protocol version]: https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values + TLSProtocolVersionKey = attribute.Key("tls.protocol.version") + + // TLSResumedKey is the attribute Key conforming to the "tls.resumed" semantic + // conventions. It represents the boolean flag indicating if this TLS connection + // was resumed from an existing TLS negotiation. + // + // Type: boolean + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: true + TLSResumedKey = attribute.Key("tls.resumed") + + // TLSServerCertificateKey is the attribute Key conforming to the + // "tls.server.certificate" semantic conventions. It represents the PEM-encoded + // stand-alone certificate offered by the server. This is usually + // mutually-exclusive of `server.certificate_chain` since this value also exists + // in that list. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "MII..." + TLSServerCertificateKey = attribute.Key("tls.server.certificate") + + // TLSServerCertificateChainKey is the attribute Key conforming to the + // "tls.server.certificate_chain" semantic conventions. It represents the array + // of PEM-encoded certificates that make up the certificate chain offered by the + // server. This is usually mutually-exclusive of `server.certificate` since that + // value should be the first certificate in the chain. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "MII...", "MI..." + TLSServerCertificateChainKey = attribute.Key("tls.server.certificate_chain") + + // TLSServerHashMd5Key is the attribute Key conforming to the + // "tls.server.hash.md5" semantic conventions. It represents the certificate + // fingerprint using the MD5 digest of DER-encoded version of certificate + // offered by the server. For consistency with other hash values, this value + // should be formatted as an uppercase hash. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC" + TLSServerHashMd5Key = attribute.Key("tls.server.hash.md5") + + // TLSServerHashSha1Key is the attribute Key conforming to the + // "tls.server.hash.sha1" semantic conventions. It represents the certificate + // fingerprint using the SHA1 digest of DER-encoded version of certificate + // offered by the server. For consistency with other hash values, this value + // should be formatted as an uppercase hash. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "9E393D93138888D288266C2D915214D1D1CCEB2A" + TLSServerHashSha1Key = attribute.Key("tls.server.hash.sha1") + + // TLSServerHashSha256Key is the attribute Key conforming to the + // "tls.server.hash.sha256" semantic conventions. It represents the certificate + // fingerprint using the SHA256 digest of DER-encoded version of certificate + // offered by the server. For consistency with other hash values, this value + // should be formatted as an uppercase hash. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0" + TLSServerHashSha256Key = attribute.Key("tls.server.hash.sha256") + + // TLSServerIssuerKey is the attribute Key conforming to the "tls.server.issuer" + // semantic conventions. It represents the distinguished name of [subject] of + // the issuer of the x.509 certificate presented by the client. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com" + // + // [subject]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + TLSServerIssuerKey = attribute.Key("tls.server.issuer") + + // TLSServerJa3sKey is the attribute Key conforming to the "tls.server.ja3s" + // semantic conventions. It represents a hash that identifies servers based on + // how they perform an SSL/TLS handshake. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "d4e5b18d6b55c71272893221c96ba240" + TLSServerJa3sKey = attribute.Key("tls.server.ja3s") + + // TLSServerNotAfterKey is the attribute Key conforming to the + // "tls.server.not_after" semantic conventions. It represents the date/Time + // indicating when server certificate is no longer considered valid. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "2021-01-01T00:00:00.000Z" + TLSServerNotAfterKey = attribute.Key("tls.server.not_after") + + // TLSServerNotBeforeKey is the attribute Key conforming to the + // "tls.server.not_before" semantic conventions. It represents the date/Time + // indicating when server certificate is first considered valid. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "1970-01-01T00:00:00.000Z" + TLSServerNotBeforeKey = attribute.Key("tls.server.not_before") + + // TLSServerSubjectKey is the attribute Key conforming to the + // "tls.server.subject" semantic conventions. It represents the distinguished + // name of subject of the x.509 certificate presented by the server. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "CN=myserver, OU=Documentation Team, DC=example, DC=com" + TLSServerSubjectKey = attribute.Key("tls.server.subject") +) + +// TLSCipher returns an attribute KeyValue conforming to the "tls.cipher" +// semantic conventions. It represents the string indicating the [cipher] used +// during the current connection. +// +// [cipher]: https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5 +func TLSCipher(val string) attribute.KeyValue { + return TLSCipherKey.String(val) +} + +// TLSClientCertificate returns an attribute KeyValue conforming to the +// "tls.client.certificate" semantic conventions. It represents the PEM-encoded +// stand-alone certificate offered by the client. This is usually +// mutually-exclusive of `client.certificate_chain` since this value also exists +// in that list. +func TLSClientCertificate(val string) attribute.KeyValue { + return TLSClientCertificateKey.String(val) +} + +// TLSClientCertificateChain returns an attribute KeyValue conforming to the +// "tls.client.certificate_chain" semantic conventions. It represents the array +// of PEM-encoded certificates that make up the certificate chain offered by the +// client. This is usually mutually-exclusive of `client.certificate` since that +// value should be the first certificate in the chain. +func TLSClientCertificateChain(val ...string) attribute.KeyValue { + return TLSClientCertificateChainKey.StringSlice(val) +} + +// TLSClientHashMd5 returns an attribute KeyValue conforming to the +// "tls.client.hash.md5" semantic conventions. It represents the certificate +// fingerprint using the MD5 digest of DER-encoded version of certificate offered +// by the client. For consistency with other hash values, this value should be +// formatted as an uppercase hash. +func TLSClientHashMd5(val string) attribute.KeyValue { + return TLSClientHashMd5Key.String(val) +} + +// TLSClientHashSha1 returns an attribute KeyValue conforming to the +// "tls.client.hash.sha1" semantic conventions. It represents the certificate +// fingerprint using the SHA1 digest of DER-encoded version of certificate +// offered by the client. For consistency with other hash values, this value +// should be formatted as an uppercase hash. +func TLSClientHashSha1(val string) attribute.KeyValue { + return TLSClientHashSha1Key.String(val) +} + +// TLSClientHashSha256 returns an attribute KeyValue conforming to the +// "tls.client.hash.sha256" semantic conventions. It represents the certificate +// fingerprint using the SHA256 digest of DER-encoded version of certificate +// offered by the client. For consistency with other hash values, this value +// should be formatted as an uppercase hash. +func TLSClientHashSha256(val string) attribute.KeyValue { + return TLSClientHashSha256Key.String(val) +} + +// TLSClientIssuer returns an attribute KeyValue conforming to the +// "tls.client.issuer" semantic conventions. It represents the distinguished name +// of [subject] of the issuer of the x.509 certificate presented by the client. +// +// [subject]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 +func TLSClientIssuer(val string) attribute.KeyValue { + return TLSClientIssuerKey.String(val) +} + +// TLSClientJa3 returns an attribute KeyValue conforming to the "tls.client.ja3" +// semantic conventions. It represents a hash that identifies clients based on +// how they perform an SSL/TLS handshake. +func TLSClientJa3(val string) attribute.KeyValue { + return TLSClientJa3Key.String(val) +} + +// TLSClientNotAfter returns an attribute KeyValue conforming to the +// "tls.client.not_after" semantic conventions. It represents the date/Time +// indicating when client certificate is no longer considered valid. +func TLSClientNotAfter(val string) attribute.KeyValue { + return TLSClientNotAfterKey.String(val) +} + +// TLSClientNotBefore returns an attribute KeyValue conforming to the +// "tls.client.not_before" semantic conventions. It represents the date/Time +// indicating when client certificate is first considered valid. +func TLSClientNotBefore(val string) attribute.KeyValue { + return TLSClientNotBeforeKey.String(val) +} + +// TLSClientSubject returns an attribute KeyValue conforming to the +// "tls.client.subject" semantic conventions. It represents the distinguished +// name of subject of the x.509 certificate presented by the client. +func TLSClientSubject(val string) attribute.KeyValue { + return TLSClientSubjectKey.String(val) +} + +// TLSClientSupportedCiphers returns an attribute KeyValue conforming to the +// "tls.client.supported_ciphers" semantic conventions. It represents the array +// of ciphers offered by the client during the client hello. +func TLSClientSupportedCiphers(val ...string) attribute.KeyValue { + return TLSClientSupportedCiphersKey.StringSlice(val) +} + +// TLSCurve returns an attribute KeyValue conforming to the "tls.curve" semantic +// conventions. It represents the string indicating the curve used for the given +// cipher, when applicable. +func TLSCurve(val string) attribute.KeyValue { + return TLSCurveKey.String(val) +} + +// TLSEstablished returns an attribute KeyValue conforming to the +// "tls.established" semantic conventions. It represents the boolean flag +// indicating if the TLS negotiation was successful and transitioned to an +// encrypted tunnel. +func TLSEstablished(val bool) attribute.KeyValue { + return TLSEstablishedKey.Bool(val) +} + +// TLSNextProtocol returns an attribute KeyValue conforming to the +// "tls.next_protocol" semantic conventions. It represents the string indicating +// the protocol being tunneled. Per the values in the [IANA registry], this +// string should be lower case. +// +// [IANA registry]: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids +func TLSNextProtocol(val string) attribute.KeyValue { + return TLSNextProtocolKey.String(val) +} + +// TLSProtocolVersion returns an attribute KeyValue conforming to the +// "tls.protocol.version" semantic conventions. It represents the numeric part of +// the version parsed from the original string of the negotiated +// [SSL/TLS protocol version]. +// +// [SSL/TLS protocol version]: https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values +func TLSProtocolVersion(val string) attribute.KeyValue { + return TLSProtocolVersionKey.String(val) +} + +// TLSResumed returns an attribute KeyValue conforming to the "tls.resumed" +// semantic conventions. It represents the boolean flag indicating if this TLS +// connection was resumed from an existing TLS negotiation. +func TLSResumed(val bool) attribute.KeyValue { + return TLSResumedKey.Bool(val) +} + +// TLSServerCertificate returns an attribute KeyValue conforming to the +// "tls.server.certificate" semantic conventions. It represents the PEM-encoded +// stand-alone certificate offered by the server. This is usually +// mutually-exclusive of `server.certificate_chain` since this value also exists +// in that list. +func TLSServerCertificate(val string) attribute.KeyValue { + return TLSServerCertificateKey.String(val) +} + +// TLSServerCertificateChain returns an attribute KeyValue conforming to the +// "tls.server.certificate_chain" semantic conventions. It represents the array +// of PEM-encoded certificates that make up the certificate chain offered by the +// server. This is usually mutually-exclusive of `server.certificate` since that +// value should be the first certificate in the chain. +func TLSServerCertificateChain(val ...string) attribute.KeyValue { + return TLSServerCertificateChainKey.StringSlice(val) +} + +// TLSServerHashMd5 returns an attribute KeyValue conforming to the +// "tls.server.hash.md5" semantic conventions. It represents the certificate +// fingerprint using the MD5 digest of DER-encoded version of certificate offered +// by the server. For consistency with other hash values, this value should be +// formatted as an uppercase hash. +func TLSServerHashMd5(val string) attribute.KeyValue { + return TLSServerHashMd5Key.String(val) +} + +// TLSServerHashSha1 returns an attribute KeyValue conforming to the +// "tls.server.hash.sha1" semantic conventions. It represents the certificate +// fingerprint using the SHA1 digest of DER-encoded version of certificate +// offered by the server. For consistency with other hash values, this value +// should be formatted as an uppercase hash. +func TLSServerHashSha1(val string) attribute.KeyValue { + return TLSServerHashSha1Key.String(val) +} + +// TLSServerHashSha256 returns an attribute KeyValue conforming to the +// "tls.server.hash.sha256" semantic conventions. It represents the certificate +// fingerprint using the SHA256 digest of DER-encoded version of certificate +// offered by the server. For consistency with other hash values, this value +// should be formatted as an uppercase hash. +func TLSServerHashSha256(val string) attribute.KeyValue { + return TLSServerHashSha256Key.String(val) +} + +// TLSServerIssuer returns an attribute KeyValue conforming to the +// "tls.server.issuer" semantic conventions. It represents the distinguished name +// of [subject] of the issuer of the x.509 certificate presented by the client. +// +// [subject]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 +func TLSServerIssuer(val string) attribute.KeyValue { + return TLSServerIssuerKey.String(val) +} + +// TLSServerJa3s returns an attribute KeyValue conforming to the +// "tls.server.ja3s" semantic conventions. It represents a hash that identifies +// servers based on how they perform an SSL/TLS handshake. +func TLSServerJa3s(val string) attribute.KeyValue { + return TLSServerJa3sKey.String(val) +} + +// TLSServerNotAfter returns an attribute KeyValue conforming to the +// "tls.server.not_after" semantic conventions. It represents the date/Time +// indicating when server certificate is no longer considered valid. +func TLSServerNotAfter(val string) attribute.KeyValue { + return TLSServerNotAfterKey.String(val) +} + +// TLSServerNotBefore returns an attribute KeyValue conforming to the +// "tls.server.not_before" semantic conventions. It represents the date/Time +// indicating when server certificate is first considered valid. +func TLSServerNotBefore(val string) attribute.KeyValue { + return TLSServerNotBeforeKey.String(val) +} + +// TLSServerSubject returns an attribute KeyValue conforming to the +// "tls.server.subject" semantic conventions. It represents the distinguished +// name of subject of the x.509 certificate presented by the server. +func TLSServerSubject(val string) attribute.KeyValue { + return TLSServerSubjectKey.String(val) +} + +// Enum values for tls.protocol.name +var ( + // ssl + // Stability: development + TLSProtocolNameSsl = TLSProtocolNameKey.String("ssl") + // tls + // Stability: development + TLSProtocolNameTLS = TLSProtocolNameKey.String("tls") +) + +// Namespace: url +const ( + // URLDomainKey is the attribute Key conforming to the "url.domain" semantic + // conventions. It represents the domain extracted from the `url.full`, such as + // "opentelemetry.io". + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "www.foo.bar", "opentelemetry.io", "3.12.167.2", + // "[1080:0:0:0:8:800:200C:417A]" + // Note: In some cases a URL may refer to an IP and/or port directly, without a + // domain name. In this case, the IP address would go to the domain field. If + // the URL contains a [literal IPv6 address] enclosed by `[` and `]`, the `[` + // and `]` characters should also be captured in the domain field. + // + // [literal IPv6 address]: https://www.rfc-editor.org/rfc/rfc2732#section-2 + URLDomainKey = attribute.Key("url.domain") + + // URLExtensionKey is the attribute Key conforming to the "url.extension" + // semantic conventions. It represents the file extension extracted from the + // `url.full`, excluding the leading dot. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "png", "gz" + // Note: The file extension is only set if it exists, as not every url has a + // file extension. When the file name has multiple extensions `example.tar.gz`, + // only the last one should be captured `gz`, not `tar.gz`. + URLExtensionKey = attribute.Key("url.extension") + + // URLFragmentKey is the attribute Key conforming to the "url.fragment" semantic + // conventions. It represents the [URI fragment] component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "SemConv" + // + // [URI fragment]: https://www.rfc-editor.org/rfc/rfc3986#section-3.5 + URLFragmentKey = attribute.Key("url.fragment") + + // URLFullKey is the attribute Key conforming to the "url.full" semantic + // conventions. It represents the absolute URL describing a network resource + // according to [RFC3986]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "https://www.foo.bar/search?q=OpenTelemetry#SemConv", "//localhost" + // Note: For network calls, URL usually has + // `scheme://host[:port][path][?query][#fragment]` format, where the fragment + // is not transmitted over HTTP, but if it is known, it SHOULD be included + // nevertheless. + // + // `url.full` MUST NOT contain credentials passed via URL in form of + // `https://username:password@www.example.com/`. + // In such case username and password SHOULD be redacted and attribute's value + // SHOULD be `https://REDACTED:REDACTED@www.example.com/`. + // + // `url.full` SHOULD capture the absolute URL when it is available (or can be + // reconstructed). + // + // Sensitive content provided in `url.full` SHOULD be scrubbed when + // instrumentations can identify it. + // + // + // Query string values for the following keys SHOULD be redacted by default and + // replaced by the + // value `REDACTED`: + // + // - [`AWSAccessKeyId`] + // - [`Signature`] + // - [`sig`] + // - [`X-Goog-Signature`] + // + // This list is subject to change over time. + // + // When a query string value is redacted, the query string key SHOULD still be + // preserved, e.g. + // `https://www.example.com/path?color=blue&sig=REDACTED`. + // + // [RFC3986]: https://www.rfc-editor.org/rfc/rfc3986 + // [`AWSAccessKeyId`]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html#RESTAuthenticationQueryStringAuth + // [`Signature`]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html#RESTAuthenticationQueryStringAuth + // [`sig`]: https://learn.microsoft.com/azure/storage/common/storage-sas-overview#sas-token + // [`X-Goog-Signature`]: https://cloud.google.com/storage/docs/access-control/signed-urls + URLFullKey = attribute.Key("url.full") + + // URLOriginalKey is the attribute Key conforming to the "url.original" semantic + // conventions. It represents the unmodified original URL as seen in the event + // source. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "https://www.foo.bar/search?q=OpenTelemetry#SemConv", + // "search?q=OpenTelemetry" + // Note: In network monitoring, the observed URL may be a full URL, whereas in + // access logs, the URL is often just represented as a path. This field is meant + // to represent the URL as it was observed, complete or not. + // `url.original` might contain credentials passed via URL in form of + // `https://username:password@www.example.com/`. In such case password and + // username SHOULD NOT be redacted and attribute's value SHOULD remain the same. + URLOriginalKey = attribute.Key("url.original") + + // URLPathKey is the attribute Key conforming to the "url.path" semantic + // conventions. It represents the [URI path] component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "/search" + // Note: Sensitive content provided in `url.path` SHOULD be scrubbed when + // instrumentations can identify it. + // + // [URI path]: https://www.rfc-editor.org/rfc/rfc3986#section-3.3 + URLPathKey = attribute.Key("url.path") + + // URLPortKey is the attribute Key conforming to the "url.port" semantic + // conventions. It represents the port extracted from the `url.full`. + // + // Type: int + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: 443 + URLPortKey = attribute.Key("url.port") + + // URLQueryKey is the attribute Key conforming to the "url.query" semantic + // conventions. It represents the [URI query] component. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "q=OpenTelemetry" + // Note: Sensitive content provided in `url.query` SHOULD be scrubbed when + // instrumentations can identify it. + // + // + // Query string values for the following keys SHOULD be redacted by default and + // replaced by the value `REDACTED`: + // + // - [`AWSAccessKeyId`] + // - [`Signature`] + // - [`sig`] + // - [`X-Goog-Signature`] + // + // This list is subject to change over time. + // + // When a query string value is redacted, the query string key SHOULD still be + // preserved, e.g. + // `q=OpenTelemetry&sig=REDACTED`. + // + // [URI query]: https://www.rfc-editor.org/rfc/rfc3986#section-3.4 + // [`AWSAccessKeyId`]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html#RESTAuthenticationQueryStringAuth + // [`Signature`]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html#RESTAuthenticationQueryStringAuth + // [`sig`]: https://learn.microsoft.com/azure/storage/common/storage-sas-overview#sas-token + // [`X-Goog-Signature`]: https://cloud.google.com/storage/docs/access-control/signed-urls + URLQueryKey = attribute.Key("url.query") + + // URLRegisteredDomainKey is the attribute Key conforming to the + // "url.registered_domain" semantic conventions. It represents the highest + // registered url domain, stripped of the subdomain. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "example.com", "foo.co.uk" + // Note: This value can be determined precisely with the [public suffix list]. + // For example, the registered domain for `foo.example.com` is `example.com`. + // Trying to approximate this by simply taking the last two labels will not work + // well for TLDs such as `co.uk`. + // + // [public suffix list]: https://publicsuffix.org/ + URLRegisteredDomainKey = attribute.Key("url.registered_domain") + + // URLSchemeKey is the attribute Key conforming to the "url.scheme" semantic + // conventions. It represents the [URI scheme] component identifying the used + // protocol. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "https", "ftp", "telnet" + // + // [URI scheme]: https://www.rfc-editor.org/rfc/rfc3986#section-3.1 + URLSchemeKey = attribute.Key("url.scheme") + + // URLSubdomainKey is the attribute Key conforming to the "url.subdomain" + // semantic conventions. It represents the subdomain portion of a fully + // qualified domain name includes all of the names except the host name under + // the registered_domain. In a partially qualified domain, or if the + // qualification level of the full name cannot be determined, subdomain contains + // all of the names below the registered domain. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "east", "sub2.sub1" + // Note: The subdomain portion of `www.east.mydomain.co.uk` is `east`. If the + // domain has multiple levels of subdomain, such as `sub2.sub1.example.com`, the + // subdomain field should contain `sub2.sub1`, with no trailing period. + URLSubdomainKey = attribute.Key("url.subdomain") + + // URLTemplateKey is the attribute Key conforming to the "url.template" semantic + // conventions. It represents the low-cardinality template of an + // [absolute path reference]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "/users/{id}", "/users/:id", "/users?id={id}" + // + // [absolute path reference]: https://www.rfc-editor.org/rfc/rfc3986#section-4.2 + URLTemplateKey = attribute.Key("url.template") + + // URLTopLevelDomainKey is the attribute Key conforming to the + // "url.top_level_domain" semantic conventions. It represents the effective top + // level domain (eTLD), also known as the domain suffix, is the last part of the + // domain name. For example, the top level domain for example.com is `com`. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "com", "co.uk" + // Note: This value can be determined precisely with the [public suffix list]. + // + // [public suffix list]: https://publicsuffix.org/ + URLTopLevelDomainKey = attribute.Key("url.top_level_domain") +) + +// URLDomain returns an attribute KeyValue conforming to the "url.domain" +// semantic conventions. It represents the domain extracted from the `url.full`, +// such as "opentelemetry.io". +func URLDomain(val string) attribute.KeyValue { + return URLDomainKey.String(val) +} + +// URLExtension returns an attribute KeyValue conforming to the "url.extension" +// semantic conventions. It represents the file extension extracted from the +// `url.full`, excluding the leading dot. +func URLExtension(val string) attribute.KeyValue { + return URLExtensionKey.String(val) +} + +// URLFragment returns an attribute KeyValue conforming to the "url.fragment" +// semantic conventions. It represents the [URI fragment] component. +// +// [URI fragment]: https://www.rfc-editor.org/rfc/rfc3986#section-3.5 +func URLFragment(val string) attribute.KeyValue { + return URLFragmentKey.String(val) +} + +// URLFull returns an attribute KeyValue conforming to the "url.full" semantic +// conventions. It represents the absolute URL describing a network resource +// according to [RFC3986]. +// +// [RFC3986]: https://www.rfc-editor.org/rfc/rfc3986 +func URLFull(val string) attribute.KeyValue { + return URLFullKey.String(val) +} + +// URLOriginal returns an attribute KeyValue conforming to the "url.original" +// semantic conventions. It represents the unmodified original URL as seen in the +// event source. +func URLOriginal(val string) attribute.KeyValue { + return URLOriginalKey.String(val) +} + +// URLPath returns an attribute KeyValue conforming to the "url.path" semantic +// conventions. It represents the [URI path] component. +// +// [URI path]: https://www.rfc-editor.org/rfc/rfc3986#section-3.3 +func URLPath(val string) attribute.KeyValue { + return URLPathKey.String(val) +} + +// URLPort returns an attribute KeyValue conforming to the "url.port" semantic +// conventions. It represents the port extracted from the `url.full`. +func URLPort(val int) attribute.KeyValue { + return URLPortKey.Int(val) +} + +// URLQuery returns an attribute KeyValue conforming to the "url.query" semantic +// conventions. It represents the [URI query] component. +// +// [URI query]: https://www.rfc-editor.org/rfc/rfc3986#section-3.4 +func URLQuery(val string) attribute.KeyValue { + return URLQueryKey.String(val) +} + +// URLRegisteredDomain returns an attribute KeyValue conforming to the +// "url.registered_domain" semantic conventions. It represents the highest +// registered url domain, stripped of the subdomain. +func URLRegisteredDomain(val string) attribute.KeyValue { + return URLRegisteredDomainKey.String(val) +} + +// URLScheme returns an attribute KeyValue conforming to the "url.scheme" +// semantic conventions. It represents the [URI scheme] component identifying the +// used protocol. +// +// [URI scheme]: https://www.rfc-editor.org/rfc/rfc3986#section-3.1 +func URLScheme(val string) attribute.KeyValue { + return URLSchemeKey.String(val) +} + +// URLSubdomain returns an attribute KeyValue conforming to the "url.subdomain" +// semantic conventions. It represents the subdomain portion of a fully qualified +// domain name includes all of the names except the host name under the +// registered_domain. In a partially qualified domain, or if the qualification +// level of the full name cannot be determined, subdomain contains all of the +// names below the registered domain. +func URLSubdomain(val string) attribute.KeyValue { + return URLSubdomainKey.String(val) +} + +// URLTemplate returns an attribute KeyValue conforming to the "url.template" +// semantic conventions. It represents the low-cardinality template of an +// [absolute path reference]. +// +// [absolute path reference]: https://www.rfc-editor.org/rfc/rfc3986#section-4.2 +func URLTemplate(val string) attribute.KeyValue { + return URLTemplateKey.String(val) +} + +// URLTopLevelDomain returns an attribute KeyValue conforming to the +// "url.top_level_domain" semantic conventions. It represents the effective top +// level domain (eTLD), also known as the domain suffix, is the last part of the +// domain name. For example, the top level domain for example.com is `com`. +func URLTopLevelDomain(val string) attribute.KeyValue { + return URLTopLevelDomainKey.String(val) +} + +// Namespace: user +const ( + // UserEmailKey is the attribute Key conforming to the "user.email" semantic + // conventions. It represents the user email address. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "a.einstein@example.com" + UserEmailKey = attribute.Key("user.email") + + // UserFullNameKey is the attribute Key conforming to the "user.full_name" + // semantic conventions. It represents the user's full name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Albert Einstein" + UserFullNameKey = attribute.Key("user.full_name") + + // UserHashKey is the attribute Key conforming to the "user.hash" semantic + // conventions. It represents the unique user hash to correlate information for + // a user in anonymized form. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "364fc68eaf4c8acec74a4e52d7d1feaa" + // Note: Useful if `user.id` or `user.name` contain confidential information and + // cannot be used. + UserHashKey = attribute.Key("user.hash") + + // UserIDKey is the attribute Key conforming to the "user.id" semantic + // conventions. It represents the unique identifier of the user. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "S-1-5-21-202424912787-2692429404-2351956786-1000" + UserIDKey = attribute.Key("user.id") + + // UserNameKey is the attribute Key conforming to the "user.name" semantic + // conventions. It represents the short name or login/username of the user. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "a.einstein" + UserNameKey = attribute.Key("user.name") + + // UserRolesKey is the attribute Key conforming to the "user.roles" semantic + // conventions. It represents the array of user roles at the time of the event. + // + // Type: string[] + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "admin", "reporting_user" + UserRolesKey = attribute.Key("user.roles") +) + +// UserEmail returns an attribute KeyValue conforming to the "user.email" +// semantic conventions. It represents the user email address. +func UserEmail(val string) attribute.KeyValue { + return UserEmailKey.String(val) +} + +// UserFullName returns an attribute KeyValue conforming to the "user.full_name" +// semantic conventions. It represents the user's full name. +func UserFullName(val string) attribute.KeyValue { + return UserFullNameKey.String(val) +} + +// UserHash returns an attribute KeyValue conforming to the "user.hash" semantic +// conventions. It represents the unique user hash to correlate information for a +// user in anonymized form. +func UserHash(val string) attribute.KeyValue { + return UserHashKey.String(val) +} + +// UserID returns an attribute KeyValue conforming to the "user.id" semantic +// conventions. It represents the unique identifier of the user. +func UserID(val string) attribute.KeyValue { + return UserIDKey.String(val) +} + +// UserName returns an attribute KeyValue conforming to the "user.name" semantic +// conventions. It represents the short name or login/username of the user. +func UserName(val string) attribute.KeyValue { + return UserNameKey.String(val) +} + +// UserRoles returns an attribute KeyValue conforming to the "user.roles" +// semantic conventions. It represents the array of user roles at the time of the +// event. +func UserRoles(val ...string) attribute.KeyValue { + return UserRolesKey.StringSlice(val) +} + +// Namespace: user_agent +const ( + // UserAgentNameKey is the attribute Key conforming to the "user_agent.name" + // semantic conventions. It represents the name of the user-agent extracted from + // original. Usually refers to the browser's name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Safari", "YourApp" + // Note: [Example] of extracting browser's name from original string. In the + // case of using a user-agent for non-browser products, such as microservices + // with multiple names/versions inside the `user_agent.original`, the most + // significant name SHOULD be selected. In such a scenario it should align with + // `user_agent.version` + // + // [Example]: https://www.whatsmyua.info + UserAgentNameKey = attribute.Key("user_agent.name") + + // UserAgentOriginalKey is the attribute Key conforming to the + // "user_agent.original" semantic conventions. It represents the value of the + // [HTTP User-Agent] header sent by the client. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Stable + // + // Examples: "CERN-LineMode/2.15 libwww/2.17b3", "Mozilla/5.0 (iPhone; CPU + // iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) + // Version/14.1.2 Mobile/15E148 Safari/604.1", "YourApp/1.0.0 + // grpc-java-okhttp/1.27.2" + // + // [HTTP User-Agent]: https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent + UserAgentOriginalKey = attribute.Key("user_agent.original") + + // UserAgentOSNameKey is the attribute Key conforming to the + // "user_agent.os.name" semantic conventions. It represents the human readable + // operating system name. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "iOS", "Android", "Ubuntu" + // Note: For mapping user agent strings to OS names, libraries such as + // [ua-parser] can be utilized. + // + // [ua-parser]: https://github.com/ua-parser + UserAgentOSNameKey = attribute.Key("user_agent.os.name") + + // UserAgentOSVersionKey is the attribute Key conforming to the + // "user_agent.os.version" semantic conventions. It represents the version + // string of the operating system as defined in [Version Attributes]. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "14.2.1", "18.04.1" + // Note: For mapping user agent strings to OS versions, libraries such as + // [ua-parser] can be utilized. + // + // [Version Attributes]: /docs/resource/README.md#version-attributes + // [ua-parser]: https://github.com/ua-parser + UserAgentOSVersionKey = attribute.Key("user_agent.os.version") + + // UserAgentSyntheticTypeKey is the attribute Key conforming to the + // "user_agent.synthetic.type" semantic conventions. It represents the specifies + // the category of synthetic traffic, such as tests or bots. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // Note: This attribute MAY be derived from the contents of the + // `user_agent.original` attribute. Components that populate the attribute are + // responsible for determining what they consider to be synthetic bot or test + // traffic. This attribute can either be set for self-identification purposes, + // or on telemetry detected to be generated as a result of a synthetic request. + // This attribute is useful for distinguishing between genuine client traffic + // and synthetic traffic generated by bots or tests. + UserAgentSyntheticTypeKey = attribute.Key("user_agent.synthetic.type") + + // UserAgentVersionKey is the attribute Key conforming to the + // "user_agent.version" semantic conventions. It represents the version of the + // user-agent extracted from original. Usually refers to the browser's version. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "14.1.2", "1.0.0" + // Note: [Example] of extracting browser's version from original string. In the + // case of using a user-agent for non-browser products, such as microservices + // with multiple names/versions inside the `user_agent.original`, the most + // significant version SHOULD be selected. In such a scenario it should align + // with `user_agent.name` + // + // [Example]: https://www.whatsmyua.info + UserAgentVersionKey = attribute.Key("user_agent.version") +) + +// UserAgentName returns an attribute KeyValue conforming to the +// "user_agent.name" semantic conventions. It represents the name of the +// user-agent extracted from original. Usually refers to the browser's name. +func UserAgentName(val string) attribute.KeyValue { + return UserAgentNameKey.String(val) +} + +// UserAgentOriginal returns an attribute KeyValue conforming to the +// "user_agent.original" semantic conventions. It represents the value of the +// [HTTP User-Agent] header sent by the client. +// +// [HTTP User-Agent]: https://www.rfc-editor.org/rfc/rfc9110.html#field.user-agent +func UserAgentOriginal(val string) attribute.KeyValue { + return UserAgentOriginalKey.String(val) +} + +// UserAgentOSName returns an attribute KeyValue conforming to the +// "user_agent.os.name" semantic conventions. It represents the human readable +// operating system name. +func UserAgentOSName(val string) attribute.KeyValue { + return UserAgentOSNameKey.String(val) +} + +// UserAgentOSVersion returns an attribute KeyValue conforming to the +// "user_agent.os.version" semantic conventions. It represents the version string +// of the operating system as defined in [Version Attributes]. +// +// [Version Attributes]: /docs/resource/README.md#version-attributes +func UserAgentOSVersion(val string) attribute.KeyValue { + return UserAgentOSVersionKey.String(val) +} + +// UserAgentVersion returns an attribute KeyValue conforming to the +// "user_agent.version" semantic conventions. It represents the version of the +// user-agent extracted from original. Usually refers to the browser's version. +func UserAgentVersion(val string) attribute.KeyValue { + return UserAgentVersionKey.String(val) +} + +// Enum values for user_agent.synthetic.type +var ( + // Bot source. + // Stability: development + UserAgentSyntheticTypeBot = UserAgentSyntheticTypeKey.String("bot") + // Synthetic test source. + // Stability: development + UserAgentSyntheticTypeTest = UserAgentSyntheticTypeKey.String("test") +) + +// Namespace: vcs +const ( + // VCSChangeIDKey is the attribute Key conforming to the "vcs.change.id" + // semantic conventions. It represents the ID of the change (pull request/merge + // request/changelist) if applicable. This is usually a unique (within + // repository) identifier generated by the VCS system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "123" + VCSChangeIDKey = attribute.Key("vcs.change.id") + + // VCSChangeStateKey is the attribute Key conforming to the "vcs.change.state" + // semantic conventions. It represents the state of the change (pull + // request/merge request/changelist). + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "open", "closed", "merged" + VCSChangeStateKey = attribute.Key("vcs.change.state") + + // VCSChangeTitleKey is the attribute Key conforming to the "vcs.change.title" + // semantic conventions. It represents the human readable title of the change + // (pull request/merge request/changelist). This title is often a brief summary + // of the change and may get merged in to a ref as the commit summary. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "Fixes broken thing", "feat: add my new feature", "[chore] update + // dependency" + VCSChangeTitleKey = attribute.Key("vcs.change.title") + + // VCSLineChangeTypeKey is the attribute Key conforming to the + // "vcs.line_change.type" semantic conventions. It represents the type of line + // change being measured on a branch or change. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "added", "removed" + VCSLineChangeTypeKey = attribute.Key("vcs.line_change.type") + + // VCSOwnerNameKey is the attribute Key conforming to the "vcs.owner.name" + // semantic conventions. It represents the group owner within the version + // control system. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-org", "myteam", "business-unit" + VCSOwnerNameKey = attribute.Key("vcs.owner.name") + + // VCSProviderNameKey is the attribute Key conforming to the "vcs.provider.name" + // semantic conventions. It represents the name of the version control system + // provider. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "github", "gitlab", "gitea", "bitbucket" + VCSProviderNameKey = attribute.Key("vcs.provider.name") + + // VCSRefBaseNameKey is the attribute Key conforming to the "vcs.ref.base.name" + // semantic conventions. It represents the name of the [reference] such as + // **branch** or **tag** in the repository. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-feature-branch", "tag-1-test" + // Note: `base` refers to the starting point of a change. For example, `main` + // would be the base reference of type branch if you've created a new + // reference of type branch from it and created new commits. + // + // [reference]: https://git-scm.com/docs/gitglossary#def_ref + VCSRefBaseNameKey = attribute.Key("vcs.ref.base.name") + + // VCSRefBaseRevisionKey is the attribute Key conforming to the + // "vcs.ref.base.revision" semantic conventions. It represents the revision, + // literally [revised version], The revision most often refers to a commit + // object in Git, or a revision number in SVN. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "9d59409acf479dfa0df1aa568182e43e43df8bbe28d60fcf2bc52e30068802cc", + // "main", "123", "HEAD" + // Note: `base` refers to the starting point of a change. For example, `main` + // would be the base reference of type branch if you've created a new + // reference of type branch from it and created new commits. The + // revision can be a full [hash value (see + // glossary)], + // of the recorded change to a ref within a repository pointing to a + // commit [commit] object. It does + // not necessarily have to be a hash; it can simply define a [revision + // number] + // which is an integer that is monotonically increasing. In cases where + // it is identical to the `ref.base.name`, it SHOULD still be included. + // It is up to the implementer to decide which value to set as the + // revision based on the VCS system and situational context. + // + // [revised version]: https://www.merriam-webster.com/dictionary/revision + // [hash value (see + // glossary)]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf + // [commit]: https://git-scm.com/docs/git-commit + // [revision + // number]: https://svnbook.red-bean.com/en/1.7/svn.tour.revs.specifiers.html + VCSRefBaseRevisionKey = attribute.Key("vcs.ref.base.revision") + + // VCSRefBaseTypeKey is the attribute Key conforming to the "vcs.ref.base.type" + // semantic conventions. It represents the type of the [reference] in the + // repository. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "branch", "tag" + // Note: `base` refers to the starting point of a change. For example, `main` + // would be the base reference of type branch if you've created a new + // reference of type branch from it and created new commits. + // + // [reference]: https://git-scm.com/docs/gitglossary#def_ref + VCSRefBaseTypeKey = attribute.Key("vcs.ref.base.type") + + // VCSRefHeadNameKey is the attribute Key conforming to the "vcs.ref.head.name" + // semantic conventions. It represents the name of the [reference] such as + // **branch** or **tag** in the repository. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "my-feature-branch", "tag-1-test" + // Note: `head` refers to where you are right now; the current reference at a + // given time. + // + // [reference]: https://git-scm.com/docs/gitglossary#def_ref + VCSRefHeadNameKey = attribute.Key("vcs.ref.head.name") + + // VCSRefHeadRevisionKey is the attribute Key conforming to the + // "vcs.ref.head.revision" semantic conventions. It represents the revision, + // literally [revised version], The revision most often refers to a commit + // object in Git, or a revision number in SVN. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "9d59409acf479dfa0df1aa568182e43e43df8bbe28d60fcf2bc52e30068802cc", + // "main", "123", "HEAD" + // Note: `head` refers to where you are right now; the current reference at a + // given time.The revision can be a full [hash value (see + // glossary)], + // of the recorded change to a ref within a repository pointing to a + // commit [commit] object. It does + // not necessarily have to be a hash; it can simply define a [revision + // number] + // which is an integer that is monotonically increasing. In cases where + // it is identical to the `ref.head.name`, it SHOULD still be included. + // It is up to the implementer to decide which value to set as the + // revision based on the VCS system and situational context. + // + // [revised version]: https://www.merriam-webster.com/dictionary/revision + // [hash value (see + // glossary)]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf + // [commit]: https://git-scm.com/docs/git-commit + // [revision + // number]: https://svnbook.red-bean.com/en/1.7/svn.tour.revs.specifiers.html + VCSRefHeadRevisionKey = attribute.Key("vcs.ref.head.revision") + + // VCSRefHeadTypeKey is the attribute Key conforming to the "vcs.ref.head.type" + // semantic conventions. It represents the type of the [reference] in the + // repository. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "branch", "tag" + // Note: `head` refers to where you are right now; the current reference at a + // given time. + // + // [reference]: https://git-scm.com/docs/gitglossary#def_ref + VCSRefHeadTypeKey = attribute.Key("vcs.ref.head.type") + + // VCSRefTypeKey is the attribute Key conforming to the "vcs.ref.type" semantic + // conventions. It represents the type of the [reference] in the repository. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "branch", "tag" + // + // [reference]: https://git-scm.com/docs/gitglossary#def_ref + VCSRefTypeKey = attribute.Key("vcs.ref.type") + + // VCSRepositoryNameKey is the attribute Key conforming to the + // "vcs.repository.name" semantic conventions. It represents the human readable + // name of the repository. It SHOULD NOT include any additional identifier like + // Group/SubGroup in GitLab or organization in GitHub. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "semantic-conventions", "my-cool-repo" + // Note: Due to it only being the name, it can clash with forks of the same + // repository if collecting telemetry across multiple orgs or groups in + // the same backends. + VCSRepositoryNameKey = attribute.Key("vcs.repository.name") + + // VCSRepositoryURLFullKey is the attribute Key conforming to the + // "vcs.repository.url.full" semantic conventions. It represents the + // [canonical URL] of the repository providing the complete HTTP(S) address in + // order to locate and identify the repository through a browser. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: + // "https://github.com/opentelemetry/open-telemetry-collector-contrib", + // "https://gitlab.com/my-org/my-project/my-projects-project/repo" + // Note: In Git Version Control Systems, the canonical URL SHOULD NOT include + // the `.git` extension. + // + // [canonical URL]: https://support.google.com/webmasters/answer/10347851?hl=en#:~:text=A%20canonical%20URL%20is%20the,Google%20chooses%20one%20as%20canonical. + VCSRepositoryURLFullKey = attribute.Key("vcs.repository.url.full") + + // VCSRevisionDeltaDirectionKey is the attribute Key conforming to the + // "vcs.revision_delta.direction" semantic conventions. It represents the type + // of revision comparison. + // + // Type: Enum + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "ahead", "behind" + VCSRevisionDeltaDirectionKey = attribute.Key("vcs.revision_delta.direction") +) + +// VCSChangeID returns an attribute KeyValue conforming to the "vcs.change.id" +// semantic conventions. It represents the ID of the change (pull request/merge +// request/changelist) if applicable. This is usually a unique (within +// repository) identifier generated by the VCS system. +func VCSChangeID(val string) attribute.KeyValue { + return VCSChangeIDKey.String(val) +} + +// VCSChangeTitle returns an attribute KeyValue conforming to the +// "vcs.change.title" semantic conventions. It represents the human readable +// title of the change (pull request/merge request/changelist). This title is +// often a brief summary of the change and may get merged in to a ref as the +// commit summary. +func VCSChangeTitle(val string) attribute.KeyValue { + return VCSChangeTitleKey.String(val) +} + +// VCSOwnerName returns an attribute KeyValue conforming to the "vcs.owner.name" +// semantic conventions. It represents the group owner within the version control +// system. +func VCSOwnerName(val string) attribute.KeyValue { + return VCSOwnerNameKey.String(val) +} + +// VCSRefBaseName returns an attribute KeyValue conforming to the +// "vcs.ref.base.name" semantic conventions. It represents the name of the +// [reference] such as **branch** or **tag** in the repository. +// +// [reference]: https://git-scm.com/docs/gitglossary#def_ref +func VCSRefBaseName(val string) attribute.KeyValue { + return VCSRefBaseNameKey.String(val) +} + +// VCSRefBaseRevision returns an attribute KeyValue conforming to the +// "vcs.ref.base.revision" semantic conventions. It represents the revision, +// literally [revised version], The revision most often refers to a commit object +// in Git, or a revision number in SVN. +// +// [revised version]: https://www.merriam-webster.com/dictionary/revision +func VCSRefBaseRevision(val string) attribute.KeyValue { + return VCSRefBaseRevisionKey.String(val) +} + +// VCSRefHeadName returns an attribute KeyValue conforming to the +// "vcs.ref.head.name" semantic conventions. It represents the name of the +// [reference] such as **branch** or **tag** in the repository. +// +// [reference]: https://git-scm.com/docs/gitglossary#def_ref +func VCSRefHeadName(val string) attribute.KeyValue { + return VCSRefHeadNameKey.String(val) +} + +// VCSRefHeadRevision returns an attribute KeyValue conforming to the +// "vcs.ref.head.revision" semantic conventions. It represents the revision, +// literally [revised version], The revision most often refers to a commit object +// in Git, or a revision number in SVN. +// +// [revised version]: https://www.merriam-webster.com/dictionary/revision +func VCSRefHeadRevision(val string) attribute.KeyValue { + return VCSRefHeadRevisionKey.String(val) +} + +// VCSRepositoryName returns an attribute KeyValue conforming to the +// "vcs.repository.name" semantic conventions. It represents the human readable +// name of the repository. It SHOULD NOT include any additional identifier like +// Group/SubGroup in GitLab or organization in GitHub. +func VCSRepositoryName(val string) attribute.KeyValue { + return VCSRepositoryNameKey.String(val) +} + +// VCSRepositoryURLFull returns an attribute KeyValue conforming to the +// "vcs.repository.url.full" semantic conventions. It represents the +// [canonical URL] of the repository providing the complete HTTP(S) address in +// order to locate and identify the repository through a browser. +// +// [canonical URL]: https://support.google.com/webmasters/answer/10347851?hl=en#:~:text=A%20canonical%20URL%20is%20the,Google%20chooses%20one%20as%20canonical. +func VCSRepositoryURLFull(val string) attribute.KeyValue { + return VCSRepositoryURLFullKey.String(val) +} + +// Enum values for vcs.change.state +var ( + // Open means the change is currently active and under review. It hasn't been + // merged into the target branch yet, and it's still possible to make changes or + // add comments. + // Stability: development + VCSChangeStateOpen = VCSChangeStateKey.String("open") + // WIP (work-in-progress, draft) means the change is still in progress and not + // yet ready for a full review. It might still undergo significant changes. + // Stability: development + VCSChangeStateWip = VCSChangeStateKey.String("wip") + // Closed means the merge request has been closed without merging. This can + // happen for various reasons, such as the changes being deemed unnecessary, the + // issue being resolved in another way, or the author deciding to withdraw the + // request. + // Stability: development + VCSChangeStateClosed = VCSChangeStateKey.String("closed") + // Merged indicates that the change has been successfully integrated into the + // target codebase. + // Stability: development + VCSChangeStateMerged = VCSChangeStateKey.String("merged") +) + +// Enum values for vcs.line_change.type +var ( + // How many lines were added. + // Stability: development + VCSLineChangeTypeAdded = VCSLineChangeTypeKey.String("added") + // How many lines were removed. + // Stability: development + VCSLineChangeTypeRemoved = VCSLineChangeTypeKey.String("removed") +) + +// Enum values for vcs.provider.name +var ( + // [GitHub] + // Stability: development + // + // [GitHub]: https://github.com + VCSProviderNameGithub = VCSProviderNameKey.String("github") + // [GitLab] + // Stability: development + // + // [GitLab]: https://gitlab.com + VCSProviderNameGitlab = VCSProviderNameKey.String("gitlab") + // [Gitea] + // Stability: development + // + // [Gitea]: https://gitea.io + VCSProviderNameGitea = VCSProviderNameKey.String("gitea") + // [Bitbucket] + // Stability: development + // + // [Bitbucket]: https://bitbucket.org + VCSProviderNameBitbucket = VCSProviderNameKey.String("bitbucket") +) + +// Enum values for vcs.ref.base.type +var ( + // [branch] + // Stability: development + // + // [branch]: https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddefbranchabranch + VCSRefBaseTypeBranch = VCSRefBaseTypeKey.String("branch") + // [tag] + // Stability: development + // + // [tag]: https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddeftagatag + VCSRefBaseTypeTag = VCSRefBaseTypeKey.String("tag") +) + +// Enum values for vcs.ref.head.type +var ( + // [branch] + // Stability: development + // + // [branch]: https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddefbranchabranch + VCSRefHeadTypeBranch = VCSRefHeadTypeKey.String("branch") + // [tag] + // Stability: development + // + // [tag]: https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddeftagatag + VCSRefHeadTypeTag = VCSRefHeadTypeKey.String("tag") +) + +// Enum values for vcs.ref.type +var ( + // [branch] + // Stability: development + // + // [branch]: https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddefbranchabranch + VCSRefTypeBranch = VCSRefTypeKey.String("branch") + // [tag] + // Stability: development + // + // [tag]: https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddeftagatag + VCSRefTypeTag = VCSRefTypeKey.String("tag") +) + +// Enum values for vcs.revision_delta.direction +var ( + // How many revisions the change is behind the target ref. + // Stability: development + VCSRevisionDeltaDirectionBehind = VCSRevisionDeltaDirectionKey.String("behind") + // How many revisions the change is ahead of the target ref. + // Stability: development + VCSRevisionDeltaDirectionAhead = VCSRevisionDeltaDirectionKey.String("ahead") +) + +// Namespace: webengine +const ( + // WebEngineDescriptionKey is the attribute Key conforming to the + // "webengine.description" semantic conventions. It represents the additional + // description of the web engine (e.g. detailed version and edition + // information). + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "WildFly Full 21.0.0.Final (WildFly Core 13.0.1.Final) - + // 2.2.2.Final" + WebEngineDescriptionKey = attribute.Key("webengine.description") + + // WebEngineNameKey is the attribute Key conforming to the "webengine.name" + // semantic conventions. It represents the name of the web engine. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "WildFly" + WebEngineNameKey = attribute.Key("webengine.name") + + // WebEngineVersionKey is the attribute Key conforming to the + // "webengine.version" semantic conventions. It represents the version of the + // web engine. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "21.0.0" + WebEngineVersionKey = attribute.Key("webengine.version") +) + +// WebEngineDescription returns an attribute KeyValue conforming to the +// "webengine.description" semantic conventions. It represents the additional +// description of the web engine (e.g. detailed version and edition information). +func WebEngineDescription(val string) attribute.KeyValue { + return WebEngineDescriptionKey.String(val) +} + +// WebEngineName returns an attribute KeyValue conforming to the "webengine.name" +// semantic conventions. It represents the name of the web engine. +func WebEngineName(val string) attribute.KeyValue { + return WebEngineNameKey.String(val) +} + +// WebEngineVersion returns an attribute KeyValue conforming to the +// "webengine.version" semantic conventions. It represents the version of the web +// engine. +func WebEngineVersion(val string) attribute.KeyValue { + return WebEngineVersionKey.String(val) +} + +// Namespace: zos +const ( + // ZOSSmfIDKey is the attribute Key conforming to the "zos.smf.id" semantic + // conventions. It represents the System Management Facility (SMF) Identifier + // uniquely identified a z/OS system within a SYSPLEX or mainframe environment + // and is used for system and performance analysis. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "SYS1" + ZOSSmfIDKey = attribute.Key("zos.smf.id") + + // ZOSSysplexNameKey is the attribute Key conforming to the "zos.sysplex.name" + // semantic conventions. It represents the name of the SYSPLEX to which the z/OS + // system belongs too. + // + // Type: string + // RequirementLevel: Recommended + // Stability: Development + // + // Examples: "SYSPLEX1" + ZOSSysplexNameKey = attribute.Key("zos.sysplex.name") +) + +// ZOSSmfID returns an attribute KeyValue conforming to the "zos.smf.id" semantic +// conventions. It represents the System Management Facility (SMF) Identifier +// uniquely identified a z/OS system within a SYSPLEX or mainframe environment +// and is used for system and performance analysis. +func ZOSSmfID(val string) attribute.KeyValue { + return ZOSSmfIDKey.String(val) +} + +// ZOSSysplexName returns an attribute KeyValue conforming to the +// "zos.sysplex.name" semantic conventions. It represents the name of the SYSPLEX +// to which the z/OS system belongs too. +func ZOSSysplexName(val string) attribute.KeyValue { + return ZOSSysplexNameKey.String(val) +} \ No newline at end of file diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/doc.go b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/doc.go new file mode 100644 index 000000000..111010321 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/doc.go @@ -0,0 +1,9 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package semconv implements OpenTelemetry semantic conventions. +// +// OpenTelemetry semantic conventions are agreed standardized naming +// patterns for OpenTelemetry things. This package represents the v1.37.0 +// version of the OpenTelemetry semantic conventions. +package semconv // import "go.opentelemetry.io/otel/semconv/v1.37.0" diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/error_type.go b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/error_type.go new file mode 100644 index 000000000..267979c05 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/error_type.go @@ -0,0 +1,56 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package semconv // import "go.opentelemetry.io/otel/semconv/v1.37.0" + +import ( + "reflect" + + "go.opentelemetry.io/otel/attribute" +) + +// ErrorType returns an [attribute.KeyValue] identifying the error type of err. +// +// If err is nil, the returned attribute has the default value +// [ErrorTypeOther]. +// +// If err's type has the method +// +// ErrorType() string +// +// then the returned attribute has the value of err.ErrorType(). Otherwise, the +// returned attribute has a value derived from the concrete type of err. +// +// The key of the returned attribute is [ErrorTypeKey]. +func ErrorType(err error) attribute.KeyValue { + if err == nil { + return ErrorTypeOther + } + + return ErrorTypeKey.String(errorType(err)) +} + +func errorType(err error) string { + var s string + if et, ok := err.(interface{ ErrorType() string }); ok { + // Prioritize the ErrorType method if available. + s = et.ErrorType() + } + if s == "" { + // Fallback to reflection if the ErrorType method is not supported or + // returns an empty value. + + t := reflect.TypeOf(err) + pkg, name := t.PkgPath(), t.Name() + if pkg != "" && name != "" { + s = pkg + "." + name + } else { + // The type has no package path or name (predeclared, not-defined, + // or alias for a not-defined type). + // + // This is not guaranteed to be unique, but is a best effort. + s = t.String() + } + } + return s +} diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/exception.go b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/exception.go new file mode 100644 index 000000000..e67469a4f --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/exception.go @@ -0,0 +1,9 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package semconv // import "go.opentelemetry.io/otel/semconv/v1.37.0" + +const ( + // ExceptionEventName is the name of the Span event representing an exception. + ExceptionEventName = "exception" +) diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/otelconv/metric.go b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/otelconv/metric.go new file mode 100644 index 000000000..fd064530c --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/otelconv/metric.go @@ -0,0 +1,2264 @@ +// Code generated from semantic convention specification. DO NOT EDIT. + +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +// Package otelconv provides types and functionality for OpenTelemetry semantic +// conventions in the "otel" namespace. +package otelconv + +import ( + "context" + "sync" + + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/metric" + "go.opentelemetry.io/otel/metric/noop" +) + +var ( + addOptPool = &sync.Pool{New: func() any { return &[]metric.AddOption{} }} + recOptPool = &sync.Pool{New: func() any { return &[]metric.RecordOption{} }} +) + +// ErrorTypeAttr is an attribute conforming to the error.type semantic +// conventions. It represents the describes a class of error the operation ended +// with. +type ErrorTypeAttr string + +var ( + // ErrorTypeOther is a fallback error value to be used when the instrumentation + // doesn't define a custom value. + ErrorTypeOther ErrorTypeAttr = "_OTHER" +) + +// ComponentTypeAttr is an attribute conforming to the otel.component.type +// semantic conventions. It represents a name identifying the type of the +// OpenTelemetry component. +type ComponentTypeAttr string + +var ( + // ComponentTypeBatchingSpanProcessor is the builtin SDK batching span + // processor. + ComponentTypeBatchingSpanProcessor ComponentTypeAttr = "batching_span_processor" + // ComponentTypeSimpleSpanProcessor is the builtin SDK simple span processor. + ComponentTypeSimpleSpanProcessor ComponentTypeAttr = "simple_span_processor" + // ComponentTypeBatchingLogProcessor is the builtin SDK batching log record + // processor. + ComponentTypeBatchingLogProcessor ComponentTypeAttr = "batching_log_processor" + // ComponentTypeSimpleLogProcessor is the builtin SDK simple log record + // processor. + ComponentTypeSimpleLogProcessor ComponentTypeAttr = "simple_log_processor" + // ComponentTypeOtlpGRPCSpanExporter is the OTLP span exporter over gRPC with + // protobuf serialization. + ComponentTypeOtlpGRPCSpanExporter ComponentTypeAttr = "otlp_grpc_span_exporter" + // ComponentTypeOtlpHTTPSpanExporter is the OTLP span exporter over HTTP with + // protobuf serialization. + ComponentTypeOtlpHTTPSpanExporter ComponentTypeAttr = "otlp_http_span_exporter" + // ComponentTypeOtlpHTTPJSONSpanExporter is the OTLP span exporter over HTTP + // with JSON serialization. + ComponentTypeOtlpHTTPJSONSpanExporter ComponentTypeAttr = "otlp_http_json_span_exporter" + // ComponentTypeZipkinHTTPSpanExporter is the zipkin span exporter over HTTP. + ComponentTypeZipkinHTTPSpanExporter ComponentTypeAttr = "zipkin_http_span_exporter" + // ComponentTypeOtlpGRPCLogExporter is the OTLP log record exporter over gRPC + // with protobuf serialization. + ComponentTypeOtlpGRPCLogExporter ComponentTypeAttr = "otlp_grpc_log_exporter" + // ComponentTypeOtlpHTTPLogExporter is the OTLP log record exporter over HTTP + // with protobuf serialization. + ComponentTypeOtlpHTTPLogExporter ComponentTypeAttr = "otlp_http_log_exporter" + // ComponentTypeOtlpHTTPJSONLogExporter is the OTLP log record exporter over + // HTTP with JSON serialization. + ComponentTypeOtlpHTTPJSONLogExporter ComponentTypeAttr = "otlp_http_json_log_exporter" + // ComponentTypePeriodicMetricReader is the builtin SDK periodically exporting + // metric reader. + ComponentTypePeriodicMetricReader ComponentTypeAttr = "periodic_metric_reader" + // ComponentTypeOtlpGRPCMetricExporter is the OTLP metric exporter over gRPC + // with protobuf serialization. + ComponentTypeOtlpGRPCMetricExporter ComponentTypeAttr = "otlp_grpc_metric_exporter" + // ComponentTypeOtlpHTTPMetricExporter is the OTLP metric exporter over HTTP + // with protobuf serialization. + ComponentTypeOtlpHTTPMetricExporter ComponentTypeAttr = "otlp_http_metric_exporter" + // ComponentTypeOtlpHTTPJSONMetricExporter is the OTLP metric exporter over HTTP + // with JSON serialization. + ComponentTypeOtlpHTTPJSONMetricExporter ComponentTypeAttr = "otlp_http_json_metric_exporter" + // ComponentTypePrometheusHTTPTextMetricExporter is the prometheus metric + // exporter over HTTP with the default text-based format. + ComponentTypePrometheusHTTPTextMetricExporter ComponentTypeAttr = "prometheus_http_text_metric_exporter" +) + +// SpanParentOriginAttr is an attribute conforming to the otel.span.parent.origin +// semantic conventions. It represents the determines whether the span has a +// parent span, and if so, [whether it is a remote parent]. +// +// [whether it is a remote parent]: https://opentelemetry.io/docs/specs/otel/trace/api/#isremote +type SpanParentOriginAttr string + +var ( + // SpanParentOriginNone is the span does not have a parent, it is a root span. + SpanParentOriginNone SpanParentOriginAttr = "none" + // SpanParentOriginLocal is the span has a parent and the parent's span context + // [isRemote()] is false. + // + // [isRemote()]: https://opentelemetry.io/docs/specs/otel/trace/api/#isremote + SpanParentOriginLocal SpanParentOriginAttr = "local" + // SpanParentOriginRemote is the span has a parent and the parent's span context + // [isRemote()] is true. + // + // [isRemote()]: https://opentelemetry.io/docs/specs/otel/trace/api/#isremote + SpanParentOriginRemote SpanParentOriginAttr = "remote" +) + +// SpanSamplingResultAttr is an attribute conforming to the +// otel.span.sampling_result semantic conventions. It represents the result value +// of the sampler for this span. +type SpanSamplingResultAttr string + +var ( + // SpanSamplingResultDrop is the span is not sampled and not recording. + SpanSamplingResultDrop SpanSamplingResultAttr = "DROP" + // SpanSamplingResultRecordOnly is the span is not sampled, but recording. + SpanSamplingResultRecordOnly SpanSamplingResultAttr = "RECORD_ONLY" + // SpanSamplingResultRecordAndSample is the span is sampled and recording. + SpanSamplingResultRecordAndSample SpanSamplingResultAttr = "RECORD_AND_SAMPLE" +) + +// RPCGRPCStatusCodeAttr is an attribute conforming to the rpc.grpc.status_code +// semantic conventions. It represents the gRPC status code of the last gRPC +// requests performed in scope of this export call. +type RPCGRPCStatusCodeAttr int64 + +var ( + // RPCGRPCStatusCodeOk is the OK. + RPCGRPCStatusCodeOk RPCGRPCStatusCodeAttr = 0 + // RPCGRPCStatusCodeCancelled is the CANCELLED. + RPCGRPCStatusCodeCancelled RPCGRPCStatusCodeAttr = 1 + // RPCGRPCStatusCodeUnknown is the UNKNOWN. + RPCGRPCStatusCodeUnknown RPCGRPCStatusCodeAttr = 2 + // RPCGRPCStatusCodeInvalidArgument is the INVALID_ARGUMENT. + RPCGRPCStatusCodeInvalidArgument RPCGRPCStatusCodeAttr = 3 + // RPCGRPCStatusCodeDeadlineExceeded is the DEADLINE_EXCEEDED. + RPCGRPCStatusCodeDeadlineExceeded RPCGRPCStatusCodeAttr = 4 + // RPCGRPCStatusCodeNotFound is the NOT_FOUND. + RPCGRPCStatusCodeNotFound RPCGRPCStatusCodeAttr = 5 + // RPCGRPCStatusCodeAlreadyExists is the ALREADY_EXISTS. + RPCGRPCStatusCodeAlreadyExists RPCGRPCStatusCodeAttr = 6 + // RPCGRPCStatusCodePermissionDenied is the PERMISSION_DENIED. + RPCGRPCStatusCodePermissionDenied RPCGRPCStatusCodeAttr = 7 + // RPCGRPCStatusCodeResourceExhausted is the RESOURCE_EXHAUSTED. + RPCGRPCStatusCodeResourceExhausted RPCGRPCStatusCodeAttr = 8 + // RPCGRPCStatusCodeFailedPrecondition is the FAILED_PRECONDITION. + RPCGRPCStatusCodeFailedPrecondition RPCGRPCStatusCodeAttr = 9 + // RPCGRPCStatusCodeAborted is the ABORTED. + RPCGRPCStatusCodeAborted RPCGRPCStatusCodeAttr = 10 + // RPCGRPCStatusCodeOutOfRange is the OUT_OF_RANGE. + RPCGRPCStatusCodeOutOfRange RPCGRPCStatusCodeAttr = 11 + // RPCGRPCStatusCodeUnimplemented is the UNIMPLEMENTED. + RPCGRPCStatusCodeUnimplemented RPCGRPCStatusCodeAttr = 12 + // RPCGRPCStatusCodeInternal is the INTERNAL. + RPCGRPCStatusCodeInternal RPCGRPCStatusCodeAttr = 13 + // RPCGRPCStatusCodeUnavailable is the UNAVAILABLE. + RPCGRPCStatusCodeUnavailable RPCGRPCStatusCodeAttr = 14 + // RPCGRPCStatusCodeDataLoss is the DATA_LOSS. + RPCGRPCStatusCodeDataLoss RPCGRPCStatusCodeAttr = 15 + // RPCGRPCStatusCodeUnauthenticated is the UNAUTHENTICATED. + RPCGRPCStatusCodeUnauthenticated RPCGRPCStatusCodeAttr = 16 +) + +// SDKExporterLogExported is an instrument used to record metric values +// conforming to the "otel.sdk.exporter.log.exported" semantic conventions. It +// represents the number of log records for which the export has finished, either +// successful or failed. +type SDKExporterLogExported struct { + metric.Int64Counter +} + +var newSDKExporterLogExportedOpts = []metric.Int64CounterOption{ + metric.WithDescription("The number of log records for which the export has finished, either successful or failed."), + metric.WithUnit("{log_record}"), +} + +// NewSDKExporterLogExported returns a new SDKExporterLogExported instrument. +func NewSDKExporterLogExported( + m metric.Meter, + opt ...metric.Int64CounterOption, +) (SDKExporterLogExported, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterLogExported{noop.Int64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterLogExportedOpts + } else { + opt = append(opt, newSDKExporterLogExportedOpts...) + } + + i, err := m.Int64Counter( + "otel.sdk.exporter.log.exported", + opt..., + ) + if err != nil { + return SDKExporterLogExported{noop.Int64Counter{}}, err + } + return SDKExporterLogExported{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterLogExported) Inst() metric.Int64Counter { + return m.Int64Counter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterLogExported) Name() string { + return "otel.sdk.exporter.log.exported" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterLogExported) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterLogExported) Description() string { + return "The number of log records for which the export has finished, either successful or failed." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +// For exporters with partial success semantics (e.g. OTLP with +// `rejected_log_records`), rejected log records MUST count as failed and only +// non-rejected log records count as success. +// If no rejection reason is available, `rejected` SHOULD be used as value for +// `error.type`. +func (m SDKExporterLogExported) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +// For exporters with partial success semantics (e.g. OTLP with +// `rejected_log_records`), rejected log records MUST count as failed and only +// non-rejected log records count as success. +// If no rejection reason is available, `rejected` SHOULD be used as value for +// `error.type`. +func (m SDKExporterLogExported) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents the describes a class of error the operation ended +// with. +func (SDKExporterLogExported) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterLogExported) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterLogExported) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterLogExported) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterLogExported) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// SDKExporterLogInflight is an instrument used to record metric values +// conforming to the "otel.sdk.exporter.log.inflight" semantic conventions. It +// represents the number of log records which were passed to the exporter, but +// that have not been exported yet (neither successful, nor failed). +type SDKExporterLogInflight struct { + metric.Int64UpDownCounter +} + +var newSDKExporterLogInflightOpts = []metric.Int64UpDownCounterOption{ + metric.WithDescription("The number of log records which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)."), + metric.WithUnit("{log_record}"), +} + +// NewSDKExporterLogInflight returns a new SDKExporterLogInflight instrument. +func NewSDKExporterLogInflight( + m metric.Meter, + opt ...metric.Int64UpDownCounterOption, +) (SDKExporterLogInflight, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterLogInflight{noop.Int64UpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterLogInflightOpts + } else { + opt = append(opt, newSDKExporterLogInflightOpts...) + } + + i, err := m.Int64UpDownCounter( + "otel.sdk.exporter.log.inflight", + opt..., + ) + if err != nil { + return SDKExporterLogInflight{noop.Int64UpDownCounter{}}, err + } + return SDKExporterLogInflight{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterLogInflight) Inst() metric.Int64UpDownCounter { + return m.Int64UpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterLogInflight) Name() string { + return "otel.sdk.exporter.log.inflight" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterLogInflight) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterLogInflight) Description() string { + return "The number of log records which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +func (m SDKExporterLogInflight) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64UpDownCounter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64UpDownCounter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +func (m SDKExporterLogInflight) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64UpDownCounter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64UpDownCounter.Add(ctx, incr, *o...) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterLogInflight) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterLogInflight) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterLogInflight) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterLogInflight) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// SDKExporterMetricDataPointExported is an instrument used to record metric +// values conforming to the "otel.sdk.exporter.metric_data_point.exported" +// semantic conventions. It represents the number of metric data points for which +// the export has finished, either successful or failed. +type SDKExporterMetricDataPointExported struct { + metric.Int64Counter +} + +var newSDKExporterMetricDataPointExportedOpts = []metric.Int64CounterOption{ + metric.WithDescription("The number of metric data points for which the export has finished, either successful or failed."), + metric.WithUnit("{data_point}"), +} + +// NewSDKExporterMetricDataPointExported returns a new +// SDKExporterMetricDataPointExported instrument. +func NewSDKExporterMetricDataPointExported( + m metric.Meter, + opt ...metric.Int64CounterOption, +) (SDKExporterMetricDataPointExported, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterMetricDataPointExported{noop.Int64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterMetricDataPointExportedOpts + } else { + opt = append(opt, newSDKExporterMetricDataPointExportedOpts...) + } + + i, err := m.Int64Counter( + "otel.sdk.exporter.metric_data_point.exported", + opt..., + ) + if err != nil { + return SDKExporterMetricDataPointExported{noop.Int64Counter{}}, err + } + return SDKExporterMetricDataPointExported{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterMetricDataPointExported) Inst() metric.Int64Counter { + return m.Int64Counter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterMetricDataPointExported) Name() string { + return "otel.sdk.exporter.metric_data_point.exported" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterMetricDataPointExported) Unit() string { + return "{data_point}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterMetricDataPointExported) Description() string { + return "The number of metric data points for which the export has finished, either successful or failed." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +// For exporters with partial success semantics (e.g. OTLP with +// `rejected_data_points`), rejected data points MUST count as failed and only +// non-rejected data points count as success. +// If no rejection reason is available, `rejected` SHOULD be used as value for +// `error.type`. +func (m SDKExporterMetricDataPointExported) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +// For exporters with partial success semantics (e.g. OTLP with +// `rejected_data_points`), rejected data points MUST count as failed and only +// non-rejected data points count as success. +// If no rejection reason is available, `rejected` SHOULD be used as value for +// `error.type`. +func (m SDKExporterMetricDataPointExported) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents the describes a class of error the operation ended +// with. +func (SDKExporterMetricDataPointExported) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterMetricDataPointExported) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterMetricDataPointExported) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterMetricDataPointExported) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterMetricDataPointExported) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// SDKExporterMetricDataPointInflight is an instrument used to record metric +// values conforming to the "otel.sdk.exporter.metric_data_point.inflight" +// semantic conventions. It represents the number of metric data points which +// were passed to the exporter, but that have not been exported yet (neither +// successful, nor failed). +type SDKExporterMetricDataPointInflight struct { + metric.Int64UpDownCounter +} + +var newSDKExporterMetricDataPointInflightOpts = []metric.Int64UpDownCounterOption{ + metric.WithDescription("The number of metric data points which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)."), + metric.WithUnit("{data_point}"), +} + +// NewSDKExporterMetricDataPointInflight returns a new +// SDKExporterMetricDataPointInflight instrument. +func NewSDKExporterMetricDataPointInflight( + m metric.Meter, + opt ...metric.Int64UpDownCounterOption, +) (SDKExporterMetricDataPointInflight, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterMetricDataPointInflight{noop.Int64UpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterMetricDataPointInflightOpts + } else { + opt = append(opt, newSDKExporterMetricDataPointInflightOpts...) + } + + i, err := m.Int64UpDownCounter( + "otel.sdk.exporter.metric_data_point.inflight", + opt..., + ) + if err != nil { + return SDKExporterMetricDataPointInflight{noop.Int64UpDownCounter{}}, err + } + return SDKExporterMetricDataPointInflight{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterMetricDataPointInflight) Inst() metric.Int64UpDownCounter { + return m.Int64UpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterMetricDataPointInflight) Name() string { + return "otel.sdk.exporter.metric_data_point.inflight" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterMetricDataPointInflight) Unit() string { + return "{data_point}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterMetricDataPointInflight) Description() string { + return "The number of metric data points which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +func (m SDKExporterMetricDataPointInflight) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64UpDownCounter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64UpDownCounter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +func (m SDKExporterMetricDataPointInflight) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64UpDownCounter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64UpDownCounter.Add(ctx, incr, *o...) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterMetricDataPointInflight) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterMetricDataPointInflight) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterMetricDataPointInflight) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterMetricDataPointInflight) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// SDKExporterOperationDuration is an instrument used to record metric values +// conforming to the "otel.sdk.exporter.operation.duration" semantic conventions. +// It represents the duration of exporting a batch of telemetry records. +type SDKExporterOperationDuration struct { + metric.Float64Histogram +} + +var newSDKExporterOperationDurationOpts = []metric.Float64HistogramOption{ + metric.WithDescription("The duration of exporting a batch of telemetry records."), + metric.WithUnit("s"), +} + +// NewSDKExporterOperationDuration returns a new SDKExporterOperationDuration +// instrument. +func NewSDKExporterOperationDuration( + m metric.Meter, + opt ...metric.Float64HistogramOption, +) (SDKExporterOperationDuration, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterOperationDuration{noop.Float64Histogram{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterOperationDurationOpts + } else { + opt = append(opt, newSDKExporterOperationDurationOpts...) + } + + i, err := m.Float64Histogram( + "otel.sdk.exporter.operation.duration", + opt..., + ) + if err != nil { + return SDKExporterOperationDuration{noop.Float64Histogram{}}, err + } + return SDKExporterOperationDuration{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterOperationDuration) Inst() metric.Float64Histogram { + return m.Float64Histogram +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterOperationDuration) Name() string { + return "otel.sdk.exporter.operation.duration" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterOperationDuration) Unit() string { + return "s" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterOperationDuration) Description() string { + return "The duration of exporting a batch of telemetry records." +} + +// Record records val to the current distribution for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// This metric defines successful operations using the full success definitions +// for [http] +// and [grpc]. Anything else is defined as an unsuccessful operation. For +// successful +// operations, `error.type` MUST NOT be set. For unsuccessful export operations, +// `error.type` MUST contain a relevant failure cause. +// +// [http]: https://github.com/open-telemetry/opentelemetry-proto/blob/v1.5.0/docs/specification.md#full-success-1 +// [grpc]: https://github.com/open-telemetry/opentelemetry-proto/blob/v1.5.0/docs/specification.md#full-success +func (m SDKExporterOperationDuration) Record( + ctx context.Context, + val float64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Float64Histogram.Record(ctx, val) + return + } + + o := recOptPool.Get().(*[]metric.RecordOption) + defer func() { + *o = (*o)[:0] + recOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Float64Histogram.Record(ctx, val, *o...) +} + +// RecordSet records val to the current distribution for set. +// +// This metric defines successful operations using the full success definitions +// for [http] +// and [grpc]. Anything else is defined as an unsuccessful operation. For +// successful +// operations, `error.type` MUST NOT be set. For unsuccessful export operations, +// `error.type` MUST contain a relevant failure cause. +// +// [http]: https://github.com/open-telemetry/opentelemetry-proto/blob/v1.5.0/docs/specification.md#full-success-1 +// [grpc]: https://github.com/open-telemetry/opentelemetry-proto/blob/v1.5.0/docs/specification.md#full-success +func (m SDKExporterOperationDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if set.Len() == 0 { + m.Float64Histogram.Record(ctx, val) + return + } + + o := recOptPool.Get().(*[]metric.RecordOption) + defer func() { + *o = (*o)[:0] + recOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Float64Histogram.Record(ctx, val, *o...) +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents the describes a class of error the operation ended +// with. +func (SDKExporterOperationDuration) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrHTTPResponseStatusCode returns an optional attribute for the +// "http.response.status_code" semantic convention. It represents the HTTP status +// code of the last HTTP request performed in scope of this export call. +func (SDKExporterOperationDuration) AttrHTTPResponseStatusCode(val int) attribute.KeyValue { + return attribute.Int("http.response.status_code", val) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterOperationDuration) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterOperationDuration) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrRPCGRPCStatusCode returns an optional attribute for the +// "rpc.grpc.status_code" semantic convention. It represents the gRPC status code +// of the last gRPC requests performed in scope of this export call. +func (SDKExporterOperationDuration) AttrRPCGRPCStatusCode(val RPCGRPCStatusCodeAttr) attribute.KeyValue { + return attribute.Int64("rpc.grpc.status_code", int64(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterOperationDuration) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterOperationDuration) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// SDKExporterSpanExported is an instrument used to record metric values +// conforming to the "otel.sdk.exporter.span.exported" semantic conventions. It +// represents the number of spans for which the export has finished, either +// successful or failed. +type SDKExporterSpanExported struct { + metric.Int64Counter +} + +var newSDKExporterSpanExportedOpts = []metric.Int64CounterOption{ + metric.WithDescription("The number of spans for which the export has finished, either successful or failed."), + metric.WithUnit("{span}"), +} + +// NewSDKExporterSpanExported returns a new SDKExporterSpanExported instrument. +func NewSDKExporterSpanExported( + m metric.Meter, + opt ...metric.Int64CounterOption, +) (SDKExporterSpanExported, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterSpanExported{noop.Int64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterSpanExportedOpts + } else { + opt = append(opt, newSDKExporterSpanExportedOpts...) + } + + i, err := m.Int64Counter( + "otel.sdk.exporter.span.exported", + opt..., + ) + if err != nil { + return SDKExporterSpanExported{noop.Int64Counter{}}, err + } + return SDKExporterSpanExported{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterSpanExported) Inst() metric.Int64Counter { + return m.Int64Counter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterSpanExported) Name() string { + return "otel.sdk.exporter.span.exported" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterSpanExported) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterSpanExported) Description() string { + return "The number of spans for which the export has finished, either successful or failed." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +// For exporters with partial success semantics (e.g. OTLP with `rejected_spans` +// ), rejected spans MUST count as failed and only non-rejected spans count as +// success. +// If no rejection reason is available, `rejected` SHOULD be used as value for +// `error.type`. +func (m SDKExporterSpanExported) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +// For exporters with partial success semantics (e.g. OTLP with `rejected_spans` +// ), rejected spans MUST count as failed and only non-rejected spans count as +// success. +// If no rejection reason is available, `rejected` SHOULD be used as value for +// `error.type`. +func (m SDKExporterSpanExported) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents the describes a class of error the operation ended +// with. +func (SDKExporterSpanExported) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterSpanExported) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterSpanExported) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterSpanExported) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterSpanExported) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// SDKExporterSpanInflight is an instrument used to record metric values +// conforming to the "otel.sdk.exporter.span.inflight" semantic conventions. It +// represents the number of spans which were passed to the exporter, but that +// have not been exported yet (neither successful, nor failed). +type SDKExporterSpanInflight struct { + metric.Int64UpDownCounter +} + +var newSDKExporterSpanInflightOpts = []metric.Int64UpDownCounterOption{ + metric.WithDescription("The number of spans which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)."), + metric.WithUnit("{span}"), +} + +// NewSDKExporterSpanInflight returns a new SDKExporterSpanInflight instrument. +func NewSDKExporterSpanInflight( + m metric.Meter, + opt ...metric.Int64UpDownCounterOption, +) (SDKExporterSpanInflight, error) { + // Check if the meter is nil. + if m == nil { + return SDKExporterSpanInflight{noop.Int64UpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKExporterSpanInflightOpts + } else { + opt = append(opt, newSDKExporterSpanInflightOpts...) + } + + i, err := m.Int64UpDownCounter( + "otel.sdk.exporter.span.inflight", + opt..., + ) + if err != nil { + return SDKExporterSpanInflight{noop.Int64UpDownCounter{}}, err + } + return SDKExporterSpanInflight{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKExporterSpanInflight) Inst() metric.Int64UpDownCounter { + return m.Int64UpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKExporterSpanInflight) Name() string { + return "otel.sdk.exporter.span.inflight" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKExporterSpanInflight) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKExporterSpanInflight) Description() string { + return "The number of spans which were passed to the exporter, but that have not been exported yet (neither successful, nor failed)." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +func (m SDKExporterSpanInflight) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64UpDownCounter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64UpDownCounter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// For successful exports, `error.type` MUST NOT be set. For failed exports, +// `error.type` MUST contain the failure cause. +func (m SDKExporterSpanInflight) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64UpDownCounter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64UpDownCounter.Add(ctx, incr, *o...) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKExporterSpanInflight) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKExporterSpanInflight) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// AttrServerAddress returns an optional attribute for the "server.address" +// semantic convention. It represents the server domain name if available without +// reverse DNS lookup; otherwise, IP address or Unix domain socket name. +func (SDKExporterSpanInflight) AttrServerAddress(val string) attribute.KeyValue { + return attribute.String("server.address", val) +} + +// AttrServerPort returns an optional attribute for the "server.port" semantic +// convention. It represents the server port number. +func (SDKExporterSpanInflight) AttrServerPort(val int) attribute.KeyValue { + return attribute.Int("server.port", val) +} + +// SDKLogCreated is an instrument used to record metric values conforming to the +// "otel.sdk.log.created" semantic conventions. It represents the number of logs +// submitted to enabled SDK Loggers. +type SDKLogCreated struct { + metric.Int64Counter +} + +var newSDKLogCreatedOpts = []metric.Int64CounterOption{ + metric.WithDescription("The number of logs submitted to enabled SDK Loggers."), + metric.WithUnit("{log_record}"), +} + +// NewSDKLogCreated returns a new SDKLogCreated instrument. +func NewSDKLogCreated( + m metric.Meter, + opt ...metric.Int64CounterOption, +) (SDKLogCreated, error) { + // Check if the meter is nil. + if m == nil { + return SDKLogCreated{noop.Int64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKLogCreatedOpts + } else { + opt = append(opt, newSDKLogCreatedOpts...) + } + + i, err := m.Int64Counter( + "otel.sdk.log.created", + opt..., + ) + if err != nil { + return SDKLogCreated{noop.Int64Counter{}}, err + } + return SDKLogCreated{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKLogCreated) Inst() metric.Int64Counter { + return m.Int64Counter +} + +// Name returns the semantic convention name of the instrument. +func (SDKLogCreated) Name() string { + return "otel.sdk.log.created" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKLogCreated) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKLogCreated) Description() string { + return "The number of logs submitted to enabled SDK Loggers." +} + +// Add adds incr to the existing count for attrs. +func (m SDKLogCreated) Add(ctx context.Context, incr int64, attrs ...attribute.KeyValue) { + if len(attrs) == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributes(attrs...)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +func (m SDKLogCreated) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// SDKMetricReaderCollectionDuration is an instrument used to record metric +// values conforming to the "otel.sdk.metric_reader.collection.duration" semantic +// conventions. It represents the duration of the collect operation of the metric +// reader. +type SDKMetricReaderCollectionDuration struct { + metric.Float64Histogram +} + +var newSDKMetricReaderCollectionDurationOpts = []metric.Float64HistogramOption{ + metric.WithDescription("The duration of the collect operation of the metric reader."), + metric.WithUnit("s"), +} + +// NewSDKMetricReaderCollectionDuration returns a new +// SDKMetricReaderCollectionDuration instrument. +func NewSDKMetricReaderCollectionDuration( + m metric.Meter, + opt ...metric.Float64HistogramOption, +) (SDKMetricReaderCollectionDuration, error) { + // Check if the meter is nil. + if m == nil { + return SDKMetricReaderCollectionDuration{noop.Float64Histogram{}}, nil + } + + if len(opt) == 0 { + opt = newSDKMetricReaderCollectionDurationOpts + } else { + opt = append(opt, newSDKMetricReaderCollectionDurationOpts...) + } + + i, err := m.Float64Histogram( + "otel.sdk.metric_reader.collection.duration", + opt..., + ) + if err != nil { + return SDKMetricReaderCollectionDuration{noop.Float64Histogram{}}, err + } + return SDKMetricReaderCollectionDuration{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKMetricReaderCollectionDuration) Inst() metric.Float64Histogram { + return m.Float64Histogram +} + +// Name returns the semantic convention name of the instrument. +func (SDKMetricReaderCollectionDuration) Name() string { + return "otel.sdk.metric_reader.collection.duration" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKMetricReaderCollectionDuration) Unit() string { + return "s" +} + +// Description returns the semantic convention description of the instrument +func (SDKMetricReaderCollectionDuration) Description() string { + return "The duration of the collect operation of the metric reader." +} + +// Record records val to the current distribution for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful collections, `error.type` MUST NOT be set. For failed +// collections, `error.type` SHOULD contain the failure cause. +// It can happen that metrics collection is successful for some MetricProducers, +// while others fail. In that case `error.type` SHOULD be set to any of the +// failure causes. +func (m SDKMetricReaderCollectionDuration) Record( + ctx context.Context, + val float64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Float64Histogram.Record(ctx, val) + return + } + + o := recOptPool.Get().(*[]metric.RecordOption) + defer func() { + *o = (*o)[:0] + recOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Float64Histogram.Record(ctx, val, *o...) +} + +// RecordSet records val to the current distribution for set. +// +// For successful collections, `error.type` MUST NOT be set. For failed +// collections, `error.type` SHOULD contain the failure cause. +// It can happen that metrics collection is successful for some MetricProducers, +// while others fail. In that case `error.type` SHOULD be set to any of the +// failure causes. +func (m SDKMetricReaderCollectionDuration) RecordSet(ctx context.Context, val float64, set attribute.Set) { + if set.Len() == 0 { + m.Float64Histogram.Record(ctx, val) + return + } + + o := recOptPool.Get().(*[]metric.RecordOption) + defer func() { + *o = (*o)[:0] + recOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Float64Histogram.Record(ctx, val, *o...) +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents the describes a class of error the operation ended +// with. +func (SDKMetricReaderCollectionDuration) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKMetricReaderCollectionDuration) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKMetricReaderCollectionDuration) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// SDKProcessorLogProcessed is an instrument used to record metric values +// conforming to the "otel.sdk.processor.log.processed" semantic conventions. It +// represents the number of log records for which the processing has finished, +// either successful or failed. +type SDKProcessorLogProcessed struct { + metric.Int64Counter +} + +var newSDKProcessorLogProcessedOpts = []metric.Int64CounterOption{ + metric.WithDescription("The number of log records for which the processing has finished, either successful or failed."), + metric.WithUnit("{log_record}"), +} + +// NewSDKProcessorLogProcessed returns a new SDKProcessorLogProcessed instrument. +func NewSDKProcessorLogProcessed( + m metric.Meter, + opt ...metric.Int64CounterOption, +) (SDKProcessorLogProcessed, error) { + // Check if the meter is nil. + if m == nil { + return SDKProcessorLogProcessed{noop.Int64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKProcessorLogProcessedOpts + } else { + opt = append(opt, newSDKProcessorLogProcessedOpts...) + } + + i, err := m.Int64Counter( + "otel.sdk.processor.log.processed", + opt..., + ) + if err != nil { + return SDKProcessorLogProcessed{noop.Int64Counter{}}, err + } + return SDKProcessorLogProcessed{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKProcessorLogProcessed) Inst() metric.Int64Counter { + return m.Int64Counter +} + +// Name returns the semantic convention name of the instrument. +func (SDKProcessorLogProcessed) Name() string { + return "otel.sdk.processor.log.processed" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKProcessorLogProcessed) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKProcessorLogProcessed) Description() string { + return "The number of log records for which the processing has finished, either successful or failed." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful processing, `error.type` MUST NOT be set. For failed +// processing, `error.type` MUST contain the failure cause. +// For the SDK Simple and Batching Log Record Processor a log record is +// considered to be processed already when it has been submitted to the exporter, +// not when the corresponding export call has finished. +func (m SDKProcessorLogProcessed) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// For successful processing, `error.type` MUST NOT be set. For failed +// processing, `error.type` MUST contain the failure cause. +// For the SDK Simple and Batching Log Record Processor a log record is +// considered to be processed already when it has been submitted to the exporter, +// not when the corresponding export call has finished. +func (m SDKProcessorLogProcessed) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents a low-cardinality description of the failure reason. +// SDK Batching Log Record Processors MUST use `queue_full` for log records +// dropped due to a full queue. +func (SDKProcessorLogProcessed) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKProcessorLogProcessed) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKProcessorLogProcessed) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// SDKProcessorLogQueueCapacity is an instrument used to record metric values +// conforming to the "otel.sdk.processor.log.queue.capacity" semantic +// conventions. It represents the maximum number of log records the queue of a +// given instance of an SDK Log Record processor can hold. +type SDKProcessorLogQueueCapacity struct { + metric.Int64ObservableUpDownCounter +} + +var newSDKProcessorLogQueueCapacityOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("The maximum number of log records the queue of a given instance of an SDK Log Record processor can hold."), + metric.WithUnit("{log_record}"), +} + +// NewSDKProcessorLogQueueCapacity returns a new SDKProcessorLogQueueCapacity +// instrument. +func NewSDKProcessorLogQueueCapacity( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (SDKProcessorLogQueueCapacity, error) { + // Check if the meter is nil. + if m == nil { + return SDKProcessorLogQueueCapacity{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKProcessorLogQueueCapacityOpts + } else { + opt = append(opt, newSDKProcessorLogQueueCapacityOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "otel.sdk.processor.log.queue.capacity", + opt..., + ) + if err != nil { + return SDKProcessorLogQueueCapacity{noop.Int64ObservableUpDownCounter{}}, err + } + return SDKProcessorLogQueueCapacity{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKProcessorLogQueueCapacity) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKProcessorLogQueueCapacity) Name() string { + return "otel.sdk.processor.log.queue.capacity" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKProcessorLogQueueCapacity) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKProcessorLogQueueCapacity) Description() string { + return "The maximum number of log records the queue of a given instance of an SDK Log Record processor can hold." +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKProcessorLogQueueCapacity) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKProcessorLogQueueCapacity) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// SDKProcessorLogQueueSize is an instrument used to record metric values +// conforming to the "otel.sdk.processor.log.queue.size" semantic conventions. It +// represents the number of log records in the queue of a given instance of an +// SDK log processor. +type SDKProcessorLogQueueSize struct { + metric.Int64ObservableUpDownCounter +} + +var newSDKProcessorLogQueueSizeOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("The number of log records in the queue of a given instance of an SDK log processor."), + metric.WithUnit("{log_record}"), +} + +// NewSDKProcessorLogQueueSize returns a new SDKProcessorLogQueueSize instrument. +func NewSDKProcessorLogQueueSize( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (SDKProcessorLogQueueSize, error) { + // Check if the meter is nil. + if m == nil { + return SDKProcessorLogQueueSize{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKProcessorLogQueueSizeOpts + } else { + opt = append(opt, newSDKProcessorLogQueueSizeOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "otel.sdk.processor.log.queue.size", + opt..., + ) + if err != nil { + return SDKProcessorLogQueueSize{noop.Int64ObservableUpDownCounter{}}, err + } + return SDKProcessorLogQueueSize{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKProcessorLogQueueSize) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKProcessorLogQueueSize) Name() string { + return "otel.sdk.processor.log.queue.size" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKProcessorLogQueueSize) Unit() string { + return "{log_record}" +} + +// Description returns the semantic convention description of the instrument +func (SDKProcessorLogQueueSize) Description() string { + return "The number of log records in the queue of a given instance of an SDK log processor." +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKProcessorLogQueueSize) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKProcessorLogQueueSize) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// SDKProcessorSpanProcessed is an instrument used to record metric values +// conforming to the "otel.sdk.processor.span.processed" semantic conventions. It +// represents the number of spans for which the processing has finished, either +// successful or failed. +type SDKProcessorSpanProcessed struct { + metric.Int64Counter +} + +var newSDKProcessorSpanProcessedOpts = []metric.Int64CounterOption{ + metric.WithDescription("The number of spans for which the processing has finished, either successful or failed."), + metric.WithUnit("{span}"), +} + +// NewSDKProcessorSpanProcessed returns a new SDKProcessorSpanProcessed +// instrument. +func NewSDKProcessorSpanProcessed( + m metric.Meter, + opt ...metric.Int64CounterOption, +) (SDKProcessorSpanProcessed, error) { + // Check if the meter is nil. + if m == nil { + return SDKProcessorSpanProcessed{noop.Int64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKProcessorSpanProcessedOpts + } else { + opt = append(opt, newSDKProcessorSpanProcessedOpts...) + } + + i, err := m.Int64Counter( + "otel.sdk.processor.span.processed", + opt..., + ) + if err != nil { + return SDKProcessorSpanProcessed{noop.Int64Counter{}}, err + } + return SDKProcessorSpanProcessed{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKProcessorSpanProcessed) Inst() metric.Int64Counter { + return m.Int64Counter +} + +// Name returns the semantic convention name of the instrument. +func (SDKProcessorSpanProcessed) Name() string { + return "otel.sdk.processor.span.processed" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKProcessorSpanProcessed) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKProcessorSpanProcessed) Description() string { + return "The number of spans for which the processing has finished, either successful or failed." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// For successful processing, `error.type` MUST NOT be set. For failed +// processing, `error.type` MUST contain the failure cause. +// For the SDK Simple and Batching Span Processor a span is considered to be +// processed already when it has been submitted to the exporter, not when the +// corresponding export call has finished. +func (m SDKProcessorSpanProcessed) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// For successful processing, `error.type` MUST NOT be set. For failed +// processing, `error.type` MUST contain the failure cause. +// For the SDK Simple and Batching Span Processor a span is considered to be +// processed already when it has been submitted to the exporter, not when the +// corresponding export call has finished. +func (m SDKProcessorSpanProcessed) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AttrErrorType returns an optional attribute for the "error.type" semantic +// convention. It represents a low-cardinality description of the failure reason. +// SDK Batching Span Processors MUST use `queue_full` for spans dropped due to a +// full queue. +func (SDKProcessorSpanProcessed) AttrErrorType(val ErrorTypeAttr) attribute.KeyValue { + return attribute.String("error.type", string(val)) +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKProcessorSpanProcessed) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKProcessorSpanProcessed) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// SDKProcessorSpanQueueCapacity is an instrument used to record metric values +// conforming to the "otel.sdk.processor.span.queue.capacity" semantic +// conventions. It represents the maximum number of spans the queue of a given +// instance of an SDK span processor can hold. +type SDKProcessorSpanQueueCapacity struct { + metric.Int64ObservableUpDownCounter +} + +var newSDKProcessorSpanQueueCapacityOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("The maximum number of spans the queue of a given instance of an SDK span processor can hold."), + metric.WithUnit("{span}"), +} + +// NewSDKProcessorSpanQueueCapacity returns a new SDKProcessorSpanQueueCapacity +// instrument. +func NewSDKProcessorSpanQueueCapacity( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (SDKProcessorSpanQueueCapacity, error) { + // Check if the meter is nil. + if m == nil { + return SDKProcessorSpanQueueCapacity{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKProcessorSpanQueueCapacityOpts + } else { + opt = append(opt, newSDKProcessorSpanQueueCapacityOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "otel.sdk.processor.span.queue.capacity", + opt..., + ) + if err != nil { + return SDKProcessorSpanQueueCapacity{noop.Int64ObservableUpDownCounter{}}, err + } + return SDKProcessorSpanQueueCapacity{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKProcessorSpanQueueCapacity) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKProcessorSpanQueueCapacity) Name() string { + return "otel.sdk.processor.span.queue.capacity" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKProcessorSpanQueueCapacity) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKProcessorSpanQueueCapacity) Description() string { + return "The maximum number of spans the queue of a given instance of an SDK span processor can hold." +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKProcessorSpanQueueCapacity) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKProcessorSpanQueueCapacity) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// SDKProcessorSpanQueueSize is an instrument used to record metric values +// conforming to the "otel.sdk.processor.span.queue.size" semantic conventions. +// It represents the number of spans in the queue of a given instance of an SDK +// span processor. +type SDKProcessorSpanQueueSize struct { + metric.Int64ObservableUpDownCounter +} + +var newSDKProcessorSpanQueueSizeOpts = []metric.Int64ObservableUpDownCounterOption{ + metric.WithDescription("The number of spans in the queue of a given instance of an SDK span processor."), + metric.WithUnit("{span}"), +} + +// NewSDKProcessorSpanQueueSize returns a new SDKProcessorSpanQueueSize +// instrument. +func NewSDKProcessorSpanQueueSize( + m metric.Meter, + opt ...metric.Int64ObservableUpDownCounterOption, +) (SDKProcessorSpanQueueSize, error) { + // Check if the meter is nil. + if m == nil { + return SDKProcessorSpanQueueSize{noop.Int64ObservableUpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKProcessorSpanQueueSizeOpts + } else { + opt = append(opt, newSDKProcessorSpanQueueSizeOpts...) + } + + i, err := m.Int64ObservableUpDownCounter( + "otel.sdk.processor.span.queue.size", + opt..., + ) + if err != nil { + return SDKProcessorSpanQueueSize{noop.Int64ObservableUpDownCounter{}}, err + } + return SDKProcessorSpanQueueSize{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKProcessorSpanQueueSize) Inst() metric.Int64ObservableUpDownCounter { + return m.Int64ObservableUpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKProcessorSpanQueueSize) Name() string { + return "otel.sdk.processor.span.queue.size" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKProcessorSpanQueueSize) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKProcessorSpanQueueSize) Description() string { + return "The number of spans in the queue of a given instance of an SDK span processor." +} + +// AttrComponentName returns an optional attribute for the "otel.component.name" +// semantic convention. It represents a name uniquely identifying the instance of +// the OpenTelemetry component within its containing SDK instance. +func (SDKProcessorSpanQueueSize) AttrComponentName(val string) attribute.KeyValue { + return attribute.String("otel.component.name", val) +} + +// AttrComponentType returns an optional attribute for the "otel.component.type" +// semantic convention. It represents a name identifying the type of the +// OpenTelemetry component. +func (SDKProcessorSpanQueueSize) AttrComponentType(val ComponentTypeAttr) attribute.KeyValue { + return attribute.String("otel.component.type", string(val)) +} + +// SDKSpanLive is an instrument used to record metric values conforming to the +// "otel.sdk.span.live" semantic conventions. It represents the number of created +// spans with `recording=true` for which the end operation has not been called +// yet. +type SDKSpanLive struct { + metric.Int64UpDownCounter +} + +var newSDKSpanLiveOpts = []metric.Int64UpDownCounterOption{ + metric.WithDescription("The number of created spans with `recording=true` for which the end operation has not been called yet."), + metric.WithUnit("{span}"), +} + +// NewSDKSpanLive returns a new SDKSpanLive instrument. +func NewSDKSpanLive( + m metric.Meter, + opt ...metric.Int64UpDownCounterOption, +) (SDKSpanLive, error) { + // Check if the meter is nil. + if m == nil { + return SDKSpanLive{noop.Int64UpDownCounter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKSpanLiveOpts + } else { + opt = append(opt, newSDKSpanLiveOpts...) + } + + i, err := m.Int64UpDownCounter( + "otel.sdk.span.live", + opt..., + ) + if err != nil { + return SDKSpanLive{noop.Int64UpDownCounter{}}, err + } + return SDKSpanLive{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKSpanLive) Inst() metric.Int64UpDownCounter { + return m.Int64UpDownCounter +} + +// Name returns the semantic convention name of the instrument. +func (SDKSpanLive) Name() string { + return "otel.sdk.span.live" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKSpanLive) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKSpanLive) Description() string { + return "The number of created spans with `recording=true` for which the end operation has not been called yet." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +func (m SDKSpanLive) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64UpDownCounter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64UpDownCounter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +func (m SDKSpanLive) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64UpDownCounter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64UpDownCounter.Add(ctx, incr, *o...) +} + +// AttrSpanSamplingResult returns an optional attribute for the +// "otel.span.sampling_result" semantic convention. It represents the result +// value of the sampler for this span. +func (SDKSpanLive) AttrSpanSamplingResult(val SpanSamplingResultAttr) attribute.KeyValue { + return attribute.String("otel.span.sampling_result", string(val)) +} + +// SDKSpanStarted is an instrument used to record metric values conforming to the +// "otel.sdk.span.started" semantic conventions. It represents the number of +// created spans. +type SDKSpanStarted struct { + metric.Int64Counter +} + +var newSDKSpanStartedOpts = []metric.Int64CounterOption{ + metric.WithDescription("The number of created spans."), + metric.WithUnit("{span}"), +} + +// NewSDKSpanStarted returns a new SDKSpanStarted instrument. +func NewSDKSpanStarted( + m metric.Meter, + opt ...metric.Int64CounterOption, +) (SDKSpanStarted, error) { + // Check if the meter is nil. + if m == nil { + return SDKSpanStarted{noop.Int64Counter{}}, nil + } + + if len(opt) == 0 { + opt = newSDKSpanStartedOpts + } else { + opt = append(opt, newSDKSpanStartedOpts...) + } + + i, err := m.Int64Counter( + "otel.sdk.span.started", + opt..., + ) + if err != nil { + return SDKSpanStarted{noop.Int64Counter{}}, err + } + return SDKSpanStarted{i}, nil +} + +// Inst returns the underlying metric instrument. +func (m SDKSpanStarted) Inst() metric.Int64Counter { + return m.Int64Counter +} + +// Name returns the semantic convention name of the instrument. +func (SDKSpanStarted) Name() string { + return "otel.sdk.span.started" +} + +// Unit returns the semantic convention unit of the instrument +func (SDKSpanStarted) Unit() string { + return "{span}" +} + +// Description returns the semantic convention description of the instrument +func (SDKSpanStarted) Description() string { + return "The number of created spans." +} + +// Add adds incr to the existing count for attrs. +// +// All additional attrs passed are included in the recorded value. +// +// Implementations MUST record this metric for all spans, even for non-recording +// ones. +func (m SDKSpanStarted) Add( + ctx context.Context, + incr int64, + attrs ...attribute.KeyValue, +) { + if len(attrs) == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append( + *o, + metric.WithAttributes( + attrs..., + ), + ) + + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AddSet adds incr to the existing count for set. +// +// Implementations MUST record this metric for all spans, even for non-recording +// ones. +func (m SDKSpanStarted) AddSet(ctx context.Context, incr int64, set attribute.Set) { + if set.Len() == 0 { + m.Int64Counter.Add(ctx, incr) + return + } + + o := addOptPool.Get().(*[]metric.AddOption) + defer func() { + *o = (*o)[:0] + addOptPool.Put(o) + }() + + *o = append(*o, metric.WithAttributeSet(set)) + m.Int64Counter.Add(ctx, incr, *o...) +} + +// AttrSpanParentOrigin returns an optional attribute for the +// "otel.span.parent.origin" semantic convention. It represents the determines +// whether the span has a parent span, and if so, [whether it is a remote parent] +// . +// +// [whether it is a remote parent]: https://opentelemetry.io/docs/specs/otel/trace/api/#isremote +func (SDKSpanStarted) AttrSpanParentOrigin(val SpanParentOriginAttr) attribute.KeyValue { + return attribute.String("otel.span.parent.origin", string(val)) +} + +// AttrSpanSamplingResult returns an optional attribute for the +// "otel.span.sampling_result" semantic convention. It represents the result +// value of the sampler for this span. +func (SDKSpanStarted) AttrSpanSamplingResult(val SpanSamplingResultAttr) attribute.KeyValue { + return attribute.String("otel.span.sampling_result", string(val)) +} diff --git a/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/schema.go b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/schema.go new file mode 100644 index 000000000..f8a0b7044 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/schema.go @@ -0,0 +1,9 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package semconv // import "go.opentelemetry.io/otel/semconv/v1.37.0" + +// SchemaURL is the schema URL that matches the version of the semantic conventions +// that this package defines. Semconv packages starting from v1.4.0 must declare +// non-empty schema URL in the form https://opentelemetry.io/schemas/ +const SchemaURL = "https://opentelemetry.io/schemas/1.37.0" diff --git a/vendor/go.opentelemetry.io/otel/trace/LICENSE b/vendor/go.opentelemetry.io/otel/trace/LICENSE index 261eeb9e9..f1aee0f11 100644 --- a/vendor/go.opentelemetry.io/otel/trace/LICENSE +++ b/vendor/go.opentelemetry.io/otel/trace/LICENSE @@ -199,3 +199,33 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +-------------------------------------------------------------------------------- + +Copyright 2009 The Go Authors. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google LLC nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/vendor/go.opentelemetry.io/otel/trace/auto.go b/vendor/go.opentelemetry.io/otel/trace/auto.go new file mode 100644 index 000000000..8763936a8 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/auto.go @@ -0,0 +1,662 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package trace // import "go.opentelemetry.io/otel/trace" + +import ( + "context" + "encoding/json" + "fmt" + "math" + "os" + "reflect" + "runtime" + "strconv" + "strings" + "sync" + "sync/atomic" + "time" + "unicode/utf8" + + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" + semconv "go.opentelemetry.io/otel/semconv/v1.37.0" + "go.opentelemetry.io/otel/trace/embedded" + "go.opentelemetry.io/otel/trace/internal/telemetry" +) + +// newAutoTracerProvider returns an auto-instrumentable [trace.TracerProvider]. +// If an [go.opentelemetry.io/auto.Instrumentation] is configured to instrument +// the process using the returned TracerProvider, all of the telemetry it +// produces will be processed and handled by that Instrumentation. By default, +// if no Instrumentation instruments the TracerProvider it will not generate +// any trace telemetry. +func newAutoTracerProvider() TracerProvider { return tracerProviderInstance } + +var tracerProviderInstance = new(autoTracerProvider) + +type autoTracerProvider struct{ embedded.TracerProvider } + +var _ TracerProvider = autoTracerProvider{} + +func (autoTracerProvider) Tracer(name string, opts ...TracerOption) Tracer { + cfg := NewTracerConfig(opts...) + return autoTracer{ + name: name, + version: cfg.InstrumentationVersion(), + schemaURL: cfg.SchemaURL(), + } +} + +type autoTracer struct { + embedded.Tracer + + name, schemaURL, version string +} + +var _ Tracer = autoTracer{} + +func (t autoTracer) Start(ctx context.Context, name string, opts ...SpanStartOption) (context.Context, Span) { + var psc, sc SpanContext + sampled := true + span := new(autoSpan) + + // Ask eBPF for sampling decision and span context info. + t.start(ctx, span, &psc, &sampled, &sc) + + span.sampled.Store(sampled) + span.spanContext = sc + + ctx = ContextWithSpan(ctx, span) + + if sampled { + // Only build traces if sampled. + cfg := NewSpanStartConfig(opts...) + span.traces, span.span = t.traces(name, cfg, span.spanContext, psc) + } + + return ctx, span +} + +// Expected to be implemented in eBPF. +// +//go:noinline +func (*autoTracer) start( + ctx context.Context, + spanPtr *autoSpan, + psc *SpanContext, + sampled *bool, + sc *SpanContext, +) { + start(ctx, spanPtr, psc, sampled, sc) +} + +// start is used for testing. +var start = func(context.Context, *autoSpan, *SpanContext, *bool, *SpanContext) {} + +func (t autoTracer) traces(name string, cfg SpanConfig, sc, psc SpanContext) (*telemetry.Traces, *telemetry.Span) { + span := &telemetry.Span{ + TraceID: telemetry.TraceID(sc.TraceID()), + SpanID: telemetry.SpanID(sc.SpanID()), + Flags: uint32(sc.TraceFlags()), + TraceState: sc.TraceState().String(), + ParentSpanID: telemetry.SpanID(psc.SpanID()), + Name: name, + Kind: spanKind(cfg.SpanKind()), + } + + span.Attrs, span.DroppedAttrs = convCappedAttrs(maxSpan.Attrs, cfg.Attributes()) + + links := cfg.Links() + if limit := maxSpan.Links; limit == 0 { + n := int64(len(links)) + if n > 0 { + span.DroppedLinks = uint32(min(n, math.MaxUint32)) // nolint: gosec // Bounds checked. + } + } else { + if limit > 0 { + n := int64(max(len(links)-limit, 0)) + span.DroppedLinks = uint32(min(n, math.MaxUint32)) // nolint: gosec // Bounds checked. + links = links[n:] + } + span.Links = convLinks(links) + } + + if t := cfg.Timestamp(); !t.IsZero() { + span.StartTime = cfg.Timestamp() + } else { + span.StartTime = time.Now() + } + + return &telemetry.Traces{ + ResourceSpans: []*telemetry.ResourceSpans{ + { + ScopeSpans: []*telemetry.ScopeSpans{ + { + Scope: &telemetry.Scope{ + Name: t.name, + Version: t.version, + }, + Spans: []*telemetry.Span{span}, + SchemaURL: t.schemaURL, + }, + }, + }, + }, + }, span +} + +func spanKind(kind SpanKind) telemetry.SpanKind { + switch kind { + case SpanKindInternal: + return telemetry.SpanKindInternal + case SpanKindServer: + return telemetry.SpanKindServer + case SpanKindClient: + return telemetry.SpanKindClient + case SpanKindProducer: + return telemetry.SpanKindProducer + case SpanKindConsumer: + return telemetry.SpanKindConsumer + } + return telemetry.SpanKind(0) // undefined. +} + +type autoSpan struct { + embedded.Span + + spanContext SpanContext + sampled atomic.Bool + + mu sync.Mutex + traces *telemetry.Traces + span *telemetry.Span +} + +func (s *autoSpan) SpanContext() SpanContext { + if s == nil { + return SpanContext{} + } + // s.spanContext is immutable, do not acquire lock s.mu. + return s.spanContext +} + +func (s *autoSpan) IsRecording() bool { + if s == nil { + return false + } + + return s.sampled.Load() +} + +func (s *autoSpan) SetStatus(c codes.Code, msg string) { + if s == nil || !s.sampled.Load() { + return + } + + s.mu.Lock() + defer s.mu.Unlock() + + if s.span.Status == nil { + s.span.Status = new(telemetry.Status) + } + + s.span.Status.Message = msg + + switch c { + case codes.Unset: + s.span.Status.Code = telemetry.StatusCodeUnset + case codes.Error: + s.span.Status.Code = telemetry.StatusCodeError + case codes.Ok: + s.span.Status.Code = telemetry.StatusCodeOK + } +} + +func (s *autoSpan) SetAttributes(attrs ...attribute.KeyValue) { + if s == nil || !s.sampled.Load() { + return + } + + s.mu.Lock() + defer s.mu.Unlock() + + limit := maxSpan.Attrs + if limit == 0 { + // No attributes allowed. + n := int64(len(attrs)) + if n > 0 { + s.span.DroppedAttrs += uint32(min(n, math.MaxUint32)) // nolint: gosec // Bounds checked. + } + return + } + + m := make(map[string]int) + for i, a := range s.span.Attrs { + m[a.Key] = i + } + + for _, a := range attrs { + val := convAttrValue(a.Value) + if val.Empty() { + s.span.DroppedAttrs++ + continue + } + + if idx, ok := m[string(a.Key)]; ok { + s.span.Attrs[idx] = telemetry.Attr{ + Key: string(a.Key), + Value: val, + } + } else if limit < 0 || len(s.span.Attrs) < limit { + s.span.Attrs = append(s.span.Attrs, telemetry.Attr{ + Key: string(a.Key), + Value: val, + }) + m[string(a.Key)] = len(s.span.Attrs) - 1 + } else { + s.span.DroppedAttrs++ + } + } +} + +// convCappedAttrs converts up to limit attrs into a []telemetry.Attr. The +// number of dropped attributes is also returned. +func convCappedAttrs(limit int, attrs []attribute.KeyValue) ([]telemetry.Attr, uint32) { + n := len(attrs) + if limit == 0 { + var out uint32 + if n > 0 { + out = uint32(min(int64(n), math.MaxUint32)) // nolint: gosec // Bounds checked. + } + return nil, out + } + + if limit < 0 { + // Unlimited. + return convAttrs(attrs), 0 + } + + if n < 0 { + n = 0 + } + + limit = min(n, limit) + return convAttrs(attrs[:limit]), uint32(n - limit) // nolint: gosec // Bounds checked. +} + +func convAttrs(attrs []attribute.KeyValue) []telemetry.Attr { + if len(attrs) == 0 { + // Avoid allocations if not necessary. + return nil + } + + out := make([]telemetry.Attr, 0, len(attrs)) + for _, attr := range attrs { + key := string(attr.Key) + val := convAttrValue(attr.Value) + if val.Empty() { + continue + } + out = append(out, telemetry.Attr{Key: key, Value: val}) + } + return out +} + +func convAttrValue(value attribute.Value) telemetry.Value { + switch value.Type() { + case attribute.BOOL: + return telemetry.BoolValue(value.AsBool()) + case attribute.INT64: + return telemetry.Int64Value(value.AsInt64()) + case attribute.FLOAT64: + return telemetry.Float64Value(value.AsFloat64()) + case attribute.STRING: + v := truncate(maxSpan.AttrValueLen, value.AsString()) + return telemetry.StringValue(v) + case attribute.BOOLSLICE: + slice := value.AsBoolSlice() + out := make([]telemetry.Value, 0, len(slice)) + for _, v := range slice { + out = append(out, telemetry.BoolValue(v)) + } + return telemetry.SliceValue(out...) + case attribute.INT64SLICE: + slice := value.AsInt64Slice() + out := make([]telemetry.Value, 0, len(slice)) + for _, v := range slice { + out = append(out, telemetry.Int64Value(v)) + } + return telemetry.SliceValue(out...) + case attribute.FLOAT64SLICE: + slice := value.AsFloat64Slice() + out := make([]telemetry.Value, 0, len(slice)) + for _, v := range slice { + out = append(out, telemetry.Float64Value(v)) + } + return telemetry.SliceValue(out...) + case attribute.STRINGSLICE: + slice := value.AsStringSlice() + out := make([]telemetry.Value, 0, len(slice)) + for _, v := range slice { + v = truncate(maxSpan.AttrValueLen, v) + out = append(out, telemetry.StringValue(v)) + } + return telemetry.SliceValue(out...) + } + return telemetry.Value{} +} + +// truncate returns a truncated version of s such that it contains less than +// the limit number of characters. Truncation is applied by returning the limit +// number of valid characters contained in s. +// +// If limit is negative, it returns the original string. +// +// UTF-8 is supported. When truncating, all invalid characters are dropped +// before applying truncation. +// +// If s already contains less than the limit number of bytes, it is returned +// unchanged. No invalid characters are removed. +func truncate(limit int, s string) string { + // This prioritize performance in the following order based on the most + // common expected use-cases. + // + // - Short values less than the default limit (128). + // - Strings with valid encodings that exceed the limit. + // - No limit. + // - Strings with invalid encodings that exceed the limit. + if limit < 0 || len(s) <= limit { + return s + } + + // Optimistically, assume all valid UTF-8. + var b strings.Builder + count := 0 + for i, c := range s { + if c != utf8.RuneError { + count++ + if count > limit { + return s[:i] + } + continue + } + + _, size := utf8.DecodeRuneInString(s[i:]) + if size == 1 { + // Invalid encoding. + b.Grow(len(s) - 1) + _, _ = b.WriteString(s[:i]) + s = s[i:] + break + } + } + + // Fast-path, no invalid input. + if b.Cap() == 0 { + return s + } + + // Truncate while validating UTF-8. + for i := 0; i < len(s) && count < limit; { + c := s[i] + if c < utf8.RuneSelf { + // Optimization for single byte runes (common case). + _ = b.WriteByte(c) + i++ + count++ + continue + } + + _, size := utf8.DecodeRuneInString(s[i:]) + if size == 1 { + // We checked for all 1-byte runes above, this is a RuneError. + i++ + continue + } + + _, _ = b.WriteString(s[i : i+size]) + i += size + count++ + } + + return b.String() +} + +func (s *autoSpan) End(opts ...SpanEndOption) { + if s == nil || !s.sampled.Swap(false) { + return + } + + // s.end exists so the lock (s.mu) is not held while s.ended is called. + s.ended(s.end(opts)) +} + +func (s *autoSpan) end(opts []SpanEndOption) []byte { + s.mu.Lock() + defer s.mu.Unlock() + + cfg := NewSpanEndConfig(opts...) + if t := cfg.Timestamp(); !t.IsZero() { + s.span.EndTime = cfg.Timestamp() + } else { + s.span.EndTime = time.Now() + } + + b, _ := json.Marshal(s.traces) // TODO: do not ignore this error. + return b +} + +// Expected to be implemented in eBPF. +// +//go:noinline +func (*autoSpan) ended(buf []byte) { ended(buf) } + +// ended is used for testing. +var ended = func([]byte) {} + +func (s *autoSpan) RecordError(err error, opts ...EventOption) { + if s == nil || err == nil || !s.sampled.Load() { + return + } + + cfg := NewEventConfig(opts...) + + attrs := cfg.Attributes() + attrs = append(attrs, + semconv.ExceptionType(typeStr(err)), + semconv.ExceptionMessage(err.Error()), + ) + if cfg.StackTrace() { + buf := make([]byte, 2048) + n := runtime.Stack(buf, false) + attrs = append(attrs, semconv.ExceptionStacktrace(string(buf[0:n]))) + } + + s.mu.Lock() + defer s.mu.Unlock() + + s.addEvent(semconv.ExceptionEventName, cfg.Timestamp(), attrs) +} + +func typeStr(i any) string { + t := reflect.TypeOf(i) + if t.PkgPath() == "" && t.Name() == "" { + // Likely a builtin type. + return t.String() + } + return fmt.Sprintf("%s.%s", t.PkgPath(), t.Name()) +} + +func (s *autoSpan) AddEvent(name string, opts ...EventOption) { + if s == nil || !s.sampled.Load() { + return + } + + cfg := NewEventConfig(opts...) + + s.mu.Lock() + defer s.mu.Unlock() + + s.addEvent(name, cfg.Timestamp(), cfg.Attributes()) +} + +// addEvent adds an event with name and attrs at tStamp to the span. The span +// lock (s.mu) needs to be held by the caller. +func (s *autoSpan) addEvent(name string, tStamp time.Time, attrs []attribute.KeyValue) { + limit := maxSpan.Events + + if limit == 0 { + s.span.DroppedEvents++ + return + } + + if limit > 0 && len(s.span.Events) == limit { + // Drop head while avoiding allocation of more capacity. + copy(s.span.Events[:limit-1], s.span.Events[1:]) + s.span.Events = s.span.Events[:limit-1] + s.span.DroppedEvents++ + } + + e := &telemetry.SpanEvent{Time: tStamp, Name: name} + e.Attrs, e.DroppedAttrs = convCappedAttrs(maxSpan.EventAttrs, attrs) + + s.span.Events = append(s.span.Events, e) +} + +func (s *autoSpan) AddLink(link Link) { + if s == nil || !s.sampled.Load() { + return + } + + l := maxSpan.Links + + s.mu.Lock() + defer s.mu.Unlock() + + if l == 0 { + s.span.DroppedLinks++ + return + } + + if l > 0 && len(s.span.Links) == l { + // Drop head while avoiding allocation of more capacity. + copy(s.span.Links[:l-1], s.span.Links[1:]) + s.span.Links = s.span.Links[:l-1] + s.span.DroppedLinks++ + } + + s.span.Links = append(s.span.Links, convLink(link)) +} + +func convLinks(links []Link) []*telemetry.SpanLink { + out := make([]*telemetry.SpanLink, 0, len(links)) + for _, link := range links { + out = append(out, convLink(link)) + } + return out +} + +func convLink(link Link) *telemetry.SpanLink { + l := &telemetry.SpanLink{ + TraceID: telemetry.TraceID(link.SpanContext.TraceID()), + SpanID: telemetry.SpanID(link.SpanContext.SpanID()), + TraceState: link.SpanContext.TraceState().String(), + Flags: uint32(link.SpanContext.TraceFlags()), + } + l.Attrs, l.DroppedAttrs = convCappedAttrs(maxSpan.LinkAttrs, link.Attributes) + + return l +} + +func (s *autoSpan) SetName(name string) { + if s == nil || !s.sampled.Load() { + return + } + + s.mu.Lock() + defer s.mu.Unlock() + + s.span.Name = name +} + +func (*autoSpan) TracerProvider() TracerProvider { return newAutoTracerProvider() } + +// maxSpan are the span limits resolved during startup. +var maxSpan = newSpanLimits() + +type spanLimits struct { + // Attrs is the number of allowed attributes for a span. + // + // This is resolved from the environment variable value for the + // OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT key if it exists. Otherwise, the + // environment variable value for OTEL_ATTRIBUTE_COUNT_LIMIT, or 128 if + // that is not set, is used. + Attrs int + // AttrValueLen is the maximum attribute value length allowed for a span. + // + // This is resolved from the environment variable value for the + // OTEL_SPAN_ATTRIBUTE_VALUE_LENGTH_LIMIT key if it exists. Otherwise, the + // environment variable value for OTEL_ATTRIBUTE_VALUE_LENGTH_LIMIT, or -1 + // if that is not set, is used. + AttrValueLen int + // Events is the number of allowed events for a span. + // + // This is resolved from the environment variable value for the + // OTEL_SPAN_EVENT_COUNT_LIMIT key, or 128 is used if that is not set. + Events int + // EventAttrs is the number of allowed attributes for a span event. + // + // The is resolved from the environment variable value for the + // OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT key, or 128 is used if that is not set. + EventAttrs int + // Links is the number of allowed Links for a span. + // + // This is resolved from the environment variable value for the + // OTEL_SPAN_LINK_COUNT_LIMIT, or 128 is used if that is not set. + Links int + // LinkAttrs is the number of allowed attributes for a span link. + // + // This is resolved from the environment variable value for the + // OTEL_LINK_ATTRIBUTE_COUNT_LIMIT, or 128 is used if that is not set. + LinkAttrs int +} + +func newSpanLimits() spanLimits { + return spanLimits{ + Attrs: firstEnv( + 128, + "OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT", + "OTEL_ATTRIBUTE_COUNT_LIMIT", + ), + AttrValueLen: firstEnv( + -1, // Unlimited. + "OTEL_SPAN_ATTRIBUTE_VALUE_LENGTH_LIMIT", + "OTEL_ATTRIBUTE_VALUE_LENGTH_LIMIT", + ), + Events: firstEnv(128, "OTEL_SPAN_EVENT_COUNT_LIMIT"), + EventAttrs: firstEnv(128, "OTEL_EVENT_ATTRIBUTE_COUNT_LIMIT"), + Links: firstEnv(128, "OTEL_SPAN_LINK_COUNT_LIMIT"), + LinkAttrs: firstEnv(128, "OTEL_LINK_ATTRIBUTE_COUNT_LIMIT"), + } +} + +// firstEnv returns the parsed integer value of the first matching environment +// variable from keys. The defaultVal is returned if the value is not an +// integer or no match is found. +func firstEnv(defaultVal int, keys ...string) int { + for _, key := range keys { + strV := os.Getenv(key) + if strV == "" { + continue + } + + v, err := strconv.Atoi(strV) + if err == nil { + return v + } + // Ignore invalid environment variable. + } + + return defaultVal +} diff --git a/vendor/go.opentelemetry.io/otel/trace/config.go b/vendor/go.opentelemetry.io/otel/trace/config.go index 9c0b720a4..d9ecef1ca 100644 --- a/vendor/go.opentelemetry.io/otel/trace/config.go +++ b/vendor/go.opentelemetry.io/otel/trace/config.go @@ -4,6 +4,7 @@ package trace // import "go.opentelemetry.io/otel/trace" import ( + "slices" "time" "go.opentelemetry.io/otel/attribute" @@ -73,7 +74,7 @@ func (cfg *SpanConfig) Timestamp() time.Time { return cfg.timestamp } -// StackTrace checks whether stack trace capturing is enabled. +// StackTrace reports whether stack trace capturing is enabled. func (cfg *SpanConfig) StackTrace() bool { return cfg.stackTrace } @@ -154,7 +155,7 @@ func (cfg *EventConfig) Timestamp() time.Time { return cfg.timestamp } -// StackTrace checks whether stack trace capturing is enabled. +// StackTrace reports whether stack trace capturing is enabled. func (cfg *EventConfig) StackTrace() bool { return cfg.stackTrace } @@ -304,12 +305,50 @@ func WithInstrumentationVersion(version string) TracerOption { }) } -// WithInstrumentationAttributes sets the instrumentation attributes. +// mergeSets returns the union of keys between a and b. Any duplicate keys will +// use the value associated with b. +func mergeSets(a, b attribute.Set) attribute.Set { + // NewMergeIterator uses the first value for any duplicates. + iter := attribute.NewMergeIterator(&b, &a) + merged := make([]attribute.KeyValue, 0, a.Len()+b.Len()) + for iter.Next() { + merged = append(merged, iter.Attribute()) + } + return attribute.NewSet(merged...) +} + +// WithInstrumentationAttributes adds the instrumentation attributes. // -// The passed attributes will be de-duplicated. +// This is equivalent to calling [WithInstrumentationAttributeSet] with an +// [attribute.Set] created from a clone of the passed attributes. +// [WithInstrumentationAttributeSet] is recommended for more control. +// +// If multiple [WithInstrumentationAttributes] or [WithInstrumentationAttributeSet] +// options are passed, the attributes will be merged together in the order +// they are passed. Attributes with duplicate keys will use the last value passed. func WithInstrumentationAttributes(attr ...attribute.KeyValue) TracerOption { + set := attribute.NewSet(slices.Clone(attr)...) + return WithInstrumentationAttributeSet(set) +} + +// WithInstrumentationAttributeSet adds the instrumentation attributes. +// +// If multiple [WithInstrumentationAttributes] or [WithInstrumentationAttributeSet] +// options are passed, the attributes will be merged together in the order +// they are passed. Attributes with duplicate keys will use the last value passed. +func WithInstrumentationAttributeSet(set attribute.Set) TracerOption { + if set.Len() == 0 { + return tracerOptionFunc(func(config TracerConfig) TracerConfig { + return config + }) + } + return tracerOptionFunc(func(config TracerConfig) TracerConfig { - config.attrs = attribute.NewSet(attr...) + if config.attrs.Len() == 0 { + config.attrs = set + } else { + config.attrs = mergeSets(config.attrs, set) + } return config }) } diff --git a/vendor/go.opentelemetry.io/otel/trace/hex.go b/vendor/go.opentelemetry.io/otel/trace/hex.go new file mode 100644 index 000000000..1cbef1d4b --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/hex.go @@ -0,0 +1,38 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package trace // import "go.opentelemetry.io/otel/trace" + +const ( + // hexLU is a hex lookup table of the 16 lowercase hex digits. + // The character values of the string are indexed at the equivalent + // hexadecimal value they represent. This table efficiently encodes byte data + // into a string representation of hexadecimal. + hexLU = "0123456789abcdef" + + // hexRev is a reverse hex lookup table for lowercase hex digits. + // The table is efficiently decodes a hexadecimal string into bytes. + // Valid hexadecimal characters are indexed at their respective values. All + // other invalid ASCII characters are represented with '\xff'. + // + // The '\xff' character is used as invalid because no valid character has + // the upper 4 bits set. Meaning, an efficient validation can be performed + // over multiple character parsing by checking these bits remain zero. + hexRev = "" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\x0a\x0b\x0c\x0d\x0e\x0f\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +) diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go new file mode 100644 index 000000000..ff0f6eac6 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go @@ -0,0 +1,58 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +// Attr is a key-value pair. +type Attr struct { + Key string `json:"key,omitempty"` + Value Value `json:"value,omitempty"` +} + +// String returns an Attr for a string value. +func String(key, value string) Attr { + return Attr{key, StringValue(value)} +} + +// Int64 returns an Attr for an int64 value. +func Int64(key string, value int64) Attr { + return Attr{key, Int64Value(value)} +} + +// Int returns an Attr for an int value. +func Int(key string, value int) Attr { + return Int64(key, int64(value)) +} + +// Float64 returns an Attr for a float64 value. +func Float64(key string, value float64) Attr { + return Attr{key, Float64Value(value)} +} + +// Bool returns an Attr for a bool value. +func Bool(key string, value bool) Attr { + return Attr{key, BoolValue(value)} +} + +// Bytes returns an Attr for a []byte value. +// The passed slice must not be changed after it is passed. +func Bytes(key string, value []byte) Attr { + return Attr{key, BytesValue(value)} +} + +// Slice returns an Attr for a []Value value. +// The passed slice must not be changed after it is passed. +func Slice(key string, value ...Value) Attr { + return Attr{key, SliceValue(value...)} +} + +// Map returns an Attr for a map value. +// The passed slice must not be changed after it is passed. +func Map(key string, value ...Attr) Attr { + return Attr{key, MapValue(value...)} +} + +// Equal reports whether a is equal to b. +func (a Attr) Equal(b Attr) bool { + return a.Key == b.Key && a.Value.Equal(b.Value) +} diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/doc.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/doc.go new file mode 100644 index 000000000..5debe90bb --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/doc.go @@ -0,0 +1,8 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +/* +Package telemetry provides a lightweight representations of OpenTelemetry +telemetry that is compatible with the OTLP JSON protobuf encoding. +*/ +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go new file mode 100644 index 000000000..bea56f2e7 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go @@ -0,0 +1,103 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +import ( + "encoding/hex" + "errors" + "fmt" +) + +const ( + traceIDSize = 16 + spanIDSize = 8 +) + +// TraceID is a custom data type that is used for all trace IDs. +type TraceID [traceIDSize]byte + +// String returns the hex string representation form of a TraceID. +func (tid TraceID) String() string { + return hex.EncodeToString(tid[:]) +} + +// IsEmpty reports whether the TraceID contains only zero bytes. +func (tid TraceID) IsEmpty() bool { + return tid == [traceIDSize]byte{} +} + +// MarshalJSON converts the trace ID into a hex string enclosed in quotes. +func (tid TraceID) MarshalJSON() ([]byte, error) { + if tid.IsEmpty() { + return []byte(`""`), nil + } + return marshalJSON(tid[:]) +} + +// UnmarshalJSON inflates the trace ID from hex string, possibly enclosed in +// quotes. +func (tid *TraceID) UnmarshalJSON(data []byte) error { + *tid = [traceIDSize]byte{} + return unmarshalJSON(tid[:], data) +} + +// SpanID is a custom data type that is used for all span IDs. +type SpanID [spanIDSize]byte + +// String returns the hex string representation form of a SpanID. +func (sid SpanID) String() string { + return hex.EncodeToString(sid[:]) +} + +// IsEmpty reports whether the SpanID contains only zero bytes. +func (sid SpanID) IsEmpty() bool { + return sid == [spanIDSize]byte{} +} + +// MarshalJSON converts span ID into a hex string enclosed in quotes. +func (sid SpanID) MarshalJSON() ([]byte, error) { + if sid.IsEmpty() { + return []byte(`""`), nil + } + return marshalJSON(sid[:]) +} + +// UnmarshalJSON decodes span ID from hex string, possibly enclosed in quotes. +func (sid *SpanID) UnmarshalJSON(data []byte) error { + *sid = [spanIDSize]byte{} + return unmarshalJSON(sid[:], data) +} + +// marshalJSON converts id into a hex string enclosed in quotes. +func marshalJSON(id []byte) ([]byte, error) { + // Plus 2 quote chars at the start and end. + hexLen := hex.EncodedLen(len(id)) + 2 + + b := make([]byte, hexLen) + hex.Encode(b[1:hexLen-1], id) + b[0], b[hexLen-1] = '"', '"' + + return b, nil +} + +// unmarshalJSON inflates trace id from hex string, possibly enclosed in quotes. +func unmarshalJSON(dst, src []byte) error { + if l := len(src); l >= 2 && src[0] == '"' && src[l-1] == '"' { + src = src[1 : l-1] + } + nLen := len(src) + if nLen == 0 { + return nil + } + + if len(dst) != hex.DecodedLen(nLen) { + return errors.New("invalid length for ID") + } + + _, err := hex.Decode(dst, src) + if err != nil { + return fmt.Errorf("cannot unmarshal ID from string '%s': %w", string(src), err) + } + return nil +} diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/number.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/number.go new file mode 100644 index 000000000..f5e3a8cec --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/number.go @@ -0,0 +1,67 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +import ( + "encoding/json" + "strconv" +) + +// protoInt64 represents the protobuf encoding of integers which can be either +// strings or integers. +type protoInt64 int64 + +// Int64 returns the protoInt64 as an int64. +func (i *protoInt64) Int64() int64 { return int64(*i) } + +// UnmarshalJSON decodes both strings and integers. +func (i *protoInt64) UnmarshalJSON(data []byte) error { + if data[0] == '"' { + var str string + if err := json.Unmarshal(data, &str); err != nil { + return err + } + parsedInt, err := strconv.ParseInt(str, 10, 64) + if err != nil { + return err + } + *i = protoInt64(parsedInt) + } else { + var parsedInt int64 + if err := json.Unmarshal(data, &parsedInt); err != nil { + return err + } + *i = protoInt64(parsedInt) + } + return nil +} + +// protoUint64 represents the protobuf encoding of integers which can be either +// strings or integers. +type protoUint64 uint64 + +// Int64 returns the protoUint64 as a uint64. +func (i *protoUint64) Uint64() uint64 { return uint64(*i) } + +// UnmarshalJSON decodes both strings and integers. +func (i *protoUint64) UnmarshalJSON(data []byte) error { + if data[0] == '"' { + var str string + if err := json.Unmarshal(data, &str); err != nil { + return err + } + parsedUint, err := strconv.ParseUint(str, 10, 64) + if err != nil { + return err + } + *i = protoUint64(parsedUint) + } else { + var parsedUint uint64 + if err := json.Unmarshal(data, &parsedUint); err != nil { + return err + } + *i = protoUint64(parsedUint) + } + return nil +} diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/resource.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/resource.go new file mode 100644 index 000000000..1798a702d --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/resource.go @@ -0,0 +1,66 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "io" +) + +// Resource information. +type Resource struct { + // Attrs are the set of attributes that describe the resource. Attribute + // keys MUST be unique (it is not allowed to have more than one attribute + // with the same key). + Attrs []Attr `json:"attributes,omitempty"` + // DroppedAttrs is the number of dropped attributes. If the value + // is 0, then no attributes were dropped. + DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"` +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into r. +func (r *Resource) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid Resource type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid Resource field: %#v", keyIface) + } + + switch key { + case "attributes": + err = decoder.Decode(&r.Attrs) + case "droppedAttributesCount", "dropped_attributes_count": + err = decoder.Decode(&r.DroppedAttrs) + default: + // Skip unknown. + } + + if err != nil { + return err + } + } + return nil +} diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/scope.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/scope.go new file mode 100644 index 000000000..c2b4c635b --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/scope.go @@ -0,0 +1,67 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "io" +) + +// Scope is the identifying values of the instrumentation scope. +type Scope struct { + Name string `json:"name,omitempty"` + Version string `json:"version,omitempty"` + Attrs []Attr `json:"attributes,omitempty"` + DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"` +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into r. +func (s *Scope) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid Scope type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid Scope field: %#v", keyIface) + } + + switch key { + case "name": + err = decoder.Decode(&s.Name) + case "version": + err = decoder.Decode(&s.Version) + case "attributes": + err = decoder.Decode(&s.Attrs) + case "droppedAttributesCount", "dropped_attributes_count": + err = decoder.Decode(&s.DroppedAttrs) + default: + // Skip unknown. + } + + if err != nil { + return err + } + } + return nil +} diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go new file mode 100644 index 000000000..e7ca62c66 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/span.go @@ -0,0 +1,472 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +import ( + "bytes" + "encoding/hex" + "encoding/json" + "errors" + "fmt" + "io" + "math" + "time" +) + +// A Span represents a single operation performed by a single component of the +// system. +type Span struct { + // A unique identifier for a trace. All spans from the same trace share + // the same `trace_id`. The ID is a 16-byte array. An ID with all zeroes OR + // of length other than 16 bytes is considered invalid (empty string in OTLP/JSON + // is zero-length and thus is also invalid). + // + // This field is required. + TraceID TraceID `json:"traceId,omitempty"` + // A unique identifier for a span within a trace, assigned when the span + // is created. The ID is an 8-byte array. An ID with all zeroes OR of length + // other than 8 bytes is considered invalid (empty string in OTLP/JSON + // is zero-length and thus is also invalid). + // + // This field is required. + SpanID SpanID `json:"spanId,omitempty"` + // trace_state conveys information about request position in multiple distributed tracing graphs. + // It is a trace_state in w3c-trace-context format: https://www.w3.org/TR/trace-context/#tracestate-header + // See also https://github.com/w3c/distributed-tracing for more details about this field. + TraceState string `json:"traceState,omitempty"` + // The `span_id` of this span's parent span. If this is a root span, then this + // field must be empty. The ID is an 8-byte array. + ParentSpanID SpanID `json:"parentSpanId,omitempty"` + // Flags, a bit field. + // + // Bits 0-7 (8 least significant bits) are the trace flags as defined in W3C Trace + // Context specification. To read the 8-bit W3C trace flag, use + // `flags & SPAN_FLAGS_TRACE_FLAGS_MASK`. + // + // See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions. + // + // Bits 8 and 9 represent the 3 states of whether a span's parent + // is remote. The states are (unknown, is not remote, is remote). + // To read whether the value is known, use `(flags & SPAN_FLAGS_CONTEXT_HAS_IS_REMOTE_MASK) != 0`. + // To read whether the span is remote, use `(flags & SPAN_FLAGS_CONTEXT_IS_REMOTE_MASK) != 0`. + // + // When creating span messages, if the message is logically forwarded from another source + // with an equivalent flags fields (i.e., usually another OTLP span message), the field SHOULD + // be copied as-is. If creating from a source that does not have an equivalent flags field + // (such as a runtime representation of an OpenTelemetry span), the high 22 bits MUST + // be set to zero. + // Readers MUST NOT assume that bits 10-31 (22 most significant bits) will be zero. + // + // [Optional]. + Flags uint32 `json:"flags,omitempty"` + // A description of the span's operation. + // + // For example, the name can be a qualified method name or a file name + // and a line number where the operation is called. A best practice is to use + // the same display name at the same call point in an application. + // This makes it easier to correlate spans in different traces. + // + // This field is semantically required to be set to non-empty string. + // Empty value is equivalent to an unknown span name. + // + // This field is required. + Name string `json:"name"` + // Distinguishes between spans generated in a particular context. For example, + // two spans with the same name may be distinguished using `CLIENT` (caller) + // and `SERVER` (callee) to identify queueing latency associated with the span. + Kind SpanKind `json:"kind,omitempty"` + // start_time_unix_nano is the start time of the span. On the client side, this is the time + // kept by the local machine where the span execution starts. On the server side, this + // is the time when the server's application handler starts running. + // Value is UNIX Epoch time in nanoseconds since 00:00:00 UTC on 1 January 1970. + // + // This field is semantically required and it is expected that end_time >= start_time. + StartTime time.Time `json:"startTimeUnixNano,omitempty"` + // end_time_unix_nano is the end time of the span. On the client side, this is the time + // kept by the local machine where the span execution ends. On the server side, this + // is the time when the server application handler stops running. + // Value is UNIX Epoch time in nanoseconds since 00:00:00 UTC on 1 January 1970. + // + // This field is semantically required and it is expected that end_time >= start_time. + EndTime time.Time `json:"endTimeUnixNano,omitempty"` + // attributes is a collection of key/value pairs. Note, global attributes + // like server name can be set using the resource API. Examples of attributes: + // + // "/http/user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" + // "/http/server_latency": 300 + // "example.com/myattribute": true + // "example.com/score": 10.239 + // + // The OpenTelemetry API specification further restricts the allowed value types: + // https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/common/README.md#attribute + // Attribute keys MUST be unique (it is not allowed to have more than one + // attribute with the same key). + Attrs []Attr `json:"attributes,omitempty"` + // dropped_attributes_count is the number of attributes that were discarded. Attributes + // can be discarded because their keys are too long or because there are too many + // attributes. If this value is 0, then no attributes were dropped. + DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"` + // events is a collection of Event items. + Events []*SpanEvent `json:"events,omitempty"` + // dropped_events_count is the number of dropped events. If the value is 0, then no + // events were dropped. + DroppedEvents uint32 `json:"droppedEventsCount,omitempty"` + // links is a collection of Links, which are references from this span to a span + // in the same or different trace. + Links []*SpanLink `json:"links,omitempty"` + // dropped_links_count is the number of dropped links after the maximum size was + // enforced. If this value is 0, then no links were dropped. + DroppedLinks uint32 `json:"droppedLinksCount,omitempty"` + // An optional final status for this span. Semantically when Status isn't set, it means + // span's status code is unset, i.e. assume STATUS_CODE_UNSET (code = 0). + Status *Status `json:"status,omitempty"` +} + +// MarshalJSON encodes s into OTLP formatted JSON. +func (s Span) MarshalJSON() ([]byte, error) { + startT := s.StartTime.UnixNano() + if s.StartTime.IsZero() || startT < 0 { + startT = 0 + } + + endT := s.EndTime.UnixNano() + if s.EndTime.IsZero() || endT < 0 { + endT = 0 + } + + // Override non-empty default SpanID marshal and omitempty. + var parentSpanId string + if !s.ParentSpanID.IsEmpty() { + b := make([]byte, hex.EncodedLen(spanIDSize)) + hex.Encode(b, s.ParentSpanID[:]) + parentSpanId = string(b) + } + + type Alias Span + return json.Marshal(struct { + Alias + ParentSpanID string `json:"parentSpanId,omitempty"` + StartTime uint64 `json:"startTimeUnixNano,omitempty"` + EndTime uint64 `json:"endTimeUnixNano,omitempty"` + }{ + Alias: Alias(s), + ParentSpanID: parentSpanId, + StartTime: uint64(startT), // nolint:gosec // >0 checked above. + EndTime: uint64(endT), // nolint:gosec // >0 checked above. + }) +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into s. +func (s *Span) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid Span type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid Span field: %#v", keyIface) + } + + switch key { + case "traceId", "trace_id": + err = decoder.Decode(&s.TraceID) + case "spanId", "span_id": + err = decoder.Decode(&s.SpanID) + case "traceState", "trace_state": + err = decoder.Decode(&s.TraceState) + case "parentSpanId", "parent_span_id": + err = decoder.Decode(&s.ParentSpanID) + case "flags": + err = decoder.Decode(&s.Flags) + case "name": + err = decoder.Decode(&s.Name) + case "kind": + err = decoder.Decode(&s.Kind) + case "startTimeUnixNano", "start_time_unix_nano": + var val protoUint64 + err = decoder.Decode(&val) + v := int64(min(val.Uint64(), math.MaxInt64)) // nolint: gosec // Overflow checked. + s.StartTime = time.Unix(0, v) + case "endTimeUnixNano", "end_time_unix_nano": + var val protoUint64 + err = decoder.Decode(&val) + v := int64(min(val.Uint64(), math.MaxInt64)) // nolint: gosec // Overflow checked. + s.EndTime = time.Unix(0, v) + case "attributes": + err = decoder.Decode(&s.Attrs) + case "droppedAttributesCount", "dropped_attributes_count": + err = decoder.Decode(&s.DroppedAttrs) + case "events": + err = decoder.Decode(&s.Events) + case "droppedEventsCount", "dropped_events_count": + err = decoder.Decode(&s.DroppedEvents) + case "links": + err = decoder.Decode(&s.Links) + case "droppedLinksCount", "dropped_links_count": + err = decoder.Decode(&s.DroppedLinks) + case "status": + err = decoder.Decode(&s.Status) + default: + // Skip unknown. + } + + if err != nil { + return err + } + } + return nil +} + +// SpanFlags represents constants used to interpret the +// Span.flags field, which is protobuf 'fixed32' type and is to +// be used as bit-fields. Each non-zero value defined in this enum is +// a bit-mask. To extract the bit-field, for example, use an +// expression like: +// +// (span.flags & SPAN_FLAGS_TRACE_FLAGS_MASK) +// +// See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions. +// +// Note that Span flags were introduced in version 1.1 of the +// OpenTelemetry protocol. Older Span producers do not set this +// field, consequently consumers should not rely on the absence of a +// particular flag bit to indicate the presence of a particular feature. +type SpanFlags int32 + +const ( + // SpanFlagsTraceFlagsMask is a mask for trace-flags. + // + // Bits 0-7 are used for trace flags. + SpanFlagsTraceFlagsMask SpanFlags = 255 + // SpanFlagsContextHasIsRemoteMask is a mask for HAS_IS_REMOTE status. + // + // Bits 8 and 9 are used to indicate that the parent span or link span is + // remote. Bit 8 (`HAS_IS_REMOTE`) indicates whether the value is known. + SpanFlagsContextHasIsRemoteMask SpanFlags = 256 + // SpanFlagsContextIsRemoteMask is a mask for IS_REMOTE status. + // + // Bits 8 and 9 are used to indicate that the parent span or link span is + // remote. Bit 9 (`IS_REMOTE`) indicates whether the span or link is + // remote. + SpanFlagsContextIsRemoteMask SpanFlags = 512 +) + +// SpanKind is the type of span. Can be used to specify additional relationships between spans +// in addition to a parent/child relationship. +type SpanKind int32 + +const ( + // SpanKindInternal indicates that the span represents an internal + // operation within an application, as opposed to an operation happening at + // the boundaries. + SpanKindInternal SpanKind = 1 + // SpanKindServer indicates that the span covers server-side handling of an + // RPC or other remote network request. + SpanKindServer SpanKind = 2 + // SpanKindClient indicates that the span describes a request to some + // remote service. + SpanKindClient SpanKind = 3 + // SpanKindProducer indicates that the span describes a producer sending a + // message to a broker. Unlike SpanKindClient and SpanKindServer, there is + // often no direct critical path latency relationship between producer and + // consumer spans. A SpanKindProducer span ends when the message was + // accepted by the broker while the logical processing of the message might + // span a much longer time. + SpanKindProducer SpanKind = 4 + // SpanKindConsumer indicates that the span describes a consumer receiving + // a message from a broker. Like SpanKindProducer, there is often no direct + // critical path latency relationship between producer and consumer spans. + SpanKindConsumer SpanKind = 5 +) + +// SpanEvent is a time-stamped annotation of the span, consisting of +// user-supplied text description and key-value pairs. +type SpanEvent struct { + // time_unix_nano is the time the event occurred. + Time time.Time `json:"timeUnixNano,omitempty"` + // name of the event. + // This field is semantically required to be set to non-empty string. + Name string `json:"name,omitempty"` + // attributes is a collection of attribute key/value pairs on the event. + // Attribute keys MUST be unique (it is not allowed to have more than one + // attribute with the same key). + Attrs []Attr `json:"attributes,omitempty"` + // dropped_attributes_count is the number of dropped attributes. If the value is 0, + // then no attributes were dropped. + DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"` +} + +// MarshalJSON encodes e into OTLP formatted JSON. +func (e SpanEvent) MarshalJSON() ([]byte, error) { + t := e.Time.UnixNano() + if e.Time.IsZero() || t < 0 { + t = 0 + } + + type Alias SpanEvent + return json.Marshal(struct { + Alias + Time uint64 `json:"timeUnixNano,omitempty"` + }{ + Alias: Alias(e), + Time: uint64(t), // nolint: gosec // >0 checked above + }) +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into se. +func (se *SpanEvent) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid SpanEvent type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid SpanEvent field: %#v", keyIface) + } + + switch key { + case "timeUnixNano", "time_unix_nano": + var val protoUint64 + err = decoder.Decode(&val) + v := int64(min(val.Uint64(), math.MaxInt64)) // nolint: gosec // Overflow checked. + se.Time = time.Unix(0, v) + case "name": + err = decoder.Decode(&se.Name) + case "attributes": + err = decoder.Decode(&se.Attrs) + case "droppedAttributesCount", "dropped_attributes_count": + err = decoder.Decode(&se.DroppedAttrs) + default: + // Skip unknown. + } + + if err != nil { + return err + } + } + return nil +} + +// SpanLink is a reference from the current span to another span in the same +// trace or in a different trace. For example, this can be used in batching +// operations, where a single batch handler processes multiple requests from +// different traces or when the handler receives a request from a different +// project. +type SpanLink struct { + // A unique identifier of a trace that this linked span is part of. The ID is a + // 16-byte array. + TraceID TraceID `json:"traceId,omitempty"` + // A unique identifier for the linked span. The ID is an 8-byte array. + SpanID SpanID `json:"spanId,omitempty"` + // The trace_state associated with the link. + TraceState string `json:"traceState,omitempty"` + // attributes is a collection of attribute key/value pairs on the link. + // Attribute keys MUST be unique (it is not allowed to have more than one + // attribute with the same key). + Attrs []Attr `json:"attributes,omitempty"` + // dropped_attributes_count is the number of dropped attributes. If the value is 0, + // then no attributes were dropped. + DroppedAttrs uint32 `json:"droppedAttributesCount,omitempty"` + // Flags, a bit field. + // + // Bits 0-7 (8 least significant bits) are the trace flags as defined in W3C Trace + // Context specification. To read the 8-bit W3C trace flag, use + // `flags & SPAN_FLAGS_TRACE_FLAGS_MASK`. + // + // See https://www.w3.org/TR/trace-context-2/#trace-flags for the flag definitions. + // + // Bits 8 and 9 represent the 3 states of whether the link is remote. + // The states are (unknown, is not remote, is remote). + // To read whether the value is known, use `(flags & SPAN_FLAGS_CONTEXT_HAS_IS_REMOTE_MASK) != 0`. + // To read whether the link is remote, use `(flags & SPAN_FLAGS_CONTEXT_IS_REMOTE_MASK) != 0`. + // + // Readers MUST NOT assume that bits 10-31 (22 most significant bits) will be zero. + // When creating new spans, bits 10-31 (most-significant 22-bits) MUST be zero. + // + // [Optional]. + Flags uint32 `json:"flags,omitempty"` +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into sl. +func (sl *SpanLink) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid SpanLink type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid SpanLink field: %#v", keyIface) + } + + switch key { + case "traceId", "trace_id": + err = decoder.Decode(&sl.TraceID) + case "spanId", "span_id": + err = decoder.Decode(&sl.SpanID) + case "traceState", "trace_state": + err = decoder.Decode(&sl.TraceState) + case "attributes": + err = decoder.Decode(&sl.Attrs) + case "droppedAttributesCount", "dropped_attributes_count": + err = decoder.Decode(&sl.DroppedAttrs) + case "flags": + err = decoder.Decode(&sl.Flags) + default: + // Skip unknown. + } + + if err != nil { + return err + } + } + return nil +} diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/status.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/status.go new file mode 100644 index 000000000..1039bf40c --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/status.go @@ -0,0 +1,42 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +// StatusCode is the status of a Span. +// +// For the semantics of status codes see +// https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api.md#set-status +type StatusCode int32 + +const ( + // StatusCodeUnset is the default status. + StatusCodeUnset StatusCode = 0 + // StatusCodeOK is used when the Span has been validated by an Application + // developer or Operator to have completed successfully. + StatusCodeOK StatusCode = 1 + // StatusCodeError is used when the Span contains an error. + StatusCodeError StatusCode = 2 +) + +var statusCodeStrings = []string{ + "Unset", + "OK", + "Error", +} + +func (s StatusCode) String() string { + if s >= 0 && int(s) < len(statusCodeStrings) { + return statusCodeStrings[s] + } + return "" +} + +// Status defines a logical error model that is suitable for different +// programming environments, including REST APIs and RPC APIs. +type Status struct { + // A developer-facing human readable error message. + Message string `json:"message,omitempty"` + // The status code. + Code StatusCode `json:"code,omitempty"` +} diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/traces.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/traces.go new file mode 100644 index 000000000..e5f10767c --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/traces.go @@ -0,0 +1,189 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "io" +) + +// Traces represents the traces data that can be stored in a persistent storage, +// OR can be embedded by other protocols that transfer OTLP traces data but do +// not implement the OTLP protocol. +// +// The main difference between this message and collector protocol is that +// in this message there will not be any "control" or "metadata" specific to +// OTLP protocol. +// +// When new fields are added into this message, the OTLP request MUST be updated +// as well. +type Traces struct { + // An array of ResourceSpans. + // For data coming from a single resource this array will typically contain + // one element. Intermediary nodes that receive data from multiple origins + // typically batch the data before forwarding further and in that case this + // array will contain multiple elements. + ResourceSpans []*ResourceSpans `json:"resourceSpans,omitempty"` +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into td. +func (td *Traces) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid TracesData type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid TracesData field: %#v", keyIface) + } + + switch key { + case "resourceSpans", "resource_spans": + err = decoder.Decode(&td.ResourceSpans) + default: + // Skip unknown. + } + + if err != nil { + return err + } + } + return nil +} + +// ResourceSpans is a collection of ScopeSpans from a Resource. +type ResourceSpans struct { + // The resource for the spans in this message. + // If this field is not set then no resource info is known. + Resource Resource `json:"resource"` + // A list of ScopeSpans that originate from a resource. + ScopeSpans []*ScopeSpans `json:"scopeSpans,omitempty"` + // This schema_url applies to the data in the "resource" field. It does not apply + // to the data in the "scope_spans" field which have their own schema_url field. + SchemaURL string `json:"schemaUrl,omitempty"` +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into rs. +func (rs *ResourceSpans) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid ResourceSpans type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid ResourceSpans field: %#v", keyIface) + } + + switch key { + case "resource": + err = decoder.Decode(&rs.Resource) + case "scopeSpans", "scope_spans": + err = decoder.Decode(&rs.ScopeSpans) + case "schemaUrl", "schema_url": + err = decoder.Decode(&rs.SchemaURL) + default: + // Skip unknown. + } + + if err != nil { + return err + } + } + return nil +} + +// ScopeSpans is a collection of Spans produced by an InstrumentationScope. +type ScopeSpans struct { + // The instrumentation scope information for the spans in this message. + // Semantically when InstrumentationScope isn't set, it is equivalent with + // an empty instrumentation scope name (unknown). + Scope *Scope `json:"scope"` + // A list of Spans that originate from an instrumentation scope. + Spans []*Span `json:"spans,omitempty"` + // The Schema URL, if known. This is the identifier of the Schema that the span data + // is recorded in. To learn more about Schema URL see + // https://opentelemetry.io/docs/specs/otel/schemas/#schema-url + // This schema_url applies to all spans and span events in the "spans" field. + SchemaURL string `json:"schemaUrl,omitempty"` +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into ss. +func (ss *ScopeSpans) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid ScopeSpans type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid ScopeSpans field: %#v", keyIface) + } + + switch key { + case "scope": + err = decoder.Decode(&ss.Scope) + case "spans": + err = decoder.Decode(&ss.Spans) + case "schemaUrl", "schema_url": + err = decoder.Decode(&ss.SchemaURL) + default: + // Skip unknown. + } + + if err != nil { + return err + } + } + return nil +} diff --git a/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go new file mode 100644 index 000000000..cb7927b81 --- /dev/null +++ b/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go @@ -0,0 +1,453 @@ +// Copyright The OpenTelemetry Authors +// SPDX-License-Identifier: Apache-2.0 + +package telemetry // import "go.opentelemetry.io/otel/trace/internal/telemetry" + +import ( + "bytes" + "cmp" + "encoding/base64" + "encoding/json" + "errors" + "fmt" + "io" + "math" + "slices" + "strconv" + "unsafe" +) + +// A Value represents a structured value. +// A zero value is valid and represents an empty value. +type Value struct { + // Ensure forward compatibility by explicitly making this not comparable. + noCmp [0]func() //nolint: unused // This is indeed used. + + // num holds the value for Int64, Float64, and Bool. It holds the length + // for String, Bytes, Slice, Map. + num uint64 + // any holds either the KindBool, KindInt64, KindFloat64, stringptr, + // bytesptr, sliceptr, or mapptr. If KindBool, KindInt64, or KindFloat64 + // then the value of Value is in num as described above. Otherwise, it + // contains the value wrapped in the appropriate type. + any any +} + +type ( + // sliceptr represents a value in Value.any for KindString Values. + stringptr *byte + // bytesptr represents a value in Value.any for KindBytes Values. + bytesptr *byte + // sliceptr represents a value in Value.any for KindSlice Values. + sliceptr *Value + // mapptr represents a value in Value.any for KindMap Values. + mapptr *Attr +) + +// ValueKind is the kind of a [Value]. +type ValueKind int + +// ValueKind values. +const ( + ValueKindEmpty ValueKind = iota + ValueKindBool + ValueKindFloat64 + ValueKindInt64 + ValueKindString + ValueKindBytes + ValueKindSlice + ValueKindMap +) + +var valueKindStrings = []string{ + "Empty", + "Bool", + "Float64", + "Int64", + "String", + "Bytes", + "Slice", + "Map", +} + +func (k ValueKind) String() string { + if k >= 0 && int(k) < len(valueKindStrings) { + return valueKindStrings[k] + } + return "" +} + +// StringValue returns a new [Value] for a string. +func StringValue(v string) Value { + return Value{ + num: uint64(len(v)), + any: stringptr(unsafe.StringData(v)), + } +} + +// IntValue returns a [Value] for an int. +func IntValue(v int) Value { return Int64Value(int64(v)) } + +// Int64Value returns a [Value] for an int64. +func Int64Value(v int64) Value { + return Value{ + num: uint64(v), // nolint: gosec // Store raw bytes. + any: ValueKindInt64, + } +} + +// Float64Value returns a [Value] for a float64. +func Float64Value(v float64) Value { + return Value{num: math.Float64bits(v), any: ValueKindFloat64} +} + +// BoolValue returns a [Value] for a bool. +func BoolValue(v bool) Value { //nolint:revive // Not a control flag. + var n uint64 + if v { + n = 1 + } + return Value{num: n, any: ValueKindBool} +} + +// BytesValue returns a [Value] for a byte slice. The passed slice must not be +// changed after it is passed. +func BytesValue(v []byte) Value { + return Value{ + num: uint64(len(v)), + any: bytesptr(unsafe.SliceData(v)), + } +} + +// SliceValue returns a [Value] for a slice of [Value]. The passed slice must +// not be changed after it is passed. +func SliceValue(vs ...Value) Value { + return Value{ + num: uint64(len(vs)), + any: sliceptr(unsafe.SliceData(vs)), + } +} + +// MapValue returns a new [Value] for a slice of key-value pairs. The passed +// slice must not be changed after it is passed. +func MapValue(kvs ...Attr) Value { + return Value{ + num: uint64(len(kvs)), + any: mapptr(unsafe.SliceData(kvs)), + } +} + +// AsString returns the value held by v as a string. +func (v Value) AsString() string { + if sp, ok := v.any.(stringptr); ok { + return unsafe.String(sp, v.num) + } + // TODO: error handle + return "" +} + +// asString returns the value held by v as a string. It will panic if the Value +// is not KindString. +func (v Value) asString() string { + return unsafe.String(v.any.(stringptr), v.num) +} + +// AsInt64 returns the value held by v as an int64. +func (v Value) AsInt64() int64 { + if v.Kind() != ValueKindInt64 { + // TODO: error handle + return 0 + } + return v.asInt64() +} + +// asInt64 returns the value held by v as an int64. If v is not of KindInt64, +// this will return garbage. +func (v Value) asInt64() int64 { + // Assumes v.num was a valid int64 (overflow not checked). + return int64(v.num) // nolint: gosec +} + +// AsBool returns the value held by v as a bool. +func (v Value) AsBool() bool { + if v.Kind() != ValueKindBool { + // TODO: error handle + return false + } + return v.asBool() +} + +// asBool returns the value held by v as a bool. If v is not of KindBool, this +// will return garbage. +func (v Value) asBool() bool { return v.num == 1 } + +// AsFloat64 returns the value held by v as a float64. +func (v Value) AsFloat64() float64 { + if v.Kind() != ValueKindFloat64 { + // TODO: error handle + return 0 + } + return v.asFloat64() +} + +// asFloat64 returns the value held by v as a float64. If v is not of +// KindFloat64, this will return garbage. +func (v Value) asFloat64() float64 { return math.Float64frombits(v.num) } + +// AsBytes returns the value held by v as a []byte. +func (v Value) AsBytes() []byte { + if sp, ok := v.any.(bytesptr); ok { + return unsafe.Slice((*byte)(sp), v.num) + } + // TODO: error handle + return nil +} + +// asBytes returns the value held by v as a []byte. It will panic if the Value +// is not KindBytes. +func (v Value) asBytes() []byte { + return unsafe.Slice((*byte)(v.any.(bytesptr)), v.num) +} + +// AsSlice returns the value held by v as a []Value. +func (v Value) AsSlice() []Value { + if sp, ok := v.any.(sliceptr); ok { + return unsafe.Slice((*Value)(sp), v.num) + } + // TODO: error handle + return nil +} + +// asSlice returns the value held by v as a []Value. It will panic if the Value +// is not KindSlice. +func (v Value) asSlice() []Value { + return unsafe.Slice((*Value)(v.any.(sliceptr)), v.num) +} + +// AsMap returns the value held by v as a []Attr. +func (v Value) AsMap() []Attr { + if sp, ok := v.any.(mapptr); ok { + return unsafe.Slice((*Attr)(sp), v.num) + } + // TODO: error handle + return nil +} + +// asMap returns the value held by v as a []Attr. It will panic if the +// Value is not KindMap. +func (v Value) asMap() []Attr { + return unsafe.Slice((*Attr)(v.any.(mapptr)), v.num) +} + +// Kind returns the Kind of v. +func (v Value) Kind() ValueKind { + switch x := v.any.(type) { + case ValueKind: + return x + case stringptr: + return ValueKindString + case bytesptr: + return ValueKindBytes + case sliceptr: + return ValueKindSlice + case mapptr: + return ValueKindMap + default: + return ValueKindEmpty + } +} + +// Empty reports whether v does not hold any value. +func (v Value) Empty() bool { return v.Kind() == ValueKindEmpty } + +// Equal reports whether v is equal to w. +func (v Value) Equal(w Value) bool { + k1 := v.Kind() + k2 := w.Kind() + if k1 != k2 { + return false + } + switch k1 { + case ValueKindInt64, ValueKindBool: + return v.num == w.num + case ValueKindString: + return v.asString() == w.asString() + case ValueKindFloat64: + return v.asFloat64() == w.asFloat64() + case ValueKindSlice: + return slices.EqualFunc(v.asSlice(), w.asSlice(), Value.Equal) + case ValueKindMap: + sv := sortMap(v.asMap()) + sw := sortMap(w.asMap()) + return slices.EqualFunc(sv, sw, Attr.Equal) + case ValueKindBytes: + return bytes.Equal(v.asBytes(), w.asBytes()) + case ValueKindEmpty: + return true + default: + // TODO: error handle + return false + } +} + +func sortMap(m []Attr) []Attr { + sm := make([]Attr, len(m)) + copy(sm, m) + slices.SortFunc(sm, func(a, b Attr) int { + return cmp.Compare(a.Key, b.Key) + }) + + return sm +} + +// String returns Value's value as a string, formatted like [fmt.Sprint]. +// +// The returned string is meant for debugging; +// the string representation is not stable. +func (v Value) String() string { + switch v.Kind() { + case ValueKindString: + return v.asString() + case ValueKindInt64: + // Assumes v.num was a valid int64 (overflow not checked). + return strconv.FormatInt(int64(v.num), 10) // nolint: gosec + case ValueKindFloat64: + return strconv.FormatFloat(v.asFloat64(), 'g', -1, 64) + case ValueKindBool: + return strconv.FormatBool(v.asBool()) + case ValueKindBytes: + return string(v.asBytes()) + case ValueKindMap: + return fmt.Sprint(v.asMap()) + case ValueKindSlice: + return fmt.Sprint(v.asSlice()) + case ValueKindEmpty: + return "" + default: + // Try to handle this as gracefully as possible. + // + // Don't panic here. The goal here is to have developers find this + // first if a slog.Kind is is not handled. It is + // preferable to have user's open issue asking why their attributes + // have a "unhandled: " prefix than say that their code is panicking. + return fmt.Sprintf("", v.Kind()) + } +} + +// MarshalJSON encodes v into OTLP formatted JSON. +func (v *Value) MarshalJSON() ([]byte, error) { + switch v.Kind() { + case ValueKindString: + return json.Marshal(struct { + Value string `json:"stringValue"` + }{v.asString()}) + case ValueKindInt64: + return json.Marshal(struct { + Value string `json:"intValue"` + }{strconv.FormatInt(int64(v.num), 10)}) // nolint: gosec // From raw bytes. + case ValueKindFloat64: + return json.Marshal(struct { + Value float64 `json:"doubleValue"` + }{v.asFloat64()}) + case ValueKindBool: + return json.Marshal(struct { + Value bool `json:"boolValue"` + }{v.asBool()}) + case ValueKindBytes: + return json.Marshal(struct { + Value []byte `json:"bytesValue"` + }{v.asBytes()}) + case ValueKindMap: + return json.Marshal(struct { + Value struct { + Values []Attr `json:"values"` + } `json:"kvlistValue"` + }{struct { + Values []Attr `json:"values"` + }{v.asMap()}}) + case ValueKindSlice: + return json.Marshal(struct { + Value struct { + Values []Value `json:"values"` + } `json:"arrayValue"` + }{struct { + Values []Value `json:"values"` + }{v.asSlice()}}) + case ValueKindEmpty: + return nil, nil + default: + return nil, fmt.Errorf("unknown Value kind: %s", v.Kind().String()) + } +} + +// UnmarshalJSON decodes the OTLP formatted JSON contained in data into v. +func (v *Value) UnmarshalJSON(data []byte) error { + decoder := json.NewDecoder(bytes.NewReader(data)) + + t, err := decoder.Token() + if err != nil { + return err + } + if t != json.Delim('{') { + return errors.New("invalid Value type") + } + + for decoder.More() { + keyIface, err := decoder.Token() + if err != nil { + if errors.Is(err, io.EOF) { + // Empty. + return nil + } + return err + } + + key, ok := keyIface.(string) + if !ok { + return fmt.Errorf("invalid Value key: %#v", keyIface) + } + + switch key { + case "stringValue", "string_value": + var val string + err = decoder.Decode(&val) + *v = StringValue(val) + case "boolValue", "bool_value": + var val bool + err = decoder.Decode(&val) + *v = BoolValue(val) + case "intValue", "int_value": + var val protoInt64 + err = decoder.Decode(&val) + *v = Int64Value(val.Int64()) + case "doubleValue", "double_value": + var val float64 + err = decoder.Decode(&val) + *v = Float64Value(val) + case "bytesValue", "bytes_value": + var val64 string + if err := decoder.Decode(&val64); err != nil { + return err + } + var val []byte + val, err = base64.StdEncoding.DecodeString(val64) + *v = BytesValue(val) + case "arrayValue", "array_value": + var val struct{ Values []Value } + err = decoder.Decode(&val) + *v = SliceValue(val.Values...) + case "kvlistValue", "kvlist_value": + var val struct{ Values []Attr } + err = decoder.Decode(&val) + *v = MapValue(val.Values...) + default: + // Skip unknown. + continue + } + // Use first valid. Ignore the rest. + return err + } + + // Only unknown fields. Return nil without unmarshaling any value. + return nil +} diff --git a/vendor/go.opentelemetry.io/otel/trace/noop.go b/vendor/go.opentelemetry.io/otel/trace/noop.go index ca20e9997..400fab123 100644 --- a/vendor/go.opentelemetry.io/otel/trace/noop.go +++ b/vendor/go.opentelemetry.io/otel/trace/noop.go @@ -26,7 +26,7 @@ type noopTracerProvider struct{ embedded.TracerProvider } var _ TracerProvider = noopTracerProvider{} // Tracer returns noop implementation of Tracer. -func (p noopTracerProvider) Tracer(string, ...TracerOption) Tracer { +func (noopTracerProvider) Tracer(string, ...TracerOption) Tracer { return noopTracer{} } @@ -37,7 +37,7 @@ var _ Tracer = noopTracer{} // Start carries forward a non-recording Span, if one is present in the context, otherwise it // creates a no-op Span. -func (t noopTracer) Start(ctx context.Context, name string, _ ...SpanStartOption) (context.Context, Span) { +func (noopTracer) Start(ctx context.Context, _ string, _ ...SpanStartOption) (context.Context, Span) { span := SpanFromContext(ctx) if _, ok := span.(nonRecordingSpan); !ok { // span is likely already a noopSpan, but let's be sure @@ -82,4 +82,24 @@ func (noopSpan) AddLink(Link) {} func (noopSpan) SetName(string) {} // TracerProvider returns a no-op TracerProvider. -func (noopSpan) TracerProvider() TracerProvider { return noopTracerProvider{} } +func (s noopSpan) TracerProvider() TracerProvider { + return s.tracerProvider(autoInstEnabled) +} + +// autoInstEnabled defines if the auto-instrumentation SDK is enabled. +// +// The auto-instrumentation is expected to overwrite this value to true when it +// attaches to the process. +var autoInstEnabled = new(bool) + +// tracerProvider return a noopTracerProvider if autoEnabled is false, +// otherwise it will return a TracerProvider from the sdk package used in +// auto-instrumentation. +// +//go:noinline +func (noopSpan) tracerProvider(autoEnabled *bool) TracerProvider { + if *autoEnabled { + return newAutoTracerProvider() + } + return noopTracerProvider{} +} diff --git a/vendor/go.opentelemetry.io/otel/trace/noop/noop.go b/vendor/go.opentelemetry.io/otel/trace/noop/noop.go index 64a4f1b36..689d220df 100644 --- a/vendor/go.opentelemetry.io/otel/trace/noop/noop.go +++ b/vendor/go.opentelemetry.io/otel/trace/noop/noop.go @@ -51,7 +51,7 @@ type Tracer struct{ embedded.Tracer } // If ctx contains a span context, the returned span will also contain that // span context. If the span context in ctx is for a non-recording span, that // span instance will be returned directly. -func (t Tracer) Start(ctx context.Context, _ string, _ ...trace.SpanStartOption) (context.Context, trace.Span) { +func (Tracer) Start(ctx context.Context, _ string, _ ...trace.SpanStartOption) (context.Context, trace.Span) { span := trace.SpanFromContext(ctx) // If the parent context contains a non-zero span context, that span diff --git a/vendor/go.opentelemetry.io/otel/trace/span.go b/vendor/go.opentelemetry.io/otel/trace/span.go index d3aa476ee..d01e79366 100644 --- a/vendor/go.opentelemetry.io/otel/trace/span.go +++ b/vendor/go.opentelemetry.io/otel/trace/span.go @@ -66,6 +66,10 @@ type Span interface { // SetAttributes sets kv as attributes of the Span. If a key from kv // already exists for an attribute of the Span it will be overwritten with // the value contained in kv. + // + // Note that adding attributes at span creation using [WithAttributes] is preferred + // to calling SetAttribute later, as samplers can only consider information + // already present during span creation. SetAttributes(kv ...attribute.KeyValue) // TracerProvider returns a TracerProvider that can be used to generate diff --git a/vendor/go.opentelemetry.io/otel/trace/trace.go b/vendor/go.opentelemetry.io/otel/trace/trace.go index d49adf671..ee6f4bcb2 100644 --- a/vendor/go.opentelemetry.io/otel/trace/trace.go +++ b/vendor/go.opentelemetry.io/otel/trace/trace.go @@ -4,8 +4,6 @@ package trace // import "go.opentelemetry.io/otel/trace" import ( - "bytes" - "encoding/hex" "encoding/json" ) @@ -38,21 +36,47 @@ var ( _ json.Marshaler = nilTraceID ) -// IsValid checks whether the trace TraceID is valid. A valid trace ID does +// IsValid reports whether the trace TraceID is valid. A valid trace ID does // not consist of zeros only. func (t TraceID) IsValid() bool { - return !bytes.Equal(t[:], nilTraceID[:]) + return t != nilTraceID } // MarshalJSON implements a custom marshal function to encode TraceID // as a hex string. func (t TraceID) MarshalJSON() ([]byte, error) { - return json.Marshal(t.String()) + b := [32 + 2]byte{0: '"', 33: '"'} + h := t.hexBytes() + copy(b[1:], h[:]) + return b[:], nil } // String returns the hex string representation form of a TraceID. func (t TraceID) String() string { - return hex.EncodeToString(t[:]) + h := t.hexBytes() + return string(h[:]) +} + +// hexBytes returns the hex string representation form of a TraceID. +func (t TraceID) hexBytes() [32]byte { + return [32]byte{ + hexLU[t[0x0]>>4], hexLU[t[0x0]&0xf], + hexLU[t[0x1]>>4], hexLU[t[0x1]&0xf], + hexLU[t[0x2]>>4], hexLU[t[0x2]&0xf], + hexLU[t[0x3]>>4], hexLU[t[0x3]&0xf], + hexLU[t[0x4]>>4], hexLU[t[0x4]&0xf], + hexLU[t[0x5]>>4], hexLU[t[0x5]&0xf], + hexLU[t[0x6]>>4], hexLU[t[0x6]&0xf], + hexLU[t[0x7]>>4], hexLU[t[0x7]&0xf], + hexLU[t[0x8]>>4], hexLU[t[0x8]&0xf], + hexLU[t[0x9]>>4], hexLU[t[0x9]&0xf], + hexLU[t[0xa]>>4], hexLU[t[0xa]&0xf], + hexLU[t[0xb]>>4], hexLU[t[0xb]&0xf], + hexLU[t[0xc]>>4], hexLU[t[0xc]&0xf], + hexLU[t[0xd]>>4], hexLU[t[0xd]&0xf], + hexLU[t[0xe]>>4], hexLU[t[0xe]&0xf], + hexLU[t[0xf]>>4], hexLU[t[0xf]&0xf], + } } // SpanID is a unique identity of a span in a trace. @@ -63,21 +87,38 @@ var ( _ json.Marshaler = nilSpanID ) -// IsValid checks whether the SpanID is valid. A valid SpanID does not consist +// IsValid reports whether the SpanID is valid. A valid SpanID does not consist // of zeros only. func (s SpanID) IsValid() bool { - return !bytes.Equal(s[:], nilSpanID[:]) + return s != nilSpanID } // MarshalJSON implements a custom marshal function to encode SpanID // as a hex string. func (s SpanID) MarshalJSON() ([]byte, error) { - return json.Marshal(s.String()) + b := [16 + 2]byte{0: '"', 17: '"'} + h := s.hexBytes() + copy(b[1:], h[:]) + return b[:], nil } // String returns the hex string representation form of a SpanID. func (s SpanID) String() string { - return hex.EncodeToString(s[:]) + b := s.hexBytes() + return string(b[:]) +} + +func (s SpanID) hexBytes() [16]byte { + return [16]byte{ + hexLU[s[0]>>4], hexLU[s[0]&0xf], + hexLU[s[1]>>4], hexLU[s[1]&0xf], + hexLU[s[2]>>4], hexLU[s[2]&0xf], + hexLU[s[3]>>4], hexLU[s[3]&0xf], + hexLU[s[4]>>4], hexLU[s[4]&0xf], + hexLU[s[5]>>4], hexLU[s[5]&0xf], + hexLU[s[6]>>4], hexLU[s[6]&0xf], + hexLU[s[7]>>4], hexLU[s[7]&0xf], + } } // TraceIDFromHex returns a TraceID from a hex string if it is compliant with @@ -85,65 +126,58 @@ func (s SpanID) String() string { // https://www.w3.org/TR/trace-context/#trace-id // nolint:revive // revive complains about stutter of `trace.TraceIDFromHex`. func TraceIDFromHex(h string) (TraceID, error) { - t := TraceID{} if len(h) != 32 { - return t, errInvalidTraceIDLength + return [16]byte{}, errInvalidTraceIDLength } - - if err := decodeHex(h, t[:]); err != nil { - return t, err + var b [16]byte + invalidMark := byte(0) + for i := 0; i < len(h); i += 4 { + b[i/2] = (hexRev[h[i]] << 4) | hexRev[h[i+1]] + b[i/2+1] = (hexRev[h[i+2]] << 4) | hexRev[h[i+3]] + invalidMark |= hexRev[h[i]] | hexRev[h[i+1]] | hexRev[h[i+2]] | hexRev[h[i+3]] } - - if !t.IsValid() { - return t, errNilTraceID + // If the upper 4 bits of any byte are not zero, there was an invalid hex + // character since invalid hex characters are 0xff in hexRev. + if invalidMark&0xf0 != 0 { + return [16]byte{}, errInvalidHexID + } + // If we didn't set any bits, then h was all zeros. + if invalidMark == 0 { + return [16]byte{}, errNilTraceID } - return t, nil + return b, nil } // SpanIDFromHex returns a SpanID from a hex string if it is compliant // with the w3c trace-context specification. // See more at https://www.w3.org/TR/trace-context/#parent-id func SpanIDFromHex(h string) (SpanID, error) { - s := SpanID{} if len(h) != 16 { - return s, errInvalidSpanIDLength - } - - if err := decodeHex(h, s[:]); err != nil { - return s, err + return [8]byte{}, errInvalidSpanIDLength } - - if !s.IsValid() { - return s, errNilSpanID + var b [8]byte + invalidMark := byte(0) + for i := 0; i < len(h); i += 4 { + b[i/2] = (hexRev[h[i]] << 4) | hexRev[h[i+1]] + b[i/2+1] = (hexRev[h[i+2]] << 4) | hexRev[h[i+3]] + invalidMark |= hexRev[h[i]] | hexRev[h[i+1]] | hexRev[h[i+2]] | hexRev[h[i+3]] } - return s, nil -} - -func decodeHex(h string, b []byte) error { - for _, r := range h { - switch { - case 'a' <= r && r <= 'f': - continue - case '0' <= r && r <= '9': - continue - default: - return errInvalidHexID - } + // If the upper 4 bits of any byte are not zero, there was an invalid hex + // character since invalid hex characters are 0xff in hexRev. + if invalidMark&0xf0 != 0 { + return [8]byte{}, errInvalidHexID } - - decoded, err := hex.DecodeString(h) - if err != nil { - return err + // If we didn't set any bits, then h was all zeros. + if invalidMark == 0 { + return [8]byte{}, errNilSpanID } - - copy(b, decoded) - return nil + return b, nil } // TraceFlags contains flags that can be set on a SpanContext. type TraceFlags byte //nolint:revive // revive complains about stutter of `trace.TraceFlags`. -// IsSampled returns if the sampling bit is set in the TraceFlags. +// IsSampled reports whether the sampling bit is set in the TraceFlags. func (tf TraceFlags) IsSampled() bool { return tf&FlagsSampled == FlagsSampled } @@ -160,12 +194,20 @@ func (tf TraceFlags) WithSampled(sampled bool) TraceFlags { // nolint:revive // // MarshalJSON implements a custom marshal function to encode TraceFlags // as a hex string. func (tf TraceFlags) MarshalJSON() ([]byte, error) { - return json.Marshal(tf.String()) + b := [2 + 2]byte{0: '"', 3: '"'} + h := tf.hexBytes() + copy(b[1:], h[:]) + return b[:], nil } // String returns the hex string representation form of TraceFlags. func (tf TraceFlags) String() string { - return hex.EncodeToString([]byte{byte(tf)}[:]) + h := tf.hexBytes() + return string(h[:]) +} + +func (tf TraceFlags) hexBytes() [2]byte { + return [2]byte{hexLU[tf>>4], hexLU[tf&0xf]} } // SpanContextConfig contains mutable fields usable for constructing @@ -201,13 +243,13 @@ type SpanContext struct { var _ json.Marshaler = SpanContext{} -// IsValid returns if the SpanContext is valid. A valid span context has a +// IsValid reports whether the SpanContext is valid. A valid span context has a // valid TraceID and SpanID. func (sc SpanContext) IsValid() bool { return sc.HasTraceID() && sc.HasSpanID() } -// IsRemote indicates whether the SpanContext represents a remotely-created Span. +// IsRemote reports whether the SpanContext represents a remotely-created Span. func (sc SpanContext) IsRemote() bool { return sc.remote } @@ -228,7 +270,7 @@ func (sc SpanContext) TraceID() TraceID { return sc.traceID } -// HasTraceID checks if the SpanContext has a valid TraceID. +// HasTraceID reports whether the SpanContext has a valid TraceID. func (sc SpanContext) HasTraceID() bool { return sc.traceID.IsValid() } @@ -249,7 +291,7 @@ func (sc SpanContext) SpanID() SpanID { return sc.spanID } -// HasSpanID checks if the SpanContext has a valid SpanID. +// HasSpanID reports whether the SpanContext has a valid SpanID. func (sc SpanContext) HasSpanID() bool { return sc.spanID.IsValid() } @@ -270,7 +312,7 @@ func (sc SpanContext) TraceFlags() TraceFlags { return sc.traceFlags } -// IsSampled returns if the sampling bit is set in the SpanContext's TraceFlags. +// IsSampled reports whether the sampling bit is set in the SpanContext's TraceFlags. func (sc SpanContext) IsSampled() bool { return sc.traceFlags.IsSampled() } @@ -302,7 +344,7 @@ func (sc SpanContext) WithTraceState(state TraceState) SpanContext { } } -// Equal is a predicate that determines whether two SpanContext values are equal. +// Equal reports whether two SpanContext values are equal. func (sc SpanContext) Equal(other SpanContext) bool { return sc.traceID == other.traceID && sc.spanID == other.spanID && diff --git a/vendor/go.opentelemetry.io/otel/trace/tracestate.go b/vendor/go.opentelemetry.io/otel/trace/tracestate.go index dc5e34cad..073adae2f 100644 --- a/vendor/go.opentelemetry.io/otel/trace/tracestate.go +++ b/vendor/go.opentelemetry.io/otel/trace/tracestate.go @@ -80,7 +80,7 @@ func checkKeyRemain(key string) bool { // // param n is remain part length, should be 255 in simple-key or 13 in system-id. func checkKeyPart(key string, n int) bool { - if len(key) == 0 { + if key == "" { return false } first := key[0] // key's first char @@ -102,7 +102,7 @@ func isAlphaNum(c byte) bool { // // param n is remain part length, should be 240 exactly. func checkKeyTenant(key string, n int) bool { - if len(key) == 0 { + if key == "" { return false } return isAlphaNum(key[0]) && len(key[1:]) <= n && checkKeyRemain(key[1:]) @@ -191,7 +191,7 @@ func ParseTraceState(ts string) (TraceState, error) { for ts != "" { var memberStr string memberStr, ts, _ = strings.Cut(ts, listDelimiters) - if len(memberStr) == 0 { + if memberStr == "" { continue } diff --git a/vendor/go.opentelemetry.io/otel/verify_readmes.sh b/vendor/go.opentelemetry.io/otel/verify_readmes.sh deleted file mode 100644 index 1e87855ee..000000000 --- a/vendor/go.opentelemetry.io/otel/verify_readmes.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -# Copyright The OpenTelemetry Authors -# SPDX-License-Identifier: Apache-2.0 - -set -euo pipefail - -dirs=$(find . -type d -not -path "*/internal*" -not -path "*/test*" -not -path "*/example*" -not -path "*/.*" | sort) - -missingReadme=false -for dir in $dirs; do - if [ ! -f "$dir/README.md" ]; then - echo "couldn't find README.md for $dir" - missingReadme=true - fi -done - -if [ "$missingReadme" = true ] ; then - echo "Error: some READMEs couldn't be found." - exit 1 -fi diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go index eb22002d8..0d5b02918 100644 --- a/vendor/go.opentelemetry.io/otel/version.go +++ b/vendor/go.opentelemetry.io/otel/version.go @@ -5,5 +5,5 @@ package otel // import "go.opentelemetry.io/otel" // Version is the current release version of OpenTelemetry in use. func Version() string { - return "1.34.0" + return "1.39.0" } diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml index ce4fe59b0..f4a3893eb 100644 --- a/vendor/go.opentelemetry.io/otel/versions.yaml +++ b/vendor/go.opentelemetry.io/otel/versions.yaml @@ -3,13 +3,12 @@ module-sets: stable-v1: - version: v1.34.0 + version: v1.39.0 modules: - go.opentelemetry.io/otel - go.opentelemetry.io/otel/bridge/opencensus - go.opentelemetry.io/otel/bridge/opencensus/test - go.opentelemetry.io/otel/bridge/opentracing - - go.opentelemetry.io/otel/bridge/opentracing/test - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp - go.opentelemetry.io/otel/exporters/otlp/otlptrace @@ -23,20 +22,42 @@ module-sets: - go.opentelemetry.io/otel/sdk/metric - go.opentelemetry.io/otel/trace experimental-metrics: - version: v0.56.0 + version: v0.61.0 modules: - go.opentelemetry.io/otel/exporters/prometheus experimental-logs: - version: v0.10.0 + version: v0.15.0 modules: - go.opentelemetry.io/otel/log + - go.opentelemetry.io/otel/log/logtest - go.opentelemetry.io/otel/sdk/log + - go.opentelemetry.io/otel/sdk/log/logtest - go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc - go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp - go.opentelemetry.io/otel/exporters/stdout/stdoutlog experimental-schema: - version: v0.0.12 + version: v0.0.14 modules: - go.opentelemetry.io/otel/schema excluded-modules: - go.opentelemetry.io/otel/internal/tools + - go.opentelemetry.io/otel/trace/internal/telemetry/test +modules: + go.opentelemetry.io/otel/exporters/stdout/stdouttrace: + version-refs: + - ./internal/version.go + go.opentelemetry.io/otel/exporters/prometheus: + version-refs: + - ./internal/version.go + go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc: + version-refs: + - ./internal/version.go + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: + version-refs: + - ./internal/version.go + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: + version-refs: + - ./internal/version.go + go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp: + version-refs: + - ./internal/version.go diff --git a/vendor/golang.org/x/oauth2/deviceauth.go b/vendor/golang.org/x/oauth2/deviceauth.go index e99c92f39..e783a9437 100644 --- a/vendor/golang.org/x/oauth2/deviceauth.go +++ b/vendor/golang.org/x/oauth2/deviceauth.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "io" + "mime" "net/http" "net/url" "strings" @@ -116,10 +117,38 @@ func retrieveDeviceAuth(ctx context.Context, c *Config, v url.Values) (*DeviceAu return nil, fmt.Errorf("oauth2: cannot auth device: %v", err) } if code := r.StatusCode; code < 200 || code > 299 { - return nil, &RetrieveError{ + retrieveError := &RetrieveError{ Response: r, Body: body, } + + content, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type")) + switch content { + case "application/x-www-form-urlencoded", "text/plain": + // some endpoints return a query string + vals, err := url.ParseQuery(string(body)) + if err != nil { + return nil, retrieveError + } + retrieveError.ErrorCode = vals.Get("error") + retrieveError.ErrorDescription = vals.Get("error_description") + retrieveError.ErrorURI = vals.Get("error_uri") + default: + var tj struct { + // https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 + ErrorCode string `json:"error"` + ErrorDescription string `json:"error_description"` + ErrorURI string `json:"error_uri"` + } + if json.Unmarshal(body, &tj) != nil { + return nil, retrieveError + } + retrieveError.ErrorCode = tj.ErrorCode + retrieveError.ErrorDescription = tj.ErrorDescription + retrieveError.ErrorURI = tj.ErrorURI + } + + return nil, retrieveError } da := &DeviceAuthResponse{} diff --git a/vendor/golang.org/x/oauth2/internal/doc.go b/vendor/golang.org/x/oauth2/internal/doc.go index 03265e888..8c7c475f2 100644 --- a/vendor/golang.org/x/oauth2/internal/doc.go +++ b/vendor/golang.org/x/oauth2/internal/doc.go @@ -2,5 +2,5 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package internal contains support packages for oauth2 package. +// Package internal contains support packages for [golang.org/x/oauth2]. package internal diff --git a/vendor/golang.org/x/oauth2/internal/oauth2.go b/vendor/golang.org/x/oauth2/internal/oauth2.go index 14989beaf..71ea6ad1f 100644 --- a/vendor/golang.org/x/oauth2/internal/oauth2.go +++ b/vendor/golang.org/x/oauth2/internal/oauth2.go @@ -13,7 +13,7 @@ import ( ) // ParseKey converts the binary contents of a private key file -// to an *rsa.PrivateKey. It detects whether the private key is in a +// to an [*rsa.PrivateKey]. It detects whether the private key is in a // PEM container or not. If so, it extracts the private key // from PEM container before conversion. It only supports PEM // containers with no passphrase. diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go index e83ddeef0..8389f2462 100644 --- a/vendor/golang.org/x/oauth2/internal/token.go +++ b/vendor/golang.org/x/oauth2/internal/token.go @@ -10,7 +10,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "math" "mime" "net/http" @@ -26,9 +25,9 @@ import ( // the requests to access protected resources on the OAuth 2.0 // provider's backend. // -// This type is a mirror of oauth2.Token and exists to break +// This type is a mirror of [golang.org/x/oauth2.Token] and exists to break // an otherwise-circular dependency. Other internal packages -// should convert this Token into an oauth2.Token before use. +// should convert this Token into an [golang.org/x/oauth2.Token] before use. type Token struct { // AccessToken is the token that authorizes and authenticates // the requests. @@ -50,9 +49,16 @@ type Token struct { // mechanisms for that TokenSource will not be used. Expiry time.Time + // ExpiresIn is the OAuth2 wire format "expires_in" field, + // which specifies how many seconds later the token expires, + // relative to an unknown time base approximately around "now". + // It is the application's responsibility to populate + // `Expiry` from `ExpiresIn` when required. + ExpiresIn int64 `json:"expires_in,omitempty"` + // Raw optionally contains extra metadata from the server // when updating a token. - Raw interface{} + Raw any } // tokenJSON is the struct representing the HTTP response from OAuth2 @@ -99,14 +105,6 @@ func (e *expirationTime) UnmarshalJSON(b []byte) error { return nil } -// RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op. -// -// Deprecated: this function no longer does anything. Caller code that -// wants to avoid potential extra HTTP requests made during -// auto-probing of the provider's auth style should set -// Endpoint.AuthStyle. -func RegisterBrokenAuthHeaderProvider(tokenURL string) {} - // AuthStyle is a copy of the golang.org/x/oauth2 package's AuthStyle type. type AuthStyle int @@ -143,6 +141,11 @@ func (lc *LazyAuthStyleCache) Get() *AuthStyleCache { return c } +type authStyleCacheKey struct { + url string + clientID string +} + // AuthStyleCache is the set of tokenURLs we've successfully used via // RetrieveToken and which style auth we ended up using. // It's called a cache, but it doesn't (yet?) shrink. It's expected that @@ -150,26 +153,26 @@ func (lc *LazyAuthStyleCache) Get() *AuthStyleCache { // small. type AuthStyleCache struct { mu sync.Mutex - m map[string]AuthStyle // keyed by tokenURL + m map[authStyleCacheKey]AuthStyle } // lookupAuthStyle reports which auth style we last used with tokenURL // when calling RetrieveToken and whether we have ever done so. -func (c *AuthStyleCache) lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) { +func (c *AuthStyleCache) lookupAuthStyle(tokenURL, clientID string) (style AuthStyle, ok bool) { c.mu.Lock() defer c.mu.Unlock() - style, ok = c.m[tokenURL] + style, ok = c.m[authStyleCacheKey{tokenURL, clientID}] return } // setAuthStyle adds an entry to authStyleCache, documented above. -func (c *AuthStyleCache) setAuthStyle(tokenURL string, v AuthStyle) { +func (c *AuthStyleCache) setAuthStyle(tokenURL, clientID string, v AuthStyle) { c.mu.Lock() defer c.mu.Unlock() if c.m == nil { - c.m = make(map[string]AuthStyle) + c.m = make(map[authStyleCacheKey]AuthStyle) } - c.m[tokenURL] = v + c.m[authStyleCacheKey{tokenURL, clientID}] = v } // newTokenRequest returns a new *http.Request to retrieve a new token @@ -210,9 +213,9 @@ func cloneURLValues(v url.Values) url.Values { } func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle, styleCache *AuthStyleCache) (*Token, error) { - needsAuthStyleProbe := authStyle == 0 + needsAuthStyleProbe := authStyle == AuthStyleUnknown if needsAuthStyleProbe { - if style, ok := styleCache.lookupAuthStyle(tokenURL); ok { + if style, ok := styleCache.lookupAuthStyle(tokenURL, clientID); ok { authStyle = style needsAuthStyleProbe = false } else { @@ -242,7 +245,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, token, err = doTokenRoundTrip(ctx, req) } if needsAuthStyleProbe && err == nil { - styleCache.setAuthStyle(tokenURL, authStyle) + styleCache.setAuthStyle(tokenURL, clientID, authStyle) } // Don't overwrite `RefreshToken` with an empty value // if this was a token refreshing request. @@ -257,7 +260,7 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) { if err != nil { return nil, err } - body, err := ioutil.ReadAll(io.LimitReader(r.Body, 1<<20)) + body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20)) r.Body.Close() if err != nil { return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err) @@ -312,7 +315,8 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) { TokenType: tj.TokenType, RefreshToken: tj.RefreshToken, Expiry: tj.expiry(), - Raw: make(map[string]interface{}), + ExpiresIn: int64(tj.ExpiresIn), + Raw: make(map[string]any), } json.Unmarshal(body, &token.Raw) // no error checks for optional fields } diff --git a/vendor/golang.org/x/oauth2/internal/transport.go b/vendor/golang.org/x/oauth2/internal/transport.go index b9db01ddf..afc0aeb27 100644 --- a/vendor/golang.org/x/oauth2/internal/transport.go +++ b/vendor/golang.org/x/oauth2/internal/transport.go @@ -9,8 +9,8 @@ import ( "net/http" ) -// HTTPClient is the context key to use with golang.org/x/net/context's -// WithValue function to associate an *http.Client value with a context. +// HTTPClient is the context key to use with [context.WithValue] +// to associate an [*http.Client] value with a context. var HTTPClient ContextKey // ContextKey is just an empty struct. It exists so HTTPClient can be diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go index eacdd7fd9..5c527d31f 100644 --- a/vendor/golang.org/x/oauth2/oauth2.go +++ b/vendor/golang.org/x/oauth2/oauth2.go @@ -9,7 +9,6 @@ package oauth2 // import "golang.org/x/oauth2" import ( - "bytes" "context" "errors" "net/http" @@ -22,9 +21,9 @@ import ( ) // NoContext is the default context you should supply if not using -// your own context.Context (see https://golang.org/x/net/context). +// your own [context.Context]. // -// Deprecated: Use context.Background() or context.TODO() instead. +// Deprecated: Use [context.Background] or [context.TODO] instead. var NoContext = context.TODO() // RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op. @@ -37,8 +36,8 @@ func RegisterBrokenAuthHeaderProvider(tokenURL string) {} // Config describes a typical 3-legged OAuth2 flow, with both the // client application information and the server's endpoint URLs. -// For the client credentials 2-legged OAuth2 flow, see the clientcredentials -// package (https://golang.org/x/oauth2/clientcredentials). +// For the client credentials 2-legged OAuth2 flow, see the +// [golang.org/x/oauth2/clientcredentials] package. type Config struct { // ClientID is the application's ID. ClientID string @@ -46,7 +45,7 @@ type Config struct { // ClientSecret is the application's secret. ClientSecret string - // Endpoint contains the resource server's token endpoint + // Endpoint contains the authorization server's token endpoint // URLs. These are constants specific to each server and are // often available via site-specific packages, such as // google.Endpoint or github.Endpoint. @@ -99,7 +98,7 @@ const ( // in the POST body as application/x-www-form-urlencoded parameters. AuthStyleInParams AuthStyle = 1 - // AuthStyleInHeader sends the client_id and client_password + // AuthStyleInHeader sends the client_id and client_secret // using HTTP Basic Authorization. This is an optional style // described in the OAuth2 RFC 6749 section 2.3.1. AuthStyleInHeader AuthStyle = 2 @@ -135,7 +134,7 @@ type setParam struct{ k, v string } func (p setParam) setValue(m url.Values) { m.Set(p.k, p.v) } -// SetAuthURLParam builds an AuthCodeOption which passes key/value parameters +// SetAuthURLParam builds an [AuthCodeOption] which passes key/value parameters // to a provider's authorization endpoint. func SetAuthURLParam(key, value string) AuthCodeOption { return setParam{key, value} @@ -148,8 +147,8 @@ func SetAuthURLParam(key, value string) AuthCodeOption { // request and callback. The authorization server includes this value when // redirecting the user agent back to the client. // -// Opts may include AccessTypeOnline or AccessTypeOffline, as well -// as ApprovalForce. +// Opts may include [AccessTypeOnline] or [AccessTypeOffline], as well +// as [ApprovalForce]. // // To protect against CSRF attacks, opts should include a PKCE challenge // (S256ChallengeOption). Not all servers support PKCE. An alternative is to @@ -158,7 +157,7 @@ func SetAuthURLParam(key, value string) AuthCodeOption { // PKCE), https://www.oauth.com/oauth2-servers/pkce/ and // https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-09.html#name-cross-site-request-forgery (describing both approaches) func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string { - var buf bytes.Buffer + var buf strings.Builder buf.WriteString(c.Endpoint.AuthURL) v := url.Values{ "response_type": {"code"}, @@ -194,7 +193,7 @@ func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string { // and when other authorization grant types are not available." // See https://tools.ietf.org/html/rfc6749#section-4.3 for more info. // -// The provided context optionally controls which HTTP client is used. See the HTTPClient variable. +// The provided context optionally controls which HTTP client is used. See the [HTTPClient] variable. func (c *Config) PasswordCredentialsToken(ctx context.Context, username, password string) (*Token, error) { v := url.Values{ "grant_type": {"password"}, @@ -212,10 +211,10 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor // It is used after a resource provider redirects the user back // to the Redirect URI (the URL obtained from AuthCodeURL). // -// The provided context optionally controls which HTTP client is used. See the HTTPClient variable. +// The provided context optionally controls which HTTP client is used. See the [HTTPClient] variable. // -// The code will be in the *http.Request.FormValue("code"). Before -// calling Exchange, be sure to validate FormValue("state") if you are +// The code will be in the [http.Request.FormValue]("code"). Before +// calling Exchange, be sure to validate [http.Request.FormValue]("state") if you are // using it to protect against CSRF attacks. // // If using PKCE to protect against CSRF attacks, opts should include a @@ -242,10 +241,10 @@ func (c *Config) Client(ctx context.Context, t *Token) *http.Client { return NewClient(ctx, c.TokenSource(ctx, t)) } -// TokenSource returns a TokenSource that returns t until t expires, +// TokenSource returns a [TokenSource] that returns t until t expires, // automatically refreshing it as necessary using the provided context. // -// Most users will use Config.Client instead. +// Most users will use [Config.Client] instead. func (c *Config) TokenSource(ctx context.Context, t *Token) TokenSource { tkr := &tokenRefresher{ ctx: ctx, @@ -260,7 +259,7 @@ func (c *Config) TokenSource(ctx context.Context, t *Token) TokenSource { } } -// tokenRefresher is a TokenSource that makes "grant_type"=="refresh_token" +// tokenRefresher is a TokenSource that makes "grant_type=refresh_token" // HTTP requests to renew a token using a RefreshToken. type tokenRefresher struct { ctx context.Context // used to get HTTP requests @@ -305,8 +304,7 @@ type reuseTokenSource struct { } // Token returns the current token if it's still valid, else will -// refresh the current token (using r.Context for HTTP client -// information) and return the new one. +// refresh the current token and return the new one. func (s *reuseTokenSource) Token() (*Token, error) { s.mu.Lock() defer s.mu.Unlock() @@ -322,7 +320,7 @@ func (s *reuseTokenSource) Token() (*Token, error) { return t, nil } -// StaticTokenSource returns a TokenSource that always returns the same token. +// StaticTokenSource returns a [TokenSource] that always returns the same token. // Because the provided token t is never refreshed, StaticTokenSource is only // useful for tokens that never expire. func StaticTokenSource(t *Token) TokenSource { @@ -338,16 +336,16 @@ func (s staticTokenSource) Token() (*Token, error) { return s.t, nil } -// HTTPClient is the context key to use with golang.org/x/net/context's -// WithValue function to associate an *http.Client value with a context. +// HTTPClient is the context key to use with [context.WithValue] +// to associate a [*http.Client] value with a context. var HTTPClient internal.ContextKey -// NewClient creates an *http.Client from a Context and TokenSource. +// NewClient creates an [*http.Client] from a [context.Context] and [TokenSource]. // The returned client is not valid beyond the lifetime of the context. // -// Note that if a custom *http.Client is provided via the Context it +// Note that if a custom [*http.Client] is provided via the [context.Context] it // is used only for token acquisition and is not used to configure the -// *http.Client returned from NewClient. +// [*http.Client] returned from NewClient. // // As a special case, if src is nil, a non-OAuth2 client is returned // using the provided context. This exists to support related OAuth2 @@ -368,7 +366,7 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client { } } -// ReuseTokenSource returns a TokenSource which repeatedly returns the +// ReuseTokenSource returns a [TokenSource] which repeatedly returns the // same token as long as it's valid, starting with t. // When its cached token is invalid, a new token is obtained from src. // @@ -376,10 +374,10 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client { // (such as a file on disk) between runs of a program, rather than // obtaining new tokens unnecessarily. // -// The initial token t may be nil, in which case the TokenSource is +// The initial token t may be nil, in which case the [TokenSource] is // wrapped in a caching version if it isn't one already. This also // means it's always safe to wrap ReuseTokenSource around any other -// TokenSource without adverse effects. +// [TokenSource] without adverse effects. func ReuseTokenSource(t *Token, src TokenSource) TokenSource { // Don't wrap a reuseTokenSource in itself. That would work, // but cause an unnecessary number of mutex operations. @@ -397,8 +395,8 @@ func ReuseTokenSource(t *Token, src TokenSource) TokenSource { } } -// ReuseTokenSourceWithExpiry returns a TokenSource that acts in the same manner as the -// TokenSource returned by ReuseTokenSource, except the expiry buffer is +// ReuseTokenSourceWithExpiry returns a [TokenSource] that acts in the same manner as the +// [TokenSource] returned by [ReuseTokenSource], except the expiry buffer is // configurable. The expiration time of a token is calculated as // t.Expiry.Add(-earlyExpiry). func ReuseTokenSourceWithExpiry(t *Token, src TokenSource, earlyExpiry time.Duration) TokenSource { diff --git a/vendor/golang.org/x/oauth2/pkce.go b/vendor/golang.org/x/oauth2/pkce.go index 6a95da975..f99384f0f 100644 --- a/vendor/golang.org/x/oauth2/pkce.go +++ b/vendor/golang.org/x/oauth2/pkce.go @@ -1,6 +1,7 @@ // Copyright 2023 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. + package oauth2 import ( @@ -20,9 +21,9 @@ const ( // This follows recommendations in RFC 7636. // // A fresh verifier should be generated for each authorization. -// S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL -// (or Config.DeviceAuth) and VerifierOption(verifier) to Config.Exchange -// (or Config.DeviceAccessToken). +// The resulting verifier should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth] +// with [S256ChallengeOption], and to [Config.Exchange] or [Config.DeviceAccessToken] +// with [VerifierOption]. func GenerateVerifier() string { // "RECOMMENDED that the output of a suitable random number generator be // used to create a 32-octet sequence. The octet sequence is then @@ -36,22 +37,22 @@ func GenerateVerifier() string { return base64.RawURLEncoding.EncodeToString(data) } -// VerifierOption returns a PKCE code verifier AuthCodeOption. It should be -// passed to Config.Exchange or Config.DeviceAccessToken only. +// VerifierOption returns a PKCE code verifier [AuthCodeOption]. It should only be +// passed to [Config.Exchange] or [Config.DeviceAccessToken]. func VerifierOption(verifier string) AuthCodeOption { return setParam{k: codeVerifierKey, v: verifier} } // S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256. // -// Prefer to use S256ChallengeOption where possible. +// Prefer to use [S256ChallengeOption] where possible. func S256ChallengeFromVerifier(verifier string) string { sha := sha256.Sum256([]byte(verifier)) return base64.RawURLEncoding.EncodeToString(sha[:]) } -// S256ChallengeOption derives a PKCE code challenge derived from verifier with -// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAuth +// S256ChallengeOption derives a PKCE code challenge from the verifier with +// method S256. It should be passed to [Config.AuthCodeURL] or [Config.DeviceAuth] // only. func S256ChallengeOption(verifier string) AuthCodeOption { return challengeOption{ diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go index 109997d77..e995eebb5 100644 --- a/vendor/golang.org/x/oauth2/token.go +++ b/vendor/golang.org/x/oauth2/token.go @@ -44,7 +44,7 @@ type Token struct { // Expiry is the optional expiration time of the access token. // - // If zero, TokenSource implementations will reuse the same + // If zero, [TokenSource] implementations will reuse the same // token forever and RefreshToken or equivalent // mechanisms for that TokenSource will not be used. Expiry time.Time `json:"expiry,omitempty"` @@ -58,7 +58,7 @@ type Token struct { // raw optionally contains extra metadata from the server // when updating a token. - raw interface{} + raw any // expiryDelta is used to calculate when a token is considered // expired, by subtracting from Expiry. If zero, defaultExpiryDelta @@ -86,16 +86,16 @@ func (t *Token) Type() string { // SetAuthHeader sets the Authorization header to r using the access // token in t. // -// This method is unnecessary when using Transport or an HTTP Client +// This method is unnecessary when using [Transport] or an HTTP Client // returned by this package. func (t *Token) SetAuthHeader(r *http.Request) { r.Header.Set("Authorization", t.Type()+" "+t.AccessToken) } -// WithExtra returns a new Token that's a clone of t, but using the +// WithExtra returns a new [Token] that's a clone of t, but using the // provided raw extra map. This is only intended for use by packages // implementing derivative OAuth2 flows. -func (t *Token) WithExtra(extra interface{}) *Token { +func (t *Token) WithExtra(extra any) *Token { t2 := new(Token) *t2 = *t t2.raw = extra @@ -103,10 +103,10 @@ func (t *Token) WithExtra(extra interface{}) *Token { } // Extra returns an extra field. -// Extra fields are key-value pairs returned by the server as a +// Extra fields are key-value pairs returned by the server as // part of the token retrieval response. -func (t *Token) Extra(key string) interface{} { - if raw, ok := t.raw.(map[string]interface{}); ok { +func (t *Token) Extra(key string) any { + if raw, ok := t.raw.(map[string]any); ok { return raw[key] } @@ -163,13 +163,14 @@ func tokenFromInternal(t *internal.Token) *Token { TokenType: t.TokenType, RefreshToken: t.RefreshToken, Expiry: t.Expiry, + ExpiresIn: t.ExpiresIn, raw: t.Raw, } } // retrieveToken takes a *Config and uses that to retrieve an *internal.Token. // This token is then mapped from *internal.Token into an *oauth2.Token which is returned along -// with an error.. +// with an error. func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error) { tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle), c.authStyleCache.Get()) if err != nil { diff --git a/vendor/golang.org/x/oauth2/transport.go b/vendor/golang.org/x/oauth2/transport.go index 90657915f..9922ec331 100644 --- a/vendor/golang.org/x/oauth2/transport.go +++ b/vendor/golang.org/x/oauth2/transport.go @@ -11,12 +11,12 @@ import ( "sync" ) -// Transport is an http.RoundTripper that makes OAuth 2.0 HTTP requests, -// wrapping a base RoundTripper and adding an Authorization header -// with a token from the supplied Sources. +// Transport is an [http.RoundTripper] that makes OAuth 2.0 HTTP requests, +// wrapping a base [http.RoundTripper] and adding an Authorization header +// with a token from the supplied [TokenSource]. // // Transport is a low-level mechanism. Most code will use the -// higher-level Config.Client method instead. +// higher-level [Config.Client] method instead. type Transport struct { // Source supplies the token to add to outgoing requests' // Authorization headers. @@ -47,7 +47,7 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) { return nil, err } - req2 := cloneRequest(req) // per RoundTripper contract + req2 := req.Clone(req.Context()) token.SetAuthHeader(req2) // req.Body is assumed to be closed by the base RoundTripper. @@ -58,7 +58,7 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) { var cancelOnce sync.Once // CancelRequest does nothing. It used to be a legacy cancellation mechanism -// but now only it only logs on first use to warn that it's deprecated. +// but now only logs on first use to warn that it's deprecated. // // Deprecated: use contexts for cancellation instead. func (t *Transport) CancelRequest(req *http.Request) { @@ -73,17 +73,3 @@ func (t *Transport) base() http.RoundTripper { } return http.DefaultTransport } - -// cloneRequest returns a clone of the provided *http.Request. -// The clone is a shallow copy of the struct and its Header map. -func cloneRequest(r *http.Request) *http.Request { - // shallow copy of the struct - r2 := new(http.Request) - *r2 = *r - // deep copy of the Header - r2.Header = make(http.Header, len(r.Header)) - for k, s := range r.Header { - r2.Header[k] = append([]string(nil), s...) - } - return r2 -} diff --git a/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go b/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go index f388426b0..d083dde3e 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go @@ -1,4 +1,4 @@ -// Copyright 2024 Google LLC +// Copyright 2025 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go index 3cd9a5bb8..e017ef071 100644 --- a/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go @@ -1,4 +1,4 @@ -// Copyright 2024 Google LLC +// Copyright 2025 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -703,6 +703,65 @@ type QuotaFailure_Violation struct { // For example: "Service disabled" or "Daily Limit for read operations // exceeded". Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"` + // The API Service from which the `QuotaFailure.Violation` orginates. In + // some cases, Quota issues originate from an API Service other than the one + // that was called. In other words, a dependency of the called API Service + // could be the cause of the `QuotaFailure`, and this field would have the + // dependency API service name. + // + // For example, if the called API is Kubernetes Engine API + // (container.googleapis.com), and a quota violation occurs in the + // Kubernetes Engine API itself, this field would be + // "container.googleapis.com". On the other hand, if the quota violation + // occurs when the Kubernetes Engine API creates VMs in the Compute Engine + // API (compute.googleapis.com), this field would be + // "compute.googleapis.com". + ApiService string `protobuf:"bytes,3,opt,name=api_service,json=apiService,proto3" json:"api_service,omitempty"` + // The metric of the violated quota. A quota metric is a named counter to + // measure usage, such as API requests or CPUs. When an activity occurs in a + // service, such as Virtual Machine allocation, one or more quota metrics + // may be affected. + // + // For example, "compute.googleapis.com/cpus_per_vm_family", + // "storage.googleapis.com/internet_egress_bandwidth". + QuotaMetric string `protobuf:"bytes,4,opt,name=quota_metric,json=quotaMetric,proto3" json:"quota_metric,omitempty"` + // The id of the violated quota. Also know as "limit name", this is the + // unique identifier of a quota in the context of an API service. + // + // For example, "CPUS-PER-VM-FAMILY-per-project-region". + QuotaId string `protobuf:"bytes,5,opt,name=quota_id,json=quotaId,proto3" json:"quota_id,omitempty"` + // The dimensions of the violated quota. Every non-global quota is enforced + // on a set of dimensions. While quota metric defines what to count, the + // dimensions specify for what aspects the counter should be increased. + // + // For example, the quota "CPUs per region per VM family" enforces a limit + // on the metric "compute.googleapis.com/cpus_per_vm_family" on dimensions + // "region" and "vm_family". And if the violation occurred in region + // "us-central1" and for VM family "n1", the quota_dimensions would be, + // + // { + // "region": "us-central1", + // "vm_family": "n1", + // } + // + // When a quota is enforced globally, the quota_dimensions would always be + // empty. + QuotaDimensions map[string]string `protobuf:"bytes,6,rep,name=quota_dimensions,json=quotaDimensions,proto3" json:"quota_dimensions,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // The enforced quota value at the time of the `QuotaFailure`. + // + // For example, if the enforced quota value at the time of the + // `QuotaFailure` on the number of CPUs is "10", then the value of this + // field would reflect this quantity. + QuotaValue int64 `protobuf:"varint,7,opt,name=quota_value,json=quotaValue,proto3" json:"quota_value,omitempty"` + // The new quota value being rolled out at the time of the violation. At the + // completion of the rollout, this value will be enforced in place of + // quota_value. If no rollout is in progress at the time of the violation, + // this field is not set. + // + // For example, if at the time of the violation a rollout is in progress + // changing the number of CPUs quota from 10 to 20, 20 would be the value of + // this field. + FutureQuotaValue *int64 `protobuf:"varint,8,opt,name=future_quota_value,json=futureQuotaValue,proto3,oneof" json:"future_quota_value,omitempty"` } func (x *QuotaFailure_Violation) Reset() { @@ -751,6 +810,48 @@ func (x *QuotaFailure_Violation) GetDescription() string { return "" } +func (x *QuotaFailure_Violation) GetApiService() string { + if x != nil { + return x.ApiService + } + return "" +} + +func (x *QuotaFailure_Violation) GetQuotaMetric() string { + if x != nil { + return x.QuotaMetric + } + return "" +} + +func (x *QuotaFailure_Violation) GetQuotaId() string { + if x != nil { + return x.QuotaId + } + return "" +} + +func (x *QuotaFailure_Violation) GetQuotaDimensions() map[string]string { + if x != nil { + return x.QuotaDimensions + } + return nil +} + +func (x *QuotaFailure_Violation) GetQuotaValue() int64 { + if x != nil { + return x.QuotaValue + } + return 0 +} + +func (x *QuotaFailure_Violation) GetFutureQuotaValue() int64 { + if x != nil && x.FutureQuotaValue != nil { + return *x.FutureQuotaValue + } + return 0 +} + // A message type used to describe a single precondition failure. type PreconditionFailure_Violation struct { state protoimpl.MessageState @@ -775,7 +876,7 @@ type PreconditionFailure_Violation struct { func (x *PreconditionFailure_Violation) Reset() { *x = PreconditionFailure_Violation{} if protoimpl.UnsafeEnabled { - mi := &file_google_rpc_error_details_proto_msgTypes[12] + mi := &file_google_rpc_error_details_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -788,7 +889,7 @@ func (x *PreconditionFailure_Violation) String() string { func (*PreconditionFailure_Violation) ProtoMessage() {} func (x *PreconditionFailure_Violation) ProtoReflect() protoreflect.Message { - mi := &file_google_rpc_error_details_proto_msgTypes[12] + mi := &file_google_rpc_error_details_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -886,7 +987,7 @@ type BadRequest_FieldViolation struct { func (x *BadRequest_FieldViolation) Reset() { *x = BadRequest_FieldViolation{} if protoimpl.UnsafeEnabled { - mi := &file_google_rpc_error_details_proto_msgTypes[13] + mi := &file_google_rpc_error_details_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -899,7 +1000,7 @@ func (x *BadRequest_FieldViolation) String() string { func (*BadRequest_FieldViolation) ProtoMessage() {} func (x *BadRequest_FieldViolation) ProtoReflect() protoreflect.Message { - mi := &file_google_rpc_error_details_proto_msgTypes[13] + mi := &file_google_rpc_error_details_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -958,7 +1059,7 @@ type Help_Link struct { func (x *Help_Link) Reset() { *x = Help_Link{} if protoimpl.UnsafeEnabled { - mi := &file_google_rpc_error_details_proto_msgTypes[14] + mi := &file_google_rpc_error_details_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -971,7 +1072,7 @@ func (x *Help_Link) String() string { func (*Help_Link) ProtoMessage() {} func (x *Help_Link) ProtoReflect() protoreflect.Message { - mi := &file_google_rpc_error_details_proto_msgTypes[14] + mi := &file_google_rpc_error_details_proto_msgTypes[15] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1029,79 +1130,102 @@ var file_google_rpc_error_details_proto_rawDesc = []byte{ 0x0a, 0x0d, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x74, 0x61, 0x63, 0x6b, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x22, 0x9b, 0x01, 0x0a, 0x0c, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x22, 0x8e, 0x04, 0x0a, 0x0c, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x12, 0x42, 0x0a, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x2e, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x1a, 0x47, 0x0a, 0x09, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, - 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, - 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xbd, 0x01, 0x0a, 0x13, 0x50, 0x72, - 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, - 0x65, 0x12, 0x49, 0x0a, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, - 0x70, 0x63, 0x2e, 0x50, 0x72, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, - 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x2e, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x5b, 0x0a, 0x09, - 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, - 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, - 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x8c, 0x02, 0x0a, 0x0a, 0x42, 0x61, - 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x50, 0x0a, 0x10, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x5f, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, - 0x42, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, - 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x66, 0x69, 0x65, 0x6c, 0x64, - 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0xab, 0x01, 0x0a, 0x0e, 0x46, - 0x69, 0x65, 0x6c, 0x64, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, - 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x66, 0x69, - 0x65, 0x6c, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x49, 0x0a, - 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, - 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x4f, 0x0a, 0x0b, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x6e, - 0x67, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x6e, 0x67, 0x44, 0x61, 0x74, 0x61, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x6f, 0x0a, 0x04, - 0x48, 0x65, 0x6c, 0x70, 0x12, 0x2b, 0x0a, 0x05, 0x6c, 0x69, 0x6e, 0x6b, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, - 0x2e, 0x48, 0x65, 0x6c, 0x70, 0x2e, 0x4c, 0x69, 0x6e, 0x6b, 0x52, 0x05, 0x6c, 0x69, 0x6e, 0x6b, - 0x73, 0x1a, 0x3a, 0x0a, 0x04, 0x4c, 0x69, 0x6e, 0x6b, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, - 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x75, - 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x22, 0x44, 0x0a, - 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x42, 0x6c, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x72, 0x70, 0x63, 0x42, 0x11, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x44, 0x65, 0x74, 0x61, - 0x69, 0x6c, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, - 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, - 0x73, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x65, 0x72, 0x72, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, - 0x3b, 0x65, 0x72, 0x72, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0xa2, 0x02, 0x03, 0x52, 0x50, - 0x43, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x1a, 0xb9, 0x03, 0x0a, 0x09, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, + 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, + 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x70, + 0x69, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x61, 0x70, 0x69, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x71, + 0x75, 0x6f, 0x74, 0x61, 0x5f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x71, 0x75, 0x6f, 0x74, 0x61, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, 0x19, + 0x0a, 0x08, 0x71, 0x75, 0x6f, 0x74, 0x61, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x71, 0x75, 0x6f, 0x74, 0x61, 0x49, 0x64, 0x12, 0x62, 0x0a, 0x10, 0x71, 0x75, 0x6f, + 0x74, 0x61, 0x5f, 0x64, 0x69, 0x6d, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, + 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x2e, 0x56, 0x69, + 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x44, 0x69, 0x6d, + 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x71, 0x75, + 0x6f, 0x74, 0x61, 0x44, 0x69, 0x6d, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, + 0x0b, 0x71, 0x75, 0x6f, 0x74, 0x61, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x0a, 0x71, 0x75, 0x6f, 0x74, 0x61, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x31, + 0x0a, 0x12, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x71, 0x75, 0x6f, 0x74, 0x61, 0x5f, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x03, 0x48, 0x00, 0x52, 0x10, 0x66, 0x75, + 0x74, 0x75, 0x72, 0x65, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x88, 0x01, + 0x01, 0x1a, 0x42, 0x0a, 0x14, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x44, 0x69, 0x6d, 0x65, 0x6e, 0x73, + 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x15, 0x0a, 0x13, 0x5f, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, + 0x5f, 0x71, 0x75, 0x6f, 0x74, 0x61, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xbd, 0x01, 0x0a, + 0x13, 0x50, 0x72, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, + 0x6c, 0x75, 0x72, 0x65, 0x12, 0x49, 0x0a, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x50, 0x72, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x2e, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, + 0x5b, 0x0a, 0x09, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x8c, 0x02, 0x0a, + 0x0a, 0x42, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x50, 0x0a, 0x10, 0x66, + 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x76, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, + 0x70, 0x63, 0x2e, 0x42, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x46, 0x69, + 0x65, 0x6c, 0x64, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x66, 0x69, + 0x65, 0x6c, 0x64, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0xab, 0x01, + 0x0a, 0x0e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x14, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, + 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, + 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, + 0x12, 0x49, 0x0a, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x6d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, + 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, + 0x69, 0x7a, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x4f, 0x0a, 0x0b, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x6e, 0x67, 0x44, 0x61, 0x74, 0x61, 0x22, 0x90, 0x01, 0x0a, + 0x0c, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x23, 0x0a, + 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, + 0x70, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, + 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, + 0x6f, 0x0a, 0x04, 0x48, 0x65, 0x6c, 0x70, 0x12, 0x2b, 0x0a, 0x05, 0x6c, 0x69, 0x6e, 0x6b, 0x73, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x72, 0x70, 0x63, 0x2e, 0x48, 0x65, 0x6c, 0x70, 0x2e, 0x4c, 0x69, 0x6e, 0x6b, 0x52, 0x05, 0x6c, + 0x69, 0x6e, 0x6b, 0x73, 0x1a, 0x3a, 0x0a, 0x04, 0x4c, 0x69, 0x6e, 0x6b, 0x12, 0x20, 0x0a, 0x0b, + 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x10, + 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, + 0x22, 0x44, 0x0a, 0x10, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x4d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, + 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x6c, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x42, 0x11, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x44, + 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, + 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x61, 0x70, 0x69, 0x73, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x65, 0x72, 0x72, 0x64, 0x65, 0x74, 0x61, + 0x69, 0x6c, 0x73, 0x3b, 0x65, 0x72, 0x72, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0xa2, 0x02, + 0x03, 0x52, 0x50, 0x43, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1116,7 +1240,7 @@ func file_google_rpc_error_details_proto_rawDescGZIP() []byte { return file_google_rpc_error_details_proto_rawDescData } -var file_google_rpc_error_details_proto_msgTypes = make([]protoimpl.MessageInfo, 15) +var file_google_rpc_error_details_proto_msgTypes = make([]protoimpl.MessageInfo, 16) var file_google_rpc_error_details_proto_goTypes = []interface{}{ (*ErrorInfo)(nil), // 0: google.rpc.ErrorInfo (*RetryInfo)(nil), // 1: google.rpc.RetryInfo @@ -1130,24 +1254,26 @@ var file_google_rpc_error_details_proto_goTypes = []interface{}{ (*LocalizedMessage)(nil), // 9: google.rpc.LocalizedMessage nil, // 10: google.rpc.ErrorInfo.MetadataEntry (*QuotaFailure_Violation)(nil), // 11: google.rpc.QuotaFailure.Violation - (*PreconditionFailure_Violation)(nil), // 12: google.rpc.PreconditionFailure.Violation - (*BadRequest_FieldViolation)(nil), // 13: google.rpc.BadRequest.FieldViolation - (*Help_Link)(nil), // 14: google.rpc.Help.Link - (*durationpb.Duration)(nil), // 15: google.protobuf.Duration + nil, // 12: google.rpc.QuotaFailure.Violation.QuotaDimensionsEntry + (*PreconditionFailure_Violation)(nil), // 13: google.rpc.PreconditionFailure.Violation + (*BadRequest_FieldViolation)(nil), // 14: google.rpc.BadRequest.FieldViolation + (*Help_Link)(nil), // 15: google.rpc.Help.Link + (*durationpb.Duration)(nil), // 16: google.protobuf.Duration } var file_google_rpc_error_details_proto_depIdxs = []int32{ 10, // 0: google.rpc.ErrorInfo.metadata:type_name -> google.rpc.ErrorInfo.MetadataEntry - 15, // 1: google.rpc.RetryInfo.retry_delay:type_name -> google.protobuf.Duration + 16, // 1: google.rpc.RetryInfo.retry_delay:type_name -> google.protobuf.Duration 11, // 2: google.rpc.QuotaFailure.violations:type_name -> google.rpc.QuotaFailure.Violation - 12, // 3: google.rpc.PreconditionFailure.violations:type_name -> google.rpc.PreconditionFailure.Violation - 13, // 4: google.rpc.BadRequest.field_violations:type_name -> google.rpc.BadRequest.FieldViolation - 14, // 5: google.rpc.Help.links:type_name -> google.rpc.Help.Link - 9, // 6: google.rpc.BadRequest.FieldViolation.localized_message:type_name -> google.rpc.LocalizedMessage - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name + 13, // 3: google.rpc.PreconditionFailure.violations:type_name -> google.rpc.PreconditionFailure.Violation + 14, // 4: google.rpc.BadRequest.field_violations:type_name -> google.rpc.BadRequest.FieldViolation + 15, // 5: google.rpc.Help.links:type_name -> google.rpc.Help.Link + 12, // 6: google.rpc.QuotaFailure.Violation.quota_dimensions:type_name -> google.rpc.QuotaFailure.Violation.QuotaDimensionsEntry + 9, // 7: google.rpc.BadRequest.FieldViolation.localized_message:type_name -> google.rpc.LocalizedMessage + 8, // [8:8] is the sub-list for method output_type + 8, // [8:8] is the sub-list for method input_type + 8, // [8:8] is the sub-list for extension type_name + 8, // [8:8] is the sub-list for extension extendee + 0, // [0:8] is the sub-list for field type_name } func init() { file_google_rpc_error_details_proto_init() } @@ -1288,7 +1414,7 @@ func file_google_rpc_error_details_proto_init() { return nil } } - file_google_rpc_error_details_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_google_rpc_error_details_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*PreconditionFailure_Violation); i { case 0: return &v.state @@ -1300,7 +1426,7 @@ func file_google_rpc_error_details_proto_init() { return nil } } - file_google_rpc_error_details_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_google_rpc_error_details_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*BadRequest_FieldViolation); i { case 0: return &v.state @@ -1312,7 +1438,7 @@ func file_google_rpc_error_details_proto_init() { return nil } } - file_google_rpc_error_details_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + file_google_rpc_error_details_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Help_Link); i { case 0: return &v.state @@ -1325,13 +1451,14 @@ func file_google_rpc_error_details_proto_init() { } } } + file_google_rpc_error_details_proto_msgTypes[11].OneofWrappers = []interface{}{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_google_rpc_error_details_proto_rawDesc, NumEnums: 0, - NumMessages: 15, + NumMessages: 16, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go index 6ad1b1c1d..06a3f7106 100644 --- a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go @@ -1,4 +1,4 @@ -// Copyright 2024 Google LLC +// Copyright 2025 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/google.golang.org/grpc/CONTRIBUTING.md b/vendor/google.golang.org/grpc/CONTRIBUTING.md index d9bfa6e1e..2079de7b0 100644 --- a/vendor/google.golang.org/grpc/CONTRIBUTING.md +++ b/vendor/google.golang.org/grpc/CONTRIBUTING.md @@ -1,73 +1,159 @@ # How to contribute -We definitely welcome your patches and contributions to gRPC! Please read the gRPC -organization's [governance rules](https://github.com/grpc/grpc-community/blob/master/governance.md) -and [contribution guidelines](https://github.com/grpc/grpc-community/blob/master/CONTRIBUTING.md) before proceeding. +We welcome your patches and contributions to gRPC! Please read the gRPC +organization's [governance +rules](https://github.com/grpc/grpc-community/blob/master/governance.md) before +proceeding. If you are new to GitHub, please start by reading [Pull Request howto](https://help.github.com/articles/about-pull-requests/) ## Legal requirements In order to protect both you and ourselves, you will need to sign the -[Contributor License Agreement](https://identity.linuxfoundation.org/projects/cncf). +[Contributor License +Agreement](https://identity.linuxfoundation.org/projects/cncf). When you create +your first PR, a link will be added as a comment that contains the steps needed +to complete this process. + +## Getting Started + +A great way to start is by searching through our open issues. [Unassigned issues +labeled as "help +wanted"](https://github.com/grpc/grpc-go/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20label%3A%22Status%3A%20Help%20Wanted%22%20no%3Aassignee) +are especially nice for first-time contributors, as they should be well-defined +problems that already have agreed-upon solutions. + +## Code Style + +We follow [Google's published Go style +guide](https://google.github.io/styleguide/go/). Note that there are three +primary documents that make up this style guide; please follow them as closely +as possible. If a reviewer recommends something that contradicts those +guidelines, there may be valid reasons to do so, but it should be rare. ## Guidelines for Pull Requests -How to get your contributions merged smoothly and quickly. + +Please read the following carefully to ensure your contributions can be merged +smoothly and quickly. + +### PR Contents - Create **small PRs** that are narrowly focused on **addressing a single - concern**. We often times receive PRs that are trying to fix several things at - a time, but only one fix is considered acceptable, nothing gets merged and - both author's & review's time is wasted. Create more PRs to address different - concerns and everyone will be happy. + concern**. We often receive PRs that attempt to fix several things at the same + time, and if one part of the PR has a problem, that will hold up the entire + PR. + +- If your change does not address an **open issue** with an **agreed + resolution**, consider opening an issue and discussing it first. If you are + suggesting a behavioral or API change, consider starting with a [gRFC + proposal](https://github.com/grpc/proposal). Many new features that are not + bug fixes will require cross-language agreement. + +- If you want to fix **formatting or style**, consider whether your changes are + an obvious improvement or might be considered a personal preference. If a + style change is based on preference, it likely will not be accepted. If it + corrects widely agreed-upon anti-patterns, then please do create a PR and + explain the benefits of the change. + +- For correcting **misspellings**, please be aware that we use some terms that + are sometimes flagged by spell checkers. As an example, "if an only if" is + often written as "iff". Please do not make spelling correction changes unless + you are certain they are misspellings. + +- **All tests need to be passing** before your change can be merged. We + recommend you run tests locally before creating your PR to catch breakages + early on: -- If you are searching for features to work on, issues labeled [Status: Help - Wanted](https://github.com/grpc/grpc-go/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+label%3A%22Status%3A+Help+Wanted%22) - is a great place to start. These issues are well-documented and usually can be - resolved with a single pull request. + - `./scripts/vet.sh` to catch vet errors. + - `go test -cpu 1,4 -timeout 7m ./...` to run the tests. + - `go test -race -cpu 1,4 -timeout 7m ./...` to run tests in race mode. -- If you are adding a new file, make sure it has the copyright message template - at the top as a comment. You can copy over the message from an existing file - and update the year. + Note that we have a multi-module repo, so `go test` commands may need to be + run from the root of each module in order to cause all tests to run. + + *Alternatively*, you may find it easier to push your changes to your fork on + GitHub, which will trigger a GitHub Actions run that you can use to verify + everything is passing. + +- Note that there are two GitHub actions checks that need not be green: + + 1. We test the freshness of the generated proto code we maintain via the + `vet-proto` check. If the source proto files are updated, but our repo is + not updated, an optional checker will fail. This will be fixed by our team + in a separate PR and will not prevent the merge of your PR. + + 2. We run a checker that will fail if there is any change in dependencies of + an exported package via the `dependencies` check. If new dependencies are + added that are not appropriate, we may not accept your PR (see below). + +- If you are adding a **new file**, make sure it has the **copyright message** + template at the top as a comment. You can copy the message from an existing + file and update the year. - The grpc package should only depend on standard Go packages and a small number - of exceptions. If your contribution introduces new dependencies which are NOT - in the [list](https://godoc.org/google.golang.org/grpc?imports), you need a - discussion with gRPC-Go authors and consultants. + of exceptions. **If your contribution introduces new dependencies**, you will + need a discussion with gRPC-Go maintainers. -- For speculative changes, consider opening an issue and discussing it first. If - you are suggesting a behavioral or API change, consider starting with a [gRFC - proposal](https://github.com/grpc/proposal). +### PR Descriptions -- Provide a good **PR description** as a record of **what** change is being made - and **why** it was made. Link to a GitHub issue if it exists. +- **PR titles** should start with the name of the component being addressed, or + the type of change. Examples: transport, client, server, round_robin, xds, + cleanup, deps. -- If you want to fix formatting or style, consider whether your changes are an - obvious improvement or might be considered a personal preference. If a style - change is based on preference, it likely will not be accepted. If it corrects - widely agreed-upon anti-patterns, then please do create a PR and explain the - benefits of the change. +- Read and follow the **guidelines for PR titles and descriptions** here: + https://google.github.io/eng-practices/review/developer/cl-descriptions.html -- Unless your PR is trivial, you should expect there will be reviewer comments - that you'll need to address before merging. We'll mark it as `Status: Requires - Reporter Clarification` if we expect you to respond to these comments in a - timely manner. If the PR remains inactive for 6 days, it will be marked as - `stale` and automatically close 7 days after that if we don't hear back from - you. + *particularly* the sections "First Line" and "Body is Informative". -- Maintain **clean commit history** and use **meaningful commit messages**. PRs - with messy commit history are difficult to review and won't be merged. Use - `rebase -i upstream/master` to curate your commit history and/or to bring in - latest changes from master (but avoid rebasing in the middle of a code - review). + Note: your PR description will be used as the git commit message in a + squash-and-merge if your PR is approved. We may make changes to this as + necessary. -- Keep your PR up to date with upstream/master (if there are merge conflicts, we - can't really merge your change). +- **Does this PR relate to an open issue?** On the first line, please use the + tag `Fixes #` to ensure the issue is closed when the PR is merged. Or + use `Updates #` if the PR is related to an open issue, but does not fix + it. Consider filing an issue if one does not already exist. -- **All tests need to be passing** before your change can be merged. We - recommend you **run tests locally** before creating your PR to catch breakages - early on. - - `./scripts/vet.sh` to catch vet errors - - `go test -cpu 1,4 -timeout 7m ./...` to run the tests - - `go test -race -cpu 1,4 -timeout 7m ./...` to run tests in race mode +- PR descriptions *must* conclude with **release notes** as follows: + + ``` + RELEASE NOTES: + * : + ``` + + This need not match the PR title. + + The summary must: + + * be something that gRPC users will understand. + + * clearly explain the feature being added, the issue being fixed, or the + behavior being changed, etc. If fixing a bug, be clear about how the bug + can be triggered by an end-user. + + * begin with a capital letter and use complete sentences. -- Exceptions to the rules can be made if there's a compelling reason for doing so. + * be as short as possible to describe the change being made. + + If a PR is *not* end-user visible -- e.g. a cleanup, testing change, or + GitHub-related, use `RELEASE NOTES: n/a`. + +### PR Process + +- Please **self-review** your code changes before sending your PR. This will + prevent simple, obvious errors from causing delays. + +- Maintain a **clean commit history** and use **meaningful commit messages**. + PRs with messy commit histories are difficult to review and won't be merged. + Before sending your PR, ensure your changes are based on top of the latest + `upstream/master` commits, and avoid rebasing in the middle of a code review. + You should **never use `git push -f`** unless absolutely necessary during a + review, as it can interfere with GitHub's tracking of comments. + +- Unless your PR is trivial, you should **expect reviewer comments** that you + will need to address before merging. We'll label the PR as `Status: Requires + Reporter Clarification` if we expect you to respond to these comments in a + timely manner. If the PR remains inactive for 6 days, it will be marked as + `stale`, and we will automatically close it after 7 days if we don't hear back + from you. Please feel free to ping issues or bugs if you do not get a response + within a week. diff --git a/vendor/google.golang.org/grpc/MAINTAINERS.md b/vendor/google.golang.org/grpc/MAINTAINERS.md index 5d4096d46..df35bb9a8 100644 --- a/vendor/google.golang.org/grpc/MAINTAINERS.md +++ b/vendor/google.golang.org/grpc/MAINTAINERS.md @@ -9,21 +9,19 @@ for general contribution guidelines. ## Maintainers (in alphabetical order) -- [aranjans](https://github.com/aranjans), Google LLC - [arjan-bal](https://github.com/arjan-bal), Google LLC - [arvindbr8](https://github.com/arvindbr8), Google LLC - [atollena](https://github.com/atollena), Datadog, Inc. - [dfawley](https://github.com/dfawley), Google LLC - [easwars](https://github.com/easwars), Google LLC -- [erm-g](https://github.com/erm-g), Google LLC - [gtcooke94](https://github.com/gtcooke94), Google LLC -- [purnesh42h](https://github.com/purnesh42h), Google LLC -- [zasweq](https://github.com/zasweq), Google LLC ## Emeritus Maintainers (in alphabetical order) - [adelez](https://github.com/adelez) +- [aranjans](https://github.com/aranjans) - [canguler](https://github.com/canguler) - [cesarghali](https://github.com/cesarghali) +- [erm-g](https://github.com/erm-g) - [iamqizhao](https://github.com/iamqizhao) - [jeanbza](https://github.com/jeanbza) - [jtattermusch](https://github.com/jtattermusch) @@ -32,5 +30,7 @@ for general contribution guidelines. - [matt-kwong](https://github.com/matt-kwong) - [menghanl](https://github.com/menghanl) - [nicolasnoble](https://github.com/nicolasnoble) +- [purnesh42h](https://github.com/purnesh42h) - [srini100](https://github.com/srini100) - [yongni](https://github.com/yongni) +- [zasweq](https://github.com/zasweq) diff --git a/vendor/google.golang.org/grpc/README.md b/vendor/google.golang.org/grpc/README.md index b572707c6..f9a88d597 100644 --- a/vendor/google.golang.org/grpc/README.md +++ b/vendor/google.golang.org/grpc/README.md @@ -32,6 +32,7 @@ import "google.golang.org/grpc" - [Low-level technical docs](Documentation) from this repository - [Performance benchmark][] - [Examples](examples) +- [Contribution guidelines](CONTRIBUTING.md) ## FAQ diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go index c9b343c71..d08b7ad63 100644 --- a/vendor/google.golang.org/grpc/balancer/balancer.go +++ b/vendor/google.golang.org/grpc/balancer/balancer.go @@ -75,8 +75,6 @@ func unregisterForTesting(name string) { func init() { internal.BalancerUnregister = unregisterForTesting - internal.ConnectedAddress = connectedAddress - internal.SetConnectedAddress = setConnectedAddress } // Get returns the resolver builder registered with the given name. @@ -360,6 +358,10 @@ type Balancer interface { // call SubConn.Shutdown for its existing SubConns; however, this will be // required in a future release, so it is recommended. Close() + // ExitIdle instructs the LB policy to reconnect to backends / exit the + // IDLE state, if appropriate and possible. Note that SubConns that enter + // the IDLE state will not reconnect until SubConn.Connect is called. + ExitIdle() } // ExitIdler is an optional interface for balancers to implement. If @@ -367,8 +369,8 @@ type Balancer interface { // the ClientConn is idle. If unimplemented, ClientConn.Connect will cause // all SubConns to connect. // -// Notice: it will be required for all balancers to implement this in a future -// release. +// Deprecated: All balancers must implement this interface. This interface will +// be removed in a future release. type ExitIdler interface { // ExitIdle instructs the LB policy to reconnect to backends / exit the // IDLE state, if appropriate and possible. Note that SubConns that enter diff --git a/vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go b/vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go index cc606f4da..360db08eb 100644 --- a/vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go +++ b/vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go @@ -37,6 +37,8 @@ import ( "google.golang.org/grpc/resolver" ) +var randIntN = rand.IntN + // ChildState is the balancer state of a child along with the endpoint which // identifies the child balancer. type ChildState struct { @@ -45,7 +47,15 @@ type ChildState struct { // Balancer exposes only the ExitIdler interface of the child LB policy. // Other methods of the child policy are called only by endpointsharding. - Balancer balancer.ExitIdler + Balancer ExitIdler +} + +// ExitIdler provides access to only the ExitIdle method of the child balancer. +type ExitIdler interface { + // ExitIdle instructs the LB policy to reconnect to backends / exit the + // IDLE state, if appropriate and possible. Note that SubConns that enter + // the IDLE state will not reconnect until SubConn.Connect is called. + ExitIdle() } // Options are the options to configure the behaviour of the @@ -104,6 +114,21 @@ type endpointSharding struct { mu sync.Mutex } +// rotateEndpoints returns a slice of all the input endpoints rotated a random +// amount. +func rotateEndpoints(es []resolver.Endpoint) []resolver.Endpoint { + les := len(es) + if les == 0 { + return es + } + r := randIntN(les) + // Make a copy to avoid mutating data beyond the end of es. + ret := make([]resolver.Endpoint, les) + copy(ret, es[r:]) + copy(ret[les-r:], es[:r]) + return ret +} + // UpdateClientConnState creates a child for new endpoints and deletes children // for endpoints that are no longer present. It also updates all the children, // and sends a single synchronous update of the childrens' aggregated state at @@ -125,7 +150,7 @@ func (es *endpointSharding) UpdateClientConnState(state balancer.ClientConnState newChildren := resolver.NewEndpointMap[*balancerWrapper]() // Update/Create new children. - for _, endpoint := range state.ResolverState.Endpoints { + for _, endpoint := range rotateEndpoints(state.ResolverState.Endpoints) { if _, ok := newChildren.Get(endpoint); ok { // Endpoint child was already created, continue to avoid duplicate // update. @@ -205,6 +230,16 @@ func (es *endpointSharding) Close() { } } +func (es *endpointSharding) ExitIdle() { + es.childMu.Lock() + defer es.childMu.Unlock() + for _, bw := range es.children.Load().Values() { + if !bw.isClosed { + bw.child.ExitIdle() + } + } +} + // updateState updates this component's state. It sends the aggregated state, // and a picker with round robin behavior with all the child states present if // needed. @@ -261,7 +296,7 @@ func (es *endpointSharding) updateState() { p := &pickerWithChildStates{ pickers: pickers, childStates: childStates, - next: uint32(rand.IntN(len(pickers))), + next: uint32(randIntN(len(pickers))), } es.cc.UpdateState(balancer.State{ ConnectivityState: aggState, @@ -326,15 +361,13 @@ func (bw *balancerWrapper) UpdateState(state balancer.State) { // ExitIdle pings an IDLE child balancer to exit idle in a new goroutine to // avoid deadlocks due to synchronous balancer state updates. func (bw *balancerWrapper) ExitIdle() { - if ei, ok := bw.child.(balancer.ExitIdler); ok { - go func() { - bw.es.childMu.Lock() - if !bw.isClosed { - ei.ExitIdle() - } - bw.es.childMu.Unlock() - }() - } + go func() { + bw.es.childMu.Lock() + if !bw.isClosed { + bw.child.ExitIdle() + } + bw.es.childMu.Unlock() + }() } // updateClientConnStateLocked delivers the ClientConnState to the child diff --git a/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go b/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go index 7d66cb491..cc902a4de 100644 --- a/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go +++ b/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go @@ -26,6 +26,8 @@ import ( var ( // RandShuffle pseudo-randomizes the order of addresses. RandShuffle = rand.Shuffle + // RandFloat64 returns, as a float64, a pseudo-random number in [0.0,1.0). + RandFloat64 = rand.Float64 // TimeAfterFunc allows mocking the timer for testing connection delay // related functionality. TimeAfterFunc = func(d time.Duration, f func()) func() { diff --git a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go index ea8899818..dccd9f0bf 100644 --- a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go +++ b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go @@ -16,55 +16,129 @@ * */ -// Package pickfirst contains the pick_first load balancing policy. +// Package pickfirst contains the pick_first load balancing policy which +// is the universal leaf policy. package pickfirst import ( + "cmp" "encoding/json" "errors" "fmt" - rand "math/rand/v2" + "math" + "net" + "net/netip" + "slices" + "sync" + "time" "google.golang.org/grpc/balancer" "google.golang.org/grpc/balancer/pickfirst/internal" "google.golang.org/grpc/connectivity" + expstats "google.golang.org/grpc/experimental/stats" "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/internal/balancer/weight" "google.golang.org/grpc/internal/envconfig" internalgrpclog "google.golang.org/grpc/internal/grpclog" "google.golang.org/grpc/internal/pretty" "google.golang.org/grpc/resolver" "google.golang.org/grpc/serviceconfig" - - _ "google.golang.org/grpc/balancer/pickfirst/pickfirstleaf" // For automatically registering the new pickfirst if required. ) func init() { - if envconfig.NewPickFirstEnabled { - return - } balancer.Register(pickfirstBuilder{}) } -var logger = grpclog.Component("pick-first-lb") +// Name is the name of the pick_first balancer. +const Name = "pick_first" + +// enableHealthListenerKeyType is a unique key type used in resolver +// attributes to indicate whether the health listener usage is enabled. +type enableHealthListenerKeyType struct{} + +var ( + logger = grpclog.Component("pick-first-leaf-lb") + disconnectionsMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.lb.pick_first.disconnections", + Description: "EXPERIMENTAL. Number of times the selected subchannel becomes disconnected.", + Unit: "{disconnection}", + Labels: []string{"grpc.target"}, + Default: false, + }) + connectionAttemptsSucceededMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.lb.pick_first.connection_attempts_succeeded", + Description: "EXPERIMENTAL. Number of successful connection attempts.", + Unit: "{attempt}", + Labels: []string{"grpc.target"}, + Default: false, + }) + connectionAttemptsFailedMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.lb.pick_first.connection_attempts_failed", + Description: "EXPERIMENTAL. Number of failed connection attempts.", + Unit: "{attempt}", + Labels: []string{"grpc.target"}, + Default: false, + }) +) const ( - // Name is the name of the pick_first balancer. - Name = "pick_first" - logPrefix = "[pick-first-lb %p] " + // TODO: change to pick-first when this becomes the default pick_first policy. + logPrefix = "[pick-first-leaf-lb %p] " + // connectionDelayInterval is the time to wait for during the happy eyeballs + // pass before starting the next connection attempt. + connectionDelayInterval = 250 * time.Millisecond +) + +type ipAddrFamily int + +const ( + // ipAddrFamilyUnknown represents strings that can't be parsed as an IP + // address. + ipAddrFamilyUnknown ipAddrFamily = iota + ipAddrFamilyV4 + ipAddrFamilyV6 ) type pickfirstBuilder struct{} -func (pickfirstBuilder) Build(cc balancer.ClientConn, _ balancer.BuildOptions) balancer.Balancer { - b := &pickfirstBalancer{cc: cc} +func (pickfirstBuilder) Build(cc balancer.ClientConn, bo balancer.BuildOptions) balancer.Balancer { + b := &pickfirstBalancer{ + cc: cc, + target: bo.Target.String(), + metricsRecorder: cc.MetricsRecorder(), + + subConns: resolver.NewAddressMapV2[*scData](), + state: connectivity.Connecting, + cancelConnectionTimer: func() {}, + } b.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf(logPrefix, b)) return b } -func (pickfirstBuilder) Name() string { +func (b pickfirstBuilder) Name() string { return Name } +func (pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) { + var cfg pfConfig + if err := json.Unmarshal(js, &cfg); err != nil { + return nil, fmt.Errorf("pickfirst: unable to unmarshal LB policy config: %s, error: %v", string(js), err) + } + return cfg, nil +} + +// EnableHealthListener updates the state to configure pickfirst for using a +// generic health listener. +// +// # Experimental +// +// Notice: This API is EXPERIMENTAL and may be changed or removed in a later +// release. +func EnableHealthListener(state resolver.State) resolver.State { + state.Attributes = state.Attributes.WithValue(enableHealthListenerKeyType{}, true) + return state +} + type pfConfig struct { serviceconfig.LoadBalancingConfig `json:"-"` @@ -74,90 +148,163 @@ type pfConfig struct { ShuffleAddressList bool `json:"shuffleAddressList"` } -func (pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) { - var cfg pfConfig - if err := json.Unmarshal(js, &cfg); err != nil { - return nil, fmt.Errorf("pickfirst: unable to unmarshal LB policy config: %s, error: %v", string(js), err) +// scData keeps track of the current state of the subConn. +// It is not safe for concurrent access. +type scData struct { + // The following fields are initialized at build time and read-only after + // that. + subConn balancer.SubConn + addr resolver.Address + + rawConnectivityState connectivity.State + // The effective connectivity state based on raw connectivity, health state + // and after following sticky TransientFailure behaviour defined in A62. + effectiveState connectivity.State + lastErr error + connectionFailedInFirstPass bool +} + +func (b *pickfirstBalancer) newSCData(addr resolver.Address) (*scData, error) { + sd := &scData{ + rawConnectivityState: connectivity.Idle, + effectiveState: connectivity.Idle, + addr: addr, } - return cfg, nil + sc, err := b.cc.NewSubConn([]resolver.Address{addr}, balancer.NewSubConnOptions{ + StateListener: func(state balancer.SubConnState) { + b.updateSubConnState(sd, state) + }, + }) + if err != nil { + return nil, err + } + sd.subConn = sc + return sd, nil } type pickfirstBalancer struct { - logger *internalgrpclog.PrefixLogger - state connectivity.State - cc balancer.ClientConn - subConn balancer.SubConn + // The following fields are initialized at build time and read-only after + // that and therefore do not need to be guarded by a mutex. + logger *internalgrpclog.PrefixLogger + cc balancer.ClientConn + target string + metricsRecorder expstats.MetricsRecorder // guaranteed to be non nil + + // The mutex is used to ensure synchronization of updates triggered + // from the idle picker and the already serialized resolver, + // SubConn state updates. + mu sync.Mutex + // State reported to the channel based on SubConn states and resolver + // updates. + state connectivity.State + // scData for active subonns mapped by address. + subConns *resolver.AddressMapV2[*scData] + addressList addressList + firstPass bool + numTF int + cancelConnectionTimer func() + healthCheckingEnabled bool } +// ResolverError is called by the ClientConn when the name resolver produces +// an error or when pickfirst determined the resolver update to be invalid. func (b *pickfirstBalancer) ResolverError(err error) { + b.mu.Lock() + defer b.mu.Unlock() + b.resolverErrorLocked(err) +} + +func (b *pickfirstBalancer) resolverErrorLocked(err error) { if b.logger.V(2) { b.logger.Infof("Received error from the name resolver: %v", err) } - if b.subConn == nil { - b.state = connectivity.TransientFailure - } - if b.state != connectivity.TransientFailure { - // The picker will not change since the balancer does not currently - // report an error. + // The picker will not change since the balancer does not currently + // report an error. If the balancer hasn't received a single good resolver + // update yet, transition to TRANSIENT_FAILURE. + if b.state != connectivity.TransientFailure && b.addressList.size() > 0 { + if b.logger.V(2) { + b.logger.Infof("Ignoring resolver error because balancer is using a previous good update.") + } return } - b.cc.UpdateState(balancer.State{ + + b.updateBalancerState(balancer.State{ ConnectivityState: connectivity.TransientFailure, Picker: &picker{err: fmt.Errorf("name resolver error: %v", err)}, }) } -// Shuffler is an interface for shuffling an address list. -type Shuffler interface { - ShuffleAddressListForTesting(n int, swap func(i, j int)) -} - -// ShuffleAddressListForTesting pseudo-randomizes the order of addresses. n -// is the number of elements. swap swaps the elements with indexes i and j. -func ShuffleAddressListForTesting(n int, swap func(i, j int)) { rand.Shuffle(n, swap) } - func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState) error { + b.mu.Lock() + defer b.mu.Unlock() + b.cancelConnectionTimer() if len(state.ResolverState.Addresses) == 0 && len(state.ResolverState.Endpoints) == 0 { - // The resolver reported an empty address list. Treat it like an error by - // calling b.ResolverError. - if b.subConn != nil { - // Shut down the old subConn. All addresses were removed, so it is - // no longer valid. - b.subConn.Shutdown() - b.subConn = nil - } - b.ResolverError(errors.New("produced zero addresses")) + // Cleanup state pertaining to the previous resolver state. + // Treat an empty address list like an error by calling b.ResolverError. + b.closeSubConnsLocked() + b.addressList.updateAddrs(nil) + b.resolverErrorLocked(errors.New("produced zero addresses")) return balancer.ErrBadResolverState } - // We don't have to guard this block with the env var because ParseConfig - // already does so. + b.healthCheckingEnabled = state.ResolverState.Attributes.Value(enableHealthListenerKeyType{}) != nil cfg, ok := state.BalancerConfig.(pfConfig) if state.BalancerConfig != nil && !ok { - return fmt.Errorf("pickfirst: received illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig) + return fmt.Errorf("pickfirst: received illegal BalancerConfig (type %T): %v: %w", state.BalancerConfig, state.BalancerConfig, balancer.ErrBadResolverState) } if b.logger.V(2) { b.logger.Infof("Received new config %s, resolver state %s", pretty.ToJSON(cfg), pretty.ToJSON(state.ResolverState)) } - var addrs []resolver.Address + var newAddrs []resolver.Address if endpoints := state.ResolverState.Endpoints; len(endpoints) != 0 { - // Perform the optional shuffling described in gRFC A62. The shuffling will - // change the order of endpoints but not touch the order of the addresses - // within each endpoint. - A61 + // Perform the optional shuffling described in gRFC A62. The shuffling + // will change the order of endpoints but not touch the order of the + // addresses within each endpoint. - A61 if cfg.ShuffleAddressList { - endpoints = append([]resolver.Endpoint{}, endpoints...) - internal.RandShuffle(len(endpoints), func(i, j int) { endpoints[i], endpoints[j] = endpoints[j], endpoints[i] }) + if envconfig.PickFirstWeightedShuffling { + type weightedEndpoint struct { + endpoint resolver.Endpoint + weight float64 + } + + // For each endpoint, compute a key as described in A113 and + // https://utopia.duth.gr/~pefraimi/research/data/2007EncOfAlg.pdf: + var weightedEndpoints []weightedEndpoint + for _, endpoint := range endpoints { + u := internal.RandFloat64() // Random number in [0.0, 1.0) + weight := weightAttribute(endpoint) + weightedEndpoints = append(weightedEndpoints, weightedEndpoint{ + endpoint: endpoint, + weight: math.Pow(u, 1.0/float64(weight)), + }) + } + // Sort endpoints by key in descending order and reconstruct the + // endpoints slice. + slices.SortFunc(weightedEndpoints, func(a, b weightedEndpoint) int { + return cmp.Compare(b.weight, a.weight) + }) + + // Here, and in the "else" block below, we clone the endpoints + // slice to avoid mutating the resolver state. Doing the latter + // would lead to data races if the caller is accessing the same + // slice concurrently. + sortedEndpoints := make([]resolver.Endpoint, len(endpoints)) + for i, we := range weightedEndpoints { + sortedEndpoints[i] = we.endpoint + } + endpoints = sortedEndpoints + } else { + endpoints = slices.Clone(endpoints) + internal.RandShuffle(len(endpoints), func(i, j int) { endpoints[i], endpoints[j] = endpoints[j], endpoints[i] }) + } } - // "Flatten the list by concatenating the ordered list of addresses for each - // of the endpoints, in order." - A61 + // "Flatten the list by concatenating the ordered list of addresses for + // each of the endpoints, in order." - A61 for _, endpoint := range endpoints { - // "In the flattened list, interleave addresses from the two address - // families, as per RFC-8304 section 4." - A61 - // TODO: support the above language. - addrs = append(addrs, endpoint.Addresses...) + newAddrs = append(newAddrs, endpoint.Addresses...) } } else { // Endpoints not set, process addresses until we migrate resolver @@ -166,42 +313,53 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState // target do not forward the corresponding correct endpoints down/split // endpoints properly. Once all balancers correctly forward endpoints // down, can delete this else conditional. - addrs = state.ResolverState.Addresses + newAddrs = state.ResolverState.Addresses if cfg.ShuffleAddressList { - addrs = append([]resolver.Address{}, addrs...) - rand.Shuffle(len(addrs), func(i, j int) { addrs[i], addrs[j] = addrs[j], addrs[i] }) + newAddrs = append([]resolver.Address{}, newAddrs...) + internal.RandShuffle(len(newAddrs), func(i, j int) { newAddrs[i], newAddrs[j] = newAddrs[j], newAddrs[i] }) } } - if b.subConn != nil { - b.cc.UpdateAddresses(b.subConn, addrs) + // If an address appears in multiple endpoints or in the same endpoint + // multiple times, we keep it only once. We will create only one SubConn + // for the address because an AddressMap is used to store SubConns. + // Not de-duplicating would result in attempting to connect to the same + // SubConn multiple times in the same pass. We don't want this. + newAddrs = deDupAddresses(newAddrs) + newAddrs = interleaveAddresses(newAddrs) + + prevAddr := b.addressList.currentAddress() + prevSCData, found := b.subConns.Get(prevAddr) + prevAddrsCount := b.addressList.size() + isPrevRawConnectivityStateReady := found && prevSCData.rawConnectivityState == connectivity.Ready + b.addressList.updateAddrs(newAddrs) + + // If the previous ready SubConn exists in new address list, + // keep this connection and don't create new SubConns. + if isPrevRawConnectivityStateReady && b.addressList.seekTo(prevAddr) { return nil } - var subConn balancer.SubConn - subConn, err := b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{ - StateListener: func(state balancer.SubConnState) { - b.updateSubConnState(subConn, state) - }, - }) - if err != nil { - if b.logger.V(2) { - b.logger.Infof("Failed to create new SubConn: %v", err) - } - b.state = connectivity.TransientFailure - b.cc.UpdateState(balancer.State{ - ConnectivityState: connectivity.TransientFailure, - Picker: &picker{err: fmt.Errorf("error creating connection: %v", err)}, + b.reconcileSubConnsLocked(newAddrs) + // If it's the first resolver update or the balancer was already READY + // (but the new address list does not contain the ready SubConn) or + // CONNECTING, enter CONNECTING. + // We may be in TRANSIENT_FAILURE due to a previous empty address list, + // we should still enter CONNECTING because the sticky TF behaviour + // mentioned in A62 applies only when the TRANSIENT_FAILURE is reported + // due to connectivity failures. + if isPrevRawConnectivityStateReady || b.state == connectivity.Connecting || prevAddrsCount == 0 { + // Start connection attempt at first address. + b.forceUpdateConcludedStateLocked(balancer.State{ + ConnectivityState: connectivity.Connecting, + Picker: &picker{err: balancer.ErrNoSubConnAvailable}, }) - return balancer.ErrBadResolverState + b.startFirstPassLocked() + } else if b.state == connectivity.TransientFailure { + // If we're in TRANSIENT_FAILURE, we stay in TRANSIENT_FAILURE until + // we're READY. See A62. + b.startFirstPassLocked() } - b.subConn = subConn - b.state = connectivity.Idle - b.cc.UpdateState(balancer.State{ - ConnectivityState: connectivity.Connecting, - Picker: &picker{err: balancer.ErrNoSubConnAvailable}, - }) - b.subConn.Connect() return nil } @@ -211,63 +369,484 @@ func (b *pickfirstBalancer) UpdateSubConnState(subConn balancer.SubConn, state b b.logger.Errorf("UpdateSubConnState(%v, %+v) called unexpectedly", subConn, state) } -func (b *pickfirstBalancer) updateSubConnState(subConn balancer.SubConn, state balancer.SubConnState) { - if b.logger.V(2) { - b.logger.Infof("Received SubConn state update: %p, %+v", subConn, state) +func (b *pickfirstBalancer) Close() { + b.mu.Lock() + defer b.mu.Unlock() + b.closeSubConnsLocked() + b.cancelConnectionTimer() + b.state = connectivity.Shutdown +} + +// ExitIdle moves the balancer out of idle state. It can be called concurrently +// by the idlePicker and clientConn so access to variables should be +// synchronized. +func (b *pickfirstBalancer) ExitIdle() { + b.mu.Lock() + defer b.mu.Unlock() + if b.state == connectivity.Idle { + // Move the balancer into CONNECTING state immediately. This is done to + // avoid staying in IDLE if a resolver update arrives before the first + // SubConn reports CONNECTING. + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Connecting, + Picker: &picker{err: balancer.ErrNoSubConnAvailable}, + }) + b.startFirstPassLocked() + } +} + +func (b *pickfirstBalancer) startFirstPassLocked() { + b.firstPass = true + b.numTF = 0 + // Reset the connection attempt record for existing SubConns. + for _, sd := range b.subConns.Values() { + sd.connectionFailedInFirstPass = false } - if b.subConn != subConn { + b.requestConnectionLocked() +} + +func (b *pickfirstBalancer) closeSubConnsLocked() { + for _, sd := range b.subConns.Values() { + sd.subConn.Shutdown() + } + b.subConns = resolver.NewAddressMapV2[*scData]() +} + +// deDupAddresses ensures that each address appears only once in the slice. +func deDupAddresses(addrs []resolver.Address) []resolver.Address { + seenAddrs := resolver.NewAddressMapV2[bool]() + retAddrs := []resolver.Address{} + + for _, addr := range addrs { + if _, ok := seenAddrs.Get(addr); ok { + continue + } + seenAddrs.Set(addr, true) + retAddrs = append(retAddrs, addr) + } + return retAddrs +} + +// interleaveAddresses interleaves addresses of both families (IPv4 and IPv6) +// as per RFC-8305 section 4. +// Whichever address family is first in the list is followed by an address of +// the other address family; that is, if the first address in the list is IPv6, +// then the first IPv4 address should be moved up in the list to be second in +// the list. It doesn't support configuring "First Address Family Count", i.e. +// there will always be a single member of the first address family at the +// beginning of the interleaved list. +// Addresses that are neither IPv4 nor IPv6 are treated as part of a third +// "unknown" family for interleaving. +// See: https://datatracker.ietf.org/doc/html/rfc8305#autoid-6 +func interleaveAddresses(addrs []resolver.Address) []resolver.Address { + familyAddrsMap := map[ipAddrFamily][]resolver.Address{} + interleavingOrder := []ipAddrFamily{} + for _, addr := range addrs { + family := addressFamily(addr.Addr) + if _, found := familyAddrsMap[family]; !found { + interleavingOrder = append(interleavingOrder, family) + } + familyAddrsMap[family] = append(familyAddrsMap[family], addr) + } + + interleavedAddrs := make([]resolver.Address, 0, len(addrs)) + + for curFamilyIdx := 0; len(interleavedAddrs) < len(addrs); curFamilyIdx = (curFamilyIdx + 1) % len(interleavingOrder) { + // Some IP types may have fewer addresses than others, so we look for + // the next type that has a remaining member to add to the interleaved + // list. + family := interleavingOrder[curFamilyIdx] + remainingMembers := familyAddrsMap[family] + if len(remainingMembers) > 0 { + interleavedAddrs = append(interleavedAddrs, remainingMembers[0]) + familyAddrsMap[family] = remainingMembers[1:] + } + } + + return interleavedAddrs +} + +// addressFamily returns the ipAddrFamily after parsing the address string. +// If the address isn't of the format "ip-address:port", it returns +// ipAddrFamilyUnknown. The address may be valid even if it's not an IP when +// using a resolver like passthrough where the address may be a hostname in +// some format that the dialer can resolve. +func addressFamily(address string) ipAddrFamily { + // Parse the IP after removing the port. + host, _, err := net.SplitHostPort(address) + if err != nil { + return ipAddrFamilyUnknown + } + ip, err := netip.ParseAddr(host) + if err != nil { + return ipAddrFamilyUnknown + } + switch { + case ip.Is4() || ip.Is4In6(): + return ipAddrFamilyV4 + case ip.Is6(): + return ipAddrFamilyV6 + default: + return ipAddrFamilyUnknown + } +} + +// reconcileSubConnsLocked updates the active subchannels based on a new address +// list from the resolver. It does this by: +// - closing subchannels: any existing subchannels associated with addresses +// that are no longer in the updated list are shut down. +// - removing subchannels: entries for these closed subchannels are removed +// from the subchannel map. +// +// This ensures that the subchannel map accurately reflects the current set of +// addresses received from the name resolver. +func (b *pickfirstBalancer) reconcileSubConnsLocked(newAddrs []resolver.Address) { + newAddrsMap := resolver.NewAddressMapV2[bool]() + for _, addr := range newAddrs { + newAddrsMap.Set(addr, true) + } + + for _, oldAddr := range b.subConns.Keys() { + if _, ok := newAddrsMap.Get(oldAddr); ok { + continue + } + val, _ := b.subConns.Get(oldAddr) + val.subConn.Shutdown() + b.subConns.Delete(oldAddr) + } +} + +// shutdownRemainingLocked shuts down remaining subConns. Called when a subConn +// becomes ready, which means that all other subConn must be shutdown. +func (b *pickfirstBalancer) shutdownRemainingLocked(selected *scData) { + b.cancelConnectionTimer() + for _, sd := range b.subConns.Values() { + if sd.subConn != selected.subConn { + sd.subConn.Shutdown() + } + } + b.subConns = resolver.NewAddressMapV2[*scData]() + b.subConns.Set(selected.addr, selected) +} + +// requestConnectionLocked starts connecting on the subchannel corresponding to +// the current address. If no subchannel exists, one is created. If the current +// subchannel is in TransientFailure, a connection to the next address is +// attempted until a subchannel is found. +func (b *pickfirstBalancer) requestConnectionLocked() { + if !b.addressList.isValid() { + return + } + var lastErr error + for valid := true; valid; valid = b.addressList.increment() { + curAddr := b.addressList.currentAddress() + sd, ok := b.subConns.Get(curAddr) + if !ok { + var err error + // We want to assign the new scData to sd from the outer scope, + // hence we can't use := below. + sd, err = b.newSCData(curAddr) + if err != nil { + // This should never happen, unless the clientConn is being shut + // down. + if b.logger.V(2) { + b.logger.Infof("Failed to create a subConn for address %v: %v", curAddr.String(), err) + } + // Do nothing, the LB policy will be closed soon. + return + } + b.subConns.Set(curAddr, sd) + } + + switch sd.rawConnectivityState { + case connectivity.Idle: + sd.subConn.Connect() + b.scheduleNextConnectionLocked() + return + case connectivity.TransientFailure: + // The SubConn is being re-used and failed during a previous pass + // over the addressList. It has not completed backoff yet. + // Mark it as having failed and try the next address. + sd.connectionFailedInFirstPass = true + lastErr = sd.lastErr + continue + case connectivity.Connecting: + // Wait for the connection attempt to complete or the timer to fire + // before attempting the next address. + b.scheduleNextConnectionLocked() + return + default: + b.logger.Errorf("SubConn with unexpected state %v present in SubConns map.", sd.rawConnectivityState) + return + + } + } + + // All the remaining addresses in the list are in TRANSIENT_FAILURE, end the + // first pass if possible. + b.endFirstPassIfPossibleLocked(lastErr) +} + +func (b *pickfirstBalancer) scheduleNextConnectionLocked() { + b.cancelConnectionTimer() + if !b.addressList.hasNext() { + return + } + curAddr := b.addressList.currentAddress() + cancelled := false // Access to this is protected by the balancer's mutex. + closeFn := internal.TimeAfterFunc(connectionDelayInterval, func() { + b.mu.Lock() + defer b.mu.Unlock() + // If the scheduled task is cancelled while acquiring the mutex, return. + if cancelled { + return + } if b.logger.V(2) { - b.logger.Infof("Ignored state change because subConn is not recognized") + b.logger.Infof("Happy Eyeballs timer expired while waiting for connection to %q.", curAddr.Addr) + } + if b.addressList.increment() { + b.requestConnectionLocked() } + }) + // Access to the cancellation callback held by the balancer is guarded by + // the balancer's mutex, so it's safe to set the boolean from the callback. + b.cancelConnectionTimer = sync.OnceFunc(func() { + cancelled = true + closeFn() + }) +} + +func (b *pickfirstBalancer) updateSubConnState(sd *scData, newState balancer.SubConnState) { + b.mu.Lock() + defer b.mu.Unlock() + oldState := sd.rawConnectivityState + sd.rawConnectivityState = newState.ConnectivityState + // Previously relevant SubConns can still callback with state updates. + // To prevent pickers from returning these obsolete SubConns, this logic + // is included to check if the current list of active SubConns includes this + // SubConn. + if !b.isActiveSCData(sd) { return } - if state.ConnectivityState == connectivity.Shutdown { - b.subConn = nil + if newState.ConnectivityState == connectivity.Shutdown { + sd.effectiveState = connectivity.Shutdown return } - switch state.ConnectivityState { - case connectivity.Ready: - b.cc.UpdateState(balancer.State{ - ConnectivityState: state.ConnectivityState, - Picker: &picker{result: balancer.PickResult{SubConn: subConn}}, - }) - case connectivity.Connecting: - if b.state == connectivity.TransientFailure { - // We stay in TransientFailure until we are Ready. See A62. + // Record a connection attempt when exiting CONNECTING. + if newState.ConnectivityState == connectivity.TransientFailure { + sd.connectionFailedInFirstPass = true + connectionAttemptsFailedMetric.Record(b.metricsRecorder, 1, b.target) + } + + if newState.ConnectivityState == connectivity.Ready { + connectionAttemptsSucceededMetric.Record(b.metricsRecorder, 1, b.target) + b.shutdownRemainingLocked(sd) + if !b.addressList.seekTo(sd.addr) { + // This should not fail as we should have only one SubConn after + // entering READY. The SubConn should be present in the addressList. + b.logger.Errorf("Address %q not found address list in %v", sd.addr, b.addressList.addresses) + return + } + if !b.healthCheckingEnabled { + if b.logger.V(2) { + b.logger.Infof("SubConn %p reported connectivity state READY and the health listener is disabled. Transitioning SubConn to READY.", sd.subConn) + } + + sd.effectiveState = connectivity.Ready + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Ready, + Picker: &picker{result: balancer.PickResult{SubConn: sd.subConn}}, + }) return } - b.cc.UpdateState(balancer.State{ - ConnectivityState: state.ConnectivityState, + if b.logger.V(2) { + b.logger.Infof("SubConn %p reported connectivity state READY. Registering health listener.", sd.subConn) + } + // Send a CONNECTING update to take the SubConn out of sticky-TF if + // required. + sd.effectiveState = connectivity.Connecting + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Connecting, Picker: &picker{err: balancer.ErrNoSubConnAvailable}, }) + sd.subConn.RegisterHealthListener(func(scs balancer.SubConnState) { + b.updateSubConnHealthState(sd, scs) + }) + return + } + + // If the LB policy is READY, and it receives a subchannel state change, + // it means that the READY subchannel has failed. + // A SubConn can also transition from CONNECTING directly to IDLE when + // a transport is successfully created, but the connection fails + // before the SubConn can send the notification for READY. We treat + // this as a successful connection and transition to IDLE. + // TODO: https://github.com/grpc/grpc-go/issues/7862 - Remove the second + // part of the if condition below once the issue is fixed. + if oldState == connectivity.Ready || (oldState == connectivity.Connecting && newState.ConnectivityState == connectivity.Idle) { + // Once a transport fails, the balancer enters IDLE and starts from + // the first address when the picker is used. + b.shutdownRemainingLocked(sd) + sd.effectiveState = newState.ConnectivityState + // READY SubConn interspliced in between CONNECTING and IDLE, need to + // account for that. + if oldState == connectivity.Connecting { + // A known issue (https://github.com/grpc/grpc-go/issues/7862) + // causes a race that prevents the READY state change notification. + // This works around it. + connectionAttemptsSucceededMetric.Record(b.metricsRecorder, 1, b.target) + } + disconnectionsMetric.Record(b.metricsRecorder, 1, b.target) + b.addressList.reset() + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Idle, + Picker: &idlePicker{exitIdle: sync.OnceFunc(b.ExitIdle)}, + }) + return + } + + if b.firstPass { + switch newState.ConnectivityState { + case connectivity.Connecting: + // The effective state can be in either IDLE, CONNECTING or + // TRANSIENT_FAILURE. If it's TRANSIENT_FAILURE, stay in + // TRANSIENT_FAILURE until it's READY. See A62. + if sd.effectiveState != connectivity.TransientFailure { + sd.effectiveState = connectivity.Connecting + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Connecting, + Picker: &picker{err: balancer.ErrNoSubConnAvailable}, + }) + } + case connectivity.TransientFailure: + sd.lastErr = newState.ConnectionError + sd.effectiveState = connectivity.TransientFailure + // Since we're re-using common SubConns while handling resolver + // updates, we could receive an out of turn TRANSIENT_FAILURE from + // a pass over the previous address list. Happy Eyeballs will also + // cause out of order updates to arrive. + + if curAddr := b.addressList.currentAddress(); equalAddressIgnoringBalAttributes(&curAddr, &sd.addr) { + b.cancelConnectionTimer() + if b.addressList.increment() { + b.requestConnectionLocked() + return + } + } + + // End the first pass if we've seen a TRANSIENT_FAILURE from all + // SubConns once. + b.endFirstPassIfPossibleLocked(newState.ConnectionError) + } + return + } + + // We have finished the first pass, keep re-connecting failing SubConns. + switch newState.ConnectivityState { + case connectivity.TransientFailure: + b.numTF = (b.numTF + 1) % b.subConns.Len() + sd.lastErr = newState.ConnectionError + if b.numTF%b.subConns.Len() == 0 { + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.TransientFailure, + Picker: &picker{err: newState.ConnectionError}, + }) + } + // We don't need to request re-resolution since the SubConn already + // does that before reporting TRANSIENT_FAILURE. + // TODO: #7534 - Move re-resolution requests from SubConn into + // pick_first. case connectivity.Idle: - if b.state == connectivity.TransientFailure { - // We stay in TransientFailure until we are Ready. Also kick the - // subConn out of Idle into Connecting. See A62. - b.subConn.Connect() + sd.subConn.Connect() + } +} + +// endFirstPassIfPossibleLocked ends the first happy-eyeballs pass if all the +// addresses are tried and their SubConns have reported a failure. +func (b *pickfirstBalancer) endFirstPassIfPossibleLocked(lastErr error) { + // An optimization to avoid iterating over the entire SubConn map. + if b.addressList.isValid() { + return + } + // Connect() has been called on all the SubConns. The first pass can be + // ended if all the SubConns have reported a failure. + for _, sd := range b.subConns.Values() { + if !sd.connectionFailedInFirstPass { return } - b.cc.UpdateState(balancer.State{ - ConnectivityState: state.ConnectivityState, - Picker: &idlePicker{subConn: subConn}, + } + b.firstPass = false + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.TransientFailure, + Picker: &picker{err: lastErr}, + }) + // Start re-connecting all the SubConns that are already in IDLE. + for _, sd := range b.subConns.Values() { + if sd.rawConnectivityState == connectivity.Idle { + sd.subConn.Connect() + } + } +} + +func (b *pickfirstBalancer) isActiveSCData(sd *scData) bool { + activeSD, found := b.subConns.Get(sd.addr) + return found && activeSD == sd +} + +func (b *pickfirstBalancer) updateSubConnHealthState(sd *scData, state balancer.SubConnState) { + b.mu.Lock() + defer b.mu.Unlock() + // Previously relevant SubConns can still callback with state updates. + // To prevent pickers from returning these obsolete SubConns, this logic + // is included to check if the current list of active SubConns includes + // this SubConn. + if !b.isActiveSCData(sd) { + return + } + sd.effectiveState = state.ConnectivityState + switch state.ConnectivityState { + case connectivity.Ready: + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Ready, + Picker: &picker{result: balancer.PickResult{SubConn: sd.subConn}}, }) case connectivity.TransientFailure: - b.cc.UpdateState(balancer.State{ - ConnectivityState: state.ConnectivityState, - Picker: &picker{err: state.ConnectionError}, + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.TransientFailure, + Picker: &picker{err: fmt.Errorf("pickfirst: health check failure: %v", state.ConnectionError)}, + }) + case connectivity.Connecting: + b.updateBalancerState(balancer.State{ + ConnectivityState: connectivity.Connecting, + Picker: &picker{err: balancer.ErrNoSubConnAvailable}, }) + default: + b.logger.Errorf("Got unexpected health update for SubConn %p: %v", state) } - b.state = state.ConnectivityState } -func (b *pickfirstBalancer) Close() { +// updateBalancerState stores the state reported to the channel and calls +// ClientConn.UpdateState(). As an optimization, it avoids sending duplicate +// updates to the channel. +func (b *pickfirstBalancer) updateBalancerState(newState balancer.State) { + // In case of TransientFailures allow the picker to be updated to update + // the connectivity error, in all other cases don't send duplicate state + // updates. + if newState.ConnectivityState == b.state && b.state != connectivity.TransientFailure { + return + } + b.forceUpdateConcludedStateLocked(newState) } -func (b *pickfirstBalancer) ExitIdle() { - if b.subConn != nil && b.state == connectivity.Idle { - b.subConn.Connect() - } +// forceUpdateConcludedStateLocked stores the state reported to the channel and +// calls ClientConn.UpdateState(). +// A separate function is defined to force update the ClientConn state since the +// channel doesn't correctly assume that LB policies start in CONNECTING and +// relies on LB policy to send an initial CONNECTING update. +func (b *pickfirstBalancer) forceUpdateConcludedStateLocked(newState balancer.State) { + b.state = newState.ConnectivityState + b.cc.UpdateState(newState) } type picker struct { @@ -282,10 +861,101 @@ func (p *picker) Pick(balancer.PickInfo) (balancer.PickResult, error) { // idlePicker is used when the SubConn is IDLE and kicks the SubConn into // CONNECTING when Pick is called. type idlePicker struct { - subConn balancer.SubConn + exitIdle func() } func (i *idlePicker) Pick(balancer.PickInfo) (balancer.PickResult, error) { - i.subConn.Connect() + i.exitIdle() return balancer.PickResult{}, balancer.ErrNoSubConnAvailable } + +// addressList manages sequentially iterating over addresses present in a list +// of endpoints. It provides a 1 dimensional view of the addresses present in +// the endpoints. +// This type is not safe for concurrent access. +type addressList struct { + addresses []resolver.Address + idx int +} + +func (al *addressList) isValid() bool { + return al.idx < len(al.addresses) +} + +func (al *addressList) size() int { + return len(al.addresses) +} + +// increment moves to the next index in the address list. +// This method returns false if it went off the list, true otherwise. +func (al *addressList) increment() bool { + if !al.isValid() { + return false + } + al.idx++ + return al.idx < len(al.addresses) +} + +// currentAddress returns the current address pointed to in the addressList. +// If the list is in an invalid state, it returns an empty address instead. +func (al *addressList) currentAddress() resolver.Address { + if !al.isValid() { + return resolver.Address{} + } + return al.addresses[al.idx] +} + +func (al *addressList) reset() { + al.idx = 0 +} + +func (al *addressList) updateAddrs(addrs []resolver.Address) { + al.addresses = addrs + al.reset() +} + +// seekTo returns false if the needle was not found and the current index was +// left unchanged. +func (al *addressList) seekTo(needle resolver.Address) bool { + for ai, addr := range al.addresses { + if !equalAddressIgnoringBalAttributes(&addr, &needle) { + continue + } + al.idx = ai + return true + } + return false +} + +// hasNext returns whether incrementing the addressList will result in moving +// past the end of the list. If the list has already moved past the end, it +// returns false. +func (al *addressList) hasNext() bool { + if !al.isValid() { + return false + } + return al.idx+1 < len(al.addresses) +} + +// equalAddressIgnoringBalAttributes returns true is a and b are considered +// equal. This is different from the Equal method on the resolver.Address type +// which considers all fields to determine equality. Here, we only consider +// fields that are meaningful to the SubConn. +func equalAddressIgnoringBalAttributes(a, b *resolver.Address) bool { + return a.Addr == b.Addr && a.ServerName == b.ServerName && + a.Attributes.Equal(b.Attributes) +} + +// weightAttribute is a convenience function which returns the value of the +// weight endpoint Attribute. +// +// When used in the xDS context, the weight attribute is guaranteed to be +// non-zero. But, when used in a non-xDS context, the weight attribute could be +// unset. A Default of 1 is used in the latter case. +func weightAttribute(e resolver.Endpoint) uint32 { + w := weight.FromEndpoint(e).Weight + if w == 0 { + return 1 + } + return w +} diff --git a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go b/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go deleted file mode 100644 index 494314f23..000000000 --- a/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go +++ /dev/null @@ -1,927 +0,0 @@ -/* - * - * Copyright 2024 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -// Package pickfirstleaf contains the pick_first load balancing policy which -// will be the universal leaf policy after dualstack changes are implemented. -// -// # Experimental -// -// Notice: This package is EXPERIMENTAL and may be changed or removed in a -// later release. -package pickfirstleaf - -import ( - "encoding/json" - "errors" - "fmt" - "net" - "net/netip" - "sync" - "time" - - "google.golang.org/grpc/balancer" - "google.golang.org/grpc/balancer/pickfirst/internal" - "google.golang.org/grpc/connectivity" - expstats "google.golang.org/grpc/experimental/stats" - "google.golang.org/grpc/grpclog" - "google.golang.org/grpc/internal/envconfig" - internalgrpclog "google.golang.org/grpc/internal/grpclog" - "google.golang.org/grpc/internal/pretty" - "google.golang.org/grpc/resolver" - "google.golang.org/grpc/serviceconfig" -) - -func init() { - if envconfig.NewPickFirstEnabled { - // Register as the default pick_first balancer. - Name = "pick_first" - } - balancer.Register(pickfirstBuilder{}) -} - -type ( - // enableHealthListenerKeyType is a unique key type used in resolver - // attributes to indicate whether the health listener usage is enabled. - enableHealthListenerKeyType struct{} - // managedByPickfirstKeyType is an attribute key type to inform Outlier - // Detection that the generic health listener is being used. - // TODO: https://github.com/grpc/grpc-go/issues/7915 - Remove this when - // implementing the dualstack design. This is a hack. Once Dualstack is - // completed, outlier detection will stop sending ejection updates through - // the connectivity listener. - managedByPickfirstKeyType struct{} -) - -var ( - logger = grpclog.Component("pick-first-leaf-lb") - // Name is the name of the pick_first_leaf balancer. - // It is changed to "pick_first" in init() if this balancer is to be - // registered as the default pickfirst. - Name = "pick_first_leaf" - disconnectionsMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ - Name: "grpc.lb.pick_first.disconnections", - Description: "EXPERIMENTAL. Number of times the selected subchannel becomes disconnected.", - Unit: "disconnection", - Labels: []string{"grpc.target"}, - Default: false, - }) - connectionAttemptsSucceededMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ - Name: "grpc.lb.pick_first.connection_attempts_succeeded", - Description: "EXPERIMENTAL. Number of successful connection attempts.", - Unit: "attempt", - Labels: []string{"grpc.target"}, - Default: false, - }) - connectionAttemptsFailedMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ - Name: "grpc.lb.pick_first.connection_attempts_failed", - Description: "EXPERIMENTAL. Number of failed connection attempts.", - Unit: "attempt", - Labels: []string{"grpc.target"}, - Default: false, - }) -) - -const ( - // TODO: change to pick-first when this becomes the default pick_first policy. - logPrefix = "[pick-first-leaf-lb %p] " - // connectionDelayInterval is the time to wait for during the happy eyeballs - // pass before starting the next connection attempt. - connectionDelayInterval = 250 * time.Millisecond -) - -type ipAddrFamily int - -const ( - // ipAddrFamilyUnknown represents strings that can't be parsed as an IP - // address. - ipAddrFamilyUnknown ipAddrFamily = iota - ipAddrFamilyV4 - ipAddrFamilyV6 -) - -type pickfirstBuilder struct{} - -func (pickfirstBuilder) Build(cc balancer.ClientConn, bo balancer.BuildOptions) balancer.Balancer { - b := &pickfirstBalancer{ - cc: cc, - target: bo.Target.String(), - metricsRecorder: cc.MetricsRecorder(), - - subConns: resolver.NewAddressMapV2[*scData](), - state: connectivity.Connecting, - cancelConnectionTimer: func() {}, - } - b.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf(logPrefix, b)) - return b -} - -func (b pickfirstBuilder) Name() string { - return Name -} - -func (pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) { - var cfg pfConfig - if err := json.Unmarshal(js, &cfg); err != nil { - return nil, fmt.Errorf("pickfirst: unable to unmarshal LB policy config: %s, error: %v", string(js), err) - } - return cfg, nil -} - -// EnableHealthListener updates the state to configure pickfirst for using a -// generic health listener. -func EnableHealthListener(state resolver.State) resolver.State { - state.Attributes = state.Attributes.WithValue(enableHealthListenerKeyType{}, true) - return state -} - -// IsManagedByPickfirst returns whether an address belongs to a SubConn -// managed by the pickfirst LB policy. -// TODO: https://github.com/grpc/grpc-go/issues/7915 - This is a hack to disable -// outlier_detection via the with connectivity listener when using pick_first. -// Once Dualstack changes are complete, all SubConns will be created by -// pick_first and outlier detection will only use the health listener for -// ejection. This hack can then be removed. -func IsManagedByPickfirst(addr resolver.Address) bool { - return addr.BalancerAttributes.Value(managedByPickfirstKeyType{}) != nil -} - -type pfConfig struct { - serviceconfig.LoadBalancingConfig `json:"-"` - - // If set to true, instructs the LB policy to shuffle the order of the list - // of endpoints received from the name resolver before attempting to - // connect to them. - ShuffleAddressList bool `json:"shuffleAddressList"` -} - -// scData keeps track of the current state of the subConn. -// It is not safe for concurrent access. -type scData struct { - // The following fields are initialized at build time and read-only after - // that. - subConn balancer.SubConn - addr resolver.Address - - rawConnectivityState connectivity.State - // The effective connectivity state based on raw connectivity, health state - // and after following sticky TransientFailure behaviour defined in A62. - effectiveState connectivity.State - lastErr error - connectionFailedInFirstPass bool -} - -func (b *pickfirstBalancer) newSCData(addr resolver.Address) (*scData, error) { - addr.BalancerAttributes = addr.BalancerAttributes.WithValue(managedByPickfirstKeyType{}, true) - sd := &scData{ - rawConnectivityState: connectivity.Idle, - effectiveState: connectivity.Idle, - addr: addr, - } - sc, err := b.cc.NewSubConn([]resolver.Address{addr}, balancer.NewSubConnOptions{ - StateListener: func(state balancer.SubConnState) { - b.updateSubConnState(sd, state) - }, - }) - if err != nil { - return nil, err - } - sd.subConn = sc - return sd, nil -} - -type pickfirstBalancer struct { - // The following fields are initialized at build time and read-only after - // that and therefore do not need to be guarded by a mutex. - logger *internalgrpclog.PrefixLogger - cc balancer.ClientConn - target string - metricsRecorder expstats.MetricsRecorder // guaranteed to be non nil - - // The mutex is used to ensure synchronization of updates triggered - // from the idle picker and the already serialized resolver, - // SubConn state updates. - mu sync.Mutex - // State reported to the channel based on SubConn states and resolver - // updates. - state connectivity.State - // scData for active subonns mapped by address. - subConns *resolver.AddressMapV2[*scData] - addressList addressList - firstPass bool - numTF int - cancelConnectionTimer func() - healthCheckingEnabled bool -} - -// ResolverError is called by the ClientConn when the name resolver produces -// an error or when pickfirst determined the resolver update to be invalid. -func (b *pickfirstBalancer) ResolverError(err error) { - b.mu.Lock() - defer b.mu.Unlock() - b.resolverErrorLocked(err) -} - -func (b *pickfirstBalancer) resolverErrorLocked(err error) { - if b.logger.V(2) { - b.logger.Infof("Received error from the name resolver: %v", err) - } - - // The picker will not change since the balancer does not currently - // report an error. If the balancer hasn't received a single good resolver - // update yet, transition to TRANSIENT_FAILURE. - if b.state != connectivity.TransientFailure && b.addressList.size() > 0 { - if b.logger.V(2) { - b.logger.Infof("Ignoring resolver error because balancer is using a previous good update.") - } - return - } - - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.TransientFailure, - Picker: &picker{err: fmt.Errorf("name resolver error: %v", err)}, - }) -} - -func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState) error { - b.mu.Lock() - defer b.mu.Unlock() - b.cancelConnectionTimer() - if len(state.ResolverState.Addresses) == 0 && len(state.ResolverState.Endpoints) == 0 { - // Cleanup state pertaining to the previous resolver state. - // Treat an empty address list like an error by calling b.ResolverError. - b.closeSubConnsLocked() - b.addressList.updateAddrs(nil) - b.resolverErrorLocked(errors.New("produced zero addresses")) - return balancer.ErrBadResolverState - } - b.healthCheckingEnabled = state.ResolverState.Attributes.Value(enableHealthListenerKeyType{}) != nil - cfg, ok := state.BalancerConfig.(pfConfig) - if state.BalancerConfig != nil && !ok { - return fmt.Errorf("pickfirst: received illegal BalancerConfig (type %T): %v: %w", state.BalancerConfig, state.BalancerConfig, balancer.ErrBadResolverState) - } - - if b.logger.V(2) { - b.logger.Infof("Received new config %s, resolver state %s", pretty.ToJSON(cfg), pretty.ToJSON(state.ResolverState)) - } - - var newAddrs []resolver.Address - if endpoints := state.ResolverState.Endpoints; len(endpoints) != 0 { - // Perform the optional shuffling described in gRFC A62. The shuffling - // will change the order of endpoints but not touch the order of the - // addresses within each endpoint. - A61 - if cfg.ShuffleAddressList { - endpoints = append([]resolver.Endpoint{}, endpoints...) - internal.RandShuffle(len(endpoints), func(i, j int) { endpoints[i], endpoints[j] = endpoints[j], endpoints[i] }) - } - - // "Flatten the list by concatenating the ordered list of addresses for - // each of the endpoints, in order." - A61 - for _, endpoint := range endpoints { - newAddrs = append(newAddrs, endpoint.Addresses...) - } - } else { - // Endpoints not set, process addresses until we migrate resolver - // emissions fully to Endpoints. The top channel does wrap emitted - // addresses with endpoints, however some balancers such as weighted - // target do not forward the corresponding correct endpoints down/split - // endpoints properly. Once all balancers correctly forward endpoints - // down, can delete this else conditional. - newAddrs = state.ResolverState.Addresses - if cfg.ShuffleAddressList { - newAddrs = append([]resolver.Address{}, newAddrs...) - internal.RandShuffle(len(endpoints), func(i, j int) { endpoints[i], endpoints[j] = endpoints[j], endpoints[i] }) - } - } - - // If an address appears in multiple endpoints or in the same endpoint - // multiple times, we keep it only once. We will create only one SubConn - // for the address because an AddressMap is used to store SubConns. - // Not de-duplicating would result in attempting to connect to the same - // SubConn multiple times in the same pass. We don't want this. - newAddrs = deDupAddresses(newAddrs) - newAddrs = interleaveAddresses(newAddrs) - - prevAddr := b.addressList.currentAddress() - prevSCData, found := b.subConns.Get(prevAddr) - prevAddrsCount := b.addressList.size() - isPrevRawConnectivityStateReady := found && prevSCData.rawConnectivityState == connectivity.Ready - b.addressList.updateAddrs(newAddrs) - - // If the previous ready SubConn exists in new address list, - // keep this connection and don't create new SubConns. - if isPrevRawConnectivityStateReady && b.addressList.seekTo(prevAddr) { - return nil - } - - b.reconcileSubConnsLocked(newAddrs) - // If it's the first resolver update or the balancer was already READY - // (but the new address list does not contain the ready SubConn) or - // CONNECTING, enter CONNECTING. - // We may be in TRANSIENT_FAILURE due to a previous empty address list, - // we should still enter CONNECTING because the sticky TF behaviour - // mentioned in A62 applies only when the TRANSIENT_FAILURE is reported - // due to connectivity failures. - if isPrevRawConnectivityStateReady || b.state == connectivity.Connecting || prevAddrsCount == 0 { - // Start connection attempt at first address. - b.forceUpdateConcludedStateLocked(balancer.State{ - ConnectivityState: connectivity.Connecting, - Picker: &picker{err: balancer.ErrNoSubConnAvailable}, - }) - b.startFirstPassLocked() - } else if b.state == connectivity.TransientFailure { - // If we're in TRANSIENT_FAILURE, we stay in TRANSIENT_FAILURE until - // we're READY. See A62. - b.startFirstPassLocked() - } - return nil -} - -// UpdateSubConnState is unused as a StateListener is always registered when -// creating SubConns. -func (b *pickfirstBalancer) UpdateSubConnState(subConn balancer.SubConn, state balancer.SubConnState) { - b.logger.Errorf("UpdateSubConnState(%v, %+v) called unexpectedly", subConn, state) -} - -func (b *pickfirstBalancer) Close() { - b.mu.Lock() - defer b.mu.Unlock() - b.closeSubConnsLocked() - b.cancelConnectionTimer() - b.state = connectivity.Shutdown -} - -// ExitIdle moves the balancer out of idle state. It can be called concurrently -// by the idlePicker and clientConn so access to variables should be -// synchronized. -func (b *pickfirstBalancer) ExitIdle() { - b.mu.Lock() - defer b.mu.Unlock() - if b.state == connectivity.Idle { - b.startFirstPassLocked() - } -} - -func (b *pickfirstBalancer) startFirstPassLocked() { - b.firstPass = true - b.numTF = 0 - // Reset the connection attempt record for existing SubConns. - for _, sd := range b.subConns.Values() { - sd.connectionFailedInFirstPass = false - } - b.requestConnectionLocked() -} - -func (b *pickfirstBalancer) closeSubConnsLocked() { - for _, sd := range b.subConns.Values() { - sd.subConn.Shutdown() - } - b.subConns = resolver.NewAddressMapV2[*scData]() -} - -// deDupAddresses ensures that each address appears only once in the slice. -func deDupAddresses(addrs []resolver.Address) []resolver.Address { - seenAddrs := resolver.NewAddressMapV2[*scData]() - retAddrs := []resolver.Address{} - - for _, addr := range addrs { - if _, ok := seenAddrs.Get(addr); ok { - continue - } - retAddrs = append(retAddrs, addr) - } - return retAddrs -} - -// interleaveAddresses interleaves addresses of both families (IPv4 and IPv6) -// as per RFC-8305 section 4. -// Whichever address family is first in the list is followed by an address of -// the other address family; that is, if the first address in the list is IPv6, -// then the first IPv4 address should be moved up in the list to be second in -// the list. It doesn't support configuring "First Address Family Count", i.e. -// there will always be a single member of the first address family at the -// beginning of the interleaved list. -// Addresses that are neither IPv4 nor IPv6 are treated as part of a third -// "unknown" family for interleaving. -// See: https://datatracker.ietf.org/doc/html/rfc8305#autoid-6 -func interleaveAddresses(addrs []resolver.Address) []resolver.Address { - familyAddrsMap := map[ipAddrFamily][]resolver.Address{} - interleavingOrder := []ipAddrFamily{} - for _, addr := range addrs { - family := addressFamily(addr.Addr) - if _, found := familyAddrsMap[family]; !found { - interleavingOrder = append(interleavingOrder, family) - } - familyAddrsMap[family] = append(familyAddrsMap[family], addr) - } - - interleavedAddrs := make([]resolver.Address, 0, len(addrs)) - - for curFamilyIdx := 0; len(interleavedAddrs) < len(addrs); curFamilyIdx = (curFamilyIdx + 1) % len(interleavingOrder) { - // Some IP types may have fewer addresses than others, so we look for - // the next type that has a remaining member to add to the interleaved - // list. - family := interleavingOrder[curFamilyIdx] - remainingMembers := familyAddrsMap[family] - if len(remainingMembers) > 0 { - interleavedAddrs = append(interleavedAddrs, remainingMembers[0]) - familyAddrsMap[family] = remainingMembers[1:] - } - } - - return interleavedAddrs -} - -// addressFamily returns the ipAddrFamily after parsing the address string. -// If the address isn't of the format "ip-address:port", it returns -// ipAddrFamilyUnknown. The address may be valid even if it's not an IP when -// using a resolver like passthrough where the address may be a hostname in -// some format that the dialer can resolve. -func addressFamily(address string) ipAddrFamily { - // Parse the IP after removing the port. - host, _, err := net.SplitHostPort(address) - if err != nil { - return ipAddrFamilyUnknown - } - ip, err := netip.ParseAddr(host) - if err != nil { - return ipAddrFamilyUnknown - } - switch { - case ip.Is4() || ip.Is4In6(): - return ipAddrFamilyV4 - case ip.Is6(): - return ipAddrFamilyV6 - default: - return ipAddrFamilyUnknown - } -} - -// reconcileSubConnsLocked updates the active subchannels based on a new address -// list from the resolver. It does this by: -// - closing subchannels: any existing subchannels associated with addresses -// that are no longer in the updated list are shut down. -// - removing subchannels: entries for these closed subchannels are removed -// from the subchannel map. -// -// This ensures that the subchannel map accurately reflects the current set of -// addresses received from the name resolver. -func (b *pickfirstBalancer) reconcileSubConnsLocked(newAddrs []resolver.Address) { - newAddrsMap := resolver.NewAddressMapV2[bool]() - for _, addr := range newAddrs { - newAddrsMap.Set(addr, true) - } - - for _, oldAddr := range b.subConns.Keys() { - if _, ok := newAddrsMap.Get(oldAddr); ok { - continue - } - val, _ := b.subConns.Get(oldAddr) - val.subConn.Shutdown() - b.subConns.Delete(oldAddr) - } -} - -// shutdownRemainingLocked shuts down remaining subConns. Called when a subConn -// becomes ready, which means that all other subConn must be shutdown. -func (b *pickfirstBalancer) shutdownRemainingLocked(selected *scData) { - b.cancelConnectionTimer() - for _, sd := range b.subConns.Values() { - if sd.subConn != selected.subConn { - sd.subConn.Shutdown() - } - } - b.subConns = resolver.NewAddressMapV2[*scData]() - b.subConns.Set(selected.addr, selected) -} - -// requestConnectionLocked starts connecting on the subchannel corresponding to -// the current address. If no subchannel exists, one is created. If the current -// subchannel is in TransientFailure, a connection to the next address is -// attempted until a subchannel is found. -func (b *pickfirstBalancer) requestConnectionLocked() { - if !b.addressList.isValid() { - return - } - var lastErr error - for valid := true; valid; valid = b.addressList.increment() { - curAddr := b.addressList.currentAddress() - sd, ok := b.subConns.Get(curAddr) - if !ok { - var err error - // We want to assign the new scData to sd from the outer scope, - // hence we can't use := below. - sd, err = b.newSCData(curAddr) - if err != nil { - // This should never happen, unless the clientConn is being shut - // down. - if b.logger.V(2) { - b.logger.Infof("Failed to create a subConn for address %v: %v", curAddr.String(), err) - } - // Do nothing, the LB policy will be closed soon. - return - } - b.subConns.Set(curAddr, sd) - } - - switch sd.rawConnectivityState { - case connectivity.Idle: - sd.subConn.Connect() - b.scheduleNextConnectionLocked() - return - case connectivity.TransientFailure: - // The SubConn is being re-used and failed during a previous pass - // over the addressList. It has not completed backoff yet. - // Mark it as having failed and try the next address. - sd.connectionFailedInFirstPass = true - lastErr = sd.lastErr - continue - case connectivity.Connecting: - // Wait for the connection attempt to complete or the timer to fire - // before attempting the next address. - b.scheduleNextConnectionLocked() - return - default: - b.logger.Errorf("SubConn with unexpected state %v present in SubConns map.", sd.rawConnectivityState) - return - - } - } - - // All the remaining addresses in the list are in TRANSIENT_FAILURE, end the - // first pass if possible. - b.endFirstPassIfPossibleLocked(lastErr) -} - -func (b *pickfirstBalancer) scheduleNextConnectionLocked() { - b.cancelConnectionTimer() - if !b.addressList.hasNext() { - return - } - curAddr := b.addressList.currentAddress() - cancelled := false // Access to this is protected by the balancer's mutex. - closeFn := internal.TimeAfterFunc(connectionDelayInterval, func() { - b.mu.Lock() - defer b.mu.Unlock() - // If the scheduled task is cancelled while acquiring the mutex, return. - if cancelled { - return - } - if b.logger.V(2) { - b.logger.Infof("Happy Eyeballs timer expired while waiting for connection to %q.", curAddr.Addr) - } - if b.addressList.increment() { - b.requestConnectionLocked() - } - }) - // Access to the cancellation callback held by the balancer is guarded by - // the balancer's mutex, so it's safe to set the boolean from the callback. - b.cancelConnectionTimer = sync.OnceFunc(func() { - cancelled = true - closeFn() - }) -} - -func (b *pickfirstBalancer) updateSubConnState(sd *scData, newState balancer.SubConnState) { - b.mu.Lock() - defer b.mu.Unlock() - oldState := sd.rawConnectivityState - sd.rawConnectivityState = newState.ConnectivityState - // Previously relevant SubConns can still callback with state updates. - // To prevent pickers from returning these obsolete SubConns, this logic - // is included to check if the current list of active SubConns includes this - // SubConn. - if !b.isActiveSCData(sd) { - return - } - if newState.ConnectivityState == connectivity.Shutdown { - sd.effectiveState = connectivity.Shutdown - return - } - - // Record a connection attempt when exiting CONNECTING. - if newState.ConnectivityState == connectivity.TransientFailure { - sd.connectionFailedInFirstPass = true - connectionAttemptsFailedMetric.Record(b.metricsRecorder, 1, b.target) - } - - if newState.ConnectivityState == connectivity.Ready { - connectionAttemptsSucceededMetric.Record(b.metricsRecorder, 1, b.target) - b.shutdownRemainingLocked(sd) - if !b.addressList.seekTo(sd.addr) { - // This should not fail as we should have only one SubConn after - // entering READY. The SubConn should be present in the addressList. - b.logger.Errorf("Address %q not found address list in %v", sd.addr, b.addressList.addresses) - return - } - if !b.healthCheckingEnabled { - if b.logger.V(2) { - b.logger.Infof("SubConn %p reported connectivity state READY and the health listener is disabled. Transitioning SubConn to READY.", sd.subConn) - } - - sd.effectiveState = connectivity.Ready - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.Ready, - Picker: &picker{result: balancer.PickResult{SubConn: sd.subConn}}, - }) - return - } - if b.logger.V(2) { - b.logger.Infof("SubConn %p reported connectivity state READY. Registering health listener.", sd.subConn) - } - // Send a CONNECTING update to take the SubConn out of sticky-TF if - // required. - sd.effectiveState = connectivity.Connecting - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.Connecting, - Picker: &picker{err: balancer.ErrNoSubConnAvailable}, - }) - sd.subConn.RegisterHealthListener(func(scs balancer.SubConnState) { - b.updateSubConnHealthState(sd, scs) - }) - return - } - - // If the LB policy is READY, and it receives a subchannel state change, - // it means that the READY subchannel has failed. - // A SubConn can also transition from CONNECTING directly to IDLE when - // a transport is successfully created, but the connection fails - // before the SubConn can send the notification for READY. We treat - // this as a successful connection and transition to IDLE. - // TODO: https://github.com/grpc/grpc-go/issues/7862 - Remove the second - // part of the if condition below once the issue is fixed. - if oldState == connectivity.Ready || (oldState == connectivity.Connecting && newState.ConnectivityState == connectivity.Idle) { - // Once a transport fails, the balancer enters IDLE and starts from - // the first address when the picker is used. - b.shutdownRemainingLocked(sd) - sd.effectiveState = newState.ConnectivityState - // READY SubConn interspliced in between CONNECTING and IDLE, need to - // account for that. - if oldState == connectivity.Connecting { - // A known issue (https://github.com/grpc/grpc-go/issues/7862) - // causes a race that prevents the READY state change notification. - // This works around it. - connectionAttemptsSucceededMetric.Record(b.metricsRecorder, 1, b.target) - } - disconnectionsMetric.Record(b.metricsRecorder, 1, b.target) - b.addressList.reset() - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.Idle, - Picker: &idlePicker{exitIdle: sync.OnceFunc(b.ExitIdle)}, - }) - return - } - - if b.firstPass { - switch newState.ConnectivityState { - case connectivity.Connecting: - // The effective state can be in either IDLE, CONNECTING or - // TRANSIENT_FAILURE. If it's TRANSIENT_FAILURE, stay in - // TRANSIENT_FAILURE until it's READY. See A62. - if sd.effectiveState != connectivity.TransientFailure { - sd.effectiveState = connectivity.Connecting - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.Connecting, - Picker: &picker{err: balancer.ErrNoSubConnAvailable}, - }) - } - case connectivity.TransientFailure: - sd.lastErr = newState.ConnectionError - sd.effectiveState = connectivity.TransientFailure - // Since we're re-using common SubConns while handling resolver - // updates, we could receive an out of turn TRANSIENT_FAILURE from - // a pass over the previous address list. Happy Eyeballs will also - // cause out of order updates to arrive. - - if curAddr := b.addressList.currentAddress(); equalAddressIgnoringBalAttributes(&curAddr, &sd.addr) { - b.cancelConnectionTimer() - if b.addressList.increment() { - b.requestConnectionLocked() - return - } - } - - // End the first pass if we've seen a TRANSIENT_FAILURE from all - // SubConns once. - b.endFirstPassIfPossibleLocked(newState.ConnectionError) - } - return - } - - // We have finished the first pass, keep re-connecting failing SubConns. - switch newState.ConnectivityState { - case connectivity.TransientFailure: - b.numTF = (b.numTF + 1) % b.subConns.Len() - sd.lastErr = newState.ConnectionError - if b.numTF%b.subConns.Len() == 0 { - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.TransientFailure, - Picker: &picker{err: newState.ConnectionError}, - }) - } - // We don't need to request re-resolution since the SubConn already - // does that before reporting TRANSIENT_FAILURE. - // TODO: #7534 - Move re-resolution requests from SubConn into - // pick_first. - case connectivity.Idle: - sd.subConn.Connect() - } -} - -// endFirstPassIfPossibleLocked ends the first happy-eyeballs pass if all the -// addresses are tried and their SubConns have reported a failure. -func (b *pickfirstBalancer) endFirstPassIfPossibleLocked(lastErr error) { - // An optimization to avoid iterating over the entire SubConn map. - if b.addressList.isValid() { - return - } - // Connect() has been called on all the SubConns. The first pass can be - // ended if all the SubConns have reported a failure. - for _, sd := range b.subConns.Values() { - if !sd.connectionFailedInFirstPass { - return - } - } - b.firstPass = false - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.TransientFailure, - Picker: &picker{err: lastErr}, - }) - // Start re-connecting all the SubConns that are already in IDLE. - for _, sd := range b.subConns.Values() { - if sd.rawConnectivityState == connectivity.Idle { - sd.subConn.Connect() - } - } -} - -func (b *pickfirstBalancer) isActiveSCData(sd *scData) bool { - activeSD, found := b.subConns.Get(sd.addr) - return found && activeSD == sd -} - -func (b *pickfirstBalancer) updateSubConnHealthState(sd *scData, state balancer.SubConnState) { - b.mu.Lock() - defer b.mu.Unlock() - // Previously relevant SubConns can still callback with state updates. - // To prevent pickers from returning these obsolete SubConns, this logic - // is included to check if the current list of active SubConns includes - // this SubConn. - if !b.isActiveSCData(sd) { - return - } - sd.effectiveState = state.ConnectivityState - switch state.ConnectivityState { - case connectivity.Ready: - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.Ready, - Picker: &picker{result: balancer.PickResult{SubConn: sd.subConn}}, - }) - case connectivity.TransientFailure: - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.TransientFailure, - Picker: &picker{err: fmt.Errorf("pickfirst: health check failure: %v", state.ConnectionError)}, - }) - case connectivity.Connecting: - b.updateBalancerState(balancer.State{ - ConnectivityState: connectivity.Connecting, - Picker: &picker{err: balancer.ErrNoSubConnAvailable}, - }) - default: - b.logger.Errorf("Got unexpected health update for SubConn %p: %v", state) - } -} - -// updateBalancerState stores the state reported to the channel and calls -// ClientConn.UpdateState(). As an optimization, it avoids sending duplicate -// updates to the channel. -func (b *pickfirstBalancer) updateBalancerState(newState balancer.State) { - // In case of TransientFailures allow the picker to be updated to update - // the connectivity error, in all other cases don't send duplicate state - // updates. - if newState.ConnectivityState == b.state && b.state != connectivity.TransientFailure { - return - } - b.forceUpdateConcludedStateLocked(newState) -} - -// forceUpdateConcludedStateLocked stores the state reported to the channel and -// calls ClientConn.UpdateState(). -// A separate function is defined to force update the ClientConn state since the -// channel doesn't correctly assume that LB policies start in CONNECTING and -// relies on LB policy to send an initial CONNECTING update. -func (b *pickfirstBalancer) forceUpdateConcludedStateLocked(newState balancer.State) { - b.state = newState.ConnectivityState - b.cc.UpdateState(newState) -} - -type picker struct { - result balancer.PickResult - err error -} - -func (p *picker) Pick(balancer.PickInfo) (balancer.PickResult, error) { - return p.result, p.err -} - -// idlePicker is used when the SubConn is IDLE and kicks the SubConn into -// CONNECTING when Pick is called. -type idlePicker struct { - exitIdle func() -} - -func (i *idlePicker) Pick(balancer.PickInfo) (balancer.PickResult, error) { - i.exitIdle() - return balancer.PickResult{}, balancer.ErrNoSubConnAvailable -} - -// addressList manages sequentially iterating over addresses present in a list -// of endpoints. It provides a 1 dimensional view of the addresses present in -// the endpoints. -// This type is not safe for concurrent access. -type addressList struct { - addresses []resolver.Address - idx int -} - -func (al *addressList) isValid() bool { - return al.idx < len(al.addresses) -} - -func (al *addressList) size() int { - return len(al.addresses) -} - -// increment moves to the next index in the address list. -// This method returns false if it went off the list, true otherwise. -func (al *addressList) increment() bool { - if !al.isValid() { - return false - } - al.idx++ - return al.idx < len(al.addresses) -} - -// currentAddress returns the current address pointed to in the addressList. -// If the list is in an invalid state, it returns an empty address instead. -func (al *addressList) currentAddress() resolver.Address { - if !al.isValid() { - return resolver.Address{} - } - return al.addresses[al.idx] -} - -func (al *addressList) reset() { - al.idx = 0 -} - -func (al *addressList) updateAddrs(addrs []resolver.Address) { - al.addresses = addrs - al.reset() -} - -// seekTo returns false if the needle was not found and the current index was -// left unchanged. -func (al *addressList) seekTo(needle resolver.Address) bool { - for ai, addr := range al.addresses { - if !equalAddressIgnoringBalAttributes(&addr, &needle) { - continue - } - al.idx = ai - return true - } - return false -} - -// hasNext returns whether incrementing the addressList will result in moving -// past the end of the list. If the list has already moved past the end, it -// returns false. -func (al *addressList) hasNext() bool { - if !al.isValid() { - return false - } - return al.idx+1 < len(al.addresses) -} - -// equalAddressIgnoringBalAttributes returns true is a and b are considered -// equal. This is different from the Equal method on the resolver.Address type -// which considers all fields to determine equality. Here, we only consider -// fields that are meaningful to the SubConn. -func equalAddressIgnoringBalAttributes(a, b *resolver.Address) bool { - return a.Addr == b.Addr && a.ServerName == b.ServerName && - a.Attributes.Equal(b.Attributes) -} diff --git a/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go b/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go index 35da5d1ec..22e6e3267 100644 --- a/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go +++ b/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go @@ -26,7 +26,7 @@ import ( "google.golang.org/grpc/balancer" "google.golang.org/grpc/balancer/endpointsharding" - "google.golang.org/grpc/balancer/pickfirst/pickfirstleaf" + "google.golang.org/grpc/balancer/pickfirst" "google.golang.org/grpc/grpclog" internalgrpclog "google.golang.org/grpc/internal/grpclog" ) @@ -47,7 +47,7 @@ func (bb builder) Name() string { } func (bb builder) Build(cc balancer.ClientConn, opts balancer.BuildOptions) balancer.Balancer { - childBuilder := balancer.Get(pickfirstleaf.Name).Build + childBuilder := balancer.Get(pickfirst.Name).Build bal := &rrBalancer{ cc: cc, Balancer: endpointsharding.NewBalancer(cc, opts, childBuilder, endpointsharding.Options{}), @@ -67,13 +67,6 @@ func (b *rrBalancer) UpdateClientConnState(ccs balancer.ClientConnState) error { return b.Balancer.UpdateClientConnState(balancer.ClientConnState{ // Enable the health listener in pickfirst children for client side health // checks and outlier detection, if configured. - ResolverState: pickfirstleaf.EnableHealthListener(ccs.ResolverState), + ResolverState: pickfirst.EnableHealthListener(ccs.ResolverState), }) } - -func (b *rrBalancer) ExitIdle() { - // Should always be ok, as child is endpoint sharding. - if ei, ok := b.Balancer.(balancer.ExitIdler); ok { - ei.ExitIdle() - } -} diff --git a/vendor/google.golang.org/grpc/balancer/subconn.go b/vendor/google.golang.org/grpc/balancer/subconn.go index 9ee44d4af..c1ca7c92e 100644 --- a/vendor/google.golang.org/grpc/balancer/subconn.go +++ b/vendor/google.golang.org/grpc/balancer/subconn.go @@ -111,20 +111,6 @@ type SubConnState struct { // ConnectionError is set if the ConnectivityState is TransientFailure, // describing the reason the SubConn failed. Otherwise, it is nil. ConnectionError error - // connectedAddr contains the connected address when ConnectivityState is - // Ready. Otherwise, it is indeterminate. - connectedAddress resolver.Address -} - -// connectedAddress returns the connected address for a SubConnState. The -// address is only valid if the state is READY. -func connectedAddress(scs SubConnState) resolver.Address { - return scs.connectedAddress -} - -// setConnectedAddress sets the connected address for a SubConnState. -func setConnectedAddress(scs *SubConnState, addr resolver.Address) { - scs.connectedAddress = addr } // A Producer is a type shared among potentially many consumers. It is diff --git a/vendor/google.golang.org/grpc/balancer_wrapper.go b/vendor/google.golang.org/grpc/balancer_wrapper.go index 948a21ef6..a1e56a389 100644 --- a/vendor/google.golang.org/grpc/balancer_wrapper.go +++ b/vendor/google.golang.org/grpc/balancer_wrapper.go @@ -36,7 +36,6 @@ import ( ) var ( - setConnectedAddress = internal.SetConnectedAddress.(func(*balancer.SubConnState, resolver.Address)) // noOpRegisterHealthListenerFn is used when client side health checking is // disabled. It sends a single READY update on the registered listener. noOpRegisterHealthListenerFn = func(_ context.Context, listener func(balancer.SubConnState)) func() { @@ -305,7 +304,7 @@ func newHealthData(s connectivity.State) *healthData { // updateState is invoked by grpc to push a subConn state update to the // underlying balancer. -func (acbw *acBalancerWrapper) updateState(s connectivity.State, curAddr resolver.Address, err error) { +func (acbw *acBalancerWrapper) updateState(s connectivity.State, err error) { acbw.ccb.serializer.TrySchedule(func(ctx context.Context) { if ctx.Err() != nil || acbw.ccb.balancer == nil { return @@ -317,9 +316,6 @@ func (acbw *acBalancerWrapper) updateState(s connectivity.State, curAddr resolve // opts.StateListener is set, so this cannot ever be nil. // TODO: delete this comment when UpdateSubConnState is removed. scs := balancer.SubConnState{ConnectivityState: s, ConnectionError: err} - if s == connectivity.Ready { - setConnectedAddress(&scs, curAddr) - } // Invalidate the health listener by updating the healthData. acbw.healthMu.Lock() // A race may occur if a health listener is registered soon after the @@ -450,13 +446,14 @@ func (acbw *acBalancerWrapper) healthListenerRegFn() func(context.Context, func( if acbw.ccb.cc.dopts.disableHealthCheck { return noOpRegisterHealthListenerFn } + cfg := acbw.ac.cc.healthCheckConfig() + if cfg == nil { + return noOpRegisterHealthListenerFn + } regHealthLisFn := internal.RegisterClientHealthCheckListener if regHealthLisFn == nil { // The health package is not imported. - return noOpRegisterHealthListenerFn - } - cfg := acbw.ac.cc.healthCheckConfig() - if cfg == nil { + channelz.Error(logger, acbw.ac.channelz, "Health check is requested but health package is not imported.") return noOpRegisterHealthListenerFn } return func(ctx context.Context, listener func(balancer.SubConnState)) func() { diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go index 825c31795..42c61cf9f 100644 --- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go +++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 +// protoc-gen-go v1.36.10 // protoc v5.27.1 // source: grpc/binlog/v1/binarylog.proto @@ -858,133 +858,68 @@ func (x *Address) GetIpPort() uint32 { var File_grpc_binlog_v1_binarylog_proto protoreflect.FileDescriptor -var file_grpc_binlog_v1_binarylog_proto_rawDesc = string([]byte{ - 0x0a, 0x1e, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x62, 0x69, 0x6e, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x31, - 0x2f, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x11, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, - 0x2e, 0x76, 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xbb, 0x07, 0x0a, 0x0c, 0x47, 0x72, 0x70, 0x63, 0x4c, 0x6f, 0x67, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, - 0x17, 0x0a, 0x07, 0x63, 0x61, 0x6c, 0x6c, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, - 0x52, 0x06, 0x63, 0x61, 0x6c, 0x6c, 0x49, 0x64, 0x12, 0x35, 0x0a, 0x17, 0x73, 0x65, 0x71, 0x75, - 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x5f, 0x77, 0x69, 0x74, 0x68, 0x69, 0x6e, 0x5f, 0x63, - 0x61, 0x6c, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x14, 0x73, 0x65, 0x71, 0x75, 0x65, - 0x6e, 0x63, 0x65, 0x49, 0x64, 0x57, 0x69, 0x74, 0x68, 0x69, 0x6e, 0x43, 0x61, 0x6c, 0x6c, 0x12, - 0x3d, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, - 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x76, - 0x31, 0x2e, 0x47, 0x72, 0x70, 0x63, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x45, - 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3e, - 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x67, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, - 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, - 0x76, 0x31, 0x2e, 0x47, 0x72, 0x70, 0x63, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x72, 0x52, 0x06, 0x6c, 0x6f, 0x67, 0x67, 0x65, 0x72, 0x12, 0x46, - 0x0a, 0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, - 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x46, 0x0a, 0x0d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, - 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x76, - 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x48, 0x00, - 0x52, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x36, - 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, - 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x48, 0x00, 0x52, 0x07, 0x6d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x65, - 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, - 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x69, - 0x6c, 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x65, 0x72, 0x12, 0x2b, - 0x0a, 0x11, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, - 0x74, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x70, 0x61, 0x79, 0x6c, 0x6f, - 0x61, 0x64, 0x54, 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x04, 0x70, - 0x65, 0x65, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x72, 0x70, 0x63, - 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, - 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x04, 0x70, 0x65, 0x65, 0x72, 0x22, 0xf5, 0x01, 0x0a, 0x09, - 0x45, 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x45, 0x56, 0x45, - 0x4e, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, - 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, - 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x10, 0x01, 0x12, - 0x1c, 0x0a, 0x18, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x45, - 0x52, 0x56, 0x45, 0x52, 0x5f, 0x48, 0x45, 0x41, 0x44, 0x45, 0x52, 0x10, 0x02, 0x12, 0x1d, 0x0a, - 0x19, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x4c, 0x49, 0x45, - 0x4e, 0x54, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x03, 0x12, 0x1d, 0x0a, 0x19, - 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, - 0x52, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x04, 0x12, 0x20, 0x0a, 0x1c, 0x45, - 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, - 0x5f, 0x48, 0x41, 0x4c, 0x46, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x10, 0x05, 0x12, 0x1d, 0x0a, - 0x19, 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, - 0x45, 0x52, 0x5f, 0x54, 0x52, 0x41, 0x49, 0x4c, 0x45, 0x52, 0x10, 0x06, 0x12, 0x15, 0x0a, 0x11, - 0x45, 0x56, 0x45, 0x4e, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x41, 0x4e, 0x43, 0x45, - 0x4c, 0x10, 0x07, 0x22, 0x42, 0x0a, 0x06, 0x4c, 0x6f, 0x67, 0x67, 0x65, 0x72, 0x12, 0x12, 0x0a, - 0x0e, 0x4c, 0x4f, 0x47, 0x47, 0x45, 0x52, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, - 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x4f, 0x47, 0x47, 0x45, 0x52, 0x5f, 0x43, 0x4c, 0x49, 0x45, - 0x4e, 0x54, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x4f, 0x47, 0x47, 0x45, 0x52, 0x5f, 0x53, - 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x02, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, - 0x61, 0x64, 0x22, 0xbb, 0x01, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x12, 0x37, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, - 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x1f, 0x0a, 0x0b, - 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, - 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x33, 0x0a, 0x07, 0x74, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, - 0x22, 0x47, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x12, 0x37, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, - 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, - 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xb1, 0x01, 0x0a, 0x07, 0x54, 0x72, - 0x61, 0x69, 0x6c, 0x65, 0x72, 0x12, 0x37, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, - 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, - 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x1f, - 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x12, - 0x25, 0x0a, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x4d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x35, 0x0a, - 0x07, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67, - 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, - 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, - 0x64, 0x61, 0x74, 0x61, 0x22, 0x42, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0x12, 0x36, 0x0a, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x20, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, - 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x05, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x37, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x22, 0xb8, 0x01, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x33, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1f, 0x2e, 0x67, 0x72, - 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x31, 0x2e, - 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x17, 0x0a, 0x07, - 0x69, 0x70, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x69, - 0x70, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x45, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x10, 0x0a, - 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, - 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x50, 0x56, 0x34, 0x10, 0x01, 0x12, 0x0d, - 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x50, 0x56, 0x36, 0x10, 0x02, 0x12, 0x0d, 0x0a, - 0x09, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x49, 0x58, 0x10, 0x03, 0x42, 0x5c, 0x0a, 0x14, - 0x69, 0x6f, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, - 0x67, 0x2e, 0x76, 0x31, 0x42, 0x0e, 0x42, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x4c, 0x6f, 0x67, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x32, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, - 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x62, - 0x69, 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x62, 0x69, - 0x6e, 0x61, 0x72, 0x79, 0x6c, 0x6f, 0x67, 0x5f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -}) +const file_grpc_binlog_v1_binarylog_proto_rawDesc = "" + + "\n" + + "\x1egrpc/binlog/v1/binarylog.proto\x12\x11grpc.binarylog.v1\x1a\x1egoogle/protobuf/duration.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xbb\a\n" + + "\fGrpcLogEntry\x128\n" + + "\ttimestamp\x18\x01 \x01(\v2\x1a.google.protobuf.TimestampR\ttimestamp\x12\x17\n" + + "\acall_id\x18\x02 \x01(\x04R\x06callId\x125\n" + + "\x17sequence_id_within_call\x18\x03 \x01(\x04R\x14sequenceIdWithinCall\x12=\n" + + "\x04type\x18\x04 \x01(\x0e2).grpc.binarylog.v1.GrpcLogEntry.EventTypeR\x04type\x12>\n" + + "\x06logger\x18\x05 \x01(\x0e2&.grpc.binarylog.v1.GrpcLogEntry.LoggerR\x06logger\x12F\n" + + "\rclient_header\x18\x06 \x01(\v2\x1f.grpc.binarylog.v1.ClientHeaderH\x00R\fclientHeader\x12F\n" + + "\rserver_header\x18\a \x01(\v2\x1f.grpc.binarylog.v1.ServerHeaderH\x00R\fserverHeader\x126\n" + + "\amessage\x18\b \x01(\v2\x1a.grpc.binarylog.v1.MessageH\x00R\amessage\x126\n" + + "\atrailer\x18\t \x01(\v2\x1a.grpc.binarylog.v1.TrailerH\x00R\atrailer\x12+\n" + + "\x11payload_truncated\x18\n" + + " \x01(\bR\x10payloadTruncated\x12.\n" + + "\x04peer\x18\v \x01(\v2\x1a.grpc.binarylog.v1.AddressR\x04peer\"\xf5\x01\n" + + "\tEventType\x12\x16\n" + + "\x12EVENT_TYPE_UNKNOWN\x10\x00\x12\x1c\n" + + "\x18EVENT_TYPE_CLIENT_HEADER\x10\x01\x12\x1c\n" + + "\x18EVENT_TYPE_SERVER_HEADER\x10\x02\x12\x1d\n" + + "\x19EVENT_TYPE_CLIENT_MESSAGE\x10\x03\x12\x1d\n" + + "\x19EVENT_TYPE_SERVER_MESSAGE\x10\x04\x12 \n" + + "\x1cEVENT_TYPE_CLIENT_HALF_CLOSE\x10\x05\x12\x1d\n" + + "\x19EVENT_TYPE_SERVER_TRAILER\x10\x06\x12\x15\n" + + "\x11EVENT_TYPE_CANCEL\x10\a\"B\n" + + "\x06Logger\x12\x12\n" + + "\x0eLOGGER_UNKNOWN\x10\x00\x12\x11\n" + + "\rLOGGER_CLIENT\x10\x01\x12\x11\n" + + "\rLOGGER_SERVER\x10\x02B\t\n" + + "\apayload\"\xbb\x01\n" + + "\fClientHeader\x127\n" + + "\bmetadata\x18\x01 \x01(\v2\x1b.grpc.binarylog.v1.MetadataR\bmetadata\x12\x1f\n" + + "\vmethod_name\x18\x02 \x01(\tR\n" + + "methodName\x12\x1c\n" + + "\tauthority\x18\x03 \x01(\tR\tauthority\x123\n" + + "\atimeout\x18\x04 \x01(\v2\x19.google.protobuf.DurationR\atimeout\"G\n" + + "\fServerHeader\x127\n" + + "\bmetadata\x18\x01 \x01(\v2\x1b.grpc.binarylog.v1.MetadataR\bmetadata\"\xb1\x01\n" + + "\aTrailer\x127\n" + + "\bmetadata\x18\x01 \x01(\v2\x1b.grpc.binarylog.v1.MetadataR\bmetadata\x12\x1f\n" + + "\vstatus_code\x18\x02 \x01(\rR\n" + + "statusCode\x12%\n" + + "\x0estatus_message\x18\x03 \x01(\tR\rstatusMessage\x12%\n" + + "\x0estatus_details\x18\x04 \x01(\fR\rstatusDetails\"5\n" + + "\aMessage\x12\x16\n" + + "\x06length\x18\x01 \x01(\rR\x06length\x12\x12\n" + + "\x04data\x18\x02 \x01(\fR\x04data\"B\n" + + "\bMetadata\x126\n" + + "\x05entry\x18\x01 \x03(\v2 .grpc.binarylog.v1.MetadataEntryR\x05entry\"7\n" + + "\rMetadataEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value\"\xb8\x01\n" + + "\aAddress\x123\n" + + "\x04type\x18\x01 \x01(\x0e2\x1f.grpc.binarylog.v1.Address.TypeR\x04type\x12\x18\n" + + "\aaddress\x18\x02 \x01(\tR\aaddress\x12\x17\n" + + "\aip_port\x18\x03 \x01(\rR\x06ipPort\"E\n" + + "\x04Type\x12\x10\n" + + "\fTYPE_UNKNOWN\x10\x00\x12\r\n" + + "\tTYPE_IPV4\x10\x01\x12\r\n" + + "\tTYPE_IPV6\x10\x02\x12\r\n" + + "\tTYPE_UNIX\x10\x03B\\\n" + + "\x14io.grpc.binarylog.v1B\x0eBinaryLogProtoP\x01Z2google.golang.org/grpc/binarylog/grpc_binarylog_v1b\x06proto3" var ( file_grpc_binlog_v1_binarylog_proto_rawDescOnce sync.Once diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 4f350ca56..5dec2dacc 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -35,16 +35,19 @@ import ( "google.golang.org/grpc/balancer/pickfirst" "google.golang.org/grpc/codes" "google.golang.org/grpc/connectivity" + "google.golang.org/grpc/credentials" + expstats "google.golang.org/grpc/experimental/stats" "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/channelz" "google.golang.org/grpc/internal/grpcsync" "google.golang.org/grpc/internal/idle" iresolver "google.golang.org/grpc/internal/resolver" - "google.golang.org/grpc/internal/stats" + istats "google.golang.org/grpc/internal/stats" "google.golang.org/grpc/internal/transport" "google.golang.org/grpc/keepalive" "google.golang.org/grpc/resolver" "google.golang.org/grpc/serviceconfig" + "google.golang.org/grpc/stats" "google.golang.org/grpc/status" _ "google.golang.org/grpc/balancer/roundrobin" // To register roundrobin. @@ -97,6 +100,41 @@ var ( errTransportCredentialsMissing = errors.New("grpc: the credentials require transport level security (use grpc.WithTransportCredentials() to set)") ) +var ( + disconnectionsMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.subchannel.disconnections", + Description: "EXPERIMENTAL. Number of times the selected subchannel becomes disconnected.", + Unit: "{disconnection}", + Labels: []string{"grpc.target"}, + OptionalLabels: []string{"grpc.lb.backend_service", "grpc.lb.locality", "grpc.disconnect_error"}, + Default: false, + }) + connectionAttemptsSucceededMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.subchannel.connection_attempts_succeeded", + Description: "EXPERIMENTAL. Number of successful connection attempts.", + Unit: "{attempt}", + Labels: []string{"grpc.target"}, + OptionalLabels: []string{"grpc.lb.backend_service", "grpc.lb.locality"}, + Default: false, + }) + connectionAttemptsFailedMetric = expstats.RegisterInt64Count(expstats.MetricDescriptor{ + Name: "grpc.subchannel.connection_attempts_failed", + Description: "EXPERIMENTAL. Number of failed connection attempts.", + Unit: "{attempt}", + Labels: []string{"grpc.target"}, + OptionalLabels: []string{"grpc.lb.backend_service", "grpc.lb.locality"}, + Default: false, + }) + openConnectionsMetric = expstats.RegisterInt64UpDownCount(expstats.MetricDescriptor{ + Name: "grpc.subchannel.open_connections", + Description: "EXPERIMENTAL. Number of open connections.", + Unit: "{attempt}", + Labels: []string{"grpc.target"}, + OptionalLabels: []string{"grpc.lb.backend_service", "grpc.security_level", "grpc.lb.locality"}, + Default: false, + }) +) + const ( defaultClientMaxReceiveMessageSize = 1024 * 1024 * 4 defaultClientMaxSendMessageSize = math.MaxInt32 @@ -208,9 +246,10 @@ func NewClient(target string, opts ...DialOption) (conn *ClientConn, err error) channelz.Infof(logger, cc.channelz, "Channel authority set to %q", cc.authority) cc.csMgr = newConnectivityStateManager(cc.ctx, cc.channelz) - cc.pickerWrapper = newPickerWrapper(cc.dopts.copts.StatsHandlers) + cc.pickerWrapper = newPickerWrapper() - cc.metricsRecorderList = stats.NewMetricsRecorderList(cc.dopts.copts.StatsHandlers) + cc.metricsRecorderList = istats.NewMetricsRecorderList(cc.dopts.copts.StatsHandlers) + cc.statsHandler = istats.NewCombinedHandler(cc.dopts.copts.StatsHandlers...) cc.initIdleStateLocked() // Safe to call without the lock, since nothing else has a reference to cc. cc.idlenessMgr = idle.NewManager((*idler)(cc), cc.dopts.idleTimeout) @@ -260,9 +299,10 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * }() // This creates the name resolver, load balancer, etc. - if err := cc.idlenessMgr.ExitIdleMode(); err != nil { - return nil, err + if err := cc.exitIdleMode(); err != nil { + return nil, fmt.Errorf("failed to exit idle mode: %w", err) } + cc.idlenessMgr.UnsafeSetNotIdle() // Return now for non-blocking dials. if !cc.dopts.block { @@ -330,7 +370,7 @@ func (cc *ClientConn) addTraceEvent(msg string) { Severity: channelz.CtInfo, } } - channelz.AddTraceEvent(logger, cc.channelz, 0, ted) + channelz.AddTraceEvent(logger, cc.channelz, 1, ted) } type idler ClientConn @@ -339,14 +379,17 @@ func (i *idler) EnterIdleMode() { (*ClientConn)(i).enterIdleMode() } -func (i *idler) ExitIdleMode() error { - return (*ClientConn)(i).exitIdleMode() +func (i *idler) ExitIdleMode() { + // Ignore the error returned from this method, because from the perspective + // of the caller (idleness manager), the channel would have always moved out + // of IDLE by the time this method returns. + (*ClientConn)(i).exitIdleMode() } // exitIdleMode moves the channel out of idle mode by recreating the name // resolver and load balancer. This should never be called directly; use // cc.idlenessMgr.ExitIdleMode instead. -func (cc *ClientConn) exitIdleMode() (err error) { +func (cc *ClientConn) exitIdleMode() error { cc.mu.Lock() if cc.conns == nil { cc.mu.Unlock() @@ -354,11 +397,23 @@ func (cc *ClientConn) exitIdleMode() (err error) { } cc.mu.Unlock() + // Set state to CONNECTING before building the name resolver + // so the channel does not remain in IDLE. + cc.csMgr.updateState(connectivity.Connecting) + // This needs to be called without cc.mu because this builds a new resolver // which might update state or report error inline, which would then need to // acquire cc.mu. if err := cc.resolverWrapper.start(); err != nil { - return err + // If resolver creation fails, treat it like an error reported by the + // resolver before any valid updates. Set channel's state to + // TransientFailure, and set an erroring picker with the resolver build + // error, which will returned as part of any subsequent RPCs. + logger.Warningf("Failed to start resolver: %v", err) + cc.csMgr.updateState(connectivity.TransientFailure) + cc.mu.Lock() + cc.updateResolverStateAndUnlock(resolver.State{}, err) + return fmt.Errorf("failed to start resolver: %w", err) } cc.addTraceEvent("exiting idle mode") @@ -456,7 +511,7 @@ func (cc *ClientConn) validateTransportCredentials() error { func (cc *ClientConn) channelzRegistration(target string) { parentChannel, _ := cc.dopts.channelzParent.(*channelz.Channel) cc.channelz = channelz.RegisterChannel(parentChannel, target) - cc.addTraceEvent("created") + cc.addTraceEvent(fmt.Sprintf("created for target %q", target)) } // chainUnaryClientInterceptors chains all unary client interceptors into one. @@ -621,7 +676,8 @@ type ClientConn struct { channelz *channelz.Channel // Channelz object. resolverBuilder resolver.Builder // See initParsedTargetAndResolverBuilder(). idlenessMgr *idle.Manager - metricsRecorderList *stats.MetricsRecorderList + metricsRecorderList *istats.MetricsRecorderList + statsHandler stats.Handler // The following provide their own synchronization, and therefore don't // require cc.mu to be held to access them. @@ -678,10 +734,8 @@ func (cc *ClientConn) GetState() connectivity.State { // Notice: This API is EXPERIMENTAL and may be changed or removed in a later // release. func (cc *ClientConn) Connect() { - if err := cc.idlenessMgr.ExitIdleMode(); err != nil { - cc.addTraceEvent(err.Error()) - return - } + cc.idlenessMgr.ExitIdleMode() + // If the ClientConn was not in idle mode, we need to call ExitIdle on the // LB policy so that connections can be created. cc.mu.Lock() @@ -689,22 +743,31 @@ func (cc *ClientConn) Connect() { cc.mu.Unlock() } -// waitForResolvedAddrs blocks until the resolver has provided addresses or the -// context expires. Returns nil unless the context expires first; otherwise -// returns a status error based on the context. -func (cc *ClientConn) waitForResolvedAddrs(ctx context.Context) error { +// waitForResolvedAddrs blocks until the resolver provides addresses or the +// context expires, whichever happens first. +// +// Error is nil unless the context expires first; otherwise returns a status +// error based on the context. +// +// The returned boolean indicates whether it did block or not. If the +// resolution has already happened once before, it returns false without +// blocking. Otherwise, it wait for the resolution and return true if +// resolution has succeeded or return false along with error if resolution has +// failed. +func (cc *ClientConn) waitForResolvedAddrs(ctx context.Context) (bool, error) { // This is on the RPC path, so we use a fast path to avoid the // more-expensive "select" below after the resolver has returned once. if cc.firstResolveEvent.HasFired() { - return nil + return false, nil } + internal.NewStreamWaitingForResolver() select { case <-cc.firstResolveEvent.Done(): - return nil + return true, nil case <-ctx.Done(): - return status.FromContextError(ctx.Err()).Err() + return false, status.FromContextError(ctx.Err()).Err() case <-cc.ctx.Done(): - return ErrClientConnClosing + return false, ErrClientConnClosing } } @@ -723,8 +786,8 @@ func init() { internal.EnterIdleModeForTesting = func(cc *ClientConn) { cc.idlenessMgr.EnterIdleModeForTesting() } - internal.ExitIdleModeForTesting = func(cc *ClientConn) error { - return cc.idlenessMgr.ExitIdleMode() + internal.ExitIdleModeForTesting = func(cc *ClientConn) { + cc.idlenessMgr.ExitIdleMode() } } @@ -849,6 +912,7 @@ func (cc *ClientConn) newAddrConnLocked(addrs []resolver.Address, opts balancer. channelz: channelz.RegisterSubChannel(cc.channelz, ""), resetBackoff: make(chan struct{}), } + ac.updateTelemetryLabelsLocked() ac.ctx, ac.cancel = context.WithCancel(cc.ctx) // Start with our address set to the first address; this may be updated if // we connect to different addresses. @@ -913,25 +977,24 @@ func (cc *ClientConn) incrCallsFailed() { // connect starts creating a transport. // It does nothing if the ac is not IDLE. // TODO(bar) Move this to the addrConn section. -func (ac *addrConn) connect() error { +func (ac *addrConn) connect() { ac.mu.Lock() if ac.state == connectivity.Shutdown { if logger.V(2) { logger.Infof("connect called on shutdown addrConn; ignoring.") } ac.mu.Unlock() - return errConnClosing + return } if ac.state != connectivity.Idle { if logger.V(2) { logger.Infof("connect called on addrConn in non-idle state (%v); ignoring.", ac.state) } ac.mu.Unlock() - return nil + return } ac.resetTransportAndUnlock() - return nil } // equalAddressIgnoringBalAttributes returns true is a and b are considered equal. @@ -965,7 +1028,7 @@ func (ac *addrConn) updateAddrs(addrs []resolver.Address) { } ac.addrs = addrs - + ac.updateTelemetryLabelsLocked() if ac.state == connectivity.Shutdown || ac.state == connectivity.TransientFailure || ac.state == connectivity.Idle { @@ -1067,13 +1130,6 @@ func (cc *ClientConn) healthCheckConfig() *healthCheckConfig { return cc.sc.healthCheckConfig } -func (cc *ClientConn) getTransport(ctx context.Context, failfast bool, method string) (transport.ClientTransport, balancer.PickResult, error) { - return cc.pickerWrapper.pick(ctx, failfast, balancer.PickInfo{ - Ctx: ctx, - FullMethodName: method, - }) -} - func (cc *ClientConn) applyServiceConfigAndBalancer(sc *ServiceConfig, configSelector iresolver.ConfigSelector) { if sc == nil { // should never reach here. @@ -1211,6 +1267,9 @@ type addrConn struct { resetBackoff chan struct{} channelz *channelz.SubChannel + + localityLabel string + backendServiceLabel string } // Note: this requires a lock on ac.mu. @@ -1218,6 +1277,18 @@ func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error) if ac.state == s { return } + + // If we are transitioning out of Ready, it means there is a disconnection. + // A SubConn can also transition from CONNECTING directly to IDLE when + // a transport is successfully created, but the connection fails + // before the SubConn can send the notification for READY. We treat + // this as a successful connection and transition to IDLE. + // TODO: https://github.com/grpc/grpc-go/issues/7862 - Remove the second + // part of the if condition below once the issue is fixed. + if ac.state == connectivity.Ready || (ac.state == connectivity.Connecting && s == connectivity.Idle) { + disconnectionsMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel, "unknown") + openConnectionsMetric.Record(ac.cc.metricsRecorderList, -1, ac.cc.target, ac.backendServiceLabel, ac.securityLevelLocked(), ac.localityLabel) + } ac.state = s ac.channelz.ChannelMetrics.State.Store(&s) if lastErr == nil { @@ -1225,7 +1296,7 @@ func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error) } else { channelz.Infof(logger, ac.channelz, "Subchannel Connectivity change to %v, last error: %s", s, lastErr) } - ac.acbw.updateState(s, ac.curAddr, lastErr) + ac.acbw.updateState(s, lastErr) } // adjustParams updates parameters used to create transports upon @@ -1275,6 +1346,15 @@ func (ac *addrConn) resetTransportAndUnlock() { ac.mu.Unlock() if err := ac.tryAllAddrs(acCtx, addrs, connectDeadline); err != nil { + if !errors.Is(err, context.Canceled) { + connectionAttemptsFailedMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel) + } else { + if logger.V(2) { + // This records cancelled connection attempts which can be later + // replaced by a metric. + logger.Infof("Context cancellation detected; not recording this as a failed connection attempt.") + } + } // TODO: #7534 - Move re-resolution requests into the pick_first LB policy // to ensure one resolution request per pass instead of per subconn failure. ac.cc.resolveNow(resolver.ResolveNowOptions{}) @@ -1314,10 +1394,50 @@ func (ac *addrConn) resetTransportAndUnlock() { } // Success; reset backoff. ac.mu.Lock() + connectionAttemptsSucceededMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel) + openConnectionsMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.securityLevelLocked(), ac.localityLabel) ac.backoffIdx = 0 ac.mu.Unlock() } +// updateTelemetryLabelsLocked calculates and caches the telemetry labels based on the +// first address in addrConn. +func (ac *addrConn) updateTelemetryLabelsLocked() { + labelsFunc, ok := internal.AddressToTelemetryLabels.(func(resolver.Address) map[string]string) + if !ok || len(ac.addrs) == 0 { + // Reset defaults + ac.localityLabel = "" + ac.backendServiceLabel = "" + return + } + labels := labelsFunc(ac.addrs[0]) + ac.localityLabel = labels["grpc.lb.locality"] + ac.backendServiceLabel = labels["grpc.lb.backend_service"] +} + +type securityLevelKey struct{} + +func (ac *addrConn) securityLevelLocked() string { + var secLevel string + // During disconnection, ac.transport is nil. Fall back to the security level + // stored in the current address during connection. + if ac.transport == nil { + secLevel, _ = ac.curAddr.Attributes.Value(securityLevelKey{}).(string) + return secLevel + } + authInfo := ac.transport.Peer().AuthInfo + if ci, ok := authInfo.(interface { + GetCommonAuthInfo() credentials.CommonAuthInfo + }); ok { + secLevel = ci.GetCommonAuthInfo().SecurityLevel.String() + // Store the security level in the current address' attributes so + // that it remains available for disconnection metrics after the + // transport is closed. + ac.curAddr.Attributes = ac.curAddr.Attributes.WithValue(securityLevelKey{}, secLevel) + } + return secLevel +} + // tryAllAddrs tries to create a connection to the addresses, and stop when at // the first successful one. It returns an error if no address was successfully // connected, or updates ac appropriately with the new transport. @@ -1407,25 +1527,26 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, } ac.mu.Lock() - defer ac.mu.Unlock() if ctx.Err() != nil { // This can happen if the subConn was removed while in `Connecting` // state. tearDown() would have set the state to `Shutdown`, but // would not have closed the transport since ac.transport would not // have been set at that point. - // - // We run this in a goroutine because newTr.Close() calls onClose() + + // We unlock ac.mu because newTr.Close() calls onClose() // inline, which requires locking ac.mu. - // + ac.mu.Unlock() + // The error we pass to Close() is immaterial since there are no open // streams at this point, so no trailers with error details will be sent // out. We just need to pass a non-nil error. // // This can also happen when updateAddrs is called during a connection // attempt. - go newTr.Close(transport.ErrConnClosing) + newTr.Close(transport.ErrConnClosing) return nil } + defer ac.mu.Unlock() if hctx.Err() != nil { // onClose was already called for this connection, but the connection // was successfully established first. Consider it a success and set @@ -1822,7 +1943,7 @@ func (cc *ClientConn) initAuthority() error { } else if auth, ok := cc.resolverBuilder.(resolver.AuthorityOverrider); ok { cc.authority = auth.OverrideAuthority(cc.parsedTarget) } else if strings.HasPrefix(endpoint, ":") { - cc.authority = "localhost" + endpoint + cc.authority = "localhost" + encodeAuthority(endpoint) } else { cc.authority = encodeAuthority(endpoint) } diff --git a/vendor/google.golang.org/grpc/credentials/credentials.go b/vendor/google.golang.org/grpc/credentials/credentials.go index 665e790bb..06f6c6c70 100644 --- a/vendor/google.golang.org/grpc/credentials/credentials.go +++ b/vendor/google.golang.org/grpc/credentials/credentials.go @@ -44,8 +44,7 @@ type PerRPCCredentials interface { // A54). uri is the URI of the entry point for the request. When supported // by the underlying implementation, ctx can be used for timeout and // cancellation. Additionally, RequestInfo data will be available via ctx - // to this call. TODO(zhaoq): Define the set of the qualified keys instead - // of leaving it as an arbitrary string. + // to this call. GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) // RequireTransportSecurity indicates whether the credentials requires // transport security. @@ -96,10 +95,11 @@ func (c CommonAuthInfo) GetCommonAuthInfo() CommonAuthInfo { return c } -// ProtocolInfo provides information regarding the gRPC wire protocol version, -// security protocol, security protocol version in use, server name, etc. +// ProtocolInfo provides static information regarding transport credentials. type ProtocolInfo struct { // ProtocolVersion is the gRPC wire protocol version. + // + // Deprecated: this is unused by gRPC. ProtocolVersion string // SecurityProtocol is the security protocol in use. SecurityProtocol string @@ -109,7 +109,16 @@ type ProtocolInfo struct { // // Deprecated: please use Peer.AuthInfo. SecurityVersion string - // ServerName is the user-configured server name. + // ServerName is the user-configured server name. If set, this overrides + // the default :authority header used for all RPCs on the channel using the + // containing credentials, unless grpc.WithAuthority is set on the channel, + // in which case that setting will take precedence. + // + // This must be a valid `:authority` header according to + // [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2). + // + // Deprecated: Users should use grpc.WithAuthority to override the authority + // on a channel instead of configuring the credentials. ServerName string } @@ -120,6 +129,20 @@ type AuthInfo interface { AuthType() string } +// AuthorityValidator validates the authority used to override the `:authority` +// header. This is an optional interface that implementations of AuthInfo can +// implement if they support per-RPC authority overrides. It is invoked when the +// application attempts to override the HTTP/2 `:authority` header using the +// CallAuthority call option. +type AuthorityValidator interface { + // ValidateAuthority checks the authority value used to override the + // `:authority` header. The authority parameter is the override value + // provided by the application via the CallAuthority option. This value + // typically corresponds to the server hostname or endpoint the RPC is + // targeting. It returns non-nil error if the validation fails. + ValidateAuthority(authority string) error +} + // ErrConnDispatched indicates that rawConn has been dispatched out of gRPC // and the caller should not close rawConn. var ErrConnDispatched = errors.New("credentials: rawConn is dispatched out of gRPC") @@ -159,12 +182,17 @@ type TransportCredentials interface { // Clone makes a copy of this TransportCredentials. Clone() TransportCredentials // OverrideServerName specifies the value used for the following: + // // - verifying the hostname on the returned certificates // - as SNI in the client's handshake to support virtual hosting // - as the value for `:authority` header at stream creation time // - // Deprecated: use grpc.WithAuthority instead. Will be supported - // throughout 1.x. + // The provided string should be a valid `:authority` header according to + // [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2). + // + // Deprecated: this method is unused by gRPC. Users should use + // grpc.WithAuthority to override the authority on a channel instead of + // configuring the credentials. OverrideServerName(string) error } @@ -207,14 +235,32 @@ type RequestInfo struct { AuthInfo AuthInfo } +// requestInfoKey is a struct to be used as the key to store RequestInfo in a +// context. +type requestInfoKey struct{} + // RequestInfoFromContext extracts the RequestInfo from the context if it exists. // // This API is experimental. func RequestInfoFromContext(ctx context.Context) (ri RequestInfo, ok bool) { - ri, ok = icredentials.RequestInfoFromContext(ctx).(RequestInfo) + ri, ok = ctx.Value(requestInfoKey{}).(RequestInfo) return ri, ok } +// NewContextWithRequestInfo creates a new context from ctx and attaches ri to it. +// +// This RequestInfo will be accessible via RequestInfoFromContext. +// +// Intended to be used from tests for PerRPCCredentials implementations (that +// often need to check connection's SecurityLevel). Should not be used from +// non-test code: the gRPC client already prepares a context with the correct +// RequestInfo attached when calling PerRPCCredentials.GetRequestMetadata. +// +// This API is experimental. +func NewContextWithRequestInfo(ctx context.Context, ri RequestInfo) context.Context { + return context.WithValue(ctx, requestInfoKey{}, ri) +} + // ClientHandshakeInfo holds data to be passed to ClientHandshake. This makes // it possible to pass arbitrary data to the handshaker from gRPC, resolver, // balancer etc. Individual credential implementations control the actual diff --git a/vendor/google.golang.org/grpc/credentials/insecure/insecure.go b/vendor/google.golang.org/grpc/credentials/insecure/insecure.go index 4c805c644..93156c0f3 100644 --- a/vendor/google.golang.org/grpc/credentials/insecure/insecure.go +++ b/vendor/google.golang.org/grpc/credentials/insecure/insecure.go @@ -30,7 +30,7 @@ import ( // NewCredentials returns a credentials which disables transport security. // // Note that using this credentials with per-RPC credentials which require -// transport security is incompatible and will cause grpc.Dial() to fail. +// transport security is incompatible and will cause RPCs to fail. func NewCredentials() credentials.TransportCredentials { return insecureTC{} } @@ -71,6 +71,12 @@ func (info) AuthType() string { return "insecure" } +// ValidateAuthority allows any value to be overridden for the :authority +// header. +func (info) ValidateAuthority(string) error { + return nil +} + // insecureBundle implements an insecure bundle. // An insecure bundle provides a thin wrapper around insecureTC to support // the credentials.Bundle interface. diff --git a/vendor/google.golang.org/grpc/credentials/tls.go b/vendor/google.golang.org/grpc/credentials/tls.go index bd5fe22b6..0bcd16dbb 100644 --- a/vendor/google.golang.org/grpc/credentials/tls.go +++ b/vendor/google.golang.org/grpc/credentials/tls.go @@ -22,6 +22,7 @@ import ( "context" "crypto/tls" "crypto/x509" + "errors" "fmt" "net" "net/url" @@ -50,6 +51,25 @@ func (t TLSInfo) AuthType() string { return "tls" } +// ValidateAuthority validates the provided authority being used to override the +// :authority header by verifying it against the peer certificates. It returns a +// non-nil error if the validation fails. +func (t TLSInfo) ValidateAuthority(authority string) error { + var errs []error + host, _, err := net.SplitHostPort(authority) + if err != nil { + host = authority + } + for _, cert := range t.State.PeerCertificates { + var err error + if err = cert.VerifyHostname(host); err == nil { + return nil + } + errs = append(errs, err) + } + return fmt.Errorf("credentials: invalid authority %q: %v", authority, errors.Join(errs...)) +} + // cipherSuiteLookup returns the string version of a TLS cipher suite ID. func cipherSuiteLookup(cipherSuiteID uint16) string { for _, s := range tls.CipherSuites() { @@ -94,14 +114,14 @@ func (c tlsCreds) Info() ProtocolInfo { func (c *tlsCreds) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (_ net.Conn, _ AuthInfo, err error) { // use local cfg to avoid clobbering ServerName if using multiple endpoints cfg := credinternal.CloneTLSConfig(c.config) - if cfg.ServerName == "" { - serverName, _, err := net.SplitHostPort(authority) - if err != nil { - // If the authority had no host port or if the authority cannot be parsed, use it as-is. - serverName = authority - } - cfg.ServerName = serverName + + serverName, _, err := net.SplitHostPort(authority) + if err != nil { + // If the authority had no host port or if the authority cannot be parsed, use it as-is. + serverName = authority } + cfg.ServerName = serverName + conn := tls.Client(rawConn, cfg) errChannel := make(chan error, 1) go func() { @@ -243,9 +263,11 @@ func applyDefaults(c *tls.Config) *tls.Config { // certificates to establish the identity of the client need to be included in // the credentials (eg: for mTLS), use NewTLS instead, where a complete // tls.Config can be specified. -// serverNameOverride is for testing only. If set to a non empty string, -// it will override the virtual host name of authority (e.g. :authority header -// field) in requests. +// +// serverNameOverride is for testing only. If set to a non empty string, it will +// override the virtual host name of authority (e.g. :authority header field) in +// requests. Users should use grpc.WithAuthority passed to grpc.NewClient to +// override the authority of the client instead. func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials { return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp}) } @@ -255,9 +277,11 @@ func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) Transpor // certificates to establish the identity of the client need to be included in // the credentials (eg: for mTLS), use NewTLS instead, where a complete // tls.Config can be specified. -// serverNameOverride is for testing only. If set to a non empty string, -// it will override the virtual host name of authority (e.g. :authority header -// field) in requests. +// +// serverNameOverride is for testing only. If set to a non empty string, it will +// override the virtual host name of authority (e.g. :authority header field) in +// requests. Users should use grpc.WithAuthority passed to grpc.NewClient to +// override the authority of the client instead. func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error) { b, err := os.ReadFile(certFile) if err != nil { diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go index 405a2ffeb..7a5ac2e7c 100644 --- a/vendor/google.golang.org/grpc/dialoptions.go +++ b/vendor/google.golang.org/grpc/dialoptions.go @@ -213,6 +213,7 @@ func WithReadBufferSize(s int) DialOption { func WithInitialWindowSize(s int32) DialOption { return newFuncDialOption(func(o *dialOptions) { o.copts.InitialWindowSize = s + o.copts.StaticWindowSize = true }) } @@ -222,6 +223,26 @@ func WithInitialWindowSize(s int32) DialOption { func WithInitialConnWindowSize(s int32) DialOption { return newFuncDialOption(func(o *dialOptions) { o.copts.InitialConnWindowSize = s + o.copts.StaticWindowSize = true + }) +} + +// WithStaticStreamWindowSize returns a DialOption which sets the initial +// stream window size to the value provided and disables dynamic flow control. +func WithStaticStreamWindowSize(s int32) DialOption { + return newFuncDialOption(func(o *dialOptions) { + o.copts.InitialWindowSize = s + o.copts.StaticWindowSize = true + }) +} + +// WithStaticConnWindowSize returns a DialOption which sets the initial +// connection window size to the value provided and disables dynamic flow +// control. +func WithStaticConnWindowSize(s int32) DialOption { + return newFuncDialOption(func(o *dialOptions) { + o.copts.InitialConnWindowSize = s + o.copts.StaticWindowSize = true }) } @@ -360,7 +381,7 @@ func WithReturnConnectionError() DialOption { // // Note that using this DialOption with per-RPC credentials (through // WithCredentialsBundle or WithPerRPCCredentials) which require transport -// security is incompatible and will cause grpc.Dial() to fail. +// security is incompatible and will cause RPCs to fail. // // Deprecated: use WithTransportCredentials and insecure.NewCredentials() // instead. Will be supported throughout 1.x. @@ -587,6 +608,8 @@ func WithChainStreamInterceptor(interceptors ...StreamClientInterceptor) DialOpt // WithAuthority returns a DialOption that specifies the value to be used as the // :authority pseudo-header and as the server name in authentication handshake. +// This overrides all other ways of setting authority on the channel, but can be +// overridden per-call by using grpc.CallAuthority. func WithAuthority(a string) DialOption { return newFuncDialOption(func(o *dialOptions) { o.authority = a diff --git a/vendor/google.golang.org/grpc/encoding/encoding.go b/vendor/google.golang.org/grpc/encoding/encoding.go index 11d0ae142..296f38c3a 100644 --- a/vendor/google.golang.org/grpc/encoding/encoding.go +++ b/vendor/google.golang.org/grpc/encoding/encoding.go @@ -27,8 +27,10 @@ package encoding import ( "io" + "slices" "strings" + "google.golang.org/grpc/encoding/internal" "google.golang.org/grpc/internal/grpcutil" ) @@ -36,12 +38,26 @@ import ( // It is intended for grpc internal use only. const Identity = "identity" +func init() { + internal.RegisterCompressorForTesting = func(c Compressor) func() { + name := c.Name() + curCompressor, found := registeredCompressor[name] + RegisterCompressor(c) + return func() { + if found { + registeredCompressor[name] = curCompressor + return + } + delete(registeredCompressor, name) + grpcutil.RegisteredCompressorNames = slices.DeleteFunc(grpcutil.RegisteredCompressorNames, func(s string) bool { + return s == name + }) + } + } +} + // Compressor is used for compressing and decompressing when sending or // receiving messages. -// -// If a Compressor implements `DecompressedSize(compressedBytes []byte) int`, -// gRPC will invoke it to determine the size of the buffer allocated for the -// result of decompression. A return value of -1 indicates unknown size. type Compressor interface { // Compress writes the data written to wc to w after compressing it. If an // error occurs while initializing the compressor, that error is returned diff --git a/vendor/google.golang.org/grpc/encoding/gzip/gzip.go b/vendor/google.golang.org/grpc/encoding/gzip/gzip.go index 6306e8bb0..153e4dbfb 100644 --- a/vendor/google.golang.org/grpc/encoding/gzip/gzip.go +++ b/vendor/google.golang.org/grpc/encoding/gzip/gzip.go @@ -27,7 +27,6 @@ package gzip import ( "compress/gzip" - "encoding/binary" "fmt" "io" "sync" @@ -111,17 +110,6 @@ func (z *reader) Read(p []byte) (n int, err error) { return n, err } -// RFC1952 specifies that the last four bytes "contains the size of -// the original (uncompressed) input data modulo 2^32." -// gRPC has a max message size of 2GB so we don't need to worry about wraparound. -func (c *compressor) DecompressedSize(buf []byte) int { - last := len(buf) - if last < 4 { - return -1 - } - return int(binary.LittleEndian.Uint32(buf[last-4 : last])) -} - func (c *compressor) Name() string { return Name } diff --git a/vendor/google.golang.org/grpc/encoding/internal/internal.go b/vendor/google.golang.org/grpc/encoding/internal/internal.go new file mode 100644 index 000000000..ee9acb437 --- /dev/null +++ b/vendor/google.golang.org/grpc/encoding/internal/internal.go @@ -0,0 +1,28 @@ +/* + * + * Copyright 2025 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package internal contains code internal to the encoding package. +package internal + +// RegisterCompressorForTesting registers a compressor in the global compressor +// registry. It returns a cleanup function that should be called at the end +// of the test to unregister the compressor. +// +// This prevents compressors registered in one test from appearing in the +// encoding headers of subsequent tests. +var RegisterCompressorForTesting any // func RegisterCompressor(c Compressor) func() diff --git a/vendor/google.golang.org/grpc/encoding/proto/proto.go b/vendor/google.golang.org/grpc/encoding/proto/proto.go index ceec319dd..1ab874c7a 100644 --- a/vendor/google.golang.org/grpc/encoding/proto/proto.go +++ b/vendor/google.golang.org/grpc/encoding/proto/proto.go @@ -46,9 +46,25 @@ func (c *codecV2) Marshal(v any) (data mem.BufferSlice, err error) { return nil, fmt.Errorf("proto: failed to marshal, message is %T, want proto.Message", v) } + // Important: if we remove this Size call then we cannot use + // UseCachedSize in MarshalOptions below. size := proto.Size(vv) + + // MarshalOptions with UseCachedSize allows reusing the result from the + // previous Size call. This is safe here because: + // + // 1. We just computed the size. + // 2. We assume the message is not being mutated concurrently. + // + // Important: If the proto.Size call above is removed, using UseCachedSize + // becomes unsafe and may lead to incorrect marshaling. + // + // For more details, see the doc of UseCachedSize: + // https://pkg.go.dev/google.golang.org/protobuf/proto#MarshalOptions + marshalOptions := proto.MarshalOptions{UseCachedSize: true} + if mem.IsBelowBufferPoolingThreshold(size) { - buf, err := proto.Marshal(vv) + buf, err := marshalOptions.Marshal(vv) if err != nil { return nil, err } @@ -56,7 +72,7 @@ func (c *codecV2) Marshal(v any) (data mem.BufferSlice, err error) { } else { pool := mem.DefaultBufferPool() buf := pool.Get(size) - if _, err := (proto.MarshalOptions{}).MarshalAppend((*buf)[:0], vv); err != nil { + if _, err := marshalOptions.MarshalAppend((*buf)[:0], vv); err != nil { pool.Put(buf) return nil, err } diff --git a/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go b/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go index ad75313a1..472813f58 100644 --- a/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go +++ b/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go @@ -75,6 +75,8 @@ const ( MetricTypeIntHisto MetricTypeFloatHisto MetricTypeIntGauge + MetricTypeIntUpDownCount + MetricTypeIntAsyncGauge ) // Int64CountHandle is a typed handle for a int count metric. This handle @@ -93,6 +95,23 @@ func (h *Int64CountHandle) Record(recorder MetricsRecorder, incr int64, labels . recorder.RecordInt64Count(h, incr, labels...) } +// Int64UpDownCountHandle is a typed handle for an int up-down counter metric. +// This handle is passed at the recording point in order to know which metric +// to record on. +type Int64UpDownCountHandle MetricDescriptor + +// Descriptor returns the int64 up-down counter handle typecast to a pointer to a +// MetricDescriptor. +func (h *Int64UpDownCountHandle) Descriptor() *MetricDescriptor { + return (*MetricDescriptor)(h) +} + +// Record records the int64 up-down counter value on the metrics recorder provided. +// The value 'v' can be positive to increment or negative to decrement. +func (h *Int64UpDownCountHandle) Record(recorder MetricsRecorder, v int64, labels ...string) { + recorder.RecordInt64UpDownCount(h, v, labels...) +} + // Float64CountHandle is a typed handle for a float count metric. This handle is // passed at the recording point in order to know which metric to record on. type Float64CountHandle MetricDescriptor @@ -154,6 +173,30 @@ func (h *Int64GaugeHandle) Record(recorder MetricsRecorder, incr int64, labels . recorder.RecordInt64Gauge(h, incr, labels...) } +// AsyncMetric is a marker interface for asynchronous metric types. +type AsyncMetric interface { + isAsync() + Descriptor() *MetricDescriptor +} + +// Int64AsyncGaugeHandle is a typed handle for an int gauge metric. This handle is +// passed at the recording point in order to know which metric to record on. +type Int64AsyncGaugeHandle MetricDescriptor + +// isAsync implements the AsyncMetric interface. +func (h *Int64AsyncGaugeHandle) isAsync() {} + +// Descriptor returns the int64 gauge handle typecast to a pointer to a +// MetricDescriptor. +func (h *Int64AsyncGaugeHandle) Descriptor() *MetricDescriptor { + return (*MetricDescriptor)(h) +} + +// Record records the int64 gauge value on the metrics recorder provided. +func (h *Int64AsyncGaugeHandle) Record(recorder AsyncMetricsRecorder, value int64, labels ...string) { + recorder.RecordInt64AsyncGauge(h, value, labels...) +} + // registeredMetrics are the registered metric descriptor names. var registeredMetrics = make(map[string]bool) @@ -249,6 +292,35 @@ func RegisterInt64Gauge(descriptor MetricDescriptor) *Int64GaugeHandle { return (*Int64GaugeHandle)(descPtr) } +// RegisterInt64UpDownCount registers the metric description onto the global registry. +// It returns a typed handle to use for recording data. +// +// NOTE: this function must only be called during initialization time (i.e. in +// an init() function), and is not thread-safe. If multiple metrics are +// registered with the same name, this function will panic. +func RegisterInt64UpDownCount(descriptor MetricDescriptor) *Int64UpDownCountHandle { + registerMetric(descriptor.Name, descriptor.Default) + // Set the specific metric type for the up-down counter + descriptor.Type = MetricTypeIntUpDownCount + descPtr := &descriptor + metricsRegistry[descriptor.Name] = descPtr + return (*Int64UpDownCountHandle)(descPtr) +} + +// RegisterInt64AsyncGauge registers the metric description onto the global registry. +// It returns a typed handle to use for recording data. +// +// NOTE: this function must only be called during initialization time (i.e. in +// an init() function), and is not thread-safe. If multiple metrics are +// registered with the same name, this function will panic. +func RegisterInt64AsyncGauge(descriptor MetricDescriptor) *Int64AsyncGaugeHandle { + registerMetric(descriptor.Name, descriptor.Default) + descriptor.Type = MetricTypeIntAsyncGauge + descPtr := &descriptor + metricsRegistry[descriptor.Name] = descPtr + return (*Int64AsyncGaugeHandle)(descPtr) +} + // snapshotMetricsRegistryForTesting snapshots the global data of the metrics // registry. Returns a cleanup function that sets the metrics registry to its // original state. diff --git a/vendor/google.golang.org/grpc/experimental/stats/metrics.go b/vendor/google.golang.org/grpc/experimental/stats/metrics.go index ee1423605..88742724a 100644 --- a/vendor/google.golang.org/grpc/experimental/stats/metrics.go +++ b/vendor/google.golang.org/grpc/experimental/stats/metrics.go @@ -19,9 +19,13 @@ // Package stats contains experimental metrics/stats API's. package stats -import "google.golang.org/grpc/stats" +import ( + "google.golang.org/grpc/internal" + "google.golang.org/grpc/stats" +) // MetricsRecorder records on metrics derived from metric registry. +// Implementors must embed UnimplementedMetricsRecorder. type MetricsRecorder interface { // RecordInt64Count records the measurement alongside labels on the int // count associated with the provided handle. @@ -38,6 +42,49 @@ type MetricsRecorder interface { // RecordInt64Gauge records the measurement alongside labels on the int // gauge associated with the provided handle. RecordInt64Gauge(handle *Int64GaugeHandle, incr int64, labels ...string) + // RecordInt64UpDownCounter records the measurement alongside labels on the int + // count associated with the provided handle. + RecordInt64UpDownCount(handle *Int64UpDownCountHandle, incr int64, labels ...string) + // RegisterAsyncReporter registers a reporter to produce metric values for + // only the listed descriptors. The returned function must be called when + // the metrics are no longer needed, which will remove the reporter. The + // returned method needs to be idempotent and concurrent safe. + RegisterAsyncReporter(reporter AsyncMetricReporter, descriptors ...AsyncMetric) func() + + // EnforceMetricsRecorderEmbedding is included to force implementers to embed + // another implementation of this interface, allowing gRPC to add methods + // without breaking users. + internal.EnforceMetricsRecorderEmbedding +} + +// AsyncMetricReporter is an interface for types that record metrics asynchronously +// for the set of descriptors they are registered with. The AsyncMetricsRecorder +// parameter is used to record values for these metrics. +// +// Implementations must make unique recordings across all registered +// AsyncMetricReporters. Meaning, they should not report values for a metric with +// the same attributes as another AsyncMetricReporter will report. +// +// Implementations must be concurrent-safe. +type AsyncMetricReporter interface { + // Report records metric values using the provided recorder. + Report(AsyncMetricsRecorder) error +} + +// AsyncMetricReporterFunc is an adapter to allow the use of ordinary functions as +// AsyncMetricReporters. +type AsyncMetricReporterFunc func(AsyncMetricsRecorder) error + +// Report calls f(r). +func (f AsyncMetricReporterFunc) Report(r AsyncMetricsRecorder) error { + return f(r) +} + +// AsyncMetricsRecorder records on asynchronous metrics derived from metric registry. +type AsyncMetricsRecorder interface { + // RecordInt64AsyncGauge records the measurement alongside labels on the int + // count associated with the provided handle asynchronously + RecordInt64AsyncGauge(handle *Int64AsyncGaugeHandle, incr int64, labels ...string) } // Metrics is an experimental legacy alias of the now-stable stats.MetricSet. @@ -52,3 +99,33 @@ type Metric = string func NewMetrics(metrics ...Metric) *Metrics { return stats.NewMetricSet(metrics...) } + +// UnimplementedMetricsRecorder must be embedded to have forward compatible implementations. +type UnimplementedMetricsRecorder struct { + internal.EnforceMetricsRecorderEmbedding +} + +// RecordInt64Count provides a no-op implementation. +func (UnimplementedMetricsRecorder) RecordInt64Count(*Int64CountHandle, int64, ...string) {} + +// RecordFloat64Count provides a no-op implementation. +func (UnimplementedMetricsRecorder) RecordFloat64Count(*Float64CountHandle, float64, ...string) {} + +// RecordInt64Histo provides a no-op implementation. +func (UnimplementedMetricsRecorder) RecordInt64Histo(*Int64HistoHandle, int64, ...string) {} + +// RecordFloat64Histo provides a no-op implementation. +func (UnimplementedMetricsRecorder) RecordFloat64Histo(*Float64HistoHandle, float64, ...string) {} + +// RecordInt64Gauge provides a no-op implementation. +func (UnimplementedMetricsRecorder) RecordInt64Gauge(*Int64GaugeHandle, int64, ...string) {} + +// RecordInt64UpDownCount provides a no-op implementation. +func (UnimplementedMetricsRecorder) RecordInt64UpDownCount(*Int64UpDownCountHandle, int64, ...string) { +} + +// RegisterAsyncReporter provides a no-op implementation. +func (UnimplementedMetricsRecorder) RegisterAsyncReporter(AsyncMetricReporter, ...AsyncMetric) func() { + // No-op: Return an empty function to ensure caller doesn't panic on nil function call + return func() {} +} diff --git a/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go b/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go index faa59e418..8f7d9f6bb 100644 --- a/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go +++ b/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go @@ -17,7 +17,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 +// protoc-gen-go v1.36.10 // protoc v5.27.1 // source: grpc/health/v1/health.proto @@ -261,63 +261,29 @@ func (x *HealthListResponse) GetStatuses() map[string]*HealthCheckResponse { var File_grpc_health_v1_health_proto protoreflect.FileDescriptor -var file_grpc_health_v1_health_proto_rawDesc = string([]byte{ - 0x0a, 0x1b, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2f, 0x76, 0x31, - 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x67, - 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x22, 0x2e, 0x0a, - 0x12, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0xb1, 0x01, - 0x0a, 0x13, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x49, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, - 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x22, 0x4f, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0b, - 0x0a, 0x07, 0x53, 0x45, 0x52, 0x56, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x4e, - 0x4f, 0x54, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, - 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, - 0x03, 0x22, 0x13, 0x0a, 0x11, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4c, 0x69, 0x73, 0x74, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xc4, 0x01, 0x0a, 0x12, 0x48, 0x65, 0x61, 0x6c, 0x74, - 0x68, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4c, 0x0a, - 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x30, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, - 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x08, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x65, 0x73, 0x1a, 0x60, 0x0a, 0x0d, 0x53, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x39, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, - 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x32, 0xfd, 0x01, - 0x0a, 0x06, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x12, 0x50, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, - 0x6b, 0x12, 0x22, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, - 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, - 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x4c, 0x69, - 0x73, 0x74, 0x12, 0x21, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, - 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, - 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4c, 0x69, 0x73, - 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x52, 0x0a, 0x05, 0x57, 0x61, 0x74, - 0x63, 0x68, 0x12, 0x22, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, - 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, - 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, - 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, 0x70, 0x0a, - 0x11, 0x69, 0x6f, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, - 0x76, 0x31, 0x42, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, - 0x01, 0x5a, 0x2c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, - 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, - 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x76, 0x31, 0xa2, - 0x02, 0x0c, 0x47, 0x72, 0x70, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x56, 0x31, 0xaa, 0x02, - 0x0e, 0x47, 0x72, 0x70, 0x63, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x2e, 0x56, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) +const file_grpc_health_v1_health_proto_rawDesc = "" + + "\n" + + "\x1bgrpc/health/v1/health.proto\x12\x0egrpc.health.v1\".\n" + + "\x12HealthCheckRequest\x12\x18\n" + + "\aservice\x18\x01 \x01(\tR\aservice\"\xb1\x01\n" + + "\x13HealthCheckResponse\x12I\n" + + "\x06status\x18\x01 \x01(\x0e21.grpc.health.v1.HealthCheckResponse.ServingStatusR\x06status\"O\n" + + "\rServingStatus\x12\v\n" + + "\aUNKNOWN\x10\x00\x12\v\n" + + "\aSERVING\x10\x01\x12\x0f\n" + + "\vNOT_SERVING\x10\x02\x12\x13\n" + + "\x0fSERVICE_UNKNOWN\x10\x03\"\x13\n" + + "\x11HealthListRequest\"\xc4\x01\n" + + "\x12HealthListResponse\x12L\n" + + "\bstatuses\x18\x01 \x03(\v20.grpc.health.v1.HealthListResponse.StatusesEntryR\bstatuses\x1a`\n" + + "\rStatusesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x129\n" + + "\x05value\x18\x02 \x01(\v2#.grpc.health.v1.HealthCheckResponseR\x05value:\x028\x012\xfd\x01\n" + + "\x06Health\x12P\n" + + "\x05Check\x12\".grpc.health.v1.HealthCheckRequest\x1a#.grpc.health.v1.HealthCheckResponse\x12M\n" + + "\x04List\x12!.grpc.health.v1.HealthListRequest\x1a\".grpc.health.v1.HealthListResponse\x12R\n" + + "\x05Watch\x12\".grpc.health.v1.HealthCheckRequest\x1a#.grpc.health.v1.HealthCheckResponse0\x01Bp\n" + + "\x11io.grpc.health.v1B\vHealthProtoP\x01Z,google.golang.org/grpc/health/grpc_health_v1\xa2\x02\fGrpcHealthV1\xaa\x02\x0eGrpc.Health.V1b\x06proto3" var ( file_grpc_health_v1_health_proto_rawDescOnce sync.Once diff --git a/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go b/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go index 93136610e..e99cd5c83 100644 --- a/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go +++ b/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go @@ -17,7 +17,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 +// - protoc-gen-go-grpc v1.6.0 // - protoc v5.27.1 // source: grpc/health/v1/health.proto @@ -188,13 +188,13 @@ type HealthServer interface { type UnimplementedHealthServer struct{} func (UnimplementedHealthServer) Check(context.Context, *HealthCheckRequest) (*HealthCheckResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Check not implemented") + return nil, status.Error(codes.Unimplemented, "method Check not implemented") } func (UnimplementedHealthServer) List(context.Context, *HealthListRequest) (*HealthListResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method List not implemented") + return nil, status.Error(codes.Unimplemented, "method List not implemented") } func (UnimplementedHealthServer) Watch(*HealthCheckRequest, grpc.ServerStreamingServer[HealthCheckResponse]) error { - return status.Errorf(codes.Unimplemented, "method Watch not implemented") + return status.Error(codes.Unimplemented, "method Watch not implemented") } func (UnimplementedHealthServer) testEmbeddedByValue() {} diff --git a/vendor/google.golang.org/grpc/interceptor.go b/vendor/google.golang.org/grpc/interceptor.go index 877d78fc3..099e3d093 100644 --- a/vendor/google.golang.org/grpc/interceptor.go +++ b/vendor/google.golang.org/grpc/interceptor.go @@ -97,8 +97,12 @@ type StreamServerInfo struct { IsServerStream bool } -// StreamServerInterceptor provides a hook to intercept the execution of a streaming RPC on the server. -// info contains all the information of this RPC the interceptor can operate on. And handler is the -// service method implementation. It is the responsibility of the interceptor to invoke handler to -// complete the RPC. +// StreamServerInterceptor provides a hook to intercept the execution of a +// streaming RPC on the server. +// +// srv is the service implementation on which the RPC was invoked, and needs to +// be passed to handler, and not used otherwise. ss is the server side of the +// stream. info contains all the information of this RPC the interceptor can +// operate on. And handler is the service method implementation. It is the +// responsibility of the interceptor to invoke handler to complete the RPC. type StreamServerInterceptor func(srv any, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error diff --git a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go index fbc1ca356..f38de74a4 100644 --- a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go +++ b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go @@ -67,6 +67,10 @@ type Balancer struct { // balancerCurrent before the UpdateSubConnState is called on the // balancerCurrent. currentMu sync.Mutex + + // activeGoroutines tracks all the goroutines that this balancer has started + // and that should be waited on when the balancer closes. + activeGoroutines sync.WaitGroup } // swap swaps out the current lb with the pending lb and updates the ClientConn. @@ -76,7 +80,9 @@ func (gsb *Balancer) swap() { cur := gsb.balancerCurrent gsb.balancerCurrent = gsb.balancerPending gsb.balancerPending = nil + gsb.activeGoroutines.Add(1) go func() { + defer gsb.activeGoroutines.Done() gsb.currentMu.Lock() defer gsb.currentMu.Unlock() cur.Close() @@ -223,15 +229,7 @@ func (gsb *Balancer) ExitIdle() { // There is no need to protect this read with a mutex, as the write to the // Balancer field happens in SwitchTo, which completes before this can be // called. - if ei, ok := balToUpdate.Balancer.(balancer.ExitIdler); ok { - ei.ExitIdle() - return - } - gsb.mu.Lock() - defer gsb.mu.Unlock() - for sc := range balToUpdate.subconns { - sc.Connect() - } + balToUpdate.ExitIdle() } // updateSubConnState forwards the update to the appropriate child. @@ -282,6 +280,7 @@ func (gsb *Balancer) Close() { currentBalancerToClose.Close() pendingBalancerToClose.Close() + gsb.activeGoroutines.Wait() } // balancerWrapper wraps a balancer.Balancer, and overrides some Balancer @@ -332,7 +331,12 @@ func (bw *balancerWrapper) UpdateState(state balancer.State) { defer bw.gsb.mu.Unlock() bw.lastState = state + // If Close() acquires the mutex before UpdateState(), the balancer + // will already have been removed from the current or pending state when + // reaching this point. if !bw.gsb.balancerCurrentOrPending(bw) { + // Returning here ensures that (*Balancer).swap() is not invoked after + // (*Balancer).Close() and therefore prevents "use after close". return } diff --git a/vendor/google.golang.org/grpc/internal/balancer/weight/weight.go b/vendor/google.golang.org/grpc/internal/balancer/weight/weight.go new file mode 100644 index 000000000..11beb07d1 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/balancer/weight/weight.go @@ -0,0 +1,66 @@ +/* + * + * Copyright 2025 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package weight contains utilities to manage endpoint weights. Weights are +// used by LB policies such as ringhash to distribute load across multiple +// endpoints. +package weight + +import ( + "fmt" + + "google.golang.org/grpc/resolver" +) + +// attributeKey is the type used as the key to store EndpointInfo in the +// Attributes field of resolver.Endpoint. +type attributeKey struct{} + +// EndpointInfo will be stored in the Attributes field of Endpoints in order to +// use the ringhash balancer. +type EndpointInfo struct { + Weight uint32 +} + +// Equal allows the values to be compared by Attributes.Equal. +func (a EndpointInfo) Equal(o any) bool { + oa, ok := o.(EndpointInfo) + return ok && oa.Weight == a.Weight +} + +// Set returns a copy of endpoint in which the Attributes field is updated with +// EndpointInfo. +func Set(endpoint resolver.Endpoint, epInfo EndpointInfo) resolver.Endpoint { + endpoint.Attributes = endpoint.Attributes.WithValue(attributeKey{}, epInfo) + return endpoint +} + +// String returns a human-readable representation of EndpointInfo. +// This method is intended for logging, testing, and debugging purposes only. +// Do not rely on the output format, as it is not guaranteed to remain stable. +func (a EndpointInfo) String() string { + return fmt.Sprintf("Weight: %d", a.Weight) +} + +// FromEndpoint returns the EndpointInfo stored in the Attributes field of an +// endpoint. It returns an empty EndpointInfo if attribute is not found. +func FromEndpoint(endpoint resolver.Endpoint) EndpointInfo { + v := endpoint.Attributes.Value(attributeKey{}) + ei, _ := v.(EndpointInfo) + return ei +} diff --git a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go index 11f91668a..467392b8d 100644 --- a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go +++ b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go @@ -83,6 +83,7 @@ func (b *Unbounded) Load() { default: } } else if b.closing && !b.closed { + b.closed = true close(b.c) } } diff --git a/vendor/google.golang.org/grpc/internal/channelz/trace.go b/vendor/google.golang.org/grpc/internal/channelz/trace.go index 2bffe4777..3b7ba5966 100644 --- a/vendor/google.golang.org/grpc/internal/channelz/trace.go +++ b/vendor/google.golang.org/grpc/internal/channelz/trace.go @@ -194,7 +194,7 @@ func (r RefChannelType) String() string { // If channelz is not turned ON, this will simply log the event descriptions. func AddTraceEvent(l grpclog.DepthLoggerV2, e Entity, depth int, desc *TraceEvent) { // Log only the trace description associated with the bottom most entity. - d := fmt.Sprintf("[%s]%s", e, desc.Desc) + d := fmt.Sprintf("[%s] %s", e, desc.Desc) switch desc.Severity { case CtUnknown, CtInfo: l.InfoDepth(depth+1, d) diff --git a/vendor/google.golang.org/grpc/internal/credentials/credentials.go b/vendor/google.golang.org/grpc/internal/credentials/credentials.go index 9deee7f65..48b22d9cf 100644 --- a/vendor/google.golang.org/grpc/internal/credentials/credentials.go +++ b/vendor/google.golang.org/grpc/internal/credentials/credentials.go @@ -20,20 +20,6 @@ import ( "context" ) -// requestInfoKey is a struct to be used as the key to store RequestInfo in a -// context. -type requestInfoKey struct{} - -// NewRequestInfoContext creates a context with ri. -func NewRequestInfoContext(ctx context.Context, ri any) context.Context { - return context.WithValue(ctx, requestInfoKey{}, ri) -} - -// RequestInfoFromContext extracts the RequestInfo from ctx. -func RequestInfoFromContext(ctx context.Context) any { - return ctx.Value(requestInfoKey{}) -} - // clientHandshakeInfoKey is a struct used as the key to store // ClientHandshakeInfo in a context. type clientHandshakeInfoKey struct{} diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go index cc5713fd9..7ad6fb44c 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go @@ -26,35 +26,31 @@ import ( ) var ( - // TXTErrIgnore is set if TXT errors should be ignored ("GRPC_GO_IGNORE_TXT_ERRORS" is not "false"). + // EnableTXTServiceConfig is set if the DNS resolver should perform TXT + // lookups for service config ("GRPC_ENABLE_TXT_SERVICE_CONFIG" is not + // "false"). + EnableTXTServiceConfig = boolFromEnv("GRPC_ENABLE_TXT_SERVICE_CONFIG", true) + + // TXTErrIgnore is set if TXT errors should be ignored + // ("GRPC_GO_IGNORE_TXT_ERRORS" is not "false"). TXTErrIgnore = boolFromEnv("GRPC_GO_IGNORE_TXT_ERRORS", true) + // RingHashCap indicates the maximum ring size which defaults to 4096 // entries but may be overridden by setting the environment variable // "GRPC_RING_HASH_CAP". This does not override the default bounds // checking which NACKs configs specifying ring sizes > 8*1024*1024 (~8M). RingHashCap = uint64FromEnv("GRPC_RING_HASH_CAP", 4096, 1, 8*1024*1024) - // LeastRequestLB is set if we should support the least_request_experimental - // LB policy, which can be enabled by setting the environment variable - // "GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST" to "true". - LeastRequestLB = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST", false) + // ALTSMaxConcurrentHandshakes is the maximum number of concurrent ALTS // handshakes that can be performed. ALTSMaxConcurrentHandshakes = uint64FromEnv("GRPC_ALTS_MAX_CONCURRENT_HANDSHAKES", 100, 1, 100) + // EnforceALPNEnabled is set if TLS connections to servers with ALPN disabled // should be rejected. The HTTP/2 protocol requires ALPN to be enabled, this // option is present for backward compatibility. This option may be overridden // by setting the environment variable "GRPC_ENFORCE_ALPN_ENABLED" to "true" // or "false". EnforceALPNEnabled = boolFromEnv("GRPC_ENFORCE_ALPN_ENABLED", true) - // XDSFallbackSupport is the env variable that controls whether support for - // xDS fallback is turned on. If this is unset or is false, only the first - // xDS server in the list of server configs will be used. - XDSFallbackSupport = boolFromEnv("GRPC_EXPERIMENTAL_XDS_FALLBACK", true) - // NewPickFirstEnabled is set if the new pickfirst leaf policy is to be used - // instead of the exiting pickfirst implementation. This can be disabled by - // setting the environment variable "GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST" - // to "false". - NewPickFirstEnabled = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST", true) // XDSEndpointHashKeyBackwardCompat controls the parsing of the endpoint hash // key from EDS LbEndpoint metadata. Endpoint hash keys can be disabled by @@ -69,6 +65,45 @@ var ( // to gRFC A76. It can be enabled by setting the environment variable // "GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY" to "true". RingHashSetRequestHashKey = boolFromEnv("GRPC_EXPERIMENTAL_RING_HASH_SET_REQUEST_HASH_KEY", false) + + // ALTSHandshakerKeepaliveParams is set if we should add the + // KeepaliveParams when dial the ALTS handshaker service. + ALTSHandshakerKeepaliveParams = boolFromEnv("GRPC_EXPERIMENTAL_ALTS_HANDSHAKER_KEEPALIVE_PARAMS", false) + + // EnableDefaultPortForProxyTarget controls whether the resolver adds a default port 443 + // to a target address that lacks one. This flag only has an effect when all of + // the following conditions are met: + // - A connect proxy is being used. + // - Target resolution is disabled. + // - The DNS resolver is being used. + EnableDefaultPortForProxyTarget = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_DEFAULT_PORT_FOR_PROXY_TARGET", true) + + // XDSAuthorityRewrite indicates whether xDS authority rewriting is enabled. + // This feature is defined in gRFC A81 and is enabled by setting the + // environment variable GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE to "true". + XDSAuthorityRewrite = boolFromEnv("GRPC_EXPERIMENTAL_XDS_AUTHORITY_REWRITE", false) + + // PickFirstWeightedShuffling indicates whether weighted endpoint shuffling + // is enabled in the pick_first LB policy, as defined in gRFC A113. This + // feature can be disabled by setting the environment variable + // GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING to "false". + PickFirstWeightedShuffling = boolFromEnv("GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING", true) + + // DisableStrictPathChecking indicates whether strict path checking is + // disabled. This feature can be disabled by setting the environment + // variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING to "true". + // + // When strict path checking is enabled, gRPC will reject requests with + // paths that do not conform to the gRPC over HTTP/2 specification found at + // https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md. + // + // When disabled, gRPC will allow paths that do not contain a leading slash. + // Enabling strict path checking is recommended for security reasons, as it + // prevents potential path traversal vulnerabilities. + // + // A future release will remove this environment variable, enabling strict + // path checking behavior unconditionally. + DisableStrictPathChecking = boolFromEnv("GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING", false) ) func boolFromEnv(envVar string, def bool) bool { diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go index 2eb97f832..7685d08b5 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go @@ -63,4 +63,20 @@ var ( // For more details, see: // https://github.com/grpc/proposal/blob/master/A82-xds-system-root-certs.md. XDSSystemRootCertsEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_SYSTEM_ROOT_CERTS", false) + + // XDSSPIFFEEnabled controls if SPIFFE Bundle Maps can be used as roots of + // trust. For more details, see: + // https://github.com/grpc/proposal/blob/master/A87-mtls-spiffe-support.md + XDSSPIFFEEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_MTLS_SPIFFE", false) + + // XDSHTTPConnectEnabled is true if gRPC should parse custom Metadata + // configuring use of an HTTP CONNECT proxy via xDS from cluster resources. + // For more details, see: + // https://github.com/grpc/proposal/blob/master/A86-xds-http-connect.md + XDSHTTPConnectEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_HTTP_CONNECT", false) + + // XDSBootstrapCallCredsEnabled controls if call credentials can be used in + // xDS bootstrap configuration via the `call_creds` field. For more details, + // see: https://github.com/grpc/proposal/blob/master/A97-xds-jwt-call-creds.md + XDSBootstrapCallCredsEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS", false) ) diff --git a/vendor/google.golang.org/grpc/internal/experimental.go b/vendor/google.golang.org/grpc/internal/experimental.go index 7617be215..8a999917d 100644 --- a/vendor/google.golang.org/grpc/internal/experimental.go +++ b/vendor/google.golang.org/grpc/internal/experimental.go @@ -25,4 +25,11 @@ var ( // BufferPool is implemented by the grpc package and returns a server // option to configure a shared buffer pool for a grpc.Server. BufferPool any // func (grpc.SharedBufferPool) grpc.ServerOption + + // SetDefaultBufferPool updates the default buffer pool. + SetDefaultBufferPool any // func(mem.BufferPool) + + // AcceptCompressors is implemented by the grpc package and returns + // a call option that restricts the grpc-accept-encoding header for a call. + AcceptCompressors any // func(...string) grpc.CallOption ) diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go index 8e8e86128..9b6d8a1fa 100644 --- a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go +++ b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go @@ -80,25 +80,11 @@ func (cs *CallbackSerializer) ScheduleOr(f func(ctx context.Context), onFailure func (cs *CallbackSerializer) run(ctx context.Context) { defer close(cs.done) - // TODO: when Go 1.21 is the oldest supported version, this loop and Close - // can be replaced with: - // - // context.AfterFunc(ctx, cs.callbacks.Close) - for ctx.Err() == nil { - select { - case <-ctx.Done(): - // Do nothing here. Next iteration of the for loop will not happen, - // since ctx.Err() would be non-nil. - case cb := <-cs.callbacks.Get(): - cs.callbacks.Load() - cb.(func(context.Context))(ctx) - } - } - - // Close the buffer to prevent new callbacks from being added. - cs.callbacks.Close() + // Close the buffer when the context is canceled + // to prevent new callbacks from being added. + context.AfterFunc(ctx, cs.callbacks.Close) - // Run all pending callbacks. + // Run all callbacks. for cb := range cs.callbacks.Get() { cs.callbacks.Load() cb.(func(context.Context))(ctx) diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/event.go b/vendor/google.golang.org/grpc/internal/grpcsync/event.go index fbe697c37..d788c2493 100644 --- a/vendor/google.golang.org/grpc/internal/grpcsync/event.go +++ b/vendor/google.golang.org/grpc/internal/grpcsync/event.go @@ -21,28 +21,25 @@ package grpcsync import ( - "sync" "sync/atomic" ) // Event represents a one-time event that may occur in the future. type Event struct { - fired int32 + fired atomic.Bool c chan struct{} - o sync.Once } // Fire causes e to complete. It is safe to call multiple times, and // concurrently. It returns true iff this call to Fire caused the signaling -// channel returned by Done to close. +// channel returned by Done to close. If Fire returns false, it is possible +// the Done channel has not been closed yet. func (e *Event) Fire() bool { - ret := false - e.o.Do(func() { - atomic.StoreInt32(&e.fired, 1) + if e.fired.CompareAndSwap(false, true) { close(e.c) - ret = true - }) - return ret + return true + } + return false } // Done returns a channel that will be closed when Fire is called. @@ -52,7 +49,7 @@ func (e *Event) Done() <-chan struct{} { // HasFired returns true if Fire has been called. func (e *Event) HasFired() bool { - return atomic.LoadInt32(&e.fired) == 1 + return e.fired.Load() } // NewEvent returns a new, ready-to-use Event. diff --git a/vendor/google.golang.org/grpc/internal/idle/idle.go b/vendor/google.golang.org/grpc/internal/idle/idle.go index 2c13ee9da..d3cd24f80 100644 --- a/vendor/google.golang.org/grpc/internal/idle/idle.go +++ b/vendor/google.golang.org/grpc/internal/idle/idle.go @@ -21,7 +21,6 @@ package idle import ( - "fmt" "math" "sync" "sync/atomic" @@ -33,15 +32,15 @@ var timeAfterFunc = func(d time.Duration, f func()) *time.Timer { return time.AfterFunc(d, f) } -// Enforcer is the functionality provided by grpc.ClientConn to enter -// and exit from idle mode. -type Enforcer interface { - ExitIdleMode() error +// ClientConn is the functionality provided by grpc.ClientConn to enter and exit +// from idle mode. +type ClientConn interface { + ExitIdleMode() EnterIdleMode() } -// Manager implements idleness detection and calls the configured Enforcer to -// enter/exit idle mode when appropriate. Must be created by NewManager. +// Manager implements idleness detection and calls the ClientConn to enter/exit +// idle mode when appropriate. Must be created by NewManager. type Manager struct { // State accessed atomically. lastCallEndTime int64 // Unix timestamp in nanos; time when the most recent RPC completed. @@ -51,8 +50,8 @@ type Manager struct { // Can be accessed without atomics or mutex since these are set at creation // time and read-only after that. - enforcer Enforcer // Functionality provided by grpc.ClientConn. - timeout time.Duration + cc ClientConn // Functionality provided by grpc.ClientConn. + timeout time.Duration // idleMu is used to guarantee mutual exclusion in two scenarios: // - Opposing intentions: @@ -72,9 +71,9 @@ type Manager struct { // NewManager creates a new idleness manager implementation for the // given idle timeout. It begins in idle mode. -func NewManager(enforcer Enforcer, timeout time.Duration) *Manager { +func NewManager(cc ClientConn, timeout time.Duration) *Manager { return &Manager{ - enforcer: enforcer, + cc: cc, timeout: timeout, actuallyIdle: true, activeCallsCount: -math.MaxInt32, @@ -127,7 +126,7 @@ func (m *Manager) handleIdleTimeout() { // Now that we've checked that there has been no activity, attempt to enter // idle mode, which is very likely to succeed. - if m.tryEnterIdleMode() { + if m.tryEnterIdleMode(true) { // Successfully entered idle mode. No timer needed until we exit idle. return } @@ -142,10 +141,13 @@ func (m *Manager) handleIdleTimeout() { // that, it performs a last minute check to ensure that no new RPC has come in, // making the channel active. // +// checkActivity controls if a check for RPC activity, since the last time the +// idle_timeout fired, is made. + // Return value indicates whether or not the channel moved to idle mode. // // Holds idleMu which ensures mutual exclusion with exitIdleMode. -func (m *Manager) tryEnterIdleMode() bool { +func (m *Manager) tryEnterIdleMode(checkActivity bool) bool { // Setting the activeCallsCount to -math.MaxInt32 indicates to OnCallBegin() // that the channel is either in idle mode or is trying to get there. if !atomic.CompareAndSwapInt32(&m.activeCallsCount, 0, -math.MaxInt32) { @@ -166,7 +168,7 @@ func (m *Manager) tryEnterIdleMode() bool { atomic.AddInt32(&m.activeCallsCount, math.MaxInt32) return false } - if atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 { + if checkActivity && atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 { // A very short RPC could have come in (and also finished) after we // checked for calls count and activity in handleIdleTimeout(), but // before the CAS operation. So, we need to check for activity again. @@ -177,44 +179,37 @@ func (m *Manager) tryEnterIdleMode() bool { // No new RPCs have come in since we set the active calls count value to // -math.MaxInt32. And since we have the lock, it is safe to enter idle mode // unconditionally now. - m.enforcer.EnterIdleMode() + m.cc.EnterIdleMode() m.actuallyIdle = true return true } // EnterIdleModeForTesting instructs the channel to enter idle mode. func (m *Manager) EnterIdleModeForTesting() { - m.tryEnterIdleMode() + m.tryEnterIdleMode(false) } // OnCallBegin is invoked at the start of every RPC. -func (m *Manager) OnCallBegin() error { +func (m *Manager) OnCallBegin() { if m.isClosed() { - return nil + return } if atomic.AddInt32(&m.activeCallsCount, 1) > 0 { // Channel is not idle now. Set the activity bit and allow the call. atomic.StoreInt32(&m.activeSinceLastTimerCheck, 1) - return nil + return } // Channel is either in idle mode or is in the process of moving to idle // mode. Attempt to exit idle mode to allow this RPC. - if err := m.ExitIdleMode(); err != nil { - // Undo the increment to calls count, and return an error causing the - // RPC to fail. - atomic.AddInt32(&m.activeCallsCount, -1) - return err - } - + m.ExitIdleMode() atomic.StoreInt32(&m.activeSinceLastTimerCheck, 1) - return nil } -// ExitIdleMode instructs m to call the enforcer's ExitIdleMode and update m's +// ExitIdleMode instructs m to call the ClientConn's ExitIdleMode and update its // internal state. -func (m *Manager) ExitIdleMode() error { +func (m *Manager) ExitIdleMode() { // Holds idleMu which ensures mutual exclusion with tryEnterIdleMode. m.idleMu.Lock() defer m.idleMu.Unlock() @@ -231,12 +226,10 @@ func (m *Manager) ExitIdleMode() error { // m.ExitIdleMode. // // In any case, there is nothing to do here. - return nil + return } - if err := m.enforcer.ExitIdleMode(); err != nil { - return fmt.Errorf("failed to exit idle mode: %w", err) - } + m.cc.ExitIdleMode() // Undo the idle entry process. This also respects any new RPC attempts. atomic.AddInt32(&m.activeCallsCount, math.MaxInt32) @@ -244,7 +237,23 @@ func (m *Manager) ExitIdleMode() error { // Start a new timer to fire after the configured idle timeout. m.resetIdleTimerLocked(m.timeout) - return nil +} + +// UnsafeSetNotIdle instructs the Manager to update its internal state to +// reflect the reality that the channel is no longer in IDLE mode. +// +// N.B. This method is intended only for internal use by the gRPC client +// when it exits IDLE mode **manually** from `Dial`. The callsite must ensure: +// - The channel was **actually in IDLE mode** immediately prior to the call. +// - There is **no concurrent activity** that could cause the channel to exit +// IDLE mode *naturally* at the same time. +func (m *Manager) UnsafeSetNotIdle() { + m.idleMu.Lock() + defer m.idleMu.Unlock() + + atomic.AddInt32(&m.activeCallsCount, math.MaxInt32) + m.actuallyIdle = false + m.resetIdleTimerLocked(m.timeout) } // OnCallEnd is invoked at the end of every RPC. diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go index 2ce012cda..4b3d563f8 100644 --- a/vendor/google.golang.org/grpc/internal/internal.go +++ b/vendor/google.golang.org/grpc/internal/internal.go @@ -182,35 +182,6 @@ var ( // other features, including the CSDS service. NewXDSResolverWithClientForTesting any // func(xdsclient.XDSClient) (resolver.Builder, error) - // RegisterRLSClusterSpecifierPluginForTesting registers the RLS Cluster - // Specifier Plugin for testing purposes, regardless of the XDSRLS environment - // variable. - // - // TODO: Remove this function once the RLS env var is removed. - RegisterRLSClusterSpecifierPluginForTesting func() - - // UnregisterRLSClusterSpecifierPluginForTesting unregisters the RLS Cluster - // Specifier Plugin for testing purposes. This is needed because there is no way - // to unregister the RLS Cluster Specifier Plugin after registering it solely - // for testing purposes using RegisterRLSClusterSpecifierPluginForTesting(). - // - // TODO: Remove this function once the RLS env var is removed. - UnregisterRLSClusterSpecifierPluginForTesting func() - - // RegisterRBACHTTPFilterForTesting registers the RBAC HTTP Filter for testing - // purposes, regardless of the RBAC environment variable. - // - // TODO: Remove this function once the RBAC env var is removed. - RegisterRBACHTTPFilterForTesting func() - - // UnregisterRBACHTTPFilterForTesting unregisters the RBAC HTTP Filter for - // testing purposes. This is needed because there is no way to unregister the - // HTTP Filter after registering it solely for testing purposes using - // RegisterRBACHTTPFilterForTesting(). - // - // TODO: Remove this function once the RBAC env var is removed. - UnregisterRBACHTTPFilterForTesting func() - // ORCAAllowAnyMinReportingInterval is for examples/orca use ONLY. ORCAAllowAnyMinReportingInterval any // func(so *orca.ServiceOptions) @@ -240,22 +211,11 @@ var ( // default resolver scheme. UserSetDefaultScheme = false - // ConnectedAddress returns the connected address for a SubConnState. The - // address is only valid if the state is READY. - ConnectedAddress any // func (scs SubConnState) resolver.Address - - // SetConnectedAddress sets the connected address for a SubConnState. - SetConnectedAddress any // func(scs *SubConnState, addr resolver.Address) - // SnapshotMetricRegistryForTesting snapshots the global data of the metric // registry. Returns a cleanup function that sets the metric registry to its // original state. Only called in testing functions. SnapshotMetricRegistryForTesting func() func() - // SetDefaultBufferPoolForTesting updates the default buffer pool, for - // testing purposes. - SetDefaultBufferPoolForTesting any // func(mem.BufferPool) - // SetBufferPoolingThresholdForTesting updates the buffer pooling threshold, for // testing purposes. SetBufferPoolingThresholdForTesting any // func(int) @@ -266,6 +226,25 @@ var ( TimeAfterFunc = func(d time.Duration, f func()) Timer { return time.AfterFunc(d, f) } + + // NewStreamWaitingForResolver is a test hook that is triggered when a + // new stream blocks while waiting for name resolution. This can be + // used in tests to synchronize resolver updates and avoid race conditions. + // When set, the function will be called before the stream enters + // the blocking state. + NewStreamWaitingForResolver = func() {} + + // AddressToTelemetryLabels is an xDS-provided function to extract telemetry + // labels from a resolver.Address. Callers must assert its type before calling. + AddressToTelemetryLabels any // func(addr resolver.Address) map[string]string + + // AsyncReporterCleanupDelegate is initialized to a pass-through function by + // default (production behavior), allowing tests to swap it with an + // implementation which tracks registration of async reporter and its + // corresponding cleanup. + AsyncReporterCleanupDelegate = func(cleanup func()) func() { + return cleanup + } ) // HealthChecker defines the signature of the client-side LB channel health @@ -313,3 +292,9 @@ type EnforceClientConnEmbedding interface { type Timer interface { Stop() bool } + +// EnforceMetricsRecorderEmbedding is used to enforce proper MetricsRecorder +// implementation embedding. +type EnforceMetricsRecorderEmbedding interface { + enforceMetricsRecorderEmbedding() +} diff --git a/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go b/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go index 20b8fb098..5bfa67b72 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go +++ b/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go @@ -22,11 +22,13 @@ package delegatingresolver import ( "fmt" + "net" "net/http" "net/url" "sync" "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/internal/envconfig" "google.golang.org/grpc/internal/proxyattributes" "google.golang.org/grpc/internal/transport" "google.golang.org/grpc/internal/transport/networktype" @@ -40,6 +42,8 @@ var ( HTTPSProxyFromEnvironment = http.ProxyFromEnvironment ) +const defaultPort = "443" + // delegatingResolver manages both target URI and proxy address resolution by // delegating these tasks to separate child resolvers. Essentially, it acts as // an intermediary between the gRPC ClientConn and the child resolvers. @@ -107,10 +111,18 @@ func New(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOpti targetResolver: nopResolver{}, } + addr := target.Endpoint() var err error - r.proxyURL, err = proxyURLForTarget(target.Endpoint()) + if target.URL.Scheme == "dns" && !targetResolutionEnabled && envconfig.EnableDefaultPortForProxyTarget { + addr, err = parseTarget(addr) + if err != nil { + return nil, fmt.Errorf("delegating_resolver: invalid target address %q: %v", target.Endpoint(), err) + } + } + + r.proxyURL, err = proxyURLForTarget(addr) if err != nil { - return nil, fmt.Errorf("delegating_resolver: failed to determine proxy URL for target %s: %v", target, err) + return nil, fmt.Errorf("delegating_resolver: failed to determine proxy URL for target %q: %v", target, err) } // proxy is not configured or proxy address excluded using `NO_PROXY` env @@ -132,8 +144,8 @@ func New(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOpti // bypass the target resolver and store the unresolved target address. if target.URL.Scheme == "dns" && !targetResolutionEnabled { r.targetResolverState = &resolver.State{ - Addresses: []resolver.Address{{Addr: target.Endpoint()}}, - Endpoints: []resolver.Endpoint{{Addresses: []resolver.Address{{Addr: target.Endpoint()}}}}, + Addresses: []resolver.Address{{Addr: addr}}, + Endpoints: []resolver.Endpoint{{Addresses: []resolver.Address{{Addr: addr}}}}, } r.updateTargetResolverState(*r.targetResolverState) return r, nil @@ -202,6 +214,44 @@ func needsProxyResolver(state *resolver.State) bool { return false } +// parseTarget takes a target string and ensures it is a valid "host:port" target. +// +// It does the following: +// 1. If the target already has a port (e.g., "host:port", "[ipv6]:port"), +// it is returned as is. +// 2. If the host part is empty (e.g., ":80"), it defaults to "localhost", +// returning "localhost:80". +// 3. If the target is missing a port (e.g., "host", "ipv6"), the defaultPort +// is added. +// +// An error is returned for empty targets or targets with a trailing colon +// but no port (e.g., "host:"). +func parseTarget(target string) (string, error) { + if target == "" { + return "", fmt.Errorf("missing address") + } + + host, port, err := net.SplitHostPort(target) + if err != nil { + // If SplitHostPort fails, it's likely because the port is missing. + // We append the default port and return the result. + return net.JoinHostPort(target, defaultPort), nil + } + + // If SplitHostPort succeeds, we check for edge cases. + if port == "" { + // A success with an empty port means the target had a trailing colon, + // e.g., "host:", which is an error. + return "", fmt.Errorf("missing port after port-separator colon") + } + if host == "" { + // A success with an empty host means the target was like ":80". + // We default the host to "localhost". + host = "localhost" + } + return net.JoinHostPort(host, port), nil +} + func skipProxy(address resolver.Address) bool { // Avoid proxy when network is not tcp. networkType, ok := networktype.Get(address) diff --git a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go index ba5c5a95d..70b89e4d7 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go +++ b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go @@ -125,20 +125,23 @@ func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts // IP address. if ipAddr, err := formatIP(host); err == nil { addr := []resolver.Address{{Addr: ipAddr + ":" + port}} - cc.UpdateState(resolver.State{Addresses: addr}) + cc.UpdateState(resolver.State{ + Addresses: addr, + Endpoints: []resolver.Endpoint{{Addresses: addr}}, + }) return deadResolver{}, nil } // DNS address (non-IP). ctx, cancel := context.WithCancel(context.Background()) d := &dnsResolver{ - host: host, - port: port, - ctx: ctx, - cancel: cancel, - cc: cc, - rn: make(chan struct{}, 1), - disableServiceConfig: opts.DisableServiceConfig, + host: host, + port: port, + ctx: ctx, + cancel: cancel, + cc: cc, + rn: make(chan struct{}, 1), + enableServiceConfig: envconfig.EnableTXTServiceConfig && !opts.DisableServiceConfig, } d.resolver, err = internal.NewNetResolver(target.URL.Host) @@ -181,8 +184,8 @@ type dnsResolver struct { // finishes, race detector sometimes will warn lookup (READ the lookup // function pointers) inside watcher() goroutine has data race with // replaceNetFunc (WRITE the lookup function pointers). - wg sync.WaitGroup - disableServiceConfig bool + wg sync.WaitGroup + enableServiceConfig bool } // ResolveNow invoke an immediate resolution of the target that this @@ -342,11 +345,19 @@ func (d *dnsResolver) lookup() (*resolver.State, error) { return nil, hostErr } - state := resolver.State{Addresses: addrs} + eps := make([]resolver.Endpoint, 0, len(addrs)) + for _, addr := range addrs { + eps = append(eps, resolver.Endpoint{Addresses: []resolver.Address{addr}}) + } + + state := resolver.State{ + Addresses: addrs, + Endpoints: eps, + } if len(srv) > 0 { state = grpclbstate.Set(state, &grpclbstate.State{BalancerAddresses: srv}) } - if !d.disableServiceConfig { + if d.enableServiceConfig { state.ServiceConfig = d.lookupTXT(ctx) } return &state, nil diff --git a/vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go b/vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go index 79044657b..1c8c2ab30 100644 --- a/vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go +++ b/vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go @@ -20,6 +20,7 @@ import ( "fmt" estats "google.golang.org/grpc/experimental/stats" + "google.golang.org/grpc/internal" "google.golang.org/grpc/stats" ) @@ -28,6 +29,7 @@ import ( // It eats any record calls where the label values provided do not match the // number of label keys. type MetricsRecorderList struct { + internal.EnforceMetricsRecorderEmbedding // metricsRecorders are the metrics recorders this list will forward to. metricsRecorders []estats.MetricsRecorder } @@ -64,6 +66,16 @@ func (l *MetricsRecorderList) RecordInt64Count(handle *estats.Int64CountHandle, } } +// RecordInt64UpDownCount records the measurement alongside labels on the int +// count associated with the provided handle. +func (l *MetricsRecorderList) RecordInt64UpDownCount(handle *estats.Int64UpDownCountHandle, incr int64, labels ...string) { + verifyLabels(handle.Descriptor(), labels...) + + for _, metricRecorder := range l.metricsRecorders { + metricRecorder.RecordInt64UpDownCount(handle, incr, labels...) + } +} + // RecordFloat64Count records the measurement alongside labels on the float // count associated with the provided handle. func (l *MetricsRecorderList) RecordFloat64Count(handle *estats.Float64CountHandle, incr float64, labels ...string) { @@ -103,3 +115,61 @@ func (l *MetricsRecorderList) RecordInt64Gauge(handle *estats.Int64GaugeHandle, metricRecorder.RecordInt64Gauge(handle, incr, labels...) } } + +// RegisterAsyncReporter forwards the registration to all underlying metrics +// recorders. +// +// It returns a cleanup function that, when called, invokes the cleanup function +// returned by each underlying recorder, ensuring the reporter is unregistered +// from all of them. +func (l *MetricsRecorderList) RegisterAsyncReporter(reporter estats.AsyncMetricReporter, metrics ...estats.AsyncMetric) func() { + descriptorsMap := make(map[*estats.MetricDescriptor]bool, len(metrics)) + for _, m := range metrics { + descriptorsMap[m.Descriptor()] = true + } + unregisterFns := make([]func(), 0, len(l.metricsRecorders)) + for _, mr := range l.metricsRecorders { + // Wrap the AsyncMetricsRecorder to intercept calls to RecordInt64Gauge + // and validate the labels. + wrappedCallback := func(recorder estats.AsyncMetricsRecorder) error { + wrappedRecorder := &asyncRecorderWrapper{ + delegate: recorder, + descriptors: descriptorsMap, + } + return reporter.Report(wrappedRecorder) + } + unregisterFns = append(unregisterFns, mr.RegisterAsyncReporter(estats.AsyncMetricReporterFunc(wrappedCallback), metrics...)) + } + + // Wrap the cleanup function using the internal delegate. + // In production, this returns realCleanup as-is. + // In tests, the leak checker can swap this to track the registration lifetime. + return internal.AsyncReporterCleanupDelegate(defaultCleanUp(unregisterFns)) +} + +func defaultCleanUp(unregisterFns []func()) func() { + return func() { + for _, unregister := range unregisterFns { + unregister() + } + } +} + +type asyncRecorderWrapper struct { + delegate estats.AsyncMetricsRecorder + descriptors map[*estats.MetricDescriptor]bool +} + +// RecordIntAsync64Gauge records the measurement alongside labels on the int +// gauge associated with the provided handle. +func (w *asyncRecorderWrapper) RecordInt64AsyncGauge(handle *estats.Int64AsyncGaugeHandle, value int64, labels ...string) { + // Ensure only metrics for descriptors passed during callback registration + // are emitted. + d := handle.Descriptor() + if _, ok := w.descriptors[d]; !ok { + return + } + // Validate labels and delegate. + verifyLabels(d, labels...) + w.delegate.RecordInt64AsyncGauge(handle, value, labels...) +} diff --git a/vendor/google.golang.org/grpc/internal/stats/stats.go b/vendor/google.golang.org/grpc/internal/stats/stats.go new file mode 100644 index 000000000..49019b80d --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/stats/stats.go @@ -0,0 +1,70 @@ +/* + * + * Copyright 2025 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package stats + +import ( + "context" + + "google.golang.org/grpc/stats" +) + +type combinedHandler struct { + handlers []stats.Handler +} + +// NewCombinedHandler combines multiple stats.Handlers into a single handler. +// +// It returns nil if no handlers are provided. If only one handler is +// provided, it is returned directly without wrapping. +func NewCombinedHandler(handlers ...stats.Handler) stats.Handler { + switch len(handlers) { + case 0: + return nil + case 1: + return handlers[0] + default: + return &combinedHandler{handlers: handlers} + } +} + +func (ch *combinedHandler) TagRPC(ctx context.Context, info *stats.RPCTagInfo) context.Context { + for _, h := range ch.handlers { + ctx = h.TagRPC(ctx, info) + } + return ctx +} + +func (ch *combinedHandler) HandleRPC(ctx context.Context, stats stats.RPCStats) { + for _, h := range ch.handlers { + h.HandleRPC(ctx, stats) + } +} + +func (ch *combinedHandler) TagConn(ctx context.Context, info *stats.ConnTagInfo) context.Context { + for _, h := range ch.handlers { + ctx = h.TagConn(ctx, info) + } + return ctx +} + +func (ch *combinedHandler) HandleConn(ctx context.Context, stats stats.ConnStats) { + for _, h := range ch.handlers { + h.HandleConn(ctx, stats) + } +} diff --git a/vendor/google.golang.org/grpc/internal/status/status.go b/vendor/google.golang.org/grpc/internal/status/status.go index 1186f1e9a..aad171cd0 100644 --- a/vendor/google.golang.org/grpc/internal/status/status.go +++ b/vendor/google.golang.org/grpc/internal/status/status.go @@ -236,3 +236,11 @@ func IsRestrictedControlPlaneCode(s *Status) bool { } return false } + +// RawStatusProto returns the internal protobuf message for use by gRPC itself. +func RawStatusProto(s *Status) *spb.Status { + if s == nil { + return nil + } + return s.s +} diff --git a/vendor/google.golang.org/grpc/internal/transport/client_stream.go b/vendor/google.golang.org/grpc/internal/transport/client_stream.go index ccc0e017e..cd8152ef1 100644 --- a/vendor/google.golang.org/grpc/internal/transport/client_stream.go +++ b/vendor/google.golang.org/grpc/internal/transport/client_stream.go @@ -24,30 +24,34 @@ import ( "golang.org/x/net/http2" "google.golang.org/grpc/mem" "google.golang.org/grpc/metadata" + "google.golang.org/grpc/stats" "google.golang.org/grpc/status" ) // ClientStream implements streaming functionality for a gRPC client. type ClientStream struct { - *Stream // Embed for common stream functionality. + Stream // Embed for common stream functionality. ct *http2Client done chan struct{} // closed at the end of stream to unblock writers. doneFunc func() // invoked at the end of stream. - headerChan chan struct{} // closed to indicate the end of header metadata. - headerChanClosed uint32 // set when headerChan is closed. Used to avoid closing headerChan multiple times. + headerChan chan struct{} // closed to indicate the end of header metadata. + header metadata.MD // the received header metadata + + status *status.Status // the status error received from the server + + // Non-pointer fields are at the end to optimize GC allocations. + // headerValid indicates whether a valid header was received. Only // meaningful after headerChan is closed (always call waitOnHeader() before // reading its value). - headerValid bool - header metadata.MD // the received header metadata - noHeaders bool // set if the client never received headers (set only after the stream is done). - - bytesReceived atomic.Bool // indicates whether any bytes have been received on this stream - unprocessed atomic.Bool // set if the server sends a refused stream or GOAWAY including this stream - - status *status.Status // the status error received from the server + headerValid bool + noHeaders bool // set if the client never received headers (set only after the stream is done). + headerChanClosed uint32 // set when headerChan is closed. Used to avoid closing headerChan multiple times. + bytesReceived atomic.Bool // indicates whether any bytes have been received on this stream + unprocessed atomic.Bool // set if the server sends a refused stream or GOAWAY including this stream + statsHandler stats.Handler // nil for internal streams (e.g., health check, ORCA) where telemetry is not supported. } // Read reads an n byte message from the input stream. @@ -142,3 +146,11 @@ func (s *ClientStream) TrailersOnly() bool { func (s *ClientStream) Status() *status.Status { return s.status } + +func (s *ClientStream) requestRead(n int) { + s.ct.adjustWindow(s, uint32(n)) +} + +func (s *ClientStream) updateWindow(n int) { + s.ct.updateWindow(s, uint32(n)) +} diff --git a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go index ef72fbb3a..7efa52478 100644 --- a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go +++ b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go @@ -24,22 +24,26 @@ import ( "fmt" "net" "runtime" - "strconv" "sync" "sync/atomic" "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" "google.golang.org/grpc/internal/grpclog" - "google.golang.org/grpc/internal/grpcutil" "google.golang.org/grpc/mem" - "google.golang.org/grpc/status" ) var updateHeaderTblSize = func(e *hpack.Encoder, v uint32) { e.SetMaxDynamicTableSizeLimit(v) } +// itemNodePool is used to reduce heap allocations. +var itemNodePool = sync.Pool{ + New: func() any { + return &itemNode{} + }, +} + type itemNode struct { it any next *itemNode @@ -51,7 +55,9 @@ type itemList struct { } func (il *itemList) enqueue(i any) { - n := &itemNode{it: i} + n := itemNodePool.Get().(*itemNode) + n.next = nil + n.it = i if il.tail == nil { il.head, il.tail = n, n return @@ -71,7 +77,9 @@ func (il *itemList) dequeue() any { return nil } i := il.head.it + temp := il.head il.head = il.head.next + itemNodePool.Put(temp) if il.head == nil { il.tail = nil } @@ -136,20 +144,19 @@ type cleanupStream struct { func (c *cleanupStream) isTransportResponseFrame() bool { return c.rst } // Results in a RST_STREAM type earlyAbortStream struct { - httpStatus uint32 - streamID uint32 - contentSubtype string - status *status.Status - rst bool + streamID uint32 + rst bool + hf []hpack.HeaderField // Pre-built header fields } func (*earlyAbortStream) isTransportResponseFrame() bool { return false } type dataFrame struct { - streamID uint32 - endStream bool - h []byte - reader mem.Reader + streamID uint32 + endStream bool + h []byte + data mem.BufferSlice + processing bool // onEachWrite is called every time // a part of data is written out. onEachWrite func() @@ -234,6 +241,7 @@ type outStream struct { itl *itemList bytesOutStanding int wq *writeQuota + reader mem.Reader next *outStream prev *outStream @@ -461,7 +469,9 @@ func (c *controlBuffer) finish() { v.onOrphaned(ErrConnClosing) } case *dataFrame: - _ = v.reader.Close() + if !v.processing { + v.data.Free() + } } } @@ -481,6 +491,16 @@ const ( serverSide ) +// maxWriteBufSize is the maximum length (number of elements) the cached +// writeBuf can grow to. The length depends on the number of buffers +// contained within the BufferSlice produced by the codec, which is +// generally small. +// +// If a writeBuf larger than this limit is required, it will be allocated +// and freed after use, rather than being cached. This avoids holding +// on to large amounts of memory. +const maxWriteBufSize = 64 + // Loopy receives frames from the control buffer. // Each frame is handled individually; most of the work done by loopy goes // into handling data frames. Loopy maintains a queue of active streams, and each @@ -515,6 +535,8 @@ type loopyWriter struct { // Side-specific handlers ssGoAwayHandler func(*goAway) (bool, error) + + writeBuf [][]byte // cached slice to avoid heap allocations for calls to mem.Reader.Peek. } func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator, conn net.Conn, logger *grpclog.PrefixLogger, goAwayHandler func(*goAway) (bool, error), bufferPool mem.BufferPool) *loopyWriter { @@ -790,10 +812,13 @@ func (l *loopyWriter) cleanupStreamHandler(c *cleanupStream) error { // a RST_STREAM before stream initialization thus the stream might // not be established yet. delete(l.estdStreams, c.streamID) + str.reader.Close() str.deleteSelf() for head := str.itl.dequeueAll(); head != nil; head = head.next { if df, ok := head.it.(*dataFrame); ok { - _ = df.reader.Close() + if !df.processing { + df.data.Free() + } } } } @@ -813,18 +838,7 @@ func (l *loopyWriter) earlyAbortStreamHandler(eas *earlyAbortStream) error { if l.side == clientSide { return errors.New("earlyAbortStream not handled on client") } - // In case the caller forgets to set the http status, default to 200. - if eas.httpStatus == 0 { - eas.httpStatus = 200 - } - headerFields := []hpack.HeaderField{ - {Name: ":status", Value: strconv.Itoa(int(eas.httpStatus))}, - {Name: "content-type", Value: grpcutil.ContentType(eas.contentSubtype)}, - {Name: "grpc-status", Value: strconv.Itoa(int(eas.status.Code()))}, - {Name: "grpc-message", Value: encodeGrpcMessage(eas.status.Message())}, - } - - if err := l.writeHeader(eas.streamID, true, headerFields, nil); err != nil { + if err := l.writeHeader(eas.streamID, true, eas.hf, nil); err != nil { return err } if eas.rst { @@ -928,7 +942,13 @@ func (l *loopyWriter) processData() (bool, error) { if str == nil { return true, nil } + reader := &str.reader dataItem := str.itl.peek().(*dataFrame) // Peek at the first data item this stream. + if !dataItem.processing { + dataItem.processing = true + reader.Reset(dataItem.data) + dataItem.data.Free() + } // A data item is represented by a dataFrame, since it later translates into // multiple HTTP2 data frames. // Every dataFrame has two buffers; h that keeps grpc-message header and data @@ -936,13 +956,13 @@ func (l *loopyWriter) processData() (bool, error) { // from data is copied to h to make as big as the maximum possible HTTP2 frame // size. - if len(dataItem.h) == 0 && dataItem.reader.Remaining() == 0 { // Empty data frame + if len(dataItem.h) == 0 && reader.Remaining() == 0 { // Empty data frame // Client sends out empty data frame with endStream = true - if err := l.framer.fr.WriteData(dataItem.streamID, dataItem.endStream, nil); err != nil { + if err := l.framer.writeData(dataItem.streamID, dataItem.endStream, nil); err != nil { return false, err } str.itl.dequeue() // remove the empty data item from stream - _ = dataItem.reader.Close() + reader.Close() if str.itl.isEmpty() { str.state = empty } else if trailer, ok := str.itl.peek().(*headerFrame); ok { // the next item is trailers. @@ -971,29 +991,24 @@ func (l *loopyWriter) processData() (bool, error) { } // Compute how much of the header and data we can send within quota and max frame length hSize := min(maxSize, len(dataItem.h)) - dSize := min(maxSize-hSize, dataItem.reader.Remaining()) - remainingBytes := len(dataItem.h) + dataItem.reader.Remaining() - hSize - dSize + dSize := min(maxSize-hSize, reader.Remaining()) + remainingBytes := len(dataItem.h) + reader.Remaining() - hSize - dSize size := hSize + dSize - var buf *[]byte - - if hSize != 0 && dSize == 0 { - buf = &dataItem.h - } else { - // Note: this is only necessary because the http2.Framer does not support - // partially writing a frame, so the sequence must be materialized into a buffer. - // TODO: Revisit once https://github.com/golang/go/issues/66655 is addressed. - pool := l.bufferPool - if pool == nil { - // Note that this is only supposed to be nil in tests. Otherwise, stream is - // always initialized with a BufferPool. - pool = mem.DefaultBufferPool() + l.writeBuf = l.writeBuf[:0] + if hSize > 0 { + l.writeBuf = append(l.writeBuf, dataItem.h[:hSize]) + } + if dSize > 0 { + var err error + l.writeBuf, err = reader.Peek(dSize, l.writeBuf) + if err != nil { + // This must never happen since the reader must have at least dSize + // bytes. + // Log an error to fail tests. + l.logger.Errorf("unexpected error while reading Data frame payload: %v", err) + return false, err } - buf = pool.Get(size) - defer pool.Put(buf) - - copy((*buf)[:hSize], dataItem.h) - _, _ = dataItem.reader.Read((*buf)[hSize:]) } // Now that outgoing flow controls are checked we can replenish str's write quota @@ -1006,7 +1021,14 @@ func (l *loopyWriter) processData() (bool, error) { if dataItem.onEachWrite != nil { dataItem.onEachWrite() } - if err := l.framer.fr.WriteData(dataItem.streamID, endStream, (*buf)[:size]); err != nil { + err := l.framer.writeData(dataItem.streamID, endStream, l.writeBuf) + reader.Discard(dSize) + if cap(l.writeBuf) > maxWriteBufSize { + l.writeBuf = nil + } else { + clear(l.writeBuf) + } + if err != nil { return false, err } str.bytesOutStanding += size @@ -1014,7 +1036,7 @@ func (l *loopyWriter) processData() (bool, error) { dataItem.h = dataItem.h[hSize:] if remainingBytes == 0 { // All the data from that message was written out. - _ = dataItem.reader.Close() + reader.Close() str.itl.dequeue() } if str.itl.isEmpty() { diff --git a/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go b/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go index dfc0f224e..7cfbc9637 100644 --- a/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go +++ b/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go @@ -28,7 +28,7 @@ import ( // writeQuota is a soft limit on the amount of data a stream can // schedule before some of it is written out. type writeQuota struct { - quota int32 + _ noCopy // get waits on read from when quota goes less than or equal to zero. // replenish writes on it when quota goes positive again. ch chan struct{} @@ -38,16 +38,17 @@ type writeQuota struct { // It is implemented as a field so that it can be updated // by tests. replenish func(n int) + quota int32 } -func newWriteQuota(sz int32, done <-chan struct{}) *writeQuota { - w := &writeQuota{ - quota: sz, - ch: make(chan struct{}, 1), - done: done, - } +// init allows a writeQuota to be initialized in-place, which is useful for +// resetting a buffer or for avoiding a heap allocation when the buffer is +// embedded in another struct. +func (w *writeQuota) init(sz int32, done <-chan struct{}) { + w.quota = sz + w.ch = make(chan struct{}, 1) + w.done = done w.replenish = w.realReplenish - return w } func (w *writeQuota) get(sz int32) error { @@ -67,9 +68,9 @@ func (w *writeQuota) get(sz int32) error { func (w *writeQuota) realReplenish(n int) { sz := int32(n) - a := atomic.AddInt32(&w.quota, sz) - b := a - sz - if b <= 0 && a > 0 { + newQuota := atomic.AddInt32(&w.quota, sz) + previousQuota := newQuota - sz + if previousQuota <= 0 && newQuota > 0 { select { case w.ch <- struct{}{}: default: diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go index 3dea23573..7ab3422b8 100644 --- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go @@ -50,7 +50,7 @@ import ( // NewServerHandlerTransport returns a ServerTransport handling gRPC from // inside an http.Handler, or writes an HTTP error to w and returns an error. // It requires that the http Server supports HTTP/2. -func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats []stats.Handler, bufferPool mem.BufferPool) (ServerTransport, error) { +func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats stats.Handler, bufferPool mem.BufferPool) (ServerTransport, error) { if r.Method != http.MethodPost { w.Header().Set("Allow", http.MethodPost) msg := fmt.Sprintf("invalid gRPC request method %q", r.Method) @@ -170,7 +170,7 @@ type serverHandlerTransport struct { // TODO make sure this is consistent across handler_server and http2_server contentSubtype string - stats []stats.Handler + stats stats.Handler logger *grpclog.PrefixLogger bufferPool mem.BufferPool @@ -274,14 +274,14 @@ func (ht *serverHandlerTransport) writeStatus(s *ServerStream, st *status.Status } }) - if err == nil { // transport has not been closed + if err == nil && ht.stats != nil { // transport has not been closed // Note: The trailer fields are compressed with hpack after this call returns. // No WireLength field is set here. - for _, sh := range ht.stats { - sh.HandleRPC(s.Context(), &stats.OutTrailer{ - Trailer: s.trailer.Copy(), - }) - } + s.hdrMu.Lock() + ht.stats.HandleRPC(s.Context(), &stats.OutTrailer{ + Trailer: s.trailer.Copy(), + }) + s.hdrMu.Unlock() } ht.Close(errors.New("finished writing status")) return err @@ -372,19 +372,23 @@ func (ht *serverHandlerTransport) writeHeader(s *ServerStream, md metadata.MD) e ht.rw.(http.Flusher).Flush() }) - if err == nil { - for _, sh := range ht.stats { - // Note: The header fields are compressed with hpack after this call returns. - // No WireLength field is set here. - sh.HandleRPC(s.Context(), &stats.OutHeader{ - Header: md.Copy(), - Compression: s.sendCompress, - }) - } + if err == nil && ht.stats != nil { + // Note: The header fields are compressed with hpack after this call returns. + // No WireLength field is set here. + ht.stats.HandleRPC(s.Context(), &stats.OutHeader{ + Header: md.Copy(), + Compression: s.sendCompress, + }) } return err } +func (ht *serverHandlerTransport) adjustWindow(*ServerStream, uint32) { +} + +func (ht *serverHandlerTransport) updateWindow(*ServerStream, uint32) { +} + func (ht *serverHandlerTransport) HandleStreams(ctx context.Context, startStream func(*ServerStream)) { // With this transport type there will be exactly 1 stream: this HTTP request. var cancel context.CancelFunc @@ -409,11 +413,9 @@ func (ht *serverHandlerTransport) HandleStreams(ctx context.Context, startStream ctx = metadata.NewIncomingContext(ctx, ht.headerMD) req := ht.req s := &ServerStream{ - Stream: &Stream{ + Stream: Stream{ id: 0, // irrelevant ctx: ctx, - requestRead: func(int) {}, - buf: newRecvBuffer(), method: req.URL.Path, recvCompress: req.Header.Get("grpc-encoding"), contentSubtype: ht.contentSubtype, @@ -422,9 +424,11 @@ func (ht *serverHandlerTransport) HandleStreams(ctx context.Context, startStream st: ht, headerWireLength: 0, // won't have access to header wire length until golang/go#18997. } - s.trReader = &transportReader{ - reader: &recvBufferReader{ctx: s.ctx, ctxDone: s.ctx.Done(), recv: s.buf}, - windowHandler: func(int) {}, + s.Stream.buf.init() + s.readRequester = s + s.trReader = transportReader{ + reader: recvBufferReader{ctx: s.ctx, ctxDone: s.ctx.Done(), recv: &s.buf}, + windowHandler: s, } // readerDone is closed when the Body.Read-ing goroutine exits. diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index 171e690a3..37b1acc34 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -44,6 +44,7 @@ import ( "google.golang.org/grpc/internal/grpcutil" imetadata "google.golang.org/grpc/internal/metadata" "google.golang.org/grpc/internal/proxyattributes" + istats "google.golang.org/grpc/internal/stats" istatus "google.golang.org/grpc/internal/status" isyscall "google.golang.org/grpc/internal/syscall" "google.golang.org/grpc/internal/transport/networktype" @@ -105,7 +106,7 @@ type http2Client struct { kp keepalive.ClientParameters keepaliveEnabled bool - statsHandlers []stats.Handler + statsHandler stats.Handler initialWindowSize int32 @@ -309,11 +310,9 @@ func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts scheme = "https" } } - dynamicWindow := true icwz := int32(initialWindowSize) if opts.InitialConnWindowSize >= defaultWindowSize { icwz = opts.InitialConnWindowSize - dynamicWindow = false } writeBufSize := opts.WriteBufferSize readBufSize := opts.ReadBufferSize @@ -337,14 +336,14 @@ func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts writerDone: make(chan struct{}), goAway: make(chan struct{}), keepaliveDone: make(chan struct{}), - framer: newFramer(conn, writeBufSize, readBufSize, opts.SharedWriteBuffer, maxHeaderListSize), + framer: newFramer(conn, writeBufSize, readBufSize, opts.SharedWriteBuffer, maxHeaderListSize, opts.BufferPool), fc: &trInFlow{limit: uint32(icwz)}, scheme: scheme, activeStreams: make(map[uint32]*ClientStream), isSecure: isSecure, perRPCCreds: perRPCCreds, kp: kp, - statsHandlers: opts.StatsHandlers, + statsHandler: istats.NewCombinedHandler(opts.StatsHandlers...), initialWindowSize: initialWindowSize, nextID: 1, maxConcurrentStreams: defaultMaxStreamsClient, @@ -371,7 +370,7 @@ func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts }) t.logger = prefixLoggerForClientTransport(t) // Add peer information to the http2client context. - t.ctx = peer.NewContext(t.ctx, t.getPeer()) + t.ctx = peer.NewContext(t.ctx, t.Peer()) if md, ok := addr.Metadata.(*metadata.MD); ok { t.md = *md @@ -381,23 +380,21 @@ func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts t.controlBuf = newControlBuffer(t.ctxDone) if opts.InitialWindowSize >= defaultWindowSize { t.initialWindowSize = opts.InitialWindowSize - dynamicWindow = false } - if dynamicWindow { + if !opts.StaticWindowSize { t.bdpEst = &bdpEstimator{ bdp: initialWindowSize, updateFlowControl: t.updateFlowControl, } } - for _, sh := range t.statsHandlers { - t.ctx = sh.TagConn(t.ctx, &stats.ConnTagInfo{ + if t.statsHandler != nil { + t.ctx = t.statsHandler.TagConn(t.ctx, &stats.ConnTagInfo{ RemoteAddr: t.remoteAddr, LocalAddr: t.localAddr, }) - connBegin := &stats.ConnBegin{ + t.statsHandler.HandleConn(t.ctx, &stats.ConnBegin{ Client: true, - } - sh.HandleConn(t.ctx, connBegin) + }) } if t.keepaliveEnabled { t.kpDormancyCond = sync.NewCond(&t.mu) @@ -481,45 +478,40 @@ func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts return t, nil } -func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *ClientStream { +func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr, handler stats.Handler) *ClientStream { // TODO(zhaoq): Handle uint32 overflow of Stream.id. s := &ClientStream{ - Stream: &Stream{ + Stream: Stream{ method: callHdr.Method, sendCompress: callHdr.SendCompress, - buf: newRecvBuffer(), contentSubtype: callHdr.ContentSubtype, }, - ct: t, - done: make(chan struct{}), - headerChan: make(chan struct{}), - doneFunc: callHdr.DoneFunc, - } - s.wq = newWriteQuota(defaultWriteQuota, s.done) - s.requestRead = func(n int) { - t.adjustWindow(s, uint32(n)) - } + ct: t, + done: make(chan struct{}), + headerChan: make(chan struct{}), + doneFunc: callHdr.DoneFunc, + statsHandler: handler, + } + s.Stream.buf.init() + s.Stream.wq.init(defaultWriteQuota, s.done) + s.readRequester = s // The client side stream context should have exactly the same life cycle with the user provided context. // That means, s.ctx should be read-only. And s.ctx is done iff ctx is done. // So we use the original context here instead of creating a copy. s.ctx = ctx - s.trReader = &transportReader{ - reader: &recvBufferReader{ - ctx: s.ctx, - ctxDone: s.ctx.Done(), - recv: s.buf, - closeStream: func(err error) { - s.Close(err) - }, - }, - windowHandler: func(n int) { - t.updateWindow(s, uint32(n)) + s.trReader = transportReader{ + reader: recvBufferReader{ + ctx: s.ctx, + ctxDone: s.ctx.Done(), + recv: &s.buf, + clientStream: s, }, + windowHandler: s, } return s } -func (t *http2Client) getPeer() *peer.Peer { +func (t *http2Client) Peer() *peer.Peer { return &peer.Peer{ Addr: t.remoteAddr, AuthInfo: t.authInfo, // Can be nil @@ -545,7 +537,7 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) Method: callHdr.Method, AuthInfo: t.authInfo, } - ctxWithRequestInfo := icredentials.NewRequestInfoContext(ctx, ri) + ctxWithRequestInfo := credentials.NewContextWithRequestInfo(ctx, ri) authData, err := t.getTrAuthData(ctxWithRequestInfo, aud) if err != nil { return nil, err @@ -559,6 +551,22 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) // Make the slice of certain predictable size to reduce allocations made by append. hfLen := 7 // :method, :scheme, :path, :authority, content-type, user-agent, te hfLen += len(authData) + len(callAuthData) + registeredCompressors := t.registeredCompressors + if callHdr.AcceptedCompressors != nil { + registeredCompressors = *callHdr.AcceptedCompressors + } + if callHdr.PreviousAttempts > 0 { + hfLen++ + } + if callHdr.SendCompress != "" { + hfLen++ + } + if registeredCompressors != "" { + hfLen++ + } + if _, ok := ctx.Deadline(); ok { + hfLen++ + } headerFields := make([]hpack.HeaderField, 0, hfLen) headerFields = append(headerFields, hpack.HeaderField{Name: ":method", Value: "POST"}) headerFields = append(headerFields, hpack.HeaderField{Name: ":scheme", Value: t.scheme}) @@ -571,7 +579,6 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-previous-rpc-attempts", Value: strconv.Itoa(callHdr.PreviousAttempts)}) } - registeredCompressors := t.registeredCompressors if callHdr.SendCompress != "" { headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-encoding", Value: callHdr.SendCompress}) // Include the outgoing compressor name when compressor is not registered @@ -592,6 +599,9 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) // Send out timeout regardless its value. The server can detect timeout context by itself. // TODO(mmukhi): Perhaps this field should be updated when actually writing out to the wire. timeout := time.Until(dl) + if timeout <= 0 { + return nil, status.Error(codes.DeadlineExceeded, context.DeadlineExceeded.Error()) + } headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-timeout", Value: grpcutil.EncodeDuration(timeout)}) } for k, v := range authData { @@ -735,8 +745,8 @@ func (e NewStreamError) Error() string { // NewStream creates a stream and registers it into the transport as "active" // streams. All non-nil errors returned will be *NewStreamError. -func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*ClientStream, error) { - ctx = peer.NewContext(ctx, t.getPeer()) +func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr, handler stats.Handler) (*ClientStream, error) { + ctx = peer.NewContext(ctx, t.Peer()) // ServerName field of the resolver returned address takes precedence over // Host field of CallHdr to determine the :authority header. This is because, @@ -749,11 +759,30 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*ClientS callHdr = &newCallHdr } + // The authority specified via the `CallAuthority` CallOption takes the + // highest precedence when determining the `:authority` header. It overrides + // any value present in the Host field of CallHdr. Before applying this + // override, the authority string is validated. If the credentials do not + // implement the AuthorityValidator interface, or if validation fails, the + // RPC is failed with a status code of `UNAVAILABLE`. + if callHdr.Authority != "" { + auth, ok := t.authInfo.(credentials.AuthorityValidator) + if !ok { + return nil, &NewStreamError{Err: status.Errorf(codes.Unavailable, "credentials type %q does not implement the AuthorityValidator interface, but authority override specified with CallAuthority call option", t.authInfo.AuthType())} + } + if err := auth.ValidateAuthority(callHdr.Authority); err != nil { + return nil, &NewStreamError{Err: status.Errorf(codes.Unavailable, "failed to validate authority %q : %v", callHdr.Authority, err)} + } + newCallHdr := *callHdr + newCallHdr.Host = callHdr.Authority + callHdr = &newCallHdr + } + headerFields, err := t.createHeaderFields(ctx, callHdr) if err != nil { return nil, &NewStreamError{Err: err, AllowTransparentRetry: false} } - s := t.newStream(ctx, callHdr) + s := t.newStream(ctx, callHdr, handler) cleanup := func(err error) { if s.swapState(streamDone) == streamDone { // If it was already done, return. @@ -792,7 +821,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*ClientS return nil }, onOrphaned: cleanup, - wq: s.wq, + wq: &s.wq, } firstTry := true var ch chan struct{} @@ -823,7 +852,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*ClientS transportDrainRequired = t.nextID > MaxStreamID s.id = hdr.streamID - s.fc = &inFlow{limit: uint32(t.initialWindowSize)} + s.fc = inFlow{limit: uint32(t.initialWindowSize)} t.activeStreams[s.id] = s t.mu.Unlock() @@ -874,27 +903,23 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*ClientS return nil, &NewStreamError{Err: ErrConnClosing, AllowTransparentRetry: true} } } - if len(t.statsHandlers) != 0 { + if s.statsHandler != nil { header, ok := metadata.FromOutgoingContext(ctx) if ok { header.Set("user-agent", t.userAgent) } else { header = metadata.Pairs("user-agent", t.userAgent) } - for _, sh := range t.statsHandlers { - // Note: The header fields are compressed with hpack after this call returns. - // No WireLength field is set here. - // Note: Creating a new stats object to prevent pollution. - outHeader := &stats.OutHeader{ - Client: true, - FullMethod: callHdr.Method, - RemoteAddr: t.remoteAddr, - LocalAddr: t.localAddr, - Compression: callHdr.SendCompress, - Header: header, - } - sh.HandleRPC(s.ctx, outHeader) - } + // Note: The header fields are compressed with hpack after this call returns. + // No WireLength field is set here. + s.statsHandler.HandleRPC(s.ctx, &stats.OutHeader{ + Client: true, + FullMethod: callHdr.Method, + RemoteAddr: t.remoteAddr, + LocalAddr: t.localAddr, + Compression: callHdr.SendCompress, + Header: header, + }) } if transportDrainRequired { if t.logger.V(logLevel) { @@ -971,6 +996,9 @@ func (t *http2Client) closeStream(s *ClientStream, err error, rst bool, rstCode // accessed anymore. func (t *http2Client) Close(err error) { t.conn.SetWriteDeadline(time.Now().Add(time.Second * 10)) + // For background on the deadline value chosen here, see + // https://github.com/grpc/grpc-go/issues/8425#issuecomment-3057938248 . + t.conn.SetReadDeadline(time.Now().Add(time.Second)) t.mu.Lock() // Make sure we only close once. if t.state == closing { @@ -1032,11 +1060,10 @@ func (t *http2Client) Close(err error) { for _, s := range streams { t.closeStream(s, err, false, http2.ErrCodeNo, st, nil, false) } - for _, sh := range t.statsHandlers { - connEnd := &stats.ConnEnd{ + if t.statsHandler != nil { + t.statsHandler.HandleConn(t.ctx, &stats.ConnEnd{ Client: true, - } - sh.HandleConn(t.ctx, connEnd) + }) } } @@ -1069,32 +1096,29 @@ func (t *http2Client) GracefulClose() { // Write formats the data into HTTP2 data frame(s) and sends it out. The caller // should proceed only if Write returns nil. func (t *http2Client) write(s *ClientStream, hdr []byte, data mem.BufferSlice, opts *WriteOptions) error { - reader := data.Reader() - if opts.Last { // If it's the last message, update stream state. if !s.compareAndSwapState(streamActive, streamWriteDone) { - _ = reader.Close() return errStreamDone } } else if s.getState() != streamActive { - _ = reader.Close() return errStreamDone } df := &dataFrame{ streamID: s.id, endStream: opts.Last, h: hdr, - reader: reader, + data: data, } - if hdr != nil || df.reader.Remaining() != 0 { // If it's not an empty data frame, check quota. - if err := s.wq.get(int32(len(hdr) + df.reader.Remaining())); err != nil { - _ = reader.Close() + dataLen := data.Len() + if hdr != nil || dataLen != 0 { // If it's not an empty data frame, check quota. + if err := s.wq.get(int32(len(hdr) + dataLen)); err != nil { return err } } + data.Ref() if err := t.controlBuf.put(df); err != nil { - _ = reader.Close() + data.Free() return err } t.incrMsgSent() @@ -1150,7 +1174,7 @@ func (t *http2Client) updateFlowControl(n uint32) { }) } -func (t *http2Client) handleData(f *http2.DataFrame) { +func (t *http2Client) handleData(f *parsedDataFrame) { size := f.Header().Length var sendBDPPing bool if t.bdpEst != nil { @@ -1194,22 +1218,15 @@ func (t *http2Client) handleData(f *http2.DataFrame) { t.closeStream(s, io.EOF, true, http2.ErrCodeFlowControl, status.New(codes.Internal, err.Error()), nil, false) return } + dataLen := f.data.Len() if f.Header().Flags.Has(http2.FlagDataPadded) { - if w := s.fc.onRead(size - uint32(len(f.Data()))); w > 0 { + if w := s.fc.onRead(size - uint32(dataLen)); w > 0 { t.controlBuf.put(&outgoingWindowUpdate{s.id, w}) } } - // TODO(bradfitz, zhaoq): A copy is required here because there is no - // guarantee f.Data() is consumed before the arrival of next frame. - // Can this copy be eliminated? - if len(f.Data()) > 0 { - pool := t.bufferPool - if pool == nil { - // Note that this is only supposed to be nil in tests. Otherwise, stream is - // always initialized with a BufferPool. - pool = mem.DefaultBufferPool() - } - s.write(recvMsg{buffer: mem.Copy(f.Data(), pool)}) + if dataLen > 0 { + f.data.Ref() + s.write(recvMsg{buffer: f.data}) } } // The server has closed the stream without sending trailers. Record that @@ -1449,17 +1466,14 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { contentTypeErr = "malformed header: missing HTTP content-type" grpcMessage string recvCompress string - httpStatusCode *int httpStatusErr string - rawStatusCode = codes.Unknown + // the code from the grpc-status header, if present + grpcStatusCode = codes.Unknown // headerError is set if an error is encountered while parsing the headers headerError string + httpStatus string ) - if initialHeader { - httpStatusErr = "malformed header: missing HTTP status" - } - for _, hf := range frame.Fields { switch hf.Name { case "content-type": @@ -1475,35 +1489,15 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { case "grpc-status": code, err := strconv.ParseInt(hf.Value, 10, 32) if err != nil { - se := status.New(codes.Internal, fmt.Sprintf("transport: malformed grpc-status: %v", err)) + se := status.New(codes.Unknown, fmt.Sprintf("transport: malformed grpc-status: %v", err)) t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) return } - rawStatusCode = codes.Code(uint32(code)) + grpcStatusCode = codes.Code(uint32(code)) case "grpc-message": grpcMessage = decodeGrpcMessage(hf.Value) case ":status": - if hf.Value == "200" { - httpStatusErr = "" - statusCode := 200 - httpStatusCode = &statusCode - break - } - - c, err := strconv.ParseInt(hf.Value, 10, 32) - if err != nil { - se := status.New(codes.Internal, fmt.Sprintf("transport: malformed http-status: %v", err)) - t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) - return - } - statusCode := int(c) - httpStatusCode = &statusCode - - httpStatusErr = fmt.Sprintf( - "unexpected HTTP status code received from server: %d (%s)", - statusCode, - http.StatusText(statusCode), - ) + httpStatus = hf.Value default: if isReservedHeader(hf.Name) && !isWhitelistedHeader(hf.Name) { break @@ -1518,25 +1512,52 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { } } - if !isGRPC || httpStatusErr != "" { - var code = codes.Internal // when header does not include HTTP status, return INTERNAL - - if httpStatusCode != nil { + // If a non-gRPC response is received, then evaluate the HTTP status to + // process the response and close the stream. + // In case http status doesn't provide any error information (status : 200), + // then evalute response code to be Unknown. + if !isGRPC { + var grpcErrorCode = codes.Internal + if httpStatus == "" { + httpStatusErr = "malformed header: missing HTTP status" + } else { + // Parse the status codes (e.g. "200", 404"). + statusCode, err := strconv.Atoi(httpStatus) + if err != nil { + se := status.New(grpcErrorCode, fmt.Sprintf("transport: malformed http-status: %v", err)) + t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) + return + } + if statusCode >= 100 && statusCode < 200 { + if endStream { + se := status.New(codes.Internal, fmt.Sprintf( + "protocol error: informational header with status code %d must not have END_STREAM set", statusCode)) + t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) + } + // In case of informational headers, return. + return + } + httpStatusErr = fmt.Sprintf( + "unexpected HTTP status code received from server: %d (%s)", + statusCode, + http.StatusText(statusCode), + ) var ok bool - code, ok = HTTPStatusConvTab[*httpStatusCode] + grpcErrorCode, ok = HTTPStatusConvTab[statusCode] if !ok { - code = codes.Unknown + grpcErrorCode = codes.Unknown } } var errs []string if httpStatusErr != "" { errs = append(errs, httpStatusErr) } + if contentTypeErr != "" { errs = append(errs, contentTypeErr) } - // Verify the HTTP response is a 200. - se := status.New(code, strings.Join(errs, "; ")) + + se := status.New(grpcErrorCode, strings.Join(errs, "; ")) t.closeStream(s, se.Err(), true, http2.ErrCodeProtocol, se, nil, endStream) return } @@ -1567,22 +1588,20 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { } } - for _, sh := range t.statsHandlers { + if s.statsHandler != nil { if !endStream { - inHeader := &stats.InHeader{ + s.statsHandler.HandleRPC(s.ctx, &stats.InHeader{ Client: true, WireLength: int(frame.Header().Length), Header: metadata.MD(mdata).Copy(), Compression: s.recvCompress, - } - sh.HandleRPC(s.ctx, inHeader) + }) } else { - inTrailer := &stats.InTrailer{ + s.statsHandler.HandleRPC(s.ctx, &stats.InTrailer{ Client: true, WireLength: int(frame.Header().Length), Trailer: metadata.MD(mdata).Copy(), - } - sh.HandleRPC(s.ctx, inTrailer) + }) } } @@ -1590,7 +1609,7 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { return } - status := istatus.NewWithProto(rawStatusCode, grpcMessage, mdata[grpcStatusDetailsBinHeader]) + status := istatus.NewWithProto(grpcStatusCode, grpcMessage, mdata[grpcStatusDetailsBinHeader]) // If client received END_STREAM from server while stream was still active, // send RST_STREAM. @@ -1637,7 +1656,7 @@ func (t *http2Client) reader(errCh chan<- error) { // loop to keep reading incoming messages on this transport. for { t.controlBuf.throttle() - frame, err := t.framer.fr.ReadFrame() + frame, err := t.framer.readFrame() if t.keepaliveEnabled { atomic.StoreInt64(&t.lastRead, time.Now().UnixNano()) } @@ -1652,7 +1671,7 @@ func (t *http2Client) reader(errCh chan<- error) { if s != nil { // use error detail to provide better err message code := http2ErrConvTab[se.Code] - errorDetail := t.framer.fr.ErrorDetail() + errorDetail := t.framer.errorDetail() var msg string if errorDetail != nil { msg = errorDetail.Error() @@ -1670,8 +1689,9 @@ func (t *http2Client) reader(errCh chan<- error) { switch frame := frame.(type) { case *http2.MetaHeadersFrame: t.operateHeaders(frame) - case *http2.DataFrame: + case *parsedDataFrame: t.handleData(frame) + frame.data.Free() case *http2.RSTStreamFrame: t.handleRSTStream(frame) case *http2.SettingsFrame: @@ -1791,8 +1811,6 @@ func (t *http2Client) socketMetrics() *channelz.EphemeralSocketMetrics { } } -func (t *http2Client) RemoteAddr() net.Addr { return t.remoteAddr } - func (t *http2Client) incrMsgSent() { if channelz.IsOn() { t.channelz.SocketMetrics.MessagesSent.Add(1) diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go index 7e53eb173..a1a14e14f 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go @@ -35,13 +35,15 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" + "google.golang.org/protobuf/proto" + "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/grpclog" "google.golang.org/grpc/internal/grpcutil" "google.golang.org/grpc/internal/pretty" + istatus "google.golang.org/grpc/internal/status" "google.golang.org/grpc/internal/syscall" "google.golang.org/grpc/mem" - "google.golang.org/protobuf/proto" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" @@ -85,7 +87,7 @@ type http2Server struct { // updates, reset streams, and various settings) to the controller. controlBuf *controlBuffer fc *trInFlow - stats []stats.Handler + stats stats.Handler // Keepalive and max-age parameters for the server. kp keepalive.ServerParameters // Keepalive enforcement policy. @@ -131,6 +133,10 @@ type http2Server struct { maxStreamID uint32 // max stream ID ever seen logger *grpclog.PrefixLogger + // setResetPingStrikes is stored as a closure instead of making this a + // method on http2Server to avoid a heap allocation when converting a method + // to a closure for passing to frames objects. + setResetPingStrikes func() } // NewServerTransport creates a http2 transport with conn and configuration @@ -163,7 +169,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, if config.MaxHeaderListSize != nil { maxHeaderListSize = *config.MaxHeaderListSize } - framer := newFramer(conn, writeBufSize, readBufSize, config.SharedWriteBuffer, maxHeaderListSize) + framer := newFramer(conn, writeBufSize, readBufSize, config.SharedWriteBuffer, maxHeaderListSize, config.BufferPool) // Send initial settings as connection preface to client. isettings := []http2.Setting{{ ID: http2.SettingMaxFrameSize, @@ -175,16 +181,13 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, Val: config.MaxStreams, }) } - dynamicWindow := true iwz := int32(initialWindowSize) if config.InitialWindowSize >= defaultWindowSize { iwz = config.InitialWindowSize - dynamicWindow = false } icwz := int32(initialWindowSize) if config.InitialConnWindowSize >= defaultWindowSize { icwz = config.InitialConnWindowSize - dynamicWindow = false } if iwz != defaultWindowSize { isettings = append(isettings, http2.Setting{ @@ -258,13 +261,16 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, fc: &trInFlow{limit: uint32(icwz)}, state: reachable, activeStreams: make(map[uint32]*ServerStream), - stats: config.StatsHandlers, + stats: config.StatsHandler, kp: kp, idle: time.Now(), kep: kep, initialWindowSize: iwz, bufferPool: config.BufferPool, } + t.setResetPingStrikes = func() { + atomic.StoreUint32(&t.resetPingStrikes, 1) + } var czSecurity credentials.ChannelzSecurityValue if au, ok := authInfo.(credentials.ChannelzSecurityInfo); ok { czSecurity = au.GetSecurityValue() @@ -284,7 +290,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, t.logger = prefixLoggerForServerTransport(t) t.controlBuf = newControlBuffer(t.done) - if dynamicWindow { + if !config.StaticWindowSize { t.bdpEst = &bdpEstimator{ bdp: initialWindowSize, updateFlowControl: t.updateFlowControl, @@ -385,16 +391,15 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade } t.maxStreamID = streamID - buf := newRecvBuffer() s := &ServerStream{ - Stream: &Stream{ - id: streamID, - buf: buf, - fc: &inFlow{limit: uint32(t.initialWindowSize)}, + Stream: Stream{ + id: streamID, + fc: inFlow{limit: uint32(t.initialWindowSize)}, }, st: t, headerWireLength: int(frame.Header().Length), } + s.Stream.buf.init() var ( // if false, content-type was missing or invalid isGRPC = false @@ -474,13 +479,7 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade if t.logger.V(logLevel) { t.logger.Infof("Aborting the stream early: %v", errMsg) } - t.controlBuf.put(&earlyAbortStream{ - httpStatus: http.StatusBadRequest, - streamID: streamID, - contentSubtype: s.contentSubtype, - status: status.New(codes.Internal, errMsg), - rst: !frame.StreamEnded(), - }) + t.writeEarlyAbort(streamID, s.contentSubtype, status.New(codes.Internal, errMsg), http.StatusBadRequest, !frame.StreamEnded()) return nil } @@ -494,23 +493,11 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade return nil } if !isGRPC { - t.controlBuf.put(&earlyAbortStream{ - httpStatus: http.StatusUnsupportedMediaType, - streamID: streamID, - contentSubtype: s.contentSubtype, - status: status.Newf(codes.InvalidArgument, "invalid gRPC request content-type %q", contentType), - rst: !frame.StreamEnded(), - }) + t.writeEarlyAbort(streamID, s.contentSubtype, status.Newf(codes.InvalidArgument, "invalid gRPC request content-type %q", contentType), http.StatusUnsupportedMediaType, !frame.StreamEnded()) return nil } if headerError != nil { - t.controlBuf.put(&earlyAbortStream{ - httpStatus: http.StatusBadRequest, - streamID: streamID, - contentSubtype: s.contentSubtype, - status: headerError, - rst: !frame.StreamEnded(), - }) + t.writeEarlyAbort(streamID, s.contentSubtype, headerError, http.StatusBadRequest, !frame.StreamEnded()) return nil } @@ -564,13 +551,7 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade if t.logger.V(logLevel) { t.logger.Infof("Aborting the stream early: %v", errMsg) } - t.controlBuf.put(&earlyAbortStream{ - httpStatus: http.StatusMethodNotAllowed, - streamID: streamID, - contentSubtype: s.contentSubtype, - status: status.New(codes.Internal, errMsg), - rst: !frame.StreamEnded(), - }) + t.writeEarlyAbort(streamID, s.contentSubtype, status.New(codes.Internal, errMsg), http.StatusMethodNotAllowed, !frame.StreamEnded()) s.cancel() return nil } @@ -585,20 +566,24 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade if !ok { stat = status.New(codes.PermissionDenied, err.Error()) } - t.controlBuf.put(&earlyAbortStream{ - httpStatus: http.StatusOK, - streamID: s.id, - contentSubtype: s.contentSubtype, - status: stat, - rst: !frame.StreamEnded(), - }) + t.writeEarlyAbort(s.id, s.contentSubtype, stat, http.StatusOK, !frame.StreamEnded()) return nil } } + + if s.ctx.Err() != nil { + t.mu.Unlock() + st := status.New(codes.DeadlineExceeded, context.DeadlineExceeded.Error()) + // Early abort in case the timeout was zero or so low it already fired. + t.writeEarlyAbort(s.id, s.contentSubtype, st, http.StatusOK, !frame.StreamEnded()) + return nil + } + t.activeStreams[streamID] = s if len(t.activeStreams) == 1 { t.idle = time.Time{} } + // Start a timer to close the stream on reaching the deadline. if timeoutSet { // We need to wait for s.cancel to be updated before calling @@ -620,25 +605,21 @@ func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeade t.channelz.SocketMetrics.StreamsStarted.Add(1) t.channelz.SocketMetrics.LastRemoteStreamCreatedTimestamp.Store(time.Now().UnixNano()) } - s.requestRead = func(n int) { - t.adjustWindow(s, uint32(n)) - } + s.readRequester = s s.ctxDone = s.ctx.Done() - s.wq = newWriteQuota(defaultWriteQuota, s.ctxDone) - s.trReader = &transportReader{ - reader: &recvBufferReader{ + s.Stream.wq.init(defaultWriteQuota, s.ctxDone) + s.trReader = transportReader{ + reader: recvBufferReader{ ctx: s.ctx, ctxDone: s.ctxDone, - recv: s.buf, - }, - windowHandler: func(n int) { - t.updateWindow(s, uint32(n)) + recv: &s.buf, }, + windowHandler: s, } // Register the stream with loopy. t.controlBuf.put(®isterStream{ streamID: s.id, - wq: s.wq, + wq: &s.wq, }) handle(s) return nil @@ -654,7 +635,7 @@ func (t *http2Server) HandleStreams(ctx context.Context, handle func(*ServerStre }() for { t.controlBuf.throttle() - frame, err := t.framer.fr.ReadFrame() + frame, err := t.framer.readFrame() atomic.StoreInt64(&t.lastRead, time.Now().UnixNano()) if err != nil { if se, ok := err.(http2.StreamError); ok { @@ -691,8 +672,9 @@ func (t *http2Server) HandleStreams(ctx context.Context, handle func(*ServerStre }) continue } - case *http2.DataFrame: + case *parsedDataFrame: t.handleData(frame) + frame.data.Free() case *http2.RSTStreamFrame: t.handleRSTStream(frame) case *http2.SettingsFrame: @@ -772,7 +754,7 @@ func (t *http2Server) updateFlowControl(n uint32) { } -func (t *http2Server) handleData(f *http2.DataFrame) { +func (t *http2Server) handleData(f *parsedDataFrame) { size := f.Header().Length var sendBDPPing bool if t.bdpEst != nil { @@ -817,22 +799,15 @@ func (t *http2Server) handleData(f *http2.DataFrame) { t.closeStream(s, true, http2.ErrCodeFlowControl, false) return } + dataLen := f.data.Len() if f.Header().Flags.Has(http2.FlagDataPadded) { - if w := s.fc.onRead(size - uint32(len(f.Data()))); w > 0 { + if w := s.fc.onRead(size - uint32(dataLen)); w > 0 { t.controlBuf.put(&outgoingWindowUpdate{s.id, w}) } } - // TODO(bradfitz, zhaoq): A copy is required here because there is no - // guarantee f.Data() is consumed before the arrival of next frame. - // Can this copy be eliminated? - if len(f.Data()) > 0 { - pool := t.bufferPool - if pool == nil { - // Note that this is only supposed to be nil in tests. Otherwise, stream is - // always initialized with a BufferPool. - pool = mem.DefaultBufferPool() - } - s.write(recvMsg{buffer: mem.Copy(f.Data(), pool)}) + if dataLen > 0 { + f.data.Ref() + s.write(recvMsg{buffer: f.data}) } } if f.StreamEnded() { @@ -959,13 +934,12 @@ func appendHeaderFieldsFromMD(headerFields []hpack.HeaderField, md metadata.MD) return headerFields } -func (t *http2Server) checkForHeaderListSize(it any) bool { +func (t *http2Server) checkForHeaderListSize(hf []hpack.HeaderField) bool { if t.maxSendHeaderListSize == nil { return true } - hdrFrame := it.(*headerFrame) var sz int64 - for _, f := range hdrFrame.hf { + for _, f := range hf { if sz += int64(f.Size()); sz > int64(*t.maxSendHeaderListSize) { if t.logger.V(logLevel) { t.logger.Infof("Header list size to send violates the maximum size (%d bytes) set by client", *t.maxSendHeaderListSize) @@ -976,6 +950,42 @@ func (t *http2Server) checkForHeaderListSize(it any) bool { return true } +// writeEarlyAbort sends an early abort response with the given HTTP status and +// gRPC status. If the header list size exceeds the peer's limit, it sends a +// RST_STREAM instead. +func (t *http2Server) writeEarlyAbort(streamID uint32, contentSubtype string, stat *status.Status, httpStatus uint32, rst bool) { + hf := []hpack.HeaderField{ + {Name: ":status", Value: strconv.Itoa(int(httpStatus))}, + {Name: "content-type", Value: grpcutil.ContentType(contentSubtype)}, + {Name: "grpc-status", Value: strconv.Itoa(int(stat.Code()))}, + {Name: "grpc-message", Value: encodeGrpcMessage(stat.Message())}, + } + if p := istatus.RawStatusProto(stat); len(p.GetDetails()) > 0 { + stBytes, err := proto.Marshal(p) + if err != nil { + t.logger.Errorf("Failed to marshal rpc status: %s, error: %v", pretty.ToJSON(p), err) + } + if err == nil { + hf = append(hf, hpack.HeaderField{Name: grpcStatusDetailsBinHeader, Value: encodeBinHeader(stBytes)}) + } + } + success, _ := t.controlBuf.executeAndPut(func() bool { + return t.checkForHeaderListSize(hf) + }, &earlyAbortStream{ + streamID: streamID, + rst: rst, + hf: hf, + }) + if !success { + t.controlBuf.put(&cleanupStream{ + streamID: streamID, + rst: true, + rstCode: http2.ErrCodeInternal, + onWrite: func() {}, + }) + } +} + func (t *http2Server) streamContextErr(s *ServerStream) error { select { case <-t.done: @@ -1015,10 +1025,6 @@ func (t *http2Server) writeHeader(s *ServerStream, md metadata.MD) error { return nil } -func (t *http2Server) setResetPingStrikes() { - atomic.StoreUint32(&t.resetPingStrikes, 1) -} - func (t *http2Server) writeHeaderLocked(s *ServerStream) error { // TODO(mmukhi): Benchmark if the performance gets better if count the metadata and other header fields // first and create a slice of that exact size. @@ -1035,7 +1041,7 @@ func (t *http2Server) writeHeaderLocked(s *ServerStream) error { endStream: false, onWrite: t.setResetPingStrikes, } - success, err := t.controlBuf.executeAndPut(func() bool { return t.checkForHeaderListSize(hf) }, hf) + success, err := t.controlBuf.executeAndPut(func() bool { return t.checkForHeaderListSize(hf.hf) }, hf) if !success { if err != nil { return err @@ -1043,19 +1049,18 @@ func (t *http2Server) writeHeaderLocked(s *ServerStream) error { t.closeStream(s, true, http2.ErrCodeInternal, false) return ErrHeaderListSizeLimitViolation } - for _, sh := range t.stats { + if t.stats != nil { // Note: Headers are compressed with hpack after this call returns. // No WireLength field is set here. - outHeader := &stats.OutHeader{ + t.stats.HandleRPC(s.Context(), &stats.OutHeader{ Header: s.header.Copy(), Compression: s.sendCompress, - } - sh.HandleRPC(s.Context(), outHeader) + }) } return nil } -// WriteStatus sends stream status to the client and terminates the stream. +// writeStatus sends stream status to the client and terminates the stream. // There is no further I/O operations being able to perform on this stream. // TODO(zhaoq): Now it indicates the end of entire stream. Revisit if early // OK is adopted. @@ -1083,7 +1088,7 @@ func (t *http2Server) writeStatus(s *ServerStream, st *status.Status) error { headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status", Value: strconv.Itoa(int(st.Code()))}) headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(st.Message())}) - if p := st.Proto(); p != nil && len(p.Details) > 0 { + if p := istatus.RawStatusProto(st); len(p.GetDetails()) > 0 { // Do not use the user's grpc-status-details-bin (if present) if we are // even attempting to set our own. delete(s.trailer, grpcStatusDetailsBinHeader) @@ -1106,7 +1111,7 @@ func (t *http2Server) writeStatus(s *ServerStream, st *status.Status) error { } success, err := t.controlBuf.executeAndPut(func() bool { - return t.checkForHeaderListSize(trailingHeader) + return t.checkForHeaderListSize(trailingHeader.hf) }, nil) if !success { if err != nil { @@ -1118,10 +1123,10 @@ func (t *http2Server) writeStatus(s *ServerStream, st *status.Status) error { // Send a RST_STREAM after the trailers if the client has not already half-closed. rst := s.getState() == streamActive t.finishStream(s, rst, http2.ErrCodeNo, trailingHeader, true) - for _, sh := range t.stats { + if t.stats != nil { // Note: The trailer fields are compressed with hpack after this call returns. // No WireLength field is set here. - sh.HandleRPC(s.Context(), &stats.OutTrailer{ + t.stats.HandleRPC(s.Context(), &stats.OutTrailer{ Trailer: s.trailer.Copy(), }) } @@ -1131,17 +1136,13 @@ func (t *http2Server) writeStatus(s *ServerStream, st *status.Status) error { // Write converts the data into HTTP2 data frame and sends it out. Non-nil error // is returns if it fails (e.g., framing error, transport error). func (t *http2Server) write(s *ServerStream, hdr []byte, data mem.BufferSlice, _ *WriteOptions) error { - reader := data.Reader() - if !s.isHeaderSent() { // Headers haven't been written yet. if err := t.writeHeader(s, nil); err != nil { - _ = reader.Close() return err } } else { // Writing headers checks for this condition. if s.getState() == streamDone { - _ = reader.Close() return t.streamContextErr(s) } } @@ -1149,15 +1150,16 @@ func (t *http2Server) write(s *ServerStream, hdr []byte, data mem.BufferSlice, _ df := &dataFrame{ streamID: s.id, h: hdr, - reader: reader, + data: data, onEachWrite: t.setResetPingStrikes, } - if err := s.wq.get(int32(len(hdr) + df.reader.Remaining())); err != nil { - _ = reader.Close() + dataLen := data.Len() + if err := s.wq.get(int32(len(hdr) + dataLen)); err != nil { return t.streamContextErr(s) } + data.Ref() if err := t.controlBuf.put(df); err != nil { - _ = reader.Close() + data.Free() return err } t.incrMsgSent() @@ -1292,7 +1294,8 @@ func (t *http2Server) Close(err error) { // deleteStream deletes the stream s from transport's active streams. func (t *http2Server) deleteStream(s *ServerStream, eosReceived bool) { t.mu.Lock() - if _, ok := t.activeStreams[s.id]; ok { + _, isActive := t.activeStreams[s.id] + if isActive { delete(t.activeStreams, s.id) if len(t.activeStreams) == 0 { t.idle = time.Now() @@ -1300,7 +1303,7 @@ func (t *http2Server) deleteStream(s *ServerStream, eosReceived bool) { } t.mu.Unlock() - if channelz.IsOn() { + if isActive && channelz.IsOn() { if eosReceived { t.channelz.SocketMetrics.StreamsSucceeded.Add(1) } else { @@ -1340,10 +1343,10 @@ func (t *http2Server) closeStream(s *ServerStream, rst bool, rstCode http2.ErrCo // called to interrupt the potential blocking on other goroutines. s.cancel() - oldState := s.swapState(streamDone) - if oldState == streamDone { - return - } + // We can't return early even if the stream's state is "done" as the state + // might have been set by the `finishStream` method. Deleting the stream via + // `finishStream` can get blocked on flow control. + s.swapState(streamDone) t.deleteStream(s, eosReceived) t.controlBuf.put(&cleanupStream{ diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go index f997f9fdb..5bbb641ad 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http_util.go +++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go @@ -25,7 +25,6 @@ import ( "fmt" "io" "math" - "net" "net/http" "net/url" "strconv" @@ -37,6 +36,7 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" "google.golang.org/grpc/codes" + "google.golang.org/grpc/mem" ) const ( @@ -196,11 +196,11 @@ func decodeTimeout(s string) (time.Duration, error) { if !ok { return 0, fmt.Errorf("transport: timeout unit is not recognized: %q", s) } - t, err := strconv.ParseInt(s[:size-1], 10, 64) + t, err := strconv.ParseUint(s[:size-1], 10, 64) if err != nil { return 0, err } - const maxHours = math.MaxInt64 / int64(time.Hour) + const maxHours = math.MaxInt64 / uint64(time.Hour) if d == time.Hour && t > maxHours { // This timeout would overflow math.MaxInt64; clamp it. return time.Duration(math.MaxInt64), nil @@ -300,11 +300,11 @@ type bufWriter struct { buf []byte offset int batchSize int - conn net.Conn + conn io.Writer err error } -func newBufWriter(conn net.Conn, batchSize int, pool *sync.Pool) *bufWriter { +func newBufWriter(conn io.Writer, batchSize int, pool *sync.Pool) *bufWriter { w := &bufWriter{ batchSize: batchSize, conn: conn, @@ -388,15 +388,29 @@ func toIOError(err error) error { return ioError{error: err} } +type parsedDataFrame struct { + http2.FrameHeader + data mem.Buffer +} + +func (df *parsedDataFrame) StreamEnded() bool { + return df.FrameHeader.Flags.Has(http2.FlagDataEndStream) +} + type framer struct { - writer *bufWriter - fr *http2.Framer + writer *bufWriter + fr *http2.Framer + headerBuf []byte // cached slice for framer headers to reduce heap allocs. + reader io.Reader + dataFrame parsedDataFrame // Cached data frame to avoid heap allocations. + pool mem.BufferPool + errDetail error } var writeBufferPoolMap = make(map[int]*sync.Pool) var writeBufferMutex sync.Mutex -func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, sharedWriteBuffer bool, maxHeaderListSize uint32) *framer { +func newFramer(conn io.ReadWriter, writeBufferSize, readBufferSize int, sharedWriteBuffer bool, maxHeaderListSize uint32, memPool mem.BufferPool) *framer { if writeBufferSize < 0 { writeBufferSize = 0 } @@ -412,6 +426,8 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, sharedWriteBu f := &framer{ writer: w, fr: http2.NewFramer(w, r), + reader: r, + pool: memPool, } f.fr.SetMaxReadFrameSize(http2MaxFrameLen) // Opt-in to Frame reuse API on framer to reduce garbage. @@ -422,6 +438,146 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, sharedWriteBu return f } +// writeData writes a DATA frame. +// +// It is the caller's responsibility not to violate the maximum frame size. +func (f *framer) writeData(streamID uint32, endStream bool, data [][]byte) error { + var flags http2.Flags + if endStream { + flags = http2.FlagDataEndStream + } + length := uint32(0) + for _, d := range data { + length += uint32(len(d)) + } + // TODO: Replace the header write with the framer API being added in + // https://github.com/golang/go/issues/66655. + f.headerBuf = append(f.headerBuf[:0], + byte(length>>16), + byte(length>>8), + byte(length), + byte(http2.FrameData), + byte(flags), + byte(streamID>>24), + byte(streamID>>16), + byte(streamID>>8), + byte(streamID)) + if _, err := f.writer.Write(f.headerBuf); err != nil { + return err + } + for _, d := range data { + if _, err := f.writer.Write(d); err != nil { + return err + } + } + return nil +} + +// readFrame reads a single frame. The returned Frame is only valid +// until the next call to readFrame. +func (f *framer) readFrame() (any, error) { + f.errDetail = nil + fh, err := f.fr.ReadFrameHeader() + if err != nil { + f.errDetail = f.fr.ErrorDetail() + return nil, err + } + // Read the data frame directly from the underlying io.Reader to avoid + // copies. + if fh.Type == http2.FrameData { + err = f.readDataFrame(fh) + return &f.dataFrame, err + } + fr, err := f.fr.ReadFrameForHeader(fh) + if err != nil { + f.errDetail = f.fr.ErrorDetail() + return nil, err + } + return fr, err +} + +// errorDetail returns a more detailed error of the last error +// returned by framer.readFrame. For instance, if readFrame +// returns a StreamError with code PROTOCOL_ERROR, errorDetail +// will say exactly what was invalid. errorDetail is not guaranteed +// to return a non-nil value. +// errorDetail is reset after the next call to readFrame. +func (f *framer) errorDetail() error { + return f.errDetail +} + +func (f *framer) readDataFrame(fh http2.FrameHeader) (err error) { + if fh.StreamID == 0 { + // DATA frames MUST be associated with a stream. If a + // DATA frame is received whose stream identifier + // field is 0x0, the recipient MUST respond with a + // connection error (Section 5.4.1) of type + // PROTOCOL_ERROR. + f.errDetail = errors.New("DATA frame with stream ID 0") + return http2.ConnectionError(http2.ErrCodeProtocol) + } + // Converting a *[]byte to a mem.SliceBuffer incurs a heap allocation. This + // conversion is performed by mem.NewBuffer. To avoid the extra allocation + // a []byte is allocated directly if required and cast to a mem.SliceBuffer. + var buf []byte + // poolHandle is the pointer returned by the buffer pool (if it's used.). + var poolHandle *[]byte + useBufferPool := !mem.IsBelowBufferPoolingThreshold(int(fh.Length)) + if useBufferPool { + poolHandle = f.pool.Get(int(fh.Length)) + buf = *poolHandle + defer func() { + if err != nil { + f.pool.Put(poolHandle) + } + }() + } else { + buf = make([]byte, int(fh.Length)) + } + if fh.Flags.Has(http2.FlagDataPadded) { + if fh.Length == 0 { + return io.ErrUnexpectedEOF + } + // This initial 1-byte read can be inefficient for unbuffered readers, + // but it allows the rest of the payload to be read directly to the + // start of the destination slice. This makes it easy to return the + // original slice back to the buffer pool. + if _, err := io.ReadFull(f.reader, buf[:1]); err != nil { + return err + } + padSize := buf[0] + buf = buf[:len(buf)-1] + if int(padSize) > len(buf) { + // If the length of the padding is greater than the + // length of the frame payload, the recipient MUST + // treat this as a connection error. + // Filed: https://github.com/http2/http2-spec/issues/610 + f.errDetail = errors.New("pad size larger than data payload") + return http2.ConnectionError(http2.ErrCodeProtocol) + } + if _, err := io.ReadFull(f.reader, buf); err != nil { + return err + } + buf = buf[:len(buf)-int(padSize)] + } else if _, err := io.ReadFull(f.reader, buf); err != nil { + return err + } + + f.dataFrame.FrameHeader = fh + if useBufferPool { + // Update the handle to point to the (potentially re-sliced) buf. + *poolHandle = buf + f.dataFrame.data = mem.NewBuffer(poolHandle, f.pool) + } else { + f.dataFrame.data = mem.SliceBuffer(buf) + } + return nil +} + +func (df *parsedDataFrame) Header() http2.FrameHeader { + return df.FrameHeader +} + func getWriteBufferPool(size int) *sync.Pool { writeBufferMutex.Lock() defer writeBufferMutex.Unlock() diff --git a/vendor/google.golang.org/grpc/internal/transport/server_stream.go b/vendor/google.golang.org/grpc/internal/transport/server_stream.go index cf8da0b52..ed6a13b75 100644 --- a/vendor/google.golang.org/grpc/internal/transport/server_stream.go +++ b/vendor/google.golang.org/grpc/internal/transport/server_stream.go @@ -32,7 +32,7 @@ import ( // ServerStream implements streaming functionality for a gRPC server. type ServerStream struct { - *Stream // Embed for common stream functionality. + Stream // Embed for common stream functionality. st internalServerTransport ctxDone <-chan struct{} // closed at the end of stream. Cache of ctx.Done() (for performance) @@ -43,12 +43,13 @@ type ServerStream struct { // Holds compressor names passed in grpc-accept-encoding metadata from the // client. clientAdvertisedCompressors string - headerWireLength int // hdrMu protects outgoing header and trailer metadata. hdrMu sync.Mutex header metadata.MD // the outgoing header metadata. Updated by WriteHeader. headerSent atomic.Bool // atomically set when the headers are sent out. + + headerWireLength int } // Read reads an n byte message from the input stream. @@ -178,3 +179,11 @@ func (s *ServerStream) SetTrailer(md metadata.MD) error { s.hdrMu.Unlock() return nil } + +func (s *ServerStream) requestRead(n int) { + s.st.adjustWindow(s, uint32(n)) +} + +func (s *ServerStream) updateWindow(n int) { + s.st.updateWindow(s, uint32(n)) +} diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go index af4a4aeab..b86094da9 100644 --- a/vendor/google.golang.org/grpc/internal/transport/transport.go +++ b/vendor/google.golang.org/grpc/internal/transport/transport.go @@ -68,11 +68,11 @@ type recvBuffer struct { err error } -func newRecvBuffer() *recvBuffer { - b := &recvBuffer{ - c: make(chan recvMsg, 1), - } - return b +// init allows a recvBuffer to be initialized in-place, which is useful +// for resetting a buffer or for avoiding a heap allocation when the buffer +// is embedded in another struct. +func (b *recvBuffer) init() { + b.c = make(chan recvMsg, 1) } func (b *recvBuffer) put(r recvMsg) { @@ -123,12 +123,13 @@ func (b *recvBuffer) get() <-chan recvMsg { // recvBufferReader implements io.Reader interface to read the data from // recvBuffer. type recvBufferReader struct { - closeStream func(error) // Closes the client transport stream with the given error and nil trailer metadata. - ctx context.Context - ctxDone <-chan struct{} // cache of ctx.Done() (for performance). - recv *recvBuffer - last mem.Buffer // Stores the remaining data in the previous calls. - err error + _ noCopy + clientStream *ClientStream // The client transport stream is closed with a status representing ctx.Err() and nil trailer metadata. + ctx context.Context + ctxDone <-chan struct{} // cache of ctx.Done() (for performance). + recv *recvBuffer + last mem.Buffer // Stores the remaining data in the previous calls. + err error } func (r *recvBufferReader) ReadMessageHeader(header []byte) (n int, err error) { @@ -139,7 +140,7 @@ func (r *recvBufferReader) ReadMessageHeader(header []byte) (n int, err error) { n, r.last = mem.ReadUnsafe(header, r.last) return n, nil } - if r.closeStream != nil { + if r.clientStream != nil { n, r.err = r.readMessageHeaderClient(header) } else { n, r.err = r.readMessageHeader(header) @@ -164,7 +165,7 @@ func (r *recvBufferReader) Read(n int) (buf mem.Buffer, err error) { } return buf, nil } - if r.closeStream != nil { + if r.clientStream != nil { buf, r.err = r.readClient(n) } else { buf, r.err = r.read(n) @@ -209,7 +210,7 @@ func (r *recvBufferReader) readMessageHeaderClient(header []byte) (n int, err er // TODO: delaying ctx error seems like a unnecessary side effect. What // we really want is to mark the stream as done, and return ctx error // faster. - r.closeStream(ContextErr(r.ctx.Err())) + r.clientStream.Close(ContextErr(r.ctx.Err())) m := <-r.recv.get() return r.readMessageHeaderAdditional(m, header) case m := <-r.recv.get(): @@ -236,7 +237,7 @@ func (r *recvBufferReader) readClient(n int) (buf mem.Buffer, err error) { // TODO: delaying ctx error seems like a unnecessary side effect. What // we really want is to mark the stream as done, and return ctx error // faster. - r.closeStream(ContextErr(r.ctx.Err())) + r.clientStream.Close(ContextErr(r.ctx.Err())) m := <-r.recv.get() return r.readAdditional(m, n) case m := <-r.recv.get(): @@ -285,27 +286,32 @@ const ( // Stream represents an RPC in the transport layer. type Stream struct { - id uint32 ctx context.Context // the associated context of the stream method string // the associated RPC method of the stream recvCompress string sendCompress string - buf *recvBuffer - trReader *transportReader - fc *inFlow - wq *writeQuota - - // Callback to state application's intentions to read data. This - // is used to adjust flow control, if needed. - requestRead func(int) - state streamState + readRequester readRequester // contentSubtype is the content-subtype for requests. // this must be lowercase or the behavior is undefined. contentSubtype string trailer metadata.MD // the key-value map of trailer metadata. + + // Non-pointer fields are at the end to optimize GC performance. + state streamState + id uint32 + buf recvBuffer + trReader transportReader + fc inFlow + wq writeQuota +} + +// readRequester is used to state application's intentions to read data. This +// is used to adjust flow control, if needed. +type readRequester interface { + requestRead(int) } func (s *Stream) swapState(st streamState) streamState { @@ -355,7 +361,7 @@ func (s *Stream) ReadMessageHeader(header []byte) (err error) { if er := s.trReader.er; er != nil { return er } - s.requestRead(len(header)) + s.readRequester.requestRead(len(header)) for len(header) != 0 { n, err := s.trReader.ReadMessageHeader(header) header = header[n:] @@ -372,13 +378,29 @@ func (s *Stream) ReadMessageHeader(header []byte) (err error) { return nil } +// ceil returns the ceil after dividing the numerator and denominator while +// avoiding integer overflows. +func ceil(numerator, denominator int) int { + if numerator == 0 { + return 0 + } + return (numerator-1)/denominator + 1 +} + // Read reads n bytes from the wire for this stream. func (s *Stream) read(n int) (data mem.BufferSlice, err error) { // Don't request a read if there was an error earlier if er := s.trReader.er; er != nil { return nil, er } - s.requestRead(n) + // gRPC Go accepts data frames with a maximum length of 16KB. Larger + // messages must be split into multiple frames. We pre-allocate the + // buffer to avoid resizing during the read loop, but cap the initial + // capacity to 128 frames (2MB) to prevent over-allocation or panics + // when reading extremely large streams. + allocCap := min(ceil(n, http2MaxFrameLen), 128) + data = make(mem.BufferSlice, 0, allocCap) + s.readRequester.requestRead(n) for n != 0 { buf, err := s.trReader.Read(n) var bufLen int @@ -401,16 +423,34 @@ func (s *Stream) read(n int) (data mem.BufferSlice, err error) { return data, nil } +// noCopy may be embedded into structs which must not be copied +// after the first use. +// +// See https://golang.org/issues/8005#issuecomment-190753527 +// for details. +type noCopy struct { +} + +func (*noCopy) Lock() {} +func (*noCopy) Unlock() {} + // transportReader reads all the data available for this Stream from the transport and // passes them into the decoder, which converts them into a gRPC message stream. // The error is io.EOF when the stream is done or another non-nil error if // the stream broke. type transportReader struct { - reader *recvBufferReader + _ noCopy // The handler to control the window update procedure for both this // particular stream and the associated transport. - windowHandler func(int) + windowHandler windowHandler er error + reader recvBufferReader +} + +// The handler to control the window update procedure for both this +// particular stream and the associated transport. +type windowHandler interface { + updateWindow(int) } func (t *transportReader) ReadMessageHeader(header []byte) (int, error) { @@ -419,7 +459,7 @@ func (t *transportReader) ReadMessageHeader(header []byte) (int, error) { t.er = err return 0, err } - t.windowHandler(n) + t.windowHandler.updateWindow(n) return n, nil } @@ -429,7 +469,7 @@ func (t *transportReader) Read(n int) (mem.Buffer, error) { t.er = err return buf, err } - t.windowHandler(buf.Len()) + t.windowHandler.updateWindow(buf.Len()) return buf, nil } @@ -454,7 +494,7 @@ type ServerConfig struct { ConnectionTimeout time.Duration Credentials credentials.TransportCredentials InTapHandle tap.ServerInHandle - StatsHandlers []stats.Handler + StatsHandler stats.Handler KeepaliveParams keepalive.ServerParameters KeepalivePolicy keepalive.EnforcementPolicy InitialWindowSize int32 @@ -466,6 +506,7 @@ type ServerConfig struct { MaxHeaderListSize *uint32 HeaderTableSize *uint32 BufferPool mem.BufferPool + StaticWindowSize bool } // ConnectOptions covers all relevant options for communicating with the server. @@ -504,6 +545,8 @@ type ConnectOptions struct { MaxHeaderListSize *uint32 // The mem.BufferPool to use when reading/writing to the wire. BufferPool mem.BufferPool + // StaticWindowSize controls whether dynamic window sizing is enabled. + StaticWindowSize bool } // WriteOptions provides additional hints and information for message @@ -526,6 +569,12 @@ type CallHdr struct { // outbound message. SendCompress string + // AcceptedCompressors overrides the grpc-accept-encoding header for this + // call. When nil, the transport advertises the default set of registered + // compressors. A non-nil pointer overrides that value (including the empty + // string to advertise none). + AcceptedCompressors *string + // Creds specifies credentials.PerRPCCredentials for a call. Creds credentials.PerRPCCredentials @@ -540,6 +589,16 @@ type CallHdr struct { PreviousAttempts int // value of grpc-previous-rpc-attempts header to set DoneFunc func() // called when the stream is finished + + // Authority is used to explicitly override the `:authority` header. + // + // This value comes from one of two sources: + // 1. The `CallAuthority` call option, if specified by the user. + // 2. An override provided by the LB picker (e.g. xDS authority rewriting). + // + // The `CallAuthority` call option always takes precedence over the LB + // picker override. + Authority string } // ClientTransport is the common interface for all gRPC client-side transport @@ -558,7 +617,7 @@ type ClientTransport interface { GracefulClose() // NewStream creates a Stream for an RPC. - NewStream(ctx context.Context, callHdr *CallHdr) (*ClientStream, error) + NewStream(ctx context.Context, callHdr *CallHdr, handler stats.Handler) (*ClientStream, error) // Error returns a channel that is closed when some I/O error // happens. Typically the caller should have a goroutine to monitor @@ -576,8 +635,9 @@ type ClientTransport interface { // with a human readable string with debug info. GetGoAwayReason() (GoAwayReason, string) - // RemoteAddr returns the remote network address. - RemoteAddr() net.Addr + // Peer returns information about the peer associated with the Transport. + // The returned information includes authentication and network address details. + Peer() *peer.Peer } // ServerTransport is the common interface for all gRPC server-side transport @@ -607,6 +667,8 @@ type internalServerTransport interface { write(s *ServerStream, hdr []byte, data mem.BufferSlice, opts *WriteOptions) error writeStatus(s *ServerStream, st *status.Status) error incrMsgRecv() + adjustWindow(s *ServerStream, n uint32) + updateWindow(s *ServerStream, n uint32) } // connectionErrorf creates an ConnectionError with the specified error description. diff --git a/vendor/google.golang.org/grpc/mem/buffer_pool.go b/vendor/google.golang.org/grpc/mem/buffer_pool.go index c37c58c02..2ea763a49 100644 --- a/vendor/google.golang.org/grpc/mem/buffer_pool.go +++ b/vendor/google.golang.org/grpc/mem/buffer_pool.go @@ -32,12 +32,17 @@ type BufferPool interface { Get(length int) *[]byte // Put returns a buffer to the pool. + // + // The provided pointer must hold a prefix of the buffer obtained via + // BufferPool.Get to ensure the buffer's entire capacity can be re-used. Put(*[]byte) } +const goPageSize = 4 << 10 // 4KiB. N.B. this must be a power of 2. + var defaultBufferPoolSizes = []int{ 256, - 4 << 10, // 4KB (go page size) + goPageSize, 16 << 10, // 16KB (max HTTP/2 frame size used by gRPC) 32 << 10, // 32KB (default buffer size for io.Copy) 1 << 20, // 1MB @@ -48,7 +53,7 @@ var defaultBufferPool BufferPool func init() { defaultBufferPool = NewTieredBufferPool(defaultBufferPoolSizes...) - internal.SetDefaultBufferPoolForTesting = func(pool BufferPool) { + internal.SetDefaultBufferPool = func(pool BufferPool) { defaultBufferPool = pool } @@ -118,7 +123,11 @@ type sizedBufferPool struct { } func (p *sizedBufferPool) Get(size int) *[]byte { - buf := p.pool.Get().(*[]byte) + buf, ok := p.pool.Get().(*[]byte) + if !ok { + buf := make([]byte, size, p.defaultSize) + return &buf + } b := *buf clear(b[:cap(b)]) *buf = b[:size] @@ -137,12 +146,6 @@ func (p *sizedBufferPool) Put(buf *[]byte) { func newSizedBufferPool(size int) *sizedBufferPool { return &sizedBufferPool{ - pool: sync.Pool{ - New: func() any { - buf := make([]byte, size) - return &buf - }, - }, defaultSize: size, } } @@ -160,6 +163,7 @@ type simpleBufferPool struct { func (p *simpleBufferPool) Get(size int) *[]byte { bs, ok := p.pool.Get().(*[]byte) if ok && cap(*bs) >= size { + clear((*bs)[:cap(*bs)]) *bs = (*bs)[:size] return bs } @@ -170,7 +174,14 @@ func (p *simpleBufferPool) Get(size int) *[]byte { p.pool.Put(bs) } - b := make([]byte, size) + // If we're going to allocate, round up to the nearest page. This way if + // requests frequently arrive with small variation we don't allocate + // repeatedly if we get unlucky and they increase over time. By default we + // only allocate here if size > 1MiB. Because goPageSize is a power of 2, we + // can round up efficiently. + allocSize := (size + goPageSize - 1) & ^(goPageSize - 1) + + b := make([]byte, size, allocSize) return &b } diff --git a/vendor/google.golang.org/grpc/mem/buffer_slice.go b/vendor/google.golang.org/grpc/mem/buffer_slice.go index 65002e2cc..084fb19c6 100644 --- a/vendor/google.golang.org/grpc/mem/buffer_slice.go +++ b/vendor/google.golang.org/grpc/mem/buffer_slice.go @@ -19,6 +19,7 @@ package mem import ( + "fmt" "io" ) @@ -117,47 +118,53 @@ func (s BufferSlice) MaterializeToBuffer(pool BufferPool) Buffer { // Reader returns a new Reader for the input slice after taking references to // each underlying buffer. -func (s BufferSlice) Reader() Reader { +func (s BufferSlice) Reader() *Reader { s.Ref() - return &sliceReader{ + return &Reader{ data: s, len: s.Len(), } } // Reader exposes a BufferSlice's data as an io.Reader, allowing it to interface -// with other parts systems. It also provides an additional convenience method -// Remaining(), which returns the number of unread bytes remaining in the slice. +// with other systems. +// // Buffers will be freed as they are read. -type Reader interface { - io.Reader - io.ByteReader - // Close frees the underlying BufferSlice and never returns an error. Subsequent - // calls to Read will return (0, io.EOF). - Close() error - // Remaining returns the number of unread bytes remaining in the slice. - Remaining() int -} - -type sliceReader struct { +// +// A Reader can be constructed from a BufferSlice; alternatively the zero value +// of a Reader may be used after calling Reset on it. +type Reader struct { data BufferSlice len int // The index into data[0].ReadOnlyData(). bufferIdx int } -func (r *sliceReader) Remaining() int { +// Remaining returns the number of unread bytes remaining in the slice. +func (r *Reader) Remaining() int { return r.len } -func (r *sliceReader) Close() error { +// Reset frees the currently held buffer slice and starts reading from the +// provided slice. This allows reusing the reader object. +func (r *Reader) Reset(s BufferSlice) { + r.data.Free() + s.Ref() + r.data = s + r.len = s.Len() + r.bufferIdx = 0 +} + +// Close frees the underlying BufferSlice and never returns an error. Subsequent +// calls to Read will return (0, io.EOF). +func (r *Reader) Close() error { r.data.Free() r.data = nil r.len = 0 return nil } -func (r *sliceReader) freeFirstBufferIfEmpty() bool { +func (r *Reader) freeFirstBufferIfEmpty() bool { if len(r.data) == 0 || r.bufferIdx != len(r.data[0].ReadOnlyData()) { return false } @@ -168,7 +175,7 @@ func (r *sliceReader) freeFirstBufferIfEmpty() bool { return true } -func (r *sliceReader) Read(buf []byte) (n int, _ error) { +func (r *Reader) Read(buf []byte) (n int, _ error) { if r.len == 0 { return 0, io.EOF } @@ -191,7 +198,8 @@ func (r *sliceReader) Read(buf []byte) (n int, _ error) { return n, nil } -func (r *sliceReader) ReadByte() (byte, error) { +// ReadByte reads a single byte. +func (r *Reader) ReadByte() (byte, error) { if r.len == 0 { return 0, io.EOF } @@ -279,3 +287,59 @@ nextBuffer: } } } + +// Discard skips the next n bytes, returning the number of bytes discarded. +// +// It frees buffers as they are fully consumed. +// +// If Discard skips fewer than n bytes, it also returns an error. +func (r *Reader) Discard(n int) (discarded int, err error) { + total := n + for n > 0 && r.len > 0 { + curData := r.data[0].ReadOnlyData() + curSize := min(n, len(curData)-r.bufferIdx) + n -= curSize + r.len -= curSize + r.bufferIdx += curSize + if r.bufferIdx >= len(curData) { + r.data[0].Free() + r.data = r.data[1:] + r.bufferIdx = 0 + } + } + discarded = total - n + if n > 0 { + return discarded, fmt.Errorf("insufficient bytes in reader") + } + return discarded, nil +} + +// Peek returns the next n bytes without advancing the reader. +// +// Peek appends results to the provided res slice and returns the updated slice. +// This pattern allows re-using the storage of res if it has sufficient +// capacity. +// +// The returned subslices are views into the underlying buffers and are only +// valid until the reader is advanced past the corresponding buffer. +// +// If Peek returns fewer than n bytes, it also returns an error. +func (r *Reader) Peek(n int, res [][]byte) ([][]byte, error) { + for i := 0; n > 0 && i < len(r.data); i++ { + curData := r.data[i].ReadOnlyData() + start := 0 + if i == 0 { + start = r.bufferIdx + } + curSize := min(n, len(curData)-start) + if curSize == 0 { + continue + } + res = append(res, curData[start:start+curSize]) + n -= curSize + } + if n > 0 { + return nil, fmt.Errorf("insufficient bytes in reader") + } + return res, nil +} diff --git a/vendor/google.golang.org/grpc/mem/buffers.go b/vendor/google.golang.org/grpc/mem/buffers.go index ecbf0b9a7..db1620e6a 100644 --- a/vendor/google.golang.org/grpc/mem/buffers.go +++ b/vendor/google.golang.org/grpc/mem/buffers.go @@ -62,7 +62,6 @@ var ( bufferPoolingThreshold = 1 << 10 bufferObjectPool = sync.Pool{New: func() any { return new(buffer) }} - refObjectPool = sync.Pool{New: func() any { return new(atomic.Int32) }} ) // IsBelowBufferPoolingThreshold returns true if the given size is less than or @@ -73,9 +72,19 @@ func IsBelowBufferPoolingThreshold(size int) bool { } type buffer struct { + refs atomic.Int32 + data []byte + + // rootBuf is the buffer responsible for returning origData to the pool + // once the reference count drops to 0. + // + // When a buffer is split, the new buffer inherits the rootBuf of the + // original and increments the root's reference count. For the + // initial buffer (the root), this field points to itself. + rootBuf *buffer + + // The following fields are only set for root buffers. origData *[]byte - data []byte - refs *atomic.Int32 pool BufferPool } @@ -103,8 +112,8 @@ func NewBuffer(data *[]byte, pool BufferPool) Buffer { b.origData = data b.data = *data b.pool = pool - b.refs = refObjectPool.Get().(*atomic.Int32) - b.refs.Add(1) + b.rootBuf = b + b.refs.Store(1) return b } @@ -127,42 +136,44 @@ func Copy(data []byte, pool BufferPool) Buffer { } func (b *buffer) ReadOnlyData() []byte { - if b.refs == nil { + if b.rootBuf == nil { panic("Cannot read freed buffer") } return b.data } func (b *buffer) Ref() { - if b.refs == nil { + if b.refs.Add(1) <= 1 { panic("Cannot ref freed buffer") } - b.refs.Add(1) } func (b *buffer) Free() { - if b.refs == nil { + refs := b.refs.Add(-1) + if refs < 0 { panic("Cannot free freed buffer") } - - refs := b.refs.Add(-1) - switch { - case refs > 0: + if refs > 0 { return - case refs == 0: + } + + b.data = nil + if b.rootBuf == b { + // This buffer is the owner of the data slice and its ref count reached + // 0, free the slice. if b.pool != nil { b.pool.Put(b.origData) + b.pool = nil } - - refObjectPool.Put(b.refs) b.origData = nil - b.data = nil - b.refs = nil - b.pool = nil - bufferObjectPool.Put(b) - default: - panic("Cannot free freed buffer") + } else { + // This buffer doesn't own the data slice, decrement a ref on the root + // buffer. + b.rootBuf.Free() } + + b.rootBuf = nil + bufferObjectPool.Put(b) } func (b *buffer) Len() int { @@ -170,16 +181,14 @@ func (b *buffer) Len() int { } func (b *buffer) split(n int) (Buffer, Buffer) { - if b.refs == nil { + if b.rootBuf == nil || b.rootBuf.refs.Add(1) <= 1 { panic("Cannot split freed buffer") } - b.refs.Add(1) split := newBuffer() - split.origData = b.origData split.data = b.data[n:] - split.refs = b.refs - split.pool = b.pool + split.rootBuf = b.rootBuf + split.refs.Store(1) b.data = b.data[:n] @@ -187,7 +196,7 @@ func (b *buffer) split(n int) (Buffer, Buffer) { } func (b *buffer) read(buf []byte) (int, Buffer) { - if b.refs == nil { + if b.rootBuf == nil { panic("Cannot read freed buffer") } diff --git a/vendor/google.golang.org/grpc/picker_wrapper.go b/vendor/google.golang.org/grpc/picker_wrapper.go index a2d2a798d..aa52bfe95 100644 --- a/vendor/google.golang.org/grpc/picker_wrapper.go +++ b/vendor/google.golang.org/grpc/picker_wrapper.go @@ -29,7 +29,6 @@ import ( "google.golang.org/grpc/internal/channelz" istatus "google.golang.org/grpc/internal/status" "google.golang.org/grpc/internal/transport" - "google.golang.org/grpc/stats" "google.golang.org/grpc/status" ) @@ -48,14 +47,11 @@ type pickerGeneration struct { // actions and unblock when there's a picker update. type pickerWrapper struct { // If pickerGen holds a nil pointer, the pickerWrapper is closed. - pickerGen atomic.Pointer[pickerGeneration] - statsHandlers []stats.Handler // to record blocking picker calls + pickerGen atomic.Pointer[pickerGeneration] } -func newPickerWrapper(statsHandlers []stats.Handler) *pickerWrapper { - pw := &pickerWrapper{ - statsHandlers: statsHandlers, - } +func newPickerWrapper() *pickerWrapper { + pw := &pickerWrapper{} pw.pickerGen.Store(&pickerGeneration{ blockingCh: make(chan struct{}), }) @@ -93,6 +89,12 @@ func doneChannelzWrapper(acbw *acBalancerWrapper, result *balancer.PickResult) { } } +type pick struct { + transport transport.ClientTransport // the selected transport + result balancer.PickResult // the contents of the pick from the LB policy + blocked bool // set if a picker call queued for a new picker +} + // pick returns the transport that will be used for the RPC. // It may block in the following cases: // - there's no picker @@ -100,15 +102,16 @@ func doneChannelzWrapper(acbw *acBalancerWrapper, result *balancer.PickResult) { // - the current picker returns other errors and failfast is false. // - the subConn returned by the current picker is not READY // When one of these situations happens, pick blocks until the picker gets updated. -func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.PickInfo) (transport.ClientTransport, balancer.PickResult, error) { +func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.PickInfo) (pick, error) { var ch chan struct{} var lastPickErr error + pickBlocked := false for { pg := pw.pickerGen.Load() if pg == nil { - return nil, balancer.PickResult{}, ErrClientConnClosing + return pick{}, ErrClientConnClosing } if pg.picker == nil { ch = pg.blockingCh @@ -127,9 +130,9 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer. } switch ctx.Err() { case context.DeadlineExceeded: - return nil, balancer.PickResult{}, status.Error(codes.DeadlineExceeded, errStr) + return pick{}, status.Error(codes.DeadlineExceeded, errStr) case context.Canceled: - return nil, balancer.PickResult{}, status.Error(codes.Canceled, errStr) + return pick{}, status.Error(codes.Canceled, errStr) } case <-ch: } @@ -145,9 +148,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer. // In the second case, the only way it will get to this conditional is // if there is a new picker. if ch != nil { - for _, sh := range pw.statsHandlers { - sh.HandleRPC(ctx, &stats.PickerUpdated{}) - } + pickBlocked = true } ch = pg.blockingCh @@ -164,7 +165,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer. if istatus.IsRestrictedControlPlaneCode(st) { err = status.Errorf(codes.Internal, "received picker error with illegal status: %v", err) } - return nil, balancer.PickResult{}, dropError{error: err} + return pick{}, dropError{error: err} } // For all other errors, wait for ready RPCs should block and other // RPCs should fail with unavailable. @@ -172,7 +173,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer. lastPickErr = err continue } - return nil, balancer.PickResult{}, status.Error(codes.Unavailable, err.Error()) + return pick{}, status.Error(codes.Unavailable, err.Error()) } acbw, ok := pickResult.SubConn.(*acBalancerWrapper) @@ -183,9 +184,8 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer. if t := acbw.ac.getReadyTransport(); t != nil { if channelz.IsOn() { doneChannelzWrapper(acbw, &pickResult) - return t, pickResult, nil } - return t, pickResult, nil + return pick{transport: t, result: pickResult, blocked: pickBlocked}, nil } if pickResult.Done != nil { // Calling done with nil error, no bytes sent and no bytes received. diff --git a/vendor/google.golang.org/grpc/preloader.go b/vendor/google.golang.org/grpc/preloader.go index ee0ff969a..1e783febf 100644 --- a/vendor/google.golang.org/grpc/preloader.go +++ b/vendor/google.golang.org/grpc/preloader.go @@ -47,9 +47,6 @@ func (p *PreparedMsg) Encode(s Stream, msg any) error { } // check if the context has the relevant information to prepareMsg - if rpcInfo.preloaderInfo == nil { - return status.Errorf(codes.Internal, "grpc: rpcInfo.preloaderInfo is nil") - } if rpcInfo.preloaderInfo.codec == nil { return status.Errorf(codes.Internal, "grpc: rpcInfo.preloaderInfo.codec is nil") } diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go index b84ef26d4..598ed21a2 100644 --- a/vendor/google.golang.org/grpc/resolver/resolver.go +++ b/vendor/google.golang.org/grpc/resolver/resolver.go @@ -182,6 +182,7 @@ type BuildOptions struct { // An Endpoint is one network endpoint, or server, which may have multiple // addresses with which it can be accessed. +// TODO(i/8773) : make resolver.Endpoint and resolver.Address immutable type Endpoint struct { // Addresses contains a list of addresses used to access this endpoint. Addresses []Address @@ -332,6 +333,11 @@ type AuthorityOverrider interface { // OverrideAuthority returns the authority to use for a ClientConn with the // given target. The implementation must generate it without blocking, // typically in line, and must keep it unchanged. + // + // The returned string must be a valid ":authority" header value, i.e. be + // encoded according to + // [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2) as + // necessary. OverrideAuthority(Target) string } diff --git a/vendor/google.golang.org/grpc/resolver_wrapper.go b/vendor/google.golang.org/grpc/resolver_wrapper.go index 80e16a327..6e6137643 100644 --- a/vendor/google.golang.org/grpc/resolver_wrapper.go +++ b/vendor/google.golang.org/grpc/resolver_wrapper.go @@ -69,6 +69,7 @@ func (ccr *ccResolverWrapper) start() error { errCh := make(chan error) ccr.serializer.TrySchedule(func(ctx context.Context) { if ctx.Err() != nil { + errCh <- ctx.Err() return } opts := resolver.BuildOptions{ diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go index ad20e9dff..8160f9430 100644 --- a/vendor/google.golang.org/grpc/rpc_util.go +++ b/vendor/google.golang.org/grpc/rpc_util.go @@ -33,6 +33,8 @@ import ( "google.golang.org/grpc/credentials" "google.golang.org/grpc/encoding" "google.golang.org/grpc/encoding/proto" + "google.golang.org/grpc/internal" + "google.golang.org/grpc/internal/grpcutil" "google.golang.org/grpc/internal/transport" "google.golang.org/grpc/mem" "google.golang.org/grpc/metadata" @@ -41,6 +43,10 @@ import ( "google.golang.org/grpc/status" ) +func init() { + internal.AcceptCompressors = acceptCompressors +} + // Compressor defines the interface gRPC uses to compress a message. // // Deprecated: use package encoding. @@ -151,15 +157,32 @@ func (d *gzipDecompressor) Type() string { // callInfo contains all related configuration and information about an RPC. type callInfo struct { - compressorName string - failFast bool - maxReceiveMessageSize *int - maxSendMessageSize *int - creds credentials.PerRPCCredentials - contentSubtype string - codec baseCodec - maxRetryRPCBufferSize int - onFinish []func(err error) + compressorName string + failFast bool + maxReceiveMessageSize *int + maxSendMessageSize *int + creds credentials.PerRPCCredentials + contentSubtype string + codec baseCodec + maxRetryRPCBufferSize int + onFinish []func(err error) + authority string + acceptedResponseCompressors []string +} + +func acceptedCompressorAllows(allowed []string, name string) bool { + if allowed == nil { + return true + } + if name == "" || name == encoding.Identity { + return true + } + for _, a := range allowed { + if a == name { + return true + } + } + return false } func defaultCallInfo() *callInfo { @@ -169,6 +192,29 @@ func defaultCallInfo() *callInfo { } } +func newAcceptedCompressionConfig(names []string) ([]string, error) { + if len(names) == 0 { + return nil, nil + } + var allowed []string + seen := make(map[string]struct{}, len(names)) + for _, name := range names { + name = strings.TrimSpace(name) + if name == "" || name == encoding.Identity { + continue + } + if !grpcutil.IsCompressorNameRegistered(name) { + return nil, status.Errorf(codes.InvalidArgument, "grpc: compressor %q is not registered", name) + } + if _, dup := seen[name]; dup { + continue + } + seen[name] = struct{}{} + allowed = append(allowed, name) + } + return allowed, nil +} + // CallOption configures a Call before it starts or extracts information from // a Call after it completes. type CallOption interface { @@ -365,6 +411,36 @@ func (o MaxRecvMsgSizeCallOption) before(c *callInfo) error { } func (o MaxRecvMsgSizeCallOption) after(*callInfo, *csAttempt) {} +// CallAuthority returns a CallOption that sets the HTTP/2 :authority header of +// an RPC to the specified value. When using CallAuthority, the credentials in +// use must implement the AuthorityValidator interface. +// +// # Experimental +// +// Notice: This API is EXPERIMENTAL and may be changed or removed in a later +// release. +func CallAuthority(authority string) CallOption { + return AuthorityOverrideCallOption{Authority: authority} +} + +// AuthorityOverrideCallOption is a CallOption that indicates the HTTP/2 +// :authority header value to use for the call. +// +// # Experimental +// +// Notice: This type is EXPERIMENTAL and may be changed or removed in a later +// release. +type AuthorityOverrideCallOption struct { + Authority string +} + +func (o AuthorityOverrideCallOption) before(c *callInfo) error { + c.authority = o.Authority + return nil +} + +func (o AuthorityOverrideCallOption) after(*callInfo, *csAttempt) {} + // MaxCallSendMsgSize returns a CallOption which sets the maximum message size // in bytes the client can send. If this is not set, gRPC uses the default // `math.MaxInt32`. @@ -440,6 +516,31 @@ func (o CompressorCallOption) before(c *callInfo) error { } func (o CompressorCallOption) after(*callInfo, *csAttempt) {} +// acceptCompressors returns a CallOption that limits the compression algorithms +// advertised in the grpc-accept-encoding header for response messages. +// Compression algorithms not in the provided list will not be advertised, and +// responses compressed with non-listed algorithms will be rejected. +func acceptCompressors(names ...string) CallOption { + cp := append([]string(nil), names...) + return acceptCompressorsCallOption{names: cp} +} + +// acceptCompressorsCallOption is a CallOption that limits response compression. +type acceptCompressorsCallOption struct { + names []string +} + +func (o acceptCompressorsCallOption) before(c *callInfo) error { + allowed, err := newAcceptedCompressionConfig(o.names) + if err != nil { + return err + } + c.acceptedResponseCompressors = allowed + return nil +} + +func (acceptCompressorsCallOption) after(*callInfo, *csAttempt) {} + // CallContentSubtype returns a CallOption that will set the content-subtype // for a call. For example, if content-subtype is "json", the Content-Type over // the wire will be "application/grpc+json". The content-subtype is converted @@ -626,8 +727,20 @@ type streamReader interface { Read(n int) (mem.BufferSlice, error) } +// noCopy may be embedded into structs which must not be copied +// after the first use. +// +// See https://golang.org/issues/8005#issuecomment-190753527 +// for details. +type noCopy struct { +} + +func (*noCopy) Lock() {} +func (*noCopy) Unlock() {} + // parser reads complete gRPC messages from the underlying reader. type parser struct { + _ noCopy // r is the underlying reader. // See the comment on recvMsg for the permissible // error types. @@ -814,8 +927,7 @@ func (p *payloadInfo) free() { // the buffer is no longer needed. // TODO: Refactor this function to reduce the number of arguments. // See: https://google.github.io/styleguide/go/best-practices.html#function-argument-lists -func recvAndDecompress(p *parser, s recvCompressor, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor, isServer bool, -) (out mem.BufferSlice, err error) { +func recvAndDecompress(p *parser, s recvCompressor, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor, isServer bool) (out mem.BufferSlice, err error) { pf, compressed, err := p.recvMsg(maxReceiveMessageSize) if err != nil { return nil, err @@ -918,7 +1030,7 @@ func recv(p *parser, c baseCodec, s recvCompressor, dc Decompressor, m any, maxR // Information about RPC type rpcInfo struct { failfast bool - preloaderInfo *compressorInfo + preloaderInfo compressorInfo } // Information about Preloader @@ -937,7 +1049,7 @@ type rpcInfoContextKey struct{} func newContextWithRPCInfo(ctx context.Context, failfast bool, codec baseCodec, cp Compressor, comp encoding.Compressor) context.Context { return context.WithValue(ctx, rpcInfoContextKey{}, &rpcInfo{ failfast: failfast, - preloaderInfo: &compressorInfo{ + preloaderInfo: compressorInfo{ codec: codec, cp: cp, comp: comp, diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go index 976e70ae0..8efb29a7b 100644 --- a/vendor/google.golang.org/grpc/server.go +++ b/vendor/google.golang.org/grpc/server.go @@ -42,6 +42,7 @@ import ( "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/binarylog" "google.golang.org/grpc/internal/channelz" + "google.golang.org/grpc/internal/envconfig" "google.golang.org/grpc/internal/grpcsync" "google.golang.org/grpc/internal/grpcutil" istats "google.golang.org/grpc/internal/stats" @@ -124,7 +125,8 @@ type serviceInfo struct { // Server is a gRPC server to serve RPC requests. type Server struct { - opts serverOptions + opts serverOptions + statsHandler stats.Handler mu sync.Mutex // guards following lis map[net.Listener]bool @@ -148,6 +150,8 @@ type Server struct { serverWorkerChannel chan func() serverWorkerChannelClose func() + + strictPathCheckingLogEmitted atomic.Bool } type serverOptions struct { @@ -179,6 +183,7 @@ type serverOptions struct { numServerWorkers uint32 bufferPool mem.BufferPool waitForHandlers bool + staticWindowSize bool } var defaultServerOptions = serverOptions{ @@ -279,6 +284,7 @@ func ReadBufferSize(s int) ServerOption { func InitialWindowSize(s int32) ServerOption { return newFuncServerOption(func(o *serverOptions) { o.initialWindowSize = s + o.staticWindowSize = true }) } @@ -287,6 +293,29 @@ func InitialWindowSize(s int32) ServerOption { func InitialConnWindowSize(s int32) ServerOption { return newFuncServerOption(func(o *serverOptions) { o.initialConnWindowSize = s + o.staticWindowSize = true + }) +} + +// StaticStreamWindowSize returns a ServerOption to set the initial stream +// window size to the value provided and disables dynamic flow control. +// The lower bound for window size is 64K and any value smaller than that +// will be ignored. +func StaticStreamWindowSize(s int32) ServerOption { + return newFuncServerOption(func(o *serverOptions) { + o.initialWindowSize = s + o.staticWindowSize = true + }) +} + +// StaticConnWindowSize returns a ServerOption to set the initial connection +// window size to the value provided and disables dynamic flow control. +// The lower bound for window size is 64K and any value smaller than that +// will be ignored. +func StaticConnWindowSize(s int32) ServerOption { + return newFuncServerOption(func(o *serverOptions) { + o.initialConnWindowSize = s + o.staticWindowSize = true }) } @@ -667,13 +696,14 @@ func NewServer(opt ...ServerOption) *Server { o.apply(&opts) } s := &Server{ - lis: make(map[net.Listener]bool), - opts: opts, - conns: make(map[string]map[transport.ServerTransport]bool), - services: make(map[string]*serviceInfo), - quit: grpcsync.NewEvent(), - done: grpcsync.NewEvent(), - channelz: channelz.RegisterServer(""), + lis: make(map[net.Listener]bool), + opts: opts, + statsHandler: istats.NewCombinedHandler(opts.statsHandlers...), + conns: make(map[string]map[transport.ServerTransport]bool), + services: make(map[string]*serviceInfo), + quit: grpcsync.NewEvent(), + done: grpcsync.NewEvent(), + channelz: channelz.RegisterServer(""), } chainUnaryServerInterceptors(s) chainStreamServerInterceptors(s) @@ -896,9 +926,7 @@ func (s *Server) Serve(lis net.Listener) error { tempDelay = 5 * time.Millisecond } else { tempDelay *= 2 - } - if max := 1 * time.Second; tempDelay > max { - tempDelay = max + tempDelay = min(tempDelay, 1*time.Second) } s.mu.Lock() s.printf("Accept error: %v; retrying in %v", err, tempDelay) @@ -974,7 +1002,7 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport { ConnectionTimeout: s.opts.connectionTimeout, Credentials: s.opts.creds, InTapHandle: s.opts.inTapHandle, - StatsHandlers: s.opts.statsHandlers, + StatsHandler: s.statsHandler, KeepaliveParams: s.opts.keepaliveParams, KeepalivePolicy: s.opts.keepalivePolicy, InitialWindowSize: s.opts.initialWindowSize, @@ -986,6 +1014,7 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport { MaxHeaderListSize: s.opts.maxHeaderListSize, HeaderTableSize: s.opts.headerTableSize, BufferPool: s.opts.bufferPool, + StaticWindowSize: s.opts.staticWindowSize, } st, err := transport.NewServerTransport(c, config) if err != nil { @@ -1010,18 +1039,18 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport { func (s *Server) serveStreams(ctx context.Context, st transport.ServerTransport, rawConn net.Conn) { ctx = transport.SetConnection(ctx, rawConn) ctx = peer.NewContext(ctx, st.Peer()) - for _, sh := range s.opts.statsHandlers { - ctx = sh.TagConn(ctx, &stats.ConnTagInfo{ + if s.statsHandler != nil { + ctx = s.statsHandler.TagConn(ctx, &stats.ConnTagInfo{ RemoteAddr: st.Peer().Addr, LocalAddr: st.Peer().LocalAddr, }) - sh.HandleConn(ctx, &stats.ConnBegin{}) + s.statsHandler.HandleConn(ctx, &stats.ConnBegin{}) } defer func() { st.Close(errors.New("finished serving streams for the server transport")) - for _, sh := range s.opts.statsHandlers { - sh.HandleConn(ctx, &stats.ConnEnd{}) + if s.statsHandler != nil { + s.statsHandler.HandleConn(ctx, &stats.ConnEnd{}) } }() @@ -1078,7 +1107,7 @@ var _ http.Handler = (*Server)(nil) // Notice: This API is EXPERIMENTAL and may be changed or removed in a // later release. func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { - st, err := transport.NewServerHandlerTransport(w, r, s.opts.statsHandlers, s.opts.bufferPool) + st, err := transport.NewServerHandlerTransport(w, r, s.statsHandler, s.opts.bufferPool) if err != nil { // Errors returned from transport.NewServerHandlerTransport have // already been written to w. @@ -1172,12 +1201,8 @@ func (s *Server) sendResponse(ctx context.Context, stream *transport.ServerStrea return status.Errorf(codes.ResourceExhausted, "grpc: trying to send message larger than max (%d vs. %d)", payloadLen, s.opts.maxSendMessageSize) } err = stream.Write(hdr, payload, opts) - if err == nil { - if len(s.opts.statsHandlers) != 0 { - for _, sh := range s.opts.statsHandlers { - sh.HandleRPC(ctx, outPayload(false, msg, dataLen, payloadLen, time.Now())) - } - } + if err == nil && s.statsHandler != nil { + s.statsHandler.HandleRPC(ctx, outPayload(false, msg, dataLen, payloadLen, time.Now())) } return err } @@ -1219,16 +1244,15 @@ func getChainUnaryHandler(interceptors []UnaryServerInterceptor, curr int, info } func (s *Server) processUnaryRPC(ctx context.Context, stream *transport.ServerStream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) { - shs := s.opts.statsHandlers - if len(shs) != 0 || trInfo != nil || channelz.IsOn() { + sh := s.statsHandler + if sh != nil || trInfo != nil || channelz.IsOn() { if channelz.IsOn() { s.incrCallsStarted() } var statsBegin *stats.Begin - for _, sh := range shs { - beginTime := time.Now() + if sh != nil { statsBegin = &stats.Begin{ - BeginTime: beginTime, + BeginTime: time.Now(), IsClientStream: false, IsServerStream: false, } @@ -1256,7 +1280,7 @@ func (s *Server) processUnaryRPC(ctx context.Context, stream *transport.ServerSt trInfo.tr.Finish() } - for _, sh := range shs { + if sh != nil { end := &stats.End{ BeginTime: statsBegin.BeginTime, EndTime: time.Now(), @@ -1353,7 +1377,7 @@ func (s *Server) processUnaryRPC(ctx context.Context, stream *transport.ServerSt } var payInfo *payloadInfo - if len(shs) != 0 || len(binlogs) != 0 { + if sh != nil || len(binlogs) != 0 { payInfo = &payloadInfo{} defer payInfo.free() } @@ -1379,7 +1403,7 @@ func (s *Server) processUnaryRPC(ctx context.Context, stream *transport.ServerSt return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err) } - for _, sh := range shs { + if sh != nil { sh.HandleRPC(ctx, &stats.InPayload{ RecvTime: time.Now(), Payload: v, @@ -1553,32 +1577,30 @@ func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.Serv if channelz.IsOn() { s.incrCallsStarted() } - shs := s.opts.statsHandlers + sh := s.statsHandler var statsBegin *stats.Begin - if len(shs) != 0 { - beginTime := time.Now() + if sh != nil { statsBegin = &stats.Begin{ - BeginTime: beginTime, + BeginTime: time.Now(), IsClientStream: sd.ClientStreams, IsServerStream: sd.ServerStreams, } - for _, sh := range shs { - sh.HandleRPC(ctx, statsBegin) - } + sh.HandleRPC(ctx, statsBegin) } ctx = NewContextWithServerTransportStream(ctx, stream) ss := &serverStream{ ctx: ctx, s: stream, - p: &parser{r: stream, bufferPool: s.opts.bufferPool}, + p: parser{r: stream, bufferPool: s.opts.bufferPool}, codec: s.getCodec(stream.ContentSubtype()), + desc: sd, maxReceiveMessageSize: s.opts.maxReceiveMessageSize, maxSendMessageSize: s.opts.maxSendMessageSize, trInfo: trInfo, - statsHandler: shs, + statsHandler: sh, } - if len(shs) != 0 || trInfo != nil || channelz.IsOn() { + if sh != nil || trInfo != nil || channelz.IsOn() { // See comment in processUnaryRPC on defers. defer func() { if trInfo != nil { @@ -1592,7 +1614,7 @@ func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.Serv ss.mu.Unlock() } - if len(shs) != 0 { + if sh != nil { end := &stats.End{ BeginTime: statsBegin.BeginTime, EndTime: time.Now(), @@ -1600,9 +1622,7 @@ func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.Serv if err != nil && err != io.EOF { end.Error = toRPCErr(err) } - for _, sh := range shs { - sh.HandleRPC(ctx, end) - } + sh.HandleRPC(ctx, end) } if channelz.IsOn() { @@ -1745,6 +1765,24 @@ func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.Serv return ss.s.WriteStatus(statusOK) } +func (s *Server) handleMalformedMethodName(stream *transport.ServerStream, ti *traceInfo) { + if ti != nil { + ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{stream.Method()}}, true) + ti.tr.SetError() + } + errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) + if err := stream.WriteStatus(status.New(codes.Unimplemented, errDesc)); err != nil { + if ti != nil { + ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) + ti.tr.SetError() + } + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream failed to write status: %v", err) + } + if ti != nil { + ti.tr.Finish() + } +} + func (s *Server) handleStream(t transport.ServerTransport, stream *transport.ServerStream) { ctx := stream.Context() ctx = contextWithServer(ctx, s) @@ -1765,45 +1803,47 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Ser } sm := stream.Method() - if sm != "" && sm[0] == '/' { + if sm == "" { + s.handleMalformedMethodName(stream, ti) + return + } + if sm[0] != '/' { + // TODO(easwars): Add a link to the CVE in the below log messages once + // published. + if envconfig.DisableStrictPathChecking { + if old := s.strictPathCheckingLogEmitted.Swap(true); !old { + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream received malformed method name %q. Allowing it because the environment variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING is set to true, but this option will be removed in a future release.", sm) + } + } else { + if old := s.strictPathCheckingLogEmitted.Swap(true); !old { + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream rejected malformed method name %q. To temporarily allow such requests, set the environment variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING to true. Note that this is not recommended as it may allow requests to bypass security policies.", sm) + } + s.handleMalformedMethodName(stream, ti) + return + } + } else { sm = sm[1:] } pos := strings.LastIndex(sm, "/") if pos == -1 { - if ti != nil { - ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{sm}}, true) - ti.tr.SetError() - } - errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) - if err := stream.WriteStatus(status.New(codes.Unimplemented, errDesc)); err != nil { - if ti != nil { - ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) - ti.tr.SetError() - } - channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream failed to write status: %v", err) - } - if ti != nil { - ti.tr.Finish() - } + s.handleMalformedMethodName(stream, ti) return } service := sm[:pos] method := sm[pos+1:] // FromIncomingContext is expensive: skip if there are no statsHandlers - if len(s.opts.statsHandlers) > 0 { + if s.statsHandler != nil { md, _ := metadata.FromIncomingContext(ctx) - for _, sh := range s.opts.statsHandlers { - ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: stream.Method()}) - sh.HandleRPC(ctx, &stats.InHeader{ - FullMethod: stream.Method(), - RemoteAddr: t.Peer().Addr, - LocalAddr: t.Peer().LocalAddr, - Compression: stream.RecvCompress(), - WireLength: stream.HeaderWireLength(), - Header: md, - }) - } + ctx = s.statsHandler.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: stream.Method()}) + s.statsHandler.HandleRPC(ctx, &stats.InHeader{ + FullMethod: stream.Method(), + RemoteAddr: t.Peer().Addr, + LocalAddr: t.Peer().LocalAddr, + Compression: stream.RecvCompress(), + WireLength: stream.HeaderWireLength(), + Header: md, + }) } // To have calls in stream callouts work. Will delete once all stats handler // calls come from the gRPC layer. diff --git a/vendor/google.golang.org/grpc/stats/handlers.go b/vendor/google.golang.org/grpc/stats/handlers.go index dc03731e4..67194a592 100644 --- a/vendor/google.golang.org/grpc/stats/handlers.go +++ b/vendor/google.golang.org/grpc/stats/handlers.go @@ -38,6 +38,15 @@ type RPCTagInfo struct { // FailFast indicates if this RPC is failfast. // This field is only valid on client side, it's always false on server side. FailFast bool + // NameResolutionDelay indicates if the RPC needed to wait for the + // initial name resolver update before it could begin. This should only + // happen if the channel is IDLE when the RPC is started. Note that + // all retry or hedging attempts for an RPC that experienced a delay + // will have it set. + // + // This field is only valid on the client side; it is always false on + // the server side. + NameResolutionDelay bool } // Handler defines the interface for the related stats handling (e.g., RPCs, connections). diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go index baf7740ef..10bf998aa 100644 --- a/vendor/google.golang.org/grpc/stats/stats.go +++ b/vendor/google.golang.org/grpc/stats/stats.go @@ -64,15 +64,21 @@ func (s *Begin) IsClient() bool { return s.Client } func (s *Begin) isRPCStats() {} -// PickerUpdated indicates that the LB policy provided a new picker while the -// RPC was waiting for one. -type PickerUpdated struct{} +// DelayedPickComplete indicates that the RPC is unblocked following a delay in +// selecting a connection for the call. +type DelayedPickComplete struct{} -// IsClient indicates if the stats information is from client side. Only Client -// Side interfaces with a Picker, thus always returns true. -func (*PickerUpdated) IsClient() bool { return true } +// IsClient indicates DelayedPickComplete is available on the client. +func (*DelayedPickComplete) IsClient() bool { return true } -func (*PickerUpdated) isRPCStats() {} +func (*DelayedPickComplete) isRPCStats() {} + +// PickerUpdated indicates that the RPC is unblocked following a delay in +// selecting a connection for the call. +// +// Deprecated: will be removed in a future release; use DelayedPickComplete +// instead. +type PickerUpdated = DelayedPickComplete // InPayload contains stats about an incoming payload. type InPayload struct { diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index 12163150b..eedb5f9b9 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -25,6 +25,7 @@ import ( "math" rand "math/rand/v2" "strconv" + "strings" "sync" "time" @@ -51,7 +52,8 @@ import ( var metadataFromOutgoingContextRaw = internal.FromOutgoingContextRaw.(func(context.Context) (metadata.MD, [][]string, bool)) // StreamHandler defines the handler called by gRPC server to complete the -// execution of a streaming RPC. +// execution of a streaming RPC. srv is the service implementation on which the +// RPC was invoked. // // If a StreamHandler returns an error, it should either be produced by the // status package, or be one of the context errors. Otherwise, gRPC will use @@ -101,9 +103,9 @@ type ClientStream interface { // It must only be called after stream.CloseAndRecv has returned, or // stream.Recv has returned a non-nil error (including io.EOF). Trailer() metadata.MD - // CloseSend closes the send direction of the stream. It closes the stream - // when non-nil error is met. It is also not safe to call CloseSend - // concurrently with SendMsg. + // CloseSend closes the send direction of the stream. This method always + // returns a nil error. The status of the stream may be discovered using + // RecvMsg. It is also not safe to call CloseSend concurrently with SendMsg. CloseSend() error // Context returns the context for this stream. // @@ -177,13 +179,43 @@ func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth return cc.NewStream(ctx, desc, method, opts...) } +var emptyMethodConfig = serviceconfig.MethodConfig{} + +// endOfClientStream performs cleanup actions required for both successful and +// failed streams. This includes incrementing channelz stats and invoking all +// registered OnFinish call options. +func endOfClientStream(cc *ClientConn, err error, opts ...CallOption) { + if channelz.IsOn() { + if err != nil { + cc.incrCallsFailed() + } else { + cc.incrCallsSucceeded() + } + } + + for _, o := range opts { + if o, ok := o.(OnFinishCallOption); ok { + o.OnFinish(err) + } + } +} + func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (_ ClientStream, err error) { + if channelz.IsOn() { + cc.incrCallsStarted() + } + defer func() { + if err != nil { + // Ensure cleanup when stream creation fails. + endOfClientStream(cc, err, opts...) + } + }() + // Start tracking the RPC for idleness purposes. This is where a stream is // created for both streaming and unary RPCs, and hence is a good place to // track active RPC count. - if err := cc.idlenessMgr.OnCallBegin(); err != nil { - return nil, err - } + cc.idlenessMgr.OnCallBegin() + // Add a calloption, to decrement the active call count, that gets executed // when the RPC completes. opts = append([]CallOption{OnFinish(func(error) { cc.idlenessMgr.OnCallEnd() })}, opts...) @@ -202,24 +234,17 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth } } } - if channelz.IsOn() { - cc.incrCallsStarted() - defer func() { - if err != nil { - cc.incrCallsFailed() - } - }() - } // Provide an opportunity for the first RPC to see the first service config // provided by the resolver. - if err := cc.waitForResolvedAddrs(ctx); err != nil { + nameResolutionDelayed, err := cc.waitForResolvedAddrs(ctx) + if err != nil { return nil, err } - var mc serviceconfig.MethodConfig + mc := &emptyMethodConfig var onCommit func() newStream := func(ctx context.Context, done func()) (iresolver.ClientStream, error) { - return newClientStreamWithParams(ctx, desc, cc, method, mc, onCommit, done, opts...) + return newClientStreamWithParams(ctx, desc, cc, method, mc, onCommit, done, nameResolutionDelayed, opts...) } rpcInfo := iresolver.RPCInfo{Context: ctx, Method: method} @@ -239,7 +264,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth if rpcConfig.Context != nil { ctx = rpcConfig.Context } - mc = rpcConfig.MethodConfig + mc = &rpcConfig.MethodConfig onCommit = rpcConfig.OnCommitted if rpcConfig.Interceptor != nil { rpcInfo.Context = nil @@ -257,7 +282,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth return newStream(ctx, func() {}) } -func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, mc serviceconfig.MethodConfig, onCommit, doneFunc func(), opts ...CallOption) (_ iresolver.ClientStream, err error) { +func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, mc *serviceconfig.MethodConfig, onCommit, doneFunc func(), nameResolutionDelayed bool, opts ...CallOption) (_ iresolver.ClientStream, err error) { callInfo := defaultCallInfo() if mc.WaitForReady != nil { callInfo.failFast = !*mc.WaitForReady @@ -296,6 +321,11 @@ func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *Client Method: method, ContentSubtype: callInfo.contentSubtype, DoneFunc: doneFunc, + Authority: callInfo.authority, + } + if allowed := callInfo.acceptedResponseCompressors; len(allowed) > 0 { + headerValue := strings.Join(allowed, ",") + callHdr.AcceptedCompressors = &headerValue } // Set our outgoing compression according to the UseCompressor CallOption, if @@ -321,19 +351,20 @@ func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *Client } cs := &clientStream{ - callHdr: callHdr, - ctx: ctx, - methodConfig: &mc, - opts: opts, - callInfo: callInfo, - cc: cc, - desc: desc, - codec: callInfo.codec, - compressorV0: compressorV0, - compressorV1: compressorV1, - cancel: cancel, - firstAttempt: true, - onCommit: onCommit, + callHdr: callHdr, + ctx: ctx, + methodConfig: mc, + opts: opts, + callInfo: callInfo, + cc: cc, + desc: desc, + codec: callInfo.codec, + compressorV0: compressorV0, + compressorV1: compressorV1, + cancel: cancel, + firstAttempt: true, + onCommit: onCommit, + nameResolutionDelay: nameResolutionDelayed, } if !cc.dopts.disableRetry { cs.retryThrottler = cc.retryThrottler.Load().(*retryThrottler) @@ -415,19 +446,21 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error) ctx := newContextWithRPCInfo(cs.ctx, cs.callInfo.failFast, cs.callInfo.codec, cs.compressorV0, cs.compressorV1) method := cs.callHdr.Method var beginTime time.Time - shs := cs.cc.dopts.copts.StatsHandlers - for _, sh := range shs { - ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: method, FailFast: cs.callInfo.failFast}) + sh := cs.cc.statsHandler + if sh != nil { beginTime = time.Now() - begin := &stats.Begin{ + ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{ + FullMethodName: method, FailFast: cs.callInfo.failFast, + NameResolutionDelay: cs.nameResolutionDelay, + }) + sh.HandleRPC(ctx, &stats.Begin{ Client: true, BeginTime: beginTime, FailFast: cs.callInfo.failFast, IsClientStream: cs.desc.ClientStreams, IsServerStream: cs.desc.ServerStreams, IsTransparentRetryAttempt: isTransparent, - } - sh.HandleRPC(ctx, begin) + }) } var trInfo *traceInfo @@ -458,7 +491,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error) beginTime: beginTime, cs: cs, decompressorV0: cs.cc.dopts.dc, - statsHandlers: shs, + statsHandler: sh, trInfo: trInfo, }, nil } @@ -466,8 +499,9 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error) func (a *csAttempt) getTransport() error { cs := a.cs - var err error - a.transport, a.pickResult, err = cs.cc.getTransport(a.ctx, cs.callInfo.failFast, cs.callHdr.Method) + pickInfo := balancer.PickInfo{Ctx: a.ctx, FullMethodName: cs.callHdr.Method} + pick, err := cs.cc.pickerWrapper.pick(a.ctx, cs.callInfo.failFast, pickInfo) + a.transport, a.pickResult = pick.transport, pick.result if err != nil { if de, ok := err.(dropError); ok { err = de.error @@ -476,7 +510,10 @@ func (a *csAttempt) getTransport() error { return err } if a.trInfo != nil { - a.trInfo.firstLine.SetRemoteAddr(a.transport.RemoteAddr()) + a.trInfo.firstLine.SetRemoteAddr(a.transport.Peer().Addr) + } + if pick.blocked && a.statsHandler != nil { + a.statsHandler.HandleRPC(a.ctx, &stats.DelayedPickComplete{}) } return nil } @@ -501,9 +538,17 @@ func (a *csAttempt) newStream() error { md, _ := metadata.FromOutgoingContext(a.ctx) md = metadata.Join(md, a.pickResult.Metadata) a.ctx = metadata.NewOutgoingContext(a.ctx, md) - } - s, err := a.transport.NewStream(a.ctx, cs.callHdr) + // If the `CallAuthority` CallOption is not set, check if the LB picker + // has provided an authority override in the PickResult metadata and + // apply it, as specified in gRFC A81. + if cs.callInfo.authority == "" { + if authMD := a.pickResult.Metadata.Get(":authority"); len(authMD) > 0 { + cs.callHdr.Authority = authMD[0] + } + } + } + s, err := a.transport.NewStream(a.ctx, cs.callHdr, a.statsHandler) if err != nil { nse, ok := err.(*transport.NewStreamError) if !ok { @@ -520,7 +565,7 @@ func (a *csAttempt) newStream() error { } a.transportStream = s a.ctx = s.Context() - a.parser = &parser{r: s, bufferPool: a.cs.cc.dopts.copts.BufferPool} + a.parser = parser{r: s, bufferPool: a.cs.cc.dopts.copts.BufferPool} return nil } @@ -540,6 +585,8 @@ type clientStream struct { sentLast bool // sent an end stream + receivedFirstMsg bool // set after the first message is received + methodConfig *MethodConfig ctx context.Context // the application's context, wrapped by stats/tracing @@ -573,6 +620,9 @@ type clientStream struct { onCommit func() replayBuffer []replayOp // operations to replay on retry replayBufferSize int // current size of replayBuffer + // nameResolutionDelay indicates if there was a delay in the name resolution. + // This field is only valid on client side, it's always false on server side. + nameResolutionDelay bool } type replayOp struct { @@ -587,7 +637,7 @@ type csAttempt struct { cs *clientStream transport transport.ClientTransport transportStream *transport.ClientStream - parser *parser + parser parser pickResult balancer.PickResult finished bool @@ -601,8 +651,8 @@ type csAttempt struct { // and cleared when the finish method is called. trInfo *traceInfo - statsHandlers []stats.Handler - beginTime time.Time + statsHandler stats.Handler + beginTime time.Time // set for newStream errors that may be transparently retried allowTransparentRetry bool @@ -987,7 +1037,7 @@ func (cs *clientStream) RecvMsg(m any) error { func (cs *clientStream) CloseSend() error { if cs.sentLast { - // TODO: return an error and finish the stream instead, due to API misuse? + // Return a nil error on repeated calls to this method. return nil } cs.sentLast = true @@ -1008,7 +1058,10 @@ func (cs *clientStream) CloseSend() error { binlog.Log(cs.ctx, chc) } } - // We never returned an error here for reasons. + // We don't return an error here as we expect users to read all messages + // from the stream and get the RPC status from RecvMsg(). Note that + // SendMsg() must return an error when one occurs so the application + // knows to stop sending messages, but that does not apply here. return nil } @@ -1023,9 +1076,6 @@ func (cs *clientStream) finish(err error) { return } cs.finished = true - for _, onFinish := range cs.callInfo.onFinish { - onFinish(err) - } cs.commitAttemptLocked() if cs.attempt != nil { cs.attempt.finish(err) @@ -1065,13 +1115,7 @@ func (cs *clientStream) finish(err error) { if err == nil { cs.retryThrottler.successfulRPC() } - if channelz.IsOn() { - if err != nil { - cs.cc.incrCallsFailed() - } else { - cs.cc.incrCallsSucceeded() - } - } + endOfClientStream(cs.cc, err, cs.opts...) cs.cancel() } @@ -1093,17 +1137,15 @@ func (a *csAttempt) sendMsg(m any, hdr []byte, payld mem.BufferSlice, dataLength } return io.EOF } - if len(a.statsHandlers) != 0 { - for _, sh := range a.statsHandlers { - sh.HandleRPC(a.ctx, outPayload(true, m, dataLength, payloadLength, time.Now())) - } + if a.statsHandler != nil { + a.statsHandler.HandleRPC(a.ctx, outPayload(true, m, dataLength, payloadLength, time.Now())) } return nil } func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) { cs := a.cs - if len(a.statsHandlers) != 0 && payInfo == nil { + if a.statsHandler != nil && payInfo == nil { payInfo = &payloadInfo{} defer payInfo.free() } @@ -1117,6 +1159,10 @@ func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) { a.decompressorV0 = nil a.decompressorV1 = encoding.GetCompressor(ct) } + // Validate that the compression method is acceptable for this call. + if !acceptedCompressorAllows(cs.callInfo.acceptedResponseCompressors, ct) { + return status.Errorf(codes.Internal, "grpc: peer compressed the response with %q which is not allowed by AcceptCompressors", ct) + } } else { // No compression is used; disable our decompressor. a.decompressorV0 = nil @@ -1124,16 +1170,21 @@ func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) { // Only initialize this state once per stream. a.decompressorSet = true } - if err := recv(a.parser, cs.codec, a.transportStream, a.decompressorV0, m, *cs.callInfo.maxReceiveMessageSize, payInfo, a.decompressorV1, false); err != nil { + if err := recv(&a.parser, cs.codec, a.transportStream, a.decompressorV0, m, *cs.callInfo.maxReceiveMessageSize, payInfo, a.decompressorV1, false); err != nil { if err == io.EOF { if statusErr := a.transportStream.Status().Err(); statusErr != nil { return statusErr } + // Received no msg and status OK for non-server streaming rpcs. + if !cs.desc.ServerStreams && !cs.receivedFirstMsg { + return status.Error(codes.Internal, "cardinality violation: received no response message from non-server-streaming RPC") + } return io.EOF // indicates successful end of stream. } return toRPCErr(err) } + cs.receivedFirstMsg = true if a.trInfo != nil { a.mu.Lock() if a.trInfo.tr != nil { @@ -1141,8 +1192,8 @@ func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) { } a.mu.Unlock() } - for _, sh := range a.statsHandlers { - sh.HandleRPC(a.ctx, &stats.InPayload{ + if a.statsHandler != nil { + a.statsHandler.HandleRPC(a.ctx, &stats.InPayload{ Client: true, RecvTime: time.Now(), Payload: m, @@ -1157,12 +1208,12 @@ func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) { } // Special handling for non-server-stream rpcs. // This recv expects EOF or errors, so we don't collect inPayload. - if err := recv(a.parser, cs.codec, a.transportStream, a.decompressorV0, m, *cs.callInfo.maxReceiveMessageSize, nil, a.decompressorV1, false); err == io.EOF { + if err := recv(&a.parser, cs.codec, a.transportStream, a.decompressorV0, m, *cs.callInfo.maxReceiveMessageSize, nil, a.decompressorV1, false); err == io.EOF { return a.transportStream.Status().Err() // non-server streaming Recv returns nil on success } else if err != nil { return toRPCErr(err) } - return toRPCErr(errors.New("grpc: client streaming protocol violation: get , want ")) + return status.Error(codes.Internal, "cardinality violation: expected for non server-streaming RPCs, but received another message") } func (a *csAttempt) finish(err error) { @@ -1195,15 +1246,14 @@ func (a *csAttempt) finish(err error) { ServerLoad: balancerload.Parse(tr), }) } - for _, sh := range a.statsHandlers { - end := &stats.End{ + if a.statsHandler != nil { + a.statsHandler.HandleRPC(a.ctx, &stats.End{ Client: true, BeginTime: a.beginTime, EndTime: time.Now(), Trailer: tr, Error: err, - } - sh.HandleRPC(a.ctx, end) + }) } if a.trInfo != nil && a.trInfo.tr != nil { if err == nil { @@ -1300,16 +1350,18 @@ func newNonRetryClientStream(ctx context.Context, desc *StreamDesc, method strin codec: c.codec, sendCompressorV0: cp, sendCompressorV1: comp, + decompressorV0: ac.cc.dopts.dc, transport: t, } - s, err := as.transport.NewStream(as.ctx, as.callHdr) + // nil stats handler: internal streams like health and ORCA do not support telemetry. + s, err := as.transport.NewStream(as.ctx, as.callHdr, nil) if err != nil { err = toRPCErr(err) return nil, err } as.transportStream = s - as.parser = &parser{r: s, bufferPool: ac.dopts.copts.BufferPool} + as.parser = parser{r: s, bufferPool: ac.dopts.copts.BufferPool} ac.incrCallsStarted() if desc != unaryStreamDesc { // Listen on stream context to cleanup when the stream context is @@ -1344,6 +1396,7 @@ type addrConnStream struct { transport transport.ClientTransport ctx context.Context sentLast bool + receivedFirstMsg bool desc *StreamDesc codec baseCodec sendCompressorV0 Compressor @@ -1351,7 +1404,7 @@ type addrConnStream struct { decompressorSet bool decompressorV0 Decompressor decompressorV1 encoding.Compressor - parser *parser + parser parser // mu guards finished and is held for the entire finish method. mu sync.Mutex @@ -1372,7 +1425,7 @@ func (as *addrConnStream) Trailer() metadata.MD { func (as *addrConnStream) CloseSend() error { if as.sentLast { - // TODO: return an error and finish the stream instead, due to API misuse? + // Return a nil error on repeated calls to this method. return nil } as.sentLast = true @@ -1457,6 +1510,10 @@ func (as *addrConnStream) RecvMsg(m any) (err error) { as.decompressorV0 = nil as.decompressorV1 = encoding.GetCompressor(ct) } + // Validate that the compression method is acceptable for this call. + if !acceptedCompressorAllows(as.callInfo.acceptedResponseCompressors, ct) { + return status.Errorf(codes.Internal, "grpc: peer compressed the response with %q which is not allowed by AcceptCompressors", ct) + } } else { // No compression is used; disable our decompressor. as.decompressorV0 = nil @@ -1464,15 +1521,20 @@ func (as *addrConnStream) RecvMsg(m any) (err error) { // Only initialize this state once per stream. as.decompressorSet = true } - if err := recv(as.parser, as.codec, as.transportStream, as.decompressorV0, m, *as.callInfo.maxReceiveMessageSize, nil, as.decompressorV1, false); err != nil { + if err := recv(&as.parser, as.codec, as.transportStream, as.decompressorV0, m, *as.callInfo.maxReceiveMessageSize, nil, as.decompressorV1, false); err != nil { if err == io.EOF { if statusErr := as.transportStream.Status().Err(); statusErr != nil { return statusErr } + // Received no msg and status OK for non-server streaming rpcs. + if !as.desc.ServerStreams && !as.receivedFirstMsg { + return status.Error(codes.Internal, "cardinality violation: received no response message from non-server-streaming RPC") + } return io.EOF // indicates successful end of stream. } return toRPCErr(err) } + as.receivedFirstMsg = true if as.desc.ServerStreams { // Subsequent messages should be received by subsequent RecvMsg calls. @@ -1481,12 +1543,12 @@ func (as *addrConnStream) RecvMsg(m any) (err error) { // Special handling for non-server-stream rpcs. // This recv expects EOF or errors, so we don't collect inPayload. - if err := recv(as.parser, as.codec, as.transportStream, as.decompressorV0, m, *as.callInfo.maxReceiveMessageSize, nil, as.decompressorV1, false); err == io.EOF { + if err := recv(&as.parser, as.codec, as.transportStream, as.decompressorV0, m, *as.callInfo.maxReceiveMessageSize, nil, as.decompressorV1, false); err == io.EOF { return as.transportStream.Status().Err() // non-server streaming Recv returns nil on success } else if err != nil { return toRPCErr(err) } - return toRPCErr(errors.New("grpc: client streaming protocol violation: get , want ")) + return status.Error(codes.Internal, "cardinality violation: expected for non server-streaming RPCs, but received another message") } func (as *addrConnStream) finish(err error) { @@ -1569,8 +1631,9 @@ type ServerStream interface { type serverStream struct { ctx context.Context s *transport.ServerStream - p *parser + p parser codec baseCodec + desc *StreamDesc compressorV0 Compressor compressorV1 encoding.Compressor @@ -1579,11 +1642,13 @@ type serverStream struct { sendCompressorName string + recvFirstMsg bool // set after the first message is received + maxReceiveMessageSize int maxSendMessageSize int trInfo *traceInfo - statsHandler []stats.Handler + statsHandler stats.Handler binlogs []binarylog.MethodLogger // serverHeaderBinlogged indicates whether server header has been logged. It @@ -1719,10 +1784,8 @@ func (ss *serverStream) SendMsg(m any) (err error) { binlog.Log(ss.ctx, sm) } } - if len(ss.statsHandler) != 0 { - for _, sh := range ss.statsHandler { - sh.HandleRPC(ss.s.Context(), outPayload(false, m, dataLen, payloadLen, time.Now())) - } + if ss.statsHandler != nil { + ss.statsHandler.HandleRPC(ss.s.Context(), outPayload(false, m, dataLen, payloadLen, time.Now())) } return nil } @@ -1753,11 +1816,11 @@ func (ss *serverStream) RecvMsg(m any) (err error) { } }() var payInfo *payloadInfo - if len(ss.statsHandler) != 0 || len(ss.binlogs) != 0 { + if ss.statsHandler != nil || len(ss.binlogs) != 0 { payInfo = &payloadInfo{} defer payInfo.free() } - if err := recv(ss.p, ss.codec, ss.s, ss.decompressorV0, m, ss.maxReceiveMessageSize, payInfo, ss.decompressorV1, true); err != nil { + if err := recv(&ss.p, ss.codec, ss.s, ss.decompressorV0, m, ss.maxReceiveMessageSize, payInfo, ss.decompressorV1, true); err != nil { if err == io.EOF { if len(ss.binlogs) != 0 { chc := &binarylog.ClientHalfClose{} @@ -1765,6 +1828,10 @@ func (ss *serverStream) RecvMsg(m any) (err error) { binlog.Log(ss.ctx, chc) } } + // Received no request msg for non-client streaming rpcs. + if !ss.desc.ClientStreams && !ss.recvFirstMsg { + return status.Error(codes.Internal, "cardinality violation: received no request message from non-client-streaming RPC") + } return err } if err == io.ErrUnexpectedEOF { @@ -1772,16 +1839,15 @@ func (ss *serverStream) RecvMsg(m any) (err error) { } return toRPCErr(err) } - if len(ss.statsHandler) != 0 { - for _, sh := range ss.statsHandler { - sh.HandleRPC(ss.s.Context(), &stats.InPayload{ - RecvTime: time.Now(), - Payload: m, - Length: payInfo.uncompressedBytes.Len(), - WireLength: payInfo.compressedLength + headerLen, - CompressedLength: payInfo.compressedLength, - }) - } + ss.recvFirstMsg = true + if ss.statsHandler != nil { + ss.statsHandler.HandleRPC(ss.s.Context(), &stats.InPayload{ + RecvTime: time.Now(), + Payload: m, + Length: payInfo.uncompressedBytes.Len(), + WireLength: payInfo.compressedLength + headerLen, + CompressedLength: payInfo.compressedLength, + }) } if len(ss.binlogs) != 0 { cm := &binarylog.ClientMessage{ @@ -1791,7 +1857,19 @@ func (ss *serverStream) RecvMsg(m any) (err error) { binlog.Log(ss.ctx, cm) } } - return nil + + if ss.desc.ClientStreams { + // Subsequent messages should be received by subsequent RecvMsg calls. + return nil + } + // Special handling for non-client-stream rpcs. + // This recv expects EOF or errors, so we don't collect inPayload. + if err := recv(&ss.p, ss.codec, ss.s, ss.decompressorV0, m, ss.maxReceiveMessageSize, nil, ss.decompressorV1, true); err == io.EOF { + return nil + } else if err != nil { + return err + } + return status.Error(codes.Internal, "cardinality violation: received multiple request messages for non-client-streaming RPC") } // MethodFromServerStream returns the method string for the input stream. diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 2bae4db89..76c2eed77 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.72.2" +const Version = "1.79.3" diff --git a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go index e942bc983..743bfb81d 100644 --- a/vendor/google.golang.org/protobuf/encoding/protowire/wire.go +++ b/vendor/google.golang.org/protobuf/encoding/protowire/wire.go @@ -371,7 +371,31 @@ func ConsumeVarint(b []byte) (v uint64, n int) { func SizeVarint(v uint64) int { // This computes 1 + (bits.Len64(v)-1)/7. // 9/64 is a good enough approximation of 1/7 - return int(9*uint32(bits.Len64(v))+64) / 64 + // + // The Go compiler can translate the bits.LeadingZeros64 call into the LZCNT + // instruction, which is very fast on CPUs from the last few years. The + // specific way of expressing the calculation matches C++ Protobuf, see + // https://godbolt.org/z/4P3h53oM4 for the C++ code and how gcc/clang + // optimize that function for GOAMD64=v1 and GOAMD64=v3 (-march=haswell). + + // By OR'ing v with 1, we guarantee that v is never 0, without changing the + // result of SizeVarint. LZCNT is not defined for 0, meaning the compiler + // needs to add extra instructions to handle that case. + // + // The Go compiler currently (go1.24.4) does not make use of this knowledge. + // This opportunity (removing the XOR instruction, which handles the 0 case) + // results in a small (1%) performance win across CPU architectures. + // + // Independently of avoiding the 0 case, we need the v |= 1 line because + // it allows the Go compiler to eliminate an extra XCHGL barrier. + v |= 1 + + // It would be clearer to write log2value := 63 - uint32(...), but + // writing uint32(...) ^ 63 is much more efficient (-14% ARM, -20% Intel). + // Proof of identity for our value range [0..63]: + // https://go.dev/play/p/Pdn9hEWYakX + log2value := uint32(bits.LeadingZeros64(v)) ^ 63 + return int((log2value*9 + (64 + 9)) / 64) } // AppendFixed32 appends v to b as a little-endian uint32. diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb b/vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb index 323829da1477e4496d664b2a1092a9f9cec275d4..04696351eeeef14cbbd69fd1f4250530b1fbfd56 100644 GIT binary patch literal 154 zcmX}mI}(5(3Eat$;}$;v literal 146 zcmX}mF%Ezr3X5(&e%rBRTLK{CjOa+)E@2mYkk=mEF7 B6)FG# diff --git a/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go b/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go index bf1aba0e8..7b9f01afb 100644 --- a/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go +++ b/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go @@ -9,7 +9,7 @@ import "google.golang.org/protobuf/types/descriptorpb" const ( Minimum = descriptorpb.Edition_EDITION_PROTO2 - Maximum = descriptorpb.Edition_EDITION_2023 + Maximum = descriptorpb.Edition_EDITION_2024 // MaximumKnown is the maximum edition that is known to Go Protobuf, but not // declared as supported. In other words: end users cannot use it, but diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index 688aabe43..dbcf90b87 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -72,9 +72,10 @@ type ( EditionFeatures EditionFeatures } FileL2 struct { - Options func() protoreflect.ProtoMessage - Imports FileImports - Locations SourceLocations + Options func() protoreflect.ProtoMessage + Imports FileImports + OptionImports func() protoreflect.FileImports + Locations SourceLocations } // EditionFeatures is a frequently-instantiated struct, so please take care @@ -126,12 +127,9 @@ func (fd *File) ParentFile() protoreflect.FileDescriptor { return fd } func (fd *File) Parent() protoreflect.Descriptor { return nil } func (fd *File) Index() int { return 0 } func (fd *File) Syntax() protoreflect.Syntax { return fd.L1.Syntax } - -// Not exported and just used to reconstruct the original FileDescriptor proto -func (fd *File) Edition() int32 { return int32(fd.L1.Edition) } -func (fd *File) Name() protoreflect.Name { return fd.L1.Package.Name() } -func (fd *File) FullName() protoreflect.FullName { return fd.L1.Package } -func (fd *File) IsPlaceholder() bool { return false } +func (fd *File) Name() protoreflect.Name { return fd.L1.Package.Name() } +func (fd *File) FullName() protoreflect.FullName { return fd.L1.Package } +func (fd *File) IsPlaceholder() bool { return false } func (fd *File) Options() protoreflect.ProtoMessage { if f := fd.lazyInit().Options; f != nil { return f() @@ -150,6 +148,16 @@ func (fd *File) Format(s fmt.State, r rune) { descfmt.FormatD func (fd *File) ProtoType(protoreflect.FileDescriptor) {} func (fd *File) ProtoInternal(pragma.DoNotImplement) {} +// The next two are not part of the FileDescriptor interface. They are just used to reconstruct +// the original FileDescriptor proto. +func (fd *File) Edition() int32 { return int32(fd.L1.Edition) } +func (fd *File) OptionImports() protoreflect.FileImports { + if f := fd.lazyInit().OptionImports; f != nil { + return f() + } + return emptyFiles +} + func (fd *File) lazyInit() *FileL2 { if atomic.LoadUint32(&fd.once) == 0 { fd.lazyInitOnce() @@ -182,9 +190,9 @@ type ( L2 *EnumL2 // protected by fileDesc.once } EnumL1 struct { - eagerValues bool // controls whether EnumL2.Values is already populated - EditionFeatures EditionFeatures + Visibility int32 + eagerValues bool // controls whether EnumL2.Values is already populated } EnumL2 struct { Options func() protoreflect.ProtoMessage @@ -219,6 +227,11 @@ func (ed *Enum) ReservedNames() protoreflect.Names { return &ed.lazyInit() func (ed *Enum) ReservedRanges() protoreflect.EnumRanges { return &ed.lazyInit().ReservedRanges } func (ed *Enum) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, ed) } func (ed *Enum) ProtoType(protoreflect.EnumDescriptor) {} + +// This is not part of the EnumDescriptor interface. It is just used to reconstruct +// the original FileDescriptor proto. +func (ed *Enum) Visibility() int32 { return ed.L1.Visibility } + func (ed *Enum) lazyInit() *EnumL2 { ed.L0.ParentFile.lazyInit() // implicitly initializes L2 return ed.L2 @@ -244,13 +257,13 @@ type ( L2 *MessageL2 // protected by fileDesc.once } MessageL1 struct { - Enums Enums - Messages Messages - Extensions Extensions - IsMapEntry bool // promoted from google.protobuf.MessageOptions - IsMessageSet bool // promoted from google.protobuf.MessageOptions - + Enums Enums + Messages Messages + Extensions Extensions EditionFeatures EditionFeatures + Visibility int32 + IsMapEntry bool // promoted from google.protobuf.MessageOptions + IsMessageSet bool // promoted from google.protobuf.MessageOptions } MessageL2 struct { Options func() protoreflect.ProtoMessage @@ -319,6 +332,11 @@ func (md *Message) Messages() protoreflect.MessageDescriptors { return &md.L func (md *Message) Extensions() protoreflect.ExtensionDescriptors { return &md.L1.Extensions } func (md *Message) ProtoType(protoreflect.MessageDescriptor) {} func (md *Message) Format(s fmt.State, r rune) { descfmt.FormatDesc(s, r, md) } + +// This is not part of the MessageDescriptor interface. It is just used to reconstruct +// the original FileDescriptor proto. +func (md *Message) Visibility() int32 { return md.L1.Visibility } + func (md *Message) lazyInit() *MessageL2 { md.L0.ParentFile.lazyInit() // implicitly initializes L2 return md.L2 diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go index d2f549497..e91860f5a 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go @@ -284,6 +284,13 @@ func (ed *Enum) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protorefl case genid.EnumDescriptorProto_Value_field_number: numValues++ } + case protowire.VarintType: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + switch num { + case genid.EnumDescriptorProto_Visibility_field_number: + ed.L1.Visibility = int32(v) + } default: m := protowire.ConsumeFieldValue(num, typ, b) b = b[m:] @@ -365,6 +372,13 @@ func (md *Message) unmarshalSeed(b []byte, sb *strs.Builder, pf *File, pd protor md.unmarshalSeedOptions(v) } prevField = num + case protowire.VarintType: + v, m := protowire.ConsumeVarint(b) + b = b[m:] + switch num { + case genid.DescriptorProto_Visibility_field_number: + md.L1.Visibility = int32(v) + } default: m := protowire.ConsumeFieldValue(num, typ, b) b = b[m:] diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go index d4c94458b..dd31faaeb 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go @@ -134,6 +134,7 @@ func (fd *File) unmarshalFull(b []byte) { var enumIdx, messageIdx, extensionIdx, serviceIdx int var rawOptions []byte + var optionImports []string fd.L2 = new(FileL2) for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) @@ -157,6 +158,8 @@ func (fd *File) unmarshalFull(b []byte) { imp = PlaceholderFile(path) } fd.L2.Imports = append(fd.L2.Imports, protoreflect.FileImport{FileDescriptor: imp}) + case genid.FileDescriptorProto_OptionDependency_field_number: + optionImports = append(optionImports, sb.MakeString(v)) case genid.FileDescriptorProto_EnumType_field_number: fd.L1.Enums.List[enumIdx].unmarshalFull(v, sb) enumIdx++ @@ -178,6 +181,23 @@ func (fd *File) unmarshalFull(b []byte) { } } fd.L2.Options = fd.builder.optionsUnmarshaler(&descopts.File, rawOptions) + if len(optionImports) > 0 { + var imps FileImports + var once sync.Once + fd.L2.OptionImports = func() protoreflect.FileImports { + once.Do(func() { + imps = make(FileImports, len(optionImports)) + for i, path := range optionImports { + imp, _ := fd.builder.FileRegistry.FindFileByPath(path) + if imp == nil { + imp = PlaceholderFile(path) + } + imps[i] = protoreflect.FileImport{FileDescriptor: imp} + } + }) + return &imps + } + } } func (ed *Enum) unmarshalFull(b []byte, sb *strs.Builder) { diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go index b08b71830..66ba90680 100644 --- a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go +++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go @@ -13,8 +13,10 @@ import ( "google.golang.org/protobuf/reflect/protoreflect" ) -var defaultsCache = make(map[Edition]EditionFeatures) -var defaultsKeys = []Edition{} +var ( + defaultsCache = make(map[Edition]EditionFeatures) + defaultsKeys = []Edition{} +) func init() { unmarshalEditionDefaults(editiondefaults.Defaults) @@ -41,7 +43,7 @@ func unmarshalGoFeature(b []byte, parent EditionFeatures) EditionFeatures { b = b[m:] parent.StripEnumPrefix = int(v) default: - panic(fmt.Sprintf("unkown field number %d while unmarshalling GoFeatures", num)) + panic(fmt.Sprintf("unknown field number %d while unmarshalling GoFeatures", num)) } } return parent @@ -72,8 +74,11 @@ func unmarshalFeatureSet(b []byte, parent EditionFeatures) EditionFeatures { case genid.FeatureSet_EnforceNamingStyle_field_number: // EnforceNamingStyle is enforced in protoc, languages other than C++ // are not supposed to do anything with this feature. + case genid.FeatureSet_DefaultSymbolVisibility_field_number: + // DefaultSymbolVisibility is enforced in protoc, runtimes should not + // inspect this value. default: - panic(fmt.Sprintf("unkown field number %d while unmarshalling FeatureSet", num)) + panic(fmt.Sprintf("unknown field number %d while unmarshalling FeatureSet", num)) } case protowire.BytesType: v, m := protowire.ConsumeBytes(b) @@ -147,7 +152,7 @@ func unmarshalEditionDefaults(b []byte) { _, m := protowire.ConsumeVarint(b) b = b[m:] default: - panic(fmt.Sprintf("unkown field number %d while unmarshalling EditionDefault", num)) + panic(fmt.Sprintf("unknown field number %d while unmarshalling EditionDefault", num)) } } } diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/presence.go b/vendor/google.golang.org/protobuf/internal/filedesc/presence.go new file mode 100644 index 000000000..a12ec9791 --- /dev/null +++ b/vendor/google.golang.org/protobuf/internal/filedesc/presence.go @@ -0,0 +1,33 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package filedesc + +import "google.golang.org/protobuf/reflect/protoreflect" + +// UsePresenceForField reports whether the presence bitmap should be used for +// the specified field. +func UsePresenceForField(fd protoreflect.FieldDescriptor) (usePresence, canBeLazy bool) { + switch { + case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): + // Oneof fields never use the presence bitmap. + // + // Synthetic oneofs are an exception: Those are used to implement proto3 + // optional fields and hence should follow non-oneof field semantics. + return false, false + + case fd.IsMap(): + // Map-typed fields never use the presence bitmap. + return false, false + + case fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind: + // Lazy fields always use the presence bitmap (only messages can be lazy). + isLazy := fd.(interface{ IsLazy() bool }).IsLazy() + return isLazy, isLazy + + default: + // If the field has presence, use the presence bitmap. + return fd.HasPresence(), false + } +} diff --git a/vendor/google.golang.org/protobuf/internal/genid/api_gen.go b/vendor/google.golang.org/protobuf/internal/genid/api_gen.go index df8f91850..3ceb6fa7f 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/api_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/api_gen.go @@ -27,6 +27,7 @@ const ( Api_SourceContext_field_name protoreflect.Name = "source_context" Api_Mixins_field_name protoreflect.Name = "mixins" Api_Syntax_field_name protoreflect.Name = "syntax" + Api_Edition_field_name protoreflect.Name = "edition" Api_Name_field_fullname protoreflect.FullName = "google.protobuf.Api.name" Api_Methods_field_fullname protoreflect.FullName = "google.protobuf.Api.methods" @@ -35,6 +36,7 @@ const ( Api_SourceContext_field_fullname protoreflect.FullName = "google.protobuf.Api.source_context" Api_Mixins_field_fullname protoreflect.FullName = "google.protobuf.Api.mixins" Api_Syntax_field_fullname protoreflect.FullName = "google.protobuf.Api.syntax" + Api_Edition_field_fullname protoreflect.FullName = "google.protobuf.Api.edition" ) // Field numbers for google.protobuf.Api. @@ -46,6 +48,7 @@ const ( Api_SourceContext_field_number protoreflect.FieldNumber = 5 Api_Mixins_field_number protoreflect.FieldNumber = 6 Api_Syntax_field_number protoreflect.FieldNumber = 7 + Api_Edition_field_number protoreflect.FieldNumber = 8 ) // Names for google.protobuf.Method. @@ -63,6 +66,7 @@ const ( Method_ResponseStreaming_field_name protoreflect.Name = "response_streaming" Method_Options_field_name protoreflect.Name = "options" Method_Syntax_field_name protoreflect.Name = "syntax" + Method_Edition_field_name protoreflect.Name = "edition" Method_Name_field_fullname protoreflect.FullName = "google.protobuf.Method.name" Method_RequestTypeUrl_field_fullname protoreflect.FullName = "google.protobuf.Method.request_type_url" @@ -71,6 +75,7 @@ const ( Method_ResponseStreaming_field_fullname protoreflect.FullName = "google.protobuf.Method.response_streaming" Method_Options_field_fullname protoreflect.FullName = "google.protobuf.Method.options" Method_Syntax_field_fullname protoreflect.FullName = "google.protobuf.Method.syntax" + Method_Edition_field_fullname protoreflect.FullName = "google.protobuf.Method.edition" ) // Field numbers for google.protobuf.Method. @@ -82,6 +87,7 @@ const ( Method_ResponseStreaming_field_number protoreflect.FieldNumber = 5 Method_Options_field_number protoreflect.FieldNumber = 6 Method_Syntax_field_number protoreflect.FieldNumber = 7 + Method_Edition_field_number protoreflect.FieldNumber = 8 ) // Names for google.protobuf.Mixin. diff --git a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index 39524782a..950a6a325 100644 --- a/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -34,6 +34,19 @@ const ( Edition_EDITION_MAX_enum_value = 2147483647 ) +// Full and short names for google.protobuf.SymbolVisibility. +const ( + SymbolVisibility_enum_fullname = "google.protobuf.SymbolVisibility" + SymbolVisibility_enum_name = "SymbolVisibility" +) + +// Enum values for google.protobuf.SymbolVisibility. +const ( + SymbolVisibility_VISIBILITY_UNSET_enum_value = 0 + SymbolVisibility_VISIBILITY_LOCAL_enum_value = 1 + SymbolVisibility_VISIBILITY_EXPORT_enum_value = 2 +) + // Names for google.protobuf.FileDescriptorSet. const ( FileDescriptorSet_message_name protoreflect.Name = "FileDescriptorSet" @@ -65,6 +78,7 @@ const ( FileDescriptorProto_Dependency_field_name protoreflect.Name = "dependency" FileDescriptorProto_PublicDependency_field_name protoreflect.Name = "public_dependency" FileDescriptorProto_WeakDependency_field_name protoreflect.Name = "weak_dependency" + FileDescriptorProto_OptionDependency_field_name protoreflect.Name = "option_dependency" FileDescriptorProto_MessageType_field_name protoreflect.Name = "message_type" FileDescriptorProto_EnumType_field_name protoreflect.Name = "enum_type" FileDescriptorProto_Service_field_name protoreflect.Name = "service" @@ -79,6 +93,7 @@ const ( FileDescriptorProto_Dependency_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.dependency" FileDescriptorProto_PublicDependency_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.public_dependency" FileDescriptorProto_WeakDependency_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.weak_dependency" + FileDescriptorProto_OptionDependency_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.option_dependency" FileDescriptorProto_MessageType_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.message_type" FileDescriptorProto_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.enum_type" FileDescriptorProto_Service_field_fullname protoreflect.FullName = "google.protobuf.FileDescriptorProto.service" @@ -96,6 +111,7 @@ const ( FileDescriptorProto_Dependency_field_number protoreflect.FieldNumber = 3 FileDescriptorProto_PublicDependency_field_number protoreflect.FieldNumber = 10 FileDescriptorProto_WeakDependency_field_number protoreflect.FieldNumber = 11 + FileDescriptorProto_OptionDependency_field_number protoreflect.FieldNumber = 15 FileDescriptorProto_MessageType_field_number protoreflect.FieldNumber = 4 FileDescriptorProto_EnumType_field_number protoreflect.FieldNumber = 5 FileDescriptorProto_Service_field_number protoreflect.FieldNumber = 6 @@ -124,6 +140,7 @@ const ( DescriptorProto_Options_field_name protoreflect.Name = "options" DescriptorProto_ReservedRange_field_name protoreflect.Name = "reserved_range" DescriptorProto_ReservedName_field_name protoreflect.Name = "reserved_name" + DescriptorProto_Visibility_field_name protoreflect.Name = "visibility" DescriptorProto_Name_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.name" DescriptorProto_Field_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.field" @@ -135,6 +152,7 @@ const ( DescriptorProto_Options_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.options" DescriptorProto_ReservedRange_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.reserved_range" DescriptorProto_ReservedName_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.reserved_name" + DescriptorProto_Visibility_field_fullname protoreflect.FullName = "google.protobuf.DescriptorProto.visibility" ) // Field numbers for google.protobuf.DescriptorProto. @@ -149,6 +167,7 @@ const ( DescriptorProto_Options_field_number protoreflect.FieldNumber = 7 DescriptorProto_ReservedRange_field_number protoreflect.FieldNumber = 9 DescriptorProto_ReservedName_field_number protoreflect.FieldNumber = 10 + DescriptorProto_Visibility_field_number protoreflect.FieldNumber = 11 ) // Names for google.protobuf.DescriptorProto.ExtensionRange. @@ -388,12 +407,14 @@ const ( EnumDescriptorProto_Options_field_name protoreflect.Name = "options" EnumDescriptorProto_ReservedRange_field_name protoreflect.Name = "reserved_range" EnumDescriptorProto_ReservedName_field_name protoreflect.Name = "reserved_name" + EnumDescriptorProto_Visibility_field_name protoreflect.Name = "visibility" EnumDescriptorProto_Name_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.name" EnumDescriptorProto_Value_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.value" EnumDescriptorProto_Options_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.options" EnumDescriptorProto_ReservedRange_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.reserved_range" EnumDescriptorProto_ReservedName_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.reserved_name" + EnumDescriptorProto_Visibility_field_fullname protoreflect.FullName = "google.protobuf.EnumDescriptorProto.visibility" ) // Field numbers for google.protobuf.EnumDescriptorProto. @@ -403,6 +424,7 @@ const ( EnumDescriptorProto_Options_field_number protoreflect.FieldNumber = 3 EnumDescriptorProto_ReservedRange_field_number protoreflect.FieldNumber = 4 EnumDescriptorProto_ReservedName_field_number protoreflect.FieldNumber = 5 + EnumDescriptorProto_Visibility_field_number protoreflect.FieldNumber = 6 ) // Names for google.protobuf.EnumDescriptorProto.EnumReservedRange. @@ -1008,32 +1030,35 @@ const ( // Field names for google.protobuf.FeatureSet. const ( - FeatureSet_FieldPresence_field_name protoreflect.Name = "field_presence" - FeatureSet_EnumType_field_name protoreflect.Name = "enum_type" - FeatureSet_RepeatedFieldEncoding_field_name protoreflect.Name = "repeated_field_encoding" - FeatureSet_Utf8Validation_field_name protoreflect.Name = "utf8_validation" - FeatureSet_MessageEncoding_field_name protoreflect.Name = "message_encoding" - FeatureSet_JsonFormat_field_name protoreflect.Name = "json_format" - FeatureSet_EnforceNamingStyle_field_name protoreflect.Name = "enforce_naming_style" - - FeatureSet_FieldPresence_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.field_presence" - FeatureSet_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enum_type" - FeatureSet_RepeatedFieldEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.repeated_field_encoding" - FeatureSet_Utf8Validation_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.utf8_validation" - FeatureSet_MessageEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.message_encoding" - FeatureSet_JsonFormat_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.json_format" - FeatureSet_EnforceNamingStyle_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enforce_naming_style" + FeatureSet_FieldPresence_field_name protoreflect.Name = "field_presence" + FeatureSet_EnumType_field_name protoreflect.Name = "enum_type" + FeatureSet_RepeatedFieldEncoding_field_name protoreflect.Name = "repeated_field_encoding" + FeatureSet_Utf8Validation_field_name protoreflect.Name = "utf8_validation" + FeatureSet_MessageEncoding_field_name protoreflect.Name = "message_encoding" + FeatureSet_JsonFormat_field_name protoreflect.Name = "json_format" + FeatureSet_EnforceNamingStyle_field_name protoreflect.Name = "enforce_naming_style" + FeatureSet_DefaultSymbolVisibility_field_name protoreflect.Name = "default_symbol_visibility" + + FeatureSet_FieldPresence_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.field_presence" + FeatureSet_EnumType_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enum_type" + FeatureSet_RepeatedFieldEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.repeated_field_encoding" + FeatureSet_Utf8Validation_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.utf8_validation" + FeatureSet_MessageEncoding_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.message_encoding" + FeatureSet_JsonFormat_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.json_format" + FeatureSet_EnforceNamingStyle_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.enforce_naming_style" + FeatureSet_DefaultSymbolVisibility_field_fullname protoreflect.FullName = "google.protobuf.FeatureSet.default_symbol_visibility" ) // Field numbers for google.protobuf.FeatureSet. const ( - FeatureSet_FieldPresence_field_number protoreflect.FieldNumber = 1 - FeatureSet_EnumType_field_number protoreflect.FieldNumber = 2 - FeatureSet_RepeatedFieldEncoding_field_number protoreflect.FieldNumber = 3 - FeatureSet_Utf8Validation_field_number protoreflect.FieldNumber = 4 - FeatureSet_MessageEncoding_field_number protoreflect.FieldNumber = 5 - FeatureSet_JsonFormat_field_number protoreflect.FieldNumber = 6 - FeatureSet_EnforceNamingStyle_field_number protoreflect.FieldNumber = 7 + FeatureSet_FieldPresence_field_number protoreflect.FieldNumber = 1 + FeatureSet_EnumType_field_number protoreflect.FieldNumber = 2 + FeatureSet_RepeatedFieldEncoding_field_number protoreflect.FieldNumber = 3 + FeatureSet_Utf8Validation_field_number protoreflect.FieldNumber = 4 + FeatureSet_MessageEncoding_field_number protoreflect.FieldNumber = 5 + FeatureSet_JsonFormat_field_number protoreflect.FieldNumber = 6 + FeatureSet_EnforceNamingStyle_field_number protoreflect.FieldNumber = 7 + FeatureSet_DefaultSymbolVisibility_field_number protoreflect.FieldNumber = 8 ) // Full and short names for google.protobuf.FeatureSet.FieldPresence. @@ -1128,6 +1153,27 @@ const ( FeatureSet_STYLE_LEGACY_enum_value = 2 ) +// Names for google.protobuf.FeatureSet.VisibilityFeature. +const ( + FeatureSet_VisibilityFeature_message_name protoreflect.Name = "VisibilityFeature" + FeatureSet_VisibilityFeature_message_fullname protoreflect.FullName = "google.protobuf.FeatureSet.VisibilityFeature" +) + +// Full and short names for google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibility. +const ( + FeatureSet_VisibilityFeature_DefaultSymbolVisibility_enum_fullname = "google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibility" + FeatureSet_VisibilityFeature_DefaultSymbolVisibility_enum_name = "DefaultSymbolVisibility" +) + +// Enum values for google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibility. +const ( + FeatureSet_VisibilityFeature_DEFAULT_SYMBOL_VISIBILITY_UNKNOWN_enum_value = 0 + FeatureSet_VisibilityFeature_EXPORT_ALL_enum_value = 1 + FeatureSet_VisibilityFeature_EXPORT_TOP_LEVEL_enum_value = 2 + FeatureSet_VisibilityFeature_LOCAL_ALL_enum_value = 3 + FeatureSet_VisibilityFeature_STRICT_enum_value = 4 +) + // Names for google.protobuf.FeatureSetDefaults. const ( FeatureSetDefaults_message_name protoreflect.Name = "FeatureSetDefaults" diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go index 41c1f74ef..bdad12a9b 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go @@ -11,6 +11,7 @@ import ( "google.golang.org/protobuf/encoding/protowire" "google.golang.org/protobuf/internal/encoding/messageset" + "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/internal/order" "google.golang.org/protobuf/reflect/protoreflect" piface "google.golang.org/protobuf/runtime/protoiface" @@ -80,7 +81,7 @@ func (mi *MessageInfo) makeOpaqueCoderMethods(t reflect.Type, si opaqueStructInf // permit us to skip over definitely-unset fields at marshal time. var hasPresence bool - hasPresence, cf.isLazy = usePresenceForField(si, fd) + hasPresence, cf.isLazy = filedesc.UsePresenceForField(fd) if hasPresence { cf.presenceIndex, mi.presenceSize = presenceIndex(mi.Desc, fd) diff --git a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go index dd55e8e00..5a439daac 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go +++ b/vendor/google.golang.org/protobuf/internal/impl/message_opaque.go @@ -11,6 +11,7 @@ import ( "strings" "sync/atomic" + "google.golang.org/protobuf/internal/filedesc" "google.golang.org/protobuf/reflect/protoreflect" ) @@ -53,7 +54,7 @@ func opaqueInitHook(mi *MessageInfo) bool { fd := fds.Get(i) fs := si.fieldsByNumber[fd.Number()] var fi fieldInfo - usePresence, _ := usePresenceForField(si, fd) + usePresence, _ := filedesc.UsePresenceForField(fd) switch { case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): @@ -343,17 +344,15 @@ func (mi *MessageInfo) fieldInfoForMessageListOpaqueNoPresence(si opaqueStructIn if p.IsNil() { return false } - sp := p.Apply(fieldOffset).AtomicGetPointer() - if sp.IsNil() { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if rv.IsNil() { return false } - rv := sp.AsValueOf(fs.Type.Elem()) return rv.Elem().Len() > 0 }, clear: func(p pointer) { - sp := p.Apply(fieldOffset).AtomicGetPointer() - if !sp.IsNil() { - rv := sp.AsValueOf(fs.Type.Elem()) + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if !rv.IsNil() { rv.Elem().Set(reflect.Zero(rv.Type().Elem())) } }, @@ -361,11 +360,10 @@ func (mi *MessageInfo) fieldInfoForMessageListOpaqueNoPresence(si opaqueStructIn if p.IsNil() { return conv.Zero() } - sp := p.Apply(fieldOffset).AtomicGetPointer() - if sp.IsNil() { + rv := p.Apply(fieldOffset).AsValueOf(fs.Type).Elem() + if rv.IsNil() { return conv.Zero() } - rv := sp.AsValueOf(fs.Type.Elem()) if rv.Elem().Len() == 0 { return conv.Zero() } @@ -598,30 +596,3 @@ func (mi *MessageInfo) clearPresent(p pointer, index uint32) { func (mi *MessageInfo) present(p pointer, index uint32) bool { return p.Apply(mi.presenceOffset).PresenceInfo().Present(index) } - -// usePresenceForField implements the somewhat intricate logic of when -// the presence bitmap is used for a field. The main logic is that a -// field that is optional or that can be lazy will use the presence -// bit, but for proto2, also maps have a presence bit. It also records -// if the field can ever be lazy, which is true if we have a -// lazyOffset and the field is a message or a slice of messages. A -// field that is lazy will always need a presence bit. Oneofs are not -// lazy and do not use presence, unless they are a synthetic oneof, -// which is a proto3 optional field. For proto3 optionals, we use the -// presence and they can also be lazy when applicable (a message). -func usePresenceForField(si opaqueStructInfo, fd protoreflect.FieldDescriptor) (usePresence, canBeLazy bool) { - hasLazyField := fd.(interface{ IsLazy() bool }).IsLazy() - - // Non-oneof scalar fields with explicit field presence use the presence array. - usesPresenceArray := fd.HasPresence() && fd.Message() == nil && (fd.ContainingOneof() == nil || fd.ContainingOneof().IsSynthetic()) - switch { - case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic(): - return false, false - case fd.IsMap(): - return false, false - case fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind: - return hasLazyField, hasLazyField - default: - return usesPresenceArray || (hasLazyField && fd.HasPresence()), false - } -} diff --git a/vendor/google.golang.org/protobuf/internal/impl/presence.go b/vendor/google.golang.org/protobuf/internal/impl/presence.go index 914cb1ded..443afe81c 100644 --- a/vendor/google.golang.org/protobuf/internal/impl/presence.go +++ b/vendor/google.golang.org/protobuf/internal/impl/presence.go @@ -32,9 +32,6 @@ func (p presence) toElem(num uint32) (ret *uint32) { // Present checks for the presence of a specific field number in a presence set. func (p presence) Present(num uint32) bool { - if p.P == nil { - return false - } return Export{}.Present(p.toElem(num), num) } diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go index aac1cb18a..77de0f238 100644 --- a/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 6 + Patch = 10 PreRelease = "" ) diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go index 823dbf3ba..9196288e4 100644 --- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go +++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go @@ -152,6 +152,28 @@ func (o FileOptions) New(fd *descriptorpb.FileDescriptorProto, r Resolver) (prot imp := &f.L2.Imports[i] imps.importPublic(imp.Imports()) } + if len(fd.GetOptionDependency()) > 0 { + optionImports := make(filedesc.FileImports, len(fd.GetOptionDependency())) + for i, path := range fd.GetOptionDependency() { + imp := &optionImports[i] + f, err := r.FindFileByPath(path) + if err == protoregistry.NotFound { + // We always allow option imports to be unresolvable. + f = filedesc.PlaceholderFile(path) + } else if err != nil { + return nil, errors.New("could not resolve import %q: %v", path, err) + } + imp.FileDescriptor = f + + if imps[imp.Path()] { + return nil, errors.New("already imported %q", path) + } + imps[imp.Path()] = true + } + f.L2.OptionImports = func() protoreflect.FileImports { + return &optionImports + } + } // Handle source locations. f.L2.Locations.File = f diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go index 9da34998b..c826ad043 100644 --- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go +++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go @@ -29,6 +29,7 @@ func (r descsByName) initEnumDeclarations(eds []*descriptorpb.EnumDescriptorProt e.L2.Options = func() protoreflect.ProtoMessage { return opts } } e.L1.EditionFeatures = mergeEditionFeatures(parent, ed.GetOptions().GetFeatures()) + e.L1.Visibility = int32(ed.GetVisibility()) for _, s := range ed.GetReservedName() { e.L2.ReservedNames.List = append(e.L2.ReservedNames.List, protoreflect.Name(s)) } @@ -70,6 +71,7 @@ func (r descsByName) initMessagesDeclarations(mds []*descriptorpb.DescriptorProt return nil, err } m.L1.EditionFeatures = mergeEditionFeatures(parent, md.GetOptions().GetFeatures()) + m.L1.Visibility = int32(md.GetVisibility()) if opts := md.GetOptions(); opts != nil { opts = proto.Clone(opts).(*descriptorpb.MessageOptions) m.L2.Options = func() protoreflect.ProtoMessage { return opts } diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go b/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go index 9b880aa8c..6f91074e3 100644 --- a/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go +++ b/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go @@ -70,16 +70,27 @@ func ToFileDescriptorProto(file protoreflect.FileDescriptor) *descriptorpb.FileD if syntax := file.Syntax(); syntax != protoreflect.Proto2 && syntax.IsValid() { p.Syntax = proto.String(file.Syntax().String()) } + desc := file + if fileImportDesc, ok := file.(protoreflect.FileImport); ok { + desc = fileImportDesc.FileDescriptor + } if file.Syntax() == protoreflect.Editions { - desc := file - if fileImportDesc, ok := file.(protoreflect.FileImport); ok { - desc = fileImportDesc.FileDescriptor - } - if editionsInterface, ok := desc.(interface{ Edition() int32 }); ok { p.Edition = descriptorpb.Edition(editionsInterface.Edition()).Enum() } } + type hasOptionImports interface { + OptionImports() protoreflect.FileImports + } + if opts, ok := desc.(hasOptionImports); ok { + if optionImports := opts.OptionImports(); optionImports.Len() > 0 { + optionDeps := make([]string, optionImports.Len()) + for i := range optionImports.Len() { + optionDeps[i] = optionImports.Get(i).Path() + } + p.OptionDependency = optionDeps + } + } return p } @@ -123,6 +134,14 @@ func ToDescriptorProto(message protoreflect.MessageDescriptor) *descriptorpb.Des for i, names := 0, message.ReservedNames(); i < names.Len(); i++ { p.ReservedName = append(p.ReservedName, string(names.Get(i))) } + type hasVisibility interface { + Visibility() int32 + } + if vis, ok := message.(hasVisibility); ok { + if visibility := vis.Visibility(); visibility > 0 { + p.Visibility = descriptorpb.SymbolVisibility(visibility).Enum() + } + } return p } @@ -216,6 +235,14 @@ func ToEnumDescriptorProto(enum protoreflect.EnumDescriptor) *descriptorpb.EnumD for i, names := 0, enum.ReservedNames(); i < names.Len(); i++ { p.ReservedName = append(p.ReservedName, string(names.Get(i))) } + type hasVisibility interface { + Visibility() int32 + } + if vis, ok := enum.(hasVisibility); ok { + if visibility := vis.Visibility(); visibility > 0 { + p.Visibility = descriptorpb.SymbolVisibility(visibility).Enum() + } + } return p } diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go index a4a0a2971..730331e66 100644 --- a/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go +++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go @@ -21,6 +21,8 @@ func (p *SourcePath) appendFileDescriptorProto(b []byte) []byte { b = p.appendRepeatedField(b, "public_dependency", nil) case 11: b = p.appendRepeatedField(b, "weak_dependency", nil) + case 15: + b = p.appendRepeatedField(b, "option_dependency", nil) case 4: b = p.appendRepeatedField(b, "message_type", (*SourcePath).appendDescriptorProto) case 5: @@ -66,6 +68,8 @@ func (p *SourcePath) appendDescriptorProto(b []byte) []byte { b = p.appendRepeatedField(b, "reserved_range", (*SourcePath).appendDescriptorProto_ReservedRange) case 10: b = p.appendRepeatedField(b, "reserved_name", nil) + case 11: + b = p.appendSingularField(b, "visibility", nil) } return b } @@ -85,6 +89,8 @@ func (p *SourcePath) appendEnumDescriptorProto(b []byte) []byte { b = p.appendRepeatedField(b, "reserved_range", (*SourcePath).appendEnumDescriptorProto_EnumReservedRange) case 5: b = p.appendRepeatedField(b, "reserved_name", nil) + case 6: + b = p.appendSingularField(b, "visibility", nil) } return b } @@ -400,6 +406,8 @@ func (p *SourcePath) appendFeatureSet(b []byte) []byte { b = p.appendSingularField(b, "json_format", nil) case 7: b = p.appendSingularField(b, "enforce_naming_style", nil) + case 8: + b = p.appendSingularField(b, "default_symbol_visibility", nil) } return b } diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go index 7fe280f19..4eacb523c 100644 --- a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go +++ b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go @@ -151,6 +151,70 @@ func (Edition) EnumDescriptor() ([]byte, []int) { return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{0} } +// Describes the 'visibility' of a symbol with respect to the proto import +// system. Symbols can only be imported when the visibility rules do not prevent +// it (ex: local symbols cannot be imported). Visibility modifiers can only set +// on `message` and `enum` as they are the only types available to be referenced +// from other files. +type SymbolVisibility int32 + +const ( + SymbolVisibility_VISIBILITY_UNSET SymbolVisibility = 0 + SymbolVisibility_VISIBILITY_LOCAL SymbolVisibility = 1 + SymbolVisibility_VISIBILITY_EXPORT SymbolVisibility = 2 +) + +// Enum value maps for SymbolVisibility. +var ( + SymbolVisibility_name = map[int32]string{ + 0: "VISIBILITY_UNSET", + 1: "VISIBILITY_LOCAL", + 2: "VISIBILITY_EXPORT", + } + SymbolVisibility_value = map[string]int32{ + "VISIBILITY_UNSET": 0, + "VISIBILITY_LOCAL": 1, + "VISIBILITY_EXPORT": 2, + } +) + +func (x SymbolVisibility) Enum() *SymbolVisibility { + p := new(SymbolVisibility) + *p = x + return p +} + +func (x SymbolVisibility) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (SymbolVisibility) Descriptor() protoreflect.EnumDescriptor { + return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor() +} + +func (SymbolVisibility) Type() protoreflect.EnumType { + return &file_google_protobuf_descriptor_proto_enumTypes[1] +} + +func (x SymbolVisibility) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *SymbolVisibility) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = SymbolVisibility(num) + return nil +} + +// Deprecated: Use SymbolVisibility.Descriptor instead. +func (SymbolVisibility) EnumDescriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{1} +} + // The verification state of the extension range. type ExtensionRangeOptions_VerificationState int32 @@ -183,11 +247,11 @@ func (x ExtensionRangeOptions_VerificationState) String() string { } func (ExtensionRangeOptions_VerificationState) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor() } func (ExtensionRangeOptions_VerificationState) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[1] + return &file_google_protobuf_descriptor_proto_enumTypes[2] } func (x ExtensionRangeOptions_VerificationState) Number() protoreflect.EnumNumber { @@ -299,11 +363,11 @@ func (x FieldDescriptorProto_Type) String() string { } func (FieldDescriptorProto_Type) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor() } func (FieldDescriptorProto_Type) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[2] + return &file_google_protobuf_descriptor_proto_enumTypes[3] } func (x FieldDescriptorProto_Type) Number() protoreflect.EnumNumber { @@ -362,11 +426,11 @@ func (x FieldDescriptorProto_Label) String() string { } func (FieldDescriptorProto_Label) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor() } func (FieldDescriptorProto_Label) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[3] + return &file_google_protobuf_descriptor_proto_enumTypes[4] } func (x FieldDescriptorProto_Label) Number() protoreflect.EnumNumber { @@ -423,11 +487,11 @@ func (x FileOptions_OptimizeMode) String() string { } func (FileOptions_OptimizeMode) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor() } func (FileOptions_OptimizeMode) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[4] + return &file_google_protobuf_descriptor_proto_enumTypes[5] } func (x FileOptions_OptimizeMode) Number() protoreflect.EnumNumber { @@ -489,11 +553,11 @@ func (x FieldOptions_CType) String() string { } func (FieldOptions_CType) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor() } func (FieldOptions_CType) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[5] + return &file_google_protobuf_descriptor_proto_enumTypes[6] } func (x FieldOptions_CType) Number() protoreflect.EnumNumber { @@ -551,11 +615,11 @@ func (x FieldOptions_JSType) String() string { } func (FieldOptions_JSType) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[6].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor() } func (FieldOptions_JSType) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[6] + return &file_google_protobuf_descriptor_proto_enumTypes[7] } func (x FieldOptions_JSType) Number() protoreflect.EnumNumber { @@ -611,11 +675,11 @@ func (x FieldOptions_OptionRetention) String() string { } func (FieldOptions_OptionRetention) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[7].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor() } func (FieldOptions_OptionRetention) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[7] + return &file_google_protobuf_descriptor_proto_enumTypes[8] } func (x FieldOptions_OptionRetention) Number() protoreflect.EnumNumber { @@ -694,11 +758,11 @@ func (x FieldOptions_OptionTargetType) String() string { } func (FieldOptions_OptionTargetType) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[8].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[9].Descriptor() } func (FieldOptions_OptionTargetType) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[8] + return &file_google_protobuf_descriptor_proto_enumTypes[9] } func (x FieldOptions_OptionTargetType) Number() protoreflect.EnumNumber { @@ -756,11 +820,11 @@ func (x MethodOptions_IdempotencyLevel) String() string { } func (MethodOptions_IdempotencyLevel) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[9].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[10].Descriptor() } func (MethodOptions_IdempotencyLevel) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[9] + return &file_google_protobuf_descriptor_proto_enumTypes[10] } func (x MethodOptions_IdempotencyLevel) Number() protoreflect.EnumNumber { @@ -818,11 +882,11 @@ func (x FeatureSet_FieldPresence) String() string { } func (FeatureSet_FieldPresence) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[10].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[11].Descriptor() } func (FeatureSet_FieldPresence) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[10] + return &file_google_protobuf_descriptor_proto_enumTypes[11] } func (x FeatureSet_FieldPresence) Number() protoreflect.EnumNumber { @@ -877,11 +941,11 @@ func (x FeatureSet_EnumType) String() string { } func (FeatureSet_EnumType) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[11].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[12].Descriptor() } func (FeatureSet_EnumType) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[11] + return &file_google_protobuf_descriptor_proto_enumTypes[12] } func (x FeatureSet_EnumType) Number() protoreflect.EnumNumber { @@ -936,11 +1000,11 @@ func (x FeatureSet_RepeatedFieldEncoding) String() string { } func (FeatureSet_RepeatedFieldEncoding) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[12].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[13].Descriptor() } func (FeatureSet_RepeatedFieldEncoding) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[12] + return &file_google_protobuf_descriptor_proto_enumTypes[13] } func (x FeatureSet_RepeatedFieldEncoding) Number() protoreflect.EnumNumber { @@ -995,11 +1059,11 @@ func (x FeatureSet_Utf8Validation) String() string { } func (FeatureSet_Utf8Validation) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[13].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[14].Descriptor() } func (FeatureSet_Utf8Validation) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[13] + return &file_google_protobuf_descriptor_proto_enumTypes[14] } func (x FeatureSet_Utf8Validation) Number() protoreflect.EnumNumber { @@ -1054,11 +1118,11 @@ func (x FeatureSet_MessageEncoding) String() string { } func (FeatureSet_MessageEncoding) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[14].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[15].Descriptor() } func (FeatureSet_MessageEncoding) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[14] + return &file_google_protobuf_descriptor_proto_enumTypes[15] } func (x FeatureSet_MessageEncoding) Number() protoreflect.EnumNumber { @@ -1113,11 +1177,11 @@ func (x FeatureSet_JsonFormat) String() string { } func (FeatureSet_JsonFormat) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[15].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[16].Descriptor() } func (FeatureSet_JsonFormat) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[15] + return &file_google_protobuf_descriptor_proto_enumTypes[16] } func (x FeatureSet_JsonFormat) Number() protoreflect.EnumNumber { @@ -1172,11 +1236,11 @@ func (x FeatureSet_EnforceNamingStyle) String() string { } func (FeatureSet_EnforceNamingStyle) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[16].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[17].Descriptor() } func (FeatureSet_EnforceNamingStyle) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[16] + return &file_google_protobuf_descriptor_proto_enumTypes[17] } func (x FeatureSet_EnforceNamingStyle) Number() protoreflect.EnumNumber { @@ -1198,6 +1262,77 @@ func (FeatureSet_EnforceNamingStyle) EnumDescriptor() ([]byte, []int) { return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19, 6} } +type FeatureSet_VisibilityFeature_DefaultSymbolVisibility int32 + +const ( + FeatureSet_VisibilityFeature_DEFAULT_SYMBOL_VISIBILITY_UNKNOWN FeatureSet_VisibilityFeature_DefaultSymbolVisibility = 0 + // Default pre-EDITION_2024, all UNSET visibility are export. + FeatureSet_VisibilityFeature_EXPORT_ALL FeatureSet_VisibilityFeature_DefaultSymbolVisibility = 1 + // All top-level symbols default to export, nested default to local. + FeatureSet_VisibilityFeature_EXPORT_TOP_LEVEL FeatureSet_VisibilityFeature_DefaultSymbolVisibility = 2 + // All symbols default to local. + FeatureSet_VisibilityFeature_LOCAL_ALL FeatureSet_VisibilityFeature_DefaultSymbolVisibility = 3 + // All symbols local by default. Nested types cannot be exported. + // With special case caveat for message { enum {} reserved 1 to max; } + // This is the recommended setting for new protos. + FeatureSet_VisibilityFeature_STRICT FeatureSet_VisibilityFeature_DefaultSymbolVisibility = 4 +) + +// Enum value maps for FeatureSet_VisibilityFeature_DefaultSymbolVisibility. +var ( + FeatureSet_VisibilityFeature_DefaultSymbolVisibility_name = map[int32]string{ + 0: "DEFAULT_SYMBOL_VISIBILITY_UNKNOWN", + 1: "EXPORT_ALL", + 2: "EXPORT_TOP_LEVEL", + 3: "LOCAL_ALL", + 4: "STRICT", + } + FeatureSet_VisibilityFeature_DefaultSymbolVisibility_value = map[string]int32{ + "DEFAULT_SYMBOL_VISIBILITY_UNKNOWN": 0, + "EXPORT_ALL": 1, + "EXPORT_TOP_LEVEL": 2, + "LOCAL_ALL": 3, + "STRICT": 4, + } +) + +func (x FeatureSet_VisibilityFeature_DefaultSymbolVisibility) Enum() *FeatureSet_VisibilityFeature_DefaultSymbolVisibility { + p := new(FeatureSet_VisibilityFeature_DefaultSymbolVisibility) + *p = x + return p +} + +func (x FeatureSet_VisibilityFeature_DefaultSymbolVisibility) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (FeatureSet_VisibilityFeature_DefaultSymbolVisibility) Descriptor() protoreflect.EnumDescriptor { + return file_google_protobuf_descriptor_proto_enumTypes[18].Descriptor() +} + +func (FeatureSet_VisibilityFeature_DefaultSymbolVisibility) Type() protoreflect.EnumType { + return &file_google_protobuf_descriptor_proto_enumTypes[18] +} + +func (x FeatureSet_VisibilityFeature_DefaultSymbolVisibility) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Do not use. +func (x *FeatureSet_VisibilityFeature_DefaultSymbolVisibility) UnmarshalJSON(b []byte) error { + num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b) + if err != nil { + return err + } + *x = FeatureSet_VisibilityFeature_DefaultSymbolVisibility(num) + return nil +} + +// Deprecated: Use FeatureSet_VisibilityFeature_DefaultSymbolVisibility.Descriptor instead. +func (FeatureSet_VisibilityFeature_DefaultSymbolVisibility) EnumDescriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19, 0, 0} +} + // Represents the identified object's effect on the element in the original // .proto file. type GeneratedCodeInfo_Annotation_Semantic int32 @@ -1236,11 +1371,11 @@ func (x GeneratedCodeInfo_Annotation_Semantic) String() string { } func (GeneratedCodeInfo_Annotation_Semantic) Descriptor() protoreflect.EnumDescriptor { - return file_google_protobuf_descriptor_proto_enumTypes[17].Descriptor() + return file_google_protobuf_descriptor_proto_enumTypes[19].Descriptor() } func (GeneratedCodeInfo_Annotation_Semantic) Type() protoreflect.EnumType { - return &file_google_protobuf_descriptor_proto_enumTypes[17] + return &file_google_protobuf_descriptor_proto_enumTypes[19] } func (x GeneratedCodeInfo_Annotation_Semantic) Number() protoreflect.EnumNumber { @@ -1321,6 +1456,9 @@ type FileDescriptorProto struct { // Indexes of the weak imported files in the dependency list. // For Google-internal migration only. Do not use. WeakDependency []int32 `protobuf:"varint,11,rep,name=weak_dependency,json=weakDependency" json:"weak_dependency,omitempty"` + // Names of files imported by this file purely for the purpose of providing + // option extensions. These are excluded from the dependency list above. + OptionDependency []string `protobuf:"bytes,15,rep,name=option_dependency,json=optionDependency" json:"option_dependency,omitempty"` // All top-level definitions in this file. MessageType []*DescriptorProto `protobuf:"bytes,4,rep,name=message_type,json=messageType" json:"message_type,omitempty"` EnumType []*EnumDescriptorProto `protobuf:"bytes,5,rep,name=enum_type,json=enumType" json:"enum_type,omitempty"` @@ -1414,6 +1552,13 @@ func (x *FileDescriptorProto) GetWeakDependency() []int32 { return nil } +func (x *FileDescriptorProto) GetOptionDependency() []string { + if x != nil { + return x.OptionDependency + } + return nil +} + func (x *FileDescriptorProto) GetMessageType() []*DescriptorProto { if x != nil { return x.MessageType @@ -1484,7 +1629,9 @@ type DescriptorProto struct { ReservedRange []*DescriptorProto_ReservedRange `protobuf:"bytes,9,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"` // Reserved field names, which may not be used by fields in the same message. // A given name may only be reserved once. - ReservedName []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"` + ReservedName []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"` + // Support for `export` and `local` keywords on enums. + Visibility *SymbolVisibility `protobuf:"varint,11,opt,name=visibility,enum=google.protobuf.SymbolVisibility" json:"visibility,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1589,6 +1736,13 @@ func (x *DescriptorProto) GetReservedName() []string { return nil } +func (x *DescriptorProto) GetVisibility() SymbolVisibility { + if x != nil && x.Visibility != nil { + return *x.Visibility + } + return SymbolVisibility_VISIBILITY_UNSET +} + type ExtensionRangeOptions struct { state protoimpl.MessageState `protogen:"open.v1"` // The parser stores options it doesn't recognize here. See above. @@ -1901,7 +2055,9 @@ type EnumDescriptorProto struct { ReservedRange []*EnumDescriptorProto_EnumReservedRange `protobuf:"bytes,4,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"` // Reserved enum value names, which may not be reused. A given name may only // be reserved once. - ReservedName []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"` + ReservedName []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"` + // Support for `export` and `local` keywords on enums. + Visibility *SymbolVisibility `protobuf:"varint,6,opt,name=visibility,enum=google.protobuf.SymbolVisibility" json:"visibility,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1971,6 +2127,13 @@ func (x *EnumDescriptorProto) GetReservedName() []string { return nil } +func (x *EnumDescriptorProto) GetVisibility() SymbolVisibility { + if x != nil && x.Visibility != nil { + return *x.Visibility + } + return SymbolVisibility_VISIBILITY_UNSET +} + // Describes a value within an enum. type EnumValueDescriptorProto struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -2710,7 +2873,10 @@ type FieldOptions struct { // for accessors, or it will be completely ignored; in the very least, this // is a formalization for deprecating fields. Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"` + // DEPRECATED. DO NOT USE! // For Google-internal migration only. Do not use. + // + // Deprecated: Marked as deprecated in google/protobuf/descriptor.proto. Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"` // Indicate that the field value should not be printed out when using debug // formats, e.g. when the field contains sensitive credentials. @@ -2814,6 +2980,7 @@ func (x *FieldOptions) GetDeprecated() bool { return Default_FieldOptions_Deprecated } +// Deprecated: Marked as deprecated in google/protobuf/descriptor.proto. func (x *FieldOptions) GetWeak() bool { if x != nil && x.Weak != nil { return *x.Weak @@ -3392,17 +3559,18 @@ func (x *UninterpretedOption) GetAggregateValue() string { // be designed and implemented to handle this, hopefully before we ever hit a // conflict here. type FeatureSet struct { - state protoimpl.MessageState `protogen:"open.v1"` - FieldPresence *FeatureSet_FieldPresence `protobuf:"varint,1,opt,name=field_presence,json=fieldPresence,enum=google.protobuf.FeatureSet_FieldPresence" json:"field_presence,omitempty"` - EnumType *FeatureSet_EnumType `protobuf:"varint,2,opt,name=enum_type,json=enumType,enum=google.protobuf.FeatureSet_EnumType" json:"enum_type,omitempty"` - RepeatedFieldEncoding *FeatureSet_RepeatedFieldEncoding `protobuf:"varint,3,opt,name=repeated_field_encoding,json=repeatedFieldEncoding,enum=google.protobuf.FeatureSet_RepeatedFieldEncoding" json:"repeated_field_encoding,omitempty"` - Utf8Validation *FeatureSet_Utf8Validation `protobuf:"varint,4,opt,name=utf8_validation,json=utf8Validation,enum=google.protobuf.FeatureSet_Utf8Validation" json:"utf8_validation,omitempty"` - MessageEncoding *FeatureSet_MessageEncoding `protobuf:"varint,5,opt,name=message_encoding,json=messageEncoding,enum=google.protobuf.FeatureSet_MessageEncoding" json:"message_encoding,omitempty"` - JsonFormat *FeatureSet_JsonFormat `protobuf:"varint,6,opt,name=json_format,json=jsonFormat,enum=google.protobuf.FeatureSet_JsonFormat" json:"json_format,omitempty"` - EnforceNamingStyle *FeatureSet_EnforceNamingStyle `protobuf:"varint,7,opt,name=enforce_naming_style,json=enforceNamingStyle,enum=google.protobuf.FeatureSet_EnforceNamingStyle" json:"enforce_naming_style,omitempty"` - extensionFields protoimpl.ExtensionFields - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + FieldPresence *FeatureSet_FieldPresence `protobuf:"varint,1,opt,name=field_presence,json=fieldPresence,enum=google.protobuf.FeatureSet_FieldPresence" json:"field_presence,omitempty"` + EnumType *FeatureSet_EnumType `protobuf:"varint,2,opt,name=enum_type,json=enumType,enum=google.protobuf.FeatureSet_EnumType" json:"enum_type,omitempty"` + RepeatedFieldEncoding *FeatureSet_RepeatedFieldEncoding `protobuf:"varint,3,opt,name=repeated_field_encoding,json=repeatedFieldEncoding,enum=google.protobuf.FeatureSet_RepeatedFieldEncoding" json:"repeated_field_encoding,omitempty"` + Utf8Validation *FeatureSet_Utf8Validation `protobuf:"varint,4,opt,name=utf8_validation,json=utf8Validation,enum=google.protobuf.FeatureSet_Utf8Validation" json:"utf8_validation,omitempty"` + MessageEncoding *FeatureSet_MessageEncoding `protobuf:"varint,5,opt,name=message_encoding,json=messageEncoding,enum=google.protobuf.FeatureSet_MessageEncoding" json:"message_encoding,omitempty"` + JsonFormat *FeatureSet_JsonFormat `protobuf:"varint,6,opt,name=json_format,json=jsonFormat,enum=google.protobuf.FeatureSet_JsonFormat" json:"json_format,omitempty"` + EnforceNamingStyle *FeatureSet_EnforceNamingStyle `protobuf:"varint,7,opt,name=enforce_naming_style,json=enforceNamingStyle,enum=google.protobuf.FeatureSet_EnforceNamingStyle" json:"enforce_naming_style,omitempty"` + DefaultSymbolVisibility *FeatureSet_VisibilityFeature_DefaultSymbolVisibility `protobuf:"varint,8,opt,name=default_symbol_visibility,json=defaultSymbolVisibility,enum=google.protobuf.FeatureSet_VisibilityFeature_DefaultSymbolVisibility" json:"default_symbol_visibility,omitempty"` + extensionFields protoimpl.ExtensionFields + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *FeatureSet) Reset() { @@ -3484,6 +3652,13 @@ func (x *FeatureSet) GetEnforceNamingStyle() FeatureSet_EnforceNamingStyle { return FeatureSet_ENFORCE_NAMING_STYLE_UNKNOWN } +func (x *FeatureSet) GetDefaultSymbolVisibility() FeatureSet_VisibilityFeature_DefaultSymbolVisibility { + if x != nil && x.DefaultSymbolVisibility != nil { + return *x.DefaultSymbolVisibility + } + return FeatureSet_VisibilityFeature_DEFAULT_SYMBOL_VISIBILITY_UNKNOWN +} + // A compiled specification for the defaults of a set of features. These // messages are generated from FeatureSet extensions and can be used to seed // feature resolution. The resolution with this object becomes a simple search @@ -4144,6 +4319,42 @@ func (x *UninterpretedOption_NamePart) GetIsExtension() bool { return false } +type FeatureSet_VisibilityFeature struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *FeatureSet_VisibilityFeature) Reset() { + *x = FeatureSet_VisibilityFeature{} + mi := &file_google_protobuf_descriptor_proto_msgTypes[30] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *FeatureSet_VisibilityFeature) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FeatureSet_VisibilityFeature) ProtoMessage() {} + +func (x *FeatureSet_VisibilityFeature) ProtoReflect() protoreflect.Message { + mi := &file_google_protobuf_descriptor_proto_msgTypes[30] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FeatureSet_VisibilityFeature.ProtoReflect.Descriptor instead. +func (*FeatureSet_VisibilityFeature) Descriptor() ([]byte, []int) { + return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19, 0} +} + // A map from every known edition with a unique set of defaults to its // defaults. Not all editions may be contained here. For a given edition, // the defaults at the closest matching edition ordered at or before it should @@ -4161,7 +4372,7 @@ type FeatureSetDefaults_FeatureSetEditionDefault struct { func (x *FeatureSetDefaults_FeatureSetEditionDefault) Reset() { *x = FeatureSetDefaults_FeatureSetEditionDefault{} - mi := &file_google_protobuf_descriptor_proto_msgTypes[30] + mi := &file_google_protobuf_descriptor_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4173,7 +4384,7 @@ func (x *FeatureSetDefaults_FeatureSetEditionDefault) String() string { func (*FeatureSetDefaults_FeatureSetEditionDefault) ProtoMessage() {} func (x *FeatureSetDefaults_FeatureSetEditionDefault) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[30] + mi := &file_google_protobuf_descriptor_proto_msgTypes[31] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4309,7 +4520,7 @@ type SourceCodeInfo_Location struct { func (x *SourceCodeInfo_Location) Reset() { *x = SourceCodeInfo_Location{} - mi := &file_google_protobuf_descriptor_proto_msgTypes[31] + mi := &file_google_protobuf_descriptor_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4321,7 +4532,7 @@ func (x *SourceCodeInfo_Location) String() string { func (*SourceCodeInfo_Location) ProtoMessage() {} func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[31] + mi := &file_google_protobuf_descriptor_proto_msgTypes[32] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4393,7 +4604,7 @@ type GeneratedCodeInfo_Annotation struct { func (x *GeneratedCodeInfo_Annotation) Reset() { *x = GeneratedCodeInfo_Annotation{} - mi := &file_google_protobuf_descriptor_proto_msgTypes[32] + mi := &file_google_protobuf_descriptor_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4405,7 +4616,7 @@ func (x *GeneratedCodeInfo_Annotation) String() string { func (*GeneratedCodeInfo_Annotation) ProtoMessage() {} func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message { - mi := &file_google_protobuf_descriptor_proto_msgTypes[32] + mi := &file_google_protobuf_descriptor_proto_msgTypes[33] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4462,7 +4673,7 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\n" + " google/protobuf/descriptor.proto\x12\x0fgoogle.protobuf\"[\n" + "\x11FileDescriptorSet\x128\n" + - "\x04file\x18\x01 \x03(\v2$.google.protobuf.FileDescriptorProtoR\x04file*\f\b\x80\xec\xca\xff\x01\x10\x81\xec\xca\xff\x01\"\x98\x05\n" + + "\x04file\x18\x01 \x03(\v2$.google.protobuf.FileDescriptorProtoR\x04file*\f\b\x80\xec\xca\xff\x01\x10\x81\xec\xca\xff\x01\"\xc5\x05\n" + "\x13FileDescriptorProto\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n" + "\apackage\x18\x02 \x01(\tR\apackage\x12\x1e\n" + @@ -4471,7 +4682,8 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "dependency\x12+\n" + "\x11public_dependency\x18\n" + " \x03(\x05R\x10publicDependency\x12'\n" + - "\x0fweak_dependency\x18\v \x03(\x05R\x0eweakDependency\x12C\n" + + "\x0fweak_dependency\x18\v \x03(\x05R\x0eweakDependency\x12+\n" + + "\x11option_dependency\x18\x0f \x03(\tR\x10optionDependency\x12C\n" + "\fmessage_type\x18\x04 \x03(\v2 .google.protobuf.DescriptorProtoR\vmessageType\x12A\n" + "\tenum_type\x18\x05 \x03(\v2$.google.protobuf.EnumDescriptorProtoR\benumType\x12A\n" + "\aservice\x18\x06 \x03(\v2'.google.protobuf.ServiceDescriptorProtoR\aservice\x12C\n" + @@ -4479,7 +4691,7 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\aoptions\x18\b \x01(\v2\x1c.google.protobuf.FileOptionsR\aoptions\x12I\n" + "\x10source_code_info\x18\t \x01(\v2\x1f.google.protobuf.SourceCodeInfoR\x0esourceCodeInfo\x12\x16\n" + "\x06syntax\x18\f \x01(\tR\x06syntax\x122\n" + - "\aedition\x18\x0e \x01(\x0e2\x18.google.protobuf.EditionR\aedition\"\xb9\x06\n" + + "\aedition\x18\x0e \x01(\x0e2\x18.google.protobuf.EditionR\aedition\"\xfc\x06\n" + "\x0fDescriptorProto\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12;\n" + "\x05field\x18\x02 \x03(\v2%.google.protobuf.FieldDescriptorProtoR\x05field\x12C\n" + @@ -4493,7 +4705,10 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\aoptions\x18\a \x01(\v2\x1f.google.protobuf.MessageOptionsR\aoptions\x12U\n" + "\x0ereserved_range\x18\t \x03(\v2..google.protobuf.DescriptorProto.ReservedRangeR\rreservedRange\x12#\n" + "\rreserved_name\x18\n" + - " \x03(\tR\freservedName\x1az\n" + + " \x03(\tR\freservedName\x12A\n" + + "\n" + + "visibility\x18\v \x01(\x0e2!.google.protobuf.SymbolVisibilityR\n" + + "visibility\x1az\n" + "\x0eExtensionRange\x12\x14\n" + "\x05start\x18\x01 \x01(\x05R\x05start\x12\x10\n" + "\x03end\x18\x02 \x01(\x05R\x03end\x12@\n" + @@ -4562,13 +4777,16 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\x0eLABEL_REQUIRED\x10\x02\"c\n" + "\x14OneofDescriptorProto\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x127\n" + - "\aoptions\x18\x02 \x01(\v2\x1d.google.protobuf.OneofOptionsR\aoptions\"\xe3\x02\n" + + "\aoptions\x18\x02 \x01(\v2\x1d.google.protobuf.OneofOptionsR\aoptions\"\xa6\x03\n" + "\x13EnumDescriptorProto\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12?\n" + "\x05value\x18\x02 \x03(\v2).google.protobuf.EnumValueDescriptorProtoR\x05value\x126\n" + "\aoptions\x18\x03 \x01(\v2\x1c.google.protobuf.EnumOptionsR\aoptions\x12]\n" + "\x0ereserved_range\x18\x04 \x03(\v26.google.protobuf.EnumDescriptorProto.EnumReservedRangeR\rreservedRange\x12#\n" + - "\rreserved_name\x18\x05 \x03(\tR\freservedName\x1a;\n" + + "\rreserved_name\x18\x05 \x03(\tR\freservedName\x12A\n" + + "\n" + + "visibility\x18\x06 \x01(\x0e2!.google.protobuf.SymbolVisibilityR\n" + + "visibility\x1a;\n" + "\x11EnumReservedRange\x12\x14\n" + "\x05start\x18\x01 \x01(\x05R\x05start\x12\x10\n" + "\x03end\x18\x02 \x01(\x05R\x03end\"\x83\x01\n" + @@ -4629,7 +4847,7 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "&deprecated_legacy_json_field_conflicts\x18\v \x01(\bB\x02\x18\x01R\"deprecatedLegacyJsonFieldConflicts\x127\n" + "\bfeatures\x18\f \x01(\v2\x1b.google.protobuf.FeatureSetR\bfeatures\x12X\n" + "\x14uninterpreted_option\x18\xe7\a \x03(\v2$.google.protobuf.UninterpretedOptionR\x13uninterpretedOption*\t\b\xe8\a\x10\x80\x80\x80\x80\x02J\x04\b\x04\x10\x05J\x04\b\x05\x10\x06J\x04\b\x06\x10\aJ\x04\b\b\x10\tJ\x04\b\t\x10\n" + - "\"\x9d\r\n" + + "\"\xa1\r\n" + "\fFieldOptions\x12A\n" + "\x05ctype\x18\x01 \x01(\x0e2#.google.protobuf.FieldOptions.CType:\x06STRINGR\x05ctype\x12\x16\n" + "\x06packed\x18\x02 \x01(\bR\x06packed\x12G\n" + @@ -4638,9 +4856,9 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\x0funverified_lazy\x18\x0f \x01(\b:\x05falseR\x0eunverifiedLazy\x12%\n" + "\n" + "deprecated\x18\x03 \x01(\b:\x05falseR\n" + - "deprecated\x12\x19\n" + + "deprecated\x12\x1d\n" + "\x04weak\x18\n" + - " \x01(\b:\x05falseR\x04weak\x12(\n" + + " \x01(\b:\x05falseB\x02\x18\x01R\x04weak\x12(\n" + "\fdebug_redact\x18\x10 \x01(\b:\x05falseR\vdebugRedact\x12K\n" + "\tretention\x18\x11 \x01(\x0e2-.google.protobuf.FieldOptions.OptionRetentionR\tretention\x12H\n" + "\atargets\x18\x13 \x03(\x0e2..google.protobuf.FieldOptions.OptionTargetTypeR\atargets\x12W\n" + @@ -4728,7 +4946,7 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\x0faggregate_value\x18\b \x01(\tR\x0eaggregateValue\x1aJ\n" + "\bNamePart\x12\x1b\n" + "\tname_part\x18\x01 \x02(\tR\bnamePart\x12!\n" + - "\fis_extension\x18\x02 \x02(\bR\visExtension\"\xae\f\n" + + "\fis_extension\x18\x02 \x02(\bR\visExtension\"\x8e\x0f\n" + "\n" + "FeatureSet\x12\x91\x01\n" + "\x0efield_presence\x18\x01 \x01(\x0e2).google.protobuf.FeatureSet.FieldPresenceB?\x88\x01\x01\x98\x01\x04\x98\x01\x01\xa2\x01\r\x12\bEXPLICIT\x18\x84\a\xa2\x01\r\x12\bIMPLICIT\x18\xe7\a\xa2\x01\r\x12\bEXPLICIT\x18\xe8\a\xb2\x01\x03\b\xe8\aR\rfieldPresence\x12l\n" + @@ -4739,7 +4957,18 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\vjson_format\x18\x06 \x01(\x0e2&.google.protobuf.FeatureSet.JsonFormatB9\x88\x01\x01\x98\x01\x03\x98\x01\x06\x98\x01\x01\xa2\x01\x17\x12\x12LEGACY_BEST_EFFORT\x18\x84\a\xa2\x01\n" + "\x12\x05ALLOW\x18\xe7\a\xb2\x01\x03\b\xe8\aR\n" + "jsonFormat\x12\xab\x01\n" + - "\x14enforce_naming_style\x18\a \x01(\x0e2..google.protobuf.FeatureSet.EnforceNamingStyleBI\x88\x01\x02\x98\x01\x01\x98\x01\x02\x98\x01\x03\x98\x01\x04\x98\x01\x05\x98\x01\x06\x98\x01\a\x98\x01\b\x98\x01\t\xa2\x01\x11\x12\fSTYLE_LEGACY\x18\x84\a\xa2\x01\x0e\x12\tSTYLE2024\x18\xe9\a\xb2\x01\x03\b\xe9\aR\x12enforceNamingStyle\"\\\n" + + "\x14enforce_naming_style\x18\a \x01(\x0e2..google.protobuf.FeatureSet.EnforceNamingStyleBI\x88\x01\x02\x98\x01\x01\x98\x01\x02\x98\x01\x03\x98\x01\x04\x98\x01\x05\x98\x01\x06\x98\x01\a\x98\x01\b\x98\x01\t\xa2\x01\x11\x12\fSTYLE_LEGACY\x18\x84\a\xa2\x01\x0e\x12\tSTYLE2024\x18\xe9\a\xb2\x01\x03\b\xe9\aR\x12enforceNamingStyle\x12\xb9\x01\n" + + "\x19default_symbol_visibility\x18\b \x01(\x0e2E.google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibilityB6\x88\x01\x02\x98\x01\x01\xa2\x01\x0f\x12\n" + + "EXPORT_ALL\x18\x84\a\xa2\x01\x15\x12\x10EXPORT_TOP_LEVEL\x18\xe9\a\xb2\x01\x03\b\xe9\aR\x17defaultSymbolVisibility\x1a\xa1\x01\n" + + "\x11VisibilityFeature\"\x81\x01\n" + + "\x17DefaultSymbolVisibility\x12%\n" + + "!DEFAULT_SYMBOL_VISIBILITY_UNKNOWN\x10\x00\x12\x0e\n" + + "\n" + + "EXPORT_ALL\x10\x01\x12\x14\n" + + "\x10EXPORT_TOP_LEVEL\x10\x02\x12\r\n" + + "\tLOCAL_ALL\x10\x03\x12\n" + + "\n" + + "\x06STRICT\x10\x04J\b\b\x01\x10\x80\x80\x80\x80\x02\"\\\n" + "\rFieldPresence\x12\x1a\n" + "\x16FIELD_PRESENCE_UNKNOWN\x10\x00\x12\f\n" + "\bEXPLICIT\x10\x01\x12\f\n" + @@ -4817,7 +5046,11 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\x17EDITION_99997_TEST_ONLY\x10\x9d\x8d\x06\x12\x1d\n" + "\x17EDITION_99998_TEST_ONLY\x10\x9e\x8d\x06\x12\x1d\n" + "\x17EDITION_99999_TEST_ONLY\x10\x9f\x8d\x06\x12\x13\n" + - "\vEDITION_MAX\x10\xff\xff\xff\xff\aB~\n" + + "\vEDITION_MAX\x10\xff\xff\xff\xff\a*U\n" + + "\x10SymbolVisibility\x12\x14\n" + + "\x10VISIBILITY_UNSET\x10\x00\x12\x14\n" + + "\x10VISIBILITY_LOCAL\x10\x01\x12\x15\n" + + "\x11VISIBILITY_EXPORT\x10\x02B~\n" + "\x13com.google.protobufB\x10DescriptorProtosH\x01Z-google.golang.org/protobuf/types/descriptorpb\xf8\x01\x01\xa2\x02\x03GPB\xaa\x02\x1aGoogle.Protobuf.Reflection" var ( @@ -4832,145 +5065,151 @@ func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte { return file_google_protobuf_descriptor_proto_rawDescData } -var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 18) -var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 33) +var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 20) +var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 34) var file_google_protobuf_descriptor_proto_goTypes = []any{ - (Edition)(0), // 0: google.protobuf.Edition - (ExtensionRangeOptions_VerificationState)(0), // 1: google.protobuf.ExtensionRangeOptions.VerificationState - (FieldDescriptorProto_Type)(0), // 2: google.protobuf.FieldDescriptorProto.Type - (FieldDescriptorProto_Label)(0), // 3: google.protobuf.FieldDescriptorProto.Label - (FileOptions_OptimizeMode)(0), // 4: google.protobuf.FileOptions.OptimizeMode - (FieldOptions_CType)(0), // 5: google.protobuf.FieldOptions.CType - (FieldOptions_JSType)(0), // 6: google.protobuf.FieldOptions.JSType - (FieldOptions_OptionRetention)(0), // 7: google.protobuf.FieldOptions.OptionRetention - (FieldOptions_OptionTargetType)(0), // 8: google.protobuf.FieldOptions.OptionTargetType - (MethodOptions_IdempotencyLevel)(0), // 9: google.protobuf.MethodOptions.IdempotencyLevel - (FeatureSet_FieldPresence)(0), // 10: google.protobuf.FeatureSet.FieldPresence - (FeatureSet_EnumType)(0), // 11: google.protobuf.FeatureSet.EnumType - (FeatureSet_RepeatedFieldEncoding)(0), // 12: google.protobuf.FeatureSet.RepeatedFieldEncoding - (FeatureSet_Utf8Validation)(0), // 13: google.protobuf.FeatureSet.Utf8Validation - (FeatureSet_MessageEncoding)(0), // 14: google.protobuf.FeatureSet.MessageEncoding - (FeatureSet_JsonFormat)(0), // 15: google.protobuf.FeatureSet.JsonFormat - (FeatureSet_EnforceNamingStyle)(0), // 16: google.protobuf.FeatureSet.EnforceNamingStyle - (GeneratedCodeInfo_Annotation_Semantic)(0), // 17: google.protobuf.GeneratedCodeInfo.Annotation.Semantic - (*FileDescriptorSet)(nil), // 18: google.protobuf.FileDescriptorSet - (*FileDescriptorProto)(nil), // 19: google.protobuf.FileDescriptorProto - (*DescriptorProto)(nil), // 20: google.protobuf.DescriptorProto - (*ExtensionRangeOptions)(nil), // 21: google.protobuf.ExtensionRangeOptions - (*FieldDescriptorProto)(nil), // 22: google.protobuf.FieldDescriptorProto - (*OneofDescriptorProto)(nil), // 23: google.protobuf.OneofDescriptorProto - (*EnumDescriptorProto)(nil), // 24: google.protobuf.EnumDescriptorProto - (*EnumValueDescriptorProto)(nil), // 25: google.protobuf.EnumValueDescriptorProto - (*ServiceDescriptorProto)(nil), // 26: google.protobuf.ServiceDescriptorProto - (*MethodDescriptorProto)(nil), // 27: google.protobuf.MethodDescriptorProto - (*FileOptions)(nil), // 28: google.protobuf.FileOptions - (*MessageOptions)(nil), // 29: google.protobuf.MessageOptions - (*FieldOptions)(nil), // 30: google.protobuf.FieldOptions - (*OneofOptions)(nil), // 31: google.protobuf.OneofOptions - (*EnumOptions)(nil), // 32: google.protobuf.EnumOptions - (*EnumValueOptions)(nil), // 33: google.protobuf.EnumValueOptions - (*ServiceOptions)(nil), // 34: google.protobuf.ServiceOptions - (*MethodOptions)(nil), // 35: google.protobuf.MethodOptions - (*UninterpretedOption)(nil), // 36: google.protobuf.UninterpretedOption - (*FeatureSet)(nil), // 37: google.protobuf.FeatureSet - (*FeatureSetDefaults)(nil), // 38: google.protobuf.FeatureSetDefaults - (*SourceCodeInfo)(nil), // 39: google.protobuf.SourceCodeInfo - (*GeneratedCodeInfo)(nil), // 40: google.protobuf.GeneratedCodeInfo - (*DescriptorProto_ExtensionRange)(nil), // 41: google.protobuf.DescriptorProto.ExtensionRange - (*DescriptorProto_ReservedRange)(nil), // 42: google.protobuf.DescriptorProto.ReservedRange - (*ExtensionRangeOptions_Declaration)(nil), // 43: google.protobuf.ExtensionRangeOptions.Declaration - (*EnumDescriptorProto_EnumReservedRange)(nil), // 44: google.protobuf.EnumDescriptorProto.EnumReservedRange - (*FieldOptions_EditionDefault)(nil), // 45: google.protobuf.FieldOptions.EditionDefault - (*FieldOptions_FeatureSupport)(nil), // 46: google.protobuf.FieldOptions.FeatureSupport - (*UninterpretedOption_NamePart)(nil), // 47: google.protobuf.UninterpretedOption.NamePart - (*FeatureSetDefaults_FeatureSetEditionDefault)(nil), // 48: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault - (*SourceCodeInfo_Location)(nil), // 49: google.protobuf.SourceCodeInfo.Location - (*GeneratedCodeInfo_Annotation)(nil), // 50: google.protobuf.GeneratedCodeInfo.Annotation + (Edition)(0), // 0: google.protobuf.Edition + (SymbolVisibility)(0), // 1: google.protobuf.SymbolVisibility + (ExtensionRangeOptions_VerificationState)(0), // 2: google.protobuf.ExtensionRangeOptions.VerificationState + (FieldDescriptorProto_Type)(0), // 3: google.protobuf.FieldDescriptorProto.Type + (FieldDescriptorProto_Label)(0), // 4: google.protobuf.FieldDescriptorProto.Label + (FileOptions_OptimizeMode)(0), // 5: google.protobuf.FileOptions.OptimizeMode + (FieldOptions_CType)(0), // 6: google.protobuf.FieldOptions.CType + (FieldOptions_JSType)(0), // 7: google.protobuf.FieldOptions.JSType + (FieldOptions_OptionRetention)(0), // 8: google.protobuf.FieldOptions.OptionRetention + (FieldOptions_OptionTargetType)(0), // 9: google.protobuf.FieldOptions.OptionTargetType + (MethodOptions_IdempotencyLevel)(0), // 10: google.protobuf.MethodOptions.IdempotencyLevel + (FeatureSet_FieldPresence)(0), // 11: google.protobuf.FeatureSet.FieldPresence + (FeatureSet_EnumType)(0), // 12: google.protobuf.FeatureSet.EnumType + (FeatureSet_RepeatedFieldEncoding)(0), // 13: google.protobuf.FeatureSet.RepeatedFieldEncoding + (FeatureSet_Utf8Validation)(0), // 14: google.protobuf.FeatureSet.Utf8Validation + (FeatureSet_MessageEncoding)(0), // 15: google.protobuf.FeatureSet.MessageEncoding + (FeatureSet_JsonFormat)(0), // 16: google.protobuf.FeatureSet.JsonFormat + (FeatureSet_EnforceNamingStyle)(0), // 17: google.protobuf.FeatureSet.EnforceNamingStyle + (FeatureSet_VisibilityFeature_DefaultSymbolVisibility)(0), // 18: google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibility + (GeneratedCodeInfo_Annotation_Semantic)(0), // 19: google.protobuf.GeneratedCodeInfo.Annotation.Semantic + (*FileDescriptorSet)(nil), // 20: google.protobuf.FileDescriptorSet + (*FileDescriptorProto)(nil), // 21: google.protobuf.FileDescriptorProto + (*DescriptorProto)(nil), // 22: google.protobuf.DescriptorProto + (*ExtensionRangeOptions)(nil), // 23: google.protobuf.ExtensionRangeOptions + (*FieldDescriptorProto)(nil), // 24: google.protobuf.FieldDescriptorProto + (*OneofDescriptorProto)(nil), // 25: google.protobuf.OneofDescriptorProto + (*EnumDescriptorProto)(nil), // 26: google.protobuf.EnumDescriptorProto + (*EnumValueDescriptorProto)(nil), // 27: google.protobuf.EnumValueDescriptorProto + (*ServiceDescriptorProto)(nil), // 28: google.protobuf.ServiceDescriptorProto + (*MethodDescriptorProto)(nil), // 29: google.protobuf.MethodDescriptorProto + (*FileOptions)(nil), // 30: google.protobuf.FileOptions + (*MessageOptions)(nil), // 31: google.protobuf.MessageOptions + (*FieldOptions)(nil), // 32: google.protobuf.FieldOptions + (*OneofOptions)(nil), // 33: google.protobuf.OneofOptions + (*EnumOptions)(nil), // 34: google.protobuf.EnumOptions + (*EnumValueOptions)(nil), // 35: google.protobuf.EnumValueOptions + (*ServiceOptions)(nil), // 36: google.protobuf.ServiceOptions + (*MethodOptions)(nil), // 37: google.protobuf.MethodOptions + (*UninterpretedOption)(nil), // 38: google.protobuf.UninterpretedOption + (*FeatureSet)(nil), // 39: google.protobuf.FeatureSet + (*FeatureSetDefaults)(nil), // 40: google.protobuf.FeatureSetDefaults + (*SourceCodeInfo)(nil), // 41: google.protobuf.SourceCodeInfo + (*GeneratedCodeInfo)(nil), // 42: google.protobuf.GeneratedCodeInfo + (*DescriptorProto_ExtensionRange)(nil), // 43: google.protobuf.DescriptorProto.ExtensionRange + (*DescriptorProto_ReservedRange)(nil), // 44: google.protobuf.DescriptorProto.ReservedRange + (*ExtensionRangeOptions_Declaration)(nil), // 45: google.protobuf.ExtensionRangeOptions.Declaration + (*EnumDescriptorProto_EnumReservedRange)(nil), // 46: google.protobuf.EnumDescriptorProto.EnumReservedRange + (*FieldOptions_EditionDefault)(nil), // 47: google.protobuf.FieldOptions.EditionDefault + (*FieldOptions_FeatureSupport)(nil), // 48: google.protobuf.FieldOptions.FeatureSupport + (*UninterpretedOption_NamePart)(nil), // 49: google.protobuf.UninterpretedOption.NamePart + (*FeatureSet_VisibilityFeature)(nil), // 50: google.protobuf.FeatureSet.VisibilityFeature + (*FeatureSetDefaults_FeatureSetEditionDefault)(nil), // 51: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault + (*SourceCodeInfo_Location)(nil), // 52: google.protobuf.SourceCodeInfo.Location + (*GeneratedCodeInfo_Annotation)(nil), // 53: google.protobuf.GeneratedCodeInfo.Annotation } var file_google_protobuf_descriptor_proto_depIdxs = []int32{ - 19, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto - 20, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto - 24, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto - 26, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto - 22, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto - 28, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions - 39, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo + 21, // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto + 22, // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto + 26, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto + 28, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto + 24, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto + 30, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions + 41, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo 0, // 7: google.protobuf.FileDescriptorProto.edition:type_name -> google.protobuf.Edition - 22, // 8: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto - 22, // 9: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto - 20, // 10: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto - 24, // 11: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto - 41, // 12: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange - 23, // 13: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto - 29, // 14: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions - 42, // 15: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange - 36, // 16: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 43, // 17: google.protobuf.ExtensionRangeOptions.declaration:type_name -> google.protobuf.ExtensionRangeOptions.Declaration - 37, // 18: google.protobuf.ExtensionRangeOptions.features:type_name -> google.protobuf.FeatureSet - 1, // 19: google.protobuf.ExtensionRangeOptions.verification:type_name -> google.protobuf.ExtensionRangeOptions.VerificationState - 3, // 20: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label - 2, // 21: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type - 30, // 22: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions - 31, // 23: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions - 25, // 24: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto - 32, // 25: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions - 44, // 26: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange - 33, // 27: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions - 27, // 28: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto - 34, // 29: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions - 35, // 30: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions - 4, // 31: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode - 37, // 32: google.protobuf.FileOptions.features:type_name -> google.protobuf.FeatureSet - 36, // 33: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 37, // 34: google.protobuf.MessageOptions.features:type_name -> google.protobuf.FeatureSet - 36, // 35: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 5, // 36: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType - 6, // 37: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType - 7, // 38: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention - 8, // 39: google.protobuf.FieldOptions.targets:type_name -> google.protobuf.FieldOptions.OptionTargetType - 45, // 40: google.protobuf.FieldOptions.edition_defaults:type_name -> google.protobuf.FieldOptions.EditionDefault - 37, // 41: google.protobuf.FieldOptions.features:type_name -> google.protobuf.FeatureSet - 46, // 42: google.protobuf.FieldOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport - 36, // 43: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 37, // 44: google.protobuf.OneofOptions.features:type_name -> google.protobuf.FeatureSet - 36, // 45: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 37, // 46: google.protobuf.EnumOptions.features:type_name -> google.protobuf.FeatureSet - 36, // 47: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 37, // 48: google.protobuf.EnumValueOptions.features:type_name -> google.protobuf.FeatureSet - 46, // 49: google.protobuf.EnumValueOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport - 36, // 50: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 37, // 51: google.protobuf.ServiceOptions.features:type_name -> google.protobuf.FeatureSet - 36, // 52: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 9, // 53: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel - 37, // 54: google.protobuf.MethodOptions.features:type_name -> google.protobuf.FeatureSet - 36, // 55: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption - 47, // 56: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart - 10, // 57: google.protobuf.FeatureSet.field_presence:type_name -> google.protobuf.FeatureSet.FieldPresence - 11, // 58: google.protobuf.FeatureSet.enum_type:type_name -> google.protobuf.FeatureSet.EnumType - 12, // 59: google.protobuf.FeatureSet.repeated_field_encoding:type_name -> google.protobuf.FeatureSet.RepeatedFieldEncoding - 13, // 60: google.protobuf.FeatureSet.utf8_validation:type_name -> google.protobuf.FeatureSet.Utf8Validation - 14, // 61: google.protobuf.FeatureSet.message_encoding:type_name -> google.protobuf.FeatureSet.MessageEncoding - 15, // 62: google.protobuf.FeatureSet.json_format:type_name -> google.protobuf.FeatureSet.JsonFormat - 16, // 63: google.protobuf.FeatureSet.enforce_naming_style:type_name -> google.protobuf.FeatureSet.EnforceNamingStyle - 48, // 64: google.protobuf.FeatureSetDefaults.defaults:type_name -> google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault - 0, // 65: google.protobuf.FeatureSetDefaults.minimum_edition:type_name -> google.protobuf.Edition - 0, // 66: google.protobuf.FeatureSetDefaults.maximum_edition:type_name -> google.protobuf.Edition - 49, // 67: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location - 50, // 68: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation - 21, // 69: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions - 0, // 70: google.protobuf.FieldOptions.EditionDefault.edition:type_name -> google.protobuf.Edition - 0, // 71: google.protobuf.FieldOptions.FeatureSupport.edition_introduced:type_name -> google.protobuf.Edition - 0, // 72: google.protobuf.FieldOptions.FeatureSupport.edition_deprecated:type_name -> google.protobuf.Edition - 0, // 73: google.protobuf.FieldOptions.FeatureSupport.edition_removed:type_name -> google.protobuf.Edition - 0, // 74: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition:type_name -> google.protobuf.Edition - 37, // 75: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.overridable_features:type_name -> google.protobuf.FeatureSet - 37, // 76: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.fixed_features:type_name -> google.protobuf.FeatureSet - 17, // 77: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic - 78, // [78:78] is the sub-list for method output_type - 78, // [78:78] is the sub-list for method input_type - 78, // [78:78] is the sub-list for extension type_name - 78, // [78:78] is the sub-list for extension extendee - 0, // [0:78] is the sub-list for field type_name + 24, // 8: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto + 24, // 9: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto + 22, // 10: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto + 26, // 11: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto + 43, // 12: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange + 25, // 13: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto + 31, // 14: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions + 44, // 15: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange + 1, // 16: google.protobuf.DescriptorProto.visibility:type_name -> google.protobuf.SymbolVisibility + 38, // 17: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 45, // 18: google.protobuf.ExtensionRangeOptions.declaration:type_name -> google.protobuf.ExtensionRangeOptions.Declaration + 39, // 19: google.protobuf.ExtensionRangeOptions.features:type_name -> google.protobuf.FeatureSet + 2, // 20: google.protobuf.ExtensionRangeOptions.verification:type_name -> google.protobuf.ExtensionRangeOptions.VerificationState + 4, // 21: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label + 3, // 22: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type + 32, // 23: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions + 33, // 24: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions + 27, // 25: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto + 34, // 26: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions + 46, // 27: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange + 1, // 28: google.protobuf.EnumDescriptorProto.visibility:type_name -> google.protobuf.SymbolVisibility + 35, // 29: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions + 29, // 30: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto + 36, // 31: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions + 37, // 32: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions + 5, // 33: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode + 39, // 34: google.protobuf.FileOptions.features:type_name -> google.protobuf.FeatureSet + 38, // 35: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 39, // 36: google.protobuf.MessageOptions.features:type_name -> google.protobuf.FeatureSet + 38, // 37: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 6, // 38: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType + 7, // 39: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType + 8, // 40: google.protobuf.FieldOptions.retention:type_name -> google.protobuf.FieldOptions.OptionRetention + 9, // 41: google.protobuf.FieldOptions.targets:type_name -> google.protobuf.FieldOptions.OptionTargetType + 47, // 42: google.protobuf.FieldOptions.edition_defaults:type_name -> google.protobuf.FieldOptions.EditionDefault + 39, // 43: google.protobuf.FieldOptions.features:type_name -> google.protobuf.FeatureSet + 48, // 44: google.protobuf.FieldOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport + 38, // 45: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 39, // 46: google.protobuf.OneofOptions.features:type_name -> google.protobuf.FeatureSet + 38, // 47: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 39, // 48: google.protobuf.EnumOptions.features:type_name -> google.protobuf.FeatureSet + 38, // 49: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 39, // 50: google.protobuf.EnumValueOptions.features:type_name -> google.protobuf.FeatureSet + 48, // 51: google.protobuf.EnumValueOptions.feature_support:type_name -> google.protobuf.FieldOptions.FeatureSupport + 38, // 52: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 39, // 53: google.protobuf.ServiceOptions.features:type_name -> google.protobuf.FeatureSet + 38, // 54: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 10, // 55: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel + 39, // 56: google.protobuf.MethodOptions.features:type_name -> google.protobuf.FeatureSet + 38, // 57: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption + 49, // 58: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart + 11, // 59: google.protobuf.FeatureSet.field_presence:type_name -> google.protobuf.FeatureSet.FieldPresence + 12, // 60: google.protobuf.FeatureSet.enum_type:type_name -> google.protobuf.FeatureSet.EnumType + 13, // 61: google.protobuf.FeatureSet.repeated_field_encoding:type_name -> google.protobuf.FeatureSet.RepeatedFieldEncoding + 14, // 62: google.protobuf.FeatureSet.utf8_validation:type_name -> google.protobuf.FeatureSet.Utf8Validation + 15, // 63: google.protobuf.FeatureSet.message_encoding:type_name -> google.protobuf.FeatureSet.MessageEncoding + 16, // 64: google.protobuf.FeatureSet.json_format:type_name -> google.protobuf.FeatureSet.JsonFormat + 17, // 65: google.protobuf.FeatureSet.enforce_naming_style:type_name -> google.protobuf.FeatureSet.EnforceNamingStyle + 18, // 66: google.protobuf.FeatureSet.default_symbol_visibility:type_name -> google.protobuf.FeatureSet.VisibilityFeature.DefaultSymbolVisibility + 51, // 67: google.protobuf.FeatureSetDefaults.defaults:type_name -> google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault + 0, // 68: google.protobuf.FeatureSetDefaults.minimum_edition:type_name -> google.protobuf.Edition + 0, // 69: google.protobuf.FeatureSetDefaults.maximum_edition:type_name -> google.protobuf.Edition + 52, // 70: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location + 53, // 71: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation + 23, // 72: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions + 0, // 73: google.protobuf.FieldOptions.EditionDefault.edition:type_name -> google.protobuf.Edition + 0, // 74: google.protobuf.FieldOptions.FeatureSupport.edition_introduced:type_name -> google.protobuf.Edition + 0, // 75: google.protobuf.FieldOptions.FeatureSupport.edition_deprecated:type_name -> google.protobuf.Edition + 0, // 76: google.protobuf.FieldOptions.FeatureSupport.edition_removed:type_name -> google.protobuf.Edition + 0, // 77: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.edition:type_name -> google.protobuf.Edition + 39, // 78: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.overridable_features:type_name -> google.protobuf.FeatureSet + 39, // 79: google.protobuf.FeatureSetDefaults.FeatureSetEditionDefault.fixed_features:type_name -> google.protobuf.FeatureSet + 19, // 80: google.protobuf.GeneratedCodeInfo.Annotation.semantic:type_name -> google.protobuf.GeneratedCodeInfo.Annotation.Semantic + 81, // [81:81] is the sub-list for method output_type + 81, // [81:81] is the sub-list for method input_type + 81, // [81:81] is the sub-list for extension type_name + 81, // [81:81] is the sub-list for extension extendee + 0, // [0:81] is the sub-list for field type_name } func init() { file_google_protobuf_descriptor_proto_init() } @@ -4983,8 +5222,8 @@ func file_google_protobuf_descriptor_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_google_protobuf_descriptor_proto_rawDesc), len(file_google_protobuf_descriptor_proto_rawDesc)), - NumEnums: 18, - NumMessages: 33, + NumEnums: 20, + NumMessages: 34, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/modules.txt b/vendor/modules.txt index 53168bec7..5b152fa1f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -41,7 +41,7 @@ github.com/fsnotify/fsnotify # github.com/ghodss/yaml v1.0.0 ## explicit github.com/ghodss/yaml -# github.com/go-logr/logr v1.4.2 +# github.com/go-logr/logr v1.4.3 ## explicit; go 1.18 github.com/go-logr/logr github.com/go-logr/logr/funcr @@ -468,8 +468,8 @@ github.com/twpayne/go-vfs/v4 # github.com/twpayne/go-vfsafero v1.0.0 ## explicit github.com/twpayne/go-vfsafero -# go.opentelemetry.io/auto/sdk v1.1.0 -## explicit; go 1.22.0 +# go.opentelemetry.io/auto/sdk v1.2.1 +## explicit; go 1.24.0 go.opentelemetry.io/auto/sdk go.opentelemetry.io/auto/sdk/internal/telemetry # go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 @@ -478,20 +478,22 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/request go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil -# go.opentelemetry.io/otel v1.34.0 -## explicit; go 1.22.0 +# go.opentelemetry.io/otel v1.39.0 +## explicit; go 1.24.0 go.opentelemetry.io/otel go.opentelemetry.io/otel/attribute +go.opentelemetry.io/otel/attribute/internal +go.opentelemetry.io/otel/attribute/internal/xxhash go.opentelemetry.io/otel/baggage go.opentelemetry.io/otel/codes -go.opentelemetry.io/otel/internal -go.opentelemetry.io/otel/internal/attribute go.opentelemetry.io/otel/internal/baggage go.opentelemetry.io/otel/internal/global go.opentelemetry.io/otel/propagation go.opentelemetry.io/otel/semconv/v1.17.0 go.opentelemetry.io/otel/semconv/v1.20.0 go.opentelemetry.io/otel/semconv/v1.26.0 +go.opentelemetry.io/otel/semconv/v1.37.0 +go.opentelemetry.io/otel/semconv/v1.37.0/otelconv # go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 ## explicit; go 1.22.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace @@ -503,23 +505,25 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/otlpconfig go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/internal/retry -# go.opentelemetry.io/otel/metric v1.34.0 -## explicit; go 1.22.0 +# go.opentelemetry.io/otel/metric v1.39.0 +## explicit; go 1.24.0 go.opentelemetry.io/otel/metric go.opentelemetry.io/otel/metric/embedded go.opentelemetry.io/otel/metric/noop -# go.opentelemetry.io/otel/sdk v1.34.0 -## explicit; go 1.22.0 +# go.opentelemetry.io/otel/sdk v1.39.0 +## explicit; go 1.24.0 go.opentelemetry.io/otel/sdk go.opentelemetry.io/otel/sdk/instrumentation -go.opentelemetry.io/otel/sdk/internal/env go.opentelemetry.io/otel/sdk/internal/x go.opentelemetry.io/otel/sdk/resource go.opentelemetry.io/otel/sdk/trace -# go.opentelemetry.io/otel/trace v1.34.0 -## explicit; go 1.22.0 +go.opentelemetry.io/otel/sdk/trace/internal/env +go.opentelemetry.io/otel/sdk/trace/internal/observ +# go.opentelemetry.io/otel/trace v1.39.0 +## explicit; go 1.24.0 go.opentelemetry.io/otel/trace go.opentelemetry.io/otel/trace/embedded +go.opentelemetry.io/otel/trace/internal/telemetry go.opentelemetry.io/otel/trace/noop # go.opentelemetry.io/proto/otlp v1.5.0 ## explicit; go 1.22.0 @@ -570,8 +574,8 @@ golang.org/x/net/idna golang.org/x/net/internal/httpcommon golang.org/x/net/internal/timeseries golang.org/x/net/trace -# golang.org/x/oauth2 v0.28.0 -## explicit; go 1.23.0 +# golang.org/x/oauth2 v0.34.0 +## explicit; go 1.24.0 golang.org/x/oauth2 golang.org/x/oauth2/internal # golang.org/x/sync v0.19.0 @@ -622,15 +626,15 @@ golang.org/x/tools/go/ast/inspector # gomodules.xyz/jsonpatch/v2 v2.4.0 ## explicit; go 1.20 gomodules.xyz/jsonpatch/v2 -# google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb -## explicit; go 1.23.0 +# google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 +## explicit; go 1.24.0 google.golang.org/genproto/googleapis/api/httpbody -# google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb -## explicit; go 1.23.0 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 +## explicit; go 1.24.0 google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.72.2 -## explicit; go 1.23 +# google.golang.org/grpc v1.79.3 +## explicit; go 1.24.0 google.golang.org/grpc google.golang.org/grpc/attributes google.golang.org/grpc/backoff @@ -640,7 +644,6 @@ google.golang.org/grpc/balancer/endpointsharding google.golang.org/grpc/balancer/grpclb/state google.golang.org/grpc/balancer/pickfirst google.golang.org/grpc/balancer/pickfirst/internal -google.golang.org/grpc/balancer/pickfirst/pickfirstleaf google.golang.org/grpc/balancer/roundrobin google.golang.org/grpc/binarylog/grpc_binarylog_v1 google.golang.org/grpc/channelz @@ -650,6 +653,7 @@ google.golang.org/grpc/credentials google.golang.org/grpc/credentials/insecure google.golang.org/grpc/encoding google.golang.org/grpc/encoding/gzip +google.golang.org/grpc/encoding/internal google.golang.org/grpc/encoding/proto google.golang.org/grpc/experimental/stats google.golang.org/grpc/grpclog @@ -658,6 +662,7 @@ google.golang.org/grpc/health/grpc_health_v1 google.golang.org/grpc/internal google.golang.org/grpc/internal/backoff google.golang.org/grpc/internal/balancer/gracefulswitch +google.golang.org/grpc/internal/balancer/weight google.golang.org/grpc/internal/balancerload google.golang.org/grpc/internal/binarylog google.golang.org/grpc/internal/buffer @@ -693,8 +698,8 @@ google.golang.org/grpc/serviceconfig google.golang.org/grpc/stats google.golang.org/grpc/status google.golang.org/grpc/tap -# google.golang.org/protobuf v1.36.6 -## explicit; go 1.22 +# google.golang.org/protobuf v1.36.10 +## explicit; go 1.23 google.golang.org/protobuf/encoding/protodelim google.golang.org/protobuf/encoding/protojson google.golang.org/protobuf/encoding/prototext